According to Wikipedia,
Jailbreaking refers to privilege escalation on an Apple device to remove software restrictions imposed by Apple on iOS, iPadOS, tvOS, watchOS, and bridgeOS operating systems.
In simple words, Jailbreaking is the process by which Apple’s operating systems are modified to remove restrictions and give the greater user control over the device. The increased privileges permit customizations and unfettered app installation which are not available to users and which are normally prevented by Apple.
1. Checkra1n (Quick Easy Method for IOS 13+)
# Visit "https://checkra.in/releases/#all-downloads" and download compatible version according to your linux system.
chmod +x filename_checkra1n
# Attached ios with linux system via USB.
# Click/Enter on start and follow the instruction.
# Visit "https://unc0ver.dev/" and Navigate to Installation Guide section. Download ipa file.
# Install AltServer and iCloud on OS.
# From taskbar click on AltServer icon and install on ios device.
# Navigate to "https://www.diawi.com/" and upload ipa file. Install the application.
# Open unc0ver and jailbreak!
Access IOS via SSH:
# Install SSH Connect on IOS app
ssh [email protected]
# SSH Default Password: alpine
# Get compatible version of frida from https://github.com/frida/frida/releases
scp /root/Downloads/frida_server_ios [email protected]:/frida_server_ios
frida-ps -ai -H 192.168.0.109:6969
Automated tools for Static and Dynamic testing:
Sometime we need to speed up static and dynamic testing of iOS testing. There are plenty of tools which almost cover most of security test cases as we needed to test. Here, I have shown 2 most famous tool in which I specially suggest Grapefruit tool which support frida 14.0+ versions while PassionFruit does not work with latest frida versions.
Link : https://github.com/ChiChou/Grapefruit
git clone --recurse-submodules https://github.com/ChiChou/Grapefruit
Link : https://github.com/chaitin/passionfruit
npm install -g passionfruit
# listening on http://localhost:31337
3. Mobile Security Framework (MobSF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
Manual Static Analysis:
iOS application frequently store sensitive data on client-side. We can retrive sensitive information from below steps.
The Bundle directory:
Open FileZilla from IOS and visit path: /var/containers/Bundle
Now observe the file name with real name ex. myAppName B0A7E81E-6434-4FBD-9089-5C8D1CBF7717....
# from SSH of iOS
zip -R Bundle.zip .
The Data directory:
Repeat same process for name
Visit from FileZilla /var/mobile/Containers/Data/Application/
zip -R Data.zip .
For download the same visit : http://192.168.0.115:11111/
Download zip files and analysis sensitive information on client-side.
Below you can see common location where you can find app data.
Here I have not shown the methods or codes to Biometric bypass of IOS application and client-side security control bypass yet. But in future I will update this blog with frida script and other IOS application testing methods.