Content
Due to the limited capabilities of the iOS Simulator, I will only offer you the settings, tools, and methods that I use on a physical device.
There are two common and completely different jailbreak methods:
There are various tools for jailbreaking iOS:
In addition, checkra1n uses a bootrom hardware exploit called checkm8, which works on devices with the A7 chip and devices as new as the A11 chip, for example. iPhone 5S to iPhone X. If you don't have a Linux device, bootra1n can be used to easily jailbreak your iPhone.
In addition, Unc0ver uses many different tfp0 software exploits, which means that Apple can fix it with software updates. As a consequence, Unc0ver only works for iOS versions prior to 14.8, because Apple fixed issues that allowed Unc0ver to run.
Having a machine with all the necessary tools pre-installed is cool, so I recommend Mobexler as a virtual machine.
If you still only need a couple of third-party tools, I'll give you a quick overview of the most popular tools that I use in almost all of my iOS projects. All the installation tools and methods described below are designed for Ubuntu, but you can find information about Windows.
MobSF has features such as vulnerability detection, code analysis for malware, static and dynamic vulnerability detection, network traffic analysis, API security verification, and much more.
You can use MobSF to perform static and dynamic analysis of mobile apps. Static analysis allows you to examine the source code and resources of an application without actually executing it. Dynamic analysis involves running an application in a controlled environment and monitoring its behavior in real time.
Installation is simple and consists of the following three steps:
We reviewed MobSF in our review of the best vulnerability scanners.
Frida can intercept any function, monitor the API or application code.
You can easily install Frida using:
Once you have installed Frida on your hacker station, you can easily search for already created scripts on https://codeshare.frida.re/ or create your own. Alternatively, you can use scripts with any of the following commands:
We discussed the use of Frida in the article "Embedding code in someone else's application using Frida".
You can set an Object using pip:
To install RMS:
Installing Grapefruit:
- 1 How to make a hacker iPhone or iPad
- 1.1 iOS Jailbreak
- 1.2 Cydia
- 1.3 MobSF
- 1.4 Frida
- 1.5 Objection
- 1.6 Runtime Mobile Security (RMS)
- 1.7 Grapefruit
- 2 Conclusion
How to make a hacker iPhone or iPad
You may recall from the previous article that using Android emulators is a useful topic. But this was only true for Android. iOS emulators are not full-fledged emulators, because only the basic needs of the application to run are modeled, so they are called simulators. To test the app on the simulator, you'll need Xcode on your Macbook device.Due to the limited capabilities of the iOS Simulator, I will only offer you the settings, tools, and methods that I use on a physical device.
iOS Jailbreak
Jailbreaking is the process of removing restrictions and expanding the capabilities of devices based on the iOS operating system.There are two common and completely different jailbreak methods:
- A tethered jailbreak requires users to perform the jailbreak process every time they restart the device.
- An untethered jailbreak is a one-time action and has no restriction.
There are various tools for jailbreaking iOS:
- Checkra1n
- Palera1n
- Unc0ver
Checkra1n
Checkra1n is a semi-connected jailbreak method, so you need to connect to your computer every time you want to re-jailbreak. The advantage is that you can still use your iPhone in a non-jailbroken state after turning it off and on again.
In addition, checkra1n uses a bootrom hardware exploit called checkm8, which works on devices with the A7 chip and devices as new as the A11 chip, for example. iPhone 5S to iPhone X. If you don't have a Linux device, bootra1n can be used to easily jailbreak your iPhone.
Palera1n
Palera1n, as described by its developers, is a developer-oriented jailbreak for checkm8 (A8-A11) devices running on iOS 15.0-16.5. This means that devices such as the iPhone X with iOS 16 can only be hacked using this technique on a Macbook or Linux computer. Palera1n has all the features that checkra1n has, but the main drawback is that on A11 devices, you have to disable your password and won't be able to use your password or other SEP features until you boot into the standard iOS state.Unc0ver
Unc0ver is a semi-detached jailbreak method, so you won't need to connect to your computer every time you want to re-jailbreak. The advantage is that you can still use your iPhone in a non-jailbroken state after turning it off and on again.
In addition, Unc0ver uses many different tfp0 software exploits, which means that Apple can fix it with software updates. As a consequence, Unc0ver only works for iOS versions prior to 14.8, because Apple fixed issues that allowed Unc0ver to run.
Cydia
The correct use of publicly available apps from the Cydia Store is crucial for a successful penetration test. While some may work on their own, others require a combination of them to perform the action successfully. To help you deal with the headache of finding apps to use, I've created a list of apps from the Cydia Store. Of course, the same can be found in Zebra or Sileo stores.- OpenSSH, as the name suggests, is used for SSH connections.
- Filza is an advanced file manager.
- SSL Kill Switch 2 is used to bypass SSL Pinning on Android.
- Frida allows you to embed your own code in other applications on the fly.
- Jailbreak Bypass Apps
- Choice-advanced configuration tool for settings
- AppSync Unified is a tweak that allows users to install specially signed, fake-signed, or unsigned IPA application packages.
- IPA Installer-allows you to create IPAs from source or install IPA packages directly from your device.
Having a machine with all the necessary tools pre-installed is cool, so I recommend Mobexler as a virtual machine.
If you still only need a couple of third-party tools, I'll give you a quick overview of the most popular tools that I use in almost all of my iOS projects. All the installation tools and methods described below are designed for Ubuntu, but you can find information about Windows.
MobSF
The Mobile Security Framework (MobSF) is an automated, universal platform for testing mobile applications (Android / iOS / Windows), analyzing malware, and evaluating security.MobSF has features such as vulnerability detection, code analysis for malware, static and dynamic vulnerability detection, network traffic analysis, API security verification, and much more.
You can use MobSF to perform static and dynamic analysis of mobile apps. Static analysis allows you to examine the source code and resources of an application without actually executing it. Dynamic analysis involves running an application in a controlled environment and monitoring its behavior in real time.
Installation is simple and consists of the following three steps:
| git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git Mobilecd -Security-Framework-MobSF ./setup.sh |
We reviewed MobSF in our review of the best vulnerability scanners.
Frida
As already mentioned many times, Frida is a must-have tool that every pentester should have in their arsenal of hacking programs. Frida allows you to perform dynamic analysis by embedding JavaScript scripts that interact with the operating system.Frida can intercept any function, monitor the API or application code.
You can easily install Frida using:
| python3 -m pip install frida-tools |
Once you have installed Frida on your hacker station, you can easily search for already created scripts on https://codeshare.frida.re/ or create your own. Alternatively, you can use scripts with any of the following commands:
| frida -U -f Twitter -l script.js frida -U -F -l script.js |
We discussed the use of Frida in the article "Embedding code in someone else's application using Frida".
Objection
Objectionis a set of pentester tools created on the basis of Frida, which helps to assess the security level of mobile applications without jailbreaking.You can set an Object using pip:
| python3 -m pip install objection |
Runtime Mobile Security (RMS)
Runtime Mobile Security (RMS) allows you to monitor and analyze the network interaction of a mobile application to detect potential vulnerabilities, data leaks, or suspicious activity. Uses machine learning and behavior analysis algorithms to detect abnormal actions or potentially malicious app activity.To install RMS:
| installnpm -g rms-runtime-mobile-security |
Grapefruit
Grapefruit, formerly known as Passionfruit, allows you to view objects stored in a keychain, the private directory of the entire application, decompiled source code, and much more.Installing Grapefruit:
| installnpm -g igf |
