idb v2.10.0 – iOS App Security Assessment Tool and research.

idb v2.10.0 – iOS App Security Assessment Tool and research.

Changelog idb v2.10.0:
+ iOS 10 support

idb is a tool to simplify some common tasks for iOS app security assessments and research. idb had the ability to dump the keychain of a jailbroken iDevice. So far, idb has been using the keychain_dump utility which is part of the iphone-dataprotection forensics tools to accomplish this. However, this tool has some major limitations in that it does not support the new data protection classes introduced in recent iOS versions, lacks support for Keychain ACLs, and is a pure ‘dump’ utility without editing capabilities.


idb Running On Ubuntu 14.0.4 Produce Machine

* Assessment Setup
++ SSH port forwarding
++ Installation of helper utilities

* App Information
++ Bundle information
++ Registered URL Schemes
++ Platform and SDK Versions
++ Data folder location
++ Entitlements

* Data Storage
++ List plist files and data protection class
++ List sqlite files and data protection class
++ List Cache.db files and data protection class
++ Full app file system browser
+-+ Browse files
+-+ Download/view files
+-+ Check data protection
+-+ Rsync folders and keep git revisions
++ Dump iOS keychain

* Binary Analysis
++ Check for encryption
++ Check for protections (ASLR/PIE, DEP, ARC)
++ List shared libraries
++ Extract strings in app binary
++ Dump class and method signatures

++ List URL handlers
++ Invoke and fuzz URL handlers

* Other Tools
++ Check for iOS backgrounding screenshot
++ Install certificates
++ Edit /etc/hosts file

Usage and Download:

Source: | Our Post Before