Automating the UI for blackbox testing

During blackbox security testing, it is often the case that you need to explore the application. Mostly to understand what it does and what sort of interactions it has with the outside world. It is also a good way to determine what code a user might end up exercising during their use of the application. In case of iOS, most of the App activity will be user triggered and the other parts will be things like polling of the web api for changes. Either way, the App’s activity and any potential vulnerabilities are largely triggered by the user.

Tracing Objective-C method calls

Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.

Building libraries for iOS

In this blog we talk about how to build a library in a simple way. This is designed for those who only care about the quickest and easiest way to build a command line program or a dylib for a jailbroken iOS platform. So, it is not an exhaustive manual of all the possibilities but rather a quick reference guide to get you started.