From 69e9889fc0e34547c2b754d4a0c1b7196f383889 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Sat, 20 Jul 2024 11:23:09 +0200 Subject: [PATCH 1/9] Add Corellium tools page with benefits and limitations --- ...0x04c-Tampering-and-Reverse-Engineering.md | 2 +- Document/0x06b-iOS-Security-Testing.md | 2 +- docs/tools/MASTG-TOOL-0105.md | 31 +++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 docs/tools/MASTG-TOOL-0105.md diff --git a/Document/0x04c-Tampering-and-Reverse-Engineering.md b/Document/0x04c-Tampering-and-Reverse-Engineering.md index 698c06121d..9fd281da24 100644 --- a/Document/0x04c-Tampering-and-Reverse-Engineering.md +++ b/Document/0x04c-Tampering-and-Reverse-Engineering.md @@ -165,7 +165,7 @@ QEMU based emulators for Android take into consideration the RAM, CPU, battery p In simple words, an emulator is a much closer imitation of the targeted platform, while a simulator mimics only a part of it. -Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution - [Corellium](../techniques/ios/MASTG-TECH-0088.md#corellium). +Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](../tools/MASTG-TOOL-0105.md). ### Custom Tooling with Reverse Engineering Frameworks diff --git a/Document/0x06b-iOS-Security-Testing.md b/Document/0x06b-iOS-Security-Testing.md index 441c2f196a..5c79e8c3cc 100644 --- a/Document/0x06b-iOS-Security-Testing.md +++ b/Document/0x06b-iOS-Security-Testing.md @@ -69,7 +69,7 @@ Unlike the Android emulator, which fully emulates the hardware of an actual Andr ### Testing on an Emulator -[Corellium](../techniques/ios/MASTG-TECH-0088.md#corellium) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model and does not offer community licenses. +[Corellium](../tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model and does not offer community licenses. ### Getting Privileged Access diff --git a/docs/tools/MASTG-TOOL-0105.md b/docs/tools/MASTG-TOOL-0105.md new file mode 100644 index 0000000000..860a746adb --- /dev/null +++ b/docs/tools/MASTG-TOOL-0105.md @@ -0,0 +1,31 @@ +--- +title: Corellium +platform: generic +source: https://corellium.com +--- + +Corellium is a powerful iOS and Android device virtualization platform that provides a comprehensive suite of tools for security researchers, developers, and testers. It allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. + +## Overview + +Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices are fully functional and can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing virtual devices, as well as APIs for automation and integration with other tools. + +## Benefits + +1. **Scalability**: Corellium allows users to create multiple virtual devices, making it easy to scale testing efforts. +2. **Accessibility**: The cloud-based platform can be accessed from anywhere, enabling remote collaboration and testing. +3. **Isolation**: Virtual devices run in isolated environments, reducing the risk of affecting real devices or networks. +4. **Flexibility**: Corellium supports a wide range of iOS and Android versions, allowing users to test applications on different OS versions and configurations. +5. **Advanced Features**: Corellium provides advanced features such as kernel debugging, dynamic instrumentation, and network analysis. + +## Limitations + +1. **Cost**: Corellium is a commercial solution with a subscription-based pricing model, which may be expensive for some users. +2. **Availability**: Corellium is primarily targeted at enterprise users and may not be accessible to individual researchers or small teams. +3. **Learning Curve**: The platform offers a wide range of features, which may require some time to learn and master. + +## Use Cases + +1. **Security Testing**: Corellium is widely used by security researchers to identify vulnerabilities in iOS and Android applications. The platform's advanced features, such as kernel debugging and dynamic instrumentation, make it an ideal tool for in-depth security analysis. +2. **App Development**: Developers can use Corellium to test their applications on different OS versions and configurations, ensuring compatibility and performance across a wide range of devices. +3. **Research**: Corellium provides a controlled environment for conducting research on mobile operating systems and applications. Researchers can use the platform to study malware, analyze system behavior, and develop new security techniques. From 453585368c4087b3ba500edd06d368735bf05382 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Fri, 26 Jul 2024 12:31:23 +0200 Subject: [PATCH 2/9] Apply suggestions from code review Co-authored-by: Jeroen Beckers --- Document/0x06b-iOS-Security-Testing.md | 2 +- docs/tools/MASTG-TOOL-0105.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Document/0x06b-iOS-Security-Testing.md b/Document/0x06b-iOS-Security-Testing.md index 5c79e8c3cc..d9ea0aaac4 100644 --- a/Document/0x06b-iOS-Security-Testing.md +++ b/Document/0x06b-iOS-Security-Testing.md @@ -69,7 +69,7 @@ Unlike the Android emulator, which fully emulates the hardware of an actual Andr ### Testing on an Emulator -[Corellium](../tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model and does not offer community licenses. +[Corellium](../tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses. ### Getting Privileged Access diff --git a/docs/tools/MASTG-TOOL-0105.md b/docs/tools/MASTG-TOOL-0105.md index 860a746adb..a19182bf70 100644 --- a/docs/tools/MASTG-TOOL-0105.md +++ b/docs/tools/MASTG-TOOL-0105.md @@ -4,11 +4,11 @@ platform: generic source: https://corellium.com --- -Corellium is a powerful iOS and Android device virtualization platform that provides a comprehensive suite of tools for security researchers, developers, and testers. It allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. +Corellium is an iOS and Android device virtualization platform that provides a various tools for security researchers, developers, and testers. It allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. ## Overview -Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices are fully functional and can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing virtual devices, as well as APIs for automation and integration with other tools. +Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing virtual devices, as well as APIs for automation and integration with other tools. ## Benefits @@ -26,6 +26,6 @@ Corellium offers a cloud-based solution that enables users to run virtualized iO ## Use Cases -1. **Security Testing**: Corellium is widely used by security researchers to identify vulnerabilities in iOS and Android applications. The platform's advanced features, such as kernel debugging and dynamic instrumentation, make it an ideal tool for in-depth security analysis. +1. **Security Testing**: Corellium is widely used by security researchers to identify vulnerabilities in iOS and Android applications. The platform's advanced features, such as kernel debugging and dynamic instrumentation, make it a powerful tool for in-depth security analysis. 2. **App Development**: Developers can use Corellium to test their applications on different OS versions and configurations, ensuring compatibility and performance across a wide range of devices. 3. **Research**: Corellium provides a controlled environment for conducting research on mobile operating systems and applications. Researchers can use the platform to study malware, analyze system behavior, and develop new security techniques. From da459976a1940d13c394dac65f018a15bba9078b Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Sat, 27 Jul 2024 10:09:56 +0200 Subject: [PATCH 3/9] fix md links --- Document/0x04c-Tampering-and-Reverse-Engineering.md | 2 +- Document/0x06b-iOS-Security-Testing.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Document/0x04c-Tampering-and-Reverse-Engineering.md b/Document/0x04c-Tampering-and-Reverse-Engineering.md index 9fd281da24..9f31166562 100644 --- a/Document/0x04c-Tampering-and-Reverse-Engineering.md +++ b/Document/0x04c-Tampering-and-Reverse-Engineering.md @@ -165,7 +165,7 @@ QEMU based emulators for Android take into consideration the RAM, CPU, battery p In simple words, an emulator is a much closer imitation of the targeted platform, while a simulator mimics only a part of it. -Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](../tools/MASTG-TOOL-0105.md). +Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](/tools/MASTG-TOOL-0105.md). ### Custom Tooling with Reverse Engineering Frameworks diff --git a/Document/0x06b-iOS-Security-Testing.md b/Document/0x06b-iOS-Security-Testing.md index d9ea0aaac4..a2cb605980 100644 --- a/Document/0x06b-iOS-Security-Testing.md +++ b/Document/0x06b-iOS-Security-Testing.md @@ -69,7 +69,7 @@ Unlike the Android emulator, which fully emulates the hardware of an actual Andr ### Testing on an Emulator -[Corellium](../tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses. +[Corellium](/tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses. ### Getting Privileged Access From 791f1333e0098d83ea010ea22da17dde0b5d03cc Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 27 Jul 2024 09:17:29 +0100 Subject: [PATCH 4/9] Update --- docs/tools/MASTG-TOOL-0105.md | 47 +++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/docs/tools/MASTG-TOOL-0105.md b/docs/tools/MASTG-TOOL-0105.md index a19182bf70..65fb9493ea 100644 --- a/docs/tools/MASTG-TOOL-0105.md +++ b/docs/tools/MASTG-TOOL-0105.md @@ -4,28 +4,43 @@ platform: generic source: https://corellium.com --- -Corellium is an iOS and Android device virtualization platform that provides a various tools for security researchers, developers, and testers. It allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. +Corellium is an iOS and Android device virtualization platform that allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. ## Overview -Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing virtual devices, as well as APIs for automation and integration with other tools. +Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing the virtual devices, as well as APIs for automation and integration with other tools. -## Benefits +## iOS emulation -1. **Scalability**: Corellium allows users to create multiple virtual devices, making it easy to scale testing efforts. -2. **Accessibility**: The cloud-based platform can be accessed from anywhere, enabling remote collaboration and testing. -3. **Isolation**: Virtual devices run in isolated environments, reducing the risk of affecting real devices or networks. -4. **Flexibility**: Corellium supports a wide range of iOS and Android versions, allowing users to test applications on different OS versions and configurations. -5. **Advanced Features**: Corellium provides advanced features such as kernel debugging, dynamic instrumentation, and network analysis. +Corellium is the only available commercial option for iOS emulation. It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications. -## Limitations +Through the GUI, Corellium provides multiple features that are interesting for security testing: -1. **Cost**: Corellium is a commercial solution with a subscription-based pricing model, which may be expensive for some users. -2. **Availability**: Corellium is primarily targeted at enterprise users and may not be accessible to individual researchers or small teams. -3. **Learning Curve**: The platform offers a wide range of features, which may require some time to learn and master. +* Built-in file browser +* Built-in Frida server +* App overview and IPA installer +* Certificate-pinning bypass (may not always work) +* Snapshot management -## Use Cases +While Corellium has some very powerfull tools to analyze both applications and iOS itself, it does have a few important limitations: -1. **Security Testing**: Corellium is widely used by security researchers to identify vulnerabilities in iOS and Android applications. The platform's advanced features, such as kernel debugging and dynamic instrumentation, make it a powerful tool for in-depth security analysis. -2. **App Development**: Developers can use Corellium to test their applications on different OS versions and configurations, ensuring compatibility and performance across a wide range of devices. -3. **Research**: Corellium provides a controlled environment for conducting research on mobile operating systems and applications. Researchers can use the platform to study malware, analyze system behavior, and develop new security techniques. +* **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. +* **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. +* **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. + +## Android emulation + +Android images are available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an OpenGApps package. + +Through the GUI, Corellium provides multiple features that are interesting for security testing: + +* Built-in file browser +* Built-in Frida server +* App overview and IPA installer +* Certificate-pinning bypass (may not always work) +* Snapshot management + +However, some features are not supported: + +* **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. +* **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. \ No newline at end of file From 92faa77e4b607331549e096e2e9b4aaee4caa4c8 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Sat, 27 Jul 2024 11:28:04 +0200 Subject: [PATCH 5/9] fix links to the tool --- Document/0x04c-Tampering-and-Reverse-Engineering.md | 2 +- Document/0x06b-iOS-Security-Testing.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Document/0x04c-Tampering-and-Reverse-Engineering.md b/Document/0x04c-Tampering-and-Reverse-Engineering.md index 9f31166562..e2b4d60711 100644 --- a/Document/0x04c-Tampering-and-Reverse-Engineering.md +++ b/Document/0x04c-Tampering-and-Reverse-Engineering.md @@ -165,7 +165,7 @@ QEMU based emulators for Android take into consideration the RAM, CPU, battery p In simple words, an emulator is a much closer imitation of the targeted platform, while a simulator mimics only a part of it. -Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](/tools/MASTG-TOOL-0105.md). +Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](/MASTG/tools/generic/MASTG-TOOL-0105). ### Custom Tooling with Reverse Engineering Frameworks diff --git a/Document/0x06b-iOS-Security-Testing.md b/Document/0x06b-iOS-Security-Testing.md index a2cb605980..a51efb291c 100644 --- a/Document/0x06b-iOS-Security-Testing.md +++ b/Document/0x06b-iOS-Security-Testing.md @@ -69,7 +69,7 @@ Unlike the Android emulator, which fully emulates the hardware of an actual Andr ### Testing on an Emulator -[Corellium](/tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses. +[Corellium](/MASTG/tools/generic/MASTG-TOOL-0105) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses. ### Getting Privileged Access From c50ec4c64391767841c70edbe6c8d8ca956ea8ba Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Fri, 2 Aug 2024 08:27:43 +0200 Subject: [PATCH 6/9] fix md lint errors --- docs/tools/MASTG-TOOL-0105.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/tools/MASTG-TOOL-0105.md b/docs/tools/MASTG-TOOL-0105.md index 65fb9493ea..c8ca9fec7b 100644 --- a/docs/tools/MASTG-TOOL-0105.md +++ b/docs/tools/MASTG-TOOL-0105.md @@ -16,31 +16,31 @@ Corellium is the only available commercial option for iOS emulation. It is possi Through the GUI, Corellium provides multiple features that are interesting for security testing: -* Built-in file browser -* Built-in Frida server -* App overview and IPA installer -* Certificate-pinning bypass (may not always work) -* Snapshot management +- Built-in file browser +- Built-in Frida server +- App overview and IPA installer +- Certificate-pinning bypass (may not always work) +- Snapshot management -While Corellium has some very powerfull tools to analyze both applications and iOS itself, it does have a few important limitations: +While Corellium has some very powerful tools to analyze both applications and iOS itself, it does have a few important limitations: -* **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. -* **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. -* **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. +- **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. +- **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. +- **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. ## Android emulation -Android images are available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an OpenGApps package. +Android images are available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an [OpenGApps](https://support.corellium.com/features/apps/opengapps) package. Through the GUI, Corellium provides multiple features that are interesting for security testing: -* Built-in file browser -* Built-in Frida server -* App overview and IPA installer -* Certificate-pinning bypass (may not always work) -* Snapshot management +- Built-in file browser +- Built-in Frida server +- App overview and IPA installer +- Certificate-pinning bypass (may not always work) +- Snapshot management However, some features are not supported: -* **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. -* **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. \ No newline at end of file +- **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. +- **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. \ No newline at end of file From 24f5859dc8c2d3cdd9c3bfebb250f281193dddb7 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Fri, 2 Aug 2024 08:30:07 +0200 Subject: [PATCH 7/9] move tool --- {docs/tools => tools/generic}/MASTG-TOOL-0105.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {docs/tools => tools/generic}/MASTG-TOOL-0105.md (100%) diff --git a/docs/tools/MASTG-TOOL-0105.md b/tools/generic/MASTG-TOOL-0105.md similarity index 100% rename from docs/tools/MASTG-TOOL-0105.md rename to tools/generic/MASTG-TOOL-0105.md From 2d9948bd80b7b30f36a46b3ca061506f4a26da69 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Fri, 2 Aug 2024 08:51:46 +0200 Subject: [PATCH 8/9] update corellium content --- tools/generic/MASTG-TOOL-0105.md | 35 ++++++++++++++------------------ 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/tools/generic/MASTG-TOOL-0105.md b/tools/generic/MASTG-TOOL-0105.md index c8ca9fec7b..460522727b 100644 --- a/tools/generic/MASTG-TOOL-0105.md +++ b/tools/generic/MASTG-TOOL-0105.md @@ -10,37 +10,32 @@ Corellium is an iOS and Android device virtualization platform that allows users Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing the virtual devices, as well as APIs for automation and integration with other tools. -## iOS emulation - -Corellium is the only available commercial option for iOS emulation. It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications. +The Corellium GUI provides an app overview and app installer and many other features that are interesting for security testing, such as: -Through the GUI, Corellium provides multiple features that are interesting for security testing: +- [Built-in file browser](https://support.corellium.com/features/files/) +- [Built-in Frida server](https://support.corellium.com/features/frida/) +- [Snapshot management](https://support.corellium.com/features/snapshots) +- [Network monitor](https://support.corellium.com/features/network-monitor/) + +## iOS emulation -- Built-in file browser -- Built-in Frida server -- App overview and IPA installer -- Certificate-pinning bypass (may not always work) -- Snapshot management +Corellium is the only available commercial option for [iOS emulation](https://support.corellium.com/devices/ios). It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications. While Corellium has some very powerful tools to analyze both applications and iOS itself, it does have a few important limitations: - **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. - **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. -- **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. +- **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. But it does support [simulated SMS sending](https://support.corellium.com/features/messaging). -## Android emulation +More on iOS testing can be found [here](https://support.corellium.com/features/apps/testing-ios-apps). -Android images are available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an [OpenGApps](https://support.corellium.com/features/apps/opengapps) package. - -Through the GUI, Corellium provides multiple features that are interesting for security testing: +## Android emulation -- Built-in file browser -- Built-in Frida server -- App overview and IPA installer -- Certificate-pinning bypass (may not always work) -- Snapshot management +[Android emulation](https://support.corellium.com/devices/android) is available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an [OpenGApps](https://support.corellium.com/features/apps/opengapps) package. [Bluetooth](https://support.corellium.com/features/apps/bluetooth) is supported. However, some features are not supported: - **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. -- **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. \ No newline at end of file +- **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. + +More on Android testing can be found [here](https://support.corellium.com/features/apps/debug-test-android-apps). From 1b454d80a481115c08322942738fb1d024b6ac68 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Sun, 4 Aug 2024 19:39:45 +0200 Subject: [PATCH 9/9] update tool id --- tools/generic/MASTG-TOOL-0105.md | 41 -------------------------------- tools/generic/MASTG-TOOL-0108.md | 34 ++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 41 deletions(-) delete mode 100644 tools/generic/MASTG-TOOL-0105.md diff --git a/tools/generic/MASTG-TOOL-0105.md b/tools/generic/MASTG-TOOL-0105.md deleted file mode 100644 index 460522727b..0000000000 --- a/tools/generic/MASTG-TOOL-0105.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Corellium -platform: generic -source: https://corellium.com ---- - -Corellium is an iOS and Android device virtualization platform that allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. - -## Overview - -Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing the virtual devices, as well as APIs for automation and integration with other tools. - -The Corellium GUI provides an app overview and app installer and many other features that are interesting for security testing, such as: - -- [Built-in file browser](https://support.corellium.com/features/files/) -- [Built-in Frida server](https://support.corellium.com/features/frida/) -- [Snapshot management](https://support.corellium.com/features/snapshots) -- [Network monitor](https://support.corellium.com/features/network-monitor/) - -## iOS emulation - -Corellium is the only available commercial option for [iOS emulation](https://support.corellium.com/devices/ios). It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications. - -While Corellium has some very powerful tools to analyze both applications and iOS itself, it does have a few important limitations: - -- **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. -- **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. -- **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. But it does support [simulated SMS sending](https://support.corellium.com/features/messaging). - -More on iOS testing can be found [here](https://support.corellium.com/features/apps/testing-ios-apps). - -## Android emulation - -[Android emulation](https://support.corellium.com/devices/android) is available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an [OpenGApps](https://support.corellium.com/features/apps/opengapps) package. [Bluetooth](https://support.corellium.com/features/apps/bluetooth) is supported. - -However, some features are not supported: - -- **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. -- **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. - -More on Android testing can be found [here](https://support.corellium.com/features/apps/debug-test-android-apps). diff --git a/tools/generic/MASTG-TOOL-0108.md b/tools/generic/MASTG-TOOL-0108.md index 2d3908a4c3..460522727b 100644 --- a/tools/generic/MASTG-TOOL-0108.md +++ b/tools/generic/MASTG-TOOL-0108.md @@ -5,3 +5,37 @@ source: https://corellium.com --- Corellium is an iOS and Android device virtualization platform that allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment. + +## Overview + +Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing the virtual devices, as well as APIs for automation and integration with other tools. + +The Corellium GUI provides an app overview and app installer and many other features that are interesting for security testing, such as: + +- [Built-in file browser](https://support.corellium.com/features/files/) +- [Built-in Frida server](https://support.corellium.com/features/frida/) +- [Snapshot management](https://support.corellium.com/features/snapshots) +- [Network monitor](https://support.corellium.com/features/network-monitor/) + +## iOS emulation + +Corellium is the only available commercial option for [iOS emulation](https://support.corellium.com/devices/ios). It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications. + +While Corellium has some very powerful tools to analyze both applications and iOS itself, it does have a few important limitations: + +- **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file. +- **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable. +- **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals. But it does support [simulated SMS sending](https://support.corellium.com/features/messaging). + +More on iOS testing can be found [here](https://support.corellium.com/features/apps/testing-ios-apps). + +## Android emulation + +[Android emulation](https://support.corellium.com/devices/android) is available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an [OpenGApps](https://support.corellium.com/features/apps/opengapps) package. [Bluetooth](https://support.corellium.com/features/apps/bluetooth) is supported. + +However, some features are not supported: + +- **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine. +- **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU. + +More on Android testing can be found [here](https://support.corellium.com/features/apps/debug-test-android-apps).