[MASTG-TOOL-0108] Update Corellium tools page with benefits and limitations

Document/0x04c-Tampering-and-Reverse-Engineering.md

@@ -165,7 +165,7 @@ QEMU based emulators for Android take into consideration the RAM, CPU, battery p
 
 In simple words, an emulator is a much closer imitation of the targeted platform, while a simulator mimics only a part of it.
 
-Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution - [Corellium](../techniques/ios/MASTG-TECH-0088.md#corellium).
+Running an app in the emulator gives you powerful ways to monitor and manipulate its environment. For some reverse engineering tasks, especially those that require low-level instruction tracing, emulation is the best (or only) choice. Unfortunately, this type of analysis is only viable for Android, because no free or open source emulator exists for iOS (the iOS simulator is not an emulator, and apps compiled for an iOS device don't run on it). The only iOS emulator available is a commercial SaaS solution. For more information, see the [Corellium tools page](/tools/MASTG-TOOL-0105.md).
 
 ### Custom Tooling with Reverse Engineering Frameworks
 

Document/0x06b-iOS-Security-Testing.md

@@ -69,7 +69,7 @@ Unlike the Android emulator, which fully emulates the hardware of an actual Andr
 
 ### Testing on an Emulator
 
-[Corellium](../techniques/ios/MASTG-TECH-0088.md#corellium) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model and does not offer community licenses.
+[Corellium](/tools/MASTG-TOOL-0105.md) is the only publicly available iOS emulator. It is an enterprise SaaS solution with a per user license model that does not offer community licenses.
 
 ### Getting Privileged Access
 

docs/tools/MASTG-TOOL-0105.md

@@ -0,0 +1,46 @@
+---
+title: Corellium
+platform: generic
+source: https://corellium.com
+---
+
+Corellium is an iOS and Android device virtualization platform that allows users to create and manage virtual devices, perform dynamic analysis, and test applications in a controlled environment.
+
+## Overview
+
+Corellium offers a cloud-based solution that enables users to run virtualized iOS and Android devices. These virtual devices can be used for various purposes, including security testing, app development, and research. Corellium provides a web-based interface for managing the virtual devices, as well as APIs for automation and integration with other tools.
+
+## iOS emulation
+
+Corellium is the only available commercial option for iOS emulation. It is possible to launch all types of iOS devices with any supported iOS version. Each device can be jailbroken from the start, so even recent versions of iOS can be used to analyze applications.
+
+Through the GUI, Corellium provides multiple features that are interesting for security testing:
+
+* Built-in file browser
+* Built-in Frida server
+* App overview and IPA installer
+* Certificate-pinning bypass (may not always work)
+* Snapshot management
+
+While Corellium has some very powerfull tools to analyze both applications and iOS itself, it does have a few important limitations:
+
+* **No App Store**: The devices do not have the App Store, which means you cannot use a Corellium device to obtain a decrypted version of an IPA file.
+* **No Apple Services**: Access to Apple services (including iMessage and push notifications) is unavailable.
+* **No Camera / Cellular / NFC / Bluetooth**: Apps running on Corellium do not have access to these peripherals.
+
+## Android emulation
+
+Android images are available in both the `user` and `userdebug` configuration and all images are rooted by default. Google Play and other Google Services are not installed by default, but Corellium does allow you to install them via an OpenGApps package.
+
+Through the GUI, Corellium provides multiple features that are interesting for security testing:
+
+* Built-in file browser
+* Built-in Frida server
+* App overview and IPA installer
+* Certificate-pinning bypass (may not always work)
+* Snapshot management
+
+However, some features are not supported:
+
+* **TrustZone**: It is not possible to access a Keymaster, or use PlayReady or WideFine.
+* **SELinux in Permissive mode**: SELinux is set to permissive mode, which may be detected by applications. This is typically not the case for physical devices rooted with Magisk or KernelSU.