Welcome to the iOS-Pentesting wiki!
List identities
./applesign.js -L
Re-sign
./applesign.js -i ABCDEFGHIJKLMNOPQRST /blah/blah.ipa
https://github.com/DanTheMan827/ios-app-signer/releases/tag/1.14
https://slashedm.gitbook.io/xcode-app-signing/where-do-we-go-now/newer-versions
Xcode + iOS App Signer
Install Xcode, open it, and agree to the license agreement.
Plug in your iOS device and select it as the build target.
Open Xcode and create a new iOS Application.
Type a name and identifier.
Xcode will complain about the lack of a provisioning profile. Click fix issue.
Sign into an Apple ID when prompted.
Download iOS App Signer
Download the latest version of unc0ver from above.
Open iOS App Signer.
Select the ipa you just downloaded as an input file.
Click start.
Return to Xcode. Go to the menu bar. Click Window → Devices.
Find your device, click the plus, and select the file created by iOS App Signer.
Objection
frida-ps -Uia
objection --gadget "com.apple.AppStore" explore
objection explore --startup-command 'ios jailbreak simulate'
#Get IPA - frida-iOS-dump
sudo iproxy 2222 22
python3 dump.py com.blah -H 127.0.0.1 -p 2222 -u mobile -P password -o blah.ipa
Connect phone to Mac - run a test app in xcode and fix signing certificates. This should generate a provisioning file.
Find code sigs
security find-identity -p codesigning -v
Patch Frida dylib to ipa
objection patchipa --source blah.ipa --codesign-signature 1234BLAH
objection patchipa --source blah.ipa --codesign-signature 39AAAAAAAAAAAAAAAAAAAAAAAA29 -P '~/Library/MobileDevice/Provisioning Profiles/blah.mobileprovision'
Deploy in debugging mode
ios-deploy --bundle blah.app -W -d
{this might take a while - be patient - lldb will load}
Run in debug mode without installing again
ios-deploy -b blah.app -W -m
Use objection
objection explore