Liberty Tweak

JailProtect Tweak

https://dhiyaneshgeek.github.io/mobile/ Jailbreak Bypass

security/2021/12/25/hopper-disassembler/

https://notsosecure.com/bypassing-
jailbreak-detection-ios

CrackerXI+ Tweak Decrypt Application

IDA pro
Tools and application
Heeper IPA reverse engineering

Class dump IOS

SSL Kill Switch Tweak

SSL Pinning Bypass Check if app handles deeplinks or
Analyze and fuzz
User Objection and Frida universal links ( app:// or https://app.com)

Download Apple File Conduit 2 Tweak If links performs an action the check for
Bypass UDID Restriction Custom URL Schemes CSRF
Download AppSync Unified Tweak
Hidden Functionality Auth Bypass

If scheme Hijacking is possible

Check for session management bugs Does app establish a session?

Hook to bypass Is validation done on client side?

Is JS disabled in WebView Hunt or try for XSS
Check if keychain is wiped after log out or
app uninsatall file:// access is used Path traversal
Authentication
Does app require auth on high risk Client side Web bugs
Is Touch ID working properly or not
operations Web Views Check if another URL scheme is available
Check for notification for sensitive data
Does app have PIN? Check if URI in WebView cannot be
exposure
manipulated by user

Do native method exposed by web view

CoreData

.plist files
Is jail break detection present
Device/App logs
Check if app stores sensitive data Is hecking detection in place hook functions
unencrypted
Volatile Memory Is update required if newer version of app
is available?
NSUserDefaults
does app has min set of permission
SQLite | Cache Firebase | Realm
Is tempering possible Patch functions
Check if UIPasteboard was used IOS PT Client side protection and
is it possible to attach LLDB
Sensitive data in backups Hardening
Are sensitive methods obfuscated?
Sensisitve data in text fields Insecure Data Storage Oofuscation
Is Central Flow Graph obfuscation
Are screenshots allowed on sensitive implemented?
screen
are debug code or symbols strpped
is Sensitive data removed from snapshot
when app is minimized Are exceptions handled correctly

Navigate to var/mobile/Library/Keyboard/ Is Keyboard cache disabled for sensitive Does app use native libs?
Use command: strings dynamic-lexicon.dat
en-dynamic.im data?

Does app clear memory either submitting

sensitive data? Check for known vulnerabilities

Read file Documentation to understand

possible misconfigurations
Check for hardcoded encryption keys
Third Party libraries
Does app allow usage of 3rd-parties
How are encryption keys managed keyboard for sensitive data?
Broken Cryptography
Does app use weak ciphers Is sensitive data masked and anonymized
if sent to 3rd-parties?
Does app reuse encryption keys

Download cydia impactor on your

Does app use ssl/tls correctly windows machine

Check all web-app bugs

Is it possible to bypass using public scripts? Does app have ssl pinning Network API IOS Device Logging Connect your iPhone with USB to machine

Is app transport security configured Click on "Device-->Watch Log"

correctly?

SSH into your iphone and download

keychain dumper

Unzip folder and open it then change the Dumping IOS Key Chain
permission using chmod

Run command ./keychain_dumper