-
Notifications
You must be signed in to change notification settings - Fork 859
Running Patched iOS Applications
Running patched applications on iOS devices require us to side load and run them using external tools. For macOS users, ios-deploy
is perfect for this. For Linux users, the libimobiledevice
project provides commands to perform similar tasks.
Unfortunately, you will need macOS to patch the IPA. However, once patched, the IPA can be installed and run using idevicedebug
on Linux.
For macOS users, the ios-deploy utility can handle the installation and running of patched applications for you. libimobiledevice
is available in Homebrew, so following the steps described for Linux users could be adapted for your MAC as well.
Installing ios-deploy
is as simple as:
npm install -g ios-deploy
Once installed, you should have the ios-deploy
command available in your PATH
.
To install and run your application:
- Extract the IPA package with
unzip my-app.ipa
. This should leave you with aPayload/
directory. - Attach your iOS device to your computer via USB and ensure that it is unlocked.
- Run
ios-deploy
withios-deploy --bundle Payload/my-app.app -W -d
wheremy-app.app
is the folder where your application lives.
You should see the lldb
debugger pop up and print out a 'success' message. The application you are running will appear to be in a 'frozen' state for a while. This is because the Frida gadget takes some time to finish loading. After some time, you should be able to run objection explore
and land in a successfully connected prompt :)
Using Linux, libimobiledevice is a great set of tools to accomplish the IPA installation and running thereof.
NOTE: Unfortunately, I just cant get ideviceinstaller
to work on Kali Linux. If anyone has some insight, or can get it to work, please let me know!
Depending on your distribution, libimobiledevice
and ideviceinstaller
may already be in its package repositories. Using an installation of Kali Linux, the required utilities provided by libimobiledevice
can be installed with apt install libimobiledevice-utils ideviceinstaller
.
Using Arch linux, pacman
can be used to install libimobiledevice
from 'Extras', and AUR used to install ideviceinstaller.
This should make various 'idevice*' commands available, such as idevicestatus
and idevicedebug
.
Ro tun the application, simply run the idevicedebug
command, specifying the bundle identifier for the app as the last argument. So, if we were to run a SensePost application:
idevicedebug -d run com.sensepost.app