Skip to content

MASTG-TEST-0228: Position Independent Code (PIC) not Enabled

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

PIE (Position Independent Executables) are designed to enhance security by allowing executables to be loaded at random memory addresses, mitigating certain types of attacks.

In the context Mach-O file format of iOS applications:

  • PIE is applicable to executables with the MH_EXECUTE file type, which essentially means the main app binary (e.g. YourApp.app/YourApp).
  • Shared libraries with the MH_DYLIB file type (dylibs and frameworks) are inherently position-independent and do not utilize the MH_PIE flag.

This test case checks if the main executable is compiled with PIE.

Steps

  1. Extract the application and identify the main binary ( Obtaining and Extracting Apps).
  2. Identify all shared libraries ( Get Shared Libraries).
  3. Run Obtaining Compiler-Provided Security Features on the main binary and grep for "pic" or the corresponding keyword used by the selected tool.

Observation

The output should list if PIC is enabled or disabled.

Evaluation

The test case fails if PIC is disabled.