Skip to content

MASTG-TEST-0082: Testing whether the App is Debuggable

Overview

Static Analysis

Extract the entitlements from the app ( Extracting Entitlements from MachO Binaries) and check the value of the get-task-allow key. If it is set to true, the app is debuggable.

$ ldid -e iGoat-Swift.app/iGoat-Swift

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>TNAJ496RHB.OWASP.iGoat-Swift</string>
    <key>com.apple.developer.team-identifier</key>
    <string>TNAJ496RHB</string>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>TNAJ496RHB.OWASP.iGoat-Swift</string>
    </array>
</dict>
</plist>

Dynamic Analysis

Check whether you can attach a debugger directly, as explained in Debugging.

Note: if the application is equipped with anti-reverse engineering controls, then the debugger can be detected and stopped.