MASTG-TOOL-0073: radare2 (iOS)

radare2 is a complete framework for reverse-engineering and analyzing binaries. The installation instructions can be found in the GitHub repository. To learn more on radare2 you may want to read the official radare2 book.

Learn more:

• r2wiki
• Loading iOS binaries to radare2
• GitHub radare2 Docs - iOS

Techniques

MASTG-TECH-0113: Obtaining Debugging Symbols MASTG-TECH-0118: Obtaining Compiler-Provided Security Features MASTG-TECH-0152: Bypassing Jailbreak Detection MASTG-TECH-0070: Extracting Information from the Application Binary MASTG-TECH-0066: Static Analysis on iOS MASTG-TECH-0082: Extracting Bundled Libraries MASTG-TECH-0166: Identifying Custom URL Scheme Registrations in iOS Apps

Tests

MASTG-TEST-0070: Testing Universal Links

Demos

MASTG-DEMO-0116: Native Anti-Debugging Checks with TracerPid and ptrace MASTG-DEMO-0124: Logging APIs Exposing Implementation Details with r2 MASTG-DEMO-0150: References to Storage Integrity Check APIs with radare2 MASTG-DEMO-0021: Uses of Jailbreak Detection Techniques with r2 MASTG-DEMO-0014: Use of Hardcoded ECDSA Private Key in CryptoKit with r2 MASTG-DEMO-0016: Uses of Broken Hashing Algorithms in CryptoKit with r2 MASTG-DEMO-0013: Use of Hardcoded RSA Private Key in SecKeyCreateWithData with r2 MASTG-DEMO-0011: Uses of Insufficient Key Size in SecKeyCreateRandomKey with r2 MASTG-DEMO-0015: Uses of Broken Hashing Algorithms in CommonCrypto with r2 MASTG-DEMO-0073: Uses of Insecure Random Number Generation with r2 MASTG-DEMO-0018: Uses of Broken Encryption Algorithms in CommonCrypto with r2 MASTG-DEMO-0080: Uses of Broken Encryption Modes in CommonCrypto with r2 MASTG-DEMO-0143: Sensitive Data Returned to Page JavaScript via evaluateJavaScript in a WKScriptMessageHandler MASTG-DEMO-0096: HTML Injection in a Local WebView Leading to Local File Access MASTG-DEMO-0098: References to File Access in WebViews with radare2 MASTG-DEMO-0146: Sensitive Data Written into WebView DOM via evaluateJavaScript MASTG-DEMO-0094: Use of the Deprecated UIWebView MASTG-DEMO-0144: Password Field Rendered in WebView DOM Without Native Overlay MASTG-DEMO-0145: DOM Inspection Using evaluateJavaScript Without Content World Isolation MASTG-DEMO-0095: Attacker-Controlled Input in a WebView Leading to Unintended Navigation MASTG-DEMO-0112: Text Input Fields Not Hiding Sensitive Data MASTG-DEMO-0142: Sensitive Data and Functionality Exposed Through a WKWebView Native Bridge MASTG-DEMO-0155: WKNavigationDelegate Accepting Any Server Certificate MASTG-DEMO-0110: URLSession Minimum TLS Version Lowered in Code MASTG-DEMO-0085: Uses of Network Framework Bypassing ATS MASTG-DEMO-0086: Uses of BSD Sockets Bypassing ATS MASTG-DEMO-0154: URLSessionDelegate Accepting Any Server Certificate MASTG-DEMO-0111: Network.framework TLS Minimum Version Lowered via sec_protocol_options MASTG-DEMO-0084: Hardcoded HTTP URLs in iOS Binary