Skip to content

MASTG-TOOL-0073: radare2 (iOS)

radare2 is a complete framework for reverse-engineering and analyzing binaries. The installation instructions can be found in the GitHub repository. To learn more on radare2 you may want to read the official radare2 book.

Learn more:

Techniques

MASTG-TECH-0152: Bypassing Jailbreak Detection MASTG-TECH-0070: Extracting Information from the Application Binary MASTG-TECH-0066: Static Analysis on iOS MASTG-TECH-0118: Obtaining Compiler-Provided Security Features MASTG-TECH-0113: Obtaining Debugging Symbols MASTG-TECH-0082: Extracting Bundled Libraries

Tests

MASTG-TEST-0070: Testing Universal Links

Demos

MASTG-DEMO-0086: Uses of BSD Sockets Bypassing ATS MASTG-DEMO-0084: Hardcoded HTTP URLs in iOS Binary MASTG-DEMO-0110: URLSession Minimum TLS Version Lowered in Code MASTG-DEMO-0111: Network.framework TLS Minimum Version Lowered via sec_protocol_options MASTG-DEMO-0085: Uses of Network Framework Bypassing ATS MASTG-DEMO-0013: Use of Hardcoded RSA Private Key in SecKeyCreateWithData with r2 MASTG-DEMO-0014: Use of Hardcoded ECDSA Private Key in CryptoKit with r2 MASTG-DEMO-0080: Uses of Broken Encryption Modes in CommonCrypto with r2 MASTG-DEMO-0018: Uses of Broken Encryption Algorithms in CommonCrypto with r2 MASTG-DEMO-0073: Uses of Insecure Random Number Generation with r2 MASTG-DEMO-0011: Uses of Insufficient Key Size in SecKeyCreateRandomKey with r2 MASTG-DEMO-0015: Uses of Broken Hashing Algorithms in CommonCrypto with r2 MASTG-DEMO-0016: Uses of Broken Hashing Algorithms in CryptoKit with r2 MASTG-DEMO-0124: Logging APIs Exposing Implementation Details with r2 MASTG-DEMO-0021: Uses of Jailbreak Detection Techniques with r2 MASTG-DEMO-0112: Text Input Fields Not Hiding Sensitive Data MASTG-DEMO-0096: HTML Injection in a Local WebView Leading to Local File Access MASTG-DEMO-0094: Use of the Deprecated UIWebView MASTG-DEMO-0098: References to File Access in WebViews with radare2 MASTG-DEMO-0095: Attacker-Controlled Input in a WebView Leading to Unintended Navigation MASTG-DEMO-0116: Native Anti-Debugging Checks with TracerPid and ptrace