Apr 4, 2024
iOS App Pentesting and Security Part 1 - Decrypting iOS 16 App by Swaroop Yermalkar
5 min Read
Swaroop Yermalkar is one of Securzy's top cybersecurity instructors. You can view all of his webinars at https://learn.securzy.io/instructor/swaroopsy. In this blog, he shares his guidance on how to decrypt iOS apps on iOS 16
During the process of iOS app penetration testing, one crucial step involves extracting the IPA file followed by conducting a binary analysis of it. In this blog, we will explore the method of extracting an IPA file from a device running iOS 16 or later.
For the purposes of this guide, I will be using a device equipped with iOS 16.3, which has been jailbroken using the palera1n jailbreak tool.
Let's dive into the process of extracting the Instagram iOS app from the device!
Step 1: Verify that your iOS device is jailbroken. This is a prerequisite for the following steps to work effectively.
Step 2: Ensure that the application you wish to reverse engineer is installed on your device. For the purpose of this demonstration, I have installed the Instagram iOS app.
Step 3: Navigate to your device's repository sources and add the following repo: https://iosgods.com/repo/. Once added, search for and open "iGDecrypt" within the repo.
Step 4: Within iGDecrypt, browse for and select the application you intend to decrypt. In our example, we'll be working with the Instagram app.
Step 5: Opt for the "Decrypt & Create IPA" option. This will begin the process of decrypting the app and packaging it into an IPA file for further analysis.
That's all for today's blog! Stay tuned for our upcoming blog series, where we will delve deeper into the world of iOS App Penetration Testing and Security.
About
Swaroop Yermalkar
Swaroop Yermalkar has over 11 years of experience in cybersecurity. He has worked for several companies like ThriveDX, Persistent System, Philips Healthcare, Khoros, and Traveloka in different roles, such as Security Engineer, Lead Product Security, and Head of Cyber Security. He wrote a book called "Learning iOS Penetration Testing" with Packt publication and leads a free and open-source project named OWASP iGoat focused on iOS Application Security.
