Can we run apps that was build for iOS apps? .. The answer is yes!!!

There are few techinques that you can use to obtained the legit IPA files from AppStore. If you have a jailbreak your iphone the whole process becomes lot easier . If not  follow the guides below

How to Install iPhone or iPad Apps on an M1 Mac
Apple’s M1 Macs, which are the first to be powered by an Apple-designed Arm-based chip, are able to run iOS and iPadOS apps because of the common...

Legitimate IPA from AppStore can be install directly simply by doubleclicking the IPA. In this I run extract the Shopee App IPA  and run it directly:

Running the Shopee App

But running IOS App Directly is not that useful at all especially for security enthusiast.

Can we intercept the traffic MITM etc3? –> the answer is Yes .  In this example the Burpsuite Proxy was configured locally , just change the proxies setting in OSX to your usual Burp endpoints.

Traffic intercepting/inspection via Burp is a breeze

Can we do a low-level dtrace stack examination? The answer is probably yes but it requires you to disable the SIP.

SIP is enforced.

Frida gadget works as expected.

The next on to do list if I have the time:

  • Quick method to attached the app to xcode/gdb debugger.
  • Auto-signing unsigned app. ios app signer is good but could be better for cli.
  • Escaping the ios app sandbox.