Can we run apps that was build for iOS apps? .. The answer is yes!!!
There are few techinques that you can use to obtained the legit IPA files from AppStore. If you have a jailbreak your iphone the whole process becomes lot easier . If not follow the guides below
Legitimate IPA from AppStore can be install directly simply by doubleclicking the IPA. In this I run extract the Shopee App IPA and run it directly:
But running IOS App Directly is not that useful at all especially for security enthusiast.
Can we intercept the traffic MITM etc3? –> the answer is Yes . In this example the Burpsuite Proxy was configured locally , just change the proxies setting in OSX to your usual Burp endpoints.
Can we do a low-level dtrace stack examination? The answer is probably yes but it requires you to disable the SIP.
Frida gadget works as expected.
The next on to do list if I have the time:
- Quick method to attached the app to xcode/gdb debugger.
- Auto-signing unsigned app. ios app signer is good but could be better for cli.
- Escaping the ios app sandbox.