How to hack iOS apps

Issue #19

We need to care about security nowadays, here are some links I find useful to read more about this matter

• https://github.com/Naituw/IPAPatch
• https://github.com/cyanzhong/Retriever
• https://github.com/KJCracks/Clutch
• https://github.com/pjebs/Obfuscator-iOS
• https://github.com/UrbanApps/UAObfuscatedString
• https://www.raywenderlich.com/46223/ios-app-security-analysis-part-2
• http://www.splinter.com.au/2014/09/16/storing-secret-keys/
• Anastasiia Voitova: Keys from the castle: ancient art of managing keys and trust
• https://www.hopperapp.com/
• https://github.com/iosre/iOSAppReverseEngineering
• CocoaPods, Exposed
• Analysis of the Facebook.app for iOS [v. 87.0]
• http://quellish.tumblr.com/post/126712999812/how-on-earth-the-facebook-ios-application-is-so
• https://www.objc.io/issues/19-debugging/
• https://github.com/felixgr/secure-ios-app-dev
• App Security in Swift
• Securing Communications on iOS
• How I discovered Instagram’s upcoming video calling feature on iOS
• https://blog.superhuman.com/advanced-swift-debugging-for-uikit-e154d1c28aaf
• http://blog.zats.io/2017/12/27/iPhone-X-home-button/
• https://medium.com/@nathangitter/exploring-apps-without-jailbreaking-e932904f9863
• https://academy.realm.io/posts/conrad-kramer-reverse-engineering-ios-apps-lyft/
• https://github.com/BishopFox/iSpy
• https://github.com/Polidea/SiriusObfuscator
• https://oleb.net/2018/photos-data-model/
• The art of spelunking https://vimeo.com/290322018
• https://briancoyner.github.io/xcode/2017/05/14/xcode-attach-debugger-to-apple-apps.html
• https://medium.com/@vixentael/popular-note-taking-apps-share-these-security-flaws-security-tips-for-developers-326180e41329
• https://medium.com/@kennethpoon/lets-write-swift-code-to-intercept-ssl-pinning-https-requests-12446303cc9d
• https://medium.com/@kennethpoon/how-to-perform-ios-code-injection-on-ipa-files-1ba91d9438db
• https://github.com/armadsen/analyze_apps
• https://github.com/rockbruno/swiftshield
• https://rambo.codes/ios/2019/01/11/hacking-with-private-apis-on-ipad.html
• https://github.com/MichaelMKenny/ios-13-light-dark-wallpaper-app
• https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
• https://github.com/ios-control/ios-deploy Install and debug iPhone apps from the command line, without using Xcode
• Abusing iOS’ Screenshot Cropping Mechanism https://bryce.co/screenshot-cropping/
• https://github.com/kov4l3nko/MEDUZA A more or less universal SSL unpinning tool for iOS
• https://github.com/macmade/KeychainCracker

Detecting languages and framework

• https://blog.timac.org/2020/1019-evolution-of-the-programming-languages-from-iphone-os-to-ios-14/

iOS Security

• https://github.com/securing/IOSSecuritySuite

Private frameworks

• https://github.com/jenghis/nshift/blob/master/nshift/CBBlueLightClient.h
• Dynamic - Call hidden/private API in style! The Swift way.

Hack macOS apps

• Xcode, the ultimate debugging and cracking tool
• REVERSE ENGINEERING STICKIES.APP
• https://github.com/OWASP/owasp-mstg
• https://echoone.com/filejuicer/
• https://imazing.com/

Private frameworks

• https://github.com/sindresorhus/touch-bar-simulator

Hacking Apple

• https://samcurry.net/hacking-apple/

Hack Android apps

• Reverse Engineering The Medium App (and making all stories in it free)

---

Updated at 2021-02-23 10:56:28