IOS Application Security Part 15 - Static Analysis of IOS Applications using iNalyzer

by Prateek Gianchandani
Oct. 8, 2017 0 comments INFOSEC Institute Pen Testing & Audits

In the previous article, we looked at how we can use Sogeti Data protection tools to boot an iDevice using a custom ramdisk with the help of a bootrom exploit. In this article, we will look at a tool named iNalyzer than we can use for black box assessment of IOS applications. iNalyzer allows us to view the class information, perform runtime analysis and many other things. Basically it automates the efforts of decrypting the application, dumping class information and presents it in a much more presentable way. We can also hook into a running process just like Cycript and invoke methods during runtime. iNalyzer is developed and maintained by AppSec Labs and its offical page can be found here. iNalyzer is also made available open source and its github page can be found here. iNalyzer require some dependencies to be installed before use. Please make sure to install Graphviz and Doxygen as iNalyzer won’t function without these. Also, please note that while performing my tests on a Mac O...