├── LEGACY.md ├── README.md ├── pdf ├── Mobile_Hacking_Android_cheatsheet_v0.1.pdf ├── Mobile_Hacking_Android_cheatsheet_v1.0.pdf ├── Mobile_Hacking_iOS_cheatsheet_v0.1.pdf ├── Mobile_Hacking_iOS_cheatsheet_v1.0.pdf ├── RANDORISEC_Mobile_Hacking_Android_Assessing_Apps_cheatsheet_v1.1.pdf └── RANDORISEC_Mobile_Hacking_iOS_Assessing_Apps_cheatsheet_v1.1.pdf └── pics ├── Mobile_Hacking_Android_cheatsheet_v0.1_slide1.png ├── Mobile_Hacking_Android_cheatsheet_v0.1_slide2.png ├── Mobile_Hacking_Android_cheatsheet_v1.0_slide1.png ├── Mobile_Hacking_Android_cheatsheet_v1.0_slide2.png ├── Mobile_Hacking_iOS_cheatsheet_v0.1_slide1.png ├── Mobile_Hacking_iOS_cheatsheet_v0.1_slide2.png ├── Mobile_Hacking_iOS_cheatsheet_v1.0_slide1.png └── Mobile_Hacking_iOS_cheatsheet_v1.0_slide2.png /LEGACY.md: -------------------------------------------------------------------------------- 1 | # Android CheatSheet 2 | You can get the pdf [here](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pdf/Mobile_Hacking_Android_cheatsheet_v1.0.pdf). 3 | 4 | Or the png here: 5 | [![Android CheatSheet slide 1](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide1.png)](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide1.png) 6 | [![Android CheatSheet slide 2](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide2.png)](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide2.png) 7 | 8 | # iOS CheatSheet 9 | You can get the pdf [here](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pdf/Mobile_Hacking_iOS_cheatsheet_v1.0.pdf). 10 | 11 | Or the png here: 12 | [![iOS CheatSheet slide 1](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide1.png)](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide1.png) 13 | 14 | [![iOS CheatSheet slide 2](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide2.png)](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide2.png) 15 | 16 | # License 17 | The Mobile Hacking CheatSheet is an open source project released under the [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/deed.fr) licence. 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # The Mobile Hacking CheatSheet 2 | 3 | The Mobile Hacking CheatSheet is an attempt to summarise a few interesting basics info regarding tools and commands needed to assess the security of Android and iOS mobile applications. 4 | 5 | PDF versions: 6 | 7 | * [Mobile Hacking Android CheatSheet](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pdf/RANDORISEC_Mobile_Hacking_Android_Assessing_Apps_cheatsheet_v1.1.pdf) 8 | * [Mobile Hacking iOS CheatSheet](https://github.com/randorisec/MobileHackingCheatSheet/blob/master/pdf/RANDORISEC_Mobile_Hacking_iOS_Assessing_Apps_cheatsheet_v1.1.pdf) 9 | 10 | ## Main Steps 11 | 12 | 1. Review the codebase 13 | 2. Run the app 14 | 3. Dynamic instrumentation 15 | 4. Analyze network communications 16 | 17 | ## OWASP Mobile Security Testing Project 18 | 19 | ### Mobile Security Testing Guide 20 | 21 | [https://github.com/OWASP/owasp-mstg](https://github.com/OWASP/owasp-mstg) 22 | 23 | ### Mobile Application Security Verification Standard 24 | 25 | [https://github.com/OWASP/owasp-masvs](https://github.com/OWASP/owasp-masvs) 26 | 27 | ### Mobile Security Checklist 28 | 29 | [https://github.com/OWASP/owasp-mstg/tree/master/Checklists](https://github.com/OWASP/owasp-mstg/tree/master/Checklists) 30 | 31 | ## Android CheatSheet 32 | 33 | ### APK Structure 34 | 35 | * __META-INF__: Files related to the signature scheme (v1 scheme only) 36 | * __lib__: Folder containing native libraries (ARM, MIPS, x86, x64) 37 | * __assets__: Folder containing application specific files 38 | * __res__: Folder containing all the resources files (layouts, strings, etc.) of the application 39 | * __classes.dex [classes2.dex] ...__: Dalvik bytecode of the application 40 | * __AndroidManifest.xml__: Manifest file describing essential information about the app (permissions, components, etc.) 41 | 42 | ### Package Name 43 | 44 | The package name represents the app’s unique identifier (e.g. for YouTube): 45 | 46 | ``` 47 | com.google.android.youtube 48 | ``` 49 | 50 | ### Data Storage 51 | 52 | User applications 53 | 54 | ```bash 55 | /data/data// 56 | ``` 57 | 58 | Shared Preferences Files 59 | 60 | ```bash 61 | /data/data//shared_prefs/ 62 | ``` 63 | 64 | SQLite Databases 65 | 66 | ```bash 67 | /data/data//databases/ 68 | ``` 69 | 70 | Internal Storage 71 | 72 | ```bash 73 | /data/data//files/ 74 | ``` 75 | 76 | ### adb 77 | 78 | Connect throug USB 79 | 80 | ```bash 81 | adb -d shell 82 | ``` 83 | 84 | Connect through TCP/IP 85 | 86 | ```bash 87 | adb -e shell 88 | ``` 89 | 90 | Get a shell or execute the specified command 91 | 92 | ```bash 93 | adb shell [cmd] 94 | ``` 95 | 96 | List processes 97 | 98 | ```bash 99 | adb shell ps 100 | ``` 101 | 102 | List Android devices connected to your machine 103 | 104 | ```bash 105 | adb devices 106 | ``` 107 | 108 | Dump the log messages from Android system 109 | 110 | ```bash 111 | adb logcat 112 | ``` 113 | 114 | Copy local file to Android device 115 | 116 | ```bash 117 | adb push 118 | ``` 119 | 120 | Copy file from the Android device 121 | 122 | ```bash 123 | adb pull 124 | ``` 125 | 126 | Install APK file on the Android device 127 | 128 | ```bash 129 | adb install 130 | ``` 131 | 132 | Install an App Bundle 133 | 134 | ```bash 135 | adb install-multiple ... 136 | ``` 137 | 138 | Set-up port forwarding using TCP protocol from host to Android device 139 | 140 | ```bash 141 | adb forward tcp: tcp:remote_port 142 | ``` 143 | 144 | List all packages on the device 145 | 146 | ```bash 147 | adb shell pm list packages 148 | ``` 149 | 150 | Find the path where the APK is stored for the selected package name 151 | 152 | ```bash 153 | adb shell pm path 154 | ``` 155 | 156 | List only installed apps (not system apps) and the associated path 157 | 158 | ```bash 159 | adb shell pm list packages -f -3 160 | ``` 161 | 162 | List packages names matching the specified pattern 163 | 164 | ```bash 165 | adb shell pm list packages -f -3 [pattern] 166 | ``` 167 | 168 | ### Application Signing 169 | 170 | For signing your APK file, you have 2 options 171 | 172 | * [jarsigner](https://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html): Only supports v1 signature scheme (JAR signature) 173 | 174 | ```terminal 175 | jarsigner -verbose -keystore -storepass 176 | ``` 177 | 178 | * [apksigner](https://developer.android.com/studio/command-line/apksigner): Official tool from Android SDK (since version 24.0.3), which supports all the signature schemes (from v1 to v4) 179 | 180 | ```terminal 181 | apksigner sign --ks --ks-pass pass: 182 | ``` 183 | 184 | To create your own keystore, the following one-liner can be used: 185 | 186 | ```bash 187 | keytool -genkeypair -dname "cn=John Doe, ou=Security, o=Randorisec, c=FR" -alias 188 | -keystore -storepass -validity -keyalg RSA -keysize 2048 -sigalg SHA1withRSA 189 | ``` 190 | 191 | ### Code Tampering 192 | 193 | To tamper an APK file, the foolowing steps should be performed: 194 | 195 | 1. Disassemble the app with `apktool` and save the smali code into output directory 196 | 197 | ```bash 198 | apktool d -o 199 | ``` 200 | 201 | 1. Modify the smali code of your app (or the resource files if needed) 202 | 203 | 1. Build the modified APK with `apktool` 204 | 205 | ```bash 206 | apktool b -o 207 | ``` 208 | 209 | 1. Sign the APK (see [Application Signing](#application-signing)) 210 | 211 | 1. (Optional) Use `zipalign` to provide optimization to the APK file 212 | 213 | ```bash 214 | zipalign -fv 4 215 | ``` 216 | 217 | ### Frida 218 | 219 | #### Installation 220 | 221 | Install Frida and Python bindings on your system using `pip` 222 | 223 | ```bash 224 | pip install frida frida-tools 225 | ``` 226 | 227 | Download the Frida server binary matching the targeted architecture and your Frida version 228 | 229 | ```bash 230 | VER=`frida --version` 231 | ABI=`adb shell getprop ro.product.cpu.abi` 232 | wget https://github.com/frida/frida/releases/download/$VER/frida-server-$VER-android-$ABI.xz 233 | xz -d frida-server-$VER-android-$ABI.xz 234 | ``` 235 | 236 | Upload and execute the Frida server binary on your Android device (root privileges are needed) 237 | 238 | ```bash 239 | VER=`frida --version` 240 | ABI=`adb shell getprop ro.product.cpu.abi` 241 | adb root 242 | adb push frida-server-$VER-android-$ABI /data/local/tmp/frida 243 | adb shell "chmod 755 /data/local/tmp/frida" 244 | adb shell "/data/local/tmp/frida" 245 | ``` 246 | 247 | #### Tools 248 | 249 | List running processes (emulators or devices connected through USB) 250 | 251 | ```bash 252 | frida-ps -U 253 | ``` 254 | 255 | List only installed applications 256 | 257 | ```bash 258 | frida-ps -U -i 259 | ``` 260 | 261 | Attach Frida client to the specified application (emulator or device connected through USB) 262 | 263 | ```bash 264 | frida -U 265 | ``` 266 | 267 | Spawn the specified application (emulator or device connected through USB) 268 | 269 | ```bash 270 | frida -U -f 271 | ``` 272 | 273 | Spawn the specified application without any pause at the beginning (emulator or device connected through USB) 274 | 275 | ```bash 276 | frida -U -f --no-pause 277 | ``` 278 | 279 | Load a Frida script when attaching to the specified application 280 | 281 | ```bash 282 | frida -U -l 283 | ``` 284 | 285 | ### Objection 286 | 287 | Inject Frida Gadget library inside an APK file by specifying the targeted architecture (if emulator not running or device not connected) 288 | 289 | ```bash 290 | objection patchapk --source -V --architecture 291 | ``` 292 | 293 | Inject Frida Gadget library inside an APK file using lastest Frida version available on Github (if emulator running or device connected to the device) 294 | 295 | ```bash 296 | objection patchapk --source 297 | ``` 298 | 299 | ### SSL/TLS Interception with BurpSuite 300 | 301 | #### Before Android 7 302 | 303 | 1. Launch `BurpSuite` and modify Proxy settings in order to listen on "All interfaces" (or a specific interface) 304 | 1. Edit the Wireless network settings in your device or the emulator proxy settings (Android Studio) 305 | 1. Export the CA certificate from Burp and save it with ".cer" extension 306 | 1. Push the exported certificate on the device with adb (into the SD card) 307 | 1. Go to "Settings->Security" and select "Install from device storage" 308 | 1. Select for "Credentials use" select "VPN and apps" 309 | 310 | References: 311 | 312 | * [Configuring an Android device to work with Burp](https://portswigger.net/support/configuring-an-android-device-to-work-with-burp) 313 | * [Installing BurpSuite's CA certificate in an Android device](https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device) 314 | 315 | #### After Android 7 316 | 317 | From Android 7, the Android system no longer trusts the user supplied CA certificates. To be able to intercept SSL/TLS communication, you have 3 options: 318 | 319 | 1. Use an older version of Android 320 | 1. Use a rooted device and install the BurpSuite CA certificate inside the sytem store certificate 321 | 1. Tamper the targeted application in order to re-enable the user store certificate 322 | 323 | In order to tamper the targeted Android application, we are going to add or modify the network security configuration file. This file on recent Android versions allows to force the application to trust the user supplied CA certificates. The following steps should be performed: 324 | 325 | 1. Install the Burpsuite's CA certificate on your Android device (see [Before Android 7](#before-android-7)) 326 | 1. Disassemble the targeted app (APK file) with `apktool` 327 | 1. Add or modify the `network_security_config.xml` file (usually on `res/xml/` folder). The content of the file should be: 328 | 329 | ```xml 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 1. If the `network_security_config.xml` file is not present on your app, the `AndroidManifest.xml`also need to be modified by adding the `networkSecurityConfig` tag as follow: 341 | 342 | ```xml 343 | 344 | ``` 345 | 346 | 1. Build the modified app with `apktool` and then sign the newly created APK file (see [Application Signing](#application-signing)) 347 | 348 | ### Content Provider 349 | 350 | Query a Content Provider 351 | 352 | ```bash 353 | adb shell content query --uri content:/// 354 | ``` 355 | 356 | Insert an element on a Content Provider 357 | 358 | ```bash 359 | adb shell content insert --uri content:/// 360 | --bind :: 361 | ``` 362 | 363 | Delete a row on a Content Provider 364 | 365 | ```bash 366 | adb shell content delete --uri content:/// 367 | --where "=''" 368 | ``` 369 | 370 | ### Activity Manager 371 | 372 | Start an Activity with the specified Intent 373 | 374 | ```bash 375 | adb shell am start -n -a 376 | ``` 377 | 378 | Start an Activity with the specified Intent and extra parameters 379 | 380 | ```bash 381 | adb shell am start -n -a --es --ez --ei … 382 | ``` 383 | 384 | ## iOS CheatSheet 385 | 386 | ### Filesystem 387 | 388 | App list database 389 | 390 | ```bash 391 | /User/Library/FrontBoard/applicationState.db 392 | ``` 393 | 394 | Binary directory: include all the static resources of the app 395 | 396 | ```bash 397 | /private/var/containers/Bundle/Application/UUID/App.app 398 | ``` 399 | 400 | Path of the binary (executable) 401 | 402 | ```bash 403 | /private/var/containers/Bundle/Application/UUID/App.app/App 404 | ``` 405 | 406 | App metadata: configuration of the app (icon to display, supported document types, etc.) 407 | 408 | ```bash 409 | /private/var/containers/Bundle/Application/UUID/App.app/Info.plist 410 | ``` 411 | 412 | Data directory 413 | 414 | ```bash 415 | /private/var/mobile/Containers/Data/Application/Data-UUID 416 | ``` 417 | 418 | *UUID (Universally Unique Identifier): random 36 alphanumeric characters string unique to the app* 419 | *Data-UUID: random 36 alphanumeric characters string unique to the app* 420 | 421 | ### Default password 422 | 423 | By default the root password on your jailbroken iOS device is ```alpine``` 424 | 425 | If you've changed it and want to reset it: 426 | 427 | 1. Open ```/etc/passwd``` or ```/private/etc/master.passwd``` with a file manager app (e.g. iFile/Fileza) 428 | 2. Change the hash to: ```/smx7MYTQIi2M``` 429 | 3. root password will be ```alpine``` 430 | 431 | ### Bundle ID 432 | 433 | The bundle ID (aka package name) represents the app’s unique identifier (e.g. for YouTube) 434 | 435 | ``` 436 | com.google.ios.youtube 437 | ``` 438 | 439 | ### How to find the data and binary directories 440 | 441 | Grep is the not-so-quick ‘n dirty way to find where are the data and binary directories of your app 442 | 443 | ```bash 444 | iPhone:~ root# grep -r /private/var/* 445 | ``` 446 | 447 | ### How to find the data and binary directories and the Bundle ID 448 | 449 | By launching Frida with the ios-app-info script 450 | 451 | ```bash 452 | frida -U -c dki/ios-app-info 453 | ``` 454 | 455 | And then 456 | 457 | ```bash 458 | [iPhone::App]-> appInfo() 459 | ``` 460 | 461 | Or manually by opening the app list database 462 | 463 | ```bash 464 | iPhone:~ root# sqlite3 /User/Library/FrontBoard/applicationState.db 465 | ``` 466 | 467 | And displaying the key_tab table to get the binary directories 468 | 469 | ```bash 470 | sqlite> select * from key_tab; 471 | ``` 472 | 473 | Or displaying the application_identifier_tab table to get the bundle IDs 474 | 475 | ```bash 476 | sqlite> select * from application_identifier_tab; 477 | ``` 478 | 479 | ### App decryption 480 | 481 | 1. Add [https://level3tjg.xyz/repo/](https://level3tjg.xyz/repo/) src to Cydia and install bfdecrypt tool 482 | 2. Go to bfdecrypt pref pane in Settings and set the app to decrypt 483 | 3. Launch the app to decrypt: decrypted IPA is stored in the Documents folder of the app 484 | 485 | ### Dynamic analysis with Frida 486 | 487 | List running processes 488 | 489 | ```bash 490 | frida-ps –U 491 | ``` 492 | 493 | Analyse the calls to a method by launching Frida with the objc-method-observer script 494 | 495 | ```bash 496 | frida -U –c mrmacete/objc-method-observer 497 | ``` 498 | 499 | And then using the command ```observeSomething``` 500 | 501 | ```bash 502 | [iPhone::App]-> observeSomething('*[* **]’); 503 | ``` 504 | 505 | Hook the calls to the method 506 | 507 | ```bash 508 | frida-trace -U -m "-[* *]" 509 | ``` 510 | 511 | Then open the JavaScript handler file to edit the ```onEnter``` or ```onLeave``` functions to manipulate the behavior of the app 512 | 513 | ### Dynamic analysis with Objection 514 | 515 | Inject objection 516 | 517 | ```bash 518 | objection -g "" explore 519 | ``` 520 | 521 | List the classes (output will contain thousands of lines) 522 | 523 | ```bash 524 | ios hooking list classes 525 | ``` 526 | 527 | List the methods of a class 528 | 529 | ```bash 530 | ios hooking list class_methods 531 | ``` 532 | 533 | Search for classes|methods names containing 534 | 535 | ```bash 536 | ios hooking search classes|methods 537 | ``` 538 | 539 | Analyse the calls to the method 540 | 541 | ```bash 542 | ios hooking watch method "-[ ]" 543 | ``` 544 | 545 | Hook the and return true to each call 546 | 547 | ```bash 548 | ios hooking set return_value "-[ ]" true 549 | ``` 550 | 551 | ### Get the NSLog (syslog) 552 | 553 | Impactor (http://www.cydiaimpactor.com) let you display the NSLog (syslog) on command line 554 | 555 | ```bash 556 | ./Impactor idevicesyslog -u 557 | ``` 558 | 559 | ### SSL Interception with BurpSuite 560 | 561 | 1. Launch Burp and modify proxy settings in order to listen on “All interfaces” 562 | 2. Browse to the IP/port of your Burp proxy using Safari 563 | 3. Tap on the “CA Certificate” at the top right of the screen 564 | 4. Tap on “Allow” on the pop-up asking to download a configuration profile 565 | 5. Go to “Settings->Profile Downloaded” and select the “PortSwigger CA” profile 566 | 6. Tap on “Install” then “Install” again and then “Install” one last time 567 | 7. Edit the wireless network settings on your device to set a proxy (“Settings->Wi-Fi” then tap on the blue “i”, slide to the bottom of the screen and tap on “Configure Proxy”) 568 | 8. Tap on ”Manual”, set the IP/port of your Burp proxy, tap on “Save” 569 | 9. Go to “Settings->General->About->Certificate Trust Settings” & toggle on the PortSwiggerCA 570 | 571 | ### Bypass SSL Pinning using SSL Kill Switch 2 572 | 573 | Download and install SSL Kill Switch 2 tweak 574 | 575 | ```bash 576 | wget https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb 577 | dpkg -i com.nablac0d3.sslkillswitch2_0.14.deb 578 | killall -HUP SpringBoard 579 | ``` 580 | 581 | Go to “Settings->SSL Kill Switch 2” to ”Disable Certificate Validation” 582 | 583 | ### UDID (Unique Device Identifier) 584 | 585 | UDID is a string that is used to identify a device. Needed for some operations like signature, app installation, network monitoring. 586 | 587 | * Get the UDID with MacOS 588 | 589 | ```bash 590 | idevice_id –l 591 | ``` 592 | 593 | or 594 | 595 | ```bash 596 | ioreg -p IOUSB -l | grep "USB Serial" 597 | ``` 598 | 599 | or by launching Impactor without parameters 600 | 601 | * Get the UDID with Linux 602 | 603 | ```bash 604 | usbfluxctl list 605 | ``` 606 | 607 | or 608 | 609 | ```bash 610 | lsusb -s :`lsusb | grep iPhone | cut -d ' ' -f 4 | sed 's/://'` -v | grep iSerial | awk '{print $3}' 611 | ``` 612 | 613 | or by launching Impactor without parameters 614 | 615 | ### Network capture (works also on non jailbroken devices) 616 | 617 | * With MacOS (install Xcode and additional tools and connect the device with USB) 618 | 619 | ```bash 620 | rvictl -s 621 | tcpdump or tshark or wireshark –i rvi0 622 | ``` 623 | 624 | * With Linux or Windows (get https://github.com/gh2o/rvi_capture and connect the device with USB) 625 | 626 | ```bash 627 | ./rvi_capture.py --udid iPhone.pcap 628 | ``` 629 | 630 | ### Sideloading an app 631 | 632 | Sideloading an app including an instrumentation library like Frida let you interact with the app even if it’s installed on a non jailbroken device. 633 | 634 | #### With IPAPatch 635 | 636 | Here’s the process to do it with IPAPatch: 637 | Clone the IPAPatch project 638 | 639 | ```bash 640 | git clone https://github.com/Naituw/IPAPatch 641 | ``` 642 | 643 | Move the IPA of the app you want to sideload to the Assets directory 644 | 645 | ```bash 646 | mv IPAPatch/Assets/ 647 | ``` 648 | 649 | Download the FridaGadget library (in Assets/Dylibs/FridaGadget.dylib) 650 | 651 | ```bash 652 | curl -O https://build.frida.re/frida/ios/lib/FridaGadget.dylib 653 | ``` 654 | 655 | Select the identity to sign the app 656 | 657 | ```bash 658 | security find-identity -p codesigning –v 659 | ``` 660 | 661 | Sign FridaGadget library 662 | 663 | ```bash 664 | codesign -f -s FridaGadget.dylib 665 | ``` 666 | 667 | Then open IPAPatch Xcode project, Build and Run. 668 | 669 | #### With Objection 670 | 671 | Here’s the process to do it with Objection (detailed steps on https://github.com/sensepost/objection/wiki/Patching-iOS-Applications) 672 | 673 | ```bash 674 | security find-identity -p codesigning –v 675 | objection patchipa --source --codesign-signature 676 | unzip 677 | ios-deploy --bundle Payload/my-app.app -W –d 678 | objection explore 679 | ``` 680 | 681 | ### Data Protection Class 682 | 683 | Four levels are provided by iOS to encrypt automatically files on the device: 684 | 685 | * ```NSProtectionComplete```: file is only accessible when device is unlocked (files are encrypted with a key derived from the user PIN code & an AES key generated by the device) 686 | * ```NSProtectionCompleteUntilFirstUserAuthentication```: (defaut class) same except as before, but the decryption key is not deleted when the device is locked 687 | * ```ProtectedUnlessOpen```: file is accessible until open 688 | * ```NoProtection```: file is accessible even if device is locked 689 | 690 | ### Get Data Protection Class 691 | 692 | By launching Frida with the ios-dataprotection script 693 | 694 | ```bash 695 | frida -U -c ay-kay/ios-dataprotection 696 | ``` 697 | 698 | ## License 699 | 700 | The Mobile Hacking CheatSheet is an open source project released under the [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/deed.fr) licence. 701 | -------------------------------------------------------------------------------- /pdf/Mobile_Hacking_Android_cheatsheet_v0.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/Mobile_Hacking_Android_cheatsheet_v0.1.pdf -------------------------------------------------------------------------------- /pdf/Mobile_Hacking_Android_cheatsheet_v1.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/Mobile_Hacking_Android_cheatsheet_v1.0.pdf -------------------------------------------------------------------------------- /pdf/Mobile_Hacking_iOS_cheatsheet_v0.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/Mobile_Hacking_iOS_cheatsheet_v0.1.pdf -------------------------------------------------------------------------------- /pdf/Mobile_Hacking_iOS_cheatsheet_v1.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/Mobile_Hacking_iOS_cheatsheet_v1.0.pdf -------------------------------------------------------------------------------- /pdf/RANDORISEC_Mobile_Hacking_Android_Assessing_Apps_cheatsheet_v1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/RANDORISEC_Mobile_Hacking_Android_Assessing_Apps_cheatsheet_v1.1.pdf -------------------------------------------------------------------------------- /pdf/RANDORISEC_Mobile_Hacking_iOS_Assessing_Apps_cheatsheet_v1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pdf/RANDORISEC_Mobile_Hacking_iOS_Assessing_Apps_cheatsheet_v1.1.pdf -------------------------------------------------------------------------------- /pics/Mobile_Hacking_Android_cheatsheet_v0.1_slide1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_Android_cheatsheet_v0.1_slide1.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_Android_cheatsheet_v0.1_slide2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_Android_cheatsheet_v0.1_slide2.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide1.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_Android_cheatsheet_v1.0_slide2.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_iOS_cheatsheet_v0.1_slide1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_iOS_cheatsheet_v0.1_slide1.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_iOS_cheatsheet_v0.1_slide2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_iOS_cheatsheet_v0.1_slide2.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide1.png -------------------------------------------------------------------------------- /pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/randorisec/MobileHackingCheatSheet/0c5a30fe47fe29304ddec2dfb57c4fb2f5cb8c32/pics/Mobile_Hacking_iOS_cheatsheet_v1.0_slide2.png --------------------------------------------------------------------------------