├── README.md
└── check-binary.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # 🕵️‍♂️ iOS Binary Security Analyzer
 2 | 
 3 | This script inspects iOS application binaries to uncover usage of **insecure functions**, **implementation of weak cryptography**, **encryption status**, and the presence of **security features** like *Position Independent Executable* (PIE), *Stack Canaries*, and *Automatic Reference Counting* (ARC). 
 4 | 
 5 | ## 🌟 Features
 6 | * Quick static analysis of iOS binaries
 7 | * Checks for various iOS binary security features (encryption, PIE, Stack Canaries, ARC)
 8 | * Detection of weak cryptographic methods (MD5, SHA1)
 9 | * Identification of commonly misused and insecure functions
10 | 
11 | ## 📋 Requirements
12 | 
13 | 1. 📲 **Jailbreak your iOS device.**
14 | 2. 🛠️ **Install otool:** *This can be done through the Cydia package manager*. 
15 |    - Add the following repository in Cydia: `http://apt.thebigboss.org/repofiles/cydia/`
16 |    - Search for and install the *Big Boss Recommended Tools* package.
17 |    - Alternatively, search for and install the *Darwin CC Tools* package.
18 |    - If your device is set up with SSH and command line access, you can also install otool via command line using: `apt install otool`
19 | 
20 | ## 🚀 Usage 
21 | 
22 | The binary should be located within the `/private/var/containers/Bundle/Application/XXXXXXX/<APP-PATH>/` directory.
23 | 
24 | ```bash
25 | # on host
26 | git clone https://github.com/saladandonionrings/ios-binary-checks.git
27 | cd ios-binary-checks
28 | # send the script to your ios device
29 | scp check-binary.sh root@ip:/var/root
30 | 
31 | # on ios device
32 | ./check-binary.sh <binary>
33 | ```
34 | 
35 | ### 📸 Screenshots
36 | ![image](https://github.com/saladandonionrings/iOS-Binary-Security-Analyzer/assets/61053314/c9e5698a-7b12-43f5-ba47-f1a887ad57f4)
37 | ![image](https://github.com/saladandonionrings/iOS-Binary-Security-Analyzer/assets/61053314/b3e8dcf3-4445-48b8-b3fd-017e7af23886)
38 | 
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------
/check-binary.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | check_feature() {
 4 |     local title=$1
 5 |     local commands=$2
 6 | 
 7 |     echo "[*] $title"
 8 |     printf "%-15s | %s\n" "Function" "Value"
 9 |     printf "%-15s | %s\n" "-----------" "----------------------------------"
10 | 
11 |     for cmd in "${commands[@]}"; do
12 |         local function_name="${cmd##* }"
13 |         function_name="${function_name//\'/}" # remove quotes
14 |         output=$(eval $cmd)
15 |         if [ -z "$output" ]; then
16 |             printf "%-15s | %s\n" "$function_name" "N/F"
17 |         else
18 |             IFS=$'\n'
19 |             for line in $output; do
20 |                 printf "%-15s | %s\n" "$function_name" "$line"
21 |                 function_name="" 
22 |             done
23 |             unset IFS
24 |         fi
25 |         printf "%-15s | %s\n" "-----------" "----------------------------------"
26 |     done
27 |     echo ""
28 | }
29 | 
30 | if [ $# -eq 0 ]; then
31 |     echo "No binary provided. Usage: ./check.sh <binary>"
32 |     exit 1
33 | fi
34 | 
35 | binary=$1
36 | 
37 | echo "[+] iOS Binary Security Analyzer"
38 | echo "*N/F = Not Found"
39 | echo ""
40 | 
41 | architecture=$(lipo -info "$binary")
42 | architecture="${architecture##*: }" 
43 | echo "[*] Architecture :"
44 | echo "$architecture"
45 | echo ""
46 | 
47 | echo "------------------------------------------"
48 | echo "---------------- SECURITY ----------------"
49 | echo "------------------------------------------"
50 | echo ""
51 | # Check if the binary is encrypted
52 | crypt_info=$(otool -arch all -Vl "$binary" | grep -A5 LC_ENCRYPT | grep -w cryptid)
53 | if [[ $crypt_info = *"1"* ]]; then
54 |     echo "[+] Binary is encrypted :"
55 | else
56 |     echo "[-] Binary is not encrypted :"
57 | fi
58 | echo $crypt_info
59 | echo ""
60 | 
61 | # Perform the checks
62 | check_feature "PIE (Position Idependant Executable)" "otool -hv $binary | grep PIE"
63 | check_feature "Stack Canaries" "otool -I -v $binary | grep stack_chk"
64 | check_feature "ARC (Automatic Reference Counting)" "otool -I -v $binary | grep _objc_"
65 | 
66 | echo "-----------------------------------------"
67 | echo "---------------- INSECURE ---------------"
68 | echo "-----------------------------------------"
69 | echo ""
70 | 
71 | check_feature "Weak Cryptography (MD5)" "otool -I -v $binary | grep -w '_CC_MD5'"
72 | check_feature "Weak Cryptography (SHA1)" "otool -I -v $binary | grep -w '_CC_SHA1'"
73 | 
74 | # The previous checks
75 | functions=("_random" "_srand" "_rand" "_gets" "_memcpy" "_strncpy" "_strlen" "_vsnprintf" "_sscanf" "_strtok" "_alloca" "_sprintf" "_printf" "_vsprintf" "_malloc")
76 | echo "[*] Unsafe and insecure functions"
77 | printf "%-15s | %s\n" "Function" "Value"
78 | printf "%-15s | %s\n" "-----------" "----------------------------------"
79 | 
80 | for function in "${functions[@]}"; do
81 |     output=$(otool -I -v $binary | grep -w $function)
82 |     if [ -z "$output" ]; then
83 |         printf "%-15s | %s\n" "$function" "N/F"
84 |     else
85 |         IFS=$'\n'
86 |         for line in $output; do
87 |             printf "%-15s | %s\n" "$function" "$line"
88 |             function="" 
89 |         done
90 |         unset IFS
91 |     fi
92 |     printf "%-15s | %s\n" "-----------" "----------------------------------"
93 | done
94 | 


--------------------------------------------------------------------------------