Link to this headingTools

otool: From Xcode iPhoneSDK
debug_server: From Xcode iPhoneSDK instructions described here
cydiaimpactor: From cydiaimpactor
FileDP: from FileDP
fsmon: From fsmon and made with make ios
keychain_dumper: From keychain_dumper
frida: From Frida

• Test machine running OS X / macOS
• Native Code Reversing Tools
  • Hopper
  • radare(2)

Link to this headingRepos

• BigBoss Recommended Tools package

• Karen’s Repo: AppSync package

• Frida

• Needle

• Elucubratus

• Darwin CC Tools

• Command line Repos for iOS 11

• Jailbreak undetection

  • Liberty Lite
  • Shadow

http://cydia.iphonecake.com
http://apt.saurik.com/
http://repo.nesolabs.de/
https://build.frida.re/
http://appsec-labs.com/cydia/
http://cydia.zodttd.com/repo/cydia/
http://mobiletools.mwrinfosecurity.com/cydia/
http://repo666.ultrasn0w.com/
http://apt.thebigboss.org/repofiles/cydia/
http://cydia.radare.org/
http://apt.modmyi.com/
http://coolstar.org/publicrepo/
http://getdelta.co/ < Flex3 working
http://julioverne.github.io/
http://brunonfl.github.io/
http://apt.bingner.com/
http://repo.dynastic.co/
http://mcapollo.github.io/Public/
http://apt.hackcn.net/
http://repo.chariz.io/
http://cydia.ichitaso.com/
https://level3tjg.github.io < bfdecrypt (ios11/ios12)
http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypass

• adv-cmds: Advanced command line, which includes tools such as finger, fingerd, last, lsvfs, md, and ps.
• AppList: Allows developers to query the list of installed apps and provides a preference pane based on the list.
• AppSync Unified: Allows you to sync and install unsigned iOS applications.
• class-dump: A command line tool for examining the Objective-C runtime information stored in Mach-O files and generating header files with class interfaces.
• class-dump-z: A command line tool for examining the Swift runtime information stored in Mach-O files and generating header files with class interfaces. This is not available via Cydia, therefore please refer to installation steps in order to get class-dump-z running on your iOS device. Note that class-dump-z is not maintained and does not work well with Swift. It is recommended to use dsdump instead.
• Clutch: Used to decrypt an app executable.
• Cycript: Is an inlining, optimizing, Cycript-to-JavaScript compiler and immediate-mode console environment that can be injected into running processes (associated to Substrate).
• Cydia Substrate: A platform that makes developing third-party iOS add-ons easier via dynamic app manipulation or introspection.
• cURL: Is a well known http client which you can use to download packages faster to your device. This can be a great help when you need to install different versions of Frida-server on your device for instance.
• IPA Installer Console: Tool for installing IPA application packages from the command line. After installing two commands will be available installipa and ipainstaller which are both the same.
• Grep: Handy tool to filter lines.
• Gzip: A well known ZIP utility.
• SOcket CAT: a utility with which you can connect to sockets to read and write messages. This can come in handy if you want to trace the syslog on iOS 12 devices.

Xcode

• (and Xcode command-line tools)
• Requires an OS X/macOS machine
• Requires an Apple ID
• Can be downloaded and installed from this link:
  • https://developer.apple.com/download/

frida-ios-dump

• Frida’s companion tool to dumpdecrypted and Clutch
• Requires Frida to be installed
• Can be downloaded and installed from this link:
  • https://github.com/AloneMonkey/frida-ios-dump

SSL-Kill-Switch2

• Can be downloaded from this link:
  • https :// github.com/nabla-c0d3/ssl-kill-switch2/releases
• Push the desired .deb file to the device via SCP and install using “dpkg”

Link to this headingClassDump

The new New Classdump for iOS 12+ works on ObjC and Swift now.

How the new Classdump works

Example:

Link to this headingAltDeploy

Sign IPA files on device basically the new ipainstaller for 12+.

Link to this headingfsmon

git clone https://github.com/coolstar/electra/issues/175

Link to this headingtcpdump

Add Cydia repo

https://starwarsfan2099.github.io/
http://apt.saurik.com/
https://midnightchip.github.io/repo/
http://beta.cpdigitaldarkroom.com/
https://r3st1t0u.github.io/
https://cydia.angelxwind.net/
https://cydia.hbang.ws/
http://rpetri.ch/repo/
https://repo.thireus.com/
http://apt.thebigboss.org/repofiles/cydia/
http://saj0vie.github.io/
https://dannyglover.github.io/repo/
https://legitcomputerwhisperer.github.io/
https://gmoran.me/repo/
https://imkpatil.github.io/repo/
https://jb365.github.io/
http://www.harrisonapps.com/repo/
http://cydia.jerryen.com/
https://ib-soft.net/cydia/
http://repo.tetherme.net/
http://cydia.ichitaso.com/
http://www.tateu.net/repo/
https://ib-soft.net/cydia/beta/
http://repo.sparkservers.co.uk/
https://creaturesurvive.github.io/
http://jakeashacks.com/cydia/
http://repo666.ultrasn0w.com/
https://packix.ioscreatix.com/
http://tigisoftware.com/cydia/
http://smokin1337.github.io/
http://beta.sparkservers.co.uk/
https://beta.unlimapps.com/
http://limneos.net/repo/
https://reddestdream.github.io/
http://repo.auxiliumdev.com/
https://seiterseiter.github.io/
https://cydia.ianburns.co/
http://ios11central.yourepo.com/
http://apt.modmyi.com/
http://randompacks.yourepo.com/
http://julioverne.github.io/
http://repo.jed.bz/
http://repo.mehulrao.com/
http://repo.m4cs.xyz/
http://cydia.zodttd.com/repo/cydia/
http://cydiageek.yourepo.com/
http://artikushg.yourepo.com/
https://electrarepo64.coolstar.org/substrate
https://electrarepo64.coolstar.org/

Link to this headingFuture Store

https://github.com/encounter/futurerestore

Link to this headingInstall Objection

Link to this headingUsing Objection

https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial

Link to this headingTroubleshooting

If the process is killed that means that the exec does not have the right entitlements.

Changing Entitlements: