MobileHackingLab iOS Application Security Lab - Run Time Dynamic Library Injection Challenge write-up

Welcome to the iOS Application Security Lab: Run Time Dynamic Library Injection Challenge. This challenge focuses on a fictitious app called Run Time , which tracks the steps while running. Your objective is to bypass the app’s protections, deliver the exploit and gain code execution utilizing the dynamic library injection.

Figure: iOS Application Security Lab - Run Time Dynamic Library Injection Challenge

Read More

---

How to add extra playback speed for YouTube iOS?

In this post, we will reverse the Youtube app to know how to add custom playback speed and understand why it does not work straight forward.
Figure: Playback Speed 3x

Read More

---

Reverse engineering and find out hidden backdoor in iOS app

In this post, we will reverse an app using the StoreKit framework and bypass In-app purchases (IAP) features. This case’s quite special as the app will force the user to purchase the app as a free trial before allowing to use. It will auto-renew the monthly price plan if you forget to cancel before the renewal date. There will be no option on the screen to opt-out for IAP.
Figure: Hidden backdoor

Read More

---

How to tweak existing Medium iOS app features with Theos & Logos - part 2

In this post we will continue to enhance Medium tweak. We will learn how to create a preference bundle and hook into Settings.app to configure default claps. If you have not read part 1 yet, I suggest to have a look first before continuing.
Figure 1: Medium Tweak Preference

Read More

---

How to tweak existing Medium iOS app features with Theos & Logos - part 1

Today we will reverse engineering Medium iOS app and modify existing claps feature. We will also learn about how to create your own Cydia tweak using theos platform, hook into a method, and change its behavior as we want to. Let’s do it!!!!
Figure: How to create your own Tweak

Read More

---

Bypass StoreKit In-app purchases of iOS apps using LLDB

In this post, we will reverse engineering an app using StoreKit framework and bypass In-app purchase features. StoreKit is an iOS framework that supports in-app purchases and interactions with the App Store (rate and review app…). It leverages iOS developers to implement in-app purchases feature with ease. However, most developers just made it work without knowing the best practices, which created flaws for attackers to inspect and defeat In-app purchases feature easily, which means they can use the premium content of the app for FREE. Let’s do some reverse engineering and find out what are flaws and how to exploit them using LLDB.
Figure: StoreKit In-app Purchases flow (source: Medium)

Read More

---

Bypass SSL Pinning with LLDB in iOS app

Imagine that you want to inspect the app to see what’s information exchange between mobile app and server, you can think about using simple proxy tools to sniff requests and responses or more advanced techniques such as a reverse binary file to see what are endpoints, parameters and response payloads… To starting SSL Pinning bypass series, this post will introduce how to leverage LLDB tools to disable SSL pinning in iOS apps and reverse engineering process.
Figure: LLDB Attached

Read More

---

Bypass In-app purchases of react native iOS app

Today we will reverse engineering a react native iOS app and bypass in-app purchase to use locked features. Below is an example of purchase screen whenever tap on premium content.
Figure 1: Sample In-app purchases locked contents

Read More

---

Bypass in-app purchase content in iOS apps by modifying local configuration!

In this post, we will reverse engineering and unlock in-app purchase contents by modifying local configuration on device. Below is an example of locked features and unlocked ones.
Figure 1: Sample In-app purchase locked contents

Read More

---

Bypass locked features on iOS apps with Burp Suite!

In this post I will share some steps to enable blocked or hidden features on iOS app using Burp Suite tool. I will use EWA, a language learning app on AppStore to illustrate the whole process.
Figure 1: Burp Suite

Read More