iOS apps RE

Reverse iOS apps for educational purpose.

Reverse engineering and find out hidden backdoor in iOS app

In this post, we will reverse an app using the StoreKit framework and bypass In-app purchases (IAP) features. This case’s quite special as the app will force the user to purchase the app as a free trial before allowing to use. It will auto-renew the monthly price plan if you forget to cancel before the renewal date. There will be no option on the screen to opt-out for IAP. Hidden backdoor
Figure: Hidden backdoor

Read More

Bypass StoreKit In-app purchases of iOS apps using LLDB

In this post, we will reverse engineering an app using StoreKit framework and bypass In-app purchase features. StoreKit is an iOS framework that supports in-app purchases and interactions with the App Store (rate and review app…). It leverages iOS developers to implement in-app purchases feature with ease. However, most developers just made it work without knowing the best practices, which created flaws for attackers to inspect and defeat In-app purchases feature easily, which means they can use the premium content of the app for FREE. Let’s do some reverse engineering and find out what are flaws and how to exploit them using LLDB. StoreKit In-app Purchases
Figure: StoreKit In-app Purchases flow (source: Medium)

Read More

Bypass SSL Pinning with LLDB in iOS app

Imagine that you want to inspect the app to see what’s information exchange between mobile app and server, you can think about using simple proxy tools to sniff requests and responses or more advanced techniques such as a reverse binary file to see what are endpoints, parameters and response payloads… To starting SSL Pinning bypass series, this post will introduce how to leverage LLDB tools to disable SSL pinning in iOS apps and reverse engineering process. purchase screen
Figure: LLDB Attached

Read More

Bypass In-app purchases of react native iOS app

Today we will reverse engineering a react native iOS app and bypass in-app purchase to use locked features. Below is an example of purchase screen whenever tap on premium content. purchase screen
Figure 1: Sample In-app purchases locked contents

Read More