Frida & Objection without Jailbreak! 🔥🔥

So are you the one who stops security testing if Jailbreak Detection is not bypassed?? No worries, we have got you covered! A method to implement and run Frida Server and Objection without Jailbreaking the device. The best part? Tested on the latest iOS 16.2 Version ;) Let’s do this!

Alright! Pre-requisites, All you need is

1. A Mac or Maybe VM Image of Mac (A simple guide over here https://www.wikihow.com/Install-macOS-on-a-Windows-PC)
2. Provisioning profile (Apple Developer Account): You can create one very easily at https://developer.apple.com/
3. XCode.

Step 1: You will require an unencrypted version of the IPA file which is either provided by the Client or the Bug Bounty Program or you can decrypt it using tools such as Clutch or bfinject. Another way to do this is to download the application from 3rd party websites such as Iphonecake.

For this example, I would be downloading a random application from iphonecake.com

Step 2: Find the valid security Identity for codesigning the IPA file using the command. You can refer to this article to generate codesigning.

security find-identity -p codesigning -v

Step 3: Patch and Inject Frida Server in the IPA using objection

objection patchipa — source Application.ipa — codesign-signature

Note: If some dependencies are missing please add them. The method to add them will be shown if the build is failed.

This step will build a new signed code in the current folder called Application-frida-signed.ipa

Step 4: Unzip the newly created IPA using the command

unzip Application-frida-signed.ipa

A new folder called Payload will be created.

Step 5: Install the patched IPA to the IOS Device. Ensure your IOS device is connected to the Mac and hit the “Trust” button! You can do this using the following command.

ios-deploy — bundle Payload/SomeAppName.app -W -d

If ios-deploy is not found you can install it using the command:

sudo npm install -g ios-deploy — unsafe-perm=true — allow-root

This will install the application on your IOS device and will start the application in paused mode.

To enable and run the application in the resume mode the final step is to run the objection.

Step 6: Keep the terminal command running and Run objection on a new terminal using the following command

objection explore

And this will allow you to bypass SSL pinning and run Frida on a non-jailbroken iOS Device. Now all you have to do is connect your Burp Suite and and capture the requests and Hack it On!!!

We hope that you loved and enjoyed the article and this will help you in your journey of iOS Pentesting! Stay tuned for more such blogs on iOS Pentesting!

Happy Hunting!

From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 GitHub Repos and tools, and 1 job alert for FREE!