Frida & Objection without Jailbreak! 🔥🔥
So are you the one who stops security testing if Jailbreak Detection is not bypassed?? No worries, we have got you covered! A method to implement and run Frida Server and Objection without Jailbreaking the device. The best part? Tested on the latest iOS 16.2 Version ;) Let’s do this!
Alright! Pre-requisites, All you need is
- A Mac or Maybe VM Image of Mac (A simple guide over here https://www.wikihow.com/Install-macOS-on-a-Windows-PC)
- Provisioning profile (Apple Developer Account): You can create one very easily at https://developer.apple.com/
- XCode.
Step 1: You will require an unencrypted version of the IPA file which is either provided by the Client or the Bug Bounty Program or you can decrypt it using tools such as Clutch or bfinject. Another way to do this is to download the application from 3rd party websites such as Iphonecake.
For this example, I would be downloading a random application from iphonecake.com
Step 2: Find the valid security Identity for codesigning the IPA file using the command. You can refer to this article to generate codesigning.
security find-identity -p codesigning -v
Step 3: Patch and Inject Frida Server in the IPA using objection
objection patchipa — source Application.ipa — codesign-signature
Note: If some dependencies are missing please add them. The method to add them will be shown if the build is failed.
This step will build a new signed code in the current folder called Application-frida-signed.ipa
Step 4: Unzip the newly created IPA using the command
unzip Application-frida-signed.ipa
A new folder called Payload will be created.
Step 5: Install the patched IPA to the IOS Device. Ensure your IOS device is connected to the Mac and hit the “Trust” button! You can do this using the following command.
ios-deploy — bundle Payload/SomeAppName.app -W -d
If ios-deploy is not found you can install it using the command:
sudo npm install -g ios-deploy — unsafe-perm=true — allow-root
This will install the application on your IOS device and will start the application in paused mode.
To enable and run the application in the resume mode the final step is to run the objection.
Step 6: Keep the terminal command running and Run objection on a new terminal using the following command
objection explore
And this will allow you to bypass SSL pinning and run Frida on a non-jailbroken iOS Device. Now all you have to do is connect your Burp Suite and and capture the requests and Hack it On!!!
We hope that you loved and enjoyed the article and this will help you in your journey of iOS Pentesting! Stay tuned for more such blogs on iOS Pentesting!
Happy Hunting!