Penetration testing

Top 6 iPhone hacking tools for mobile penetration testers

Graeme Messina
March 2, 2018 by
Graeme Messina

As your career in cybersecurity or computer forensics progresses, you will no doubt come across one of Apple’s most popular devices ever made: the Apple iPhone. In this article, we outline the use and utility six popular iPhone hacking tools, see how they interact with iOS software and outline the results you can expect to achieve. Remember that many of these apps will require you to jailbreak your device, so be aware this jeopardizes your device’s warranty and can cause a potential safety risk.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

The next thing you must understand is many of these apps have been rejected by Apple, and as such are not available on the iStore. For access to many of these apps, you will need to download them from Cydia. Cydia is a centralized repository of unofficial apps that will give your phone features and functionality that Apple either does not approve of, or does not think add value to their product line. Having said all of that, let us take a look at six useful iPhone hacking apps that you can use for yourself.

iRET (iOS reverse engineering toolkit)

This is probably one of the best known pieces of software in iOS penetration testing circles, and with good reason. As any person with a repetitive job will tell you, automation and shortcuts are must-have features to make work more efficient and tolerable. iRET is an application that adds exactly this kind of feature set, providing convenience and user efficiency. Penetration testing can be a repetitive activity, as each security vulnerability is patched and removed, the same tests must be run again and again.

Key iRET features include:

  • oTool: Useful for displaying specified parts of object files and libraries
  • dumpDecrypted: Allows for the administration and manipulation of keychains, keys and certificates
  • SQLite: This is a public domain, relational database management system
  • Theos: Runtime manipulation tools
  • Keychain_dumper: A tool that is used to check which keychain items are available after an iPhone has been jailbroken
  • Plutil: Can be used to check syntax of property list files, or for changing plist files from one format into another
  • Class-dump-z: Used for header creation in dumps

An excellent resource article with more detail about iRET can be found here, and you can download the app here.

Myriam iOS

Myriam is a reverse engineering training tool developed by an iOS developer who wanted to make iOS application reverse engineering and creation more accessible to beginners. This application provides a list of basic tasks that must be accomplished by the user. These range from tasks such as changing the logo within the app, all the way to data manipulation within the program. Those interested in learning more can look at this Youtube playlist from the app’s creator, FCE365. Myriam is just one of several avenues by which you can learn the science of Apple iOS application reverse engineering and creation.

The full list of application menus include:

  • Jailbreak detection
  • Authentication bypass
  • Circumvent activation
  • Modify in-app data
  • UIKit web manipulation
  • Variable modification

Download the app here and take a look for yourself.

iWep Pro

iWep Pro is a wireless suite of useful applications used to turn your iOS device into a wireless network diagnostic tool. This app quickly lets you know if any of your connected wireless devices are vulnerable to security glitches, and can even reveal what the surrounding Wi-Fi network passwords are in your current location. Using this application can help you to lock down your Wi-Fi network, and can help you to secure any flaws within your Wi-Fi network’s setup. You are also able to share Wi-Fi keys securely with friends, allowing you to give people information about public networks that you have previously visited.

The main features of iWep Pro are:

  • The ability to search WEP/WPA supported routers
  • Network scanning features
  • Auto connection to networks that you have the keys for
  • Unsupported networks allow you to manually connect as well

The app can be downloaded here.

Burp Suite

Burp Suite is a penetration testing tool that intercepts traffic on your network. This is useful if you need to inspect traffic flows and can offer insights into application and website operation. This is achieved in large part by the application’s proxy tool. This allows you to use your browser to navigate through the application, meaning your phone can host the session and then your network traffic can be directed through it. The developers host an informative website which has an exhaustive list of “how-to” articles which cover:

There is a lot more functionality to this application that meets the eye, so it is definitely worth looking at if you want to experiment with iOS security.

Burp Suite can be downloaded here.

Cycript

Cycript is a useful application that allows developers to look at and interact with applications running on iOS. It does this through Objective-C++ and JavaScript syntax, and it has an interactive console that is command-line based. Like any good command line tool, it features tab completion and syntax highlighting, giving it a functional and desktop-like feel.

Some useful Cycript features include:

  • The ability to inject into processes
  • Objective-C messages
  • JavaScript extensions
  • Effortless exploration
  • Bridged object model
  • Foreign function calls
  • Magical tab-complete
  • C++11 Lambda syntax

Cyscript can be downloaded here.

iKeyMonitor iPhone Hacker

This app is not necessarily a hacking tool, but is more of a communications bugger. It allows users to retrieve information remotely by installing keylogging software and SMSes. Monitoring can be done remotely, while the target phone is unaware of any logging activity. Passwords, keystrokes, website history and automated screenshots are all sent via FTP or email. The iPhone must be jailbroken to unlock all of iKeyMonitor’s features.

The product is marketed as a parental control application. Its main features are:

  • SMS and messenger monitoring: This feature works with Whatsapp, WeChat, Facebook, Skype, Line, Kik, Viber and more
  • Tracking features: These include call history logs, call recording, SMS capturing, keystroke capture, clipboard, website history and GPS tracking
  • Capturing multimedia: Including pictures and photos, videos and voice messages
  • Phone control: This feature includes app blocking and a screen-time limiter
  • Undetectable to users
  • Easy remote control

A free trial can be downloaded here.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Summary

There are many different applications available for iOS users looking into hacking and penetration testing. Some are useful as diagnostic tools, while others can be used maliciously and should be handled with care. Overall, there is a wide array tools that can be utilized by iPhone users, and not all applications need to have a jailbroken iPhone — requiring less preparation to get them installed.

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.