IOS

Get the App

• Apple App Store

More coming soon

Wireshark

• Connect the device: rvictl -s <UDID>

• Start the capture: sudo tcpdump -i rvi0 -w iphone.pcap

Test the security of the phone or tablet

Sometimes you will have to assess the security of the tablet. Say your customer wants to use tablets but have disabled a few things. Sometimes they might even activate supervised mode to set it up for corporate use. You will need to check for a few things.

Bypass bluetooth restrictions

You will see that the bluetooth is switched on but you can not pair any device. It means that the bluetooth usage has been restricted. But if you go to Settings > Accessibility > Selection Control > Buttons > Bluetooth devices

This way you can pair a device.

Flash Xtreme firmware on your flipper zero

See Shuriken Hacks' video here to do this

BT spam

You can do this attack with flipper zero with Xtreme firware.

• Browse to BLE Spam

BLE Spam

• Launch the attack

Apple Device Popup

If the bluetooth is activated on your target you should get notified to pair various new devices.

Bad USB over bluetooth

You can do this attack with flipper zero with Xtreme firware.

Click the down arrow and select badkb

badkb

• Select the ios demo (it will open a webpage on the target ios device)

demo-ios

• Select config

config

• Set Connection to BT

BT

• Go back and click on run. Pair the device with your flipper when the pop up appears and it should open a webpage to the xtreme firmware's github page.

Resources

• Frida & Objection without Jailbreak! by 302 not found
• [0x07] Reversing Shorts :: iOS Device Supervision - Sniff Traffic & Defer Updates

Tools

• Jailbroken Iphone

  • Electra
  • Chimera
  • checkm8
• Open source memory dumping tool.

• Frida-ios-dump
• MobSF can help to speed up static analysis
• IOS Passionfruit

Attacks with flipper zero

• Annoying Apple Fans: The Flipper Zero Bluetooth Prank Revealed - Techryptic