iblessing: free iOS exploiting toolkit

Iblessing is an exploitation program that helps security system researchers discover a host of significant security vulnerabilities in the iOS environment. The analysis he makes is static but also dynamic.

Contents hide
Specifications
Installation
Use
Application snapshots

Specifications

  •  Cross-platform: Tested on macOS and .
  •  iOS App static info extract, including metadata, deeplinks, urls, etc.
  •  Mach-O parser and dyld symbol bind simulator
  •  Objective-C class realizing and parsing
  •  Scanners making dynamic analysis for arm64 assembly code and find key information or attack surface
  •  Scanners using unicorn to partially simulate Mach-O arm64 code execution and find some features
  •  Generators that can provide secondary processing on scanner's report to start a query server, or generate script for IDA
  • Super objc_msgSend xrefs scanner?
    •  objc methods and subs (such as ) to generate xrefs like flare-emu
    •  objc function wrapper and ida usercall generate
    •  objc_msgSend sub functions analysis
    •  objc block to objc_msgSend xrefs in args and capture list
    •  report format including json, etc.
    •  Swift class and method parsing
    •  following branches and calls
    •  SimProcedures for external symbols
  •  Tests
  •  Android Scanners Support
  •  Diagnostic logs
  •  More flexible scanner infrastructure for new scanner plugins

Installation

CMake

  • Platform: macOS, Linux

To start installing iblessing, follow these steps:

git clone --recursive -j4 https://github.com/Soulghost/iblessing cd iblessing ./compile-cmake.sh

XcodeBuild

  • Platform: macOS

To start installing iblessing, follow these steps:

git clone --recursive -j4 https://github.com/Soulghost/iblessing cd iblessing ./compile.sh

Use

$ iblessing -h

Usage: iblessing [options…] Options:
-m, –mode mode selection:
* scan: use scanner
* generator: use generator
-i, –identifier choose module by identifier:
* scanner-id>: use specific scanner
* generator-id>: use specific generator
-f, –file input file path
-o, –output output file path
-l, –list list available scanners
-d, –data extra data
-h, –help Shows this page

Snapshots ς

 

You can download the application from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

iblessingios

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).