BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors presented at AppSec USA 2013

by Jason Haddix, Dawn Isabel,

Summary : The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit toys, there can be stregnth in numbers. Join us as we explore what actually needs to be done in a mobile assessment and how we can do it right from our SSH prompt on our iOS device. Our tool is simple yet effective and as you learn to do mobile assessments you'll also teach yourself the fundamentals of the OWASP Mobile Top 10. Topics explored will be binary analysis, app decryption, data storage, endpoint parsing, class inspection, file monitoring, and more! Heck we might even release some sort of ghetto BASH Obj-c source parser!