iSpy - A reverse engineering framework for iOS

[Fi8sVrs]

iSpy aims to be your one-stop-shop for reverse engineering and dynamic analysis of iOS applications.

Features :

– Easy to use Web GUI

– Class dumps

– Instance tracking

– Automatic jailbreak-detection bypasses

– Automatic SSL certificate pinning bypasses

– Re-implemented objc_msgSend for logging and tracing function calls in realtime

– Cycript integration; access Cycript from your browser!

– Anti-anti-method swizzling

– Automatic detection of vulnerable function calls

– Easy to use soft-breakpoints

The current release is a developer preview; code is subject to change, and will be unstable. However, we appreciate code contributions, feature requests, and bug reports. We currently do not have binary releases, stay tuned!

Injecting iSpy :

1. Once iSpy is installed onto your device open the Settings application and you should see a new entry for iSpy. Enable the iSpy Global On/Off if it is disabled. From this panel you can also enable hooks for SSL Certificate Pinning, change web server settings, and optional features.

2. From here go to Select Target Apps and enable the switch for whichever applications you want to inject iSpy into.

3. Open any of the selected applications and you should see a Showtime overlay message in the upper right as the application loads, this indicates that iSpy was successfully injected into the process.

4. Open your browser and go to http://<iPad IP Address>:31337, note that the default port is 31337 but can be optionally changed in the iOS Settings. If iSpy fails to bind to the desired port it will increment the port number until it successfully finds an unbound port to use; you can see this activity in the Xcode console. We also recommend forwarding your TCP connections over USB using the iPhone Data Protection Suite’s tcprelay.sh script.

5. Have fun!

Prerequisites :

+ Xcode 5+ running on OSX 10.8+

+ Any jailbroken iOS device running: 32bit iOS 6, 7, or 8

Other versions may work but have not been tested

Theos Setup

Follow this guide to setup Theos and Ldid.

Clone Repos

First do a recursive clone of the public repo:

git clone https://github.com/BishopFox/iSpy --recursive

Build CocoaHTTPServer

Next we need to build the CocoaHTTPServer dependency, this step is optional as a binary is included with the main iSpy repo.

cd iSpyServer/CocoaHTTPServer/
./build.sh

This will create a new CocoaHTTPServer.a file in the iSpy/libs directory.

Compile iSpy

Next build the main repo, cd back to the root of the main iSpy git repo and:

make clean
make
make package

This will produce a new .deb

If you get the error:

/Applications/Xcode.app/Contents/Developer/usr/bin/make package requires dpkg-deb.
make: *** [internal-package-check] Error 1

t means you need to install the Debian package manager. I use Brew, so it was just a case of running brew install dpkg to get up and running.

Install onto iOS Device

iSpy has three binary dependancies on the iOS device: cycript, preferenceloader and applist the easiest way to install these is to ssh into your device and use apt-get:

apt-get install cycript applist preferenceloader

After that just install the .deb we compiled in the previous step

dpkg -i <.deb file>

Cycript Integration

iSpy injects Cycript into the target app automatically by default. In order for the iSpy UI integration to work, you must first install Cycript onto your device (just use Cydia). Once installed, you can access Cycript from the iSpy UI by simply hitting the hotkey (ctrl-`). You can also connect remotely from a command-line, like so:

cycript -r ip_of_your_device:12345

Download Zipball | or clone git here

Sources :

• https://github.com/BishopFox
  
• iSpy – A reverse engineering framework for iOS.