단말기 중요정보 저장 금지

내 아이폰 10.3.3 캐시 저장 위치

/var/mobile/Containers/Data/Application/B6F531AC-4698-4909-8C2F-5CB0DDC49D0A/Library

1. Keychain_dumper을 이용한 패스워드 확인

- 단말기 내 해당 application에 대한 중요정보[ID, PW, 등]가 저장되어 있는지 점검

- 명령어: 

2. /private/var/mobile/Applications/해당앱/Libaray/Cookies

- 쿠키 내부에 저장된 중요정보 검색 

- 명령어: strings Cookies.binarycookies

3. /private/var/mobile/Applications/해당앱/Libaray/Preterences

- plist 내부에 저장된 중요정보 검색

- plutil -show 파일이름.plist

* 스샷찍기: 전원+홈버튼

* 스샷은 /private/var/mobile/Media/DCIM/100APPLE 에 저장되어있음

4. CoreData and SQLite Databases

CoreData is the framework that manages the layer between user interface and the data stored in a database. The main advantage of CoreData over SQLite databases is the speed and ease of use. Using CoreData creates sqlite files on the iOS device.

The main difference between using SQLite and CoreData is that the tables are prefixed with Z in CoreData. The SQLite files are stored in the Documents folder in the application sandbox.

Application used for Example: Damn Vulnerable IOS Application

Black Box Testing Approach:

1.Launch the application and navigate to the Insecure Data Storage section.

2.Click on Core Data.

3.Enter the data in all fields.

4.Click on Save in Core Data.

5.Connect the device to a laptop.

6.It is possible to read the content of the iOS sandbox using any of the tools and methodsmentioned in “8 Exploring iOS File System.” This example uses iExplorer.

7.Navigate to DVIA in iExplorer. In the Documents folder, right click on the CoreData.sqlite file andexport it to laptop.

8.The sqlite file can be read using SQLite Browser (http://sqlitebrowser.org/) or SQLite Manager(https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/), or sqlite3 CLI. When usingthe sqlite3 on the iOS device use the below commands to view the contents of the sqlite3database:

sqlite3 CoreData.sqlite

.tables

select * from ZUSER

Note the credentials are being stored in plaintext on the iOS device.

Similar steps are to be used for testing SQLite storage vulnerabilities except the tables won’t have ‘Z’ prefixed.