Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA

3 years ago 1096
BOOK THIS SPACE FOR AD
ARTICLE AD

Divyanshu Shukla

Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security research platform, CORSEC. Corellium’s iOS devices may be jailbroken or non-jailbroken and can be used for security research.

Corellium is a premium iOS emulator on which one can run and test iOS applications. Although there is no support of the App Store we can directly install the apps by re-signing them.
This blog discusses the multiple re-signing methods used to install an application(IPA) on the iPhone X emulator on Corellium.
There are multiple methods to re-sign the IPA and below mentioned methods do not require a developer account.

First, we need to download the VPN file from the page and connect it to the private network. This helps us to get into the same network as an emulator.

To download the VPN file, click on the OVPN file.

2. Connect to Corellium VPN and it assigns a private IP in the range 10.x.x.x.

3. Let’s try to install Myriam iOS Security App created by GeoSn0w by downloading the IPA.

4. Click on APPS and select Install.

We will try to upload the unsigned IPA directly

5. Download the IPA directly from release.

#wget https://github.com/GeoSn0w/Myriam/raw/master/IPA%20Releases/Myriam%20Beta%204.0.ipa

6. As we can see, that we have a newly downloaded IPA.

7. We can rename it to unsigned for demo purposes. Click on install and select the IPA file.

8. Check the error at the bottom, Failed to install the app from Myriam Beta 4.0-unsigned.ipa.

9. Let’s sign it via iOS App Signer. You can download it from here.

l

10. Select the IPA in the input file and make sure you have the signing certificate and provisioning profile present.
We now have a signed IPA file.

In case of error just open Xcode and in the preferences add account.

11. Let’s upload the file and check the error:

Failed to install app from Myriam Beta 4.0-signed.ipa. Code signature verification failed.
Note: Above mentioned error and this error is different.

12. Now let’s use objection to patch the IPA and upload.

objection patchipa --source Myriam\ Beta\ 4.0-unsigned.ipa --codesign-signature XXXXXXXXXXXXXXXXXX -P ~/Library/MobileDevice/Provisioning\ Profiles/XXXXXXXXXXXXXXXX.mobileprovision

13. Upload the newly codesigned IPA file to the emulator.

14. Check the error :

Failed to install app from Myriam Beta 4.0-signed.ipa. Code signature verification failed.

15. Run the below-mentioned command to check the installed provisioning profiles and signatures.

For codesign-signature:

applesign -L

For provisioning profile:

cd ~/Library/MobileDevice/Provisioning\ Profiles && ls

16 . Now let’s use applesign, it is NodeJS module and command line utility for re-signing iOS applications (IPA files).

applesign -i xxxxxxxxxxxxxxxxxxxxxxx Myriam\ Beta\ 4.0-unsigned.ipa -m ~/Library/MobileDevice/Provisioning\ Profiles/xxxxxxxxxxxxxxxxxxxxxx.mobileprovision

17. Check the same error as above.

18. Then I got to know about AppSync Unified from Reddit. It can disable ios app signature verification.

I added the cydia repo and installed the AppSync Unified.

19. Uploaded the unsigned IPA directly to the emulator.

20. The IPA was successfully installed on the emulator.

21. Let’s try to access the application, whether it is working or not.

22. Another way of installing Myriam is direct via Cydia.

Note: This is not the official Corellium blog, please connect with Corellium team if you want to use the emulator.

Also you can read more about signing on http://www.saurik.com/id/8

https://kubadownload.com/news/appsync-unified/

https://medium.com/xcnotes/ios-application-verification-failed-d806d83ffdae

https://github.com/sensepost/objection/wiki/Patching-iOS-Applications

https://github.com/DanTheMan827/ios-app-signer

http://www.saurik.com/id/8

https://www.reddit.com/r/jailbreak/comments/jcs93x/help_appsync_unified_ios_14/

https://corellium.com

Read Entire Article