Skip to content

Add TECH Patching an App to Make it Debuggable #3082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cpholguera opened this issue Dec 2, 2024 · 2 comments
Open

Add TECH Patching an App to Make it Debuggable #3082

cpholguera opened this issue Dec 2, 2024 · 2 comments
Assignees
@shwetd19
Labels
iOS techniques

Comments

@cpholguera
Copy link
Collaborator

title: Patching an App to Make it Debuggable
platform: ios

By default, app available on the Apple App Store are not debuggable. In order to debug an iOS application, it must have the get-task-allow entitlement enabled. This entitlement allows other processes (like a debugger) to attach to the app. Xcode doesn't add the get-task-allow entitlement in a distribution provisioning profile; it is only whitelisted and added in a development provisioning profile.

TBD...
@OWASP OWASP deleted a comment Dec 16, 2024
@shwetd19
Copy link

Hey @cpholguera I'm thinking of this fix, can I work on it ?

  1. we need to extract the IPA file and unzip it to access the app bundle.
  2. Then, we can use a tool like codesign or optool to modify the entitlements plist by adding <key>get-task-allow</key><true/>.
  3. After that, re-signing the app with a development provisioning profile using the command: codesign -f -s "iPhone Developer: [Your Name]" --entitlements entitlements.plist [AppName].app.
  4. Finally, repackage the app and install the patched IPA using Xcode or a tool like ios-deploy.

This process allows a debugger to attach to the app, bypassing App Store restrictions.

@cpholguera
Copy link
Collaborator Author

It's assigned to you now @shwetd19.

Please avoid repeating content as much as possible. As you can see in our techniques page we make our techniques very modular and narrow in scope so they can be easily reused across the guide.

Consider:

So I think this works well. You can write this new technique following a similar approach as in MASTG-TECH-0038: Patching (Android) where one of the sub-sections can be ## Patching Example: Making an App Debuggable.

Before submitting for review please validate that all the steps above work and you're able to debug the app as indicated in MASTG-TECH-0084: Debugging.

Please post here any proof (screenshots, etc.) and phone / OS versions and if it's jailbroken or not.

Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shwetd19 shwetd19

Labels
iOS techniques
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpholguera @shwetd19