So how is everyone approaching #iOS #pentesting and #security analysis nowadays? It's getting hard to find #jailbreak. Is really everybody using Corellium?

@floyd Precious jailbreakable phones on different versions. Corellium is nice but doesn't support some important I/O like NFC.

@buherator same here but it's madness. We have a customer that only supports iOS 16 or above (although we contractually require below). So now we just don't do it or on Corellium. How do you handle these situations?

@floyd I don't do mobile personally so can't tell, but I've heard about similar cases (no clue how they were resolved).

@floyd

Using a device running using the latest jailbroken version (atm. 16.x with an iPhone X) fits most requirements. This jailbreak breaks SEP which means biometrics and PIN wont work. This can be restored using the $3.00 Checkl0ck tweak, does a good job at using built-ins to make biometrics/PIN work for apps that specifically require this.

We try to work closely with the customer, acquiring a build without certificate pinning and jailbreak detection to test more efficiently.
Having this mentioned, when apps or tests require the latest available version, it's often feasible to test on stock iOS, because iOS actually allows for the installation of a fully trusted CA without a jailbreak, and this, together with some static + source code analysis can get you pretty far already. libimobiledevice can do surprisingly much with stock devices too.

So far we managed to avoid Corellium because we like to keep our customers data to ourselves 😅

@goosie yeah looks similar to our approach, but the iPhone X maxes out at iOS 16 and although we contractually force our customers to hand over apps without pinning etc they often simply don't.

Checkl0ck is a good callout!