Category Archives: mobile

Defeating MDM: Enrolling a jailbroken device into a mobile device management system

TLDR:  I was able to enroll a jail broken device on a “major” MDM provider.  Any vendor that says they can prevent jailbroken devices from enrolling in a MDM solution is not being 100% honest.  Any resourceful person can get around jailbreak detections.  Because of the client side nature of this problem it’s very difficult […]

iPhone: quick process to check for local files of interest

Plug iPhone or iPad into Mac
User iExplorer or iFunbox to explore file system of apps
Export relevant directories to local box (Usually Library and *.app)
Search for files of interest

find . -name "*.db"

find . -name "*.plist"

find . -name "*.sql*"
Search inside the files for items of interest
find . -type f -exec grep -l -i "password" {} +
iExplorer can […]

Security testing iPhone – local data storage

One of the areas you need to focus on when performing security / penetration testing on iOS applications is what information is written to disk or stored locally. There are a number of things that can be written to disk (text files, config files, plist files, databases, etc). There are a handful of directories that […]