Avatar
I am Prateek Gianchandani. I have interests in Reverse Engineering, Mobile and Browser Security, and i am the founder of 8ksec. I hope you enjoy the content in this Blog.

Damn Vulnerable iOS App v1.4 launched

I am so excited to release the latest version of Damn Vulnerable iOS app for iOS 8. Up till now, DVIA has been downloaded more than 75000 times and i can’t wait for the count to reach 6 digits :-) Following vulnerabilities and challenges have been added in the latest version.

  1. Sensitive information in memory
  2. Webkit Caching (Insecure data storage)
  3. Certificate pinning bypass

You can download the latest version from here. The source code is available on the project’s github page here.

Manual Installation

The easiest way is to install the application from Cydia. Add the source repo.kylelevin.com and search for DamnVulnerableiOSApp. 3 You can directly download the deb file also on your device and use dpkg -i DamnVulnerableiOSApp.deb to install the application followed by the command uicache 4 Or you can download the .ipa file from the downloads page, change its name from DamnVulnerableiOSApp.ipa to DamnVulnerableIOSApp.zip and unzip this file. This will unzip to a folder named Payload. Inside it, there will be a file named DamnVulnerableIOSApp.app. Then copy the .app file to the /Applications directory on the device using Scp. You can also use sftp or the utility iExplorer to upload this application. 1 Now login as the mobile user, use the command su to get root privileges and give the DVIA binary executable permissions. Then use the exit command to go back as the mobile user, and use the command uicache to install the application. If this doesn’t work, you can reboot the device or try this method again. 2 To compile the application, you should follow the instructions mentioned here. Any commits to the source code on Github or suggestions to improve the app are welcome. Special thanks to @crylico to help test the application before release and hosting the application on his repo. Happy hacking ! -Prateek

all tags