[0x06j] Upgrade Test Case: Jailbreak Detection (MSTG-RESILIENCE-1)

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.79k stars 2.34k forks source link

[0x06j] Upgrade Test Case: Jailbreak Detection (MSTG-RESILIENCE-1) #2141

Open cpholguera opened 2 years ago

cpholguera commented 2 years ago

Upgrade section "Bypassing Jailbreak Detection" in https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md#jailbreak-detection-mstg-resilience-1

TODO:

simplify
remove hopper (and images), use radare2 instead
remove cycript, use frida instead
or simply reduce all to objection

cgarst commented 2 years ago

I can take this one

cpholguera commented 2 years ago

It's yours @cgarst, thanks!

AkshayJainG commented 1 year ago

It's better to use just objection right because objection also uses Frida internally.

cpholguera commented 1 year ago

The only problem with that is that objection is not maintained anymore. So it might be better to go with Frida and use the objection scripts as examples, explaining that they can be taken as a baseline but you need to stay up to date and adapt them to newer jailbreak methods.

cgarst commented 1 year ago

Haven't been able to get around to this, back up for grabs.

cpholguera commented 1 year ago

No problem @cgarst, thanks for the update