Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port MASTG-TEST-0088 (by @appknox) #3073

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Port MASTG-TEST-0088 (by @appknox) #3073

wants to merge 23 commits into from

Conversation

sk3l10x1ng
Copy link
Collaborator

PR closes #3006

@cpholguera
Copy link
Collaborator

Could you please include a MASTG-DEMO as well using our app?

This greatly helps understanding the test, so we're going to make this a requirement for everyone from now on (unless there's a good reason to schedule it for later, e.g. due to great complexity). Thanks a lot @sk3l10x1ng!

@sk3l10x1ng
Copy link
Collaborator Author

Could you please include a MASTG-DEMO as well using our app?

This greatly helps understanding the test, so we're going to make this a requirement for everyone from now on (unless there's a good reason to schedule it for later, e.g. due to great complexity). Thanks a lot @sk3l10x1ng!

@cpholguera Added Demo , please review it .

cpholguera
cpholguera requested changes Jan 3, 2025
View reviewed changes
demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTG-DEMO-0088.md Outdated Show resolved Hide resolved
demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MastgTest.swift Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

The test verifies that a mobile application can identify whether if the iOS device it is running on a jailbroken device. Jailbreaking removes built-in security restrictions on the device, potentially exposing sensitive information and increasing the risk of unauthorised access.

## Steps
Copy link
Collaborator

@cpholguera cpholguera Dec 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The demo doesn't correspond with these steps, so I split it into 2 tests:

  • Jailbreak Detection in Code (corresponds with the current demo, static)
  • Runtime Use of Jailbreak Detection Techniques (dynamic via bypass)

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/output.asm Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update using the new code

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTestApp Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update using the new code

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTG-DEMO-0088.md Outdated Show resolved Hide resolved
TheDauntless
TheDauntless approved these changes Jan 3, 2025
View reviewed changes
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

Consider that there may be other resiliency mechanisms in place that prevent the application from running, such as runtime integrity checks, so the app may still not run even if the jailbreak detection checks are bypassed, or you may not be able to get to the point where the jailbreak detection checks are executed before the app crashes.

Even if the automated jailbreak detection bypass commands are not successful, they may provide useful information to help you narrow down the jailbreak detection checks implemented in the app.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Even if the automated jailbreak detection bypass commands are not successful, they may provide useful information to help you narrow down the jailbreak detection checks implemented in the app.

If they give any useful info, the check would already pass.

@sk3l10x1ng
Copy link
Collaborator Author

@cpholguera will work on the requested changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpholguera cpholguera cpholguera requested changes

@TheDauntless TheDauntless TheDauntless approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
changes-requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0088: Testing Jailbreak Detection (ios)
3 participants
@sk3l10x1ng @cpholguera @TheDauntless