iGoat – A Learning Tool for iOS App Pentesting and Security (Open Web Application Security Project – OWASP)

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

  1. Brief introduction to the problem.
  2. Verify the problem by exploiting it.
  3. Brief description of available remediations to the problem.
  4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don’t know how to fix a specific problem.

Vulnerabities Covered (version 3.0):

  • Key Management
    • Hardcoded Encryption Keys
    • Key Storage Server Side
    • Random Key Generation
  • URL Scheme Attack
  • Social Engineering
  • Reverse Engineering
    • String Analysis
  • Data Protection (Rest)
    • Local Data Storage (SQLite)
    • Plist Storage
    • Keychain Usage
    • NSUserDefaults Storage
  • Data Protection (Transit)
    • Server Communication
    • Public Key Pinning
  • Authentication
    • Remote Authentication
  • Side Channel Data Leaks
    • Device Logs
    • Cut-and-Paste
    • Backgrounding
    • Keystroke Logging
  • Tampering
    • Method Swizzling
  • Injection Flaws
    • SQL Injection
    • Cross Site Scripting
  • Broken Cryptography

More on: https://github.com/owasp/igoat


iPhone Not Backed Up / iPhone Backup Failed

“This iPhone hasn’t been backed up in xx weeks. Backups happened when this iPhone is connected to power, locked and on Wi-Fi”

“You do not have enough space in iCloud to back up this iPhone.”

Keywords: Turn off icloud backup, icloud not enough space

1 Tap on Settings icon.

iOS -> Settings icon
iOS -> Settings icon

2 Tap on your name at the top (If prompted, enter the Apple ID and password then tap Sign In)

iOS -> Settings -> Name
iOS -> Settings -> Name

3 Tap on “iCloud”

iOS -> Settings -> Name -> iCloud
iOS -> Settings -> Name -> iCloud

4 Tap on “iCloud backup”

iOS -> Settings -> Name -> iCloud -> iCloud Backup
iOS -> Settings -> Name -> iCloud -> iCloud Backup

5

 iOS -> Settings -> Name -> iCloud -> iCloud Backup -> Turn off
iOS -> Settings -> Name -> iCloud -> iCloud Backup -> Turn off

Note: Turning off the iCloud will stop your phone from backing up to iCloud automatically (Thus nor more complain about insufficient space). You might want to backup your phone manually just in case.

Completely Restore/Reset iPad (Clear/Wipe everything) With DFU(Device Firmware Update) mode

Keywords: iPad, DFU, Device Firmware Update, iPad recover mode, Wipe iPad, Clear iPad, Erase iPad, Factory reset iPad, Recover iPad, iPad frozen, White Apple Logo, Stuck with White Apple Logo, Rescue iPad

Sometimes iPad can have problems, e.g. Screen is black or frozen. (Make sure it is not out of power)

You can try to hold Power button and Home button to reset it. (This way iPad will lose anything)

If holding the Power button and Home button doesn’t work, you might need to use DFU mode to reset it (This way, the iPad will lose everything, after it’s done, it will be like a new one)

Items you will need to have before starting:

  • The iPad with issue
  • PC/Mac with iTunes installed
  • USB cable to connect iPad with PC/Mac

Here is how:

1 Hold the power button and home button, the iPad will tun off, do not release the buttons

2 When the White Apple logo appears, only release the power button, still holding the home button.

3 The DFU mode should appear, release all buttons.

4 Connect iPad with PC/Mac

5 Open iTunes

6 It will ask if you want to “Update” or “Restore” (If the iPad is not running the latest version)

7 You can try “Update” (Update should keep the settings)

8 Fail that, you need to select “Restore” (This will wipe the iPad, you will lose everything on that iPad), it should bring your iPad to live though.