LAB - iOS: Hardcoded Secrets

Lab Environment

In this lab environment, you will get access to a Debian machine, which has all the required tools installed on it for this lab, along with an IPA file.

Objective: Perform static analysis on the IPA file to find the hardcoded API key.

The following file can be useful:

reqnest.ipa: Present on the "Desktop".

Tools

unzip
strings
grep

Flag

What is a hardcoded API key value?

We can see into the Desktop folder a file with name "reqnest.ipa", unzip it -->

cd Desktop
ls
unzip reqnest.ipa

Into this zip/ipa we can see a reqnest filne, so use strings to read leggible words -->

strings reqnest | grep api

PreviousMobile Application Penetration Static Analysis NextOWASP Mobile Top 10 Vulnerabilities

Last updated 10 days ago