This blog post is going to talk on how to extract information from an iPhone that is either stolen or compromised. It should be a new article since I am putting some material that is relatively new to me too. So the first think to do in order to start exploiting data at rest (saved inside the iPhone) is to download the iOS Software Development Kit (SDK) start playing with the iPhone simulator.
About iOS xCode 4.6.2
The complete Xcode developer tool-set for Mac, iPhone, and iPad. It includes the Xcode IDE, iOS Simulator, and all required tools and frameworks for building OS X and iOS apps.
Note: This is the screen you see after you register as an Apple developer.
Xcode in the Mac App Store has been repackaged, and is now distributed as a stand-alone application. This replaces the Install Xcode package, and adds support for delta updates. Xcode includes a new "Downloads" preference pane to install optional components such as command line tools, and previous iOS Simulators. The following screen shows the Xcode download package with enabled command line tools:
Note: This is the complete Xcode package. The 4.6 version, now available through the Apple developer network include development capabilities for iPhone, iPad and iTouch iDevices.
I also suggest downloading the "Auxiliary Tools for Xcode Developer Preview for OS X Lion OS" This package include additional tools originally included with the iOS package installer. After you download the Xcode 4.6.1 single package installer you double click on the downloaded dmg file and you get the following window.
Note: The dmg file will unzip itself, verify the signature and run as any other executable in Mac.
Note: Next step would be to drag and drop the Xcode application to the Application folder. The total unzip file is 3.54 GB (that is a lot of data).
- Fixed Exploits
- Windows Hackers Command Reference
- Linux Hackers Command Reference
- Mini Penetration Testing Framework
- Mini Web Penetration Testing Framework
- Windows Auditing
- Teenage Mutant Ninja Turtles project
- Pentesting Laws In UK
- UNIX User Enumeration
- DNS Record Querying For Pentesting
- Applied Cryptography For Pentesting
- SMB & AD For Pentesting
- Web Application Framework