Port MASTG-TEST-0088 (by @appknox) #3073

sk3l10x1ng · 2024-11-21T11:40:27Z

PR closes #3006

cpholguera · 2024-12-06T07:45:40Z

Could you please include a MASTG-DEMO as well using our app?

This greatly helps understanding the test, so we're going to make this a requirement for everyone from now on (unless there's a good reason to schedule it for later, e.g. due to great complexity). Thanks a lot @sk3l10x1ng!

sk3l10x1ng · 2024-12-18T13:52:08Z

Could you please include a MASTG-DEMO as well using our app?

This greatly helps understanding the test, so we're going to make this a requirement for everyone from now on (unless there's a good reason to schedule it for later, e.g. due to great complexity). Thanks a lot @sk3l10x1ng!

@cpholguera Added Demo , please review it .

…/sk3l10x1ng/3073

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTG-DEMO-0088.md

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MastgTest.swift

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

cpholguera · 2024-12-22T17:08:29Z

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

+
+The test verifies that a mobile application can identify whether if the iOS device it is running on a jailbroken device. Jailbreaking removes built-in security restrictions on the device, potentially exposing sensitive information and increasing the risk of unauthorised access.
+
+## Steps


The demo doesn't correspond with these steps, so I split it into 2 tests:

Jailbreak Detection in Code (corresponds with the current demo, static)

Runtime Use of Jailbreak Detection Techniques (dynamic via bypass)

cpholguera · 2025-01-03T09:52:52Z

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/output.asm

update using the new code

cpholguera · 2025-01-03T09:53:03Z

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTestApp

update using the new code

demos/ios/MASVS-RESILIENCE/MASTG-DEMO-0088/MASTG-DEMO-0088.md

Co-authored-by: Jeroen Beckers <[email protected]>

…namic analysis test

tests/ios/MASVS-RESILIENCE/MASTG-TEST-0088.md

…owasp-mastg into pr/sk3l10x1ng/3073

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

TheDauntless · 2025-01-03T11:51:42Z

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

+
+Consider that there may be other resiliency mechanisms in place that prevent the application from running, such as runtime integrity checks, so the app may still not run even if the jailbreak detection checks are bypassed, or you may not be able to get to the point where the jailbreak detection checks are executed before the app crashes.
+
+Even if the automated jailbreak detection bypass commands are not successful, they may provide useful information to help you narrow down the jailbreak detection checks implemented in the app.


Suggested change

Even if the automated jailbreak detection bypass commands are not successful, they may provide useful information to help you narrow down the jailbreak detection checks implemented in the app.

If they give any useful info, the check would already pass.

sk3l10x1ng · 2025-01-03T12:23:10Z

@cpholguera will work on the requested changes

Co-authored-by: Jeroen Beckers <[email protected]>

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

Co-authored-by: Jeroen Beckers <[email protected]>

sk3l10x1ng added 3 commits November 21, 2024 12:55

port mastg test 0088

44f02e0

deprecation note

5231d0d

updated id

db2e50f

cpholguera added the changes-requested label Dec 6, 2024

sk3l10x1ng added 4 commits December 16, 2024 19:40

added Demo

09ca02b

fix

825becf

fix space

d62e8f1

fix spell

e1c5f62

cpholguera added 2 commits December 22, 2024 11:50

refactor jailbreak detection to return detailed status and proof

e5585cc

Merge branch 'master' of https://github.com/OWASP/owasp-mastg into pr…

b0cea4e

…/sk3l10x1ng/3073

TheDauntless reviewed Jan 3, 2025

View reviewed changes

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md Outdated Show resolved Hide resolved

cpholguera requested changes Jan 3, 2025

View reviewed changes

cpholguera and others added 5 commits January 3, 2025 10:56

Apply suggestions from code review

18ee1cf

Co-authored-by: Jeroen Beckers <[email protected]>

fix: correct filename in jailbreak detection script

e83090f

refactor: update title and instructions for jailbreak detection demo

3b8f772

refactor: update jailbreak detection test descriptions and add new dy…

8e6e416

…namic analysis test

fix: correct evaluation criteria for jailbreak detection test

728703c

cpholguera reviewed Jan 3, 2025

View reviewed changes

tests/ios/MASVS-RESILIENCE/MASTG-TEST-0088.md Outdated Show resolved Hide resolved

cpholguera added 3 commits January 3, 2025 11:37

Update tests/ios/MASVS-RESILIENCE/MASTG-TEST-0088.md

cab5174

feat: mark jailbreak detection tests as prone to false negatives

fc1d0a0

Merge branch 'port-MASTG-TEST-0088' of https://github.com/sk3l10x1ng/…

d4e364a

…owasp-mastg into pr/sk3l10x1ng/3073

TheDauntless approved these changes Jan 3, 2025

View reviewed changes

cpholguera and others added 2 commits January 3, 2025 13:39

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

501bead

Co-authored-by: Jeroen Beckers <[email protected]>

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

c984a1f

Co-authored-by: Jeroen Beckers <[email protected]>

cpholguera reviewed Jan 3, 2025

View reviewed changes

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md Show resolved Hide resolved

cpholguera and others added 2 commits January 3, 2025 13:41

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

84df96d

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x88.md

b668a07

Co-authored-by: Jeroen Beckers <[email protected]>

cpholguera and others added 2 commits January 3, 2025 13:42

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

45eee2d

Co-authored-by: Jeroen Beckers <[email protected]>

Update tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0x89.md

a430755

Co-authored-by: Jeroen Beckers <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Port MASTG-TEST-0088 (by @appknox) #3073

Port MASTG-TEST-0088 (by @appknox) #3073

sk3l10x1ng commented Nov 21, 2024

cpholguera commented Dec 6, 2024

sk3l10x1ng commented Dec 18, 2024

cpholguera Dec 22, 2024 •

edited

Loading

cpholguera Jan 3, 2025

cpholguera Jan 3, 2025

TheDauntless Jan 3, 2025

sk3l10x1ng commented Jan 3, 2025


		The test verifies that a mobile application can identify whether if the iOS device it is running on a jailbroken device. Jailbreaking removes built-in security restrictions on the device, potentially exposing sensitive information and increasing the risk of unauthorised access.

		## Steps


		Consider that there may be other resiliency mechanisms in place that prevent the application from running, such as runtime integrity checks, so the app may still not run even if the jailbreak detection checks are bypassed, or you may not be able to get to the point where the jailbreak detection checks are executed before the app crashes.

		Even if the automated jailbreak detection bypass commands are not successful, they may provide useful information to help you narrow down the jailbreak detection checks implemented in the app.

Port MASTG-TEST-0088 (by @appknox) #3073

Are you sure you want to change the base?

Port MASTG-TEST-0088 (by @appknox) #3073

Conversation

sk3l10x1ng commented Nov 21, 2024

cpholguera commented Dec 6, 2024

sk3l10x1ng commented Dec 18, 2024

cpholguera Dec 22, 2024 • edited Loading

Choose a reason for hiding this comment

cpholguera Jan 3, 2025

Choose a reason for hiding this comment

cpholguera Jan 3, 2025

Choose a reason for hiding this comment

TheDauntless Jan 3, 2025

Choose a reason for hiding this comment

sk3l10x1ng commented Jan 3, 2025

cpholguera Dec 22, 2024 •

edited

Loading