env# Example output:NamePath------------------------------------------------------------------------------------------------------------BundlePath/private/var/containers/Bundle/Application/81AD95F9-3DA4-4CEB-BD50-442BD55D1D02/Example.appCachesDirectory/var/mobile/Containers/Data/Application/9EC4057E-FE48-4B9F-81D3-C0FB75BC2EA3/Library/CachesDocumentDirectory/var/mobile/Containers/Data/Application/9EC4057E-FE48-4B9F-81D3-C0FB75BC2EA3/Documents..........
List bundles of the application
iosbundleslist_bundles# Example output:com.example.appon (iPhone: 15.4.1) [usb] # ios bundles list_bundlesExecutableBundleVersionPath---------------------------------------------------------------------------------------------------------AGXMetalA11com.apple.AGXMetalA11190.17.2...em/Library/Extensions/AGXMetalA11.bundleRunnercom.example.app11.4.61...E-38A1-4FC0-AE77-0B2D26E7BF67/Runner.app
List framework used by the application
iosbundleslist_frameworks# Example output:ExecutableBundleVersionPath------------------------------------------------------------------------------------------------------------------------------share_plusorg.cocoapods.share-plus0.0.1...nner.app/Frameworks/share_plus.frameworkwebview_flutter_wkwebvieworg.cocoapods.webview-flutter-wkwebview0.0.1...orks/webview_flutter_wkwebview.frameworkDTTJailbreakDetectionorg.cocoapods.DTTJailbreakDetection0.4.0...ameworks/DTTJailbreakDetection.framework
Basic Hooking
List all classes
ioshookinglistclasses# Example output:com.example.appon (iPhone: 15.4.1) [usb] # ios hooking list classesAAAFoundationSwift.AAFTimedAnalyticsEventAAAFoundationSwift.BroadcastMessageSenderAAAFoundationSwift.DependencyRegistryAAAFoundationSwift.MessageSenderAAAFoundationSwift.OSActivityAAAFoundationSwift.OSTransactionAAAFoundationSwift.WeakWrapper.................
Search for classes
# Search a class that contains a stringioshookingsearchclassesjailbreak# Example output:com.example.appon (iPhone: 15.4.1) [usb] # ios hooking search classes jailbreakPodsDummy_DTTJailbreakDetectionDTTJailbreakDetectionPodsDummy_flutter_jailbreak_detectionflutter_jailbreak_detection.SwiftFlutterJailbreakDetectionPluginFlutterJailbreakDetectionPlugin..............
Search for methods
# Search a method that contains a stringioshookingsearchmethodsjail# Example output:com.example.appon (iPhone: 15.4.1) [usb] # ios hooking search methods jail[DTTJailbreakDetection + isJailbroken][UIScreen + _shouldDisableJail][UIScreen - _unjailedReferenceBoundsForInterfaceOrientation:][UIScreen - _unjailedReferenceBoundsInPixels]..........
List class methods
# List methods of a specific classioshookinglistclass_methodsDTTJailbreakDetection# Example output:com.example.appon (iPhone: 15.4.1) [usb]+isJailbrokenFound1methods
Watch class
# Hook all the methods of a class, dump all the initial parameters and returnsioshookingwatchclassDTTJailbreakDetection# Hook an specific method of a class dumping the parameters, backtraces and returns of the method each time it's calledioshookingwatchmethod"*[iRoot isJailBroken]"--dump-args--dump-return--dump-backtrace
NSUserDefaults is a simple storage mechanism commonly used for storing small amounts of data or user preferences. However, it's not a secure place to store sensitive information like passwords because it can be accessed easily by other apps or by jailbroken devices.
iosnsuserdefaultsget# Example output:.........."flutter.isStartStopGps"=0;"flutter.isUploadResolution"=0;"flutter.logACallObjectType"=1;"flutter.mPin"=1337;"flutter.mPinTime"=7;"flutter.userEmail"="redacted@redacted.com";"flutter.userId"=1337;.............
Dump Keychain Data
Extracts the keychain items for the current application.
ioskeychaindump
Note: This page is incomplete and will be regularly updated. If you have any ideas or resources that need to be added, please contact me at yuyudhn@gmail.com.