Analyze the Local Data Storage Of iPhone IPA from IOS device

local data storage from phone
All Blogmobile application security

.IPA is the package file for an iOS application. The difference being that an .IPA file can only be installed on a non-jailbroken iPhone via one of the below methods:

  • Enterprise Mobile Device Management This requires a company-wide certificate signed by Apple.
  • via sideloading i.e., by signing an app with a developer’s certificate and installing it on the device via Xcode. A limited number of devices can be installed to with the same certificate.

IN last Blog I have Explained How to Build the IPA file from the iPhone So hopefully Now you know Now how to Build it

Compressing and Extracting the Local Data Storage

For the extraction of local data storage, we need to find out the location of the data content of the application. In order to do so, we must first understand the following points:

  • On the first launch of the application on the device, iOS creates the data container and bundle container for the application.
  • On the path Library/Caches/Snapshots, a directory with exactly the same name gets created.

So, we can make use of this fact to locate the Local Data Storage of the application. We shall proceed in the following manner:

Open the Info.plist file of the application from the extracted IPA folder

in my case I am using WordPress and now search for the key 

Screenshot 2020 05 15 at 2.03.05 AM
Certcube-org.Wordpress

We successfully got the key org.wordpress

Now, we need to search for a directory with the exact name as CFBundleIdentifier in the Local Data Storage Directory. This can be done as shown.

Screenshot 2020 05 15 at 2.07.17 AM
Certcube-org.wordpress

We can even refine our search as shown here.

Screenshot 2020 05 15 at 2.15.26 AM
Certcube : installipa

Once, we reach the Local Data Storage Directory, we can compress the files using any tool like zip, rar or 7zip.

Screenshot 2020 05 15 at 2.18.58 AM
Certcube – Zip Localdata

Now download the zip data for further analysis

Extracting the Shared Storage

Some applications make use of shared storage directory. The files under this directory hosts data shared among the application groups and their extensions. This helps them share data securely without causing disturbance in the sandboxing.

To identify the shared storage, first navigate to the Shared Data Directory.

Screenshot 2020 05 15 at 2.23.42 AM
Certcube-sharedata

Now everything Is done lets take this out also

Huh Finished ! In this Blog, we have learnt how to extract the IPA and Local Data Storage of an iOS application to a computer. We need to have these files in order to start static analysis of the application.

Leave a Reply

Your email address will not be published. Required fields are marked *