Analyze the Local Data Storage Of IPA from iOS device
.IPA is the package file for an iOS application. The difference is that an .IPA file can only be installed on a non-jailbroken iPhone via one of the below methods:
- Enterprise Mobile Device Management This requires a company-wide certificate signed by Apple.
- via sideloading i.e., by signing an app with a developer’s certificate and installing it on the device via Xcode. A limited number of devices can be installed with the same certificate.
In the last Blog I Explained How to Build the IPA file from the iPhone So hopefully Now you know how to Build it
Compressing and Extracting the Local Data Storage
For the extraction of local data storage, we need to find out the location of the data content of the application. In order to do so, we must first understand the following points:
- On the first launch of the application on the device, iOS creates the data container and bundle container for the application.
- On the path Library/Caches/Snapshots, a directory with exactly the same name gets created.
So, we can make use of this fact to locate the Local Data Storage of the application. We shall proceed in the following manner:
Open the Info.plist file of the application from the extracted IPA folder
in my case, I am using WordPress and now search for the key
We successfully got the key org.wordpress
Now, we need to search for a directory with the exact name as CFBundleIdentifier in the Local Data Storage Directory. This can be done as shown.
We can even refine our search as shown here.
Once, we reach the Local Data Storage Directory, we can compress the files using any tool like zip, rar or 7zip.
Now download the zip data for further analysis
Extracting the Shared Storage
Some applications make use of shared storage directories. The files under this directory host data shared among the application groups and their extensions. This helps them share data securely without causing disturbance in the sandboxing.
To identify the shared storage, first navigate to the Shared Data Directory.
Now everything Is done let’s take this out also
Huh Finished! In this Blog, we have learned how to extract the IPA and Local Data Storage of an iOS application to a computer. We need to have these files in order to start static analysis of the application.