Wiki
  • Introduction
  • 👾Penetration Testing
    • Application Security
      • Mobile App Security
        • Android Application Testing
          • Security Checklist
          • SSL Pinning Bypasses
          • Non-Proxy Aware Applications
            • Setting up VPN Server
            • Bypasses
          • Common Proxying Issues
          • Android Local Storage Checks
          • Android Task Hijacking
          • Kiosk Mode / Breakout Testing
          • Magisk on GenyMotion
        • iOS Application Testing
          • iOS Testing Using Objection
          • IPA Analysis Using MobSF
          • iOS Jailbreak Bypass
          • Decrypting iOS Apps
          • iOS Reverse Engineering
          • Jailbreak Detection Bypasses
          • iOS Local Storage Checks
          • Installing IPA
          • ATS Auditing
          • iOS Jailbreaking
          • Frida Pinning Bypasses
          • iOS Jailbreaking
        • Code Security
        • Frida on Windows
      • Web Application Security
        • Web Shells
        • CSV Injection
        • Measure Response Time using CURL
        • OSINT
          • EyeWitness
        • GraphQL Hacking
      • API Security
        • Security Checklist
        • Postman and Burp
        • CURL via BurpSuite
        • SOAP API Pentesting
    • Infrastructure Security
      • Network Infrastructure
        • Red Team Powershell Scripts
        • Mounting NFS Shares
        • Password Cracking/Auditing
        • Remote Access Sheet
        • Password Cracking Using Hashcat
        • Calculate IP Addresses from CIDR
        • Grep IP addresses or IP Ranges from a File
        • Default Credentials Checking
        • Check SSL/TLS Certificates
        • Log a terminal session
        • Unauthenticated Mongo DB
        • Microsoft SQL Server (MSSQL)
        • NTP Mode 6 Vulnerabilities
        • BloodHound
        • AD Offensive Testing
        • CrackMapExec
        • Select all IP addresses in Sublime Text
        • Convert CIDRs to an IP address list
        • Microsoft Exchange Client Access Server Information Disclosure
        • Web Server HTTP Header Internal IP Disclosure
        • smbclient.py
        • GetUserSPNs.py
        • Get-GPPPassword.py
        • SMBMap
        • Mounting Shares
        • mitm6
        • AD Attacks
        • Weak IKE Security Configurations
        • Locked BIOS Password Bypass
      • Wireless Security
        • Cached Wireless Keys
        • Aircrack Suite
    • SSL/TLS Security
    • Secure Code Review
      • Python
      • Semgrep
        • Semgrep to HTML Report
    • Cloud Security
      • Cloud Penetration Testing
    • Social Engineering
      • Simulated Phishing
        • GoPhish
    • Tool Usage
      • Docker
      • Split
      • PhantomJS
      • Aquatone
      • Tmux
      • Ipainstaller
      • Public IP From Command Line
      • Wifite
      • IKE Scan
      • Grep
      • Pulling APKs
      • Bitsadmin
      • Drozer
      • Iptables
      • Python Web Server
      • Crackmapexec
      • Impacket
      • Nessus
      • Adding SUDO User
      • Nmap
      • Metasploit Payloads
      • SMTP Open Relay
      • SQLMap
      • Screen
      • Remove All After Colon
      • Remove Old Linux Kernels
      • CURL
      • Hashcat
      • Secure Copy Protocol (SCP)
      • SSH & PGP Tools
      • IP Calculator
      • BloodHound
      • Netcat File Transfer
      • OpenVAS
      • BurpSuite
      • Exiftool
      • Python Virtual Environments
    • Errors and Solutions
      • Kill Process On Specific Port
      • Kill SSH Port Forwarding
      • SSH Key
      • Expanding Disk on Kali VM
    • Scoping
      • Scoping Questionnaires
        • Mobile App Testing
    • OSINT
      • Dark Web OSINT
      • Certificate Chain Check
      • EyeWitness - Web Service Screenshot
      • Tor to Browse Onion Links
      • DarkDump - Scan Dark Web for Onion Links
      • Domain related File Search
      • Google Dorking
      • IP / Network Blocks owned by a Company
  • ⌨️Programming
    • Automation
      • Running a Service at Boot
      • Network Connectivity Cron
    • Python
      • Adding Columns in Pandas
      • Copy Entire Column Data To New Column Pandas
      • Loading Progress Bar
      • Reorder Columns in Pandas
      • Filename with Date/Time Stamp
      • Command Line Arguments
      • Changing Date Format
      • Removing Index Column Pandas
      • Regex - Remove HTML Tags
      • Column Header Mapping
  • 🌐Miscellaneous
    • Scripts
      • Clickjacking Checker
      • Bulk WHOIS
      • SMB Signing Check
      • FDQN to IP Address
      • Grep IP Addresses
      • Nessus Parser
      • Build Review Audit
      • Nessus Merger
      • Nmap2CSV
      • Remove Audio From Videos
    • Favourite Reads/Links
    • Hacking Posters
    • Windows Developer VMs
    • Windows Workspaces
    • GitHub Pages
    • Interview Prep
      • Senior Penetration Tester
    • CVSS Formula
    • Android Rooting
      • Lineage OS 18.1 on OnePlus X
      • TWRP Recover on OnePlus X
      • Magisk Rooting
    • Presentation Slides
      • BlackHat - USA [2022]
  • 🐞Vulnerability Wiki
    • 🌐APPLICATION LEVEL
      • 🔒AUTHENTICATION
        • Authentication Bypass
        • Lack of Password Confirmation
        • 2FA Code Brute-forceable
        • Lack of Verification
        • Lack of Throttling on Form Submissions
        • Lack of Rate Limiting on Login
        • Weak Password Complexity Rules
        • 🖥️SESSION MANAGEMENT
        • 🔑ACCESS CONTROL
      • 🔢INPUT VALIDATION
      • ➗CRYPTOGRAPHY
      • 📉LOGGING
      • 📕DATA PROTECTION
      • 📲COMMUNICATION
      • 👨‍💻MALICIOUS CODE
      • 💡LOGIC
      • 🗄️FILE UPLOAD
      • ⚙️API ISSUES
      • 🔍CONFIGURATIONS
    • 💾INFRASTRUCTURE LEVEL
      • ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524)
      • ASP.NET Debug Mode Validation
Powered by GitBook
On this page
  • Liberty Lite
  • SanTanDick
  • MetroWank

Was this helpful?

  1. Penetration Testing
  2. Application Security
  3. Mobile App Security
  4. iOS Application Testing

iOS Jailbreak Bypass

PreviousIPA Analysis Using MobSFNextDecrypting iOS Apps

Last updated 4 years ago

Was this helpful?

Liberty Lite

Liberty Lite is a jailbreak bypass tweak that can be used for lots of different apps. It works for many, but not all, of the banking apps listed above that have jailbreak detection.

  1. Open Cydia on your jailbroken device and tap the ‘Sources’ menu at the bottom.

  2. At the top, tap ‘+’ to add a new repo. In the text box, type then tap ‘Add Source’.

  3. Once the repo has been added, tap on it in the sources list and select ‘All Catagories’. In the list, you should see ‘Liberty Lite (Beta)’.

  4. Tap on Liberty Lite (Beta), ‘Get’ then ‘Queue’ followed by ‘Confirm’ to install the tweak. Once installed, you will need to respring your device for it to start working.

  5. Open the Settings app and scroll down to the Liberty Lite menu. In here tap ‘Block Jailbreak Detection’, then toggle it on for the app(s) that have jailbreak detection.

  6. Close the app in the app switcher if you opened it before turning Liberty Lite on for it.

  7. If the bypass works, those app(s) should now be usable.

SanTanDick

The Santander mobile banking app is a little bit more tricky to bypass than most others. Not only does this require an app-specific tweak to be installed, but it also requires an older version of the app.

  1. Open Sileo/Cydia on your jailbroken device and tap the ‘Sources’ menu at the bottom.

  2. At the top, tap ‘+’ to add a new repo. In the text box, type then tap ‘Add Source’.

  3. Once the repo has been added, tap on it in the sources list and select ‘All Catagories’. In the list, you should see ‘App Admin’.

  4. Tap on App Admin, ‘Get’ then ‘Queue’ followed by ‘Confirm’ to install the tweak. Once installed, you will need to respring your device for it to start working.

  5. Open the App Store and navigate to the Santander Mobile Banking app page. Tap and hold on the ‘Get’ or ‘Open’ button to activate App Admin. When the menu appears, tap ‘Downgrade’.

  6. From the list of app versions shown, select ‘4.1.0’. There will be two with this version number and either of them will work. This will downgrade the app to version 4.1.0.

  7. Open Sileo/Cydia again and tap the ‘Search’ menu at the bottom.

  8. In the search box type ‘Filza File Manager’. Select the first option with a matching name and tap ‘Get’ to queue it for install.

  9. Tap the ‘Sources’ menu at the bottom, then at the top, tap ‘+’ to add a new repo. In the text box, type then tap ‘Add Source’.

  10. Once the repo has been added, tap on it in the sources list and select ‘All Catagories’. In the list, you should see ‘SanTanDick’.

  11. Tap on SanTanDick, ‘Get’ then ‘Queue’ followed by ‘Confirm’ to install the tweak and Filza File Manager. Once installed, you will need to respring your device for it to start working.

  12. Before the bypass tweak will start working, you need to edit a file in the Santander app. Open the new Filza app and press the back button until it shows ‘/’ at the top.

  13. Navigate to /var/containers/Bundle/Application/Santander/Santander.app. In here find the Info.plist file and tap on it.

  14. Tap the ‘Root’ line to expand it. Find the line called CFBundleShortVersionString and tap the ⓘ symbol.

  15. Change the number in the ‘Value’ text box to 999.999.999. Tap the back button then ‘Save’ to save the change. This change will allow the bypass tweak to work, and prevent updates from showing in the App Store.

  16. You should now be able to use the Santander Mobile Banking app on your jailbroken device!

MetroWank

Metro Bank is a fairly easy jailbreak detection to bypass, but it does require an app-specific tweak to do it.

  1. Open Sileo/Cydia on your jailbroken device and tap the ‘Sources’ menu at the bottom.

  2. Once the repo has been added, tap on it in the sources list and select ‘All Catagories’. In the list, you should see ‘MetroWank’.

  3. Tap on MetroWank, ‘Get’ then ‘Queue’ followed by ‘Confirm’ to install the tweak. Once installed, you will need to respring your device for it to start working.

  4. You should now be able to use the Metro Bank app on your jailbroken device!

At the top, tap ‘+’ to add a new repo. In the text box, type then tap ‘Add Source’.

👾
https://ryleyangus.com/rep
https://test.unlimapps.com
https://repo.sparkes.zone
https://repo.sparkes.zone