iOS App Pentest Stories # 1 — Jailbreaking iPhone(iOS 15–16.6.1)

4 min readJul 24, 2024

بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ

Hola gente! Welcome to my new blog series on iOS application pentesting! As a seasoned penetration tester, I have noticed a lack of resources available specifically for iOS pentesting. Despite the growing popularity of iOS devices and applications, there is still a significant knowledge gap in the pentesting community regarding iOS security.

In this blog series, I aim to bridge this gap by sharing my experience and expertise in iOS application pentesting. I will provide practical tips, techniques, and tools to help you identify and exploit vulnerabilities in iOS applications.

iOS application pentesting can be a challenging task, especially for beginners. Unlike Android, iOS emulators are not readily available for free on the internet. While Cerellium offers both Android and iOS emulators, they come at a cost and may not be the most efficient option.

Therefore, a better approach for iOS application pentesting is to use a physical iPhone device. This allows for greater flexibility during testing and provides a more accurate representation of the application’s behavior in a real-world environment. Today, I am going to be rooting iPhone 8 with iOS version (16.6.1).

Jailbreaking is an easy process, and can be doable via both platforms (Win/MAC) but I will be using windows machine. There is some criteria with the iOS version and iPhone devices that is currently vulnerable via Dopamine with the approach I am using in this article.

Jailbreak Criteria

iOS 15.0, iOS 15.0.1, iOS 15.0.2, iOS 15.1, iOS 15.1.1, iOS 15.2, 
iOS 15.2.1, iOS 15.3, iOS 15.3.1, iOS 15.4, iOS 15.4.1, 16.5.1, 16.6.1

iPhone 12, iPhone 12 Mini, iPhone 12 Pro, iPhone 12 Pro Max, 
iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone XS, iPhone XS Max, 
iPhone X, iPhone XR, iPhone 8, iPhone 8 Plus, iPhone 7, iPhone 7 Plus, 
iPhone 6S, iPhone 6S Plus, iPhone SE

Prerequisites

3utools is an all-in-one data management tool for Windows users with Apple devices.
Sideloadly allows you to install IPA files on your iPhone or iPad using Apple Developer account. The process involves sideloading the app onto your iOS device, ensuring it’s properly signed and ready for use.
Dopamine is used for jailbreaking the iPhone.

Just to make sure, itunes driver would be needed in windows, 3utools needs to be properly installed with all the relevant drivers installed.

Procedure

Make sure software & beta update option should be switched off.

Sideloadly

Download the sideloadly exe from the source.
Make sure 3utools is proper installed and then go for sideloadly installation.

GUI looks like this

3. Connect iphone and make sure the PC is trusted.

4. Download the ipa from this source.

5. Upload this ipa on sideloadly and enter your Apple developer ID.

6. Click on Start

Some checks then will be followed that includes trust profile source and authentication.

7. Make sure the iphone device has an active internet connection, either WiFi or Cellular.

8. Open Settings -> General -> Device Management -> Your e-mail and tap Trust (email).

9. Dopamine is installed.

Dopamine Jailbreaking

Open Dopamine application, its GUI looks like this

The current check says device is not jailbroken, proceed with the jailbreak process by pressing the button. For selecting the package downloader, I would recommend to go with sileo.

Just to make sure, exploit might not work the first time. So reboot the phone if the exploit crashes

And this way kernel exploitation process proceed, just wait for a minute and two. If the process is successful, you will be provided with the screen to setup the password,