Newsletter # 19 - Resigning iOS apps from an IPA for mobile security research Feb 9 2020

Hello,

Welcome to issue #19, I hope you had a good start of the month.

As you might have noticed by my latest posts, I've been exploring the exciting field of cybersecurity. I've always enjoyed understanding the base components of what makes our cyber "life" work. Understanding the base components also ties up nicely with infoSec. So this week I wanted to share with you a couple of links related to cybersecurity. I believe that being aware of security makes us better developers and cyber-citizens.

Interested in mobile security, you might want to begin with OWASP Mobile Security Testing Guide
If you're going to start with web-related security, check the videos on Hacker 101 and Bugcrowd University.
If you are interested in reverse engineering and more low-level content, check the Open security training content.

There are many resources, but I believe these links should give you enough information to get you started. I hope you find them useful. Let me know what you are working on, and if you have any mobile security resources, send them my way. I'm always looking for good resources.

I also wanted to share with you two podcasts episodes that I enjoyed this week:

You are not so smart - Team Human - About the "Dystopian" feature we are building with the algorithms. I can't entirely agree with Douglas Rushkoff on every point, but I believe it is important to expose yourself to opinions different than the ones you currently hold.
The history of computing - The evolution of the microchip - As the title says. I enjoy short explanations that give me a general idea of how things work so I can then choose to dive deeper into the details if I want to. I think you'll enjoy it too.

This week's post is related to the OWASP mobile security guide. I found myself playing with iGoat-Swift. The iGoat app is an iOS app that security researchers and enthusiasts can use to learn more about mobile security. It was also a good opportunity to review the process for resigning an iOS app. I documented how to do the resigning and explained the process using iGoat-Swift so you can follow along. If you are interested, here is the link to this week's post:

https://rderik.com/blog/resigning-ios-apps-from-an-ipa-for-mobile-security-research/

Alright, that's it for this week. I hope you have a beautiful day. If you find my content interesting, please go ahead a share it with someone that might find it useful.

Thanks for reading. Until next time,

Derik

Tip of the week - using bash default values

Have you ever wanted to have default values for some of your script's arguments.?

This is a common occurrence. Usually, we would use if statements to validate the presence of the arguments and assign a default value if the argument is empty. But we can also make use of the following technique.

We can define a default value for the bash default positional parameters. Positional parameters come in variables $1 (first argument), $2 (second), $3 (third), etcetera.

For example, if we would like to set a variable with the first argument as the value or a default value of default.txt we could use the following command:

1
2
3
#!/usr/bin/env bash
file=${1:-"default.txt"}
echo $file

Note that the expression includes a - after the colon :. What to do if you would like to stop the script execution if the argument is not present? You could use ? instead of - after the colon.

1
2
3
#!/usr/bin/env bash
file=${1:?"This script requires a filename as the first argument"}
echo "Using file: ${file}"

If you run the second script without any argument you'll get something like:

1
2
$ ./test.sh                                                   
#./test.sh: line 2: 1: This script requires a filename as the first argument

Useful stuff.

** If you want to check what else I'm currently doing, be sure to follow me on twitter @rderik or subscribe to the newsletter. If you want to send me a direct message, you can send it to derik@rderik.com.