Reverse Engineering ipa file

Uncpack

unzip app.ipa

Search for files

list all extension

find . -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u

list all files by extension

find . -name '*.plist' 2>/dev/null
find . -name '*.mom' 2>/dev/null
find . -name '*.xml' 2>/dev/null
find . -name '*.json' 2>/dev/null
find . -name '*.txt' 2>/dev/null
find . -name '*.db' 2>/dev/null
find . -name '*sql*' 2>/dev/null
find . -name '*back*' 2>/dev/null
find . -name '*bak*' 2>/dev/null

Get strings

strings appProd
srch_strings -a appProd

Open .plist / .mom files

plistutil

apt-get install libplist-utils
plistutil -i Config.plist
plistutil -i Config.mom

Static code analysis

mobsf

docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest