DVIA v2 app offers an iOS test penetration platform.
DVIA v2, created by Prateek Gianchandani, is a useful tool for ethical hackers, students, and jailbreak tweak developers. This programme serves as a legal infiltration platform, with a wealth of iOS security options to explore. Whether you’re looking for a way to avoid jailbreak detection, gain access to sensitive information in memory, or learn about phishing techniques, DVIA v2 has it all.
DVIA v2 was released as an IPA package that can be sideloaded onto your device using any IPA installer, including Sideloadly, AltStore, Bullfrog Assistant, Esign, and others. The most recent version was rewritten in Swift, while prior versions of DIVA IPA are still available for download.
DVIA v2 (Damn Vulnerable iOS App) is the most recent iteration of a frequently used application. Its primary goal is to provide mobile security enthusiasts, pros, and students with a forum to practise their iOS penetration testing abilities in a legal setting. DVIA was launched as an open-source project written primarily in Swift.
It has 15 vulnerabilities that can be exploited using an experiment like Frida, which allows you to inject your scripts into black box processes, hook any function, spy on encryption APIs, or trace private application code, alter it, and see the effects immediately. To change the executable, utilise an interactive decompiler, disassembler, or binary analysis platform.
DVIA v2 includes Local Data Storage, which allows you to investigate how the application handles and secures locally stored data, as well as assess device-related data storage risks. There are several Jailbreak Detection methods. Investigating the mechanisms in place to detect jailbroken devices and identifying potential ways to avoid or circumvent such detection.
This app can also be used to evaluate the permissions granted to the application, identify instances where excessive privileges may pose security risks, analyse how the application behaves during runtime, and investigate potential vulnerabilities that could be exploited using runtime manipulation techniques. DVIA v2 supports iOS 11 through 17.
DVIA v2 has anti-hooking/debugging and binary protection layers. Evaluating the efficacy of measures put in place to prevent or detect hooking and debugging attempts, as well as investigating techniques to get beyond these safeguards. Examining how the app’s binary code is safeguarded from reverse engineering and unauthorised access.
Other security features include protection against authorization bypass. Investigating biometric authentication security systems and identifying potential weaknesses that could allow users to bypass Touch ID or Face ID. Phishing: Determine the app’s susceptibility to phishing assaults, in which attackers attempt to divulge sensitive information.
Side Channel Data Leakage: Identifying and fixing potential vulnerabilities in side channels that may unintentionally leak sensitive data. IPC Issues: Analysing Inter-Process Communication (IPC) issues and determining potential security concerns linked with communication between processes.
Broken Cryptography: Testing the cryptographic protocols and implementations used by the application to ensure they are secure and not vulnerable to exploitation. Webview Issues: Inspecting the security of the application’s webview components and finding potential vulnerabilities caused by the integration of web content.
Network Layer Security: Evaluating the security measures in place at the network layer to protect data transported over networks, such as encryption and secure communication protocols. Application patching is the process of examining an application’s resistance to unauthorised modification or patching in order to ensure the integrity of its code.
Finally, DVIA v2 has a module that stores sensitive information in memory. Identifying and fixing potential vulnerabilities in the device’s memory that affect the processing of sensitive information, hence preventing unauthorised access or leaking.
Original post: By Androo Smith Rejailbreak Blog