Android & iOS Cheatsheet

Post Date

Published on
Authors
Authors
Android & iOS Cheatsheet

TL;DR: We made this cheat sheet for an in-house training, looking to save time and make the job easier. After that, we decided to share it with the community. We know that Security on Mobile Applications is currently a priority and is rapidly evolving every day.

TL;DR2: Analyzing mobile applications can be a challenging task, so the Just Mobile Security team created this cheat sheet to help people who are getting into Mobile Security or simply need to keep all those commands and tools for pentesting Android or iOS applications in one place.

Why This Cheatsheet?

Mobile App Analysis is a complex job however with few tools and Commands you can make your process fast. This cheat sheet is meant to be your handy reference, with the most commonly used commands and bits for inspecting Android and iOS apps.

Here is the link for the GitHub repository https://github.com/justmobilesec/Android-iOS-Cheat-Sheet

We've organized this cheatsheet into several key sections to make it easy to find exactly what you need for Android and iOS or both of them:

  • Android
  • ADB Commands
  • Package Manager Commands
  • Keytool, Apksigner, and Zipalign
  • MOBSF Docker
  • Rooting Pixel Devices
  • Activity Manager
  • Jadx
  • Apktool
  • Unity Tools
  • Frida
  • Burp Certificate Installation (System)
  • Bundle Signing & Installing - Uber APK Signer + ADB PM
  • Nuclei
  • R2 (Radare2)

Cheatsheet (Android)

Android Cheatsheet

iOS

  • USB SSH TUNNEL
  • Jailbreak
  • File Transfer
  • Getting the binary & binary information
  • App Provisioning Profile
  • Ipa Installation
  • libimobiledevice
  • SSL Pinning
  • Additional Jailbreaks
  • Installing Frida
iOS Cheatsheet

Android & iOS Common Commands & Tools

  • Nuclei
  • R2 (Radare)
  • Frida
Android and iOS Cheatsheet

Multiple tools are needed to analyze Android and iOS apps. Each platform has its unique set of tools and commands that can simplify the analysis process

We also did a command summary as the following :)

Getting the binary information
Nuclei
Xamarin Apps - Apktool + pyxamstore + dnSpy + uber-apk-signer

We hope you see this post as a useful resource for your mobile app security analysis. Whether you're a beginner or an experienced professional, this cheat sheet offers a quick and comprehensive reference to streamline your analysis tasks. Additionally, if you want to send us your feedback, tell us and we can add any additional tip to this amazing cheat sheet!

Stay tuned on Just Mobile Security — Medium and Just Mobile Security — Blog

If this post was useful for you, share it!

Don't forget to follow us!

Just Mobile Security | LinkedIn

Juan Urbano Stordeur(@juanurss) / Twitter

Juan Urbano Stordeur Founder & CEO of Just Mobile Security

Juan Martinez Blanco Security Consultant of Just Mobile Security