GitBook: [master] 36 pages modified

SUMMARY.md

@@ -140,6 +140,23 @@
   * [Smali - Decompiling/\[Modifying\]/Compiling](mobile-apps-pentesting/android-app-pentesting/smali-changes.md)
   * [Spoofing your location in Play Store](mobile-apps-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md)
   * [Webview Attacks](mobile-apps-pentesting/android-app-pentesting/webview-attacks.md)
+* [iOS Pentesting Checklist](mobile-apps-pentesting/ios-pentesting-checklist.md)
+* [iOS Pentesting](mobile-apps-pentesting/ios-pentesting/README.md)
+  * [Basic iOS Testing Operations](mobile-apps-pentesting/ios-pentesting/basic-ios-testing-operations.md)
+  * [Burp Suite Configuration for iOS](mobile-apps-pentesting/ios-pentesting/burp-configuration-for-ios.md)
+  * [Extracting Entitlements From Compiled Application](mobile-apps-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md)
+  * [Frida Configuration in iOS](mobile-apps-pentesting/ios-pentesting/frida-configuration-in-ios.md)
+  * [iOS App Extensions](mobile-apps-pentesting/ios-pentesting/ios-app-extensions.md)
+  * [iOS Basics](mobile-apps-pentesting/ios-pentesting/ios-basics.md)
+  * [iOS Custom URI Handlers / Deeplinks / Custom Schemes](mobile-apps-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md)
+  * [iOS Hooking With Objection](mobile-apps-pentesting/ios-pentesting/ios-hooking-with-objection.md)
+  * [iOS Protocol Handlers](mobile-apps-pentesting/ios-pentesting/ios-protocol-handlers.md)
+  * [iOS Serialisation and Encoding](mobile-apps-pentesting/ios-pentesting/ios-serialisation-and-encoding.md)
+  * [iOS Testing Environment](mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md)
+  * [iOS UIActivity Sharing](mobile-apps-pentesting/ios-pentesting/ios-uiactivity-sharing.md)
+  * [iOS Universal Links](mobile-apps-pentesting/ios-pentesting/ios-universal-links.md)
+  * [iOS UIPasteboard](mobile-apps-pentesting/ios-pentesting/ios-uipasteboard.md)
+  * [iOS WebViews](mobile-apps-pentesting/ios-pentesting/ios-webviews.md)
 
 ## Pentesting
 
@@ -506,21 +523,4 @@
 * [1911 - Pentesting fox](1911-pentesting-fox.md)
 * [Online Platforms with API](online-platforms-with-api.md)
 * [Stealing Sensitive Information Disclosure from a Web](stealing-sensitive-information-disclosure-from-a-web.md)
-* [iOS Pentesting](ios-pentesting/README.md)
-  * [Basic iOS Testing Operations](ios-pentesting/basic-ios-testing-operations.md)
-  * [Burp Suite Configuration for iOS](ios-pentesting/burp-configuration-for-ios.md)
-  * [Extracting Entitlements From Compiled Application](ios-pentesting/extracting-entitlements-from-compiled-application.md)
-  * [Frida Configuration in iOS](ios-pentesting/frida-configuration-in-ios.md)
-  * [iOS App Extensions](ios-pentesting/ios-app-extensions.md)
-  * [iOS Basics](ios-pentesting/ios-basics.md)
-  * [iOS Custom URI Handlers / Deeplinks / Custom Schemes](ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md)
-  * [iOS Hooking With Objection](ios-pentesting/ios-hooking-with-objection.md)
-  * [iOS Pentesting Checklist](ios-pentesting/ios-pentesting-checklist.md)
-  * [iOS Protocol Handlers](ios-pentesting/ios-protocol-handlers.md)
-  * [iOS Serialisation and Encoding](ios-pentesting/ios-serialisation-and-encoding.md)
-  * [iOS Testing Environment](ios-pentesting/ios-testing-environment.md)
-  * [iOS UIActivity Sharing](ios-pentesting/ios-uiactivity-sharing.md)
-  * [iOS Universal Links](ios-pentesting/ios-universal-links.md)
-  * [iOS UIPasteboard](ios-pentesting/ios-uipasteboard.md)
-  * [iOS WebViews](ios-pentesting/ios-webviews.md)
 

ios-pentesting/ios-pentesting-checklist.md

@@ -1,90 +0,0 @@
-# iOS Pentesting Checklist
-
-### Preparation
-
-* [ ] Read [**iOS Basics**](ios-basics.md)\*\*\*\*
-* [ ] Prepare your environment reading ****[**iOS Testing Environment**](ios-testing-environment.md)\*\*\*\*
-* [ ] Read all the sections of ****[**iOS Initial Analysis**](./#initial-analysis) ****to learn common actions to pentest an iOS application
-
-### Data Storage
-
-* [ ] [**Plist files**](./#plist) can be used to store sensitive information.
-* [ ] \*\*\*\*[**Core Data**](./#core-data) \(SQLite database\) can store sensitive information.
-* [ ] \*\*\*\*[**YapDatabases**](./#yapdatabase) \(SQLite database\) can store sensitive information.
-* [ ] \*\*\*\*[**Firebase**](./#firebase-real-time-databases) miss-configuration.
-* [ ] \*\*\*\*[**Realm databases**](./#realm-databases) can store sensitive information.
-* [ ] \*\*\*\*[**Couchbase Lite databases**](./#couchbase-lite-databases) can store sensitive information.
-* [ ] \*\*\*\*[**Binary cookies**](./#cookies) can store sensitive information
-* [ ] \*\*\*\*[**Cache data**](./#cache) can store sensitive information
-* [ ] \*\*\*\*[**Automatic snapshots**](./#snapshots) can save visual sensitive information
-* [ ] \*\*\*\*[**Keychain**](./#keychain) is usually used to store sensitive information that can be left when reselling the phone.
-* [ ] In summary, just **check for sensitive information saved by the application in the filesystem**
-
-### Keyboards
-
-* [ ] Does the application [**allow to use custom keyboards**](./#custom-keyboards-keyboard-cache)?
-* [ ] Check if sensitive information is saved in the [**keyboards cache files**](./#custom-keyboards-keyboard-cache)\*\*\*\*
-
-### **Logs**
-
-* [ ] Check if [**sensitive information is being logged**](./#logs)\*\*\*\*
-
-### Backups
-
-* [ ] \*\*\*\*[**Backups**](./#backups) can be used to **access the sensitive information** saved in the file system \(check the initial point of this checklist\)
-* [ ] Also, [**backups**](./#backups) can be used to **modify some configurations of the application**, then **restore** the backup on the phone, and the as the **modified configuration** is **loaded** some \(security\) **functionality** may be **bypassed**
-
-### **Applications Memory**
-
-* [ ] Check for sensitive information inside the [**application's memory**](./#testing-memory-for-sensitive-data)\*\*\*\*
-
-### **Broken Cryptography**
-
-* [ ] Check if yo can find [**passwords used for cryptography**](./#broken-cryptography)\*\*\*\*
-* [ ] Check for the use of [**deprecated/weak algorithms**](./#broken-cryptography) to send/store sensitive data
-* [ ] \*\*\*\*[**Hook and monitor cryptography functions**](./#broken-cryptography)\*\*\*\*
-
-### **Local Authentication**
-
-* [ ] If a [**local authentication**](./#local-authentication) is used in the application, you should check how the authentication is working.
-  * [ ] If it's using the [**Local Authentication Framework**](./#local-authentication-framework) it could be easily bypassed
-  * [ ] If it's using a [**function that can dynamically bypassed**](./#local-authentication-using-keychain) you could create a custom frida script
-
-### Sensitive Functionality Exposure Through IPC
-
-* \*\*\*\*[**Custom URI Handlers / Deeplinks / Custom Schemes**](./#custom-uri-handlers-deeplinks-custom-schemes)\*\*\*\*
-  * [ ] Check if the application is **registering any protocol/scheme**
-  * [ ] Check if the application is **registering to use** any protocol/scheme
-  * [ ] Check if the application **expects to receive any kind of sensitive information** from the custom scheme that can be **intercepted** by the another application registering the same scheme
-  * [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
-  * [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
-* \*\*\*\*[**Universal Links**](./#universal-links)\*\*\*\*
-  * [ ] Check if the application is **registering any universal protocol/scheme**
-  * [ ] Check the **`apple-app-site-association`** file
-  * [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
-  * [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
-* \*\*\*\*[**UIActivity Sharing**](ios-uiactivity-sharing.md)\*\*\*\*
-  * [ ] Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
-* \*\*\*\*[**UIPasteboard**](ios-uipasteboard.md)\*\*\*\*
-  * [ ] Check if the application if **copying anything to the general pasteboard**
-  * [ ] Check if the application if **using the data from the general pasteboard for anything**
-  * [ ] Monitor the pasteboard to see if any **sensitive data is copied**
-* \*\*\*\*[**App Extensions**](ios-app-extensions.md)\*\*\*\*
-  * [ ] Is the application **using any extension**?
-* [**WebViews**](ios-webviews.md)\*\*\*\*
-  * [ ] Check which kind of webviews are being used
-  * [ ] Check the status of **`javaScriptEnabled`**, **`JavaScriptCanOpenWindowsAutomatically`**, **`hasOnlySecureContent`**
-  * [ ] Check if the webview can **access local files** with the protocol **file://** **\(**`allowFileAccessFromFileURLs`, `allowUniversalAccessFromFileURLs`\)
-  * [ ] Check if Javascript can access **Native** **methods** \(`JSContext`, `postMessage`\)
-
-### Network Communication
-
-* [ ] Perform a [**MitM to the communication**](./#network-communication) and search for web vulnerabilities.
-* [ ] Check if the [**hostname of the certificate**](./#hostname-check) is checked
-* [ ] Check/Bypass [**Certificate Pinning**](./#certificate-pinning)\*\*\*\*
-
-### **Misc**
-
-* [ ] Check for [**automatic patching/updating**](./#hot-patching-enforced-updateing) mechanisms
-* [ ] Check for [**malicious third party libraries**](./#third-parties)\*\*\*\*
-

mobile-apps-pentesting/android-checklist.md

@@ -1,5 +1,9 @@
 # Android APK Checklist
 
+If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, ****join the [💬](https://emojipedia.org/speech-balloon/) ****[**PEASS & HackTricks telegram group here**](https://t.me/peass), or **follow me on Twitter** [🐦](https://emojipedia.org/bird/)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**  
+If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
+Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
+
 ### [Learn Android fundamentals](android-app-pentesting/#2-android-application-fundamentals)
 
 * [ ] [Basics](android-app-pentesting/#fundamentals-review)

mobile-apps-pentesting/ios-pentesting-checklist.md

@@ -0,0 +1,94 @@
+# iOS Pentesting Checklist
+
+If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, ****join the [💬](https://emojipedia.org/speech-balloon/) ****[**PEASS & HackTricks telegram group here**](https://t.me/peass), or **follow me on Twitter** [🐦](https://emojipedia.org/bird/)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**  
+If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
+Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
+
+### Preparation
+
+* [ ] Read [**iOS Basics**](ios-pentesting/ios-basics.md)\*\*\*\*
+* [ ] Prepare your environment reading ****[**iOS Testing Environment**](ios-pentesting/ios-testing-environment.md)\*\*\*\*
+* [ ] Read all the sections of ****[**iOS Initial Analysis**](ios-pentesting/#initial-analysis) ****to learn common actions to pentest an iOS application
+
+### Data Storage
+
+* [ ] [**Plist files**](ios-pentesting/#plist) can be used to store sensitive information.
+* [ ] \*\*\*\*[**Core Data**](ios-pentesting/#core-data) \(SQLite database\) can store sensitive information.
+* [ ] \*\*\*\*[**YapDatabases**](ios-pentesting/#yapdatabase) \(SQLite database\) can store sensitive information.
+* [ ] \*\*\*\*[**Firebase**](ios-pentesting/#firebase-real-time-databases) miss-configuration.
+* [ ] \*\*\*\*[**Realm databases**](ios-pentesting/#realm-databases) can store sensitive information.
+* [ ] \*\*\*\*[**Couchbase Lite databases**](ios-pentesting/#couchbase-lite-databases) can store sensitive information.
+* [ ] \*\*\*\*[**Binary cookies**](ios-pentesting/#cookies) can store sensitive information
+* [ ] \*\*\*\*[**Cache data**](ios-pentesting/#cache) can store sensitive information
+* [ ] \*\*\*\*[**Automatic snapshots**](ios-pentesting/#snapshots) can save visual sensitive information
+* [ ] \*\*\*\*[**Keychain**](ios-pentesting/#keychain) is usually used to store sensitive information that can be left when reselling the phone.
+* [ ] In summary, just **check for sensitive information saved by the application in the filesystem**
+
+### Keyboards
+
+* [ ] Does the application [**allow to use custom keyboards**](ios-pentesting/#custom-keyboards-keyboard-cache)?
+* [ ] Check if sensitive information is saved in the [**keyboards cache files**](ios-pentesting/#custom-keyboards-keyboard-cache)\*\*\*\*
+
+### **Logs**
+
+* [ ] Check if [**sensitive information is being logged**](ios-pentesting/#logs)\*\*\*\*
+
+### Backups
+
+* [ ] \*\*\*\*[**Backups**](ios-pentesting/#backups) can be used to **access the sensitive information** saved in the file system \(check the initial point of this checklist\)
+* [ ] Also, [**backups**](ios-pentesting/#backups) can be used to **modify some configurations of the application**, then **restore** the backup on the phone, and the as the **modified configuration** is **loaded** some \(security\) **functionality** may be **bypassed**
+
+### **Applications Memory**
+
+* [ ] Check for sensitive information inside the [**application's memory**](ios-pentesting/#testing-memory-for-sensitive-data)\*\*\*\*
+
+### **Broken Cryptography**
+
+* [ ] Check if yo can find [**passwords used for cryptography**](ios-pentesting/#broken-cryptography)\*\*\*\*
+* [ ] Check for the use of [**deprecated/weak algorithms**](ios-pentesting/#broken-cryptography) to send/store sensitive data
+* [ ] \*\*\*\*[**Hook and monitor cryptography functions**](ios-pentesting/#broken-cryptography)\*\*\*\*
+
+### **Local Authentication**
+
+* [ ] If a [**local authentication**](ios-pentesting/#local-authentication) is used in the application, you should check how the authentication is working.
+  * [ ] If it's using the [**Local Authentication Framework**](ios-pentesting/#local-authentication-framework) it could be easily bypassed
+  * [ ] If it's using a [**function that can dynamically bypassed**](ios-pentesting/#local-authentication-using-keychain) you could create a custom frida script
+
+### Sensitive Functionality Exposure Through IPC
+
+* \*\*\*\*[**Custom URI Handlers / Deeplinks / Custom Schemes**](ios-pentesting/#custom-uri-handlers-deeplinks-custom-schemes)\*\*\*\*
+  * [ ] Check if the application is **registering any protocol/scheme**
+  * [ ] Check if the application is **registering to use** any protocol/scheme
+  * [ ] Check if the application **expects to receive any kind of sensitive information** from the custom scheme that can be **intercepted** by the another application registering the same scheme
+  * [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
+  * [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
+* \*\*\*\*[**Universal Links**](ios-pentesting/#universal-links)\*\*\*\*
+  * [ ] Check if the application is **registering any universal protocol/scheme**
+  * [ ] Check the **`apple-app-site-association`** file
+  * [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
+  * [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
+* \*\*\*\*[**UIActivity Sharing**](ios-pentesting/ios-uiactivity-sharing.md)\*\*\*\*
+  * [ ] Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
+* \*\*\*\*[**UIPasteboard**](ios-pentesting/ios-uipasteboard.md)\*\*\*\*
+  * [ ] Check if the application if **copying anything to the general pasteboard**
+  * [ ] Check if the application if **using the data from the general pasteboard for anything**
+  * [ ] Monitor the pasteboard to see if any **sensitive data is copied**
+* \*\*\*\*[**App Extensions**](ios-pentesting/ios-app-extensions.md)\*\*\*\*
+  * [ ] Is the application **using any extension**?
+* [**WebViews**](ios-pentesting/ios-webviews.md)\*\*\*\*
+  * [ ] Check which kind of webviews are being used
+  * [ ] Check the status of **`javaScriptEnabled`**, **`JavaScriptCanOpenWindowsAutomatically`**, **`hasOnlySecureContent`**
+  * [ ] Check if the webview can **access local files** with the protocol **file://** **\(**`allowFileAccessFromFileURLs`, `allowUniversalAccessFromFileURLs`\)
+  * [ ] Check if Javascript can access **Native** **methods** \(`JSContext`, `postMessage`\)
+
+### Network Communication
+
+* [ ] Perform a [**MitM to the communication**](ios-pentesting/#network-communication) and search for web vulnerabilities.
+* [ ] Check if the [**hostname of the certificate**](ios-pentesting/#hostname-check) is checked
+* [ ] Check/Bypass [**Certificate Pinning**](ios-pentesting/#certificate-pinning)\*\*\*\*
+
+### **Misc**
+
+* [ ] Check for [**automatic patching/updating**](ios-pentesting/#hot-patching-enforced-updateing) mechanisms
+* [ ] Check for [**malicious third party libraries**](ios-pentesting/#third-parties)\*\*\*\*
+

mobile-apps-pentesting/ios-pentesting/README.md

@@ -371,7 +371,7 @@ It can be leveraged by application developers to s**tore and sync data with a No
 
 You can find how to check for misconfigured Firebase databases here:
 
-{% page-ref page="../pentesting/pentesting-web/buckets/firebase-database.md" %}
+{% page-ref page="../../pentesting/pentesting-web/buckets/firebase-database.md" %}
 
 ### Realm databases
 
@@ -593,7 +593,7 @@ Many apps log informative \(and potentially sensitive\) messages to the console
 5. Reproduce the problem.
 6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window.
 
-![](../.gitbook/assets/image%20%28466%29.png)
+![](../../.gitbook/assets/image%20%28466%29.png)
 
 You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command:
 

mobile-apps-pentesting/ios-pentesting/basic-ios-testing-operations.md

@@ -8,7 +8,7 @@ Perform this actions having **connected** the device to the computer via **USB**
 
 The UDID is a 40-digit unique sequence of letters and numbers to identify an iOS device. You can find the UDID of your iOS device on macOS Catalina onwards in the **Finder app**, as iTunes is not available anymore in Catalina. Just select the connected iOS device in Finder and **click on the information under the name of the iOS** device to iterate through it. Besides the UDID, you can find the serial number, IMEI and other useful information.
 
-![](../.gitbook/assets/image%20%28468%29.png)
+![](../../.gitbook/assets/image%20%28468%29.png)
 
 If you are using a macOS version before Catalina, you can find the [UDID of your iOS device via iTunes](http://www.iclarified.com/52179/how-to-find-your-iphones-udid), by selecting your device and clicking on "Serial Number" in the summary tab. When clicking on this you will iterate through different metadata of the iOS device including its UDID.
 
@@ -277,7 +277,7 @@ dd bs=1 seek=<starting_address> conv=notrunc if=dump.bin of=Original_App
 There is one more step to complete. The application is still **indicating** in its metadata that it's **encrypted**, but it **isn't**. Then, when executed, the device will try to decrypt the already decrypted section and it's going to fail.  
 However, you can use tools like [**MachOView**](https://sourceforge.net/projects/machoview/) to change this info. Just open the binary and set the **cryptid** to 0:
 
-![](../.gitbook/assets/image%20%28458%29.png)
+![](../../.gitbook/assets/image%20%28458%29.png)
 
 ### Decryption \(Automatically\)
 

mobile-apps-pentesting/ios-pentesting/burp-configuration-for-ios.md

@@ -64,7 +64,7 @@ Starting device <UDID> [SUCCEEDED] with interface rvi0
 ip.addr == 192.168.1.1 && http
 ```
 
-![](../.gitbook/assets/image%20%28473%29.png)
+![](../../.gitbook/assets/image%20%28473%29.png)
 
 The documentation of Wireshark offers many examples for [Capture Filters](https://wiki.wireshark.org/CaptureFilters) that should help you to filter the traffic to get the information you want.
 
@@ -74,13 +74,13 @@ The documentation of Wireshark offers many examples for [Capture Filters](https:
 
 In _Proxy_ --&gt; _Options_ --&gt; _Export CA certificate_ --&gt; _Certificate in DER format_
 
-![](../.gitbook/assets/image%20%28457%29.png)
+![](../../.gitbook/assets/image%20%28457%29.png)
 
 * **Drag and Drop** the certificate inside the Emulator
 * **Inside the emulator** go to _Settings_ --&gt; _General_ --&gt; _Profile_ --&gt; _PortSwigger CA_, and **verify the certificate**
 * **Inside the emulator** go to _Settings_ --&gt; _General_ --&gt; _About_ --&gt; _Certificate Trust Settings_, and **enable PortSwigger CA**
 
-![](../.gitbook/assets/image%20%28461%29.png)
+![](../../.gitbook/assets/image%20%28461%29.png)
 
 **Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator**
 
@@ -96,7 +96,7 @@ Steps to configure Burp as proxy:
 * In _Proxies_ tab mark _Web Proxy \(HTTP\)_ and _Secure Web Proxy \(HTTPS\)_
 * In both options configure _127.0.0.1:8080_
 
-![](../.gitbook/assets/image%20%28462%29.png)
+![](../../.gitbook/assets/image%20%28462%29.png)
 
 * Click on _**Ok**_ and the in _**Apply**_
 

mobile-apps-pentesting/ios-pentesting/ios-app-extensions.md

@@ -32,7 +32,7 @@ From the security point of view it is important to note that:
 
 If you have the original source code you can search for all occurrences of `NSExtensionPointIdentifier` with Xcode \(cmd+shift+f\) or take a look into "Build Phases / Embed App extensions":
 
-![](../.gitbook/assets/image%20%28505%29.png)
+![](../../.gitbook/assets/image%20%28505%29.png)
 
 There you can find the names of all embedded app extensions followed by `.appex`, now you can navigate to the individual app extensions in the project.
 
@@ -117,7 +117,7 @@ For this we should hook `NSExtensionContext - inputItems` in the data originatin
 
 Following the previous example of Telegram we will now use the "Share" button on a text file \(that was received from a chat\) to create a note in the Notes app with it:
 
-![](../.gitbook/assets/image%20%28506%29.png)
+![](../../.gitbook/assets/image%20%28506%29.png)
 
 If we run a trace, we'd see the following output:
 

mobile-apps-pentesting/ios-pentesting/ios-basics.md

@@ -16,7 +16,7 @@ App developers can leverage the iOS _Data Protection_ APIs to implement **fine-g
 
 When a **file is created** on the disk, a new **256-bit AES key is generated** with the help of secure enclave's hardware based random number generator. The **content of the file is then encrypted with the generated key**. And then, this **key is saved encrypted with a class key** along with **the class ID,** with **both data encrypted by the system's key,** inside the **metadata** of the file.
 
-![](../.gitbook/assets/image%20%28474%29.png)
+![](../../.gitbook/assets/image%20%28474%29.png)
 
 For decrypting the file, the **metadata is decrypted using the system's key**. Then u**sing the class ID** the **class key is retrieved** **to decrypt the per-file key and decrypt the file.**
 

mobile-apps-pentesting/ios-pentesting/ios-serialisation-and-encoding.md

@@ -143,7 +143,7 @@ When not using third party libraries, but Apple's `XMLParser`, be sure to let `s
 
 {% hint style="danger" %}
 All these ways of serialising/encoding data can be **used to store data in the file system**. In those scenarios, check if the stored data contains any kind of **sensitive information**.  
-Moreover, in some cases you may be able to **abuse some serialised** data \(capturing it via MitM or modifying it inside the filesystem\) deserializing arbitrary data and **making the application perform unexpected actions** \(see [Deserialization page](../pentesting-web/deserialization/)\). In these cases, it's recommended to send/save the serialised data encrypted and signed.
+Moreover, in some cases you may be able to **abuse some serialised** data \(capturing it via MitM or modifying it inside the filesystem\) deserializing arbitrary data and **making the application perform unexpected actions** \(see [Deserialization page](../../pentesting-web/deserialization/)\). In these cases, it's recommended to send/save the serialised data encrypted and signed.
 {% endhint %}
 
 ### References

mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md

@@ -32,9 +32,9 @@ The simulator files can be found in `/Users/<username>/Library/Developer/CoreSim
 To open the simulator, run Xcode, then press in the _Xcode tab_ --&gt; _Open Developer tools_ --&gt; _Simulator_  
 In the following image clicking in "iPod touch \[...\]" you can select other device to test in:
 
-![](../.gitbook/assets/image%20%28459%29.png)
+![](../../.gitbook/assets/image%20%28459%29.png)
 
-![](../.gitbook/assets/image%20%28460%29.png)
+![](../../.gitbook/assets/image%20%28460%29.png)
 
 ### Applications in the Simulator