# Static Analysis

## Reviewing the IPA Folders and supporting files

At this point, you should have a decrypted IPA file. If you do not, please read [ipa-decryption](https://wiki.pentestlist.com/offensive-security/mobile-ios-android/ios/ipa-decryption "mention").

Change the IPA file into a .zip by renaming it something.zip and open the archive.&#x20;

In this archive, is the IPA binary and all of the supporting files and folders that we can review for issues.&#x20;

* **App Binary**
  * A binary will be present which is the compiled application. Take a look at this later as there are many things to be done with the actual application and we're interested in what surrounds it.
* **"Frameworks" Folder**
  * This folder may contains external frameworks that are implemented within the application. For example, frameworks for Jailbreak detection, SSL pinning and more.
* **example-certificate.der**
  * There may be a .der file (CA Certificate) that is used for certificate pinning
* **Info.plist**
  * This contains critical information about the configuration of an iOS mobile app
* **Other files**
  * A wide range of files may exist in the archive. Review them all one by one for possible issues.

## Reviewing the app binary

* A quick first thing to try is running "strings" on the binary to find any human readable values
  * On a mac, use the command `strings <app>`
* To  really understand the IPA and what it's doing, you must disassemble the IPA&#x20;
  * You could use [Hopper (hopperapp.com)](https://www.hopperapp.com/)

#### MobSF

MobSF is useful tool to use for IPA analysis and provides a graphical overview of many areas:

* <https://github.com/MobSF/Mobile-Security-Framework-MobSF>

`docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest`