# Static Analysis

## Reviewing the IPA Folders and supporting files

At this point, you should have a decrypted IPA file. If you do not, please read [IPA Decryption](/offensive-security/mobile-ios-android/ios/ipa-decryption.md).

Change the IPA file into a .zip by renaming it something.zip and open the archive.&#x20;

In this archive, is the IPA binary and all of the supporting files and folders that we can review for issues.&#x20;

* **App Binary**
  * A binary will be present which is the compiled application. Take a look at this later as there are many things to be done with the actual application and we're interested in what surrounds it.
* **"Frameworks" Folder**
  * This folder may contains external frameworks that are implemented within the application. For example, frameworks for Jailbreak detection, SSL pinning and more.
* **example-certificate.der**
  * There may be a .der file (CA Certificate) that is used for certificate pinning
* **Info.plist**
  * This contains critical information about the configuration of an iOS mobile app
* **Other files**
  * A wide range of files may exist in the archive. Review them all one by one for possible issues.

## Reviewing the app binary

* A quick first thing to try is running "strings" on the binary to find any human readable values
  * On a mac, use the command `strings <app>`
* To  really understand the IPA and what it's doing, you must disassemble the IPA&#x20;
  * You could use [Hopper (hopperapp.com)](https://www.hopperapp.com/)

#### MobSF

MobSF is useful tool to use for IPA analysis and provides a graphical overview of many areas:

* <https://github.com/MobSF/Mobile-Security-Framework-MobSF>

`docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.pentestlist.com/offensive-security/mobile-ios-android/ios/static-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.