About

Currently, there are 2 versions of DVIA

a) DVIA-v2 written in Swift 4 (April, 2018)https://github.com/prateek147/DVIA-v2
Download IPA
b) DVIA written in Objective-C (November, 2016)https://github.com/prateek147/DVIA
Download IPA

Vulnerabilities and Challenges Include

  • Local Data Storage
  • Jailbreak Detection
  • Excessive Permissions
  • Runtime Manipulation
  • Anti Anti Hooking/Debugging
  • Binary Protection
  • Touch/Face ID Bypass
  • Phishing
  • Side Channel Data Leakage
  • IPC Issues
  • Broken Cryptography
  • Webview Issues
  • Network Layer Security
  • Application Patching
  • Sensitive Information in Memory
  • Data Leakage to Third parties

All these vulnerabilities have been tested up to iOS 11.

Get Started

Here is a tutorial on how to get started with Damn Vulnerable iOS App.

Learn

I have written a blog series on iOS Application Security. The complete list of tutorials can be found below

 

 

Solutions

Currently, the solutions are only available for the Objective-C version of the app which can be downloaded from here.

Downloads

Swift Version (April, 2018) – Download the IPA file from here here
Github – Here
Make sure to read this for instructions on how to install the app on any device (jailbroken or not jailbroken), and how to compile the app with Xcode.

This version will only work on iOS 10 or later devices, older versions of iOS are not supported. This version supports 64 bit devices only.

Make sure to read this post on how to get started with using DVIA.

Objective-C version (November, 2016) – Download the IPA file from here

This version will only work on iOS 8 or later devices, older versions of iOS are not supported. DVIA supports both 32 and 64 bit devices as well.

Even Older Version
Download the deb file from here
Download the IPA file from here

Github – Here

For the Objective-C version, instructions to compile app for iOS 10 & Xcode 8 can be found here. Written by Andrew Hoog from NowSecure.com

Contact

Got a question ? You can contact me on Twitter, Linkedin,
ask a question on Twitter or Stack overflow with the hashtag #DVIA or fill the form below.

Your Name (required)

Your Email (required)

Subject

Your Message