Skip to content

Add MASTG-DEMO-0091: iOS Frida Detection Demo #3508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Add MASTG-DEMO-0091: iOS Frida Detection Demo #3508

wants to merge 5 commits into from

Conversation

@swaroopsy
Copy link
Collaborator

@swaroopsy swaroopsy commented Nov 5, 2025

This demo demonstrates:

  • Dynamic library scanning for Frida detection
  • Port scanning (27042, 27043)
  • Thread count analysis
  • Frida bypass techniques using Interceptor API

Related to MASTG-TEST-0091: Testing Reverse Engineering Tools Detection

This PR closes #issue_number

Description

Provide a brief description of the changes introduced by this PR.

[x] I have read the contributing guidelines.

Guidelines for Pull Requests (you can delete this section after reading):

  • Please ensure that your content follows the style guide.
  • If you are working on Porting MASTG v1 Tests to v2, refer to this document.
  • If you are working on new MASWE, tests, or demos, refer to this document.

@swaroopsy
Add MASTG-DEMO-0091: iOS Frida Detection Demo
d890541 
This demo demonstrates:
- Dynamic library scanning for Frida detection
- Port scanning (27042, 27043)
- Thread count analysis
- Frida bypass techniques using Interceptor API

Related to MASTG-TEST-0091: Testing Reverse Engineering Tools Detection
@swaroopsy
Fix markdown formatting in MASTG-DEMO-0091.md
9faf49c
@swaroopsy
Fix all markdown formatting issues
8f99aec
@swaroopsy swaroopsy marked this pull request as ready for review November 5, 2025 02:22
@cpholguera cpholguera marked this pull request as draft November 5, 2025 05:48
@cpholguera
Copy link
Collaborator

cpholguera commented Nov 5, 2025

As discussed on Slack this PR was supposed to address #3001. Please take a look at the ticket, port the test case and create all files according to our guidelines (documentation is linked in the ticket and you can also take existing tests/demos) as reference. Thank you!

cpholguera
cpholguera requested changes Nov 5, 2025
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A quick first round of feedback. Please fix this and I'll review the rest afterwards. Thanks a lot!

tests/ios/MASVS-RESILIENCE/MASTG-TEST-0091.md
Copy link
Collaborator

@cpholguera cpholguera Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the exact same metadata as in other deprecated tests.

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0298.md
1. Launch the app with @MASTG-TOOL-0031 attached using `frida -U -n <app-name>` or spawn mode.
2. Exercise the app's functionality to trigger any detection mechanisms.
3. Monitor the app's response to the presence of Frida.
4. Use @MASTG-DEMO-0091 to test the detection and bypass capabilities.
Copy link
Collaborator

@cpholguera cpholguera Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests never use demos. Demos have a metadata field to link them to tests.

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0298.md

Note that these detection methods can be bypassed using Frida's Interceptor API to hook the detection functions and manipulate their return values.

## Steps
Copy link
Collaborator

@cpholguera cpholguera Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests must not refer to TOOLs, use TECH instead. Please check other similar tests and try to align the steps as much as possible

tests-beta/ios/MASVS-RESILIENCE/MASTG-TEST-0298.md

## Overview

This test case verifies whether an iOS app can detect the presence of reverse engineering tools at runtime, specifically focusing on @MASTG-TOOL-0031 (Frida). Apps implementing resilience measures may include runtime checks to detect dynamic instrumentation frameworks and respond appropriately (e.g., alerting users, terminating execution, or reporting to backend servers).
Copy link
Collaborator

@cpholguera cpholguera Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests must not refer to TOOLs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpholguera cpholguera cpholguera requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@swaroopsy @cpholguera