M 711: Insecure Local Storage by iPhone Apps (15 pts extra)
What You Need
- A jailbroken iPhone, as detailed in
project ED 420
- A Mac computer
- An iPhone cable
To view iPhone local storage and find
I notified all the companies about this
on or before
Jan 12, 2020, as linked below each image,
and they did nothing.
Installing an Unsafe App
Install one of these apps
(clicking the image goes to the
Apple Store page for the app)
Creating an Account
Using your phone, create an account with
an insecure app. Use a password with an unusual
series of characters, such as ssw6
(For West Village Cafe,
just attempt a login with your special
Viewing the iPhone Local Storage
Connect to your jailbroken iPhone
with SSH, as you did in
project ED 420.
Execute this command, replacing
with your special password.
The password is found,
as shown below.
grep ssw6 -r /private/var/mobile/Containers/Application
Flag M 711.1: Stored Password Location (15 pts)
The flag is
covered by a green rectangle
in the image below.