Code

This page will guide you through the different steps in the Code tab.

Static Analysis

Depending on the platforms (Android/iOS), different tests will be executed during the Static Analysis. Click “Start” to run the following tests. An assistant will tell you which test is being performed. You can then close the assistant to populate the results in the results treeview on the left.

iOS

  1. Class dump is performed

  2. Keychain values are decrypted and searched for sensitive values

  3. The application is checked for ASLR implementation

  4. For Swift applications with debug enabled, the “class information” artifact will display a list of files, classes, methods and symbols

  5. For Swift applications with debug disabled (ready for production or from app store), we are unable to list all of the above information. You will only see a list of class names, as well as attempts to demangle the class names and convert into proper naming.

Android

  1. Provides a list of application activities and content providers

  2. Inspects the app certificate

  3. Reviews application permissions

  4. Checks for application debug flag

  5. Checks for code obfuscation

  6. Checks for vulnerabilities related to the SecureRandom API

  7. Checks for potential issues related to the MasterKey vulnerability

  8. Checks the size of the signing key

  9. Decompiles and scans app source code

Memory Dump

Select “Start” to dump the application’s process memory.

Memory Dump

Once the Memory Dump is completed, you can click on “Search Memory Dump” to start a search of the dump for any sensitive information provided in the “Setup” tab.

Search Memory Dump

Exported Activities (Android)

Workstation allows you to manually launch any of the activities used by the application. This is especially useful for example to test if launching certain activities can bypass login screens, and give access to personal information.

To launch an activity, check the box next to its name inside the “Exported Activities” tab, and note any results happening on your device.

Don’t forget that you can, at any time, add findings, take notes or even screenshots using the Editors panel at the bottom of the main Workstation window.

SQL Injection (Android)

In this step, Workstation will conduct tests on your application to evaluate SQL Injection-related vulnerabilities.

To perform this test, you can either let Workstation automatically probe all Content Providers (CPs) searching for potential vulnerabilities or manually select a specific Content Provider you would like to run the test on.

If a Content Provider is found vulnerable, Workstation will also automatically try to retrieve available data from that vulnerable Content Provider and display the results on the treeview on the left.

Path Traversal (Android)

In this step, Workstation will conduct a test to determine if your application is vulnerable to common path traversal vulnerabilities.

Similarly to the SQL Injection step, to perform the Path Traversal test, you can either let Workstation automatically probe your application searching for potential vulnerabilities or manually select a specific URI you would like to run the test on.

If a vulnerability is found, Workstation will also automatically try to retrieve available data from that vulnerable path and provide information about the files that were accessed during the test in the results displayed in the treeview on the left.