iGoat Documentation
iGoat Documentation
Docs
Setting up iGoat on MacBook
Setting up iGoat on Jailbroken iPhone
Setting up iGoat on non-jailbroken iPhone
Setting up iGoat Server
Exercises
Data Protection (Rest)
Core Data Storage
Plist Storage
NSUserDefaults Storage
Cookie Storage
Untitled
Powered by GitBook

Core Data Storage

Core Data is an object-relational mapping (ORM) that creates a layer between UI & database.Developers prefer Core Data as it is faster in terms of record creation than the traditional SQLite Format.

Task

In this exercise, the app stores data in Core Data Format. Your task is to locate the CoreData file and find the sensitive data that it contains.

From security point of view, these files are similar to SQLite, with the only difference being that the tables are prefixed with Z.

Once we enter the Username and Password the records are stored successfully.

Let’s see whether user credentials are stored securely or not:

Application Data is usually stored in the below path:

/private/var/mobile/Containers/Data/Application/<AppFolder>

Using Grep command we can easily identify the Appfolder which was created during the App installation as shown below;

Aruns-iPhone:/private/var/mobile/Containers/Data/Application root# find * | grep "iGoat-Swift"
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/Cache.db
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/Cache.db-shm
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/Cache.db-wal
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/com.apple.metal
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/com.apple.metal/functions.data
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/com.apple.metal/functions.maps
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/fsCachedData
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/fsCachedData/40C53B0C-C237-4741-AF82-5B687097E160
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/fsCachedData/94E8BBAA-DDC5-4DAB-93F4-978831FD9922
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/OWASP.iGoat-Swift/fsCachedData/FF62F4DB-5862-49BB-957A-537DFFD1B378
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/Snapshots/OWASP.iGoat-Swift
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/Snapshots/OWASP.iGoat-Swift/[email protected]
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/Snapshots/OWASP.iGoat-Swift/[email protected]
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/Snapshots/OWASP.iGoat-Swift/downscaled
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches/Snapshots/OWASP.iGoat-Swift/downscaled/[email protected]
464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Preferences/OWASP.iGoat-Swift.plist

Now try to access the Core Data Application files using Sqlite3 as shown below; 

Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Application Support root#
Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Application Support root# ls
CoreData.sqlite  CoreData.sqlite-shm  CoreData.sqlite-wal
Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Application Support root# sqlite3 CoreData.sqlite
SQLite version 3.24.0 2018-06-04 19:24:41
Enter ".help" for usage hints.
sqlite> .headers ON
sqlite> .tables
ZUSER         Z_METADATA    Z_MODELCACHE  Z_PRIMARYKEY
sqlite> select * from ZUSER;
Z_PK|Z_ENT|Z_OPT|ZEMAIL|ZPASSWORD
1|1|1|john@test.com|coredbpassword
sqlite>

Notice that all tables starting with prefix Z and the table ZUSER contains the sensitive user credentials stored in plain text.

Although Core Data is easy to use and fast, it should never be used to store sensitive information.

Previous
Data Protection (Rest)
Next
Plist Storage
Last updated 3 years ago