NSUserDefaults Storage

NSUserDefaults class is one more way data on the iOS device persists even after restart. The information stored NSUserDefaults class is stored in plaintext plist file.

Task

In this exercise the app stores data using a NSUserDefaults file in the application sandbox.Your task is to locate the NSUserDefaults file and find the sensitive data that it contains.

When a user enters any random PIN number the application prompts to try Harder and If a valid PIN number is entered we get a status message as success as shown below;

Steps to find the PIN value from NSUserDefaults File;

NSUserDefaults files are usually found in the below given path;

#/private/var/mobile/Containers/Data/Application/<Application_Folder>/Library/Preferences/<NSUserDefaultsfile.plist>>

Download iGoat-Swift application files from the above path using SFTP/SCP to our host machine. Open the file using the Vim editor and you will see the data in binary, which is not in human-readable format:

╭─arun@Aruns-MacBook-Pro ~/Documents/iOS/OWASP_iGoat
╰─$ scp root@192.168.0.3:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Preferences/OWASP.iGoat-Swift.plist .
root@192.168.0.3's password:
OWASP.iGoat-Swift.plist 100% 423 61.5KB/s 00:00
╭─arun@Aruns-MacBook-Pro ~/Documents/iOS/OWASP_iGoat
╰─$ ls
OWASP.iGoat-Swift.plist

Open the file using the Vim editor and you will see the data in binary, which is not in human-readable format:

Let’s convert the binary file into the XML format so that we can read its contents. You can use the plutil utility to convert the binary file into the XML format and Once converted into XML format, you can observe the sensitive information in plain text, as shown in the following:

Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Preferences root# ls
OWASP.iGoat-Swift.plist
Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Preferences root# plutil -convert xml1 OWASP.iGoat-Swift.plist
Converted 1 files to XML format
Aruns-iPhone:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Preferences root# cat OWASP.iGoat-Swift.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PIN</key>
<string>53cr3tP</string>
<key>WebDatabaseDirectory</key>
<string>/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches</string>
<key>WebKitLocalStorageDatabasePathPreferenceKey</key>
<string>/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Library/Caches</string>
<key>WebKitOfflineWebApplicationCacheEnabled</key>
<true/>
<key>WebKitShrinksStandaloneImagesToFit</key>
<true/>
</dict>
</plist>

The data stored in NSUserDefaults is not secured and should not be used to store sensitive information.