ONE Jailbreak Ad

DVIA v2 app provides an iOS test penetration platform

Promotion image of DVIA article.

DVIA v2, crafted by Prateek Gianchandani, serves as a valuable tool for ethical hackers, students, and jailbreak tweak developers. This application provides a legal penetration platform, offering a plethora of iOS security features for exploration. Whether you're in search of a jailbreak detection bypass method, aiming to access sensitive information in memory, or exploring phishing techniques, DVIA v2 offers it all in one package.

Download DVIA IPA

DVIA v2 was released as an IPA package that can be sideloaded on your device using any IPA installer such as Sideloadly, AltStore, Bullfrog Assistant, Esign, etc. The most recent version was re-written in Swift language, but you can still download the previous edition of DIVA IPA.

Download DVIA v2 IPA

What is DVIA v2?

DVIA v2 (Damn Vulnerable iOS App) represents the latest iteration of a widely embraced application. Its primary objective is to furnish mobile security enthusiasts, professionals, and students with a platform for honing their iOS penetration testing skills within the confines of a legal environment. DVIA was released as an open-source project written mostly in Swift.

It offers 15 vulnerabilities that can be exploited using an experiment like Frida which allows you to inject your scripts into black box processes, hook any function, spy on crypto APIs, or trace private application code, edit, and instantly see the results. You can also use an interactive decompiler, disassembler, and binary analysis platform to modify the executable.

DVIA v2 comes with Local Data Storage allowing you to examine how the application handles and secures locally stored data, assessing vulnerabilities related to data storage on the device. There are also a few Jailbreak Detection algorithms. Investigating the mechanisms in place to detect jailbroken devices and finding potential methods to bypass or evade such detection.

DVIA v2 app screenshot.

This app can also be a playground for evaluating the permissions granted to the application and identifying instances where excessive privileges may pose security risks, analyzing how the application behaves during runtime, and exploring potential vulnerabilities that could be exploited through runtime manipulation techniques. DVIA v2 works on iOS 11 – iOS 17.

DVIA v2 is equipped with Anti Anti Hooking/Debugging and Binary Protection layers. Assessing the effectiveness of measures implemented to prevent or detect hooking and debugging attempts, and exploring ways to bypass these protective mechanisms. Examining how the binary code of the app is protected against reverse engineering and unauthorized access.

Other security features include protections against authorization bypass: Investigating the security mechanisms related to biometric authentication and exploring potential vulnerabilities that may allow bypassing Touch ID or Face ID. Phishing: Assessing the susceptibility of the app to phishing attacks, where attackers attempt to revealing sensitive information.

Side Channel Data Leakage: Identifying and addressing potential vulnerabilities related to side channels through which sensitive data could unintentionally leak. IPC Issues: Analyzing problems related to Inter-Process Communication (IPC) and assessing potential security risks associated with communication between different processes.

Broken Cryptography: Evaluating the cryptographic protocols and implementations used by the application to ensure they are secure and not susceptible to exploitation. Webview Issues: Inspecting the security of the application's webview components, and identifying vulnerabilities that may arise from the integration of web content.

DVIA v2 Jailbreak Detection and App Anti Patching features.

Network Layer Security: Assessing the security measures in place at the network layer to protect data transmitted over networks, including encryption and secure communication protocols. Application Patching: Examining the application's resistance to unauthorized modification or patching, ensuring the integrity of the application's code.

Finally, DVIA v2 offers also a module with Sensitive Information in Memory. Identifying and addressing potential vulnerabilities related to the handling of sensitive information in the device's memory, preventing unauthorized access or leakage.

What's new

  • Updated DVIA v2 to the latest version.
Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak topics since 2012. He has interviewed professionals from Intel, Avast, Microsoft, and more. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts