【iOS】Cydia Impactor 错误:file http.hpp; line:37; what: _assert(code == 200)
Cydia Impactor reports an error, the information is as follows
file http.hpp; line:37; what: _assert(code == 200)
Solution: Cydia Impactor has been deprecated, just switch to sideloadly , the pro-test is successful, and supports double-authentication login
csdn backup address
iOS iphone 7 Manually install the specified version of Frida (old version) Here we take version 15.1.2 as an example
Frida is a code injection framework for all platforms. I won’t go into details here. You can directly read the official tutorial: frida.re
prerequisite
- Mac
- iphone 7 (checkra1n method)
- frida_15.1.2_iphoneos-arm.deb
csdn backup download - Cydia
- openssh-plugin
installation steps
- Search and install the openSSH plugin from Cydia
- Download the Frida binaries
- Copy the binary file to the /var/root directory of the phone through the command line tool scp
scp -P 2222 frida_15.1.2_iphoneos-arm.deb [email protected]:/var/root
- Or operate the tool iFunBox through the UI (newbies are recommended to use this tool)
- You need to install the AFC2 plug-in first, otherwise iFunBox cannot recognize the file system directory
- You need to install the AFC2 plug-in first, otherwise iFunBox cannot recognize the file system directory
- Install the deb package using dpkg
ssh -p 2222 [email protected]
# 输入密码:alpine
dpkg -i frida_15.1.2_iphoneos-arm.deb
# 重新打开Cydia 就可以看到已安装Frida 插件了
- Or use the UI tool Filza file manager plug-in installation is also possible, directly find the /var/root directory, click the deb package to install
Three extraction schemes for iOS keychain [iOS encrypted backup] [keychain_dumper] [frida-objection]
The iOS keychain (keychain) is a secure storage mechanism provided by the iOS operating system for storing sensitive user information (such as passwords, etc.). Keychain Manager can securely store and access user's sensitive information in any application and extension without being accessed or destroyed by other applications. The contents of the keychain can be stored encrypted on the device and automatically backed up via the user's iCloud account.
Features of the iOS Keychain:
-
- Password management: You can store a secure password for each website account and password, without having to remember multiple accounts and passwords.
-
- Identity certificate management: you can manage SSL (Secure Sockets Layer, Secure Sockets Layer) certificates for authenticating secure connections.
-
- Certificate Authority (CA) Management: Can provide storage and management for certificates issued by CAs to ensure authentication of secure websites.
-
- Key management: Digital keys can be stored and managed for data encryption and signature.
-
- Password autofill: Login forms can be autofilled to reduce user input effort.
Using the keychain can protect the user's data security to the greatest extent, and at the same time reduce the workload of the user's input.
iOS encrypted backup
Reference: https://github.com/dunhamsteve/ios
Reference: https://github.com/n0fate/chainbreaker
Reference: https://github.com/nabla-c0d3/iphone-dataprotection/blob/master/python_scripts/ keychain_tool.py
reference: https://pypi.org/project/iOSbackup/
reference: https://github.com/jsharkey13/iphone_backup_decrypt
keychain_dumper
Reference: https://github.com/ptomey3/Keychain-Dumper
Reference: https://sevencho.github.io/archives/65ed9c65.html
Reference: https://github.com/ldzSpace/KCdumper
frida-objection
pip3 install objection
objection -d --gadget "appName" explore
ios keychain dump/dump_raw
compare plan
plan | data integrity | prison Break | system version |
---|---|---|---|
iOS encrypted backup | only partial data | no | full version |
keychain_dumper | all | yes | iOS12 and below |
frida-objection | all | yes | Full version of theory |
reference
- https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting#keychain
AppleStore original ipa file extraction
//todo
Apple Configurator 2 extracts the ipa file - Hungry Blog - CSDN Blog
libflex cydia源
iphone8 force restart & enter recovery mode & enter DFU mode[2021-11-05]
The operation of iphone8 is more complicated than that of other iphones, so that checkra1n does not support the automatic jailbreak operation of iphone8 (I measured that version 0.12.4 is like this), we need to manually enter the DFU mode before using checkra1n jailbreak.
prerequisite
Mobile phone connected to computer via data cable
Window: need to download itunes and open
MacOS: No action required
force restart
Note: Force restart does not require prerequisites
0. The phone is on
1. Turn off the screen (optional)
2. Quickly press the volume up button
3. Quickly press the volume down button
4. Press and hold the power button until the phone is turned off, release the power button, and wait for the restart
enter recovery mode
0. The phone is on
1. Turn off the screen (optional)
2. Quickly press the volume up button
3. Quickly press the volume down button
4. Press and hold the power button until the phone is turned off, and release the power button after entering the following interface.
5. Then enter the recovery mode
6. How to log out? The same as the entry operation, click the volume up -> click the volume down -> press and hold the power button until it restarts
Enter DFU mode
0. The phone is on
1. Turn off the screen (optional)
2. Quickly press the volume up button
3. Quickly press the volume down button
4. Press and hold the power button and wait for the phone to shut down
5. After the phone is turned off, press and hold the volume down button for 5 seconds
After 6.5 seconds, release the power button and continue to hold the volume down button
7. Until iTunes starts to prompt, as shown in the figure below, then release the volume down button
8. At this time, it has entered the DFU mode, and the phone is still in a black screen state, which is different from the recovery mode
If you want to jailbreak later, you can jailbreak through checkra1n