idb 1.3.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 11406269953d2f4d75ddaefc4f9eda22342161ae
+  data.tar.gz: 462682be7e29f8756d42ef7223198c13752b77e9
+SHA512:
+  metadata.gz: b9059fcaac50e027d4ef0dfefc6c4d8cffaeaf9106ce43d4c2c7acdff18f62b5cf047de345624fea9508238cb22ea69617a7cea5c70be082503d936d1f6aa2e2
+  data.tar.gz: b929944e0110ed607679fbe8c7e56f852bf94f034c266ac7f71e43e62d81ee5f3d43528cb5e177ab4b09930e1544b725dbeadd9e93687d0e5f5520799133b0f7

data/.gitignore

@@ -0,0 +1,19 @@
+tmp/
+.idea
+.bundle
+config/settings.yml
+*.swp
+/.bundle/
+/.yardoc
+/gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in idb.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,65 @@
+PATH
+  remote: .
+  specs:
+    idb (1.3.1)
+      awesome_print
+      coderay
+      eventmachine
+      ffi
+      git
+      highline
+      htmlentities
+      launchy
+      log4r
+      net-sftp
+      net-ssh
+      nokogiri
+      plist4r
+      qtbindings
+      rbkb
+      sqlite3
+      trollop
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.3.6)
+    awesome_print (1.2.0)
+    coderay (1.1.0)
+    eventmachine (1.0.3)
+    ffi (1.9.5)
+    git (1.2.8)
+    haml (4.0.5)
+      tilt
+    highline (1.6.21)
+    htmlentities (4.3.2)
+    launchy (2.4.2)
+      addressable (~> 2.3)
+    libxml-ruby (2.7.0)
+    libxml4r (0.2.6)
+      libxml-ruby (>= 1.1.3)
+    log4r (1.1.10)
+    mini_portile (0.6.0)
+    net-sftp (2.1.2)
+      net-ssh (>= 2.6.5)
+    net-ssh (2.9.1)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    plist4r (1.2.2)
+      haml
+      libxml-ruby
+      libxml4r
+    qtbindings (4.8.6.0)
+    rake (10.3.2)
+    rbkb (0.7.2)
+    sqlite3 (1.3.9)
+    tilt (2.0.1)
+    trollop (2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.6)
+  idb!
+  rake

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Daniel A. Mayer
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Idb
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'idb'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install idb
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/idb/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/bin/idb

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'idb'
+
+idb = Idb::Idb.run

data/idb.gemspec

@@ -0,0 +1,41 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'idb/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "idb"
+  spec.version       = Idb::VERSION
+  spec.authors       = ["Daniel A. Mayer"]
+  spec.email         = ["mayer@cysec.org"]
+  spec.summary       = %q{idb is a tool to simplify some common tasks for iOS pentesting and research.}
+  spec.description   = %q{Still under test but ready for prime-time soon!}
+  spec.homepage      = "https://github.com/dmayer/idb"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake"
+
+  spec.add_runtime_dependency 'highline'
+  spec.add_runtime_dependency 'launchy'
+  spec.add_runtime_dependency 'plist4r'
+  spec.add_runtime_dependency 'trollop'
+  spec.add_runtime_dependency 'net-ssh'
+  spec.add_runtime_dependency 'net-sftp'
+  spec.add_runtime_dependency 'rbkb'
+  spec.add_runtime_dependency 'nokogiri'
+  spec.add_runtime_dependency 'sqlite3'
+  spec.add_runtime_dependency 'coderay'
+  spec.add_runtime_dependency 'qtbindings'
+  spec.add_runtime_dependency 'awesome_print'
+  spec.add_runtime_dependency 'ffi' # not really used atm.
+  spec.add_runtime_dependency 'htmlentities'
+  spec.add_runtime_dependency 'eventmachine'
+  spec.add_runtime_dependency 'log4r'
+  spec.add_runtime_dependency 'git'
+end

data/lib/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Daniel A. Mayer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/README.md

@@ -0,0 +1,54 @@
+# gidb
+
+gidb is a tool to simplify some common tasks for iOS pentesting and research. It is still a work in progress but already provides a bunch of (hopefully) useful commands. The goal was to provide all (or most) functionality for both, iDevices and the iOS simulator.  For this, a lot is abstracted internally to make it work transparently for both environments. Although recently the focus has been more on supporting devices.
+
+idb was released as part of a talk at [ShmooCon](http://shmoocon.org) 2014. The [slides of the talk](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting) are up on [Speakerdeck](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting). [Video](https://archive.org/details/ShmooCon2014_Introducing_idb_Simplified_Blackbox_iOS_App_Pentesting) is available on [archive.org](http://www.archive.org) There is also a [blog post](http://cysec.org/blog/2014/01/23/idb-ios-research-slash-pentesting-tool/) on my [personal website](http://cysec.org).
+
+## Getting Started 
+Visit the [getting started guide](//github.com/dmayer/idb/wiki/Getting-started) on the wiki to get installation instructions. Next, there is a basic [manual and walk-through](//github.com/dmayer/idb/wiki/Manual-and--Walk-Through) available as well.
+
+Bug reports, feature requests, and contributions are more than welcome!
+
+## Command-Line Version
+idb started out as a command line tool which is still accessible through the `cli` branch. Find the [getting started](//github.com/dmayer/idb/wiki/CLI-Version:-Getting-Started) guide and some more documentation in the wiki.
+
+## gidb Features
+
+* Simplified pentesting setup
+    * Setup port forwarding 
+    * Certificate management
+* iOS log viewer
+* Screen shot utility
+    * Simplifies testing for the creation of backgrounding screenshots
+* App-related functions
+     * App binary
+        * Download
+        * List imported libraries
+        * Check for encryption, ASLR, stack canaries
+        * Decrypt and download an app binary (requires [dumpdecrypted](//github.com/stefanesser/dumpdecrypted))
+     * Launch an app
+     * View app details such as name, bundleid, and `Info.plist` file.
+* Inter-Process Communication
+     * URL Handlers
+        * List URL handlers
+        * Invoke and fuzz URL handlers
+     * Pasteboard monitor
+* Analyze local file storage
+    * Search for, download, and view plist files
+    * Search for, download, and view sqlite databases
+    * Search for, download, and view local caches  (`Cache.db`)
+    * File system browser
+* Install utilities on iDevices 
+    * Install [iOS SSL killswitch](//github.com/iSECPartners/ios-ssl-kill-switch)
+    * alpha: Compile and install [dumpdecrypted](//github.com/stefanesser/dumpdecrypted)
+* Alpha:
+  * Cycript console
+  * Snoop-It integration
+
+## Documentation
+Some documentation can be found on the [wiki](//github.com/dmayer/idb/wiki).
+
+## FAQ
+
+### Q: After staring idb, the menu bar does not appear
+A: This seems to be a bug when using ruby 2.1 on OS X. I have no idea why this is happening, but switching to a different application and the back to idb fixes it. Any pointers on how to fix this are greatly appreciated!

data/lib/config/settings.yml

@@ -0,0 +1,8 @@
+---
+ssh_host: localhost
+ssh_port: 22
+ssh_username: root
+ssh_password: alpine
+manual_ssh_port: '2222'
+idb_utility_port: '4711'
+device_connection_mode: usb

data/lib/gui/app_binary_tab_widget.rb

@@ -0,0 +1,45 @@
+require_relative 'shared_libraries_widget'
+require_relative 'binary_strings_widget'
+require_relative 'weak_class_dump_widget'
+
+module Idb
+
+  class AppBinaryTabWidget < Qt::TabWidget
+
+
+    def initialize *args
+      super *args
+
+      @tabs = Hash.new
+
+      @shared_libs = SharedLibrariesWidget.new self
+      @tabs[:@shared_libs] = addTab(@shared_libs, "Shared Libraries")
+
+      @strings = BinaryStringsWidget.new self
+      @tabs[:strings] = addTab(@strings, "Strings")
+
+      @weak_class_dump = WeakClassDumpWidget.new self
+      @tabs[:weak_class_dump] = addTab(@weak_class_dump, "Weak Class Dump")
+
+
+    end
+
+    def clear
+      @tabs.each { |tab|
+        tab.clear
+      }
+    end
+
+    def refresh_current_tab
+      puts "Refreshing current tab in App binary tab"
+    end
+
+    def refresh
+    end
+
+    def enableTabs
+      @shared_libs.setEnabled(true)
+      setTabEnabled(@tabs[:@shared_libs],true)
+    end
+  end
+end

data/lib/gui/app_details_group_box.rb

@@ -0,0 +1,213 @@
+require_relative '../lib/app'
+
+module Idb
+
+  class AppDetailsGroupBox < Qt::GroupBox
+    attr_accessor :uuid, :bundle_id
+    signals "app_changed()"
+    signals "show_device_status()"
+
+    def initialize args
+      super *args
+
+      # details on selected app
+      @layout = Qt::GridLayout.new
+      setLayout(@layout)
+      setTitle "App Details"
+
+
+      @icon_button_layout = Qt::GridLayout.new
+
+
+      # select app
+      @select_app_button = Qt::PushButton.new "Select App..."
+      @select_app_button.setEnabled(false)
+      @select_app_button.connect(SIGNAL(:released)) { |x|
+        @app_list = AppListDialog.new
+        @app_list.connect(SIGNAL('accepted()')) {
+          $selected_app =  @app_list.app_list.currentItem().app
+          @vals['uuid'].setText($selected_app.uuid)
+          @vals['bundle_id'].setText($selected_app.bundle_id)
+          @vals['bundle_name'].setText($selected_app.bundle_name)
+          @vals['url_handlers'].setText($selected_app.get_url_handlers.join("\n"))
+          @vals['platform_version'].setText($selected_app.platform_version)
+          @vals['sdk_version'].setText($selected_app.sdk_version)
+          @vals['minimum_os_version'].setText($selected_app.minimum_os_version)
+          @launch_app.setEnabled(true)
+          @open_folder.setEnabled(true)
+
+          begin
+          icon_file = $selected_app.get_icon_file
+          pixmap = Qt::Pixmap.new(icon_file)
+          @icon.setPixmap pixmap.scaledToWidth(50)  unless icon_file.nil?
+
+          rescue => e
+            $log.error "Icon CONVERSION failed.  #{e.message}"
+            @icon.setPixmap Qt::Pixmap.new
+            # lets ignore conversion errors for now..
+          end
+
+          emit app_changed()
+        }
+
+        @app_list.exec
+      }
+
+
+      @icon_button_widget = Qt::Widget.new self
+      @icon_button_widget.setLayout @icon_button_layout
+
+      @icon = Qt::Label.new
+
+      @icon_button_layout.addWidget @icon, 0, 0, 1, 1
+      @icon_button_layout.addWidget @select_app_button, 0, 1, 1, 3
+      @layout.addWidget @icon_button_widget, 0, 0, 1, 2
+
+
+
+
+      @labels = Hash.new
+      @vals = Hash.new
+      @cur_row = 1
+
+      addDetail 'bundle_id', 'Bundle ID'
+      addDetail 'bundle_name', 'Bundle Name'
+      addDetail 'uuid', 'UUID'
+      addDetail 'url_handlers', 'URL Handlers'
+      addDetail 'platform_version', 'Platform Version'
+      addDetail 'sdk_version', 'SDK Version'
+      addDetail 'minimum_os_version', 'Minimum OS'
+
+      @launch_app = Qt::PushButton.new "Launch App"
+      @launch_app.setEnabled(false)
+      @launch_app.connect(SIGNAL(:released)) {
+        if $device.open_installed?
+          $selected_app.launch
+        else
+          error = Qt::MessageBox.new self
+          error.setInformativeText("'open' not found on the device. Please visit the status dialog and install it.")
+          error.setIcon(Qt::MessageBox::Critical)
+          error.setMinimumWidth(500)
+          error.exec
+          emit show_device_status()
+        end
+      }
+
+      @layout.addWidget @launch_app, @cur_row, 0, 1, 2
+
+      @cur_row+=1
+
+      @open_folder = Qt::PushButton.new "Open Local Temp Folder"
+      @open_folder.setEnabled(false)
+      @layout.addWidget @open_folder, @cur_row, 0, 1, 2
+
+      @open_folder.connect(SIGNAL :released) {
+        Launchy.open $selected_app.cache_dir
+
+      }
+
+    end
+
+    def clear
+      $selected_app =  nil
+      @vals['uuid'].setText("")
+      @vals['bundle_id'].setText("")
+      @vals['bundle_name'].setText("")
+      @vals['url_handlers'].setText("")
+      @vals['platform_version'].setText("")
+      @vals['sdk_version'].setText("")
+      @vals['minimum_os_version'].setText("")
+      @launch_app.setEnabled(false)
+      @open_folder.setEnabled(false)
+
+    end
+
+
+
+    def addDetail id, label
+      @labels[id] = Qt::Label.new  "<b>#{label}</b>", self, 0
+      @vals[id] = Qt::Label.new  "", self, 0
+      @layout.addWidget @labels[id], @cur_row, 0
+      @layout.addWidget @vals[id], @cur_row, 1
+      @cur_row += 1
+    end
+
+
+    def enable_select_app
+      @select_app_button.setEnabled(true)
+    end
+
+    def disable_select_app
+      @select_app_button.setEnabled(false)
+    end
+
+  end
+
+  class AppBinaryGroupBox < Qt::GroupBox
+    signals "binary_analyzed()"
+
+    def initialize args
+      super *args
+
+      # details on selected app
+      @layout = Qt::GridLayout.new
+      setLayout(@layout)
+      setTitle "App Binary"
+
+
+      # analyze binary
+      @analyze_binary_button = Qt::PushButton.new "Analyze Binary..."
+      @analyze_binary_button.setEnabled(false)
+      @analyze_binary_button.connect(SIGNAL(:released)) { |x|
+        #TODO progress bar
+        $selected_app.analyze
+        @vals['encryption_enabled'].setText($selected_app.binary.is_encrypted?.to_s)
+        @vals['cryptid'].setText($selected_app.binary.get_cryptid.to_s)
+        @vals['pie'].setText($selected_app.binary.is_pie?.to_s)
+        @vals['canaries'].setText($selected_app.binary.is_stack_protected?.to_s)
+        @vals['arc'].setText($selected_app.binary.uses_arc?.to_s)
+        emit binary_analyzed()
+      }
+      @layout.addWidget @analyze_binary_button, 0, 0, 1, 2
+
+      @labels = Hash.new
+      @vals = Hash.new
+      @cur_row = 1
+
+      addDetail 'encryption_enabled', 'Encryption?'
+      addDetail 'cryptid', 'Cryptid'
+      addDetail 'pie', 'PIE'
+      addDetail 'canaries', 'Stack Canaries'
+      addDetail 'arc', 'ARC'
+
+    end
+
+
+    def addDetail id, label
+      @labels[id] = Qt::Label.new  "<b>#{label}</b>", self, 0
+      @vals[id] = Qt::Label.new  "", self, 0
+      @layout.addWidget @labels[id], @cur_row, 0
+      @layout.addWidget @vals[id], @cur_row, 1
+      @cur_row += 1
+    end
+
+    def app_changed
+      clear
+      @analyze_binary_button.setEnabled(true)
+    end
+
+    def clear
+      @vals['encryption_enabled'].setText("")
+      @vals['cryptid'].setText("")
+      @vals['pie'].setText("")
+      @vals['canaries'].setText("")
+      @vals['arc'].setText("")
+    end
+
+    def disable_analyze_binary
+      @analyze_binary_button.setEnabled(false)
+    end
+
+
+  end
+end