idb 1.3.1 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 11406269953d2f4d75ddaefc4f9eda22342161ae
-  data.tar.gz: 462682be7e29f8756d42ef7223198c13752b77e9
+  metadata.gz: d313a2f68d8dbb4103f71b6f9d34486a16420484
+  data.tar.gz: 9087be7df5e7065a10787cb14acebc884f514fb7
 SHA512:
-  metadata.gz: b9059fcaac50e027d4ef0dfefc6c4d8cffaeaf9106ce43d4c2c7acdff18f62b5cf047de345624fea9508238cb22ea69617a7cea5c70be082503d936d1f6aa2e2
-  data.tar.gz: b929944e0110ed607679fbe8c7e56f852bf94f034c266ac7f71e43e62d81ee5f3d43528cb5e177ab4b09930e1544b725dbeadd9e93687d0e5f5520799133b0f7
+  metadata.gz: 9f82baac61e5cd3a1d3f8048a53411ab5a47295728fe71856cb3464744ee6b0da2956022c1687628c5529597f711cef8bb73d1d55db43bb5240d4eadaa884565
+  data.tar.gz: 318b936f8c1bca37ee3164d50266c3573d38cf7855e7e52a8ca603835fe5643adfc903424766d86f530309d1f1019888a711bc2cf752bde19bde8bd5530d8cfa

data/Gemfile.lock

@@ -1,12 +1,13 @@
 PATH
   remote: .
   specs:
-    idb (1.3.1)
+    idb (1.3.2)
       awesome_print
       coderay
       eventmachine
       ffi
       git
+      hexdump
       highline
       htmlentities
       launchy
@@ -31,6 +32,7 @@ GEM
     git (1.2.8)
     haml (4.0.5)
       tilt
+    hexdump (0.2.3)
     highline (1.6.21)
     htmlentities (4.3.2)
     launchy (2.4.2)

data/README.md

@@ -1,24 +1,36 @@
 # Idb
 
-TODO: Write a gem description
+idb is a tool to simplify some common tasks for iOS pentesting and research. Originally there was a command line version of the tool, but it is no longer under development so you should get the GUI version.
+
+idb was released as part of a talk at [ShmooCon](http://shmoocon.org) 2014. The [slides of the talk](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting) are up on [Speakerdeck](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting). [Video](https://archive.org/details/ShmooCon2014_Introducing_idb_Simplified_Blackbox_iOS_App_Pentesting) is available on [archive.org](http://www.archive.org) There is also a [blog post](http://cysec.org/blog/2014/01/23/idb-ios-research-slash-pentesting-tool/) on my [personal website](http://cysec.org).
 
 ## Installation
 
-Add this line to your application's Gemfile:
+I am currently working on making the installation proces much more pleasant. It is not fully auomated yet, but the dependencies and number steps are much simpler since I bundled idb into a gem. Basic instructions:
 
-    gem 'idb'
+* Install ruby (1.9.3 and 2.1 are known to work. **Don't use 2.0**)
+  * **Shared library support is required!** 
+    * Under `rvm` use `--enable-shared` when installing ruby.
+    * Under `ruby-install`/`chruby` use `-- --enable-shared` when installing ruby.
+    * Under `ruby-build`/`rbenv` with `ruby-build` use `CONFIGURE_OPTS=--enable-shared [command]` when installing Ruby.
+* Install prerequisites:
+    *  OS X: `brew install qt cmake usbmuxd libimobiledevice`
+    *  Ubuntu: `apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd -y`
+*  Install idb: `gem install idb`
+*  Run idb: `idb`
+*  Hooray!
 
-And then execute:
+Expect a fully bundled version which includes ruby and qt soon!
 
-    $ bundle
+## Usage
 
-Or install it yourself as:
+See the basic [manual and walk-through](//github.com/dmayer/idb/wiki/Manual-and--Walk-Through) to get started.
 
-    $ gem install idb
+## FAQ
 
-## Usage
+### Q: After staring idb, the menu bar does not appear
+A: This seems to be a bug when using ruby 2.1 on OS X. I have no idea why this is happening, but switching to a different application and the back to idb fixes it. Any pointers on how to fix this are greatly appreciated!
 
-TODO: Write usage instructions here
 
 ## Contributing
 

data/bin/idb

@@ -1,5 +1,4 @@
-#!/usr/bin/env ruby
-
+#!/usr/bin/env ruby 
 require 'idb'
 
 idb = Idb::Idb.run

data/idb.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Daniel A. Mayer"]
   spec.email         = ["mayer@cysec.org"]
   spec.summary       = %q{idb is a tool to simplify some common tasks for iOS pentesting and research.}
-  spec.description   = %q{Still under test but ready for prime-time soon!}
+  spec.description   = %q{idb is a tool to simplify some common tasks for iOS pentesting and research. Please see https://github.com/dmayer/idb for more details on installation and usage.}
   spec.homepage      = "https://github.com/dmayer/idb"
   spec.license       = "MIT"
 
@@ -38,4 +38,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'eventmachine'
   spec.add_runtime_dependency 'log4r'
   spec.add_runtime_dependency 'git'
+  spec.add_runtime_dependency 'hexdump'
 end

data/lib/gui/keychain_binary_widget.rb

@@ -0,0 +1,57 @@
+
+require "hexdump"
+module Idb
+  class KeychainBinaryWidget < Qt::Widget
+
+#    def hexdump(data, start = 0, finish = nil, width = 16)
+#      result = ""
+#      ascii = ''
+#      counter = 0
+#      result += '%06x  ' % start
+#      data.each_byte do |c|
+#        if counter >= start
+#          result += '%02x ' % c
+#          ascii << (c.between?(32, 126) ? c : ?.)
+#          if ascii.length >= width
+#            result += ascii + "\n"
+#            ascii = ''
+#            result += '%06x  ' % (counter + 1)
+#          end
+#        end
+#        throw :done if finish && finish <= counter
+#        counter += 1
+#      end rescue :done
+#      result += '   ' * (width - ascii.length) + ascii + "\n"
+#      result
+#    end
+
+
+    def initialize *args
+      super *args
+      @layout = Qt::GridLayout.new
+      setLayout(@layout)
+
+      @vdata_text = Qt::PlainTextEdit.new
+      @vdata_text.setReadOnly(true)
+
+      font = Qt::Font.new("Courier")
+      @vdata_text.setFont(font)
+
+
+
+      @layout.addWidget @vdata_text, 1, 0
+    end
+
+    def set_data data
+      output = ""
+      Hexdump.dump(data, {:output => output } )
+      @vdata_text.appendPlainText output
+    end
+
+    def clear
+      @vdata_text.clear
+    end
+
+
+  end
+end

data/lib/gui/keychain_tab_widget.rb

@@ -0,0 +1,37 @@
+require_relative 'keychain_text_widget'
+require_relative 'keychain_binary_widget'
+
+module Idb
+
+  class KeychainTabWidget < Qt::TabWidget
+
+    def initialize *args
+      super *args
+
+      @tabs = Hash.new
+
+      @text = KeychainTextWidget.new self
+      @tabs[:text] = addTab(@text, "Text Data")
+
+      @binary = KeychainBinaryWidget.new self
+      @tabs[:binary] = addTab(@binary, "Binary VData")
+
+    end
+
+    def set_data text
+      @text.clear
+      @text.set_data text
+    end
+
+    def set_vdata text
+      @binary.clear
+      @binary.set_data text
+    end
+
+    def clear
+      @text.clear
+      @binary.clear
+    end
+
+  end
+end

data/lib/gui/keychain_text_widget.rb

@@ -0,0 +1,28 @@
+
+module Idb
+  class KeychainTextWidget < Qt::Widget
+
+    attr_accessor :data_text, :vdata_text
+
+    def initialize *args
+      super *args
+      @layout = Qt::GridLayout.new
+      setLayout(@layout)
+
+      @data_text = Qt::PlainTextEdit.new
+      @data_text.setReadOnly(true)
+      @layout.addWidget @data_text, 0, 0
+
+    end
+
+    def set_data data
+      @data_text.appendPlainText data.to_s
+    end
+
+    def clear
+      @data_text.clear
+    end
+
+
+  end
+end

data/lib/gui/{key_chain_widget.rb → keychain_widget.rb}

@@ -1,7 +1,9 @@
 require_relative '../lib/keychain_plist_parser'
+require_relative 'keychain_tab_widget'
 
 module Idb
-  class KeyChainWidget < Qt::TableWidget
+
+  class KeychainWidget < Qt::Widget
 
     def initialize *args
       super *args
@@ -15,17 +17,8 @@ module Idb
       @selection_model.connect(SIGNAL('selectionChanged(QItemSelection,QItemSelection)')) {|x,y|
         unless x.indexes.length == 0
           row = x.indexes[0].row
-          text = ""
-          text <<  "DATA\n"
-          text << "=======================\n"
-          text << @keychain.entries[row]["data"].to_s
-
-          text << "\n\nV_DATA\n"
-          text << "=======================\n"
-          text << @keychain.entries[row]["v_Data"].to_s
-          @details.clear
-          @details.appendPlainText text
-
+          @keychain_tab_widget.set_data @keychain.entries[row]["data"]
+          @keychain_tab_widget.set_vdata @keychain.entries[row]["v_Data"]
         end
 
       }
@@ -39,22 +32,24 @@ module Idb
 
       @layout.addWidget @keychain_tab, 0,0
 
-      @details = Qt::PlainTextEdit.new
-      @details.setReadOnly(true)
-      @layout.addWidget @details, 1, 0
 
       @dump = Qt::PushButton.new "Dump Keychain"
+      @layout.addWidget @dump, 2, 0
+
+      @keychain_tab_widget = KeychainTabWidget.new
+      @layout.addWidget @keychain_tab_widget, 3, 0
+
       @dump.connect(SIGNAL :released) {
         $device.dump_keychain
         @keychain = KeychainPlistParser.new "#{$tmp_path}/device/genp.plist"
         populate_table
       }
-      @layout.addWidget @dump, 2, 0
+
     end
 
+
     def populate_table
-      @details.clear
-      @model.clear
+      @keychain_tab_widget.clear
       @model.setHorizontalHeaderItem(0, Qt::StandardItem.new("Access Group"))
       @model.setHorizontalHeaderItem(1, Qt::StandardItem.new("Account"))
       @model.setHorizontalHeaderItem(2, Qt::StandardItem.new("Service"))
@@ -79,8 +74,5 @@ module Idb
 
     end
 
-
-
-
   end
-end
+end

data/lib/gui/main_tab_widget.rb

@@ -6,7 +6,7 @@ require_relative 'snoop_it_tab_widget'
 require_relative 'cycript_console_widget'
 require_relative 'pasteboard_monitor_widget'
 require_relative 'fs_viewer_tab_widget'
-require_relative 'key_chain_widget'
+require_relative 'keychain_widget'
 require_relative 'tool_widget'
 require 'Qt'
 
@@ -60,7 +60,7 @@ module Idb
       @log.setEnabled(false)
       @tabs[:log] = addTab(@log, "Log")
 
-      @keychain = KeyChainWidget.new self
+      @keychain = KeychainWidget.new self
       @keychain.setEnabled(false)
       @tabs[:keychain] = addTab(@keychain, "Keychain")
 

data/lib/idb/version.rb

@@ -1,3 +1,3 @@
 module Idb
-  VERSION = "1.3.1"
+  VERSION = "1.3.2"
 end

data/lib/lib/device.rb

@@ -81,7 +81,7 @@ module Idb
     end
 
     def start_port_forwarding
-      @port_forward_pid = Process.spawn("#{RbConfig.ruby} lib/helper/ssh_port_forwarder.rb"  )
+      @port_forward_pid = Process.spawn("#{RbConfig.ruby} #{File.dirname(File.expand_path(__FILE__))}/../helper/ssh_port_forwarder.rb"  )
     end
 
     def restart_port_forwarding
@@ -206,34 +206,34 @@ module Idb
 
     def upload_dumpdecrypted
       $log.info "Uploading dumpdecrypted library..."
-      @ops.upload("utils/dumpdecrypted/dumpdecrypted_armv6.dylib","/var/root/dumpdecrypted_armv6.dylib")
-      @ops.upload("utils/dumpdecrypted/dumpdecrypted_armv7.dylib","/var/root/dumpdecrypted_armv7.dylib")
+      @ops.upload("#{File.dirname(File.expand_path(__FILE__))}/../utils/dumpdecrypted/dumpdecrypted_armv6.dylib","/var/root/dumpdecrypted_armv6.dylib")
+      @ops.upload("#{File.dirname(File.expand_path(__FILE__))}/../utils/dumpdecrypted/dumpdecrypted_armv7.dylib","/var/root/dumpdecrypted_armv7.dylib")
       $log.info "'dumpdecrypted' installed successfully."
     end
 
     def install_keychain_dump
-      if File.exist? "utils/keychain_dump/keychain_dump"
+      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_dump/keychain_dump"
         upload_keychain_dump
       else
-        $log.error "keychain_dump not found at 'utils/keychain_dump/keychain_dump'."
+        $log.error "keychain_dump not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_dump/keychain_dump'."
         false
       end
     end
     def install_pcviewer
-      if File.exist? "utils/pcviewer/protectionclassviewer"
+      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer"
         upload_pcviewer
       else
-        $log.error "protectionclassviewer not found at 'utils/pcviewer/protectionclassviewer'."
+        $log.error "protectionclassviewer not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer'."
         false
       end
     end
 
 
     def install_pbwatcher
-      if File.exist? "utils/pbwatcher/pbwatcher"
+      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher"
         upload_pbwatcher
       else
-        $log.error "pbwatcher not found at 'utils/pbwatcher/pbwatcher'."
+        $log.error "pbwatcher not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher'."
         false
       end
     end
@@ -241,7 +241,7 @@ module Idb
     def upload_pcviewer
       begin
         $log.info "Uploading pcviewer..."
-        @ops.upload "utils/pcviewer/protectionclassviewer", "/var/root/protectionclassviewer"
+        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer", "/var/root/protectionclassviewer"
         @ops.chmod "/var/root/protectionclassviewer", 0744
         $log.info "'pcviewer' installed successfully."
   #      true
@@ -254,7 +254,7 @@ module Idb
     def upload_keychain_dump
       begin
         $log.info "Uploading keychain_dump..."
-        @ops.upload "utils/keychain_dump/keychain_dump", "/var/root/keychain_dump"
+        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_dump/keychain_dump", "/var/root/keychain_dump"
         @ops.chmod "/var/root/keychain_dump", 0744
         $log.info "'keychain_dump' installed successfully."
   #      true
@@ -266,7 +266,7 @@ module Idb
     def upload_pbwatcher
       begin
         $log.info "Uploading pbwatcher..."
-        @ops.upload "utils/pbwatcher/pbwatcher", "/var/root/pbwatcher"
+        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher", "/var/root/pbwatcher"
         @ops.chmod "/var/root/pbwatcher", 0744
         $log.info "'pbwatcher' installed successfully."
   #      true

data/lib/run_idb.rb

@@ -0,0 +1,3 @@
+require_relative 'idb'
+
+idb = Idb::Idb.run

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: idb
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Daniel A. Mayer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-30 00:00:00.000000000 Z
+date: 2014-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -276,7 +276,22 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Still under test but ready for prime-time soon!
+- !ruby/object:Gem::Dependency
+  name: hexdump
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: idb is a tool to simplify some common tasks for iOS pentesting and research.
+  Please see https://github.com/dmayer/idb for more details on installation and usage.
 email:
 - mayer@cysec.org
 executables:
@@ -293,8 +308,6 @@ files:
 - Rakefile
 - bin/idb
 - idb.gemspec
-- lib/LICENSE
-- lib/README.md
 - lib/config/.dummy
 - lib/config/settings.yml
 - lib/gui/app_binary_tab_widget.rb
@@ -318,7 +331,10 @@ files:
 - lib/gui/images/folder.ico
 - lib/gui/images/iphone.ico
 - lib/gui/images/screenshot.png
-- lib/gui/key_chain_widget.rb
+- lib/gui/keychain_binary_widget.rb
+- lib/gui/keychain_tab_widget.rb
+- lib/gui/keychain_text_widget.rb
+- lib/gui/keychain_widget.rb
 - lib/gui/local_storage_tab_widget.rb
 - lib/gui/log_plain_text_edit.rb
 - lib/gui/log_widget.rb
@@ -375,6 +391,7 @@ files:
 - lib/lib/url_scheme_fuzzer.rb
 - lib/lib/usb_muxd_wrapper.rb
 - lib/lib/weak_class_dump_wrapper.rb
+- lib/run_idb.rb
 - lib/utils/dumpdecrypted/README
 - lib/utils/dumpdecrypted/dumpdecrypted_armv6.dylib
 - lib/utils/dumpdecrypted/dumpdecrypted_armv7.dylib

data/lib/LICENSE

@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 Daniel A. Mayer
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/README.md

@@ -1,54 +0,0 @@
-# gidb
-
-gidb is a tool to simplify some common tasks for iOS pentesting and research. It is still a work in progress but already provides a bunch of (hopefully) useful commands. The goal was to provide all (or most) functionality for both, iDevices and the iOS simulator.  For this, a lot is abstracted internally to make it work transparently for both environments. Although recently the focus has been more on supporting devices.
-
-idb was released as part of a talk at [ShmooCon](http://shmoocon.org) 2014. The [slides of the talk](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting) are up on [Speakerdeck](https://speakerdeck.com/dmayer/introducing-idb-simplified-blackbox-ios-app-pentesting). [Video](https://archive.org/details/ShmooCon2014_Introducing_idb_Simplified_Blackbox_iOS_App_Pentesting) is available on [archive.org](http://www.archive.org) There is also a [blog post](http://cysec.org/blog/2014/01/23/idb-ios-research-slash-pentesting-tool/) on my [personal website](http://cysec.org).
-
-## Getting Started 
-Visit the [getting started guide](//github.com/dmayer/idb/wiki/Getting-started) on the wiki to get installation instructions. Next, there is a basic [manual and walk-through](//github.com/dmayer/idb/wiki/Manual-and--Walk-Through) available as well.
-
-Bug reports, feature requests, and contributions are more than welcome!
-
-## Command-Line Version
-idb started out as a command line tool which is still accessible through the `cli` branch. Find the [getting started](//github.com/dmayer/idb/wiki/CLI-Version:-Getting-Started) guide and some more documentation in the wiki.
-
-## gidb Features
-
-* Simplified pentesting setup
-    * Setup port forwarding 
-    * Certificate management
-* iOS log viewer
-* Screen shot utility
-    * Simplifies testing for the creation of backgrounding screenshots
-* App-related functions
-     * App binary
-        * Download
-        * List imported libraries
-        * Check for encryption, ASLR, stack canaries
-        * Decrypt and download an app binary (requires [dumpdecrypted](//github.com/stefanesser/dumpdecrypted))
-     * Launch an app
-     * View app details such as name, bundleid, and `Info.plist` file.
-* Inter-Process Communication
-     * URL Handlers
-        * List URL handlers
-        * Invoke and fuzz URL handlers
-     * Pasteboard monitor
-* Analyze local file storage
-    * Search for, download, and view plist files
-    * Search for, download, and view sqlite databases
-    * Search for, download, and view local caches  (`Cache.db`)
-    * File system browser
-* Install utilities on iDevices 
-    * Install [iOS SSL killswitch](//github.com/iSECPartners/ios-ssl-kill-switch)
-    * alpha: Compile and install [dumpdecrypted](//github.com/stefanesser/dumpdecrypted)
-* Alpha:
-  * Cycript console
-  * Snoop-It integration
-
-## Documentation
-Some documentation can be found on the [wiki](//github.com/dmayer/idb/wiki).
-
-## FAQ
-
-### Q: After staring idb, the menu bar does not appear
-A: This seems to be a bug when using ruby 2.1 on OS X. I have no idea why this is happening, but switching to a different application and the back to idb fixes it. Any pointers on how to fix this are greatly appreciated!