idb 2.8.5 → 2.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 64d37de3432acafe6d8534cb1b232139c3f43451
-  data.tar.gz: bcb894ffd86ea70e2e17a7a6989a6cc85bcd264a
+  metadata.gz: dc3813e5d7a7c00e6f7bea27eaa8458f11079789
+  data.tar.gz: efa1b2b57cc7bc2ea41aefd2d273393e2574b8b9
 SHA512:
-  metadata.gz: c99bb19a9c6c9caf1e7fb53fb66b1ea43eae545196db9917a151b40cb92bb21c3b4af4cd1222a2a12258e41cd45e863d7b4884da82d1763496d86fd03069e3d3
-  data.tar.gz: 9184bb8182e4bd7cc9377625d6901daefea75b9aa8f78aba9249592135aa7284dea4f22b0d47f1e73fbedc18d7484a5f7df6a31b899efecc0ce42be95d32eb4e
+  metadata.gz: e7a8dd3eda610331196674b8fdc6401140a5d66a3b610e046e19ecd71de5b995107a3076b11d925f88b356f7bed1a0738be8a0faf596bec5bb39e546b7ad3ae4
+  data.tar.gz: 16b571a0abeb06e6c840723ae0c1479ddb26fbd6a2c35be4208254cce49fc179c9858a3a9778c8c44fe7c69e780184fa8698d51202f2b36561c55cb6878a2f17

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    idb (2.8.5)
+    idb (2.9.0)
       awesome_print
       coderay
       ffi
@@ -37,18 +37,24 @@ GEM
     libxml4r (0.2.6)
       libxml-ruby (>= 1.1.3)
     log4r (1.1.10)
+    method_source (0.8.2)
     mini_portile2 (2.0.0)
     net-sftp (2.1.2)
       net-ssh (>= 2.6.5)
     net-ssh (3.0.1)
-    nokogiri (1.6.7.1)
+    nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
     plist4r (1.2.2)
       haml
       libxml-ruby
       libxml4r
+    pry (0.10.4)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
     qtbindings (4.8.6.2)
     rake (10.4.2)
+    slop (3.6.0)
     sqlite3 (1.3.11)
     tilt (2.0.1)
 
@@ -58,4 +64,8 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.6)
   idb!
+  pry
   rake
+
+BUNDLED WITH
+   1.12.5

data/idb.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "pry"
 
   spec.add_runtime_dependency 'launchy'
   spec.add_runtime_dependency 'plist4r'

data/lib/gui/app_list_dialog.rb

@@ -44,7 +44,7 @@ module Idb
     end
 
     def refresh_app_list
-      if $device.ios_version == 8
+      if $device.ios_version >= 8
         box = Qt::MessageBox.new 1, "Refreshing...", "Refreshing uicache to ensure app information is up-to-date. This may take a few seconds."
         box.setStandardButtons(0)
         box.show

data/lib/gui/device_status_dialog.rb

@@ -15,12 +15,6 @@ module Idb
       setFixedHeight(sizeHint().height());
     end
 
-    def mark_clutch_installed
-      @clutch_label.text = @clutch_label.text + "<br>found: #{$device.clutch_path}"
-      @layout.addWidget installed_check_mark, 8, 1
-      setFixedHeight(sizeHint().height());
-    end
-
     def mark_keychain_editor_installed
       @keychain_editor_label.text = @keychain_editor_label.text + "<br>found: #{$device.keychain_editor_path}"
       @layout.addWidget installed_check_mark, 6, 1
@@ -275,7 +269,6 @@ module Idb
       end
     end
 
-
     def initialize *args
       super *args
       @layout = Qt::GridLayout.new
@@ -287,7 +280,7 @@ module Idb
         reject()
       }
       #TODO: prevent closing
-      @layout.addWidget @close_button, 9, 2
+      @layout.addWidget @close_button, 10, 2
 
       apt_get_section
       open_section
@@ -305,4 +298,4 @@ module Idb
 
 
     end
-  end
+  end

data/lib/gui/fs_viewer_tab_widget.rb

@@ -53,7 +53,7 @@ module Idb
       @layout.addWidget @rsync, 0,4
       @rsync.connect(SIGNAL :released) {
         @manager.start_new_revision
-        if $device.ios_version == 8
+        if $device.ios_version >= 8
           @manager.sync_dir $selected_app.app_dir, "app_bundle"
           @manager.sync_dir $selected_app.data_dir, "data_bundle"
         else
@@ -328,7 +328,7 @@ module Idb
 
       @controls.update_start
 
-      if $device.ios_version == 8
+      if $device.ios_version >= 8
         start_ios_8
       else
         start_ios_pre8

data/lib/idb.rb

@@ -24,71 +24,64 @@ module Idb
   $height = 768
 
   class Idb < Qt::MainWindow
+    def initialize
+      super
 
-      def initialize
-        super
+      # initialize log
+      $log = Log4r::Logger.new 'idb'
+      outputter = Log4r::Outputter.stdout
+      outputter.formatter =  Log4r::PatternFormatter.new(:pattern => "[%l] %d :: %c ::  %m")
 
+      $log.outputters = [ outputter ]
 
-        # initialize log
-        $log = Log4r::Logger.new 'idb'
-        outputter = Log4r::Outputter.stdout
-        outputter.formatter =  Log4r::PatternFormatter.new(:pattern => "[%l] %d :: %c ::  %m")
-
-        $log.outputters = [ outputter ]
-
-        if RUBY_VERSION.start_with? "2.0"
-          error = Qt::MessageBox.new
-          error.setInformativeText("You are using ruby 2.0 which does not work well with QT bindings: custom signals don't work. It is very likely that idb will not function as intended. Consider using ruby 1.9 or 2.1 instead.")
-          error.setIcon(Qt::MessageBox::Critical)
-          error.exec
-        end
-
-
-
-        # enable threading. See https://github.com/ryanmelt/qtbindings/issues/63
-        @thread_fix = QtThreadFix.new
-        settings_path = File.dirname(ENV['HOME'] + "/.idb/config/")
-        $tmp_path = ENV['HOME'] + "/.idb/tmp/"
-        puts $tmp_path
-        unless File.directory?(settings_path)
-          $log.info "Creating settings directory: #{settings_path}"
-          FileUtils.mkdir_p(settings_path)
-        end
+      if RUBY_VERSION.start_with? "2.0"
+        error = Qt::MessageBox.new
+        error.setInformativeText("You are using ruby 2.0 which does not work well with QT bindings: custom signals don't work. It is very likely that idb will not function as intended. Consider using ruby 1.9 or 2.1 instead.")
+        error.setIcon(Qt::MessageBox::Critical)
+        error.exec
+      end
 
-        settings_filename = "settings.yml"
-        $settings = Settings.new "#{settings_path}/#{settings_filename}"
+      # enable threading. See https://github.com/ryanmelt/qtbindings/issues/63
+      @thread_fix = QtThreadFix.new
+      settings_path = File.dirname(ENV['HOME'] + "/.idb/config/")
+      $tmp_path = ENV['HOME'] + "/.idb/tmp/"
+      puts $tmp_path
+      unless File.directory?(settings_path)
+        $log.info "Creating settings directory: #{settings_path}"
+        FileUtils.mkdir_p(settings_path)
+      end
 
-        setWindowTitle "idb"
-        Qt::CoreApplication::setApplicationName("idb")
-        setWindowIconText('idb')
-        init_ui
+      settings_filename = "settings.yml"
+      $settings = Settings.new "#{settings_path}/#{settings_filename}"
 
-  #      size = Qt::Size.new($width, $height)
-  #      size = size.expandedTo(self.minimumSizeHint())
-  #      resize(size)
-  #        resize $width, $height
+      setWindowTitle "idb"
+      Qt::CoreApplication::setApplicationName("idb")
+      setWindowIconText('idb')
+      init_ui
 
-  #      center
+      self.showMaximized()
+      self.raise
+      self.activateWindow
 
-        self.showMaximized()
-        self.raise
-        self.activateWindow
+    end
 
-      end
+    def self.root
+      File.expand_path('../..',__FILE__)
+    end
 
-     def self.execute_in_main_thread(blocking = false, sleep_period = 0.001)
-      if Thread.current != Thread.main
-        complete = false
-        QtThreadFix.ruby_thread_queue << lambda {|| yield; complete = true}
-        if blocking
-          until complete
-            sleep(sleep_period)
-          end
+  def self.execute_in_main_thread(blocking = false, sleep_period = 0.001)
+    if Thread.current != Thread.main
+      complete = false
+      QtThreadFix.ruby_thread_queue << lambda {|| yield; complete = true}
+      if blocking
+        until complete
+          sleep(sleep_period)
         end
-      else
-        yield
       end
+    else
+      yield
     end
+  end
 
       def init_ui
         # setup central widget and grid layout
@@ -290,6 +283,4 @@ module Idb
 
     end
   end
-
-
 end

data/lib/idb/version.rb

@@ -1,3 +1,3 @@
 module Idb
-        VERSION = "2.8.5"
+        VERSION = "2.9.0"
 end

data/lib/lib/app.rb

@@ -16,15 +16,18 @@ module Idb
       @app_dir = "#{$device.apps_dir}/#{@uuid}"
       parse_info_plist
 
-      if $device.ios_version == 8
-        mapping_file = "/var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist"
+      if $device.ios_version >= 8
+        if $device.ios_version == 8
+          mapping_file = "/var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist"
+        else
+          mapping_file = "/private/var/installd/Library/MobileInstallation/LastLaunchServicesMap.plist"
+        end
         local_mapping_file =  cache_file mapping_file
         @services_map = IOS8LastLaunchServicesMapWrapper.new local_mapping_file
-
         @data_dir = @services_map.data_path_by_bundle_id @info_plist.bundle_identifier
         @keychain_access_groups = @services_map.keychain_access_groups_by_bundle_id @info_plist.bundle_identifier
 
-       else
+      else
         @data_dir = @app_dir
       end
 
@@ -48,19 +51,29 @@ module Idb
     end
 
     def decrypt_binary!
+      $log.info "Running '#{binary_path}'"
+      full_remote_path = binary_path
+      $log.error "Decryption failed. Trying using dumpdecrypted..."
+
       unless $device.dumpdecrypted_installed?
         $log.error "dumpdecrypted not installed."
         return false
       end
 
-      dylib = "dumpdecrypted_#{$device.arch}.dylib"
+      dylib_path = $device.path_for("dumpdecrypted_#{$device.arch}".to_sym)
 
-      $log.info "Running '#{binary_path}'"
-      full_remote_path = binary_path
-      decrypted_path = "/var/root/#{File.basename full_remote_path}.decrypted"
+      # If the ios version is less than 9 then we execute dumpdecrypted as
+      # root. iOS 9 requires dumpdecrypted to be run as the mobile user.
+      if $device.ios_version < 9
+        #TODO: Is this the best way to do this?
+        decrypted_path = "/var/root/#{File.basename full_remote_path}.decrypted"
+        $device.ops.execute "DYLD_INSERT_LIBRARIES=#{dylib_path} \"#{full_remote_path}\""
+      else
+        #TODO: Is this the best way to do this?
+        decrypted_path = "/var/mobile/#{File.basename full_remote_path}.decrypted"
+        $device.ops.execute "DYLD_INSERT_LIBRARIES=#{dylib_path} \"#{full_remote_path}\"", { as_user: "mobile" }
+      end
 
-      $device.ops.execute "cd /var/root/"
-      $device.ops.execute "DYLD_INSERT_LIBRARIES=dumpdecrypted_armv7.dylib \"#{full_remote_path}\""
       $log.info "Checking if decrypted file #{decrypted_path} was created..."
       if not $device.ops.file_exists? decrypted_path
         $log.error "Decryption failed. Trying armv6 build for iOS 6 and earlier..."
@@ -164,8 +177,8 @@ module Idb
     end
 
     def data_directory
-      if $device.ios_version != 8
-        "[iOS 8 specific]"
+      if $device.ios_version < 8
+        "[iOS 8+ specific]"
       else
         @data_dir
       end

data/lib/lib/device.rb

@@ -29,9 +29,8 @@ module Idb
       @device_app_paths[:keychaineditor] = [ "/var/root/keychaineditor"]
       @device_app_paths[:pcviewer] = ["/var/root/protectionclassviewer"]
       @device_app_paths[:pbwatcher] = ["/var/root/pbwatcher"]
-      @device_app_paths[:dumpdecrypted_armv7] = ["/var/root/dumpdecrypted_armv7.dylib"]
-      @device_app_paths[:dumpdecrypted_armv6] = ["/var/root/dumpdecrypted_armv6.dylib"]
-      @device_app_paths[:clutch] = ["/usr/bin/Clutch"]
+      @device_app_paths[:dumpdecrypted_armv7] = ["/usr/lib/dumpdecrypted_armv7.dylib"]
+      @device_app_paths[:dumpdecrypted_armv6] = ["/usr/lib/dumpdecrypted_armv6.dylib"]
 
       if $settings['device_connection_mode'] == "ssh"
         $log.debug "Connecting via SSH"
@@ -66,8 +65,15 @@ module Idb
       @apps_dir_ios_8 = '/private/var/mobile/Containers/Bundle/Application'
       @data_dir_ios_8 = '/private/var/mobile/Containers/Data/Application'
 
+      @apps_dir_ios_9 = '/private/var/containers/Bundle/Application'
+      @data_dir_ios_9 = @data_dir_ios_8
 
-      if @ops.directory? @apps_dir_ios_8
+      if @ops.directory? @apps_dir_ios_9
+        @ios_version = 9
+        @apps_dir = @apps_dir_ios_9
+        @data_dir = @data_dir_ios_9
+
+      elsif @ops.directory? @apps_dir_ios_8
         @ios_version = 8
         @apps_dir = @apps_dir_ios_8
         @data_dir = @data_dir_ios_8
@@ -124,10 +130,6 @@ module Idb
       @ops.launch_app(open_path, app.bundle_id)
     end
 
-
-
-
-
     def is_installed? tool
       $log.info "Checking if #{tool} is installed..."
       if path_for(tool).nil?
@@ -151,6 +153,9 @@ module Idb
 
     def install_dumpdecrypted
       upload_dumpdecrypted
+      # Change permissions as this needs to be run as the mobile user
+      @ops.chmod dumpdecrypted_path, 0755
+      @ops.chmod dumpdecrypted_path_armv6, 0755
     end
 
     def install_dumpdecrypted_old
@@ -216,8 +221,8 @@ module Idb
 
     def upload_dumpdecrypted
       $log.info "Uploading dumpdecrypted library..."
-      @ops.upload("#{File.dirname(File.expand_path(__FILE__))}/../utils/dumpdecrypted/dumpdecrypted_armv6.dylib","/var/root/dumpdecrypted_armv6.dylib")
-      @ops.upload("#{File.dirname(File.expand_path(__FILE__))}/../utils/dumpdecrypted/dumpdecrypted_armv7.dylib","/var/root/dumpdecrypted_armv7.dylib")
+      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv6.dylib", @device_app_paths[:dumpdecrypted_armv6].first)
+      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv7.dylib", @device_app_paths[:dumpdecrypted_armv7].first)
       $log.info "'dumpdecrypted' installed successfully."
     end
 
@@ -274,6 +279,7 @@ module Idb
       end
     end
     def upload_pbwatcher
+      # TODO What's happening here?
       begin
         $log.info "Uploading pbwatcher..."
         @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher", "/var/root/pbwatcher"
@@ -286,16 +292,15 @@ module Idb
       end
     end
 
-    def setup_clutch_sources
-      @ops.execute("echo “deb http://cydia.iphonecake.com ./“ > /etc/apt/sources.list.d/idb_clutch.list")
-    end
 
     def install_from_cydia package
       if apt_get_installed?
         $log.info "Updating package repo..."
         @ops.execute("#{apt_get_path} -y update")
         $log.info "Installing #{package}..."
+
         @ops.execute("#{apt_get_path} -y install #{package}")
+
         return true
       else
         $log.error "apt-get or aptitude not found on the device"
@@ -307,10 +312,6 @@ module Idb
       install_from_cydia "com.conradkramer.open"
     end
 
-    def install_clutch
-      install_from_cydia "com.iphonecake.clutch"
-    end
-
     def install_rsync
       install_from_cydia "rsync"
     end
@@ -350,7 +351,15 @@ module Idb
     end
 
     def configured?
-      apt_get_installed? and open_installed? and openurl_installed? and dumpdecrypted_installed? and pbwatcher_installed? and pcviewer_installed? and keychain_editor_installed? and rsync_installed? and cycript_installed?
+      apt_get_installed? and
+         open_installed? and
+         openurl_installed? and
+         dumpdecrypted_installed? and
+         pbwatcher_installed? and
+         pcviewer_installed? and
+         keychain_editor_installed? and
+         rsync_installed? and
+         cycript_installed?
     end
 
 
@@ -391,16 +400,10 @@ module Idb
       is_installed? :aptget
     end
 
-    def clutch_installed?
-      is_installed? :clutch
-    end
-
     def keychain_editor_path
       path_for :keychaineditor
     end
 
-
-
     def pcviewer_path
       path_for  :pcviewer
     end
@@ -415,6 +418,10 @@ module Idb
       path_for :dumpdecrypted_armv7
     end
 
+    def dumpdecrypted_path_armv6
+      path_for :dumpdecrypted_armv6
+    end
+
     def rsync_path
       path_for :rsync
     end
@@ -434,10 +441,6 @@ module Idb
       path_for :aptget
     end
 
-    def clutch_path
-      path_for :clutch
-    end
-
     def cycript_path
       path_for :cycript
     end

data/lib/lib/otool_wrapper.rb

@@ -58,6 +58,25 @@ module Idb
     end
 
 
+    def hashify_otool_output(otool_output)
+      # otool output may contain multiple mach headers
+      mach_headers = otool_output.split("Mach header\n").map(&:strip)
+
+      # The newest otool version no longer echos the path of the binary being
+      # inspected. Here we reject that line if it shows up in the output of
+      # otool as well as any blank lines
+      mach_headers.reject!{|line| line == "" or line.include?(@binary)}
+
+      # convert otool output to a hash
+      mach_headers.map do |mach_header|
+        mach_hash = {}
+        headers, values = mach_header.split("\n").map(&:split)
+        headers.each_with_index do |header, index|
+          mach_hash[header] = values[index]
+        end
+        mach_hash
+      end
+    end
 
 
     def parse_header
@@ -68,19 +87,19 @@ module Idb
       pie_flag = 0x00200000
       @raw_load_output = `#{@otool_path} -h '#{@binary}'`
 
-      # fourth row contains values. then split them up.
-      vals = @raw_load_output.split("\n")[3].split(" ")
 
-      #7th field contains the flags
-      flags = vals[7].to_i(16)
+      mach_hashes = hashify_otool_output(@raw_load_output)
+      $log.info "Mach Hashes: #{mach_hashes}"
 
-      if flags & pie_flag == pie_flag
-        @pie = true
-      else
-        @pie = false
+      # extract the Position Independent Executable (PIE) flag from the flags
+      # value.
+      mach_hashes.each do |mach_hash|
+        if (mach_hash["flags"].to_i(16) & pie_flag) == pie_flag
+          @pie = true
+        else
+          @pie = false
+        end
       end
-
-
     end
 
     def parse_load_commands
@@ -108,9 +127,5 @@ module Idb
         end
       }
     end
-
-
-
-
   end
 end

data/lib/lib/ssh_operations.rb

@@ -36,8 +36,18 @@ module Idb
     end
 
 
-    def execute(command)
-      @ssh.exec! command
+    def execute(command, opts={})
+      if opts[:as_user]
+        command = "su - #{ opts[:as_user] } -c \"#{command}\""
+      end
+
+      if opts[:non_blocking]
+        $log.debug "Executing non-blocking SSH command: #{command}"
+        @ssh.exec command
+      else
+        $log.debug "Executing blocking SSH command: #{command}"
+        @ssh.exec! command
+      end
     end
 
     def chmod file, permissions
@@ -133,4 +143,4 @@ module Idb
     end
 
   end
-end
+end

data/lib/lib/ssh_port_forwarder.rb

@@ -40,4 +40,4 @@ module Idb
 
 
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: idb
 version: !ruby/object:Gem::Version
-  version: 2.8.5
+  version: 2.9.0
 platform: ruby
 authors:
 - Daniel A. Mayer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-26 00:00:00.000000000 Z
+date: 2016-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: launchy
   requirement: !ruby/object:Gem::Requirement
@@ -383,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: idb is a tool to simplify some common tasks for iOS pentesting and research.