idb 2.9.0 → 2.9.1

data/lib/lib/ca_interface.rb

@@ -3,42 +3,36 @@ require 'digest/sha1'
 require 'sqlite3'
 require "webrick"
 
-
-
 module Idb
   class CAInterface
-
     # performs uninstall based on sha1 hash provided in certfile
-    def remove_cert cert
+    def remove_cert(cert)
       der = cert.to_der
 
-      query = %Q|DELETE FROM "tsettings" WHERE sha1 = #{blobify(sha1_from_der der)};|
+      query = %(DELETE FROM "tsettings" WHERE sha1 = #{blobify(sha1_from_der(der))};)
       begin
         db = SQLite3::Database.new(@db_path)
         db.execute(query)
         db.close
-      rescue Exception => e
+      rescue StandardError => e
         raise "[*] Error writing to SQLite database at #{@db_path}: #{e.message}"
-        return
       end
-      puts "[*] Operation complete"
     end
 
-    def server_cert cert_file
+    def server_cert(cert_file)
       FileUtils.mkpath "#{$tmp_path}/CAs"
       cert_file_cache = "#{$tmp_path}/CAs/CA.pem"
 
       FileUtils.copy cert_file, cert_file_cache
-      #copy cert file to tmp
-      @server_thread = Thread.new {
-        @server = WEBrick::HTTPServer.new(:Port => $settings['idb_utility_port'])
+      # copy cert file to tmp
+      @server_thread = Thread.new do
+        @server = WEBrick::HTTPServer.new(Port: $settings['idb_utility_port'])
         @server.mount "/", WEBrick::HTTPServlet::FileHandler, "#{$tmp_path}/CAs/"
         @server.start
-      }
+      end
 
       sleep 0.5
       $device.open_url "http://localhost:#{$settings['idb_utility_port']}/CA.pem"
-
     end
 
     def stop_cert_server
@@ -46,53 +40,58 @@ module Idb
       @server_thread.terminate unless @server_thread.nil?
     end
 
-
-    def add_cert cert_file
+    def read_cert(cert_file)
       cert_file = File.expand_path(cert_file)
-      if not File.exist? cert_file
-        raise "File #{cert_file} does not exist."
-      end
+      raise "File #{cert_file} does not exist." unless File.exist? cert_file
 
-      cert = parse_certificate cert_file
+      parse_certificate cert_file
+    end
+
+    def add_cert(cert_file)
+      cert = read_cert cert_file
 
       # create plist file
-      #TODO might want to use the plist library instead
-      tset   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<array/>\n</plist>\n"
-      data   = cert[:cert].to_der
+      # TODO might want to use the plist library instead
+      tset = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" \
+             "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\"" \
+             " \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n" \
+             "<plist version=\"1.0\">\n<array/>\n</plist>\n"
+      data = cert[:cert].to_der
+
+      insert_cert_into_trust_store cert[:fprint], cert[:subject], tset, data
+    end
 
+    def insert_cert_into_trust_store(fprint, subject, tset, data)
       puts "[*] Inserting certificate into trust store..."
 
-      query = %Q|INSERT INTO "tsettings" VALUES(#{blobify(cert[:fprint])},#{blobify(cert[:subject])},#{blobify(tset)},#{blobify(data)});|
+      query = %|INSERT INTO "tsettings" VALUES(#{blobify(fprint)},
+              #{blobify(subject)},#{blobify(tset)},#{blobify(data)});|
       begin
         db = SQLite3::Database.new(@db_path)
         db.execute(query)
         db.close
-      rescue Exception => e
-        if e.message.include? "column sha1 is not unique"
-          raise "The same certificate is installed already."
-        else
-          raise "Error writing to SQLite database at #{@db_path}: #{e.message}"
-        end
-        return
+      rescue StandardError => e
+        error = "column sha1 is not unique"
+        raise "The certificate is installed already." if e.message.include? error
+        raise "Error writing to SQLite database at #{@db_path}: #{e.message}"
       end
     end
 
-    def get_certs
-      query = %Q|SELECT * FROM "tsettings";|
+    def certs
+      query = %(SELECT * FROM "tsettings";)
       begin
         db = SQLite3::Database.new(@db_path)
         result = db.execute(query)
         db.close
-      rescue Exception => e
+      rescue StandardError => e
         raise "Error reading from SQLite database at #{@db_path}: #{e.message}"
       end
-      result.map { |x|
+      result.map do |x|
         OpenSSL::X509::Certificate.new(x[3])
-      }
+      end
     end
 
-
-    def sha1_from_der der
+    def sha1_from_der(der)
       Digest::SHA1.digest(der)
     end
 
@@ -106,7 +105,7 @@ module Idb
       "X'#{string_to_hex bin}'"
     end
 
-    def parse_certificate cert_file
+    def parse_certificate(cert_file)
       puts "[*] Reading and converting certificate..."
       # Open and convert certificate
       cert   = OpenSSL::X509::Certificate.new(File.read(cert_file))
@@ -114,38 +113,26 @@ module Idb
       subj   = cert.subject.to_der
       puts subj.inspect
       # Thanks Andy Schmitz
-      #toSkip = (subj[1].ord & 0x80) == 0 ? 2 : ((subj[2].ord & 0x7f) + 2)
-      toSkip = 3
-      subj   = subj[toSkip..-1]
-  #    subj = subj.gsub("PortSwigger","PORTSWIGGER")
-      #subj = "1\v0\t\x06\x03U\x04\x06\x13\x02US1\v0\t\x06\x03U\x04\b\x13\x02IL1\x100\x0E\x06\x03U\x04\a\x13\aCHICAGO1\x1A0\x18\x06\x03U\x04\n\x13\x11MATASANO SECURITY1\e0\x19\x06\x03U\x04\v\x13\x12PENTESTING MADNESS1\x1F0\x1D\x06\x03U\x04\x03\x13\x16CA.DANIEL.MATASANO.COM"
+      # to_skip = (subj[1].ord & 0x80) == 0 ? 2 : ((subj[2].ord & 0x7f) + 2)
+      to_skip = 3
+      subj = subj[to_skip..-1]
       puts subj.inspect
 
-      #subj = "1\x140\x12\x06\x03U\x04\x06\x13\vPORTSWIGGER1\x140\x12\x06\x03U\x04\b\x13\vPORTSWIGGER1\x140\x12\x06\x03U\x04\a\x13\vPORTSWIGGER1\x140\x12\x06\x03U\x04\n\x13\vPORTSWIGGER1\x170\x15\x06\x03U\x04\v\x13\x0EPORTSWIGGER CA1\x170\x15\x06\x03U\x04\x03\x13\x0EPORTSWIGGER CA"
-
-      return {:cert => cert, :fprint => fprint, :subject => subj}
+      { cert: cert, fprint: fprint, subject: subj }
     end
 
-
-    def validate? cert_file
-      if not File.exist? cert_file
+    def validate?(cert_file)
+      unless File.exist? cert_file
         puts "File #{cert_file} does not exist."
         return false
       end
 
-      if not File.file? cert_file
+      unless File.file? cert_file
         puts "#{cert_file} is not a file."
         return false
       end
 
-      return true
+      true
     end
   end
-
-  class CAServlet < WEBrick::HTTPServlet::AbstractServlet
-      def do_GET (request, response)
-
-      end
-
-  end
 end

data/lib/lib/device.rb

@@ -9,10 +9,9 @@ require 'json'
 module Idb
   class Device < AbstractDevice
     attr_accessor :usb_ssh_port, :mode, :tool_port, :ios_version
+    attr_reader :data_dir
 
-    def initialize username, password, hostname, port
-
-
+    def initialize(username, password, hostname, port)
       @username = username
       @password = password
       @hostname = hostname
@@ -20,13 +19,15 @@ module Idb
 
       @app = nil
 
-      @device_app_paths = Hash.new
-      @device_app_paths[:cycript] = [ "/usr/bin/cycript" ]
-      @device_app_paths[:rsync] = [ "/usr/bin/rsync" ]
+      @device_app_paths = {}
+      @device_app_paths[:cycript] = ["/usr/bin/cycript"]
+      @device_app_paths[:rsync] = ["/usr/bin/rsync"]
       @device_app_paths[:open] = ["/usr/bin/open"]
-      @device_app_paths[:openurl] = ["/usr/bin/uiopen", "/usr/bin/openurl",  "/usr/bin/openURL"]
-      @device_app_paths[:aptget] = ["/usr/bin/apt-get",  "/usr/bin/aptitude"]
-      @device_app_paths[:keychaineditor] = [ "/var/root/keychaineditor"]
+      @device_app_paths[:openurl] = ["/usr/bin/uiopen",
+                                     "/usr/bin/openurl",
+                                     "/usr/bin/openURL"]
+      @device_app_paths[:aptget] = ["/usr/bin/apt-get", "/usr/bin/aptitude"]
+      @device_app_paths[:keychaineditor] = ["/var/root/keychaineditor"]
       @device_app_paths[:pcviewer] = ["/var/root/protectionclassviewer"]
       @device_app_paths[:pbwatcher] = ["/var/root/pbwatcher"]
       @device_app_paths[:dumpdecrypted_armv7] = ["/usr/lib/dumpdecrypted_armv7.dylib"]
@@ -45,10 +46,7 @@ module Idb
 
         @usbmuxd.proxy proxy_port, $settings['ssh_port']
         sleep 1
-
-
-
-
+        
         @ops = SSHOperations.new username, password, 'localhost', proxy_port
 
         @usb_ssh_port = $settings['manual_ssh_port']
@@ -87,6 +85,7 @@ module Idb
         $log.error "Unsupported iOS Version."
         raise
       end
+      $log.info "iOS Version: #{@ios_version} with apps dir: #{@apps_dir} and data dir: #{@data_dir}"
 
       start_port_forwarding
     end
@@ -95,7 +94,6 @@ module Idb
       @ops.ssh
     end
 
-
     def disconnect
       @ops.disconnect
     end
@@ -109,7 +107,8 @@ module Idb
     end
 
     def start_port_forwarding
-      @port_forward_pid = Process.spawn("#{RbConfig.ruby} #{File.dirname(File.expand_path(__FILE__))}/../helper/ssh_port_forwarder.rb"  )
+      command = "#{RbConfig.ruby} #{Idb.root}/lib/helper/ssh_port_forwarder.rb"
+      @port_forward_pid = Process.spawn(command)
     end
 
     def restart_port_forwarding
@@ -118,7 +117,7 @@ module Idb
       start_port_forwarding
     end
 
-    def protection_class file
+    def protection_class(file)
       @ops.execute "#{pcviewer_path} '#{file}'"
     end
 
@@ -126,11 +125,11 @@ module Idb
       false
     end
 
-    def app_launch app
+    def app_launch(app)
       @ops.launch_app(open_path, app.bundle_id)
     end
 
-    def is_installed? tool
+    def is_installed?(tool)
       $log.info "Checking if #{tool} is installed..."
       if path_for(tool).nil?
         $log.warn "#{tool} not found."
@@ -141,16 +140,13 @@ module Idb
       end
     end
 
-    def path_for tool
-      @device_app_paths[tool].each { |x|
-        if @ops.file_exists? x
-          return x
-        end
-      }
-      return nil
+    def path_for(tool)
+      @device_app_paths[tool].each do |device_app_path|
+        return device_app_path if @ops.file_exists? device_app_path
+      end
+      nil
     end
 
-
     def install_dumpdecrypted
       upload_dumpdecrypted
       # Change permissions as this needs to be run as the mobile user
@@ -158,142 +154,70 @@ module Idb
       @ops.chmod dumpdecrypted_path_armv6, 0755
     end
 
-    def install_dumpdecrypted_old
-      unless File.exist? "utils/dumpdecrypted/dumpdecrypted.dylib"
-        puts "[**] Warning: dumpdecrypted not compiled."
-        puts "[**] Due to licensing issue we cannot ship the compiled library with this tool."
-        puts "[**] Attempting compilation (requires a valid iOS SDK installation)..."
-        compile_dumpdecrypted
-
-        if File.exist? "utils/dumpdecrypted/dumpdecrypted.dylib"
-          puts "[**] Compilation successful."
-          upload_dumpdecryted
-        else
-          puts "[**] Error: Compilation failed."
-          puts "[**] Change into the utils/dumpdecrypted directory, adjust the makefile, and compile."
-        end
-      else
-        upload_dumpdecryted
-      end
-    end
-
-
-    def compile_dumpdecrypted
-      base_dir = '/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer'
-      unless Dir.exist? base_dir
-        puts "[**] Error, iOS Platform tools not found at #{base_dir}"
-        return
-      end
-
-
-      bin_dir = "#{base_dir}/usr/bin"
-      sdk_dir = Dir.glob("#{base_dir}/SDKs/iPhoneOS*.sdk/").first
-      puts "[*] Found SDK dir: #{sdk_dir}"
-
-      library_name = "dumpdecrypted.dylib"
-      gcc = "#{bin_dir}/gcc"
-
-      unless File.exist? gcc
-        puts "[**] Error: gcc not found at #{gcc}"
-        puts "[**] Ensure that the Command Line Utilities are installed in XCode 4."
-        puts "[**] XCode 5 does not ship with llvm-gcc anymore."
-        return
-      end
-
-
-
-      params = ["-arch armv7", # adjust if necessary
-                "-wimplicit",
-                "-isysroot #{sdk_dir}",
-                "-F#{sdk_dir}System/Library/Frameworks",
-                "-F#{sdk_dir}System/Library/PrivateFrameworks",
-                "-dynamiclib",
-                "-o #{library_name}"].join(' ')
-
-      compile_cmd = "#{gcc} #{params} dumpdecrypted.c"
-      puts "Running #{compile_cmd}"
-
-      Dir.chdir("utils/dumpdecrypted") do
-        `#{compile_cmd}`
-      end
-    end
-
-
     def upload_dumpdecrypted
       $log.info "Uploading dumpdecrypted library..."
-      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv6.dylib", @device_app_paths[:dumpdecrypted_armv6].first)
-      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv7.dylib", @device_app_paths[:dumpdecrypted_armv7].first)
+      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv6.dylib",
+                  @device_app_paths[:dumpdecrypted_armv6].first)
+      @ops.upload("#{Idb.root}/lib/utils/dumpdecrypted/dumpdecrypted_armv7.dylib",
+                  @device_app_paths[:dumpdecrypted_armv7].first)
       $log.info "'dumpdecrypted' installed successfully."
     end
 
     def install_keychain_editor
-      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_editor/keychaineditor"
+      keychaineditor_path = "#{Idb.root}/lib/utils/keychain_editor/keychaineditor"
+      if File.exist? keychaineditor_path
         upload_keychain_editor
       else
-        $log.error "keychain_editor not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_editor/keychaineditor'."
+        $log.error "keychain_editor not found at '#{keychaineditor_path}'."
         false
       end
     end
+
     def install_pcviewer
-      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer"
+      pcviewer_path = "#{Idb.root}/lib/utils/pcviewer/protectionclassviewer"
+      if File.exist? pcviewer_path
         upload_pcviewer
       else
-        $log.error "protectionclassviewer not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer'."
+        $log.error "protectionclassviewer not found at '#{pcviewer_path}'."
         false
       end
     end
 
-
     def install_pbwatcher
-      if File.exist? "#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher"
+      pbwatcher_path = "#{Idb.root}/lib/utils/pbwatcher/pbwatcher"
+      if File.exist? pbwatcher_path
         upload_pbwatcher
       else
-        $log.error "pbwatcher not found at '#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher'."
+        $log.error "pbwatcher not found at '#{pbwatcher_path}'."
         false
       end
     end
 
     def upload_pcviewer
-      begin
-        $log.info "Uploading pcviewer..."
-        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/pcviewer/protectionclassviewer", "/var/root/protectionclassviewer"
-        @ops.chmod "/var/root/protectionclassviewer", 0744
-        $log.info "'pcviewer' installed successfully."
-  #      true
-  #    rescue
-        $log.error "Exception encountered when uploading pcviewer"
-  #      false
-      end
+      local_pcviewer_path = "#{Idb.root}/lib/utils/pcviewer/protectionclassviewer"
+      $log.info "Uploading pcviewer..."
+      @ops.upload local_pcviewer_path, "/var/root/protectionclassviewer"
+      @ops.chmod "/var/root/protectionclassviewer", 0744
+      $log.info "'pcviewer' installed successfully."
     end
 
     def upload_keychain_editor
-      begin
-        $log.info "Uploading keychain_editor..."
-        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/keychain_editor/keychaineditor", "/var/root/keychaineditor"
-        @ops.chmod "/var/root/keychaineditor", 0744
-        $log.info "'keychain_editor' installed successfully."
-  #      true
-  #    rescue
-        $log.error "Exception encountered when uploading keychain_editor"
-  #      false
-      end
+      local_keychaineditor_path = "#{Idb.root}/lib/utils/keychain_editor/keychaineditor"
+      $log.info "Uploading keychain_editor..."
+      @ops.upload local_keychaineditor_path, "/var/root/keychaineditor"
+      @ops.chmod "/var/root/keychaineditor", 0744
+      $log.info "'keychain_editor' installed successfully."
     end
+
     def upload_pbwatcher
-      # TODO What's happening here?
-      begin
-        $log.info "Uploading pbwatcher..."
-        @ops.upload "#{File.dirname(File.expand_path(__FILE__))}/../utils/pbwatcher/pbwatcher", "/var/root/pbwatcher"
-        @ops.chmod "/var/root/pbwatcher", 0744
-        $log.info "'pbwatcher' installed successfully."
-  #      true
-  #    rescue
-        $log.error "Exception encountered when uploading pbwatcher"
-  #      false
-      end
+      local_pbwatcher_path = "#{Idb.root}/lib/utils/pbwatcher/pbwatcher"
+      $log.info "Uploading pbwatcher..."
+      @ops.upload local_pbwatcher_path, "/var/root/pbwatcher"
+      @ops.chmod "/var/root/pbwatcher", 0744
+      $log.info "'pbwatcher' installed successfully."
     end
 
-
-    def install_from_cydia package
+    def install_from_cydia(package)
       if apt_get_installed?
         $log.info "Updating package repo..."
         @ops.execute("#{apt_get_path} -y update")
@@ -325,13 +249,11 @@ module Idb
       Process.kill("INT", @port_forward_pid)
       $log.info "Stopping any SSH via USB forwarding"
 
-      if $settings['device_connection_mode'] != "ssh"
-        @usbmuxd.stop_all
-      end
+      @usbmuxd.stop_all if $settings['device_connection_mode'] != "ssh"
     end
 
-    def open_url url
-      command = "#{openurl_path} \"#{url.gsub('&','\&')}\""
+    def open_url(url)
+      command = "#{openurl_path} \"#{url.gsub('&', '\&')}\""
       $log.info "Executing: #{command}"
       @ops.execute  command
     end
@@ -340,29 +262,27 @@ module Idb
       DeviceCAInterface.new self
     end
 
-    def kill_by_name process_name
+    def kill_by_name(process_name)
       @ops.execute "killall -9 #{process_name}"
     end
 
     def device_id
-
       $log.error "Not implemented"
       nil
     end
 
     def configured?
-      apt_get_installed? and
-         open_installed? and
-         openurl_installed? and
-         dumpdecrypted_installed? and
-         pbwatcher_installed? and
-         pcviewer_installed? and
-         keychain_editor_installed? and
-         rsync_installed? and
-         cycript_installed?
+      apt_get_installed? &&
+        open_installed? &&
+        openurl_installed? &&
+        dumpdecrypted_installed? &&
+        pbwatcher_installed? &&
+        pcviewer_installed? &&
+        keychain_editor_installed? &&
+        rsync_installed? &&
+        cycript_installed?
     end
 
-
     def cycript_installed?
       is_installed? :cycript
     end
@@ -380,10 +300,9 @@ module Idb
     end
 
     def dumpdecrypted_installed?
-      is_installed? :dumpdecrypted_armv6 and is_installed? :dumpdecrypted_armv7
+      is_installed?(:dumpdecrypted_armv6) && is_installed?(:dumpdecrypted_armv7)
     end
 
-
     def rsync_installed?
       is_installed? :rsync
     end
@@ -405,15 +324,13 @@ module Idb
     end
 
     def pcviewer_path
-      path_for  :pcviewer
+      path_for :pcviewer
     end
 
-
     def pbwatcher_path
       path_for :pbwatcher
     end
 
-
     def dumpdecrypted_path
       path_for :dumpdecrypted_armv7
     end
@@ -426,17 +343,14 @@ module Idb
       path_for :rsync
     end
 
-
     def open_path
       path_for :open
     end
 
-
     def openurl_path
       path_for :openurl
     end
 
-
     def apt_get_path
       path_for :aptget
     end
@@ -444,6 +358,5 @@ module Idb
     def cycript_path
       path_for :cycript
     end
-
   end
 end