needle icon indicating copy to clipboard operation
needle copied to clipboard
verified publisher icon WithSecureLabs

Support for iOS 11 planned?

Open whoot opened this issue 7 years ago • 11 comments

Hey there,

since there is a jailbreak for iOS 11 out, are you planning support for iOS 11?

Greetings

whoot avatar Feb 19 '18 08:02 whoot

Yes, we haven't started looking at the changes between 10 and 11 yet, or what doesn't work with Needle. If you have an iOS 11 device you can help us by reporting things that don't work with needle on iOS 11.

HenryHoggard avatar Feb 21 '18 11:02 HenryHoggard

Will do! Got a device with iOS 11 and will report whats (not) working.

whoot avatar Mar 15 '18 19:03 whoot

Alright, I tried some modules and identified one main issue. The dependency installer does not work (already mentioned in #207 ). It seems that some tools are not maintained anymore and are therefore not available for iOS 11.

device/dependency_installer -> Package 'coreutils' has no installation candidate -> I think this error will pop up on many more packages -> Maybe you should update the package list, since some packages did not receive updates in a long time and/or are not supported by iOS 11 (e.g. 'open', 'clutch2')

I downloaded DVIA and tried some modules. Following modules don't work:

binary/info/checksums -> sh: md5sum: command not found -> Dependency issue

binary/info/universal_links -> "com.apple.developer.associated-domains" entitlement not found

binary/installation/install -> ipainstaller does not work on iOS 11 -> Installation of apps only possible with app specific password?

binary/installation/pull_ipa -> Clutch2 does not work on iOS 11

binary/reversing/class-dump -> Clutch2 does not support iOS 11

binary/reversing/class_dump_frida_enum-all-methods -> sh: open: command not found -> Open is not supported on iOS 11 -> with SPAWN = True: unexpectedly timed out while waiting for process to suspend -> WARNING: spawning the app while already open, will crash iOS and reboot!

binary/reversing/class_dump_frida_find-class-enum-methods -> see previous

binary/reversing/class_dump_frida_enum-classes -> see previous

binary/reversing/strings -> Clutch2 issue...

It does not make sense to evaluate further until the dependency problems are solved ...

whoot avatar Mar 20 '18 14:03 whoot

Any news on this?

Found a working 'open' package for iOS11 here: https://www.ios-repo-updates.com/pack/164614/ I also found a working version of 'plutil' and 'perl' in this cydia repo: http://repo.bingner.com/ Theos should be supported on iOS 11 too (see https://github.com/theos/theos/wiki/Installation-iOS). They provide SDKs for iOS 9, 10 and 11 (see https://github.com/theos/sdks). However, I did not verify this. You must change the installation instruction in dependency_installer.sh according to the Theos wiki page.

I tried to install the dependencies manually. The following tools need to be replaced/updated since they are not compatible with iOS 11 (yet?):

  • classdump-dyld
  • clutch
  • cycript (which can be installed with 'apt-get install adv-cmds')
  • FileDP (i´m getting -sh: /bin/FileDP: Bad CPU type in executable when trying to execute it)
  • gdb (Installing it from the cydia.radare.org repo gives me: /usr/bin/gdb: line 355: /usr/libexec/gdb/gdb-arm-apple-darwin: Bad CPU type in executable /usr/bin/gdb: line 355: /usr/libexec/gdb/gdb-arm-apple-darwin: Undefined error: 0)
  • keychain_dump (maybe use keychain_dumper instead?)
  • pbwatcher
  • perl (http://coolstar.org/publicrepo/ is empty, see replacement in mentioned repo.)

Edit: fsmon got updated and works now on iOS 11!

whoot avatar Jan 15 '19 09:01 whoot

Hi All I have an iOS device with 11.3.1 and the Electra jailbreak on it. I have been using Needle before but a lot of the commands don't work now. I have been messing with settings and probably made it worse but before I logged any issues for help, Im guessing its down to iOS 11 so was wondering what do I need to install or run for it to work.

Example: I can't run the module: storage/data/keychain_dump

I get errors such as "mv: cannot stat 'cert.plist': No such file or directory".

Any help would be appreciated.

poldenais avatar Mar 20 '19 10:03 poldenais

can confirm. Needle does not work well with iOS 11. It is easier to perform my tests one at a time without it. Same for IDB. What are other iOS 11 people using now? Any suggestions? I hate spending the time to get all these frameworks going just to find out they are 50% borked on iOS 11.

mattymcfatty avatar Jun 04 '19 15:06 mattymcfatty

^ no offense. Sorry MWR does fantastic work and I use Drozer a lot. Thank you for all you do. Forgive my frustration. Just have wasted a few too many hours with this stuff.

mattymcfatty avatar Jun 04 '19 15:06 mattymcfatty

Hey,

So iOS 11 is a unique problem where a lot of the old APIs that Needle relies on became borked. Specifically, the "list_apps" module became borked, and the entire app was built to rely on the "list_apps" module working.

https://github.com/mwrlabs/needle/issues/242

If you look at the above link, some steps were outlined that could help you out. Personally, I have Needle running on Electra jailbreak 11.3.1 by utilizing the steps and troubleshooting that was done with the "list_apps" module.

Yogehi avatar Jun 04 '19 16:06 Yogehi

The following tools should work now:

Maybe this cycript fork can be used instead of cycript?

whoot avatar Dec 16 '19 15:12 whoot

/usr/bin/gdb: line 355: /usr/libexec/gdb/gdb-arm-apple-darwin: Bad CPU type in executable /usr/bin/gdb: line 355: /usr/libexec/gdb/gdb-arm-apple-darwin: Undefined error: 0

bemoss4 avatar Jan 03 '23 23:01 bemoss4

@bemoss4 please see the readme:

NOTE: This tool has been decomissioned and is no longer maintained. We are leaving the original project up for archival purposes.

[...]

With the release of iOS 11 came additional security protections that were good for the consumer, but bad for Needle. These 
enhancements essentially broke Needle's functionality

whoot avatar Jan 04 '23 02:01 whoot