search

ChiChou / bagbak

Yet another frida based iOS dumpdecrypted. Also decrypts app extensions
MIT License
1.12k stars 184 forks source link

quits in shell after please be patient msg #107

Closed Geczy closed 11 months ago

Geczy commented 11 months ago

Describe the bug

bagbak quits after please be patient msg

To Reproduce

bagbak com.christianselig.Apollo -d -f remote root /private/var/containers/Bundle/Application/CFA00700-DD28-49CA-B724-FBF8DE140F92/Apollo.app copy to /var/folders/d_/1vvvnjp51slbx4347nwm4qgm0000gq/T/bagbak/com.christianselig.Apollo/Payload [info] pulling app bundle from device, please be patient

Expected behavior work

Screenshots

Desktop (please complete the following information):

Additional context

3.0.9 bagbak

ChiChou commented 11 months ago

Can you please run with DEBUG=1 DEBUG_SCP=1 bagbak --raw -f and paste the logs here?

Geczy commented 11 months ago

zsh: command not found: DEBUG_SCP im on macos, what do you recommend instead of debug_scp ?

ChiChou commented 11 months ago

zsh: command not found: DEBUG_SCP im on macos, what do you recommend instead of debug_scp ?

Sorry, DEBUG_SCP=1. It's an environment variable too. Also better upgrade to v3.0.11 (it's not related to this issue though)

Geczy commented 11 months ago 
DEBUG=1 DEBUG_SCP=1 bagbak --raw -f com.christianselig.Apollo
remote root /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app
copy to .
[info] pulling app bundle from device, please be patient

it just quits here. im on 3.0.11 now

ChiChou commented 11 months ago

Doesn't make sense. Even if there is an exception it should print something

ChiChou commented 11 months ago

I ran it on my macOS 14.0 with the same nodejs v19.9.0 but it didn't reproduce

Geczy commented 11 months ago

so its an issue in sshing to the ios device? where does that even happen?

my user is mobile not root if that makes a difference?

ChiChou commented 11 months ago

I hardcoded root/alpine in the code so it will always be root. Besides if there is something wrong with SSH it will definitely print the reason

Geczy commented 11 months ago

ahh got it. funny that using the wrong user + pw combo will make this not work completely.

its working now once i hardcoded my correct user + password

im coming from palera1n and when installing that jailbreak, they install to mobile and force you to setup your own password. they dont use root:alpine so maybe its worth having a custom .env or config file or env variables to customize this

Geczy commented 11 months ago

now the next issue is with commands not using sudo 😂

i can hardcode change chmod to use sudo, but i wonder if tehre are other places in bagbak that require privileges? 

main executable => /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo
chmod: changing permissions of '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo': Operation not permitted
file:///Users/mgates/bagbak/index.js:84
            reject(new Error(`remote command "${cmd}" exited with code ${code}`));
                   ^

Error: remote command "chmod +xX '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo'" exited with code 1
    at Channel.<anonymous> (file:///Users/mgates/bagbak/index.js:84:20)
    at Channel.emit (node:events:525:35)
    at Channel.doClose (/Users/mgates/bagbak/node_modules/ssh2/lib/utils.js:101:21)
    at Object.onceWrapper (node:events:627:28)
    at Channel.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1359:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Node.js v19.9.0
Geczy commented 11 months ago

you can start logging ssh errors like this

  return new Promise((resolve) => {
    client
      .once('ready', () => resolve(client))
      .once('error', (error) => {
        console.error(error)
        return reject(error);
      })
      .connect({
        sock: channel,
        username: user,
        password,
      });
  });

add once error

ChiChou commented 11 months ago

now the next issue is with commands not using sudo 😂

i can hardcode change chmod to use sudo, but i wonder if tehre are other places in bagbak that require privileges?

main executable => /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo
chmod: changing permissions of '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo': Operation not permitted
file:///Users/mgates/bagbak/index.js:84
            reject(new Error(`remote command "${cmd}" exited with code ${code}`));
                   ^

Error: remote command "chmod +xX '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo'" exited with code 1
    at Channel.<anonymous> (file:///Users/mgates/bagbak/index.js:84:20)
    at Channel.emit (node:events:525:35)
    at Channel.doClose (/Users/mgates/bagbak/node_modules/ssh2/lib/utils.js:101:21)
    at Object.onceWrapper (node:events:627:28)
    at Channel.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1359:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Node.js v19.9.0

comment line 134 of main.js out

Geczy commented 11 months ago

all solved, thanks for the updates