search

ChiChou / bagbak

Yet another frida based iOS dumpdecrypted. Also decrypts app extensions
MIT License
1.12k stars 184 forks source link

Client Authentication issue #127

Open pearlmansara opened 7 months ago

pearlmansara commented 7 months ago

Before you submit the issue, please check the FAQ section in Wiki: https://github.com/ChiChou/bagbak/wiki#faq Then delete this section.

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

pearlmansara commented 7 months ago

[info] pulling app bundle from device, please be patient /usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:865 const err = new Error('All configured authentication methods failed'); ^

Error: All configured authentication methods failed at doNextAuth (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:865:21) at tryNextAuth (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:1082:7) at USERAUTH_FAILURE (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:430:11) at 51 (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/protocol/handlers.misc.js:408:16) at Protocol.onPayload (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/protocol/Protocol.js:2052:10) at AESGCMDecipherBinding.decrypt (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/protocol/crypto.js:1086:26) at Protocol.parsePacket [as _parse] (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/protocol/Protocol.js:2021:25) at Protocol.parse (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/protocol/Protocol.js:306:16) at IOStream. (/usr/local/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:775:21) at IOStream.emit (node:events:513:28) { level: 'client-authentication' }

Node.js v18.13.0

I have changed the environment variable to be the SSH credentials to the jailbroken device and validated that the creds work but its not working with this tool. Am I doing something wrong?

enovella commented 7 months ago

Same issue on macos using Frida 16.1.4

enovella commented 7 months ago

I got it fixed by changing the SSH password to alpine. The environment variable SSH_PASSWORD doesn't seem to work. The error is related to the SCP protocol.

jevinskie commented 7 months ago

I got it fixed by changing the SSH password to alpine. The environment variable SSH_PASSWORD doesn't seem to work. The error is related to the SCP protocol.

Thanks for figuring that out. Root cause seems to be that SSH_PASSWORD is only honored if SSH_USER is set too. https://github.com/ChiChou/bagbak/blob/0c8d6e1966f2777d43a390ecaf4702704407faec/index.js#L45

ChiChou commented 7 months ago

Yes, if you use custom password you need to specify SSH_USERNAME at the same time