Closed sushi2k closed 4 years ago
Needle still does the job for me if I want to use it using ios 12 jailbroken device with unc0ver. There are quiet a few tools that require to use unc0ver. I think we can re-evaluate after a year again.
I was doing some research on Needle (for the sake of going towards offering the most up-to-date and relevant tools).
Considering that:
Here's an overview of how currently we use Needle in the MSTG and the alternatives:
Usage | Alternative | Already in the MSTG? |
---|---|---|
"connect to your iPhone's USB" | iproxy 2222 22& ssh -p 2222 root@localhost` |
YES |
"capture the logs of an iOS application" | Xcode, socat+syslog, passionfruit | YES |
"list the content of the keychain" (jailbroken only) | Objection (Jailbroken / non-Jailbroken) ios keychain dump/add/clear , passionfruit |
YES |
"Searching for Binary Cookies" | objection ios cookies get & passionfruit Storage -> Cookies |
TBA |
"Searching for Property List Files" | passionfruit/find | TBA |
"Searching for Cache Databases" | passionfruit/find | TBA |
"Searching for SQLite Databases" | passionfruit/find | TBA |
"Dump the keyboard cache file" | strings/rabin2/etc | TBA |
"Getting snapshot files" | objection/shell ls Library/Caches/Snapshots/ |
TBA |
"bypass insecure biometric authentication" | objection ios ui biometrics_bypass |
TBA |
"Performing URL Requests" | use Frida `openURL() as we describe | YES |
"bypass non-specific jailbreak detection" | objection ios jailbreak disable/simulate |
TBA |
"Data Protection Class verification" (requires FileDP tool) | objection ls |
TBA |
Suggestions:
I'm afraid that if someone reads "Testing Local Data Storage (MSTG-STORAGE-1 and MSTG-STORAGE-2)" and wants to perform the tests I guess they can get quite annoyed as the installation is not straightforward, might even not succeed and who knows if some of the commands are still working. In contrast, using the alternatives it will "just work" (and also for non-jailbroken devices).
Reference list of all needle modules: https://github.com/mwrlabs/needle/wiki/Feature-List
Good research @cpholguera ! Well done! Maybe, in the mean time as step 0: explain that we have to use unc0ver as a JB instead of Chimera, show the "odd steps" and then execute step 1 :). Because that is already quiet a huge step :).
Thank you! I agree. That's a good zero step ;)
so maybe we can start doing step 0 in this issue, then have another issue with step 1/2 and then another issue with step 3 :) ?
That's a good plan. Let's just suggest for now the usage of unc0ver and that there are issues with Chimera and do the rest with 1.3 milestone.
Step 0 completed in #1411.
See suggestion from https://github.com/OWASP/owasp-mstg/pull/1481
Hey guys, what should be done to close this milestone? I've used needle and objection a lot also we have modified it a lot.
Good point @kysokzla ! Let's reiterate on this on slack soon ;-)
meeting notes: we will pick up this issue later at the next milestone, not during the 1.2 release now because it does work on ios 11/12 partially but requires to use the right JB. We will evaluate the tools again on the next more intensive collaboration session (e.g. summit or alike).
@commjoen i'll try to do my research
So Needle is not maintained anymore. The cydia repo is down and even MWR is suggesting to use objection:
Describe the issue Needle doesn't seem to be maintained anymore. The last update was > 1 year and no issues have been answered this year. It also doesnt' seem to work on iOS JB devices with Chimera. https://github.com/mwrlabs/needle/issues/273
We should review where we use Needle and if other tools are a better alternative (e.g. objection, passionfruit).