Open gl4nce opened 3 years ago
cpholguera
commented
3 years ago This might well be, have you verified if the file is in deed there? have you tried to search for the file from the root / with e.g. "find"?
This and further research might help;
https://www.reddit.com/r/jailbreakdevelopers/comments/ene6ua/ios_13_read_syslog/
Please let us know if you find the cause, thanks for reporting!
gl4nce
commented
3 years ago Thanks for your answer.
The file is missing. Looks like the whole directory structure was changed. I already read the post on reddit but doesn't work for me either (oslog does not exist anymore). Looks like on iOS 14 something changed.
$ ls /var/run
fudinit mDNSResponder= syslog= vpncontrol.sock= lockdown.sock printd=
sushi2k
commented
3 years ago Seems we might need to update that section. Thanks for pointing it out!
You can also use ideviceinstaller, which is part of the package libimobiledevice in brew. Then you can access the system logs once you connect the iOS device via USB. Console.app on macOS also works fine.
gl4nce
commented
3 years ago Thanks for the information @sushi2k!
I could get it working. These are my steps (frida and libimobiledevice required; used macOS). All steps are done on the macOS Console.app.
frida-ps -Uidevicesyslog -p $PID
As described here: https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06b-Basic-Security-Testing.md
There you find the following command:
iPhone:~ root# socat - UNIX-CONNECT:/var/run/lockdown/syslog.sockI tried it on my iPhone (iOS 14.2) but I get always the following error message:
no such file or directory.Maybe it does not working anymore on iOS 14.2? Or I am doing something wrong?