search

WithSecureLabs / needle

The iOS Security Testing Framework
https://mobiletools.mwrinfosecurity.com/
Other
1.33k stars 284 forks source link

The framework doesn't have functionality to provide an option for the users to select the app when trying to re-run any module #108

Closed kryptoknight13 closed 7 years ago

kryptoknight13 commented 7 years ago

Issue

The framework doesn't have functionality to provide an option for the users to select the app when trying to re-run any module

Expected behaviour

Provide an option to select/set the application at any given point of time

Actual behaviour

Unable to select the different application when an app is already selected (For e.g. : Please select a number: 18)

Logs

[needle] > use binary/compilation_checks
[needle][compilation_checks] > info

      Name: Compilation Checks
      Path: modules/binary/compilation_checks.py
    Author: @LanciniMarco (@MWRLabs)

Description:
  Check for protections: PIE, ARC, stack canaries, binary encryption

Options:
  No options available for this module.

[needle][compilation_checks] > run
[D] Setup local output folder: /Users/akanksha.bana/.needle/output
[?] Attention! The folder chosen to store local output is not empty: /Users/akanksha.bana/.needle/output
[?] Do you want to back it up first?
[?] Y: the content will be archived in a different location, then the folder will be emptied
[?] N: no action will be taken (destination files might be overwritten in case of filename clash)
[y/n]: y
[V] Archiving local output folder: /Users/akanksha.bana/.needle/output --> /Users/akanksha.bana/.needle/backup/needle-output_2017-01-05-11:09:45
[D] Copying: /Users/akanksha.bana/.needle/output -> /Users/akanksha.bana/.needle/backup/needle-output_2017-01-05-11:09:45
[D] Deleting: /Users/akanksha.bana/.needle/output
[D] Recreating: /Users/akanksha.bana/.needle/output
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/akanksha.bana/Desktop/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[V] Setting up SSH connection...
[+] Connected to: localhost
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[*] Target app not selected. Launching wizard...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] Copy the plist to temp: /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist -> /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cp /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] Converting plist to XML: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
[D] Extracting content from: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/LastLaunchServicesMap.plist
[D] Parsing plist content
[+] Apps found:
        0 - com.legalrobot
        1 - com.burbn.instagram
        2 - com.innerfour.photovault
        3 - com.catchhq.yovople
        4 - com.accenture.mobility.appfactory.dev.SCSampleApp2
        5 - com.jadedpixel.shopify
        6 - com.accenture.ams.dev.acssp
        7 - com.circle.CircleApp
        8 - com.cisco.anyconnect.gui
        9 - com.zaption.ZaptionViewer
        10 - com.accenture.mobility.appfactory.dev.GDB
        11 - com.ideashower.ReadItLaterPro
        12 - com.atebits.Tweetie2
        13 - com.bms.who
        14 - com.none.smartplug
        15 - com.highaltitudehacks.dvia
        16 - com.lenovo.anyshare
        17 - com.tinyspeck.chatlyio
        18 - com.zopim.iphone
        19 - com.node.push04115
        20 - accenture.Crowd-Test-App
        21 - com.yahoo.weather
        22 - com.TapMediaLtd.QRReader
        23 - com.accenture.MeuTim
[>][QUESTION] Please select a number: 18
[+] Target app: com.zopim.iphone
[*] Retrieving app's metadata...
[D] Copy the plist to temp: /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Info.plist -> /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cp /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Info.plist /var/root/needle/Info.plist
[D] Converting plist to XML: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] Extracting content from: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] Parsing plist content
[D] [REMOTE CMD] Remote Command: lipo -info /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim
[D] [REMOTE CMD] Remote Command: if [ -d /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/PlugIns ]; then echo "yes"; else echo "no" ; fi
[V] Analyzing binary...
[D] [REMOTE CMD] Remote Command: otool -l /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "cryptid"
[D] [REMOTE CMD] Remote Command: otool -hv /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|objc_release)"
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|___stack_chk_(fail|guard))"
[+] arm64
[!]                Encrypted: NO                            .
[+]           Stack Canaries: OK                            
[+]                      ARC: OK                            
[+]                      PIE: OK                            
[needle][compilation_checks] > run
[*] Checking connection with device...
[+] Already connected to: localhost
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.zopim.iphone
[V] Analyzing binary...
[D] [REMOTE CMD] Remote Command: otool -l /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "cryptid"
[D] [REMOTE CMD] Remote Command: otool -hv /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|objc_release)"
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|___stack_chk_(fail|guard))"
[+] arm64
[!]                Encrypted: NO                            .
[+]           Stack Canaries: OK                            
[+]                      ARC: OK                            
[+]                      PIE: OK                            
[needle][compilation_checks] > back 
[needle] > use binary/compilation_checks
[needle][compilation_checks] > run
[*] Checking connection with device...
[+] Already connected to: localhost
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.zopim.iphone
[V] Analyzing binary...
[D] [REMOTE CMD] Remote Command: otool -l /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "cryptid"
[D] [REMOTE CMD] Remote Command: otool -hv /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|objc_release)"
[D] [REMOTE CMD] Remote Command: otool -IV /private/var/mobile/Containers/Bundle/Application/2B84C62E-8633-42DE-8D08-21D6081E5FA4/Zopim.app/Zopim | grep -Ei "(\(architecture|___stack_chk_(fail|guard))"
[+] arm64
[!]                Encrypted: NO                            .
[+]           Stack Canaries: OK                            
[+]                      ARC: OK                            
[+]                      PIE: OK                            
[needle][compilation_checks] >

Steps to reproduce

  1. show modules
  2. use binary/compilation_checks
  3. run
  4. selecting number 18 for

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Workstation Operating System

OSX 10.11.6

Python Version

Python 2.7.10

Python Packages (pip freeze)

pip

Device iOS Version

9.1

marco-lancini commented 7 years ago

Hi @kryptoknight13, this is intended behaviour: needle is supposed to be run against a single application at a time.

In case you want to change app, you can, from the main menu, unset the target application:

[needle] > unset APP

This will allow you to choose another target app.

You can find more info in the Wiki: https://github.com/mwrlabs/needle/wiki/Quick-Start-Guide

The tool has some global options (listed with the "show options" command, and set with the "set

kryptoknight13 commented 7 years ago

I am unable to unset the APP. Also, i tried setting new APP, still facing same issue.

Log

[needle] > set APP com.bms.who
APP => com.bms.who
[needle] > use binary/compilation_checks
[needle][compilation_checks] > run
[*] Checking connection with device...
[+] Already connected to: localhost
[V] Creating temp folder: /var/root/needle/
[+] Target app: com.bms.who
[*] Retrieving app's metadata...
[V] Analyzing binary...
[+] armv7
[!]                Encrypted: NO                            .
[+]           Stack Canaries: OK                            
[+]                      ARC: OK                            
[+]                      PIE: OK                            
[needle][compilation_checks] > unset APP com.bms.who
[!] Invalid option.
[needle][compilation_checks] > unset APP 
[!] Invalid option.
[needle][compilation_checks] > run
[*] Checking connection with device...
[+] Already connected to: localhost
[V] Creating temp folder: /var/root/needle/
[+] Target app: com.bms.who
[V] Analyzing binary...
[+] armv7
[!]                Encrypted: NO                            .
[+]           Stack Canaries: OK                            
[+]                      ARC: OK                            
[+]                      PIE: OK                            
[needle][compilation_checks] > set APP com.atebits.Tweetie2
[!] Invalid option.
[needle][compilation_checks] >
marco-lancini commented 7 years ago

to unset the app you have to go back to the main menu, that means if you are in a module you'll have to exit it first:

[needle][compilation_checks] > back
[needle] > unset APP