WithSecureLabs / needle

The iOS Security Testing Framework
https://mobiletools.mwrinfosecurity.com/
Other
1.33k stars 284 forks source link

Error when using dynamic/memory/heap_dump #187

Closed sushi2k closed 7 years ago

sushi2k commented 7 years ago

Issue

Expected behaviour

Dumping the heap memory a specified app when using dynamic/memory/heap_dump.

Actual behaviour

When using dynamic/memory/heap_dump I get the following error:

[needle][heap_dump] > run
[*] Checking connection with device...
[+] Already connected to: 192.168.0.109
[D] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: sg.vp.UnCrackable1
[*] Retrieving app's metadata...
[D] Copying the plist to temp: '/private/var/mobile/Containers/Bundle/Application/A8BD91A9-3C81-4674-A790-AF8CDCA8A2F1/UnCrackable Level 1.app'"'"'/Info.plist' -> /Users/sven/.needle/tmp/plist
[*] Pulling: '/private/var/mobile/Containers/Bundle/Application/A8BD91A9-3C81-4674-A790-AF8CDCA8A2F1/UnCrackable Level 1.app'"'"'/Info.plist' -> /Users/sven/.needle/tmp/plist
[D] Downloading: "'/private/var/mobile/Containers/Bundle/Application/A8BD91A9-3C81-4674-A790-AF8CDCA8A2F1/UnCrackable Level 1.app'"'"'"'"'"'"'"'"'/Info.plist'" -> /Users/sven/.needle/tmp/plist
[D] [LOCAL CMD] Local Command: sshpass -p "foo!" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 22 root@192.168.0.109:"'/private/var/mobile/Containers/Bundle/Application/A8BD91A9-3C81-4674-A790-AF8CDCA8A2F1/UnCrackable Level 1.app'"'"'"'"'"'"'"'"'/Info.plist'" /Users/sven/.needle/tmp/plist
------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/sven/PentestTools/iOS/needle/needle/core/framework/module.py", line 111, in do_run
    pre = self.module_pre()
  File "/Users/sven/PentestTools/iOS/needle/needle/core/framework/module.py", line 147, in module_pre
    if self.app_check() is None: return None
  File "/Users/sven/PentestTools/iOS/needle/needle/core/framework/framework.py", line 693, in app_check
    self.APP_METADATA = Framework.APP_METADATA = self.device.app.get_metadata(app)
  File "/Users/sven/PentestTools/iOS/needle/needle/core/device/app.py", line 17, in get_metadata
    return self._retrieve_metadata()
  File "/Users/sven/PentestTools/iOS/needle/needle/core/device/app.py", line 26, in _retrieve_metadata
    plist_info = self._device.remote_op.parse_plist(plist_info_path)
  File "/Users/sven/PentestTools/iOS/needle/needle/core/device/remote_operations.py", line 219, in parse_plist
    content = Utils.plist_read_from_file(plist_copy)
  File "/Users/sven/PentestTools/iOS/needle/needle/core/utils/utils.py", line 162, in plist_read_from_file
    plist = biplist.readPlist(path)
  File "/usr/local/lib/python2.7/site-packages/biplist/__init__.py", line 122, in readPlist
    pathOrFile = open(pathOrFile, 'rb')
IOError: [Errno 2] No such file or directory: '/Users/sven/.needle/tmp/plist'
------------------------------------------------------------
[!] IOError: [Errno 2] No such file or directory: '/Users/sven/.needle/tmp/plist'

Steps to reproduce

[needle] > set debug true
DEBUG => true
[needle] > use dynamic/memory/heap_dump
[needle][heap_dump] > set FILTER key
FILTER => key
[needle][heap_dump] > run

Afterwards the error message above is thrown.

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Needle Version

Workstation Operating System

macOS 10.12.5

Python Version

➜  ~ python --version
Python 2.7.13

Python Packages (pip freeze)

➜  ~ pip freeze
appnope==0.1.0
asn1crypto==0.22.0
awscli==1.11.63
backports-abc==0.5
backports.shutil-get-terminal-size==1.0.0
backports.ssl-match-hostname==3.5.0.1
base58==0.2.3
biplist==1.0.2
botocore==1.5.26
certifi==2016.9.26
cffi==1.7.0
colorama==0.3.7
configparser==3.5.0
cryptography==1.9
decorator==4.0.11
Django==1.11.3
django-debug-toolbar==1.6
django-extensions==1.7.6
django-wkhtmltopdf==3.1.0
djangorestframework==3.5.4
docutils==0.13.1
drozer==2.3.4
enum34==1.1.6
frida==7.1.9
futures==3.0.5
html5lib==1.0b8
idna==2.1
ipaddress==1.0.16
ipdb==0.10.2
ipython==5.2.2
ipython-genutils==0.1.0
jmespath==0.9.2
lxml==3.8.0
nassl==0.14.1
paramiko==2.0.2
pathlib2==2.2.1
pdfkit==0.6.1
pexpect==4.2.1
pickleshare==0.7.4
Pillow==3.4.2
prompt-toolkit==1.0.13
protobuf==2.4.1
psutil==4.2.0
psycopg2==2.6.2
ptyprocess==0.5.1
py==1.4.31
pyasn1==0.2.3
pycparser==2.14
Pygments==2.1.3
pyOpenSSL==17.1.0
PyPDF2==1.26.0
pytest==3.0.4
python-dateutil==2.6.0
python-owasp-zap-v2.4==0.0.8
pytz==2017.2
PyYAML==3.12
readline==6.2.4.1
reportlab==3.3.0
rsa==3.4.2
s3transfer==0.1.10
scandir==1.4
selenium==3.0.2
simplegeneric==0.8.1
singledispatch==3.4.0.3
six==1.10.0
sqlparse==0.2.2
sshtunnel==0.1.0
SSLyze==0.14.2
tornado==4.5.1
traitlets==4.3.1
Twisted==10.2.0
virtualenv==15.1.0
wcwidth==0.1.6
xhtml2pdf==0.0.6
xmltodict==0.10.2
yara-python==3.5.0
zope.interface==4.1.3

Device iOS Version

iPhone 5, iOS 8.3

marco-lancini commented 7 years ago

https://github.com/mwrlabs/needle/issues/164