WithSecureLabs / needle

The iOS Security Testing Framework
https://mobiletools.mwrinfosecurity.com/
Other
1.33k stars 284 forks source link

Anti-Hooking Script missing argument #202

Open ajohnston9 opened 6 years ago

ajohnston9 commented 6 years ago

Issue

The anti-hooking script is not running due to a Python error. Attempts to run the script from a frida shell after supplying a hardcoded title and content result in an error about missing a parameter. Frida shell and other scripts work normally.

Expected behaviour

Needle should use frida to check whether it is possible to generate a dialog box.

Actual behaviour

Python produces a stack trace and error.

Steps to reproduce

  1. Load needle and have an application set
  2. use the frida anti-hooking module and run

needle error logs

Ensure verbose and debug mode are enabled:

------------------------------------------------------------
Traceback (most recent call last):
  File "/home/ajohnston/needle/needle/core/framework/module.py", line 111, in do_run
    pre = self.module_pre()
  File "/home/ajohnston/needle/needle/modules/hooking/frida/script_anti-hooking-check.py", line 69, in module_pre
    self.module_run()
  File "/home/ajohnston/needle/needle/modules/hooking/frida/script_anti-hooking-check.py", line 47, in module_run
    self.add_issue('Anti-Hooking Check', 'It was not possible to attach frida: {}'.format(self.msg), 'INVESTIGATE', None)
  File "/home/ajohnston/needle/needle/core/framework/module.py", line 214, in add_issue
    self.ISSUE_MANAGER.issue_add(self.APP_METADATA['bundle_id'], self.meta['path'],
TypeError: 'NoneType' object has no attribute '__getitem__'
------------------------------------------------------------
[!] TypeError: 'NoneType' object has no attribute '__getitem__'

Environment

Needle Version

Workstation Operating System

Ubuntu 16.04

Python Version

2.7.12

Python Packages (pip freeze)

adium-theme-ubuntu==0.3.4 argh==0.26.2 asn1crypto==0.22.0 attrs==17.2.0 Automat==0.6.0 awscli==1.11.149 backports-abc==0.5 backports.ssl-match-hostname==3.5.0.1 base58==0.2.5 bcrypt==3.1.4 beautifulsoup4==4.4.1 biplist==1.0.3 bitcoin==1.1.42 bitmerchant==0.1.8 blinker==1.4 botocore==1.7.7 brotlipy==0.6.0 cachetools==2.0.1 certifi==2017.11.5 cffi==1.10.0 chardet==2.3.0 click==6.7 colorama==0.3.7 commontools==0.1.0 ConfigArgParse==0.11.0 constantly==15.1.0 construct==2.5.3 cryptography==2.0.3 cssutils==1.0.2 dnspython==1.15.0 docutils==0.14 EasyProcess==0.2.3 ecdsa==0.13 EditorConfig==0.12.1 enum34==1.1.6 Flask==0.11.1 frida==10.6.29 futures==3.1.1 fuzzywuzzy==0.15.1 h2==2.4.4 hpack==2.3.0 html2text==2016.9.19 html5lib==0.999 hyperframe==4.0.2 hyperlink==17.3.1 idna==2.6 impacket==0.9.16.dev0 incremental==17.5.0 ipaddress==1.0.18 itsdangerous==0.24 Jinja2==2.10 jmespath==0.9.3 jsbeautifier==1.6.14 keychain==0.14.2.0 keylib==0.1.1 lxml==3.5.0 MarkupSafe==1.0 mitmproxy==0.18.3 netaddr==0.7.18 numpy==1.11.0 paramiko==2.4.0 passlib==1.6.5 pathtools==0.1.2 Pillow==3.4.2 ply==3.7 prompt-toolkit==1.0.15 pyasn1==0.3.2 pyasn1-modules==0.0.11 pybitcoin==0.9.9 pycparser==2.18 pycrypto==2.6.1 Pygments==2.2.0 pygobject==3.20.0 PyNaCl==1.2.1 pyOpenSSL==16.2.0 pyparsing==2.1.10 pyperclip==1.5.32 python-bitcoinrpc==0.1 python-dateutil==2.6.1 python-Levenshtein==0.12.0 python-qt-binding==0.2.17 PyVirtualDisplay==0.2.1 PyYAML==3.12 qt4reactor==1.6 rdpy==1.3.2 readline==6.2.4.1 requests==2.11.1 rsa==3.4.2 s3transfer==0.1.11 scour==0.32 selenium==3.5.0 service-identity==17.0.0 singledispatch==3.4.0.3 six==1.10.0 specan==0.0.0 sshtunnel==0.1.2 texttable==0.8.7 tornado==4.4.3 Twisted==17.5.0 typing==3.5.2.2 unity-lens-photos==1.0 urllib3==1.22 urwid==1.3.1 utilitybelt==0.2.6 watchdog==0.8.3 wcwidth==0.1.7 Werkzeug==0.14.1 zenmap==7.1 zope.interface==4.4.2

Device iOS Version

10.0.2

marco-lancini commented 6 years ago

Hi @ajohnston9 I can ensure the scripts works as intended. In order to debug this issue, we require more information.

Ensure VERBOSE and DEBUG mode are enabled, this will provide us with more detailed needle logs:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Once you have this information, please attach the log files (starting from when you type python needle.py) to this thread and we can assist further.

jk-mayne commented 6 years ago

Ran into this error on my setup as well, also while running the included syslog modules. Seems like the self.add_issue() does not like the None values?

philsof commented 5 years ago

FYI I hit a similar error while using the static/code_checks module. The end of the trace contained references to APP_METADATA:

File "/opt/needle/needle/core/framework/module.py", line 214, in add_issue
    self.ISSUE_MANAGER.issue_add(self.APP_METADATA['bundle_id'], self.meta['path'],
TypeError: 'NoneType' object has no attribute '__getitem__'

So I figured, what if I ran the binary/info/metadata module, then ran the static/code_checks module. Sure enough, running the binary/info/metadata module, then the static/code_checks module, results in the static/code_checks module running properly.

Not sure if this helps with the above issue, but am posting here in case this may help someone.