search

nabla-c0d3 / ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Other
3.07k stars 466 forks source link

iOS 9 Push Daemon Cert Pinning #10

Closed jjjapj closed 8 years ago

jjjapj commented 8 years ago

Hi, I am unable to successfully pin certificates to the push daemon (apsd). I tried adding com.apple.apsd to SSLKillSwitch2.plist and re-building, which made a deb package I could install, but iOS is still rejecting the certificates for the push proxy. These same certificates and setup work great on iOS 7 and 8. iOS 9 is doing something else, presumably with App Transport Security. Here is some log data:

Jan 16 21:06:57 x-iPhone apsd[265]: MS:Notice: Injecting: com.apple.apsd [apsd] (1240.10)
Jan 16 21:06:57 x-iPhone apsd[265]: MS:Notice: Loading:     /Library/MobileSubstrate/DynamicLibraries/SSLKillSwitch2.dylib
Jan 16 21:06:57 x-iPhone apsd[265]: === SSL Kill Switch 2: Preference set to 1.
Jan 16 21:06:57 x-iPhone apsd[265]: === SSL Kill Switch 2: Subtrate hook enabled.

and then when it tries to connect to push server:

Jan 16 21:07:33 x-iPhone apsd[265]: CFNetwork SSLHandshake failed (-9801)
nabla-c0d3 commented 8 years ago

Hi, Yes this seems to be related to ATS. Please have a look at https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/ and let me know if it didn't work. Thanks,