Mila432
commented
7 years ago Inject the dylib right and profit , iCloud login working just fine here
Closed ChristopherHammond13 closed 7 years ago
Mila432
commented
7 years ago Inject the dylib right and profit , iCloud login working just fine here
nabla-c0d3
commented
7 years ago Thanks for the insight @Mila432 =)
Mila432
commented
7 years ago We have the same issues like here http://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/
ChristopherHammond13
commented
7 years ago @Mila432 thanks for this! So killing the process should be enough? I attempted this with a lot of processes (akd, accountsd, cloudd, identityservicesd, etc) but I was using the killall command; is this insufficient? I even tried using launchctl unload / launchctl load but iMessage was still chucking errors out on the event log and neither iMessage would activate nor would iCloud sign in.
Could be that killall sends the wrong signal?
Definitely could be me being stupid though :)
Mila432
commented
7 years ago @ChristopherHammond13 for icloud akd is enough , current plist limit will not inject into akd remove the plist and kill again
try
kill -s KILL pid
not sure if it makes any difference
nabla-c0d3
commented
7 years ago What's the full package name? I can add it to the plist
ChristopherHammond13
commented
7 years ago Thanks for the suggestions, all!
So I removed the plist and resprung (rebooted, too), and pinning appears to be disabled for a lot of apps. However, despite killing akd, securityd, apsd, accountsd, identityservicesd, gamed, locationd, CommCenter, amfid, backboardd/SpringBoard, Preferences and nsurlsessiond (basically anything that was throwing any errors or TLS messages onto the syslog), I still cannot log into iMessage or iCloud :(
Is it worth adding the bundle IDs to the plist? I assumed that the default in Cydia Substrate is to hook the TLS Pinning code in every binary if the filter is not in place.
Thanks so much again :) 👍
nikolac92
commented
7 years ago Any update on this one? Can't get it to work with itunesstored on 10.2 (Tryed killing all the above processes, and changing/removing the filter plist) Thanks!
I've been looking through this patch and trying to get my head around CFNetwork (but I'm pretty bad at reversing things so please excuse my ignorance here!)
I am still getting in the event log TIC SSL Trust Errors, which tells me there's probably another implementation of the Certificate Pinning process somewhere. Again this all seems to be happening in TCPIOConnection (perhaps by obtaining a tlsProcessTrustPolicyResult?).
A way to get these errors seems to be just trying to activate iMessage with the Kill Switch enabled. You also cannot log into iCloud even with the kill switch, so I can only assume that either: 1) imagent / aks / apns use their own statically compiled certificate checking algorithm, or 2) There is another implementation of the certificate pinning checks.
This header looks kind of interesting, but it looks like it sets up certificate chain verification; I can't seem to find where this is actually retrieved.
I know for sure that the patch is loading, however, as I'm able to browse to SSL Pinned sites in Safari.