search

nabla-c0d3 / ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Other
3.08k stars 466 forks source link

ssl-kill-switch2 cannot disable cert pinning in iOS11 #37

Closed holyswordman closed 6 years ago

holyswordman commented 6 years ago

Cannot capture itune/apple id login https packets. I also cannot capture app store packets in iOS11 with ssl-kill-switch2 enabled.

It seems doesn't rely on "tls_helper_create_peer_trust" in iOS11.

Here's AuthKit log:


20:00:49.842788 +0800   akd Requesting clearance to begin auth with context <private>...
20:00:49.843602 +0800   akd Cleared to begin auth with context <private>!
20:00:49.843736 +0800   akd Current context does not permit non-interactive auth.
20:00:49.843890 +0800   akd Context did not provide a username and/or password.
20:00:49.846842 +0800   akd Reachability Flag Status: -R ------- networkStatusForFlags
20:00:49.847012 +0800   akd Collecting user credentials...
20:00:49.847148 +0800   akd No altDSID on context. Nothing to validate.
20:00:56.745619 +0800   akd Successfully obtained password. Time for SRP auth.
20:00:56.751974 +0800   akd altDSID is available for auth: <private>
20:00:56.755511 +0800   akd Context eligibility for piggybacking: NO
20:00:56.755646 +0800   akd Client is eligible for piggybacking: NO
20:00:56.757915 +0800   akd Password available. Will ask for bootstrap password-based auth.
20:00:56.758035 +0800   akd Sending prkgen: YES
20:00:56.758181 +0800   akd The client indicated support for ckgen: YES
20:00:56.758453 +0800   akd ckgen supported: YES
20:00:56.818729 +0800   akd SendRequestAndCreateResponse: submissing a request to: <private>
20:00:56.818867 +0800   akd TIC Enabling TLS [11:0x100962340]
20:00:56.818934 +0800   akd TIC TCP Conn Start [11:0x100962340]
20:00:56.819292 +0800   akd Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> setting up Connection 11
20:00:56.823567 +0800   akd TIC TCP Conn Connected [11:0x100962340]: Err(16)
20:00:56.823770 +0800   akd TIC TCP Conn Event [11:0x100962340]: 1
20:00:57.031003 +0800   akd TIC Enabling TLS [11:0x100962340]
20:00:57.043570 +0800   akd TIC TLS Event [11:0x100962340]: 1, Pending(0)
20:00:57.554276 +0800   akd TIC TLS Event [11:0x100962340]: 2, Pending(0)
20:00:57.555108 +0800   akd TIC TLS Event [11:0x100962340]: 11, Pending(0)
20:00:57.555446 +0800   akd TIC TLS Event [11:0x100962340]: 12, Pending(0)
20:00:57.555779 +0800   akd TIC TLS Event [11:0x100962340]: 14, Pending(0)
20:00:57.556124 +0800   akd -[AIASSession URLSession:task:didReceiveChallenge:completionHandler:]: checking pinning
20:00:57.557437 +0800   akd could not disable pinning: not an internal release
20:00:57.575677 +0800   akd  [leaf AnchorApple CheckIntermediateMarkerOid CheckLeafMarkerOid]
20:00:57.576008 +0800   akd -[AIASSession URLSession:task:didReceiveChallenge:completionHandler:]: pinning failed
20:00:57.590835 +0800   akd -[AIASSession URLSession:task:didCompleteWithError:]: <private>: <private>
20:00:57.590936 +0800   akd SendRequestAndCreateResponse: failed to fetch request <private>: <private>
20:00:57.591020 +0800   akd AppleIDAuthSupport: setError: <private>
20:00:57.591107 +0800   akd Invalid/missing value for key alias: (null)
20:00:57.591191 +0800   akd Invalid/missing value for key acname: (null)
20:00:57.591274 +0800   akd Invalid value for key ut: (null)
20:00:57.591356 +0800   akd Authentication with server failed! Error: <private>
20:00:57.591440 +0800   akd TIC TCP Conn Cancel [11:0x100962340]
20:00:57.591605 +0800   akd Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> HTTP load failed (error code: -999 [1:89])
20:00:57.591687 +0800   akd Failing auth due to verification error: <private>
20:00:57.592065 +0800   akd Attempting to show login error: <private>
20:00:57.592449 +0800   akd Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> finished with error - code: -999
ghost commented 6 years ago

Getting the same error, hopefully someone can update it to work on iOS 11.1.x.

nabla-c0d3 commented 6 years ago

I am waiting for Substrate to be released

MuchiMuchiPink commented 6 years ago

Wouldn't it work with Substitute?

hiburn8 commented 6 years ago

I tried using Electra's SBinject to load the jailed substrate dylib here: and then injecting the killswitch dylib directly into a process at the same time. But that didnt work... just saving people 5 minutes who think to try it. I'm not sure why it didnt work.. maybe SBinject loads killswitch before the substrate library, or maybe the substrate library is missing some superpowers from the 'real' substrate. Or maybe the killswitch library actually checks preferenceloader (sorry, i've not read the code).. before actually swizzling methods, in which case it would never work as preference loader is obviously not present.

MuchiMuchiPink commented 6 years ago

Electra now comes with a Substrate Compatibility Layer. SSLKillSwitch installs without any issues via dpkg, but doesn't show up in the menu. Wonder if you give it a shot now or still wait? Thanks for your great work again.

bakzeit commented 6 years ago

@MuchiMuchiPink i already installed with 11.1.1 and SSLKillSwitch 2 showing in menu .. but also not working .. maybe apple have changed something in iOS 11

zbzriz commented 6 years ago

@holyswordman where do you find the AuthKit log?

zbzriz commented 6 years ago

I can't capture any Https packets on iOS11.1

MuchiMuchiPink commented 6 years ago

@bakzeit on Electra 1.02? When I installed it manually on Electra beta it did show up in the menu as well. Now that I tried it on release via dpkg it doesn't. Even installed Rocketbootstrap and PreferenceLoader betas via rpetrich's repo.

bakzeit commented 6 years ago

@MuchiMuchiPink Electra 1.0.1 that what im on .. and what i just found yesterday .. i dont know if it is odd behavior ? when SSLKillSwitch in menu is turned on ... i cannot get any icloud mail , open pages in safari etc .. even im not intercepting https trafic at all , and when it is OFF in menu panel .. all works perfectly !! maybe SSLKillswitch on iOS 11 is conflicting with what apple changed in it and hence wont open any connection to apple servers

MuchiMuchiPink commented 6 years ago

@bakzeit well that's more than what I got. Not a single tweak shows up in my menu.

mtshare commented 6 years ago

@nabla-c0d3 Please add support to iOS11 since Electra + Sobstitute is almost stable and probably the only jailbreak solution. SSLKillSwitch is one of the few reason to jailbreak devices.

mwpcheung commented 6 years ago

@nabla-c0d3 Please add support to iOS11 since Electra

ios11appstore commented 6 years ago

I know how to sniff https requests on iOS11, you can contact saulgoodman(at)foxmail.com

lgq2015 commented 6 years ago

There's a problem with this upgrade. I'm not doing it well. I have a version that I can work here. Need to contact me QQ 2011229763 or 2011229763@qq.com.

nabla-c0d3 commented 6 years ago

Thanks to @mwpcheung it now works on iOS 11.

1trackprojects1 commented 3 years ago

same issue is come on iOS 14.2 with snapchat, can someone please help