search

palera1n / jbinit

iOS, iPadOS, tvOS, HomePod Software and bridgeOS booter ramsdisk
Other
68 stars 16 forks source link

Dropbear SSH login fails after bootstrap #10

Open zner0L opened 1 year ago

zner0L commented 1 year ago

I noticed a problem with the dropbear SSH server running on port 44 on the device. I can’t log in either as mobile or root (though for root this is to be expected) with the password I set up in the bootstrapping process (which happens to be alpine, so that doesn’t work either).

To reproduce: I used version v2.0.0-beta.7 of palera1n:

❯ palera1n --version
palera1n 2.0.0
a30e2ef32aef908e60ad25ae2e2d506b1c26cfe5 388 (HEAD)

Build date: Tue May 30 05:42:26 UTC 2023
Build style: RELEASE
Build tag: v2.0.0-beta.7
Built by: runner
USB backend: IOKit
Build options: ROOTFUL
  1. Do a rootful jailbreak of a device (I tested an iPhone 6S with iOS 15.7.3 and an iPhone X with iOS 16.4.1): palera1n -fc
  2. Start the jailbroken device in rootful mode: palera1n -f
  3. Start the USB port forwarding (e.g. iproxy 44444:44, I used pymobiledevice3 usbmux forward 44444 44).
  4. Log into the dropbear ssh with user root or mobile and password alpine (ssh mobile@localhost -p 44444). This works. Exit again.
  5. Go into the palera1n loader app and install Sileo. When promted for a password, enter alpine.
  6. Restart the forwarding proxy and try to login as mobile. This will not accept the password and fail: 
    ❯ ssh mobile@localhost -p 44444 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
Warning: Permanently added '[localhost]:44444' (RSA) to the list of known hosts.
mobile@localhost's password: 
Permission denied, please try again.
mobile@localhost's password: 
Permission denied, please try again.
mobile@localhost's password: 
mobile@localhost: Permission denied (publickey,password).

The syslog:

❯ pymobiledevice3 syslog live -e dropbear # The syslog filtered for the expression "dropbear"
2023-07-04 16:40:21.217028 dropbearmulti{substitute-loader.dylib}[6953] <Info>: ExtensionLoader <private>: startup
2023-07-04 16:40:21.218012 dropbearmulti{substitute-loader.dylib}[6953] <Debug>: ExtensionLoader <private>: SafeMode path is <private>
2023-07-04 16:40:21.220332 dropbearmulti{substitute-loader.dylib}[6953] <Debug>: ExtensionLoader <private>: completed in 4 ms
2023-07-04 16:40:21.228770 dropbearmulti{dropbearmulti}[6953] <Info>: Child connection from 127.0.0.1:50503
2023-07-04 16:40:24.404290 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:26.697458 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:28.829281 dropbearmulti{dropbearmulti}[6953] <Notice>: Bad password attempt for 'mobile' from 127.0.0.1:50503
2023-07-04 16:40:29.135477 dropbearmulti{dropbearmulti}[6953] <Info>: Exit before auth from <127.0.0.1:50503>: (user 'mobile', 3 fails): Exited normally
ghost commented 1 year ago

This is a known issue, it is due to Dropbear not being linked to the library required to support passwords with a stronger hashing algorithm which is set during bootstrap. You can add an SSH key or use OpenSSH on port 22 after bootstrapping for now. (On rootful OpenSSH isn't automatically installed right now, but it's planned to auto-install it in the future.)

zner0L commented 1 year ago

Ah thanks for the quick reply! I couldn’t find any documentations on this and was really getting worried whether I can type the password correctly.