search

xsscx / srd

Welcome to Hoyt's SRD Repo for the Apple Security Research Device. Contribute Code or Open an Issue or Discussion.
Other
63 stars 12 forks source link

SUMMARY: Suggested changes for dropbear configure.ac for srd on iOS 15 | srd ssh login issue #31

Closed xsscx closed 2 years ago

xsscx commented 2 years ago

SUMMARY

ssh login doesn't work for example-cryptex, conftest crash

It has been found that obsolete macros in dropbear won't build a default binary to allow for srd login via ssh. A suggested Fix for dropbear configure.ac is at URL:

https://raw.githubusercontent.com/xsscx/srd/main/srd_tools-24.100.3/example-cryptex/src/dropbear/configure.ac

For those who enjoy bypassing the build pipeline, see URL https://github.com/xsscx/srd/tree/main/dmg

These are the errors addressed via the suggested configure.ac

[dropbear] - [+] Building dropbear
[dropbear] - Checking you have automake on your path to configure dropbear
configure.ac:27: warning: underquoted definition of DB_TRYADDCFLAGS
configure.ac:27:   run info Automake 'Extending aclocal'
configure.ac:27:   or see https://www.gnu.org/software/automake/manual/automake.html#Extending-aclocal
configure.ac:367: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:367: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:367: the top level
configure.ac:382: warning: The macro `AC_HEADER_TIME' is obsolete.
configure.ac:382: You should run autoupdate.
./lib/autoconf/headers.m4:743: AC_HEADER_TIME is expanded from...
configure.ac:382: the top level
configure.ac:862: warning: The macro `AC_CONFIG_HEADER' is obsolete.
configure.ac:862: You should run autoupdate.
./lib/autoconf/status.m4:719: AC_CONFIG_HEADER is expanded from...
configure.ac:862: the top level
configure: WARNING: using cross tools not prefixed with host triplet
configure: WARNING: ** Cannot find lastlog **

It has also been found that the default entitlements for dropbear from the Apple ./example-cryptex/ are:

Binary has 3 boolean entitlements:
    com.apple.security.network.client: true
    com.apple.security.network.server: true
    com.apple.private.security.no-container: true

Required Changes: Bump to XNU-8019.41.5

Reported: https://github.com/apple/security-research-device/issues/57

Knowledgebase

xsscx commented 2 years ago

Reproduction for "can't build IOKitKeysPrivate.h"[

You've run:

make clean
make install

Somewhere in the Build Log, you see: 

[something] - [%] Building something
[something] - Checking for macOS SDK at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.3.sdk
[comething] - Checking for iOS SDK at /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.5.sdk
[something] - [%] Building something
make[1]: *** No rule to make target `./srd_tools-24.100.3/example-cryptex/sdk-graft/downloads/xnu-8019.41.5/iokit/IOKit/IOKitKeysPrivate.h', needed by `.//example-cryptex/sdk-graft/include/IOKit/IOKitKeysPrivate.h'.  Stop.
make: *** [./srd_tools-24.100.3/example-cryptex//src/nvram] Error 2

Cause: The XNU Download & Build has failed.

FIX

sudo xattr -c * sdk-graft/* src/* src/*/*
make clean
make install