- Pairing an iOS device to a host (computer running iTunes) gives that host significant access to data on the iOS device and requires connecting the unlocked iOS device to a host over USB
- Once paired, that host (or another host that has stolen its pairing record) can access significant amounts of user personal data from the iOS device over USB and Wi-Fi through the com.apple.mobile.file_relay and com.apple.mobile.house_arrest lockdown services
- These services will not return user data files that are encrypted and locked by iOS Data Protection but the files returned by file_relay are not protected by iOS Data Protection and do include significant amounts of personal user data that would otherwise be encrypted in iTunes encrypted backups ("Encrypt Backup" is enabled)
- The com.apple.mobile.file_relay service is not used or referenced by any public Apple software so its intended client software is unknown outside of Apple
- Apple released a [Knowledge Base article](https://support.apple.co
David Weinstein dweinstein
dweinstein
/ summary.txt
Created
August 27, 2019 16:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| onMessage | |
| onMessage | |
| automation | |
| onMessage | |
| ispy-console 2019-08-27 10:34:23.706613-0500 OfferUp[3150:69885] TIC SSL Trust Error [79:0x1c4376c80]: 3:0 | |
| ispy-console 2019-08-27 10:34:23.707447-0500 OfferUp[3150:69885] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) | |
| 2019-08-27 10:34:23.707847-0500 OfferUp[3150:69885] Task <85C2A93B-4CDD-4AE5-98FA-A42808ACDCD2>.<1> HTTP load failed (error code: -1202 [3:-9813]) | |
| ispy-console 2019-08-27 10:34:23.708246-0500 OfferUp[3150:70071] Task <85C2A93B-4CDD-4AE5-98FA-A42808ACDCD2>.<1> finished with error - code: -1202 |
dweinstein
/ xctesting_in_repl_or_script.swift
Last active
September 6, 2018 15:49
— forked from lzell/xctesting_in_repl_or_script.swift
Using XCTest in the swift repl or standalone script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Start repl with: | |
| // $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/ | |
| // Or run as script: | |
| // $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/ % | |
| import Foundation | |
| if dlopen("/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/XCTest.framework/XCTest", RTLD_NOW) == nil { |
dweinstein
/ ios_lockdown_diag_services.md
Created
June 19, 2018 04:15
— forked from ddz/ios_lockdown_diag_services.md
iOS Lockdown Diagnostic Services
dweinstein
/ gist:5b7cb239fe40e97d32388e23ebd8cccc
Created
February 20, 2018 20:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---> com.citi.citimobile Keybuilder 12 Asymm location: com.citi.corelibrary.utils.EligibilityChecks/boolean isSecureHardwareAvailable()/specialinvoke $r2.<android.security.keystore.KeyGenParameterSpec$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12) extra: u'specialinvoke $r2.<android.security.keystore.KeyGenParameterSpec$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12)' sslice: | |
| ---> com.citi.citimobile Keybuilder 5 Asymm location: |
dweinstein
/ sepsplit.c
Created
August 18, 2017 14:47
— forked from xerub/sepsplit.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SEP firmware split tool | |
| * | |
| * Copyright (c) 2017 xerub | |
| */ | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
dweinstein
/ ios_apps.csv
Last active
March 12, 2017 19:38
Sample of popular apps observed (via dynamic analysis) to possibly use Cloudflare https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| application_id | package_name | title | version_string | domain | |
|---|---|---|---|---|---|
| 282935706 | tv.lifechurch.bible | Bible | 7.2 | cloudflare.com | |
| 284910350 | com.yelp.yelpiphone | Yelp | 11.4.0 | cloudflare.com | |
| 290853822 | net.box.BoxNet | Box for iPhone and iPad | 4.0.1 | cloudflare.com | |
| 300255638 | com.abcnews.ABCNews | ABC News – Watch Breaking US & World News, Live Video & Election Coverage | 5.10.0 | cloudflare.com | |
| 304154888 | com.nicusa.FBIMostWanted | Most Wanted | 2.3 | cloudflare.com | |
| 319881193 | com.grindrguy.grindrx | Grindr - Gay, bi, social networking and dating app to chat and meet guys | 3.0.13 | cloudflare.com | |
| 322439990 | com.fboweb.MyRadar | MyRadar NOAA Weather Radar – Forecasts, Storms, and Earthquakes | 4.4.4 | cloudflare.com | |
| 327630330 | com.getdropbox.Dropbox | Dropbox | 28.2 | cloudflare.com | |
| 329913454 | com.crunchyroll.iphone | Crunchyroll - Everything Anime | 3.00.2 | cloudflare.com |
dweinstein
/ guess-encoding.js
Last active
October 21, 2016 01:12
Guess encoding of zip based on `_zip_guess_encoding` from libzip
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const ZIP_ENCODING_UNKNOWN = 0; | |
| const ZIP_ENCODING_ASCII = 1; | |
| const ZIP_ENCODING_UTF8_KNOWN = 2; | |
| const ZIP_ENCODING_UTF8_GUESSED = 3; | |
| const ZIP_ENCODING_CP437 = 4; | |
| const ZIP_ENCODING_ERROR = 5; | |
| module.exports.zipEncodings = { |
dweinstein
/ 0README.md
Last active
October 9, 2016 15:36
Template for organizing Frida agents. Should make it easier for community to be able to reuse code. Example device side agents and how to potentially organize them.
The idea here is to organize multiple agent scripts into modules that can be combined into an aggregated agent.
frida agents generally live under e.g., an ./lib/agents directory in a top level project.
For each agent script we need a top level runner and then we use frida-compile to build into a single agent script that we can load.
dweinstein
/ example.md
Last active
June 10, 2016 14:41
configuration / CLI options via RC or env node.js
// config.js
const config = require('rc')('setupios', {
default: 'value',
other: {
thing: 'blah'
}
});
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const tsml = require('tsml'); | |
| const USER_AGENT = tsml`Android-Finsky/6.4.12.C-all%20%5B0%5D%202744941 | |
| (api=3,versionCode=80641200,sdk=23,device=flo,hardware=flo,product=razor, | |
| platformVersionRelease=6.0.1,model=Nexus%207,buildId=MOB30J,isWideScreen=0)`; | |
| const DOWNLOAD_MANAGER_USER_AGENT = tsml`AndroidDownloadManager/6.0.1 | |
| (Linux; U; Android 6.0.1; Nexus 7 Build/MOB30J)`; | |
| module.exports = { | |
| USER_AGENT: USER_AGENT, |
NewerOlder