All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- [CORE] Search PID for System Apps
- [MODULE] Keychain extraction of data not encodable in UTF8 [from @federicodotta]
- [MODULE] Improved jailbreak detection bypass (
dynamic/detection/script_jailbreak-detection-bypass.py) - [MODULE] Improved certificate pinning bypass (
comms/proxy/pinning_bypass_frida)
- [CORE] Asyncore problems [from @floyd-fuh]
- [CORE] Asyncore, replaced by regular sockets [from @floyd-fuh]
- [CORE] Support for System Applications
- [CORE] Global variable
HIDE_SYSTEM_APPS: if set toTrue, only 3rd party apps will be shown - [MODULE]
SignerIdentityincluded inbinary/info/metadata - [MODULE]
binary/info/provisioning_profileautomatically parses the embedded certificate looking for distribution profiles - [MODULE]
hooking/frida/script_anti-hooking-checkautomatically detects if the app prevents hooking
- [MODULE] Case sensitivity issues in
device/dependency_installer[from @tghosth]
- [CORE] Non-interactive mode: new command line interface (
python needle-cli.py) which allows to completely script Needle - [CORE] Version checking, to ensure the latest version of Needle is being used
- [CORE] Add support for binary thinning
- [MODULE] Frida Script: hook all methods of the specified class (
hooking/frida/script_hook-all-methods-of-class) - [MODULE] Frida Script: hook a particular method of a specific class (
hooking/frida/script_hook-method-of-class)
- [CORE] Search PID for apps with a space in their name
- [CORE] Remove infinite loop from
Retrydecorator, which attempts to restore a connection with the device if it fails - [CORE] Metadata parsing for app extensions
- [CORE] Re-added support on iOS for:
storage/data/keychain_dump,binary/reversing/strings,binary/reversing/class_dump - [CORE] Use unquote to convert spaces. Fixes Issue #15 [from @ccsplit]
-
[CORE] Issue Auto-Detection: modules will now automatically detect and keep track of issues in the target app. All the issues are going to be stored in the
issues.dbSQLite database, contained in the chosen output directory. Every issue will hold the following attributes:app,module,name,content,confidence level('HIGH', 'MEDIUM', 'INVESTIGATE', 'INFORMATIONAL'),outfile -
[CORE] New commands:
issues(list all the issues identified),add_issue(manually add an issue to the collection) -
[CORE] Frida Attach or Spawn: added option in Frida modules to either attach to or spawn a process
-
[CORE] New global option:
skip_output_folder_check. It allows to skip the check that ensures the output folder does not already contain other files -
[MODULE] Created the
devicecategory -
[MODULE] Dependency Installer (
device/dependency_installer) -
[MODULE] MDM Effective User Settings (
mdm/effective_user_settings) [from @osimonnet]
- [CORE] Moved installation of dependencies to its own module (
device/dependency_installer) - [CORE] Frida support for 32bit devices
- [CORE] Automatic reconnection if SSH/Agent connection drops (
Retrydecorator) - [CORE] Re-introduce support for
ipainstaller(iOS<10) - [MODULE] Compatibility of modules requiring app decryption (iOS 10)
- [CORE]
SETUP_DEVICEglobal option, in favour ofdevice/dependency_installer
- [AGENT] Improved communication with the Agent
- [AGENT] Replaced
telnetlibwithasyncore
- [AGENT] Improved communication with the Agent
- [AGENT] Released Needle Agent
- [CORE] iOS 10 Support
- [CORE] Overhaul of the Core
- [CORE] Possibility to disable modules if running incompatible version of iOS
- [MODULE] Simple CLI Client (
various/agent_client) - [MODULE] Frida Jailbreak Detection Bypass (
dynamic/detection/script_jailbreak-detection-bypass.py) [from @HenryHoggard] - [MODULE] Frida Touch Id Bypass (
hooking/frida/script_touch-id-bypass) [from @HenryHoggard] - [SUPPORT] Updated documentation
- [MODULE] Fix
storage/data/keychain_dump_fridaACL Parsing [from @bernard-wagner] - [MODULE] Frida modules spawn app with Frida instead of UIOpen [from @HenryHoggard]
- [MODULE] Frida enumerate methods performance enhancement [from @HenryHoggard]
- [CORE] Dependencies superseded by the Needle Agent
- [CORE] Preliminary support for iOS10
- [CORE] Support for persisting command history across sessions
- [CORE] Improved metadata parsing for extensions
- [CORE] Improved issues recognition from metadata
- [CORE] Improved plist parsing
- [CORE] Star out password [from @tghosth]
- [MODULE] Frida Script: TLS Pinning Bypass (
hooking/frida/script_pinning_bypass) - [MODULE] Frida Script: Keychain Dumper (
hooking/frida/script_dump-keychain) [from @bernard-wagner] - [MODULE] Frida Script: iCloud Backups (
hooking/frida/script_documents-backup-attr) [from @bernard-wagner] - [MODULE] Frida Script: Anti Hooking Checks (
hooking/frida/script_anti-hooking-check) [from @HenryHoggard] - [MODULE] Calculate binary checksums (
binary/checksums) [from @HenryHoggard] - [MODULE] Retrieve application container (
storage/data/container) - [MODULE] Strings: now look also in the application resources (
binary/strings) - [MODULE] Provisioning profile: Inspect the provisioning profile of the application (
binary/provisioning_profile)
- [CORE] Modified the organization of modules into packages
- [CORE] App metadata: creation of binary path from MobileInstallation.plist
- [CORE] Plist wrapper using biplist
- [CORE] Multiple plist parsing issues [from @tghosth]
- [CORE] Paramiko hanging waiting for an EOF [from @TheBananaStand]
- [MODULE] Frida Script: print view hierarchy (
hooking/frida/script_dump-ui) [from @HenryHoggard] - [MODULE] Improved SQLite DB identification by reducing false positives and false negatives [from @HenryHoggard]
- [MODULE] Editing with different editors [from @tghosth]
- [MODULE] Clean storage does not need to require a target
- [CORE] Unused dependencies
- [CORE] Support for plist files into print_cmd_output
- [CORE]
movefunction for Remote operations - [CORE] Automatically install Theos
- [CORE] Automatically install SSL Kill Switch
- [CORE] Add
validate_editor(core/framework/module) - [CORE] Parametrize
module_run(core/framework/module) - [CORE] Centralized utility for user interaction
- [MODULE] Theos integration (
hooking/theos/theos_tweak) - [MODULE] List installed Tweaks (
hooking/theos/list_tweaks) - [MODULE] Frida Script: print view hierarchy (
hooking/frida/script_dump-ui) - [MODULE] Install Burp Proxy CA Certificate (
comms/certs/install_ca_burp) - [MODULE] Allow using nano to edit hosts file (
various/hosts) [from @tghosth] - [MODULE] Automatically print row counts for standard tables in Cache.db files (
storage/data/files_cachedb) [from @tghosth] - [MODULE] Automatically print row counts for tables in SQL files (
storage/data/files_sql) [from @tghosth] - [MODULE] View Server Certificate (
comms/certs/view_cert) [from @tghosth] - [MODULE] Pull IPA: pull the binary as well as the .ipa file (
binary/pull_ipa) [from @tghosth]
- [CORE] Sanitization of parsed plist files
- [CORE] App metadata: show all URI handlers
- [CORE] Invalid characters when parsing plist files
- [CORE] Minor on Remote Operations' wrapper:
list_dirandcat_file - [MODULE] Dump entire keychain [idea from @tghosth]
- [MODULE]
storage/caching/screenshot: OS X support for rendering preview images - [MODULE] Error saving files in
storage/data/files_*modules [from @tghosth] - [MODULE] Run proxy regular even without selecting a target app
- [MODULE] File monitoring: automatically detect folder to monitor (regression)
- [CORE] OS X Support
- [CORE] iOS 9 compatibility support [from @ch1kpee]
- [CORE] Global output path
- [CORE] Support for SSH public key auth [from @hduarte]
- [MODULE] Dump contents of keyboard autocomplete cache (
storage/caching/keyboard-autocomplete) [from @zakm123] - [MODULE] Apple Transport Security (ATS) metadata support (
binary/metadata) [from @alexplaskett] - [MODULE] Circumvent Touch ID when implemented using LocalAuthentication framework (
hooking/cycript/cycript_touchid) [from @istais] - [MODULE]
storage/data/files_*: now is possible to dump all files [idea from @tghosth] - [MODULE] Support for App Extension Bundles metadata (
binary/metadata) [from @alexplaskett] - [MODULE] Display an applications universal links (
binary/universal_links) [from @alexplaskett] - [MODULE] Show the content of the device's
/etc/hostsfile, and offer the chance to edit it (various/hosts) - [SUPPORT] Contribution guide and module templates
- [SUPPORT] ISSUE_TEMPLATE for github
- [SUPPORT] Logo and Twitter handle
- [CORE] TCPrelay execute mode permissions
- [CORE] Install
coreutilsbeforehand - [CORE] Replaced
frida.spawnwithuiopen - [CORE] Error on exit and
get_ipfor OS X - [CORE] Fixed 2 bugs related to TCP relay and refresh of the connection parameters [from @hduarte]
- [CORE] iOS 9.3.3 search pid support inside containers [from @n1xf1]
- [CORE] Issues with paths containing spaces
- [MODULE] Dump keychain even when no apps are installed
- [MODULE] Minor edits on module descriptions [from @tghosth]
- [MODULE]
DTPlatformVersionexception [from @alexplaskett] - [MODULE] Keychain Dump: reverted back to
keychaineditor - [MODULE] Syslog watch (
dynamic/watch/syslog) and monitor (dynamic/monitor/syslog) not working when using SSH over wi-Fi: switched toondeviceconsole
- [CORE] Dependencies check
- [CORE] Dependency to
libimobiledevice - [MODULE] Unstable modules (
fuzz_ipc,lldb_shell)
- Ported to iOS9
- First Public Release