An extreme method of disabling most certificate verification checks within iOS applications. TrustMe will defeat certificate pinning in most cases.
Requires a jailbroken device. This "Tweak" disables the SecTrustEvaluate. It should only be used on testing devices with no personal data or information, since this will completely disable most SSL safeguards.
- MobileSubstrate (Should come with jailbroken devices)
- dpkg (Install from Cydia)
Download the dpkg
wget https://www.dropbox.com/s/zyltyoa7s1x3m47/com.intrepidusgroup.trustme_0.1-4_iphoneos-arm.deb dpkg -i com.intrepidusgroup.trustme_0.1-4_iphoneos-arm.deb
To disable it, uninstall the deb:
dpkg -r com.intrepidusgroup.trustme
Alternately, you can edit the plist located at /Library/MobileSubstrate/DynamicLibraries/trustme.plist
Documentation on the format of the plist can be found at
Building requires theos.
This is a Theos 'tweak' project. Use theos to create the required files and then run:
This tool is patterned on ios-ssl-kill-switch (https://github.com/iSECPartners/ios-ssl-kill-switch). Trustme uses a similar technique, but targets a C function that is lower in the call chain of most SSL certificate validation code, which allows it to disable more SSL validation code.