Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl-kill-switch2 cannot disable cert pinning in iOS11 #37

Closed
holyswordman opened this issue Jan 21, 2018 · 17 comments
Closed

ssl-kill-switch2 cannot disable cert pinning in iOS11 #37

holyswordman opened this issue Jan 21, 2018 · 17 comments

Comments

@holyswordman
Copy link

holyswordman commented Jan 21, 2018
edited

Cannot capture itune/apple id login https packets.
I also cannot capture app store packets in iOS11 with ssl-kill-switch2 enabled.

It seems doesn't rely on "tls_helper_create_peer_trust" in iOS11.

Here's AuthKit log:

20:00:49.842788 +0800	akd	Requesting clearance to begin auth with context <private>...
20:00:49.843602 +0800	akd	Cleared to begin auth with context <private>!
20:00:49.843736 +0800	akd	Current context does not permit non-interactive auth.
20:00:49.843890 +0800	akd	Context did not provide a username and/or password.
20:00:49.846842 +0800	akd	Reachability Flag Status: -R ------- networkStatusForFlags
20:00:49.847012 +0800	akd	Collecting user credentials...
20:00:49.847148 +0800	akd	No altDSID on context. Nothing to validate.
20:00:56.745619 +0800	akd	Successfully obtained password. Time for SRP auth.
20:00:56.751974 +0800	akd	altDSID is available for auth: <private>
20:00:56.755511 +0800	akd	Context eligibility for piggybacking: NO
20:00:56.755646 +0800	akd	Client is eligible for piggybacking: NO
20:00:56.757915 +0800	akd	Password available. Will ask for bootstrap password-based auth.
20:00:56.758035 +0800	akd	Sending prkgen: YES
20:00:56.758181 +0800	akd	The client indicated support for ckgen: YES
20:00:56.758453 +0800	akd	ckgen supported: YES
20:00:56.818729 +0800	akd	SendRequestAndCreateResponse: submissing a request to: <private>
20:00:56.818867 +0800	akd	TIC Enabling TLS [11:0x100962340]
20:00:56.818934 +0800	akd	TIC TCP Conn Start [11:0x100962340]
20:00:56.819292 +0800	akd	Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> setting up Connection 11
20:00:56.823567 +0800	akd	TIC TCP Conn Connected [11:0x100962340]: Err(16)
20:00:56.823770 +0800	akd	TIC TCP Conn Event [11:0x100962340]: 1
20:00:57.031003 +0800	akd	TIC Enabling TLS [11:0x100962340]
20:00:57.043570 +0800	akd	TIC TLS Event [11:0x100962340]: 1, Pending(0)
20:00:57.554276 +0800	akd	TIC TLS Event [11:0x100962340]: 2, Pending(0)
20:00:57.555108 +0800	akd	TIC TLS Event [11:0x100962340]: 11, Pending(0)
20:00:57.555446 +0800	akd	TIC TLS Event [11:0x100962340]: 12, Pending(0)
20:00:57.555779 +0800	akd	TIC TLS Event [11:0x100962340]: 14, Pending(0)
20:00:57.556124 +0800	akd	-[AIASSession URLSession:task:didReceiveChallenge:completionHandler:]: checking pinning
20:00:57.557437 +0800	akd	could not disable pinning: not an internal release
20:00:57.575677 +0800	akd	 [leaf AnchorApple CheckIntermediateMarkerOid CheckLeafMarkerOid]
20:00:57.576008 +0800	akd	-[AIASSession URLSession:task:didReceiveChallenge:completionHandler:]: pinning failed
20:00:57.590835 +0800	akd	-[AIASSession URLSession:task:didCompleteWithError:]: <private>: <private>
20:00:57.590936 +0800	akd	SendRequestAndCreateResponse: failed to fetch request <private>: <private>
20:00:57.591020 +0800	akd	AppleIDAuthSupport: setError: <private>
20:00:57.591107 +0800	akd	Invalid/missing value for key alias: (null)
20:00:57.591191 +0800	akd	Invalid/missing value for key acname: (null)
20:00:57.591274 +0800	akd	Invalid value for key ut: (null)
20:00:57.591356 +0800	akd	Authentication with server failed! Error: <private>
20:00:57.591440 +0800	akd	TIC TCP Conn Cancel [11:0x100962340]
20:00:57.591605 +0800	akd	Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> HTTP load failed (error code: -999 [1:89])
20:00:57.591687 +0800	akd	Failing auth due to verification error: <private>
20:00:57.592065 +0800	akd	Attempting to show login error: <private>
20:00:57.592449 +0800	akd	Task <321FB545-6485-4805-A8EC-C4E14FB71D65>.<23> finished with error - code: -999
@ghost
Copy link

ghost commented Jan 23, 2018

Getting the same error, hopefully someone can update it to work on iOS 11.1.x.

@nabla-c0d3
Copy link
Owner

I am waiting for Substrate to be released

@MuchiMuchiPink
Copy link

Wouldn't it work with Substitute?

@hiburn8
Copy link

hiburn8 commented Feb 12, 2018

I tried using Electra's SBinject to load the jailed substrate dylib here: and then injecting the killswitch dylib directly into a process at the same time. But that didnt work... just saving people 5 minutes who think to try it. I'm not sure why it didnt work.. maybe SBinject loads killswitch before the substrate library, or maybe the substrate library is missing some superpowers from the 'real' substrate. Or maybe the killswitch library actually checks preferenceloader (sorry, i've not read the code).. before actually swizzling methods, in which case it would never work as preference loader is obviously not present.

@MuchiMuchiPink
Copy link

MuchiMuchiPink commented Feb 28, 2018
edited

Electra now comes with a Substrate Compatibility Layer. SSLKillSwitch installs without any issues via dpkg, but doesn't show up in the menu. Wonder if you give it a shot now or still wait? Thanks for your great work again.

@bakzeit
Copy link

bakzeit commented Feb 28, 2018

@MuchiMuchiPink i already installed with 11.1.1 and SSLKillSwitch 2 showing in menu .. but also not working .. maybe apple have changed something in iOS 11

@zbzriz
Copy link

zbzriz commented Mar 1, 2018

@holyswordman where do you find the AuthKit log?

@zbzriz
Copy link

zbzriz commented Mar 1, 2018

I can't capture any Https packets on iOS11.1

@MuchiMuchiPink
Copy link

@bakzeit on Electra 1.02? When I installed it manually on Electra beta it did show up in the menu as well. Now that I tried it on release via dpkg it doesn't. Even installed Rocketbootstrap and PreferenceLoader betas via rpetrich's repo.

@bakzeit
Copy link

bakzeit commented Mar 1, 2018

@MuchiMuchiPink Electra 1.0.1 that what im on .. and what i just found yesterday .. i dont know if it is odd behavior ? when SSLKillSwitch in menu is turned on ... i cannot get any icloud mail , open pages in safari etc .. even im not intercepting https trafic at all , and when it is OFF in menu panel .. all works perfectly !!
maybe SSLKillswitch on iOS 11 is conflicting with what apple changed in it and hence wont open any connection to apple servers

@MuchiMuchiPink
Copy link

@bakzeit well that's more than what I got. Not a single tweak shows up in my menu.

@mtshare
Copy link

mtshare commented Mar 21, 2018
edited

@nabla-c0d3 Please add support to iOS11 since Electra + Sobstitute is almost stable and probably the only jailbreak solution.
SSLKillSwitch is one of the few reason to jailbreak devices.

@mwpcheung
Copy link
Contributor

@nabla-c0d3 Please add support to iOS11 since Electra

@ios11appstore
Copy link

I know how to sniff https requests on iOS11, you can contact saulgoodman(at)foxmail.com

@lgq2015
Copy link

lgq2015 commented Apr 11, 2018

There's a problem with this upgrade. I'm not doing it well. I have a version that I can work here. Need to contact me QQ 2011229763 or 2011229763@qq.com.

@nabla-c0d3
Copy link
Owner

Thanks to @mwpcheung it now works on iOS 11.

@1trackprojects1
Copy link

same issue is come on iOS 14.2 with snapchat, can someone please help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests