withsecurelabs / needle Goto Github PK

View Code? Open in Web Editor NEW

1.3K 83.0 279.0 5.29 MB

The iOS Security Testing Framework

Home Page: https://mobiletools.mwrinfosecurity.com/

License: Other

Python 100.00%

pentesting ios security mobile python needle

needle's Introduction

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

NOTE: This tool has been decomissioned and is no longer maintained. We are leaving the original project up for archival purposes.

Needle was originally made to work with iOS 9 and iOS 10. Since then, Frida was released and became the defacto tool to use with mobile security assessments. Some common Frida mobile security scripts were later implemented within Needle, as some of these scripts worked better or addressed some issues that were present in Needle's custom tooling.

With the release of iOS 11 came additional security protections that were good for the consumer, but bad for Needle. These enhancements essentially broke Needle's functionality, and thus F-Secure were faced with two options:

Re-write Needle from the ground up, potentially using Frida as a base
Recommend another well estalbished tool that would contain the same functionality as Needle

F-Secure chose the latter option, as some of our consultants had already started using and contributing to another tool when Needle's fate was being discussed. The third party tool is called Objection and can be found here:

https://github.com/sensepost/objection

Needle can still be used on devices running iOS 10 and below. If the device is running iOS 11 or above, F-Secure recommends that you use Objection instead.

Description

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is the MWR's iOS Security Testing Framework, released at Black Hat USA in August 2016. It is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

The release of version 1.0.0 provided a major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C. The new NeedleAgent is an open source iOS app complementary to Needle, that allows to programmatically perform tasks natively on the device, eliminating the need for third party tools.

Needle has been presented at and used by workshops in various international conferences like Black Hat USA/EU, OWASP AppSec and DEEPSEC. It was also included by ToolsWatch in the shortlist for the Top Security Tools of 2016, and it is featured in the OWASP Mobile Testing Guide.

Needle is open source software, maintained by MWR InfoSecurity.

Installation

See the Installation Guide in the project Wiki for details.

Supported Platforms

Workstation: Needle has been successfully tested on both Kali and macOS
Device: iOS 8, 9, and 10 are currently supported

Usage

Usage instructions (for both standard users and contributors) can be found in the project Wiki.

License

Needle is released under a 3-clause BSD License. See the LICENSE file for full details.

Contact

For news and updates, follow @mwrneedle on Twitter and the MWR Mobile Tools blog.

Feel free to submit issues or ping us on Twitter - @mwrneedle, @lancinimarco

needle's People

Contributors

Stargazers

Watchers

Forkers

slae-r paran0ids0ul terry2012 bupt007 futurelighthouse lucabongiorni cpluse wflk idkwim gandalf4a bijaye sandeepl337 aylhex halo2me 0x0mar xycloops123 poeblu alexios1010 yeyintminthuhtut deki0r pandazheng ch1kpee iamspid3r zihao2015 jokerni cloudxtreme daydayup1957 oneiroi ant4g0nist uppentest xtxwy zakm123 ankushgoel27 hxp2k6 yog3shsharma kryptoknight13 expdb2015 jack51706 jbarcia yehgdotnet newdominic qwe00921 alexplaskett dp4ng istais hduarte rohitmual devoteam-cybertrust osimonnet summitt eln1x tghosth zigmos rbrovko muellerberndt miragshin ryantzj daizhongyin yaeger shuixi2013 forsun23 jinchi111 dleyanlin tardummy01 samyoyo johnjohnsp1 songofhack tabriz83 theotherside nallium r00tak securitywarrior weeshlow test123test111 mxr00t drptbl domspinosa dhaugh henryhoggard opt9 team-firebugs 0x1bitcrack3r 0thm4n3 ztencmcp tobey123 puppycodes quikilr emadshanab seemirra appsecyogi yege0201 peterfillmore kenny1366 orf53975 mustash kaicastledine n0ttab0t colman-mbuya chubbymaggie methos2016

needle's Issues

Errors parsing a plist file which itself contains a nested binary plist file

Hi, @marco-lancini. I have a plist file which appears to contain another binary format plist file nested within it.

bplist appears to convert the file to a dict object with the nested file staying in an encoded binary format, This is then causing errors when the file is serialized to JSON because it cannot convert the encoded binary to an appropriate format.

Have you seen anything like this?

My suggested solution would be to try and do the plist parsing recursively, searching for the "bplist0" keyword at the start of a plist value . Does this sound sensible? If so, I will try and have a go.

dyld: lazy symbol binding failed: Symbol not found: _map_fd

I selected binary/class_dump, run the module but it gives error

Exception: dyld: lazy symbol binding failed: Symbol not found: _map_fd
  Referenced from: /usr/bin/lipo
  Expected in: dyld shared cache

dyld: Symbol not found: _map_fd
  Referenced from: /usr/bin/lipo
  Expected in: dyld shared cache

also there is an error:
Prerequisite Not Found: apt-get .

But i have installed apt 0.7 strict

Issue in SSH Connection Establishment

I am not able to connect to ssh via needle,whereas when i am connecting via ssh in my local machine i am able to establish a connection with my iphone.
Workstation Details:
iOS 9.0.2(jailbroken)
OS: Kali Linux Rolling edition

Attaching the scenario of my workstation when i am trying to establish connection with my device via ssh

And also when i am trying to drop a shell its probing some errors i have attached the screenshots for that too

Keychain Dump 'KeyError' when no applications are installed

Issue

Expected behaviour

It should be possible to read the keychain even with no applications are installed. For example users might want to read the default system keychain.

Actual behaviour

If no applications are installed, It always asks to choose an application number, if I press enter with no number It shows this error:

[+] Apps found:
Please select a number: 
Traceback (most recent call last):
  File "/home/test/Tools/iOS/Needle/needle/core/framework/module.py", line 120, in do_run
    pre = self.module_pre()
  File "/home/test/Tools/iOS/Needle/needle/core/framework/module.py", line 144, in module_pre
    if self.app_check() is None: return None
  File "/home/test/Tools/iOS/Needle/needle/core/framework/framework.py", line 667, in app_check
    app = self.device.select_target_app()
  File "/home/test/Tools/iOS/Needle/needle/core/device/device.py", line 194, in select_target_app
    app_name = choose_from_list(self._applist.keys())
  File "/home/test/Tools/iOS/Needle/needle/core/utils/menu.py", line 18, in choose_from_list
    chosen_val = dict_opts[int(choice)]
ValueError: invalid literal for int() with base 10: ''
------------------------------------------------------------
[!] ValueError: invalid literal for int() with base 10: ''.

If I try choose a number that doesn't exist, for example 0, it shows this error:

[+] Apps found:
Please select a number: 0
------------------------------------------------------------
Traceback (most recent call last):
  File "/home/test/Tools/iOS/Needle/needle/core/framework/module.py", line 120, in do_run
    pre = self.module_pre()
  File "/home/test/Tools/iOS/Needle/needle/core/framework/module.py", line 144, in module_pre
    if self.app_check() is None: return None
  File "/home/test/Tools/iOS/Needle/needle/core/framework/framework.py", line 667, in app_check
    app = self.device.select_target_app()
  File "/home/test/Tools/iOS/Needle/needle/core/device/device.py", line 194, in select_target_app
    app_name = choose_from_list(self._applist.keys())
  File "/home/test/Tools/iOS/Needle/needle/core/utils/menu.py", line 18, in choose_from_list
    chosen_val = dict_opts[int(choice)]
KeyError: 0
------------------------------------------------------------
[!] KeyError: 0.

Steps to reproduce

Have device with no extra applications installed

1.set port 22
2. set ip <ip>
3. set debug true
4. use storage/data/keychain_dump
5. run

Environment

Workstation Operating System

Debian

Python Version

Python 2.7.11

Device iOS Version

iOS 9.1

Exception: sh: lipo: command not found.

needle error logs

Ensure verbose and debug mode are enabled:

[needle][pull_ipa] > run
[*] Checking connection with device...
[+] Already connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[+] Target app: com.toyopagroup.picaboo
[*] Retrieving app's metadata...
[!] Exception: sh: lipo: command not found.

Clutch2 executable

Hey,

I'm running needle on Kali linux i installed all the dependencies in the linux and the IOS device.
I'm getting an exception that you can see in the ss. please help

root permission denied : for module binary/install

Issue

Even after putting the ipa in the folder specified i.e /var/root/needle/app.ipa, the application is not able to install the ipa.

Expected behaviour

Automatically upload and install an IPA on the device

Actual behaviour

Gives an error saying : root permission denied

Steps to reproduce

show modules
2.use binary/install
3.set path for IPA
4.run

needle error logs

needle] > use binary/install
[needle][install] > /Users/akanksha.bana/Desktop/ipa/YOVOPLE.ipa
[*] Executing Local Command: /Users/akanksha.bana/Desktop/ipa/YOVOPLE.ipa
[D] [LOCAL CMD] Local Command: /Users/akanksha.bana/Desktop/ipa/YOVOPLE.ipa
/bin/sh: /Users/akanksha.bana/Desktop/ipa/YOVOPLE.ipa: Permission denied

Environment

Workstation Operating System

OSX 10.10.5

Python Version

2.7.10

Python Packages (`pip freeze`)

Device iOS Version

8.1.2

Import error with decode_dss_signature

Followed everything written in guide and installed all the packages on Kali 2.0. But facing following error. Tried forceful installation of paramiko as well.

Import error

python needle.py

Traceback (most recent call last):
File "needle.py", line 9, in
from core.framework import cli
File "/root/needle/needle/core/framework/cli.py", line 9, in
from framework import Framework, FrameworkException
File "/root/needle/needle/core/framework/framework.py", line 9, in
from ..device.device import Device
File "/root/needle/needle/core/device/device.py", line 2, in
import paramiko
File "/usr/local/lib/python2.7/dist-packages/paramiko/init.py", line 30, in
from paramiko.transport import SecurityOptions, Transport
File "/usr/local/lib/python2.7/dist-packages/paramiko/transport.py", line 53, in
from paramiko.dsskey import DSSKey
File "/usr/local/lib/python2.7/dist-packages/paramiko/dsskey.py", line 27, in
from cryptography.hazmat.primitives.asymmetric.utils import (
ImportError: cannot import name decode_dss_signature

Module "script_dump-ui" doesn't work (Script terminated abruptly)

Issue

Note: Application names are modified.

Expected behaviour

The module script_dump-ui should dump the UI hierarchy.

Actual behaviour

The module returns the error Script terminated abruptly.

Steps to reproduce

use script_dump-ui
run

needle error logs

[D] Connected over Wi-Fi
[*] Launching the app...
[D] [REMOTE CMD] Remote Command: open com.hh.iosvuln
[V] Retrieving the PID...
[D] [REMOTE CMD] Remote Command: ps ax | grep -i 'HH iOS.app'
[V] PID found: 1247
[*] Attaching to process: 1247
[*] Parsing payload
[?] Script terminated abruptly

Environment

Workstation Operating System

Debian

Python Version

2.7

Device iOS Version

9.3

binary/metadata does not show all URL handlers

Issue

Hi,
First of all: good job, I like this tool. I just have a comment/question:
I noticed that /binary/metadata module does not show all URL handlers that exist in Info.plist. As it displays only the URL schemes of the first URL Type in Info.pl, is that on purpose?

Expected behaviour

Info.plist of VLC app (VLC for iOS 2.7.8) shows the following URL schemes. Therefore, it is expected to get all of these URL schemes:

<key>CFBundleURLTypes</key>
    <array>
      <dict>
        <key>CFBundleTypeRole</key>
        <string>Viewer</string>
        <key>CFBundleURLName</key>
        <string>RTSP</string>
        **<key>CFBundleURLSchemes</key>
        <array>
          <string>rtsp</string>
        </array>**
      </dict>
      <dict>
        <key>CFBundleTypeRole</key>
        <string>Viewer</string>
        <key>CFBundleURLName</key>
        <string>Multimedia Stream URL</string>
        **<key>CFBundleURLSchemes</key>
        <array>
          <string>mms</string>
          <string>mmsh</string>
        </array>**
      </dict>
      <dict>
        <key>CFBundleTypeRole</key>
        <string>Viewer</string>
        <key>CFBundleURLName</key>
        <string>UDP URL</string>
        **<key>CFBundleURLSchemes</key>
        <array>
          <string>udp</string>
        </array>**
      </dict>
      <dict>
        <key>CFBundleTypeRole</key>
        <string>Viewer</string>
        <key>CFBundleURLName</key>
        <string>RTP URL</string>
        **<key>CFBundleURLSchemes</key>
        <array>
          <string>rtp</string>
        </array>**
      ...

Actual behaviour

Using binary/metadata shows only the first URL scheme:

[+] Target app: org.videolan.vlc-ios
[*] Retrieving app's metadata...
[+] Name                : VLC for iOS.app         
[+] Binary Name         : VLC for iOS                   
[+] Bundle ID           : org.videolan.vlc-ios          
[+] UUID                : 1075B315-8880-42E7-9903-42D0017F33B5
[+] App Version         : 278.1 (2.7.8)                 
[+] Data Directory      : /private/var/mobile/Containers/Data/Application/D2C31BC5-E4FC-48ED-8A5F-119976DC8D55
[+] Bundle Directory    : /private/var/containers/Bundle/Application/1075B315-8880-42E7-9903-42D0017F33B5
[+] Binary Directory    : /private/var/containers/Bundle/Application/1075B315-8880-42E7-9903-42D0017F33B5/VLC for iOS.app
[+] Binary Path         : '/private/var/containers/Bundle/Application/1075B315-8880-42E7-9903-42D0017F33B5/VLC for iOS.app/VLC for iOS'
[+] Architectures       : arm64                         
[+] Platform Version    : 9.3                           
[+] SDK Version         : iphoneos9.3                   
[+] Minimum OS          : 7.0                           
[+] Entitlements        
[+]          com.apple.developer.icloud-container-identifiers: ['iCloud.org.videolan.vlc-ios']
[+]          aps-environment                         : production          
[+]          com.apple.developer.icloud-container-environment: Production          
[+]          com.apple.developer.team-identifier     : 75GAHG3SZQ          
[+]          com.apple.security.application-groups   : ['group.org.videolan.vlc-ios']
[+]          com.apple.developer.ubiquity-kvstore-identifier: 75GAHG3SZQ.org.videolan.vlc-ios
[+]          application-identifier                  : 75GAHG3SZQ.org.videolan.vlc-ios
[+]          com.apple.developer.ubiquity-container-identifiers: ['iCloud.org.videolan.vlc-ios']
[+]          com.apple.developer.icloud-services     : ['CloudDocuments']  
[+]          keychain-access-groups                  : ['75GAHG3SZQ.org.videolan.vlc-ios']
[+] URL Handlers        
[+]          rtsp
[+] Apple Transport Security Settings
[+]          NSAllowsArbitraryLoads                  : 1

I think it has to do with core/device/app/_retreive_metadata() function:

def _retrieve_metadata(self):
        """Parse MobileInstallation.plist and the app's local Info.plist, and extract metadata."""
      ...
        app_version_long  = plist_local['CFBundleVersion']
        app_version_short = plist_local['CFBundleShortVersionString']
        app_version = '{} ({})'.format(app_version_long, app_version_short)
        try:
            url_handlers = plist_local['CFBundleURLTypes'][0]['CFBundleURLSchemes']
        except:
            url_handlers = None

If the try statement changes to something like:

        try:
        for urlType in plist_local['CFBundleURLTypes']:
        url_handlers.append(urlType['CFBundleURLSchemes'])
        except:
            url_handlers = None

Then all URL schemes will be displayed:

[+] URL Handlers        
[+]          ['rtsp']
[+]          ['mms', 'mmsh']
[+]          ['udp']
[+]          ['rtp']
[+]          ['rtmp']
[+]          ['sftp']
[+]          ['ftp']
[+]          ['smb']
[+]          ['db-a60fc6qj9zdg7bw']
[+]          ['vlc']
[+]          ['vlc-x-callback']

I hope this helps

Environment

Workstation Operating System

Python Version

Python 2.7.11

Python Packages (`pip freeze`)

Device iOS Version

9.3.2

Clutch2 freezes

Issue

Clutch2 freezes and never comes out

Expected behaviour

The module should run as expected but the Clutch2 command freezes

Actual behaviour

Needle freezes on the Clutch2 command

needle error logs

[needle][strings] > run
[_] Checking connection with device...
[+] Already connected to: 192.168.0.6
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.snapdeal.ipad
[_] Decrypting the binary...
[D] [REMOTE CMD] Remote Command: Clutch2 -d com.snapdeal.ipad 2>&1

I ran the Clutch2 command seperately and was able to decrypt the app however Clutch2 freezes in the framework.

Environment

Kali Linux

Workstation Operating System

Kali Linux

Python Version

2.7

Python Packages (`pip freeze`)

Device iOS Version

9.3.3

cannot get the refreshed list of applications

Issue

Hey, i'm trying to execute the binary/strings method on my connected device but the script could not extract the application list from my device. screenshots attachd

Expected behaviour

Tell us what should happen.

Actual behaviour

Tell us what happens instead.

Steps to reproduce

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

kali linux 2016.1

Workstation Operating System

linux

Python Version

2.7

Python Packages (`pip freeze`)

AdvancedHTTPServer==2.0.5
alembic==0.8.8.dev0
anyjson==0.3.3
apkid==0.9.4
argcomplete==1.4.1
argh==0.26.1
attrs==16.2.0
backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
basemap==1.0.7
BBQSQL==1.2
BeautifulSoup==3.2.1
beautifulsoup4==4.5.1
BlindElephant==1.0
blinker==1.3
boltons==16.4.1
capstone==3.0.4
cement==2.10.2
censys==0.0.5
certifi==2016.2.28
chardet==2.3.0
Cheetah==2.4.4

FIXME: could not find svn URL in dependency_links for this package:

chirp===daily-20160717
click==6.6
cluster==1.3.3
colorama==0.3.7
coloredlogs==5.2
ConfigArgParse==0.11.0
configobj==5.0.6
configparser==3.3.0.post2
construct==2.5.2
couchdbkit==0.6.5
cryptography==1.5.2
cycler==0.10.0
dap==2.2.6.7
darts.util.lru==0.5
decorator==4.0.6
dicttoxml==1.6.6
dissy==9
distorm3==3.3.4
dnslib==0.9.6
dnspython==1.14.0
docutils==0.12
dshield==0.1
Elixir==0.7.1
emailprotectionslib==0.8.2
enum34==1.1.6
esmre==0.3.1
ez-setup==0.9
feedparser==5.1.3
Flask==0.10.1
Flask-Restless==0.17.0
Flask-SQLAlchemy==2.1
FormEncode==1.3.0
frida==8.1.10
funkload==1.16.1
fuse-python==0.2.1
future==0.15.2
futures==3.0.5
GeoIP==1.3.2
geoip2==2.4.0
geojson==1.3.1
gevent==1.1.1
gitdb2==2.0.0
gitem==0.5.0
GitPython==2.0.9
graphviz==0.5.1
greenlet==0.4.10
guess-language-spirit==0.5.2
h2==2.4.1
halberd==0.2.4
hpack==2.3.0
html2text==2016.5.29
html5lib==0.999
http-parser==0.8.3
httplib2==0.9.1
httpretty==0.8.14
humanfriendly==2.1
hyperframe==4.0.1
icalendar==3.8
idna==2.1
impacket==0.9.15
ipaddr==2.1.11
ipaddress==1.0.16
IPy==0.83
ipython==2.4.1
itsdangerous==0.24
jdcal==1.0
Jinja2==2.8
jsonpickle==0.9.3
jsonrpclib==0.1.3
keepnote==0.7.8
killerbee==1.0
linereader==1.0.0
logging==0.4.9.6
lxml==3.6.4
M2Crypto==0.24.0
Mako==1.0.4
Markdown==2.6.7
MarkupSafe==0.23
matplotlib==1.5.3
maxminddb==1.2.1
mechanize==0.2.5
mercurial==3.9.2
mimerender==0.6.0
mitmproxy==0.17.1
mockito==0.5.2
msgpack-python==0.4.8
mysqlclient==1.3.7
nassl==0.12
ndg-httpsclient==0.4.2
netaddr==0.7.18
NfSpy==1.0
nltk==3.2.1
numpy==1.11.2
olefile==0.42.1
openpyxl==2.3.0
OTXv2==1.1
PAM==0.4.2
paramiko==2.0.0
passivetotal==1.0.30
passlib==1.6.5
Paste==2.0.3
PasteDeploy==1.5.2
PasteScript==1.7.5
pathtools==0.1.2
pcapy==0.10.8
pdfminer==20140328
pefile==2016.3.28
pexpect==4.2.0
phply==0.9.1
Pillow==3.3.1
pluginbase==0.4
ply==3.7
poster==0.8.1
prettytable==0.7.2
prompt-toolkit==1.0.8
psutil==4.3.1
psycopg2==2.6.2
ptyprocess==0.5.1
py==1.4.31
pyasn1==0.1.9
pyasn1-modules==0.0.7
pybloomfiltermmap==0.3.15
pyClamd==0.3.16
pycrypto==2.6.1
pycryptopp==0.6.0.1206569328141510525648634803928199668821045408958
pycurl==7.43.0
pydns==2.3.6
pydot==1.2.3
pyenchant==1.6.7
pyfiglet==0.7.5
PyGithub==1.23.0
Pygments==2.1.3
pygobject==3.22.0
pyinotify==0.9.6
PyJWT==1.4.2
pylibemu==0.3.3
pymssql==1.0.2
pyOpenSSL==16.1.0
pyotp==2.2.1
pyparsing==2.1.10
PyPDF2==1.26.0
pyperclip==1.5.27
pyrit==0.4.0
pyscard==1.9.4
pyserial==3.1.1
pysnmp==4.3.2
pysnmp-apps==0.3.2
pysnmp-mibs==0.1.3
PySocks==1.5.7
pysqlite==2.7.0
pytest==3.0.3
python-apt==1.1.0b5
python-dateutil==2.5.3
python-debian==0.1.29
python-debianbts==2.6.1
python-editor==0.4
python-mimeparse==1.6.0
python-ntlm==1.1.0
python-openid==2.2.5
python-pam==1.8.2
pytz==2015.7
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.12
readline==6.2.4.1
reportbug==6.6.6
requests==0.14.2
requests-file==1.4
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
ruamel.ordereddict==0.4.9
scapy==2.3.2
scgi==1.13
selenium==3.0.1
service-identity==16.0.0
shodan==1.5.5
simplegeneric==0.8.1
simplejson==3.8.2
singledispatch==3.4.0.3
six==1.10.0
slowaes==0.1a1
smalisca==0.2
smmap2==2.0.0
smoke-zephyr==1.0.2
socketpool==0.5.3
SQLAlchemy==1.0.15
sshtunnel==0.1.2
tabulate==0.7.5
tblib==1.3.0
tcpwatch==1.3.1
Tempita==0.5.2
termcolor==1.1.0
terminaltables==3.0.0
threadpool==1.3.2
threatcrowd==0.4
tldextract==2.0.1
tornado==4.4.2
Twisted==16.4.1
tzlocal==1.2.2
Unirest==1.1.7
urllib3==1.16
urwid==1.3.1
uTidylib==0.3
verboselogs==1.5
vinetto==0.7b0
virustotal-api==1.1.2
volatility==2.5
vulndb==0.0.19
wafw00f==0.9.3
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webunit==1.3.10
Werkzeug==0.11.11.dev0
wfuzz==0.0.0
Whoosh==2.7.0
wxPython==3.0.2.0
wxPython-common==3.0.2.0
xdot==0.5
XlsxWriter==0.9.3
xmlbuilder==1.0
yara-python==3.5.0.999
zenmap==7.31
zim==0.65
zope.interface==4.3.2

Device iOS Version

8.4

[list_App] modules error

Issue

Expected behaviour

This module is supposed to list all installed apps.

Actual behaviour

Instead of listing apps, its giving error message as 'ExpatError: unclosed token: line 4910, column 23]

Steps to reproduce

Select the module list_apps for connection iOS 9.0.2
After running the module, it will give error as attached screenshot.

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Workstation Operating System

Python Version

Python Packages (`pip freeze`)

Device iOS Version

iOS 9.0.2

Needle hangs when unpacking IPA

Issue

Needle hangs when decrypting IPA

Expected behaviour

Return binary strings for targeted app

Actual behaviour

Needle hangs @ "Unpacking the decrypted IPA"

Steps to reproduce

python needle.py
use binary/strings
run
Select target app number

needle error logs

             __   _ _______ _______ ______         _______
             | \  | |______ |______ |     \ |      |______
             |  \_| |______ |______ |_____/ |_____ |______
        
                   Needle v0.0.4 [mwr.to/needle]                  
  [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]   

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True
[needle] > use binary/strings
[needle][strings] > run
[D] Setup local output folder: /Users/name/.needle/output
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/name/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[*] Target app not selected. Launching wizard...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] Copy the plist to temp: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cp /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] Converting plist to XML: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
[D] Extracting content from: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/LastLaunchServicesMap.plist
[D] Parsing plist content
[+] Apps found:
		
		
		38 - com.microsoft.office.skydrivepro
		
Please select a number: 38
[+] Target app: com.microsoft.office.skydrivepro
[*] Retrieving app's metadata...
[D] Copy the plist to temp: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cp /private/var/mobile/Containers/Bundle/Application/DD0A22AB-E68B-4DEA-B33A-021B5B70451F/SkyDrivePro.app/Info.plist /var/root/needle/Info.plist
[D] Converting plist to XML: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] Extracting content from: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] Parsing plist content
[D] [REMOTE CMD] Remote Command: lipo -info /private/var/mobile/Containers/Bundle/Application/DD0A22AB-E68B-4DEA-B33A-021B5B70451F/SkyDrivePro.app/SkyDrivePro
[D] [REMOTE CMD] Remote Command: if [ -d /private/var/mobile/Containers/Bundle/Application/DD0A22AB-E68B-4DEA-B33A-021B5B70451F/SkyDrivePro.app/PlugIns ]; then echo "yes"; else echo "no" ; fi
[*] Decrypting the binary...
[D] [REMOTE CMD] Remote Command: Clutch2 -d com.microsoft.office.skydrivepro 2>&1
[?] The app might be already decrypted. Trying to retrieve the IPA...
[D] [REMOTE CMD] Remote Command: ipainstaller -b com.microsoft.office.skydrivepro -o /var/root/needle/decrypted.ipa
[V] Decrypted IPA stored at: /var/root/needle/decrypted.ipa
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/Payload ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/Payload ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: rm -rf /var/root/needle/Payload 2> /dev/null
[D] [REMOTE CMD] Remote Command: if [ -f /var/root/needle/iTunesArtwork ]; then echo "yes"; else echo "no" ; fi
[*] Unpacking the decrypted IPA...
[D] [REMOTE CMD] Remote Command: unzip /var/root/needle/decrypted.ipa -d /var/root/needle/

Environment

Workstation Operating System

MAC OSX (EL Capitan

Python Version

2.7.10

Python Packages (`pip freeze`)

altgraph==0.10.2
argh==0.26.1
backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
bcrypt==3.1.1
bdist-mpkg==0.5.0
blinker==1.4
bonjour-py==0.3
bzip2==0.0.1
cached-property==1.3.0
certifi==2016.2.28
cffi==1.6.0
click==6.6
colorama==0.3.7
ConfigArgParse==0.10.0
configparser==3.5.0
construct==2.5.2
cryptography==1.3.2
defusedxml==0.4.1
Django==1.10b1
docker-compose==1.9.0
docker-py==1.10.6
docker-pycreds==0.2.1
dockerpty==0.4.1
docopt==0.6.2
drozer==2.3.4
enum34==1.1.6
Flask==0.10.1
Flask-Caching==1.0.1
Flask-Session==0.3.0
Flask-SQLAlchemy==2.1
frida==8.2.2
functools32==3.2.3.post2
future==0.16.0
gunicorn==19.6.0
h2==2.3.0
hpack==2.2.0
html2text==2016.4.2
html5lib==0.9999999
httplib2==0.9.2
hyperframe==3.2.0
idna==2.1
ipaddress==1.0.16
itsdangerous==0.24
Jinja2==2.7.3
jsonschema==2.5.1
lxml==3.6.0
macholib==1.5.1
MarkupSafe==0.23
matplotlib==1.3.1
mitmproxy==0.17
modulegraph==0.10.4
netaddr==0.7.18
nose==1.3.7
numpy==1.8.0rc1
paramiko==2.0.2
passlib==1.6.5
pathtools==0.1.2
pbkdf2==1.3
pbr==1.10.0
Pillow==3.2.0
pisa==3.0.33
prompt-toolkit==1.0.9
protobuf==2.4.1
psutil==3.2.2
py2app==0.7.3
pyasn1==0.1.9
pycparser==2.14
Pygments==2.1.3
PyMySQL==0.7.9
pyobjc-core==2.5.1
pyobjc-framework-Accounts==2.5.1
pyobjc-framework-AddressBook==2.5.1
pyobjc-framework-AppleScriptKit==2.5.1
pyobjc-framework-AppleScriptObjC==2.5.1
pyobjc-framework-Automator==2.5.1
pyobjc-framework-CFNetwork==2.5.1
pyobjc-framework-Cocoa==2.5.1
pyobjc-framework-Collaboration==2.5.1
pyobjc-framework-CoreData==2.5.1
pyobjc-framework-CoreLocation==2.5.1
pyobjc-framework-CoreText==2.5.1
pyobjc-framework-DictionaryServices==2.5.1
pyobjc-framework-EventKit==2.5.1
pyobjc-framework-ExceptionHandling==2.5.1
pyobjc-framework-FSEvents==2.5.1
pyobjc-framework-InputMethodKit==2.5.1
pyobjc-framework-InstallerPlugins==2.5.1
pyobjc-framework-InstantMessage==2.5.1
pyobjc-framework-LatentSemanticMapping==2.5.1
pyobjc-framework-LaunchServices==2.5.1
pyobjc-framework-Message==2.5.1
pyobjc-framework-OpenDirectory==2.5.1
pyobjc-framework-PreferencePanes==2.5.1
pyobjc-framework-PubSub==2.5.1
pyobjc-framework-QTKit==2.5.1
pyobjc-framework-Quartz==2.5.1
pyobjc-framework-ScreenSaver==2.5.1
pyobjc-framework-ScriptingBridge==2.5.1
pyobjc-framework-SearchKit==2.5.1
pyobjc-framework-ServiceManagement==2.5.1
pyobjc-framework-Social==2.5.1
pyobjc-framework-SyncServices==2.5.1
pyobjc-framework-SystemConfiguration==2.5.1
pyobjc-framework-WebKit==2.5.1
pyOpenSSL==0.13.1
pyparsing==2.0.1
PyPDF2==1.25.1
pyperclip==1.5.27
python-dateutil==1.5
python-memcached==1.58
pytz==2013.7
PyYAML==3.11
reportlab==3.3.0
requests==2.9.2
rsa==3.4.2
scipy==0.13.0b1
singledispatch==3.4.0.3
six==1.10.0
SQLAlchemy==1.1.4
SQLAlchemy-Utils==0.32.11
sshtunnel==0.1.2
stevedore==1.15.0
texttable==0.8.7
tornado==4.3
Twisted==10.2.0
urwid==1.3.1
vboxapi==1.0
virtualenv==15.0.2
virtualenv-clone==0.2.6
virtualenvwrapper==4.7.1
watchdog==0.8.3
wcwidth==0.1.7
websocket-client==0.39.0
Werkzeug==0.11.9
xattr==0.6.4
xhtml2pdf==0.1a3
zope.interface==4.1.

Device iOS Version

9.0.2

Shell command fails to establish connection properly

Issue

Expected behaviour

drop a remote shell on the device

Actual behaviour

Exception raised. Related to "cryptography" library.

Steps to reproduce

run shell inside needle

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True
[needle] > shell
[*] Spawning a shell...
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/nitin/Documents/scripts/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[V] Setting up SSH connection...
[!] Problem establishing connection: Exception - Could not open a connection to 127.0.0.1. ValueError - Multibackend cannot be initialized with no backends. If you are seeing this error when trying to use default_backend() please try uninstalling and reinstalling cryptography. .
------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/nitin/Documents/scripts/needle/needle/core/framework/framework.py", line 633, in _connection_new
    self._spawn_device()
  File "/Users/nitin/Documents/scripts/needle/needle/core/framework/framework.py", line 628, in _spawn_device
    self.device = Framework.device = Device(IP, PORT, USERNAME, PASSWORD, self.TOOLS_LOCAL)
  File "/Users/nitin/Documents/scripts/needle/needle/core/device/device.py", line 63, in __init__
    self.connect()
  File "/Users/nitin/Documents/scripts/needle/needle/core/device/device.py", line 218, in connect
    self._connect_ssh()
  File "/Users/nitin/Documents/scripts/needle/needle/core/device/device.py", line 101, in _connect_ssh
    raise Exception('Could not open a connection to %s. %s - %s' % (self._ip, type(e).__name__, e.message))
Exception: Could not open a connection to 127.0.0.1. ValueError - Multibackend cannot be initialized with no backends. If you are seeing this error when trying to use default_backend() please try uninstalling and reinstalling cryptography.
------------------------------------------------------------
[!] Exception: Could not open a connection to 127.0.0.1. ValueError - Multibackend cannot be initialized with no backends. If you are seeing this error when trying to use default_backend() please try uninstalling and reinstalling cryptography.

Environment

OS X 10.11.6

Python 2.7.10

Python Packages (`pip freeze`)

altgraph==0.10.2
bdist-mpkg==0.5.0
bonjour-py==0.3
cffi==1.8.3
colorama==0.3.7
cryptography==1.5
drozer==2.3.4
enum34==1.1.6
frida==7.1.9
idna==2.1
ipaddress==1.0.17
macholib==1.5.1
matplotlib==1.3.1
modulegraph==0.10.4
nassl==0.13.5
numpy==1.8.0rc1
paramiko==2.0.2
prompt-toolkit==1.0.0
protobuf==2.4.1
py2app==0.7.3
pyasn1==0.1.9
pycparser==2.14
Pygments==2.1.3
pyobjc-core==2.5.1
pyobjc-framework-Accounts==2.5.1
pyobjc-framework-AddressBook==2.5.1
pyobjc-framework-AppleScriptKit==2.5.1
pyobjc-framework-AppleScriptObjC==2.5.1
pyobjc-framework-Automator==2.5.1
pyobjc-framework-CFNetwork==2.5.1
pyobjc-framework-Cocoa==2.5.1
pyobjc-framework-Collaboration==2.5.1
pyobjc-framework-CoreData==2.5.1
pyobjc-framework-CoreLocation==2.5.1
pyobjc-framework-CoreText==2.5.1
pyobjc-framework-DictionaryServices==2.5.1
pyobjc-framework-EventKit==2.5.1
pyobjc-framework-ExceptionHandling==2.5.1
pyobjc-framework-FSEvents==2.5.1
pyobjc-framework-InputMethodKit==2.5.1
pyobjc-framework-InstallerPlugins==2.5.1
pyobjc-framework-InstantMessage==2.5.1
pyobjc-framework-LatentSemanticMapping==2.5.1
pyobjc-framework-LaunchServices==2.5.1
pyobjc-framework-Message==2.5.1
pyobjc-framework-OpenDirectory==2.5.1
pyobjc-framework-PreferencePanes==2.5.1
pyobjc-framework-PubSub==2.5.1
pyobjc-framework-QTKit==2.5.1
pyobjc-framework-Quartz==2.5.1
pyobjc-framework-ScreenSaver==2.5.1
pyobjc-framework-ScriptingBridge==2.5.1
pyobjc-framework-SearchKit==2.5.1
pyobjc-framework-ServiceManagement==2.5.1
pyobjc-framework-Social==2.5.1
pyobjc-framework-SyncServices==2.5.1
pyobjc-framework-SystemConfiguration==2.5.1
pyobjc-framework-WebKit==2.5.1
pyOpenSSL==0.13.1
pyparsing==2.0.1
python-dateutil==1.5
pytz==2013.7
readline==6.2.4.1
scipy==0.13.0b1
six==1.10.0
sshtunnel==0.1.0
SSLyze==0.13.5
Twisted==10.2.0
wcwidth==0.1.6
xattr==0.6.4
zope.interface==4.1.1

iOS 9.3.3

Notes

Looks like a monkey patch is available from here: [https://github.com/pyca/cryptography/issues/2039]

GDB Issue

Issue

Unable to attach to process in IOS 9

needle][heap_dump] > run
[] Checking connection with device...
[+] Already connected to: 192.168.0.6
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.snapdeal.ipad
[] Launching the app...
[D] [REMOTE CMD] Remote Command: open com.snapdeal.ipad
[V] Retrieving the PID...
[D] [REMOTE CMD] Remote Command: ps ax | grep -i 'Snapdeal.app'
[V] PID found: 938
[D] [REMOTE CMD] Remote Command: echo "info mach-regions" > /var/root/needle/gdb_mach
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/gdb_dumps ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/gdb_dumps ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: rm -rf /var/root/needle/gdb_dumps 2> /dev/null
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/gdb_dumps ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: mkdir /var/root/needle/gdb_dumps
[] Enumerating mach regions...
[D] [REMOTE CMD] Remote Command: gdb --pid="938" --batch --command=/var/root/needle/gdb_mach 2>/dev/null | grep sub-regions | awk '{print $3,$5}' | while read range; do
echo "mach-regions: $range"
cmd="dump binary memory /var/root/needle/gdb_dumps/dumpecho $range| awk '{print $1}'.dmp $range"
echo "$cmd" >> /var/root/needle/gdb_ranges
done
[] Dumping memory (it might take a while)...
[D] [REMOTE CMD] Remote Command: gdb --pid="938" --batch --command=/var/root/needle/gdb_ranges &>>/dev/null
[V] Checking if we have dumps...
[D] [REMOTE CMD] Remote Command: ls -alR /var/root/needle/gdb_dumps
[!] It was not possible to attach to the process (known issue in iOS9. A Fix is coming soon).

I believe its an issue with GDB in IOS 9. A lot of posts recommend using JDB instead of GDB for IOS 9 and above.

Environment

Kali Linux

Workstation Operating System

Kali lInux

Python Version

Python 2.7

Python Packages (`pip freeze`)

Device iOS Version

IOS 9.3.3

Exception: Support for iOS < 8 not yet implemented.

Hi,

I am using IOS 9.3.3 jailbroken device. i am getting an error saying that "Exception: Support for iOS < 8 not yet implemented." what does this mean. Does it mean that i will need to use a device with IOS less than 8?

open_uri

Hi,

i have a question about the open_uri module. Can you please guide me more regarding this module and what it is used for?

Thanks,

OSError: [Errno 13] Permission denied

I keep getting the following error when trying to connect to the device. idb works correctly.

I found that the permissions for the file needle/libs/usbmuxd/tcprelay.py didn't include execution bit.

scalpel:~ z$ ls -l /Users/z/devel/needle/needle/libs/usbmuxd/tcprelay.py
-rw-r--r--  1 z  staff  4184 11 Aug 14:04 tcprelay.py

This fixed it:

 chmod +x needle/libs/usbmuxd/tcprelay.py

error on [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache in IOS8

I am having an error when running binary/strings function in an IOS8 device from a Mac

[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache

File "/Users/javi/needle/core/device/device.py", line 120, in _exec_command_ssh
raise Exception(err_str)
Exception: sh: /bin/su: No such file or directory

[!] Exception: sh: /bin/su: No such file or directory.

Checking the py, this is the line creating the issue

  self.remote_op.command_blocking('/bin/su mobile -c /usr/bin/uicache', internal=True)

What is the porpouse of that line of code? By removing it, everything works fine

Thanks

...

Module checks if files exist in wrong output directory

Issue

Module checks if files exist in wrong output directory

Expected behaviour

When you run a module, it should check if files already exist in the output directory which was specified before running the module and warns appropriately.

Actual behaviour

When you run a module, it checks if files already exist in the default/global output directory even if a different output directory was specified before running the module.

See: [D] Setup local output folder: /root/.needle/output in the log below

Note that the files still get saved in the expected directory.

Steps to reproduce

See logs

needle error logs

root@kali:~/Work# python ./needle/needle/needle.py -r blank_config.txt 

             __   _ _______ _______ ______         _______
             | \  | |______ |______ |     \ |      |______
             |  \_| |______ |______ |_____/ |_____ |______

                   Needle v0.0.3 [mwr.to/needle]                  
  [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]   

[*] Loading commands from resource file
[needle] > set IP 192.168.123.102
IP => 192.168.123.102
[needle] > set PORT 22
PORT => 22
[needle] > set DEBUG True
DEBUG => True
[needle] > set VERBOSE True
VERBOSE => True
[needle] > set SETUP_DEVICE False
SETUP_DEVICE => False
[needle] > EOF
[+] Resource file successfully loaded
[needle] > use storage/caching/screenshot
[needle][screenshot] > info

      Name: Screenshot Caching.
      Path: modules/storage/caching/screenshot.py
    Author: @LanciniMarco (@MWRLabs)

Description:
  Test whether if, when the application's process is moved to the background, sensitive information
  could be cached on the file system in the form of a screenshot of the application's main window

Options:
  Name    Current Value         Required  Description
  ------  -------------         --------  -----------
  OUTPUT  /root/.needle/output  yes       Full path of the output file
  PULL    True                  yes       Automatically pull screenshots from device

[needle][screenshot] > set OUTPUT /root/Work/test
OUTPUT => /root/Work/test
[needle][screenshot] > info

      Name: Screenshot Caching.
      Path: modules/storage/caching/screenshot.py
    Author: @LanciniMarco (@MWRLabs)

Description:
  Test whether if, when the application's process is moved to the background, sensitive information
  could be cached on the file system in the form of a screenshot of the application's main window

Options:
  Name    Current Value    Required  Description
  ------  -------------    --------  -----------
  OUTPUT  /root/Work/test  yes       Full path of the output file
  PULL    True             yes       Automatically pull screenshots from device

[needle][screenshot] > run
[D] Setup local output folder: /root/.needle/output
[?] Attention! The folder chosen to store local output is not empty: /root/.needle/output
[?] Do you want to back it up first?
[?] Y: the content will be archived in a different location, then the folder will be emptied
[?] N: no action will be taken (destination files might be overwritten in case of filename clash)
[y/n]: n
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up SSH connection...
[+] Connected to: 192.168.123.102
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: mkdir /var/root/needle/
[*] Target app not selected. Launching wizard...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] [REMOTE CMD] Remote Command: cp /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/LastLaunchServicesMap.plist
[+] Apps found:
        0 - <<REDACTED>>
        1 - <<REDACTED>>
        2 - com.nutecapps.PortScan
        3 - <<REDACTED>>
        4 - <<REDACTED>>
        5 - <<REDACTED>>
        6 - com.twocanoes.cert
        7 - <<REDACTED>>
Please select a number: 2
[+] Target app: com.nutecapps.PortScan
[*] Retrieving app's metadata...
[D] [REMOTE CMD] Remote Command: cp '/private/var/mobile/Containers/Bundle/Application/0D252B74-8FE9-48D6-B907-0EAFA3EA5C8F/Port Scan.app/Info.plist' /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: lipo -info '/private/var/mobile/Containers/Bundle/Application/0D252B74-8FE9-48D6-B907-0EAFA3EA5C8F/Port Scan.app/Port Scan'
[V] Creating timestamp file...
[D] [REMOTE CMD] Remote Command: touch /var/root/needle/timestamp-caching-snapshot
[*] Launching the app...
[D] [REMOTE CMD] Remote Command: open com.nutecapps.PortScan
[*] Background the app by hitting the home button, then press enter: 

[*] Checking for new screenshots...
[D] [REMOTE CMD] Remote Command: find /private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/ -type f -newer /var/root/needle/timestamp-caching-snapshot | sort -u
[+] Screenshots found:
[+]     /private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/[email protected]
[+]     /private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/downscaled/[email protected]
[+] Retrieving screenshots and saving them in: /root/Work/test
[D] Downloading: "/private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/[email protected]" -> "/root/Work/test/[email protected]"
[D] [LOCAL CMD] Local Command: sshpass -p "alpine" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 22 [email protected]:"/private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/[email protected]" "/root/Work/test/[email protected]"
[D] [LOCAL CMD] Local Command: eog "/root/Work/test/[email protected]"
[D] Downloading: "/private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/downscaled/[email protected]" -> "/root/Work/test/[email protected]"
[D] [LOCAL CMD] Local Command: sshpass -p "alpine" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 22 [email protected]:"/private/var/mobile/Containers/Data/Application/15023E12-2E57-470F-98E9-F357653417FC/Library/Caches/Snapshots/com.nutecapps.PortScan/downscaled/[email protected]" "/root/Work/test/[email protected]"
[D] [LOCAL CMD] Local Command: eog "/root/Work/test/[email protected]"

Environment

Workstation Operating System

Kali 2016.2

Python Version

2.7.12+

Python Packages (`pip freeze`)

root@kali:~/Work# pip freeze
Warning: cannot find svn location for chirp===daily-20160717
adns-python==1.2.1
AdvancedHTTPServer==2.0.5
alembic==0.8.7.dev0
anyjson==0.3.3
argcomplete==1.0.0
argh==0.26.1
attrs==16.0.0
backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
basemap==1.0.7
BBQSQL==1.0
BeautifulSoup==3.2.1
beautifulsoup4==4.5.1
blessings==1.6
BlindElephant==1.0
blinker==1.3
boltons==16.2.2
capstone==3.0.4
certifi==2016.2.28
cffi==1.7.0
chardet==2.3.0
Cheetah==2.4.4
## FIXME: could not find svn URL in dependency_links for this package:
chirp===daily-20160717
clamd==1.0.1
click==6.6
cluster==1.3.3
colorama==0.3.7
ConfigArgParse==0.10.0
configobj==5.0.6
configparser==3.3.0.post2
construct==2.5.2
couchdbkit==0.6.5
cryptography==1.5
cycler==0.10.0
d2to1==0.2.12
dap==2.2.6.7
darts.util.lru==0.5
decorator==4.0.6
defusedxml==0.4.1
dicttoxml==1.6.6
dissy==9
distorm3==3.3.4
dnspython==1.14.0
docutils==0.12
easygui==0.96
Elixir==0.7.1
enum34==1.1.6
esmre==0.3.1
feedparser==5.1.3
Flask==0.11.1
FormEncode==1.3.0
frida==7.3.5
funkload==1.16.1
fuse-python==0.2.1
future==0.15.2
futures==3.0.5
GeoIP==1.3.2
geoip2==2.2.0
geojson==1.3.1
gevent==1.1.1
gitdb==0.6.4
GitPython==2.0.5
greenlet==0.4.10
guess-language-spirit==0.5.2
h2==2.1.1
halberd==0.2.4
hpack==2.3.0
html2text==2016.5.29
html5lib==0.999
http-parser==0.8.3
httplib2==0.9.1
httpretty==0.8.14
hyperframe==3.2.0
icalendar==3.8
idna==2.1
impacket==0.9.13
ipaddr==2.1.11
ipaddress==1.0.16
IPy==0.83
ipython==2.4.1
itsdangerous==0.24
jdcal==1.0
Jinja2==2.8
jsonpickle==0.9.3
jsonrpclib==0.1.3
keepnote==0.7.8
killerbee==1.0
lxml==3.6.4
M2Crypto==0.24.0
Mako==1.0.4
Markdown==2.6.6
MarkupSafe==0.23
matplotlib==1.5.2rc2
maxminddb==1.2.1
mechanize==0.2.5
mercurial==3.8.4
metaconfig==0.1.4a1
mitmproxy==0.17.1
mockito==0.5.2
msgpack-python==0.4.8
mysqlclient==1.3.7
nassl==0.12
ndg-httpsclient==0.4.2
netaddr==0.7.18
NfSpy==1.0
nltk==3.2.1
numpy==1.11.1rc1
olefile==0.42.1
openpyxl==2.3.0
PAM==0.4.2
paramiko==2.0.0
passlib==1.6.5
Paste==2.0.3
PasteDeploy==1.5.2
PasteScript==1.7.5
pathtools==0.1.2
pcapy==0.10.8
pdfminer==20140328
pefile==2016.3.28
pexpect==4.2.0
phply==0.9.1
Pillow==3.3.0
pluginbase==0.4
ply==3.7
prettytable==0.7.2
prompt-toolkit==1.0.7
psutil==4.2.0
psycopg2==2.6.2
ptyprocess==0.5.1
py==1.4.31
pyasn1==0.1.9
pyasn1-modules==0.0.7
pybloomfiltermmap==0.3.15
pycparser==2.14
pycrypto==2.6.1
pycryptopp==0.6.0.1206569328141510525648634803928199668821045408958
pycurl==7.43.0
pydns==2.3.6
pyenchant==1.6.7
PyGithub==1.23.0
Pygments==2.1.3
pygobject==3.20.1
pyinotify==0.9.6
pylibemu==0.3.3
pymssql==1.0.2
pyOpenSSL==16.0.0
pyotp==2.1.1
pyparsing==2.1.8
pyPdf==1.13
PyPDF2==1.26.0
pyperclip==1.5.27
pyregfi==1.0.1.0
pyrit==0.4.0
pyscard==1.9.4
pyserial==3.1
pysnmp==4.3.2
pysnmp-apps==0.3.2
pysnmp-mibs==0.1.3
PySocks==1.5.7
pysqlite==2.7.0
pytest==2.9.2
python-apt==1.1.0b4
python-dateutil==2.4.2
python-debian==0.1.29
python-debianbts==2.6.1
python-editor==0.4
python-Levenshtein==0.12.0
python-ntlm==1.1.0
python-openid==2.2.5
python-pam==1.8.2
python-ptrace==0.7
pytz==2015.7
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.11
qrcode==5.3
readline==6.2.4.1
reportbug==6.6.6
requests==2.10.0
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
ruamel.ordereddict==0.4.9
scapy==2.3.2
scgi==1.13
scipy==0.18.0
service-identity==16.0.0
simplegeneric==0.8.1
simplejson==3.8.2
singledispatch==3.4.0.3
six==1.10.0
slowaes==0.1a1
smmap==0.9.0
smoke-zephyr==1.0.2
SOAPpy==0.12.22
socketpool==0.5.3
SQLAlchemy==1.0.14
sshtunnel==0.1.0
stopit==1.1.0
tblib==1.3.0
tcpwatch==1.3.1
Tempita==0.5.2
termcolor==1.1.0
tornado==4.4.1
Twisted==16.3.0
tzlocal==1.2.2
urllib3==1.15.1
urwid==1.3.1
uTidylib==0.3
vinetto==0.7b0
volatility==2.5
vulndb==0.0.19
wafw00f==0.9.3
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webunit==1.3.10
Werkzeug==0.11.10
wfuzz==0.0.0
Whoosh==2.7.0
wstools==0.4.3
wxPython==3.0.2.0
wxPython-common==3.0.2.0
xdot==0.5
XlsxWriter==0.7.3
xmlbuilder==1.0
yara-python==3.5.0
zenmap==7.25b2
zim==0.65
zope.interface==4.2.0

Device iOS Version

9.2

Contribution guide missing

Did the contribution guide get deleted?

Needle failed to connect to iOS Device via USB

Failed to install required tools on iOS device

Expected behaviour

With SETUP_DEVICE=True, needle should install required tools on the iOS device.

Actual behaviour

Error returned, stating Exception: Could not open a connection to 127.0.0.1. AttributeError - 'EntryPoint' object has no attribute 'resolve'

Steps to reproduce

Install required tools on MacOS
Connect Jailbroken iPhone to MacOS
Run python needle.py -r config.txt with SETUP_DEVICE=True & DEBUG=True
Error found - Exception: Could not open a connection to 127.0.0.1. AttributeError - 'EntryPoint' object has no attribute 'resolve'

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

➜  needle git:(master) python needle.py
Traceback (most recent call last):
  File "needle.py", line 9, in <module>
    from core.framework import cli
  File "/Users/its/Project/tools/needle/needle/core/framework/cli.py", line 9, in <module>
    from framework import Framework, FrameworkException
  File "/Users/its/Project/tools/needle/needle/core/framework/framework.py", line 9, in <module>
    from ..device.device import Device
  File "/Users/its/Project/tools/needle/needle/core/device/device.py", line 2, in <module>
    import paramiko
ImportError: No module named paramiko

Try to reinstall paramiko

➜  needle git:(master) sudo -H pip install paramiko --ignore-installed
Collecting paramiko
  Using cached paramiko-2.1.1-py2.py3-none-any.whl
Collecting pyasn1>=0.1.7 (from paramiko)
  Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting cryptography>=1.1 (from paramiko)
  Using cached cryptography-1.7.1-cp27-cp27m-macosx_10_10_intel.whl
Collecting cffi>=1.4.1 (from cryptography>=1.1->paramiko)
  Using cached cffi-1.9.1-cp27-cp27m-macosx_10_10_intel.whl
Collecting setuptools>=11.3 (from cryptography>=1.1->paramiko)
  Using cached setuptools-32.3.0-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography>=1.1->paramiko)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting idna>=2.0 (from cryptography>=1.1->paramiko)
  Using cached idna-2.2-py2.py3-none-any.whl
Collecting ipaddress (from cryptography>=1.1->paramiko)
  Using cached ipaddress-1.0.17-py2-none-any.whl
Collecting enum34 (from cryptography>=1.1->paramiko)
  Downloading enum34-1.1.6-py2-none-any.whl
Collecting pycparser (from cffi>=1.4.1->cryptography>=1.1->paramiko)
Installing collected packages: pyasn1, pycparser, cffi, setuptools, six, idna, ipaddress, enum34, cryptography, paramiko
Successfully installed cffi-1.9.1 cryptography-1.7.1 enum34-1.1.6 idna-2.2 ipaddress-1.0.17 paramiko-2.1.1 pyasn1-0.1.9 pycparser-2.17 setuptools-32.3.0 six-1.10.0

Check if paramiko works fine

➜  needle git:(master) ✗ python
Python 2.7.10 (default, Oct 23 2015, 19:19:21)
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from paramiko.dsskey import DSSKey
>>>

➜  needle git:(master) ✗ python needle.py -r config.txt

             __   _ _______ _______ ______         _______
             | \  | |______ |______ |     \ |      |______
             |  \_| |______ |______ |_____/ |_____ |______

                   Needle v0.1.1 [mwr.to/needle]
  [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[*] Loading commands from resource file
[needle] > set DEBUG True
DEBUG => True
[needle] > set SETUP_DEVICE True
SETUP_DEVICE => True
[needle] > EOF
[+] Resource file successfully loaded
[needle] >

[needle] > use binary/meta
[needle][metadata] > run
[D] Setup local output folder: /Users/its/.needle/output
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/its/Project/tools/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[V] Setting up SSH connection...
No handlers could be found for logger "paramiko.transport"
[!] Problem establishing connection: Exception - Could not open a connection to 127.0.0.1. AttributeError - 'EntryPoint' object has no attribute 'resolve' .
------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/its/Project/tools/needle/needle/core/framework/framework.py", line 642, in _connection_new
    self.device.connect()
  File "/Users/its/Project/tools/needle/needle/core/device/device.py", line 221, in connect
    self._connect_ssh()
  File "/Users/its/Project/tools/needle/needle/core/device/device.py", line 101, in _connect_ssh
    raise Exception('Could not open a connection to %s. %s - %s' % (self._ip, type(e).__name__, e.message))
Exception: Could not open a connection to 127.0.0.1. AttributeError - 'EntryPoint' object has no attribute 'resolve'
------------------------------------------------------------
[!] Exception: Could not open a connection to 127.0.0.1. AttributeError - 'EntryPoint' object has no attribute 'resolve'.
[V] Stopping USB port forwarding
[D] [LOCAL CMD] Stopping Local Subprocess Command [pid: 20123]

Environment

Workstation Operating System

MacOs 10.11.6

Python Version

Python 2.7.10 (default, Oct 23 2015, 19:19:21)

Python Packages (`pip freeze`)

➜  needle git:(master) ✗ pip freeze
alembic==0.8.8
altgraph==0.10.2
ana==0.2
androguard==3.0
angr==5.6.10.12
angr-only-z3-custom==9002
appnope==0.1.0
archinfo==5.6.10.5
attrs==16.2.0
awsebcli==3.8.4
backports.shutil-get-terminal-size==1.0.0
backports.ssl-match-hostname==3.5.0.1
bdist-mpkg==0.5.0
bintrees==2.0.4
blessed==1.9.5
blessings==1.6
bonjour-py==0.3
botocore==1.4.78
cachetools==2.0.0
capstone==3.0.4
cement==2.8.2
certifi==2016.8.31
cffi==1.8.2
chardet==2.3.0
claripy==5.6.10.12
cle==5.6.10.5
click==6.6
cmd2==0.6.9
colorama==0.3.7
configparser==3.5.0
cooldict==1.2
cryptography==1.5
dataset==0.7.0
decorator==4.0.10
Django==1.10b1
docker-py==1.7.2
dockerpty==0.4.1
docopt==0.6.2
docutils==0.12
dominate==2.2.1
dpkt-fix==1.7
enum34==1.1.6
Flask==0.11.1
Flask-Bootstrap==3.3.7.0
Flask-Script==2.0.5
frida==8.2.2
future==0.15.2
futures==3.0.5
haxor-news==0.4.1
html5lib==1.0b8
idalink==0.11
idna==2.1
ipaddress==1.0.16
ipython==5.1.0
ipython-genutils==0.1.0
itsdangerous==0.24
Jinja2==2.8
jmespath==0.9.0
lxml==3.6.4
macholib==1.5.1
Mako==1.0.6
MarkupSafe==0.23
matplotlib==1.3.1
modulegraph==0.10.4
mulpyplexer==0.7
networkx==1.11
normality==0.3.6
numpy==1.8.0rc1
paramiko==2.1.1
pathlib2==2.1.0
pathspec==0.3.4
pbr==1.10.0
pefile==2016.3.28
pexpect==4.2.1
pickleshare==0.7.4
Pillow==3.3.1
plumbum==1.6.2
progressbar==2.3
prompt-toolkit==1.0.7
psutil==4.2.0
ptyprocess==0.5.1
py2app==0.7.3
pyasn1==0.1.9
pyasn1-modules==0.0.8
pycparser==2.14
pyelftools==0.24
Pygments==2.1.3
pyobjc-core==2.5.1
pyobjc-framework-Accounts==2.5.1
pyobjc-framework-AddressBook==2.5.1
pyobjc-framework-AppleScriptKit==2.5.1
pyobjc-framework-AppleScriptObjC==2.5.1
pyobjc-framework-Automator==2.5.1
pyobjc-framework-CFNetwork==2.5.1
pyobjc-framework-Cocoa==2.5.1
pyobjc-framework-Collaboration==2.5.1
pyobjc-framework-CoreData==2.5.1
pyobjc-framework-CoreLocation==2.5.1
pyobjc-framework-CoreText==2.5.1
pyobjc-framework-DictionaryServices==2.5.1
pyobjc-framework-EventKit==2.5.1
pyobjc-framework-ExceptionHandling==2.5.1
pyobjc-framework-FSEvents==2.5.1
pyobjc-framework-InputMethodKit==2.5.1
pyobjc-framework-InstallerPlugins==2.5.1
pyobjc-framework-InstantMessage==2.5.1
pyobjc-framework-LatentSemanticMapping==2.5.1
pyobjc-framework-LaunchServices==2.5.1
pyobjc-framework-Message==2.5.1
pyobjc-framework-OpenDirectory==2.5.1
pyobjc-framework-PreferencePanes==2.5.1
pyobjc-framework-PubSub==2.5.1
pyobjc-framework-QTKit==2.5.1
pyobjc-framework-Quartz==2.5.1
pyobjc-framework-ScreenSaver==2.5.1
pyobjc-framework-ScriptingBridge==2.5.1
pyobjc-framework-SearchKit==2.5.1
pyobjc-framework-ServiceManagement==2.5.1
pyobjc-framework-Social==2.5.1
pyobjc-framework-SyncServices==2.5.1
pyobjc-framework-SystemConfiguration==2.5.1
pyobjc-framework-WebKit==2.5.1
pyOpenSSL==0.13.1
pyparsing==2.0.1
PyPDF2==1.26.0
python-dateutil==1.5
python-editor==1.0.1
pytz==2013.7
pyvex==5.6.10.5
PyYAML==3.12
reportlab==3.3.0
requests==2.12.1
rpyc==3.3.0
rsa==3.4.2
scipy==0.13.0b1
semantic-version==2.5.0
service-identity==16.0.0
simplegeneric==0.8.1
simuvex==5.6.10.12
six==1.4.1
SQLAlchemy==1.1.4
sshtunnel==0.1.2
stevedore==1.18.0
termcolor==1.1.0
texttable==0.8.7
tornado==4.1
traitlets==4.3.1
Twisted==16.4.1
txdbus==1.0.13
vboxapi==1.0
virtualenv==15.1.0
virtualenv-clone==0.2.6
virtualenvwrapper==4.7.2
visitor==0.1.3
wcwidth==0.1.7
websocket-client==0.37.0
Werkzeug==0.11.11
wpa-supplicant==0.2
xattr==0.6.4
xhtml2pdf==0.0.6
z3-solver==4.4.2.1.post1
zope.interface==4.1.1

Device iOS Version

iOS 9.1

keychaineditor also doesn't seem to work

Issue

Further to PR #49 (needle/modules/storage/data/keychain_dump.py) and issue #35...

Just to let you know that running keychaineditor --action dump on my device (even outside needle) results in Segmentation fault: 11.

Environment

Workstation Operating System

Kali 2016.2

Python Version

2.7.12+

Python Packages (`pip freeze`)

root@kali:~/Work# pip freeze
Warning: cannot find svn location for chirp===daily-20160717
adns-python==1.2.1
AdvancedHTTPServer==2.0.5
alembic==0.8.7.dev0
anyjson==0.3.3
argcomplete==1.0.0
argh==0.26.1
attrs==16.0.0
backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
basemap==1.0.7
BBQSQL==1.0
BeautifulSoup==3.2.1
beautifulsoup4==4.5.1
blessings==1.6
BlindElephant==1.0
blinker==1.3
boltons==16.2.2
capstone==3.0.4
certifi==2016.2.28
cffi==1.7.0
chardet==2.3.0
Cheetah==2.4.4
## FIXME: could not find svn URL in dependency_links for this package:
chirp===daily-20160717
clamd==1.0.1
click==6.6
cluster==1.3.3
colorama==0.3.7
ConfigArgParse==0.10.0
configobj==5.0.6
configparser==3.3.0.post2
construct==2.5.2
couchdbkit==0.6.5
cryptography==1.5
cycler==0.10.0
d2to1==0.2.12
dap==2.2.6.7
darts.util.lru==0.5
decorator==4.0.6
defusedxml==0.4.1
dicttoxml==1.6.6
dissy==9
distorm3==3.3.4
dnspython==1.14.0
docutils==0.12
easygui==0.96
Elixir==0.7.1
enum34==1.1.6
esmre==0.3.1
feedparser==5.1.3
Flask==0.11.1
FormEncode==1.3.0
frida==7.3.5
funkload==1.16.1
fuse-python==0.2.1
future==0.15.2
futures==3.0.5
GeoIP==1.3.2
geoip2==2.2.0
geojson==1.3.1
gevent==1.1.1
gitdb==0.6.4
GitPython==2.0.5
greenlet==0.4.10
guess-language-spirit==0.5.2
h2==2.1.1
halberd==0.2.4
hpack==2.3.0
html2text==2016.5.29
html5lib==0.999
http-parser==0.8.3
httplib2==0.9.1
httpretty==0.8.14
hyperframe==3.2.0
icalendar==3.8
idna==2.1
impacket==0.9.13
ipaddr==2.1.11
ipaddress==1.0.16
IPy==0.83
ipython==2.4.1
itsdangerous==0.24
jdcal==1.0
Jinja2==2.8
jsonpickle==0.9.3
jsonrpclib==0.1.3
keepnote==0.7.8
killerbee==1.0
lxml==3.6.4
M2Crypto==0.24.0
Mako==1.0.4
Markdown==2.6.6
MarkupSafe==0.23
matplotlib==1.5.2rc2
maxminddb==1.2.1
mechanize==0.2.5
mercurial==3.8.4
metaconfig==0.1.4a1
mitmproxy==0.17.1
mockito==0.5.2
msgpack-python==0.4.8
mysqlclient==1.3.7
nassl==0.12
ndg-httpsclient==0.4.2
netaddr==0.7.18
NfSpy==1.0
nltk==3.2.1
numpy==1.11.1rc1
olefile==0.42.1
openpyxl==2.3.0
PAM==0.4.2
paramiko==2.0.0
passlib==1.6.5
Paste==2.0.3
PasteDeploy==1.5.2
PasteScript==1.7.5
pathtools==0.1.2
pcapy==0.10.8
pdfminer==20140328
pefile==2016.3.28
pexpect==4.2.0
phply==0.9.1
Pillow==3.3.0
pluginbase==0.4
ply==3.7
prettytable==0.7.2
prompt-toolkit==1.0.7
psutil==4.2.0
psycopg2==2.6.2
ptyprocess==0.5.1
py==1.4.31
pyasn1==0.1.9
pyasn1-modules==0.0.7
pybloomfiltermmap==0.3.15
pycparser==2.14
pycrypto==2.6.1
pycryptopp==0.6.0.1206569328141510525648634803928199668821045408958
pycurl==7.43.0
pydns==2.3.6
pyenchant==1.6.7
PyGithub==1.23.0
Pygments==2.1.3
pygobject==3.20.1
pyinotify==0.9.6
pylibemu==0.3.3
pymssql==1.0.2
pyOpenSSL==16.0.0
pyotp==2.1.1
pyparsing==2.1.8
pyPdf==1.13
PyPDF2==1.26.0
pyperclip==1.5.27
pyregfi==1.0.1.0
pyrit==0.4.0
pyscard==1.9.4
pyserial==3.1
pysnmp==4.3.2
pysnmp-apps==0.3.2
pysnmp-mibs==0.1.3
PySocks==1.5.7
pysqlite==2.7.0
pytest==2.9.2
python-apt==1.1.0b4
python-dateutil==2.4.2
python-debian==0.1.29
python-debianbts==2.6.1
python-editor==0.4
python-Levenshtein==0.12.0
python-ntlm==1.1.0
python-openid==2.2.5
python-pam==1.8.2
python-ptrace==0.7
pytz==2015.7
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.11
qrcode==5.3
readline==6.2.4.1
reportbug==6.6.6
requests==2.10.0
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
ruamel.ordereddict==0.4.9
scapy==2.3.2
scgi==1.13
scipy==0.18.0
service-identity==16.0.0
simplegeneric==0.8.1
simplejson==3.8.2
singledispatch==3.4.0.3
six==1.10.0
slowaes==0.1a1
smmap==0.9.0
smoke-zephyr==1.0.2
SOAPpy==0.12.22
socketpool==0.5.3
SQLAlchemy==1.0.14
sshtunnel==0.1.0
stopit==1.1.0
tblib==1.3.0
tcpwatch==1.3.1
Tempita==0.5.2
termcolor==1.1.0
tornado==4.4.1
Twisted==16.3.0
tzlocal==1.2.2
urllib3==1.15.1
urwid==1.3.1
uTidylib==0.3
vinetto==0.7b0
volatility==2.5
vulndb==0.0.19
wafw00f==0.9.3
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webunit==1.3.10
Werkzeug==0.11.10
wfuzz==0.0.0
Whoosh==2.7.0
wstools==0.4.3
wxPython==3.0.2.0
wxPython-common==3.0.2.0
xdot==0.5
XlsxWriter==0.7.3
xmlbuilder==1.0
yara-python==3.5.0
zenmap==7.25b2
zim==0.65
zope.interface==4.2.0

Device iOS Version

9.2

unable to get class-dump of application.

Issue

not able to get class-dump

Expected behaviour

should be able to view class-dump for application selected after "run".

Actual behaviour

[needle] > use binary/class_dump
[needle][class_dump] > run
[*] Checking connection with device...
[+] Already connected to: localhost
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[*] Target app not selected. Launching wizard...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] Copy the plist to temp: /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist -> /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cp /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] Converting plist to XML: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
[D] Extracting content from: /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/LastLaunchServicesMap.plist
[D] Parsing plist content
[+] Apps found:
		0 - com.legalrobot
		1 - com.burbn.instagram
		2 - com.innerfour.photovault
		3 - com.catchhq.yovople
		4 - com.accenture.mobility.appfactory.dev.SCSampleApp2
		5 - com.jadedpixel.shopify
		6 - com.accenture.ams.dev.acssp
		7 - com.circle.CircleApp
		8 - com.cisco.anyconnect.gui
		9 - com.zaption.ZaptionViewer
		10 - com.accenture.mobility.appfactory.dev.GDB
		11 - com.ideashower.ReadItLaterPro
		12 - com.atebits.Tweetie2
		13 - com.bms.who
		14 - com.none.smartplug
		15 - com.highaltitudehacks.dvia
		16 - com.lenovo.anyshare
		17 - com.tinyspeck.chatlyio
		18 - com.zopim.iphone
		19 - com.node.push04115
		20 - accenture.Crowd-Test-App
		21 - com.yahoo.weather
		22 - com.TapMediaLtd.QRReader
		23 - com.accenture.MeuTim
[>][QUESTION] Please select a number: 0
[+] Target app: com.legalrobot
[*] Retrieving app's metadata...
[D] Copy the plist to temp: '/private/var/mobile/Containers/Bundle/Application/AF4E1FBC-980B-4D56-9F44-96DDF391BF5E/Legal Robot.app/Info.plist' -> /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cp '/private/var/mobile/Containers/Bundle/Application/AF4E1FBC-980B-4D56-9F44-96DDF391BF5E/Legal Robot.app/Info.plist' /var/root/needle/Info.plist
[D] Converting plist to XML: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] Extracting content from: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] Parsing plist content
[D] [REMOTE CMD] Remote Command: lipo -info '/private/var/mobile/Containers/Bundle/Application/AF4E1FBC-980B-4D56-9F44-96DDF391BF5E/Legal Robot.app/Legal Robot'
[D] [REMOTE CMD] Remote Command: if [ -d '/private/var/mobile/Containers/Bundle/Application/AF4E1FBC-980B-4D56-9F44-96DDF391BF5E/Legal Robot.app/PlugIns' ]; then echo "yes"; else echo "no" ; fi
[*] Decrypting the binary...
[D] [REMOTE CMD] Remote Command: Clutch2 -d com.legalrobot 2>&1
[D] [REMOTE CMD] Remote Command: cp '/private/var/mobile/Documents/Dumped/com.legalrobot-iOS9.0-(Clutch-2.0.2).ipa' /var/root/needle/decrypted.ipa
[D] [REMOTE CMD] Remote Command: if [ -f '/private/var/mobile/Documents/Dumped/com.legalrobot-iOS9.0-(Clutch-2.0.2).ipa' ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: rm '/private/var/mobile/Documents/Dumped/com.legalrobot-iOS9.0-(Clutch-2.0.2).ipa' 2> /dev/null
[V] Decrypted IPA stored at: /var/root/needle/decrypted.ipa
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/Payload ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/Payload ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: rm -rf /var/root/needle/Payload 2> /dev/null
[D] [REMOTE CMD] Remote Command: if [ -f /var/root/needle/iTunesArtwork ]; then echo "yes"; else echo "no" ; fi
[*] Unpacking the IPA...
[D] [REMOTE CMD] Remote Command: unzip /var/root/needle/decrypted.ipa -d /var/root/needle/
[D] [REMOTE CMD] Remote Command: find /var/root/needle/ -type f -name "Legal Robot"
[D] Full path of the application binary: /var/root/needle/Payload/Legal Robot.app/Legal Robot
[*] Dumping classes...
[D] [REMOTE CMD] Remote Command: class-dump "/var/root/needle/Payload/Legal Robot.app/Legal Robot" 2>/dev/null
------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/akanksha.bana/Desktop/needle/needle/core/framework/module.py", line 118, in do_run
    self.module_run()
  File "/Users/akanksha.bana/Desktop/needle/needle/modules/binary/class_dump.py", line 69, in module_run
    self.class_dump()
  File "/Users/akanksha.bana/Desktop/needle/needle/modules/binary/class_dump.py", line 51, in class_dump
    out = self.device.remote_op.command_blocking(cmd)
  File "/Users/akanksha.bana/Desktop/needle/needle/core/device/remote_operations.py", line 93, in command_blocking
    out, err = self._device._exec_command_ssh(cmd, internal)
  File "/Users/akanksha.bana/Desktop/needle/needle/core/device/device.py", line 123, in _exec_command_ssh
    raise Exception(err_str)
Exception: sh: line 1:   984 Segmentation fault: 11  class-dump "/var/root/needle/Payload/Legal Robot.app/Legal Robot" 2> /dev/null

------------------------------------------------------------
[!] Exception: sh: line 1:   984 Segmentation fault: 11  class-dump "/var/root/needle/Payload/Legal Robot.app/Legal Robot" 2> /dev/null.
[needle][class_dump] >

Steps to reproduce

show modules
use binary/class_dump
run
selecting "0" for Legal Robot application (https://itunes.apple.com/us/app/legal-robot/id1072408741?mt=8)

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Workstation Operating System

OSX 10.11.6

Python Version

Python 2.7.10

Python Packages (`pip freeze`)

pip

Device iOS Version

9.1

python 3.5 compatibility?

Is it compatible with python 3.5?

i am having an error importing utils

File "/needle/core/utils/printer.py", line 4, in
from utils import Utils
ImportError: cannot import name 'Utils'

Thanks

Binary/Metadata Doesn't work if CFBundleDisplayName is not set

Issue

Note: Pathnames and application names have been obscured or modified.

Expected behaviour

Binary/metadata module should return parsed plist entries.

Actual behaviour

If the plist attribute CFBundleDisplayName is not set, the module binary/metadata will not work.

Steps to reproduce

Download application from App Store that doesn't have CFBundleDisplayName set in plist.
use binary/metadata
run

needle error logs

[needle] > use binary/metadata
[needle][metadata] > run
[*] Checking connection with device...
[+] Already connected to: 192.168.137.12
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.hh.iosvuln
[*] Retrieving app's metadata...
[D] Copy the plist to temp: '/private/var/mobile/Containers/Bundle/Application/EFC8307D-8F4C-44E9-9F8A-E6AC55D28262/iOS Vuln.app/Info.plist' -> /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cp '/private/var/mobile/Containers/Bundle/Application/EFC8307D-8F4C-44E9-9F8A-E6AC55D28262/iOS Vuln.app/Info.plist' /var/root/needle/Info.plist
[D] Converting plist to XML: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] Extracting content from: /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] Parsing plist content
------------------------------------------------------------
Traceback (most recent call last):
  File "/home/h/Tools/iOS/needle-live/needle/core/framework/module.py", line 112, in do_run
    pre = self.module_pre()
  File "/home/h/Tools/iOS/needle-live/needle/core/framework/module.py", line 144, in module_pre
    if self.app_check() is None: return None
  File "/home/h/Tools/iOS/needle-live/needle/core/framework/framework.py", line 692, in app_check
    self.APP_METADATA = Framework.APP_METADATA = self.device.app.get_metadata(app)
  File "/home/h/Tools/iOS/needle-live/needle/core/device/app.py", line 20, in get_metadata
    return self._retrieve_metadata()
  File "/home/h/Tools/iOS/needle-live/needle/core/device/app.py", line 33, in _retrieve_metadata
    metadata_info = self.__parse_plist_info(plist_info)
  File "/home/h/Tools/iOS/needle-live/needle/core/device/app.py", line 84, in __parse_plist_info
    bundle_displayname = plist['CFBundleDisplayName']
KeyError: 'CFBundleDisplayName'
------------------------------------------------------------
[!] KeyError: 'CFBundleDisplayName'.

Environment

Workstation Operating System

Debian

Python Version

2.7

Device iOS Version

9.3

ios 9.3.3 still cant use on IOS 9

[!] Exception: Support for iOS < 8 not yet implemented.

Still not working. I am using the latest release

keychain_dump failing with Exception

Issue

keychain_dump was failing with an Exception due to invalid characters in the plist file.

I have done the following and submitted as PR #76:

Added the additional invalid characters to the list to be removed
Revamped this code to make it easier to add additional invalid characters
Added an explanation of the special characters because it took me a while to figure out what the encoding was!
Added an additional explanation when the Exception is thrown to make it clearer what needs to be done in case someone else finds other invalid characters.

More insightful reporting for the static code analysis

Currently, the static/code_checks module only outputs lines of file with no context around the issue itself. Additional documentation could make it easier for non security minded developers to use the static analysis functionality to assess and improve their own applications.

Example:
password_references - it is insecure to hard code passwords in applications that will be installed on end user devices. Ensure that none of the following lines include hardcoded credentials:

Configuration file displays the Password in cleartext

Issue

When loading the configuration from a file the password shows up on the screen.

Expected behaviour

The password should be stored but the password should be starred out.

keychain_dumper does not dump all items.

Issue

This is not so much an issue in needle as an issue in a binary it uses but I wanted it to be on record so that people are aware and to suggest using a different tool.

Expected behaviour

The keychain_dump.py module should dump all keychain items when run.

Actual behaviour

For some unknown reason, the keychain_dumper binary seems to dump some but not all keychain items. Specifically, I knew that an app I was testing stored the password in the keychain but it did not appear in the output of this module.

I then tried using the binary from here (source?) and it dumped a lot more items including the password I was looking for.

I don't have time now but I could try creating an updated version of the module which uses this different binary if you are interested?

Steps to reproduce

I am not sure yet what causes items to appear or not appear in the file but I just wanted to raise the issue. Unfortunately, for confidentiality reasons I cannot include the keychain outputs for comparison.

Environment

Workstation Operating System

Kali 2016.2

Python Version

2.7.12+

Python Packages (`pip freeze`)

root@kali:~/Work# pip freeze
Warning: cannot find svn location for chirp===daily-20160717
adns-python==1.2.1
AdvancedHTTPServer==2.0.5
alembic==0.8.7.dev0
anyjson==0.3.3
argcomplete==1.0.0
argh==0.26.1
attrs==16.0.0
backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
basemap==1.0.7
BBQSQL==1.0
BeautifulSoup==3.2.1
beautifulsoup4==4.5.1
blessings==1.6
BlindElephant==1.0
blinker==1.3
boltons==16.2.2
capstone==3.0.4
certifi==2016.2.28
cffi==1.7.0
chardet==2.3.0
Cheetah==2.4.4
## FIXME: could not find svn URL in dependency_links for this package:
chirp===daily-20160717
clamd==1.0.1
click==6.6
cluster==1.3.3
colorama==0.3.7
ConfigArgParse==0.10.0
configobj==5.0.6
configparser==3.3.0.post2
construct==2.5.2
couchdbkit==0.6.5
cryptography==1.5
cycler==0.10.0
d2to1==0.2.12
dap==2.2.6.7
darts.util.lru==0.5
decorator==4.0.6
defusedxml==0.4.1
dicttoxml==1.6.6
dissy==9
distorm3==3.3.4
dnspython==1.14.0
docutils==0.12
easygui==0.96
Elixir==0.7.1
enum34==1.1.6
esmre==0.3.1
feedparser==5.1.3
Flask==0.11.1
FormEncode==1.3.0
frida==7.3.5
funkload==1.16.1
fuse-python==0.2.1
future==0.15.2
futures==3.0.5
GeoIP==1.3.2
geoip2==2.2.0
geojson==1.3.1
gevent==1.1.1
gitdb==0.6.4
GitPython==2.0.5
greenlet==0.4.10
guess-language-spirit==0.5.2
h2==2.1.1
halberd==0.2.4
hpack==2.3.0
html2text==2016.5.29
html5lib==0.999
http-parser==0.8.3
httplib2==0.9.1
httpretty==0.8.14
hyperframe==3.2.0
icalendar==3.8
idna==2.1
impacket==0.9.13
ipaddr==2.1.11
ipaddress==1.0.16
IPy==0.83
ipython==2.4.1
itsdangerous==0.24
jdcal==1.0
Jinja2==2.8
jsonpickle==0.9.3
jsonrpclib==0.1.3
keepnote==0.7.8
killerbee==1.0
lxml==3.6.4
M2Crypto==0.24.0
Mako==1.0.4
Markdown==2.6.6
MarkupSafe==0.23
matplotlib==1.5.2rc2
maxminddb==1.2.1
mechanize==0.2.5
mercurial==3.8.4
metaconfig==0.1.4a1
mitmproxy==0.17.1
mockito==0.5.2
msgpack-python==0.4.8
mysqlclient==1.3.7
nassl==0.12
ndg-httpsclient==0.4.2
netaddr==0.7.18
NfSpy==1.0
nltk==3.2.1
numpy==1.11.1rc1
olefile==0.42.1
openpyxl==2.3.0
PAM==0.4.2
paramiko==2.0.0
passlib==1.6.5
Paste==2.0.3
PasteDeploy==1.5.2
PasteScript==1.7.5
pathtools==0.1.2
pcapy==0.10.8
pdfminer==20140328
pefile==2016.3.28
pexpect==4.2.0
phply==0.9.1
Pillow==3.3.0
pluginbase==0.4
ply==3.7
prettytable==0.7.2
prompt-toolkit==1.0.7
psutil==4.2.0
psycopg2==2.6.2
ptyprocess==0.5.1
py==1.4.31
pyasn1==0.1.9
pyasn1-modules==0.0.7
pybloomfiltermmap==0.3.15
pycparser==2.14
pycrypto==2.6.1
pycryptopp==0.6.0.1206569328141510525648634803928199668821045408958
pycurl==7.43.0
pydns==2.3.6
pyenchant==1.6.7
PyGithub==1.23.0
Pygments==2.1.3
pygobject==3.20.1
pyinotify==0.9.6
pylibemu==0.3.3
pymssql==1.0.2
pyOpenSSL==16.0.0
pyotp==2.1.1
pyparsing==2.1.8
pyPdf==1.13
PyPDF2==1.26.0
pyperclip==1.5.27
pyregfi==1.0.1.0
pyrit==0.4.0
pyscard==1.9.4
pyserial==3.1
pysnmp==4.3.2
pysnmp-apps==0.3.2
pysnmp-mibs==0.1.3
PySocks==1.5.7
pysqlite==2.7.0
pytest==2.9.2
python-apt==1.1.0b4
python-dateutil==2.4.2
python-debian==0.1.29
python-debianbts==2.6.1
python-editor==0.4
python-Levenshtein==0.12.0
python-ntlm==1.1.0
python-openid==2.2.5
python-pam==1.8.2
python-ptrace==0.7
pytz==2015.7
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.11
qrcode==5.3
readline==6.2.4.1
reportbug==6.6.6
requests==2.10.0
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
ruamel.ordereddict==0.4.9
scapy==2.3.2
scgi==1.13
scipy==0.18.0
service-identity==16.0.0
simplegeneric==0.8.1
simplejson==3.8.2
singledispatch==3.4.0.3
six==1.10.0
slowaes==0.1a1
smmap==0.9.0
smoke-zephyr==1.0.2
SOAPpy==0.12.22
socketpool==0.5.3
SQLAlchemy==1.0.14
sshtunnel==0.1.0
stopit==1.1.0
tblib==1.3.0
tcpwatch==1.3.1
Tempita==0.5.2
termcolor==1.1.0
tornado==4.4.1
Twisted==16.3.0
tzlocal==1.2.2
urllib3==1.15.1
urwid==1.3.1
uTidylib==0.3
vinetto==0.7b0
volatility==2.5
vulndb==0.0.19
wafw00f==0.9.3
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webunit==1.3.10
Werkzeug==0.11.10
wfuzz==0.0.0
Whoosh==2.7.0
wstools==0.4.3
wxPython==3.0.2.0
wxPython-common==3.0.2.0
xdot==0.5
XlsxWriter==0.7.3
xmlbuilder==1.0
yara-python==3.5.0
zenmap==7.25b2
zim==0.65
zope.interface==4.2.0

Device iOS Version

9.2

Exception: sh: cut: command not found

hi,

I am getting this error when i try to run any module. I believe the IOS doesn't have the 'cut' command installed.

list_apps module failing

Issue

Hi I am running the module list_apps however it is failing at plutil does not exist. I'm wondering if plutil should be running as a local command and not on the Apple device?

Expected behaviour

List of applications on the connected iPAD should be displayed.

Actual behaviour

needle] > use various/list_apps
[needle][list_apps] > run
[] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[] Looking for apps...
[V] Refreshing list of installed apps...
[!] Exception: sh: plutil: command not found.

Steps to reproduce

bin/python needle/needle.py -r needle/config.txt
[needle] > set SETUP_DEVICE False
SETUP_DEVICE => False
[needle] >
[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True
[needle] > EOF
[+] Resource file successfully loaded
[needle] > use various/list_apps
[needle][list_apps] > run
[D] Setup local output folder: /Users/user/.needle/output
[] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/user/Virtualenvs/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[] Looking for apps...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: if [ -f /private/var/installd/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] [REMOTE CMD] Remote Command: cp /private/var/installd/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
Traceback (most recent call last):
File "/Users/user/Virtualenvs/needle/needle/core/framework/module.py", line 114, in do_run
self.module_run()
File "/Users/user/Virtualenvs/needle/needle/modules/various/list_apps.py", line 25, in module_run
self.device._list_apps()
File "/Users/user/Virtualenvs/needle/needle/core/device/device.py", line 195, in _list_apps
elif self._is_iOS9: list_iOS_89(Constants.DEVICE_PATH_APPLIST_iOS9)
File "/Users/user/Virtualenvs/needle/needle/core/device/device.py", line 189, in list_iOS_89
pl = self.remote_op.parse_plist(applist)
File "/Users/user/Virtualenvs/needle/needle/core/device/remote_operations.py", line 214, in parse_plist
self.command_blocking(cmd, internal=True)
File "/Users/user/Virtualenvs/needle/needle/core/device/remote_operations.py", line 88, in command_blocking
out, err = self._device._exec_command_ssh(cmd, internal)
File "/Users/user/Virtualenvs/needle/needle/core/device/device.py", line 120, in _exec_command_ssh
raise Exception(err_str)
Exception: sh: plutil: command not found

[!] Exception: sh: plutil: command not found.

needle error logs ---> Set in config.txt

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Workstation Operating System

Mac OS X El Capitain

Python Version

Python 2.7.12

Python Packages (`pip freeze`)

cffi==1.8.3
colorama==0.3.7
cryptography==1.5.2
enum34==1.1.6
frida==8.1.1
idna==2.1
ipaddress==1.0.17
paramiko==2.0.2
prompt-toolkit==1.0.7
pyasn1==0.1.9
pycparser==2.14
Pygments==2.1.3
readline==6.2.4.1
six==1.10.0
sshtunnel==0.1.1
wcwidth==0.1.7

Device iOS Version

9.3.3

Feature Request for Global Output path

I'd like to set a global path for all output artifacts instead of having to change it on every module I import. Currently everything goes into ~/.needle/tmp/.

Maybe this is possible and i missed it in the settings somewhere.

Would it be possible to run Needle on the iOS device?

Given a jailbroken iOS device and Pythonista, would it be possible to run Needle directly on the iOS device?

ImportError: No module named paramiko

Hi，
i meet some problem
i have already done what installation guide told me with a totally new OS X virtual machine.
but, it shows that

python needle.py
Traceback (most recent call last):
File "needle.py", line 9, in
from core.framework import cli
File "/Users/xxx/needle/needle/core/framework/cli.py", line 9, in
from framework import Framework, FrameworkException
File "/Users/xxx/needle/needle/core/framework/framework.py", line 9, in
from ..device.device import Device
File "/Users/xxx/needle/needle/core/device/device.py", line 2, in
import paramiko
ImportError: No module named paramiko

sudo -H pip install --upgrade --user paramiko
Password:
Requirement already up-to-date: paramiko in /private/var/root/Library/Python/2.7/lib/python/site-packages
Requirement already up-to-date: cryptography>=1.1 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from paramiko)
Requirement already up-to-date: pyasn1>=0.1.7 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from paramiko)
Requirement already up-to-date: enum34 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: ipaddress in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: idna>=2.0 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: six>=1.4.1 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: setuptools>=11.3 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: cffi>=1.4.1 in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cryptography>=1.1->paramiko)
Requirement already up-to-date: pycparser in /private/var/root/Library/Python/2.7/lib/python/site-packages (from cffi>=1.4.1->cryptography>=1.1->paramiko)

Heap_Dump.py

Issue

More of a solution and less of an issue.
64bit arch binary could not be dumped. It has nothing to do with the iOS version used.

Expected behaviour

Code in Heap_Dump.py will work only with 32-bit binaries regardless of the iOS version 8 or 9.
Check if device is 64bit arch, then try to -thin the binary (if FAT).

Actual behaviour

When unable to dump the memory for the apps. The comment says issues is with iOS version support.

Steps to reproduce

use dynamic/memory/heap_dump
set FILTER something
run
If binary is 64bit or FAT then the dump will not work. It works only with the 32bit arch binary.
Thin the binary first and then try to dump the memory

Reconnecting SSH Session Feature Request

Issue

Sometimes running commands like heap_dump causes the device to drop its SSH connection or if the device is accidentally unplugged needle will need to be restarted

Expected behaviour

The _exec_command_ssh method should attempt to reconnect on failure.

I have already modified my own version to fix this. It will attempt to reconnect and rerun the command if it fails up to 3 times. I made the following changes to device.py
This may be kind of a hack and may not account for all situations.

# ==================================================================================================================
# INIT
# ==================================================================================================================
def __init__(self, ip, port, username, password, pub_key_auth, tools):
    # Setup params
    [...snip...]
    #Added cmd Iteration to track command retries
    self.cmdItr=0;

 # Added a try catch loop that attempts to run the command up to 3 times
 def _exec_command_ssh(self, cmd, internal):
        """Execute a shell command on the device, then parse/print output."""
        # Paramiko Exec Command
        try:
           stdin, stdout, stderr = self.conn.exec_command(cmd)
           # Parse STDOUT/ERR
           out = stdout.readlines()
           err = stderr.readlines()
           if internal:
               # For processing, don't display output
               if err:
                   # Show error and abort run
                   err_str = ''.join(err)
                   raise Exception(err_str)
           else:
               # Display output
               if out: map(lambda x: print('\t%s' % x, end=''), out)
               if err: map(lambda x: print('\t%s%s%s' % (Colors.R, x, Colors.N), end=''), err)
           self.cmdItr=0
           return out, err
        except:
           self.cmdItr = self.cmdItr +1;
           if self.cmdItr >= 3:
               self.printer.verbose('Could not reconnect to device after 3 attempts.')
                self.cmdItr=0
               return None,None

           self.printer.verbose('SSH Session appears to have died.')
           self.disconnect()
           self.printer.verbose("Reconnecting to Device..." )
           self.connect()
           self.printer.verbose("Rerunning last command." )
           return self._exec_command_ssh(cmd, internal)

Steps to reproduce

plug in device over usb
run a simple module like keyboard_autocomplete
disconnect the device from usb
reconnect device and run module again.
SSH will fail.

[needle][heap_dump] > use storage/caching/keyboard_autocomplete
[+] Resource file successfully loaded
[needle][keyboard_autocomplete] > run
[*] Checking connection with device...
[V] Connection not present, creating a new instance
Trying new connection
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[*] Running strings over keyboard autocomplete databases...
[+] The following content has been found:
[...snip...]

Run it again after device is reconnected


[needle][keyboard_autocomplete] > run
[*] Checking connection with device...
[+] Already connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[!] SSHException: SSH session not active.

Now using the above code modifications you will get the following output while it attempts to reconnect and the the command will succeed on the second attempt.

[needle][keyboard_autocomplete] > run
[*] Checking connection with device...
[+] Already connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[V] SSH Session appears to have died.
[V] Stopping USB port forwarding
[V] Reconnecting to Device...
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[V] Rerunning last command.
[*] Running strings over keyboard autocomplete databases...
[+] The following content has been found:

Workstation Operating System

OSX

Python Version

2.7

Python Packages (`pip freeze`)

Device iOS Version

8.1 iPad

[!] Exception: sh: cut: command not found.

Hey there,

Great work! I was just playing around with needle and I tried this:

[needle] > use storage/data/files_cachedb
[needle][files_cachedb] > run
[*] Checking connection with device...
[+] Already connected to: 192.168.2.2
[V] Creating temp folder: /var/root/needle/
[*] Configuring device...
[!] Exception: sh: cut: command not found.
[needle][files_cachedb] >

I'm not sure which package cut is in, but am I missing some sort of setup option on the device? I have setup device set to true, maybe a package is missing? I would just install it but I'm not sure which package has cut in it and I can't seem to find it with Google.

SETUP_DEVICE  True           yes       Set to true to enable auto-configuration of the device (installation of all the tools needed)

Exception:PID not found

Issue

Expected behaviour

Cycript should be able to find the PID and attach to the process. i can see the PID and the process when i run this command on the device - 'ps ax | grep - i 'whasome.app'' which shows all the running processes.

Actual Behaviour

I have an app installed that checks for jailbroken device and throws an error on the screen within the app that it cannot run because the device is jailbroken. I am trying to attach the cycript and frida module however they throw an error saying that the PID is not found after the app is launched on the device. The app does not exits after the error.

Steps to reproduce

1.use hooking/cycript/cycript
2.
3.

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Kali Linux/VMWARE

Workstation Operating System

Kali Linux

Python Version

python 2.7

Python Packages (`pip freeze`)

i have a huge list

Device iOS Version

IPAD IOS 9.3.3

Issue with Frida

Issue

Frida script find class enum method function giving error.

Expected behaviour

it should look for the methods for the defined classes.

Actual behaviour

It threw an error saying tuple out of range.

Steps to reproduce

needle error logs

Ensure verbose and debug mode are enabled:

nkeydle][script_find-class-enum-methods] > set TARGET_CLASS JailMo 
TARGET_CLASS => JailMonkey
[needle][script_find-class-enum-methods] > run
[D] Setup local output folder: /root/.needle/output
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up SSH connection...
[+] Connected to: 192.168.0.6
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.westernhealth.whasome
[*] Retrieving app's metadata...
[D] [REMOTE CMD] Remote Command: if [ -f /var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: if [ -f /private/var/installd/Library/MobileInstallation/LastLaunchServicesMap.plist ]; then echo "yes"; else echo "no" ; fi
[V] Refreshing list of installed apps...
[D] [REMOTE CMD] Remote Command: /bin/su mobile -c /usr/bin/uicache
[D] [REMOTE CMD] Remote Command: cp /private/var/installd/Library/MobileInstallation/LastLaunchServicesMap.plist /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/LastLaunchServicesMap.plist
[D] [REMOTE CMD] Remote Command: cp /private/var/containers/Bundle/Application/E2E45BB2-8A4A-4CB9-A70F-E89419D767F4/whasome.app/Info.plist /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: plutil -convert xml1 /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: cat /var/root/needle/Info.plist
[D] [REMOTE CMD] Remote Command: lipo -info /private/var/containers/Bundle/Application/E2E45BB2-8A4A-4CB9-A70F-E89419D767F4/whasome.app/whasome
[D] [REMOTE CMD] Remote Command: if [ -d /private/var/containers/Bundle/Application/E2E45BB2-8A4A-4CB9-A70F-E89419D767F4/whasome.app/PlugIns ]; then echo "yes"; else echo "no" ; fi
[*] Setting up local port forwarding to enable communications with the Frida server...
------------------------------------------------------------
Traceback (most recent call last):
  File "/opt/needle/needle/core/framework/module.py", line 111, in do_run
    pre = self.module_pre()
  File "/opt/needle/needle/core/framework/module.py", line 253, in module_pre
    FridaModule.module_pre(self)
  File "/opt/needle/needle/core/framework/module.py", line 237, in module_pre
    self.device._portforward_frida_start()
  File "/opt/needle/needle/core/device/device.py", line 140, in _portforward_frida_start
    self._frida_server.start()
  File "/usr/local/lib/python2.7/dist-packages/sshtunnel.py", line 1221, in start
    self._create_tunnels()
  File "/usr/local/lib/python2.7/dist-packages/sshtunnel.py", line 1082, in _create_tunnels
    msg = 'Problem setting SSH Forwarder up: {0}'.format(e.args[0])
IndexError: tuple index out of range
------------------------------------------------------------
[!] IndexError: tuple index out of range.

Environment

VMWARE

Workstation Operating System

Kali Linux

Python Version

2.7

Python Packages (`pip freeze`)

2.7

Device iOS Version

9.3.3

Unicode to ASCII conversion issues (issues within Needle)

I have deleted this comment and opened a new issue with a better description here as this issue is now focused on a different problem, see here.

iOS Simulator Support

Enhancement

Add support for testing and learning how to use needle modules with the apps installed in the iOS Simulator.

Expected behaviour

For example, setting the IP address to "Simulator" or adding a new option for simulator path could have needle modules run against the apps installed in the simulator.

Benefits

This could make needle much easier to use and test in controlled environments that do not have access to jailbroken devices.

cycript issue

Issue

Expected behaviour

isa.messages should show all the methods for that class

Actual behaviour

isa should have a function called messages. isa.messages is not showing anything and the function doesn't exist

Steps to reproduce

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

Environment

Workstation Operating System

kali linux 2016.3

Python Version

python 2.7

Python Packages (`pip freeze`)

Device iOS Version

9.3.3

Frida_shell is not spawned

Hello again.
I cant spawn a frida shell on some application in my IOS screenshot attached.

Errors saving files in storage/data/files_* modules

Issue

Errors in the convert_path_to_filename method in app.py are preventing all modules which are using it from saving files locally correctly.

Currently they are all just being saved locally as plist_None (for example) and overwriting each other.

I have submitted pull request #57 to fix this.

Module to install SSL Pinning Kill Switch

Enhancement

Expected behaviour

Add a module which uses the instructions from here to install the SSL Pinning Kill Switch from here.

Actual behaviour

This does not currently exist

Steps which explain the enhancement

The tool has dependencies which can either be installed as part of the module or installed as part of the needle setup as I don't think they are that heavy. Let me know what you think.

Running the module will check the dependencies, pull down the .deb file, install it and respring the device.

Let me know if you think this is an appropriate module to add and if you want me to have a stab at it andif so when you think the dependencies should be installed. My suggestion would be at the same time as needle setup.

cannt find lipo

Issue

cannt find lipo

Expected behaviour

[needle][metadata] > run
[] Checking connection with device...
[+] Connected to: 127.0.0.1
[] Target app not selected. Launching wizard...
[+] Apps found:
0 - P01.tencent.xin
1 - com.az.azdribbble
Please select a number: 1
[+] Target app: P01.tencent.xin
[*] Retrieving app's metadata...
[!] Exception: sh: lipo: command not found.
[needle][metadata] >

Actual behaviour

cannt find lipo in my phone, how to solve this problem.

withsecurelabs / needle Goto Github PK

needle's Introduction

Description

Installation

Supported Platforms

Usage

License

Contact

needle's People

Contributors

Stargazers

Watchers

Forkers

needle's Issues

Issue

Expected behaviour

Actual behaviour

Steps to reproduce

Environment

Workstation Operating System

Python Version

Device iOS Version

needle error logs

Issue

Expected behaviour

Actual behaviour

Steps to reproduce

needle error logs

Environment

Workstation Operating System

Python Version

Python Packages (pip freeze)

Device iOS Version

python needle.py

Issue

Expected behaviour

Actual behaviour

Steps to reproduce

needle error logs

Environment

Workstation Operating System

Python Version

Device iOS Version

Issue

Expected behaviour

Actual behaviour

Environment

Workstation Operating System

Python Version

Python Packages (pip freeze)

Device iOS Version

Issue

Expected behaviour

Actual behaviour

needle error logs

Environment

Workstation Operating System

Python Version

Python Packages (pip freeze)

Device iOS Version

Issue

Expected behaviour

Actual behaviour

Steps to reproduce

needle error logs

Environment

Workstation Operating System

Python Version

Python Packages (pip freeze)

FIXME: could not find svn URL in dependency_links for this package:

Device iOS Version

Issue

Expected behaviour

Actual behaviour

Steps to reproduce

needle error logs

Environment

Workstation Operating System

Python Version

Python Packages (pip freeze)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)

Python Packages (`pip freeze`)