Giters

ChiChou / bagbak

Yet another frida based iOS dumpdecrypted. Also decrypts app extensions

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

quits in shell after please be patient msg

Geczy opened this issue · comments

commented

Describe the bug

bagbak quits after please be patient msg

To Reproduce

bagbak com.christianselig.Apollo -d -f
remote root /private/var/containers/Bundle/Application/CFA00700-DD28-49CA-B724-FBF8DE140F92/Apollo.app
copy to /var/folders/d_/1vvvnjp51slbx4347nwm4qgm0000gq/T/bagbak/com.christianselig.Apollo/Payload
[info] pulling app bundle from device, please be patient

Expected behavior
work

Screenshots

Desktop (please complete the following information):

  • OS: [e.g. Ubuntu] macos 13.4
  • nodejs: [e.g. v12.18.0] v19.9.0
  • frida-node: [e.g. v12.9.6] idk what that is
  • frida on device version 16.0.19
  • iOS and jailbreak version 16.3.1
  • The app you are trying to work on com.christianselig.Apollo

Additional context

3.0.9 bagbak

commented

Can you please run with DEBUG=1 DEBUG_SCP=1 bagbak --raw -f and paste the logs here?

commented

zsh: command not found: DEBUG_SCP im on macos, what do you recommend instead of debug_scp ?

commented

zsh: command not found: DEBUG_SCP im on macos, what do you recommend instead of debug_scp ?

Sorry, DEBUG_SCP=1. It's an environment variable too. Also better upgrade to v3.0.11 (it's not related to this issue though)

commented 
DEBUG=1 DEBUG_SCP=1 bagbak --raw -f com.christianselig.Apollo
remote root /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app
copy to .
[info] pulling app bundle from device, please be patient

it just quits here. im on 3.0.11 now

commented

Doesn't make sense. Even if there is an exception it should print something

commented

I ran it on my macOS 14.0 with the same nodejs v19.9.0 but it didn't reproduce

commented

so its an issue in sshing to the ios device? where does that even happen?

my user is mobile not root if that makes a difference?

commented

I hardcoded root/alpine in the code so it will always be root. Besides if there is something wrong with SSH it will definitely print the reason

commented

ahh got it. funny that using the wrong user + pw combo will make this not work completely.

its working now once i hardcoded my correct user + password

im coming from palera1n and when installing that jailbreak, they install to mobile and force you to setup your own password. they dont use root:alpine so maybe its worth having a custom .env or config file or env variables to customize this

commented

now the next issue is with commands not using sudo 😂

i can hardcode change chmod to use sudo, but i wonder if tehre are other places in bagbak that require privileges?

main executable => /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo
chmod: changing permissions of '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo': Operation not permitted
file:///Users/mgates/bagbak/index.js:84
            reject(new Error(`remote command "${cmd}" exited with code ${code}`));
                   ^

Error: remote command "chmod +xX '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo'" exited with code 1
    at Channel.<anonymous> (file:///Users/mgates/bagbak/index.js:84:20)
    at Channel.emit (node:events:525:35)
    at Channel.doClose (/Users/mgates/bagbak/node_modules/ssh2/lib/utils.js:101:21)
    at Object.onceWrapper (node:events:627:28)
    at Channel.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1359:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Node.js v19.9.0
commented

you can start logging ssh errors like this

  return new Promise((resolve) => {
    client
      .once('ready', () => resolve(client))
      .once('error', (error) => {
        console.error(error)
        return reject(error);
      })
      .connect({
        sock: channel,
        username: user,
        password,
      });
  });

add once error

commented

now the next issue is with commands not using sudo 😂

i can hardcode change chmod to use sudo, but i wonder if tehre are other places in bagbak that require privileges?

main executable => /private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo
chmod: changing permissions of '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo': Operation not permitted
file:///Users/mgates/bagbak/index.js:84
            reject(new Error(`remote command "${cmd}" exited with code ${code}`));
                   ^

Error: remote command "chmod +xX '/private/var/containers/Bundle/Application/BE0D5A55-3C4E-4E4A-AA71-7F7FACB3730E/Apollo.app/Apollo'" exited with code 1
    at Channel.<anonymous> (file:///Users/mgates/bagbak/index.js:84:20)
    at Channel.emit (node:events:525:35)
    at Channel.doClose (/Users/mgates/bagbak/node_modules/ssh2/lib/utils.js:101:21)
    at Object.onceWrapper (node:events:627:28)
    at Channel.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1359:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Node.js v19.9.0

comment line 134 of main.js out

commented

all solved, thanks for the updates