advtools / advtruststore Goto Github PK

ADVTrustStore is a simple management script to import/list/remove CA certificates to the iOS simulator. It is working for iOS 5 and iOS 6.

Python 100.00%

advtruststore's Introduction

What is ADVTrustStore

ADVTrustStore is a simple management script to import/list/remove CA certificates to the iOS simulator.

Importing CA certificates is not directly supported in the iOS simulator.

Custom CA certificates are stored in a file named TrustStore.sqlite3 in both the physical device and the iOS simulator. Some scripts are available to import a CA certificate to the iOS simulator but they work only for version lower than 5.0.

Without this tool, the common method to add CA certificates to the iOS simulator 5.0 and above was to import it on a physical device, then extract the TrustStore.sqlite3 file from a device backup then copy the relevant records to the to the version in iOS simulator.

ADVTrustStore works with all versions from 5.0 to the current 6.1 version. In addition to directly import of a CA certificate from a PEM encoded certificate file, it provides the following functions:

list custom CA certificates in each of the iOS simulator versions
selectively remove custom CA certificates to each of the iOS simulator versions
selectively export custom CA certificates from each of the iOS simulator versions
selectively export custom CA certificates from device backup

How to use ADVTrustStore

Just copy the iosCertTrustManager.py to a Mac OS X system. This python script does not requires any additional python module.

Help on the command line arguments is available with:

iosCertTrustManager.py --help

To import a certificate form a PEM file:

iosCertTrustManager.py -a certificate_file

For each available iOS simulator version it will prompt to install the CA certificate.

ADVTrustStore files

iosCertTrustManager.py: the TrustStore manager script

IOSTrustStore Structure.pdf: A documentation with the known details of the TrustStore.sqlite3 database format

Copyright and license

Written by Daniel Cerutti

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

advtruststore's People

Contributors

Stargazers

Watchers

advtruststore's Issues

Handling new simulators (iOS 14.5 and maybe some other versions ?)

Hi,

It looks like the path of the sqlite3 file has moved for the recent simulators.
We had: trustStorePath = "/data/Library/Keychains/TrustStore.sqlite3"

This directory doesn't exist for my new simulator:

➜  ~ tree -f /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/ | grep sqlite3
│   │   │   ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/Library/MobileContainerManager/containers.sqlite3
│   │   │   ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/Library/MobileContainerManager/containers.sqlite3-wal
│   │               ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/pinningrules.sqlite3
│   │               │   ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/private/TrustStore.sqlite3
│   │               │   ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/private/ocspcache.sqlite3
│   │               │   ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/private/ocspcache.sqlite3-shm
│   │               │   └── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/private/ocspcache.sqlite3-wal
│   │               ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/valid.sqlite3
│   │               ├── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/valid.sqlite3-shm
│   │               └── /Users/jcolin/Library/Developer/CoreSimulator/Devices/80EBA33F-4B23-4AAC-A6AC-F72C5BABF656/data/private/var/protected/trustd/valid.sqlite3-wal

Maybe the new value should be /data/private/var/protected/trustd/private/TrustStore.sqlite3 ?

I tried my new path and then got this error:

c.execute('INSERT INTO tsettings (sha1, subj, tset, data) VALUES (?, ?, ?, ?)', [sqlite3.Binary(sha1), sqlite3.Binary(subj), sqlite3.Binary(tset), sqlite3.Binary(data)])
sqlite3.OperationalError: table tsettings has no column named sha1

Indeed, we now have a sha256 column in the sqlite3 file instead of sha1...

Do you plan any modifications ?

Thanks a lot,

Julien.

Doesn't automatically trust installed cert

Running ./iosCertTrustManager.py -a cert_authority.pem correctly installs my cert but I have to manually visit the General -> About -> Certificate Trust Settings page on each simulator and flip the switch to trust the installed cert.

Somehow Charles' install-charles-ca-cert-for-iphone-simulator.sh script is able to both install and trust their cert on my simulators and they seem to use the same basic mechanism (writing to ls ~/Library/Developer/CoreSimulator/Devices/*/data/Library/Keychains/TrustStore.sqlite3) so I feel like I must be missing something.

Any advice?

ADVTrustStore python script - Fails due to premature end of input

I am facing issues while using the iosCertTrustManager.py. Two actually.

Python: 3.7.2

the script fails to run as-is with the syntax error.

File "./iosCertTrustManager-original.py", line 70 raise Error, 'Encoder not initialized. Call start() first.' ^ SyntaxError: invalid syntax

which is suppose is due to Python version mismatch. I was able to get it to work by adding () to the raise and print functions.
raise Error ('Encoder not initialized. Call start() first.')

I am not so sure as to why would it ready different lengths for the same PEM file. I really need help with this one.

Import certificate?  [y/N] y
Importing to /Users/Urmil/Library/Developer/CoreSimulator/Devices/78EE1B1A-A51C-4013-BA06-AE185638686A/data/Library/Keychains/TrustStore.sqlite3
Traceback (most recent call last):
  File "iosCertTrustManager.py", line 758, in <module>
    program.run()
  File "iosCertTrustManager.py", line 747, in run
    self.import_to_simulator(args.certificate_file, args.truststore)
  File "iosCertTrustManager.py", line 658, in import_to_simulator
    tstore.add_certificate(cert)
  File "iosCertTrustManager.py", line 484, in add_certificate
    self._add_record(certificate.get_fingerprint(), certificate.get_subject_ASN1(), 
  File "iosCertTrustManager.py", line 392, in get_subject_ASN1
    decoder.enter()
  File "iosCertTrustManager.py", line 245, in enter
    bytes = self._read_bytes(length)
  File "iosCertTrustManager.py", line 315, in _read_bytes
    raise Error ( 'Premature end of input.' )
__main__.Error: Premature end of input.

Thank you in advance.

iosCertTrustManager.py fails to install certs on all simulators because it can't encode character u'\u0280'

Import certificate to iPhone X v12.2 [y/N] Importing to /Users/jenkins/Library/Developer/CoreSimulator/Devices/51901893-EEF8-46AA-991C-643E98E0DAD6/data/Library/Keychains/TrustStore.sqlite3
  Existing certificate replaced
Traceback (most recent call last):
  File "iosCertTrustManager.py", line 757, in <module>
    program.run()
  File "iosCertTrustManager.py", line 746, in run
    self.import_to_simulator(args.certificate_file, args.truststore)
  File "iosCertTrustManager.py", line 654, in import_to_simulator
    if query_yes_no("Import certificate to " + simulator.title, "no") == "yes":
  File "iosCertTrustManager.py", line 57, in query_yes_no
    sys.stdout.write(question + prompt)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u0280' in position 30: ordinal not in range(128)

This is how we use it:

url="https://github.com/ADVTOOLS/ADVTrustStore/raw/master/iosCertTrustManager.py"
[[ ! -e iosCertTrustManager.py ]] && curl -O -L ${url}
yes | python iosCertTrustManager.py -a ~/.mitmproxy/mitmproxy-ca-cert.pem

“TrustStore instance has no attribute 'always_yes'” error as of latest commit.

As of the adc6c5d
(Feb 25, 2021) commit, attempting to export a certificate results in a “TrustStore instance has no attribute 'always_yes'.” error. Reverting to the d6a6d42 (July 20, 2020) commit resolved this.

iosCertTrustManager.py fails to successfully open tables

On 10.8.2, I get the following when I try any actions with iosCertTrustManager.py:

List:

% iosCertTrustManager.py -l                                                  

iPhone/iPad simulator v3.2
Traceback (most recent call last):
  File "iosCertTrustManager.py", line 720, in <module>
    program.run()
  File "iosCertTrustManager.py", line 705, in run
    self.list_simulator_trustedcertificates(args.truststore)
  File "iosCertTrustManager.py", line 641, in list_simulator_trustedcertificates
    tstore.list_certificates()
  File "iosCertTrustManager.py", line 516, in list_certificates
    for row in c.execute('SELECT data FROM tsettings'):
sqlite3.OperationalError: no such table: tsettings

Dump:

% iosCertTrustManager.py --dump ~/Desktop/certtest                                         
Traceback (most recent call last):
  File "iosCertTrustManager.py", line 720, in <module>
    program.run()
  File "iosCertTrustManager.py", line 713, in run
    self.export_simulator_trustedcertificates(args.dump_base_filename, True, args.truststore)
  File "iosCertTrustManager.py", line 654, in export_simulator_trustedcertificates
    tstore.export_certificates_data(certificate_base_filename + "_" + simulator.version)
  File "iosCertTrustManager.py", line 493, in export_certificates_data
    for row in c.execute('SELECT sha1, subj, tset, data FROM tsettings'):
sqlite3.OperationalError: no such table: tsettings

But if I manually specify a truststore path, it works:

% iosCertTrustManager.py -t ~/Library/Application\ Support/iPhone\ Simulator/6.1/Library/Keychains/TrustStore.sqlite3 --dump ~/Desktop/certtest         
  subject= CN = Charles Proxy SSL Proxying, OU = http://charlesproxy.com/ssl, O = XK72 Ltd, L = Auckland, ST = Auckland, C = NZ
    Export certificate [y/N] n
  subject= CN = mitmproxy, O = mitmproxy
    Export certificate [y/N] n

Unable to install certificates using Xcode 7.1

Hi there.

After running the script to install my CA in iOS 9.1/8.4 it seems to not successfully install the certificate. The script reports back success, but navigating to Settings in the simulator doesn't show any profiles installed. Is this a known issue?

I can install the CA certificate by dragging and dropping it into the simulator.

certificate.get_subject_ASN1()

Hello,

I've posted some of this on the currently open PR #22 , but it got deleted since it doesnt belong there.
Maybe it belongs here and somebody can offer some help.

As I checked out the Pull Request I wanted to use the script like this:

python3 iosCertTrustManager.py -a ~/.mitmproxy/mitmproxy-ca-cert.pem -y

But it fails with:

subject=CN = mitmproxy, O = mitmproxy

Importing to /Users/p.querner/Library/Developer/CoreSimulator/Devices/A7985F82-4E84-495E-A6CB-E044927B1F02/data/private/var/protected/trustd/private/TrustStore.sqlite3
Traceback (most recent call last):
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 796, in <module>
    program.run()
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 785, in run
    self.import_to_simulator(args.certificate_file, args.truststore)
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 691, in import_to_simulator
    tstore.add_certificate(cert)
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 507, in add_certificate
    self._add_record(certificate.get_fingerprint(self._hash), certificate.get_subject_ASN1(),
                                                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 404, in get_subject_ASN1
    decoder.start(self._data)
  File "/Users/p.querner/projects/apps/ios/ADVTrustStore/iosCertTrustManager.py", line 220, in start
    raise Error('Expecting string instance.')
Error: Expecting string instance.

Cert:

cat ~/.mitmproxy/mitmproxy-ca-cert.pem
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIUNivuiajD9UHl4ipAwiN0V8cty84wDQYJKoZIhvcNAQEL
BQAwKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAltaXRtcHJveHkwHhcN
MjMwODAzMTU0MjQwWhcNMzMwODAyMTU0MjQwWjAoMRIwEAYDVQQDDAltaXRtcHJv
eHkxEjAQBgNVBAoMCW1pdG1wcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAJHvLj+h7k+8rZCR0w7r2J+yVI+CBop3gcl80PoFuT8otMPh0OHpdpSo
AEXz/+ygSSErdyWsMj5EMMxhCrrnQT9kEwKCdPSf57pePB6mkGiAcj1h6SQRp+Ow
IABH6IyxPmkBoShRDEkEYKSSc80OpFSXNa1L3lAhM8wSEOjjyfkBiMNkRwE5V5HR
qpoIZF5N8LcXpgzWCvaQIi+U6/620XWbO5638knoTr1iI0VzC8RnRGEJXRo8w8/Y
PFCVtLu4PkcDkJ9Fq0Znne5s+IlIkxsJlIRBVA3Gvu8Rd/yhs5Ji22nmruXbr0M3
OeY4BYSyakiL74KT4E3REEbADypCW4MCAwEAAaNXMFUwDwYDVR0TAQH/BAUwAwEB
/zATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
FOnrUSRTp4F0Fs33LZTPAPqUrS2kMA0GCSqGSIb3DQEBCwUAA4IBAQB9hk5Yw+jZ
4fbZrYVhmARu41w8C9wqwyAa/nq99M77pLz0h11Gf98/nsLZylTFdrBHdGGlFmma
yeWcLf9d/ulPynYNqHysIZLEQxP7xMhtTkwAbHMTh6sqFVberZIx9hE0YuICDGRx
+AiCM+3Jbiaau/bY0iEkTOz/HIEjx53iScrFQwe680wlTHoGD2hgygAN/NEGmoEl
rMG4Y/Gp59mWgcK6TzRraihIPdGJeUI8YYs0azOiXIUcfHQbDFflTO/aZgCzrTNJ
jcwrfsgyuJZaNGJ2vTQWvhiIMPr7zULMtADLUlrs3qqN1HpKF33PyRhVUZ5DPq6v
BjUcHj5ohyWE
-----END CERTIFICATE-----

The cert was issued with mitmproxy.

mitmdump --version
Mitmproxy: 10.0.0
Python:    3.11.4
OpenSSL:   OpenSSL 3.1.2 1 Aug 2023
Platform:  macOS-13.5-arm64-arm-64bit

Not sure what it means of if its related to the tool. If it isnt related, please close this issue.

Run with python3 will get error: invalid decimal literal

My default python env is python3:

/usr/bin/env python
# Python 3.10.0

Maybe this should be work:

/usr/bin/env python2

This is my errors:

❯ ./iosCertTrustManager.py -t ./TrustStore.sqlite3 -e ~/foo.crt
  File "/xxx/Downloads/ADVTrustStore-master/./iosCertTrustManager.py", line 281
    length = 0L
             ^
SyntaxError: invalid decimal literal

Would it be possible to automatically enable the certs?

Hello,

Thanks for this amazing tool! It saved me a lot of time configuring multiple simulators.

I was wondering why is it necessary to manually enable each cert in the Settings app? Is there a way to go around this?

There must be a file somewhere on the system where these cert settings are getting persisted, and changing this file would enable the certs automatically. I couldn't locate it in the sim udid folder (~/Library/Developer/CoreSimulator/Devices/<udid>/).

Would such a feature be possible?

Doesn't import certs to iOS 8 Simulators

The iOS 8 simulator location has changed.

It is now located at ~/Library/Developers/CoreSimulator/Devices/{cryptic_hash}/data/Library/... instead of ~/Library/Application Support/iPhone Simulators/....

advtools / advtruststore Goto Github PK

advtruststore's Introduction

What is ADVTrustStore

How to use ADVTrustStore

ADVTrustStore files

Copyright and license

advtruststore's People

Contributors

Stargazers

Watchers

Forkers

advtruststore's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs