Please help to add support for iOS11 about ssl-kill-switch2 HOT 25 CLOSED

here ssl-kill for iOS11 JB https://github.com/mwpcheung/ssl-kill-switch2

from ssl-kill-switch2.

@bakzeit thanks for the quick reply! Which app are you testing the pinning on? Twitter? TrustKit? I would love to try to reproduce.

I spent some time building and loading kill switch myself, ran it through a debugger and stepped through the network calls. In the invalid cert case, I watched it return from boringssl without even touching the helper function hook in the PR and failing. There was one odd time that I did see it properly MITM out of 10+ requests but I wasn't able to reproduce it.

from ssl-kill-switch2.

Yeah, it would be awesome to use it on iOS 11.

from ssl-kill-switch2.

There's a problem with this upgrade. I'm not doing it well. I have a version that I can work here. Need to contact me QQ 2011229763 or [email protected].

from ssl-kill-switch2.

@mwpcheung sorry .. just asking do u have a build for ios 11 support or do i need to compile it? ( im not familiar from compiling sources )
thnx

from ssl-kill-switch2.

@bakzeit I added a compiled version at https://github.com/nabla-c0d3/ssl-kill-switch2/releases but I do not have an iOS 11 device to test it. Can you test it and let me know if it works? Thanks!

from ssl-kill-switch2.

@nabla-c0d3 yes it works ..
but people need to install then reboot and jailbreak again to make it work ..
if youn dont reboot it wont work from first time install
thnx for the great work bro ;)

from ssl-kill-switch2.

from ssl-kill-switch2.

MacOS Charles v4.2.5 works well

from ssl-kill-switch2.

@mwpcheung But I found that it can't work for all https packets well in App Store. Some requests are okay, but others are not.

from ssl-kill-switch2.

@mwpcheung @bakzeit

Can you explain how it works?

1. iOS major/minor version
2. Electra version
3. Steps to Reproduce

from ssl-kill-switch2.

@McFlurriez
iOS 11.1.1 iPhone SE Electra 1.0.1
Killing the Process Via SSH wont work with me .. just i restart the device and re-jailbreak works fine for me ..
and thats seems weird since restarting the process will act as restarted the device .. but seems electra injection failed on the killing the process and works fine when i restart device and re-jailbreak .. idk why im not expert in this

from ssl-kill-switch2.

@McFlurriez Would u please give us the test case ?

from ssl-kill-switch2.

Closing this as it was confirmed that the tweak works on iOS 11. Some apps have customized how they do SSL pinning and SSL Kill Switch won't work on them (#13 , #39).

from ssl-kill-switch2.

Doesn't work for me on Electra 1.0.4 + iOS 11.1. Appstore doesn't load at all. DB Navigator works sometimes. Both work on an iOS10 device however. I killed the SpringBoard and even rebooted the device + rejailbreak.

from ssl-kill-switch2.

@ceriumx64 thanks. The Certificate for the Mallory was already trusted, however not bettercap. But both didn't work. I'll give it another shot.

Edit: Bettercap now seems to work. Now's the question why isn't mallory(yeah I know, but I have to use it for now)not working.

from ssl-kill-switch2.

@ceriumx64 I'm well aware that native pinning is a different beats ;) The question is why my other mitm doesn't work on the same apps that work on bettercap. Probably something at my end. Thanks everyone helping to get this working!

Edit: I figured out why bettercap worked and mallory not. iOS11 changes the RSA keys size. anything shorter than 2048 doesn't work anymore.

from ssl-kill-switch2.

Does the SSL Kill Switch 2 preference show up in settings on iOS 11 for you guys (with PreferenceLoader installed)?

from ssl-kill-switch2.

@blunden Not for me too.

SSLSwitchKill doesn't works for me, Electra 1.04, iOS 11.1.2.
PreferenceLoader and Substitute installed but no logs from ssl-switch-kill. Tried to remove preferences code and always enable ssl-switch-kill but no affect.

Testing on Safari, tried to open google.com, iPhone has wifi proxy settings. Works excellent on iOS10.

Please tell me what i'm doing wrong...

from ssl-kill-switch2.

@blunden I had the same issue with one of my iOS11 devices. I fixed it with moving TweakInject in /Library to a backup. Then ln -s '/Library/MobileSubstrate/DynamicLibraries' to /Library. Renamed it to TweakInject. Respring and it worked. Hope this helps. I think that's an issue coming from a beta of Electra.

from ssl-kill-switch2.

Found this:
May 22 18:15:17 iPhone-Aleksej-Kis Mixtiles(TweakInject.dylib)[1305] <Notice>: Injection failed: 'dlopen(/Library/TweakInject/SSLKillSwitch2.dylib, 9): no suitable image found. Did find: /Library/TweakInject/SSLKillSwitch2.dylib: file system sandbox blocked mmap() of '/Library/TweakInject/SSLKillSwitch2.dylib''

What does it mean?

from ssl-kill-switch2.

@MuchiMuchiPink Yes, the issue was that the libraries were in the wrong directory. Curiously, a collegue had one phone where they ended up in the right place automatically but on 2 other phones we had that same issue.

It also took a few tries to get it working without running into the issue @truewebber runs into. Unfortunately I know know what we did differently that time. Reinstalling PreferenceLoader and SSL KillSwitch2 followed by copying the files from /Library/MobileSubstrate/DynamicLibraries to /Library/TweakInject/ did the trick. Doing it with the symlink as you described made it show up but it didn't actually work.

Still, it doesn't work as well as it did in previous iOS versions. Some requests still fail while others work so there seems to be an issue with either TweakInject or SSLKillSwitch2 still.

from ssl-kill-switch2.

@blunden yeah, I guess I got the symlink wrong. On a device where it worked right away, both TweakInject and DynamicLibraries, point to /usr/lib/TweakInject instead. Thanks for the feedback, gonna fix my device asap.

from ssl-kill-switch2.

hi, i use electra jailbreak on a iphone 6 device with 11.1.2 ios. i installed com.nablac0d3.sslkillswitch2_0.12.deb and kill switch was not shown in the menu. then i copied cp /Library/MobileSubstrate/DynamicLibraries/* /Library/TweakInject/ and it did also not show in the menu. then i re-installed preferenceloader in cydia as mentioned above and it works. killswitch is in the preferences and works fine for me now. i did "killall -HUP SpringBoard" after each command. don't know if thats needed. at the end its running. thanks to all here posting suggestions!

from ssl-kill-switch2.

from ssl-kill-switch2.