pinauten / cryptexmanager Goto Github PK

15.0 5.0 5.0 14 KB

CryptexManager is an open-source replacement for cryptexctl

License: MIT License

Swift 100.00%

cryptexmanager's Introduction

CryptexManager

CryptexManager is an open-source replacement for cryptexctl. It supports creating, signing, installing, uninstalling and listing cryptexes.

Building

First, make sure libimobiledevice is installed (brew install libimobiledevice). Afterwards, it should be sufficient to run swift build -c release -Xlinker -L$(brew --prefix)/lib -Xcc -I$(brew --prefix)/include. The executable can then be found at .build/release/CryptexManager.

Using

For now, just run CryptexManager without arguments to see the usage.

Using in a Makefile

To use CryptexManager instead of cryptexctl in a Makefile (assuming you're using the example Makefile provided by Apple), replace the install/uninstall actions with this:

# Uninstall the cryptex from the device
.PHONY: uninstall
uninstall:
	@$(call log, Removing ${CRYPTEX_ID} from device: ${CRYPTEXCTL_UDID})
	$(call check_path, CryptexManager, "CryptexManager is not on your path. Please make sure it is installed.")
	CryptexManager -u ${CRYPTEXCTL_UDID} list
	CryptexManager -u ${CRYPTEXCTL_UDID} uninstall ${CRYPTEX_ID}
	CryptexManager -u ${CRYPTEXCTL_UDID} list

# Install the cryptex onto the device
.PHONY: install
install: ${CRYPTEX_PATH}
	@$(call log, Installing ${CRYPTEX_PATH} onto device: ${CRYPTEXCTL_UDID})
	$(call check_path, CryptexManager, "CryptexManager is not on your path. Please make sure it is installed.")
	CryptexManager -u ${CRYPTEXCTL_UDID} uninstall ${CRYPTEX_ID} || true
	CryptexManager -u ${CRYPTEXCTL_UDID} install ${CRYPTEX_PATH} || log_die "Failed to install cryptex... Is your device '${CRYPTEXCTL_UDID}' connected?" $?
	CryptexManager -u ${CRYPTEXCTL_UDID} list

Additionally, replace the create rule with this:

# Create the cryptex from the disk image containing the distribution root
${CRYPTEX_PATH}: ${CRYPTEX_DMG_NAME}
	@$(call log, Creating cryptex ${CRYPTEX_PATH} - ${CRYPTEX_VERSION} from the disk image ${CRYPTEX_DMG_NAME})
	$(call check_path, CryptexManager, "CryptexManager is not on your path. Please make sure it is installed.")
	CryptexManager -u ${CRYPTEXCTL_UDID} create -i ${CRYPTEX_ID} -v ${CRYPTEX_VERSION} ${CRYPTEX_DMG_NAME} ${CRYPTEX_ROOT_DIR} ${CRYPTEX_PATH}

cryptexmanager's People

Contributors

Stargazers

Watchers

Forkers

dlevi309 turlodales m1zole

cryptexmanager's Issues

SUMMARY: macOS 12.2 (21D49) | 19E5209h | SRD iPhone 12 | an unhandled exception occured: iDeviceError.unknown(errorCode: -21)

Hello!

Thank you again for the Release of Cryptex Manager. The personalization, installation and uninstallation for the SRD iPhone 11 Model works well.

This Report is specific to the SRD iPhone 12 Model when using an X86_64 Host with macOS 12.2 (21D49) with IPSW iPhone13,2,iPhone13,3_15.4_19E5209h_Restore.ipsw [Beta iOS 15.4].

Here are the reproduction steps: The same process as you described in #1

For the SRD iPhone 12, here is what is seen for the create step:

.build/x86_64-apple-macosx/release/CryptexManager create -i com.example.cryptex -v 1.3.3.7  ~/security-research-device-main/example-cryptex/srd-universal-cryptex.dmg /Volumes/com.example.cryptex.dstroot /tmp/cptx
Building trust cache: Done!
An unhandled exception occured:
iDeviceError.unknown(errorCode: -21)

As noted, the SRD iPhone 11 with Cryptex Manager works perfect.

% .build/x86_64-apple-macosx/release/CryptexManager create -i com.example.cryptex -v 1.3.3.7  ~/security-research-device-main/example-cryptex/srd-universal-cryptex.dmg /Volumes/com.example.cryptex.dstroot /tmp/cptx
Building trust cache: Done!
Generating signature: Done!
Writing cptx: Done!
% .build/x86_64-apple-macosx/release/CryptexManager  install /tmp/cptx
Successfully installed cryptex!
% cryptexctl list
com.example.cryptex
  version = 1.3.3.7
  device = /dev/disk2s1
  mount point = /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T

With successful ssh to the SRD iPhone 11 Device:

uname -a
Darwin SRD0009 21.4.0 Darwin Kernel Version 21.4.0: Sun Jan 16 20:50:39 PST 2022; root:xnu-8020.100.406.0.1~10/RELEASE_ARM64_T8030 iPhone12,1 Toybo

Occasionally, I've seen CryptexManager throw, specific to iPhone 12:

.build/x86_64-apple-macosx/release/CryptexManager  install /tmp/cptx
Oops, this doesn't seem to be a Security Research Device!

Device Verification

cryptexctl device list
udid                           name       build      BORD       CHIP       ECID
00008101-001418DA3CC0013A      SRD0009     19E5209h   0xc        0x8101     0x1418da3cc0013a
00008030-001538D03C40012E     SRD0037     19E5209h   0x4        0x8030    0x1538d03c40012e

Just stumbled across this Issue while writing up xsscx/srd#15

Please let me know if I can provide additional information towards a fix.

Thank You

Request for Help to build CryptexManager on M1

Hello! After some manual attempts, I'm unsuccessful at building for arm64. Can you offer the correct steps for a successful M1 build for CryptexManager?

Using Source https://github.com/pinauten/CryptexManager on M1 T8101 with Details:

kern.version: Darwin Kernel Version 21.4.0: Mon Feb 21 20:36:53 PST 2022; root:xnu-8020.101.4~2/RELEASE_ARM64_T8101
kern.osversion: 21E230
kern.iossupportversion: 15.4
kern.osproductversioncompat: 10.16
kern.osproductversion: 12.3
kern.osproductversioncompat: 10.16
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
Apple clang version 13.1.6 (clang-1316.0.21.2)
Target: arm64-apple-darwin21.4.0
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Darwin Cryptex Management Interface Version 2.0.0: Tue Jan 25 23:53:01 PST 2022; root:libcryptex_executables-170.100.20~29/cryptexctl/WEN_ETA_ARM64E
machdep.cpu.brand_string: Apple M1
System Integrity Protection status: enabled
swift-driver version: 1.45.2 Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
Target: arm64-apple-macosx12.0

Reproduction

Here are my reproduction steps using M1 T8101:

Step 1:

brew reinstall --build-from-source ideviceinstaller libimobiledevice
==> Reinstalling ideviceinstaller
==> ./configure --prefix=/opt/homebrew/Cellar/ideviceinstaller/1.1.1
==> make install
🍺  /opt/homebrew/Cellar/ideviceinstaller/1.1.1: 8 files, 102.1KB, built in 10 seconds
..
🍺  /opt/homebrew/Cellar/libimobiledevice/1.3.0: 72 files, 1.5MB, built in 11 seconds
==> Running `brew cleanup libimobiledevice`...

Step 2: Attempt to Build CryptexManager on M1 T8101 with command line:

swift build -c release -Xlinker -L/opt/homebrew/lib/

Build Log

swift build -c release -Xlinker -L/opt/homebrew/lib/
warning: Usage of /Users/xss/Library/org.swift.swiftpm/collections.json has been deprecated. Please delete it and use the new /Users/xss/Library/org.swift.swiftpm/configuration/collections.json instead.
Fetching https://github.com/pinauten/Swift_libimobiledevice from cache
Fetched https://github.com/pinauten/Swift_libimobiledevice (0.25s)
Fetching https://github.com/pinauten/libcryptex from cache
Fetched https://github.com/pinauten/libcryptex (0.26s)
Fetching https://github.com/pinauten/SwiftUtils from cache
Fetched https://github.com/pinauten/SwiftUtils (0.26s)
Creating working copy for https://github.com/pinauten/SwiftUtils
Working copy of https://github.com/pinauten/SwiftUtils resolved at master
Creating working copy for https://github.com/pinauten/Swift_libimobiledevice
Working copy of https://github.com/pinauten/Swift_libimobiledevice resolved at master
Creating working copy for https://github.com/pinauten/libcryptex
Working copy of https://github.com/pinauten/libcryptex resolved at master
Building for production...
<module-includes>:1:9: note: in file included from <module-includes>:1:
#import "libimobiledevice.h"
        ^
/Users/xss/Downloads/CryptexManager-master/.build/checkouts/Swift_libimobiledevice/Sources/Clibimobiledevice/libimobiledevice.h:12:10: error: 'libimobiledevice/libimobiledevice.h' file not found
#include <libimobiledevice/libimobiledevice.h>
         ^
/Users/xss/Downloads/CryptexManager-master/.build/checkouts/Swift_libimobiledevice/Sources/Swift_libimobiledevice/AFC.swift:10:8: error: could not build Objective-C module 'Clibimobiledevice'
import Clibimobiledevice
       ^

File Info from Errors

ls -al /Users/xss/Downloads/CryptexManager-master/.build/checkouts/Swift_libimobiledevice/Sources/Clibimobiledevice/libimobiledevice.h
-r--r--r--  1 xss  staff  477 Mar 17 10:17 /Users/xss/Downloads/CryptexManager-master/.build/checkouts/Swift_libimobiledevice/Sources/Clibimobiledevice/libimobiledevice.h

ls -la /opt/homebrew/lib/libimobiledevice-1.0.
libimobiledevice-1.0.6.dylib@  libimobiledevice-1.0.a@        libimobiledevice-1.0.dylib@

Summary

Have made no progress after some manual edits and wanted to ask for the correct steps to success to build CryptexManager on M1 T8101.

Thank You

SRD | 21A559 | macOS12.0.1 | X86_64 | 19C5026i | CryptexManager | unsuitable CT policy 0 for this platform/device, rejecting signature

Hello!

I'm using an X86_64 with macOS 12.0.1 and iPhone11,8,iPhone12,1_15.2_19C5026i_Restore.ipsw on the SRD.

I got everything working up to the point of the cryptex not launching when using CryptexManager from X86_64 on macOs 12.0.1. Without flooding this Issue with Console Output, can you confirm that cryptex personalization is working with this current Release of Cryptex Manager when using macOS 12.0.1 from X86_64?

Of course, the issue could be operator error, let me know your thoughts.

Thanks!

I'm using this DMG: https://github.com/xsscx/srd/blob/main/dmg/19C5026i-toyboxunstripped.dmg

X86_64 Host

.build/release/CryptexManager list                                                                                                                        
com.example.cryptex:
	Version: 1.3.3.7
	Mounted at: /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.0AAhj2
	Disk image path: /private/var/run/com.apple.security.cryptexd/codex.system/live/com.example.cryptex/cpxd

SRD Console

...
unsuitable CT policy 0 for this platform/device, rejecting signature
...