forked from iOSForensics/pymobiledevice
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lockdown.py
executable file
·227 lines (188 loc) · 7.89 KB
/
lockdown.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
#!/usr/bin/env python
# -*- coding: utf8 -*-
#
# $Id$
#
# Copyright (c) 2012-2014 "dark[-at-]gotohack.org"
#
# This file is part of pymobiledevice
#
# pymobiledevice is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
from plist_service import PlistService
from pprint import pprint
from ca import ca_do_everything
from util import write_file, readHomeFile, writeHomeFile
import os
import plistlib
import sys
import uuid
import platform
import time
#we store pairing records and ssl keys in ~/.pymobiledevice
HOMEFOLDER = ".pymobiledevice"
MAXTRIES = 20
class LockdownClient(object):
def __init__(self,udid=None):
self.paired = False
self.SessionID = None
self.c = PlistService(62078,udid)
self.hostID = self.generate_hostID()
self.paired = False
self.label = "pyMobileDevice"
self.c.sendPlist({"Request":"QueryType"})
res = self.c.recvPlist()
assert res["Type"] == "com.apple.mobile.lockdown"
self.udid = self.getValue("", "UniqueDeviceID")
self.allValues = self.getValue("", "")
self.UniqueChipID = self.allValues.get("UniqueChipID")
self.DevicePublicKey = self.getValue("", "DevicePublicKey")
self.identifier = self.udid
if not self.identifier:
if self.UniqueChipID:
self.identifier = "%x" % self.UniqueChipID
else:
print "Could not get UDID or ECID, failing"
raise
tries = 0
while not self.validate_pairing():
if self.pair() == False:
print "Pairing error"
tries += 1
if tries > MAXTRIES :
break
return
def generate_hostID(self):
hostname = platform.node()
hostid = uuid.uuid3(uuid.NAMESPACE_DNS, hostname)
return str(hostid).upper()
def enter_recovery(self):
self.c.sendPlist({"Request": "EnterRecovery"})
print self.c.recvPlist()
def stop_session(self):
if self.SessionID and self.c:
self.c.sendPlist({"Request": "StopSession", "SessionID": self.SessionID})
self.SessionID = None
res = self.c.recvPlist()
return res
def validate_pairing(self):
pair_record = None
certPem = None
privateKeyPem = None
if sys.platform == "win32":
folder = os.environ["ALLUSERSPROFILE"] + "/Apple/Lockdown/"
elif sys.platform == "darwin":
folder = "/var/db/lockdown/"
pair_record = plistlib.readPlist(folder + "%s.plist" % self.identifier)
if pair_record:
print "Using iTunes pair record: %s.plist" % self.identifier
certPem = pair_record["HostCertificate"].data
privateKeyPem = pair_record["HostPrivateKey"].data
else:
print "No iTunes pairing record found for device %s" % self.identifier
print "Lokking for pymobiledevice pairing record"
record = readHomeFile(HOMEFOLDER, "%s.plist" % self.identifier)
if record:
pair_record = plistlib.readPlistFromString(record)
print "Found pymobiledevice pairing record for device %s" % self.udid
certPem = pair_record["HostCertificate"].data
privateKeyPem = pair_record["HostPrivateKey"].data
else:
print "No pymobiledevice pairing record found for device %s" % self.identifier
return False
ValidatePair = {"Request": "ValidatePair", "PairRecord": pair_record}
self.c = PlistService(62078,self.udid)
self.c.sendPlist(ValidatePair)
r = self.c.recvPlist()
if not r or r.has_key("Error"):
pair_record = None
print "ValidatePair fail", ValidatePair
return False
d = {"Request": "StartSession", "HostID": pair_record.get("HostID", self.hostID)}
self.c.sendPlist(d)
startsession = self.c.recvPlist()
self.SessionID = startsession.get("SessionID")
if startsession.get("EnableSessionSSL"):
sslfile = self.identifier + "_ssl.txt"
sslfile = writeHomeFile(HOMEFOLDER, sslfile, certPem + "\n" + privateKeyPem)
self.c.ssl_start(sslfile, sslfile)
self.udid = self.getValue("", "UniqueDeviceID")
self.allValues = self.getValue("", "")
self.paired = True
return True
def pair(self):
self.DevicePublicKey = self.getValue("", "DevicePublicKey")
if self.DevicePublicKey == '':
print "Unable to retreive DevicePublicKey"
return False
print "Creating host key & certificate"
certPem, privateKeyPem, DeviceCertificate = ca_do_everything(self.DevicePublicKey)
pair_record = {"DevicePublicKey": plistlib.Data(self.DevicePublicKey),
"DeviceCertificate": plistlib.Data(DeviceCertificate),
"HostCertificate": plistlib.Data(certPem),
"HostID": self.hostID,
"RootCertificate": plistlib.Data(certPem),
"SystemBUID": "30142955-444094379208051516" }
tries = 0
while tries < MAXTRIES :
pair = {"Request": "Pair", "PairRecord": pair_record}
self.c = PlistService(62078,self.udid)
self.c.sendPlist(pair)
pair = self.c.recvPlist()
if pair and pair.get("Result") == "Success" or pair.has_key("EscrowBag"):
pair_record["HostPrivateKey"] = plistlib.Data(privateKeyPem)
if pair.has_key("EscrowBag"):
pair_record["EscrowBag"] = pair["EscrowBag"]
writeHomeFile(HOMEFOLDER, "%s.plist" % self.identifier, plistlib.writePlistToString(pair_record))
print "Pairing OK"
break
elif pair and pair.get("Error") == "PasswordProtected":
tries += 1
print "Please unlock your device and click trust in order to allow pairring. (%d/10)" % tries
self.c.close()
time.sleep(2)
else:
print "Pairing error", pair
self.c.close()
return False
self.paired = True
return True
def getValue(self, domain=None, key=None):
req = {"Request":"GetValue", "Label": self.label}
if domain:
req["Domain"] = domain
if key:
req["Key"] = key
self.c.sendPlist(req)
res = self.c.recvPlist()
if res:
r = res.get("Value")
if hasattr(r, "data"):
return r.data
return r
def startService(self, name):
if not self.paired:
print "Cannot startService %s, not paired" % name
return None
self.c.sendPlist({"Request": "StartService", "Service": name})
StartService = self.c.recvPlist()
if StartService.get("Error"):
print StartService["Error"]
return None
return PlistService(StartService["Port"])
if __name__ == "__main__":
l = LockdownClient()
n = writeHomeFile(HOMEFOLDER, "%s_infos.plist" % l.udid, plistlib.writePlistToString(l.allValues))
print "Wrote infos to %s" % n