def clutch():
clutch_app_id = 0
clutch_success = False
client = data.client
clutch_i = Utils.cmd_block(client, 'Clutch -i')
for line in clutch_i.split('\n'):
if data.app_bundleID in line:
break
clutch_app_id += 1
if clutch_app_id:
Utils.printy('the application is encrypted, use Clutch to decrypt', 0)
# clean the decrypted ipas already done by clutch
cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa'
Utils.cmd_block(client, cmd)
cmd = 'rm -rf /var/tmp/clutch/*'
Utils.cmd_block(client, cmd)
# Only dump binary files from the specified bundleID
cmd = 'Clutch -b ' + str(clutch_app_id)
out = Utils.cmd_block_limited(client, cmd, 600)
dumped_file = Utils.cmd_block(client, 'ls /var/tmp/clutch/*/').split()
if data.app_bundleID in dumped_file:
clutch_success = True
dir = Utils.cmd_block(client, 'ls -H /var/tmp/clutch/').strip()
source = '{path}/{bundle_id}/{binary}'.format(
path='/var/tmp/clutch/{}'.format(dir),
bundle_id=data.metadata['bundle_id'],
binary=data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(source)
if not clutch_success:
Utils.printy(
'Failed to clutch! Try to dump the decrypted app into a file. ',
2)
clutch_success = DumpDecrypted.dump_binary()
return clutch_success
else:
Utils.printy(
'Failed to Clutch. Get the binary might be encrypted. Static Analysis may fail.',
4)
data.static_file_path = bin_get.via_sftp(data.metadata['binary_path'])
return True
def clutch(self):
client = data.client
clutch_i = Utils.cmd_block(client, 'clutch -i')
pat = re.compile(r'.+<(.+)>')
clutch_app_id = -1
for line in clutch_i.split('\n'):
m = pat.match(line)
if m:
if m.group(1) == data.app_bundleID:
clutch_app_id = int(line.split(':')[0])
if clutch_app_id != -1:
Utils.printy(
'the application is encrypted, and use clutch to decrypt', 0)
# clean the decrypted ipas already done by clutch
cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa'
Utils.cmd_block(client, cmd)
self.status = "clutching"
# Only dump binary files from the specified bundleID
cmd = 'clutch -b ' + str(clutch_app_id)
out = Utils.cmd_block(client, cmd)
pat = re.compile(r'.+Finished.+to (.+)\[0m')
for line in out.split('\n'):
m = pat.match(line)
if m:
# print m.group(1)
source = '{path}/{bundle_id}/{binary}'.format(
path=m.group(1),
bundle_id=data.metadata['bundle_id'],
binary=data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(source)
self.status = "done"
# if self.status != "done":
# Utils.printy('Failed to clutch! Try to dump the decrypted app into a file. ', 2)
# self.status = DumpDecrypted.dump_binary()
else:
# print 'the application is not encrypted'
data.static_file_path = bin_get.via_sftp(
data.metadata['binary_path'])
def dump_binary():
target_doc_path = data.metadata['data_directory'] + '/Documents'
target_doc_file = target_doc_path + '/dumpdecrypted.dylib'
Utils.sftp_put(ip=config.mobile_ip,
port=config.ssh_port,
username=config.mobile_user,
password=config.mobile_password,
remote_path=target_doc_file,
local_file='./tools/dumpdecrypted.dylib')
target_bin_path = data.metadata['binary_path']
dump_cmd = 'DYLD_INSERT_LIBRARIES={} {}'.format(target_doc_file,
target_bin_path)
Utils.cmd_block(data.client, dump_cmd)
# get decrypted file from iphone
remote_file = './{}.decrypted'.format(data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(remote_file)