Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1

published on 2022-07-08 12:30:00 UTC by Unknown
Content:


Untethered + Unsandboxed code execution haxx as root on iOS 14 - iOS 14.8.1.

Based on CoreTrustDemo, also please note that certificates are not copyrightable.


Usage

Note: requires macOS + existing jailbreak

Get up and running

  1. On your mac import dev_certificate.p12 into the keychain, and the password is password.
  2. Modify haxx.c to include your own code (if you need it).
  3. Run make to build
  4. On the device, Copy /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd to /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd.back
  5. Then replace /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd with /usr/bin/fileproviderctl
  6. Create the /private/var/haxx directory, mode should be 0777
  7. Copy fileproviderctl_internal and haxx generated from the build to /usr/local/bin on the device, mode should be 0755.
  8. Profit.

Fixing fileproviderctl

After doing the above steps, fileproviderctl will be broken, to fix it do the following steps

  1. Grab a copy of /usr/bin/fileproviderctl on your device to your mac
  2. Patch the binary with GNU sed: gsed -i 's|/usr/local/bin/fileproviderctl_internal|/usr/local/bin/fileproviderctl_XXXXXXXX|g' fileproviderctl
  3. Resign it: codesign -s "Worth Doing Badly iPhone OS Application Signing" --preserve-metadata=entitlements --force fileproviderctl
  4. Put the fixed binary back onto your device.

Removal

To remove the installation, do the following steps

  1. Copy /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd to /usr/bin/fileproviderctl
  2. Move /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd.back to /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd
  3. Delete /var/haxx, /usr/local/bin/fileproviderctl_internal as well as /usr/local/bin/haxx


Article: Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1 - published over 2 years ago.

http://www.kitploit.com/2022/07/haxx-untethered-unsandboxed-code.html   
Published: 2022 07 08 12:30:00
Received: 2022 08 08 21:50:41
Feed: PenTest and Hacking Tools - powered by FeedBurner
Source: PenTest and Hacking Tools - powered by FeedBurner
Category: News
Topic: Security Tooling
Views: 1

Custom HTML Block

Click to Open Code Editor