Not working with Checkra1n jailbreak on iOS 13
Closed this issue · 17 comments
Device: iPhone 7
OS: iOS 13.1
JB: Checkra1n beta 0.9.1
Once an app is hooked with SSLKillSwitch, all apps crash until the tweak is removed.
I have the same problem.
Device: iPhone 7
OS: iOS 13.2.2
JB: Checkra1n beta 0.9.2
Same with checkra1n beta 0.9.3
Logs show:
=== SSL Kill Switch 2: Preference set to 1.
=== SSL Kill Switch 2: Substrate hook enabled.
=== SSL Kill Switch 2: iOS 12 detected; hooking SSL_CTX_set_custom_verify() and SSL_get_psk_identity()...
=== SSL Kill Switch 2: Entering replaced_SSL_CTX_set_custom_verify()
and in more detail:
default 14:35:19.174245 -0800 === SSL Kill Switch 2: Entering replaced_SSL_CTX_set_custom_verify()
default 14:35:19.174346 -0800 nw_flow_connected [C1.1 IPv4#d47d49db:8087 in_progress channel-flow (satisfied (Path is satisfied), interface: en0, ipv4, dns)] Transport protocol connected
default 14:35:19.175097 -0800 boringssl_context_set_handshake_config(1472) [0x1064492c0] set tls_handshake_config_standard
default 14:35:19.175148 -0800 boringssl_context_set_min_version(326) [0x1064492c0] set 0x0301
default 14:35:19.175231 -0800 boringssl_context_set_max_version(310) [0x1064492c0] set 0x0304
default 14:35:19.175297 -0800 boringssl_context_set_cipher_suites(844) [0x1064492c0] Ciphersuite string: AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
default 14:35:19.175405 -0800 boringssl_context_set_remote_address(2556) [0x1064492c0] Saving remote IPv4 address
default 14:35:19.175563 -0800 boringssl_session_install_association_state(1289) [0x1064492c0] Client session cache miss
default 14:35:19.175675 -0800 boringssl_session_set_peer_hostname(1181) [0x1064492c0] SNI <private>
default 14:35:19.175729 -0800 boringssl_context_set_min_version(326) [C1.1:4][0x1064492c0] set 0x0303
default 14:35:19.175782 -0800 boringssl_context_set_session_ticket_enabled(441) [C1.1:4][0x1064492c0] set false
default 14:35:19.175832 -0800 boringssl_context_set_false_start(411) [C1.1:4][0x1064492c0] set false
default 14:35:19.175884 -0800 boringssl_context_set_enforce_ev(401) [C1.1:4][0x1064492c0] set false
default 14:35:19.175936 -0800 boringssl_context_set_ats_enforced(1312) [C1.1:4][0x1064492c0] set false
default 14:35:19.175988 -0800 boringssl_context_set_ats_minimum_rsa_key_size(1321) [C1.1:4][0x1064492c0] set 0
default 14:35:19.176030 -0800 boringssl_context_set_ats_minimum_ecdsa_key_size(1330) [C1.1:4][0x1064492c0] set 0
default 14:35:19.176082 -0800 boringssl_context_set_ats_minimum_signature_algorithm(1340) [C1.1:4][0x1064492c0] set 0
error 14:35:19.176132 -0800 send failed: Invalid argument
I have the same problem.
Device: iPhone SE
OS: iOS 13.1.2
JB: Checkra1n beta 0.9.2
@nabla-c0d3 Are you planning support for iOS 13?
Hi, until @nabla-c0d3 release next update, try this one and let me know if it works for you so i can share the code
--
for me it works well on ios13:
I think it is the bug of substrate or Checkra1n.
The exception type is EXC_BAD_INSTRUCTION. When I look at the crash site the instruction is "LDR X8, [X0,#8]" which is the first instruction of function "SSL_set_custom_verify". The substrate will replace this instruction for hooking and cause the exception. You may use fishhook instead.
Hi, until @nabla-c0d3 release next update, try this one and let me know if it works for you so i can share the code
com.nablac0d3.sslkillswitch2_0.13-16+debug_iphoneos-arm.deb
for me it works well on ios13:
This sir, works like a charm!
Hi, until @nabla-c0d3 release next update, try this one and let me know if it works for you so i can share the code
com.nablac0d3.sslkillswitch2_0.13-16+debug_iphoneos-arm.deb
for me it works well on ios13:
Thank you very much!!!
It work for me.
Love you :D
so i can share the code
Looking forward to seeing the PR for iOS 13 support
@anaseqal thanks a lot! For now my frida-scripts still work :) But I can't test your deb because I'm on vacation right now, but close this anyways seeing it does for others.
I will leave this open until I’ve made an “official” release. Until then it sounds like @anaseqal ’s PR will work fine.
Is working pretty good, i have another ask is posible make a version that after install in system from whatever way. will be enabled auto in system without had to Switch On in Settings, asuming all risks of curse, thanks you anyways
so i can share the code
Looking forward to seeing the PR for iOS 13 support
Released as part of v0.14. Thanks for the help!
How do I remove the tweak, sadly I don't have SSH access
not working on 13.6.1 jb using checkrain
How do I remove the tweak, sadly I don't have SSH access
You need to turn off WLAN and turn on Flight Mode
How do I remove the tweak, sadly I don't have SSH access
You need to turn off WLAN and turn on Flight Mode
Did you got it working on iOS 13.6.1 because when i proxy the traffic apps having ssl pining enabled keeps on crashing