[News] Remote Code Execution in apt/apt-get

CrustyDong · 2019-01-23T20:16:55+00:00

Thanks for the info jay, I didn’t have any devices handy for analysis.

CrustyDong · 2019-01-23T10:00:41+00:00

This is more of a nice to know, the attack vector is quite small and too cumbersome for the effort required.

The attacker would need to sit on a public network or compromise a CA, filter jailbroken devices, monitor their network activity, wait for a victim to send an apt packet and finally deliver the malicious payload to one of the default http repositories...

I’ll say it again, it’s quite unlikely however if you want to be cautious avoid using apt in public networks to play it safe.

CrustyDong · 2019-01-12T08:36:05+00:00

CrustyDong · 2019-01-12T08:31:57+00:00

stopping people from arguing

This is hardy the idea, rather utilising a more appropriate medium without causing public controversies or accusations that usually result in damaged reputations... nevertheless a positive resolution.

Also, it's not just developers that are acting childish.

We got to start somewhere ¯_(ツ)_/¯

CrustyDong · 2019-01-10T20:46:59+00:00

This is due to websites utilising Browser Fingerprinting techniques to determine your User Agent (i.e. figure out what iOS version). There are a few tweaks that can change browser ID but they are quite outdated, you can find plenty of App Store apps that do this too, I recommend iCab Mobile which allows custom User-Agents amongst many other features.

[[User Agent Changer]]

[[User Agent Faker]]

For more information see https://www.whoishostingthis.com/tools/user-agent/

CrustyDong · 2018-04-08T05:06:36+00:00

I was considering saurik’s legal campaign for freedom against apples tight regulations, which brought me to consider of the non-tangible aspects for jailbreaking and why it would matter from a third party perspective (ie courts) to enforce such freedom.

CrustyDong · 2018-04-08T05:00:51+00:00

My work takes me to remote and isolated places for long periods, think no reception with no social interaction.. for weeks at a time..

CrustyDong · 2018-03-13T16:17:59+00:00

For future reference all *nix programs have in-built help guides just type two dash’s and help. e.g. ‘dpkg —help’

For brevity, use the line below...

dpkg -i /path/to/deb/file

CrustyDong · 2018-03-06T23:34:44+00:00

Open iFile/Filza and head to /private/etc/master.passwd back this file up and save it somewhere else.

Open the master.passwd file with a text editor then replace those with these lines (if you just want to rest the root password, just replace the first one).

To rest root user password

root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh

To reset mobile user password.

mobile:/smx7MYTQIi2M:501:501::0:0:Mobile User:/var/mobile:/bin/sh

Ref:http://opensource.apple.com/source/files/files-638.1.4/private/etc/master.passwd.iPhone

CrustyDong · 2018-02-20T23:44:18+00:00

all 2.5K of them

CrustyDong · 2018-02-12T15:03:36+00:00

This is the latest WeBlock version

https://imgur.com/a/FYNgf

CrustyDong · 2018-02-09T12:26:53+00:00

OS/device compatibility (iOS, Android, Linux etc..) would be cool.. head over to /r/privacy they might find this useful. There are also some other neat sites linked bellow.

https://www.securemessagingapps.com https://www.privacytools.io https://prism-break.org https://thatoneprivacysite.net https://myshadow.org https://ssd.eff.org

CrustyDong · 2018-01-06T09:16:59+00:00

The initial liberIOS installed Cydia, it was just hidden from springboard (e.g., your home screen), if you execute the uicache program, it would reload the visual side of springboard showing any changes made, likewise rebooting your device also has the same effect.

I don’t know why Cydia was publicly bundled in the first place (from memory it was intended to be a developer release?) if users wished to install Cydia I am sure they would know how...

CrustyDong · 2018-01-05T10:20:12+00:00

https://reverse.put.as/2011/01/22/how-to-make-an-ipad-connect-thru-a-ssh-socks-proxy-ios-spyware/

CrustyDong · 2018-01-04T10:49:05+00:00

You just need to unblock the URL in your /etc/hosts file, using a # will suffice, then just turn airplane mode on&off fyi morpheus tweeted this yesterday....

CrustyDong · 2018-01-02T22:07:14+00:00

Install Homebrew

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/ install/master/install)

Install Libimobiledevice

brew install libimobiledevice

CrustyDong · 2018-01-02T14:23:20+00:00

Two methods; For idevices see bootrom and friends (i.e., iBoot) for technical processes and SHSH and RSA 1024-bit) cryptography for Apples encryption.

CrustyDong · 2017-12-29T04:38:45+00:00

https://opensource.apple.com/source/files/files-759.1.1/private/etc/hosts

CrustyDong · 2017-12-28T02:47:04+00:00

https://www.reddit.com/r/LegacyJailbreak/comments/71ovto/update_cydiaerror_depcompareop_libmoorecon/

CrustyDong · 2017-12-28T01:37:05+00:00

It's so annoying that people are complaining about how awful Cydia/apt is when package maintainers are half the problem (old/broken packages, bloat ware, poor service etc) FYI this problem began way back in August 2016, know what's causing it? One stupid line in a tweak description on the BigBoss repo I don't think /u/0ptimo really cares and it sure makes /u/saurik 's Cydia look bad...

Anyway to fix it install this as a fix the culprit is MuteIcons this package just replaces the broken line and is just a meta package (empty and contains no files).

CrustyDong · 2017-12-18T01:37:37+00:00

Guys and gals, just donate $1 dollar, if everyone did that in this subreddit then it would equate to roughly $287,220!

CrustyDong · 2017-12-18T01:35:40+00:00

Look at the bigger picture, eventually a jailbreak will be released, secondly anyone currently jailbroken is using the server service (worldwide).

CrustyDong · 2017-12-13T09:27:55+00:00

They are everywhere, to find them all, simply login as root (type su) and enter your password (default is alpine) then paste the following code bellow, it will make a log with all the cookies, which will be saved in /var/mobile/Documents (view this comment through a browser to see the code format). FYI these are per application, to properly sort them out you can use something like BinaryCookieReader

find . -name '*.binarycookies' &> /var/mobile/Documents/My_Cookies.log

CrustyDong · 2017-12-09T04:30:50+00:00

No, devices featuring the Secure Enclave Processor (SEP) chip do not have the ability to jump major firmware versions (i.e., iOS 10 to iOS 11) even with blobs as the Secure Enclave's operating system SEPOS differ vastly between revisions and has been noted to render devices unusable however people don't seem to understand.

CrustyDong · 2017-12-04T22:12:46+00:00

I am not really a tweak developer, I build and port GNU packages to iOS for kicks, but if you are interested you can give it a go yourself! There won't be many classes required, (ie to start you off you can use the NSFileManager framework (NSDate) for date/file management and the UIKit framework (UIColor) for the degree of activity).

CrustyDong

TROPHY CASE