Sniff iOS11 AppStore/itunesstored/installd traffic

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Sniff iOS11 AppStore/itunesstored/installd traffic

Postby septium » Tue Sep 19, 2017 2:33 pm

Do I have any chance to sniff the new Apple Music-like AppStore without JB? Of course SSL is pinned and fake CA cert doesn't help.
septium
 
Posts: 25
Joined: Thu May 04, 2017 10:04 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby morpheus » Tue Sep 19, 2017 10:50 pm

Since iOS 11 is not publicly jailbroken, you're in a predicament. One idea that would work is to back port the app with a private DYLD shared cache (from 11) into iOS 10.x which is jailbroken, and then inject into it.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Wingzero » Wed Sep 20, 2017 12:09 pm

where can we find the cache? I am sucking on this too
Wingzero
 
Posts: 34
Joined: Thu Jul 27, 2017 2:35 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Siguza » Wed Sep 20, 2017 1:45 pm

(rootFS.dmg)/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Wingzero » Wed Sep 20, 2017 10:55 pm

Siguza wrote:(rootFS.dmg)/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64

this is not published right?
Wingzero
 
Posts: 34
Joined: Thu Jul 27, 2017 2:35 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Siguza » Thu Sep 21, 2017 11:22 am

Sure it is. Just grab your favourite IPSW from iOS 10 or later (or if before, make sure decryption keys exist) and the rootFS will be the largest .dmg in the IPSW (usually between 1.5 and 2.2GB). If encrypted, note that the key is not the same as a password - I suggest vfdecrypt in that case. But from iOS 10 and later you should be able to just mount it (unless it's an APFS dmg and you're on El Capitan or lower, which has no APFS support).

Alternatively, you can extract the cache from OTAs... always unencrypted and no HFS/APFS to deal with whatsoever.
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Wingzero » Thu Oct 19, 2017 2:37 am

Siguza wrote:Sure it is. Just grab your favourite IPSW from iOS 10 or later (or if before, make sure decryption keys exist) and the rootFS will be the largest .dmg in the IPSW (usually between 1.5 and 2.2GB). If encrypted, note that the key is not the same as a password - I suggest vfdecrypt in that case. But from iOS 10 and later you should be able to just mount it (unless it's an APFS dmg and you're on El Capitan or lower, which has no APFS support).

Alternatively, you can extract the cache from OTAs... always unencrypted and no HFS/APFS to deal with whatsoever.

Hello there, I don't get why using the dyld cache here? Could you explain some? Or if @mopheous could help? And where to get the OTA file to download? Thanks
Wingzero
 
Posts: 34
Joined: Thu Jul 27, 2017 2:35 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby darkknight » Thu Oct 19, 2017 3:11 am

Wingzero wrote:
Siguza wrote:Sure it is. Just grab your favourite IPSW from iOS 10 or later (or if before, make sure decryption keys exist) and the rootFS will be the largest .dmg in the IPSW (usually between 1.5 and 2.2GB). If encrypted, note that the key is not the same as a password - I suggest vfdecrypt in that case. But from iOS 10 and later you should be able to just mount it (unless it's an APFS dmg and you're on El Capitan or lower, which has no APFS support).

Alternatively, you can extract the cache from OTAs... always unencrypted and no HFS/APFS to deal with whatsoever.

Hello there, I don't get why using the dyld cache here? Could you explain some? Or if @mopheous could help? And where to get the OTA file to download? Thanks


See the iPhone wiki -> https://www.theiphonewiki.com/wiki/Firmware
OTA -> https://ipsw.me/
darkknight
 
Posts: 66
Joined: Mon Apr 18, 2016 10:49 pm

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Wingzero » Thu Oct 19, 2017 12:57 pm

darkknight wrote:
Wingzero wrote:
Siguza wrote:Sure it is. Just grab your favourite IPSW from iOS 10 or later (or if before, make sure decryption keys exist) and the rootFS will be the largest .dmg in the IPSW (usually between 1.5 and 2.2GB). If encrypted, note that the key is not the same as a password - I suggest vfdecrypt in that case. But from iOS 10 and later you should be able to just mount it (unless it's an APFS dmg and you're on El Capitan or lower, which has no APFS support).

Alternatively, you can extract the cache from OTAs... always unencrypted and no HFS/APFS to deal with whatsoever.

Hello there, I don't get why using the dyld cache here? Could you explain some? Or if @mopheous could help? And where to get the OTA file to download? Thanks


See the iPhone wiki -> https://www.theiphonewiki.com/wiki/Firmware
OTA -> https://ipsw.me/

Thanks so much! I have downloaded OTA of iOS 11. However, I search through it, but cannot find dyld_shared_cache?

Never mind, I found them in the full ipsw package (not signed)
Wingzero
 
Posts: 34
Joined: Thu Jul 27, 2017 2:35 am

Re: Sniff iOS11 AppStore/itunesstored/installd traffic

Postby Siguza » Thu Oct 19, 2017 2:57 pm

Wingzero wrote:Hello there, I don't get why using the dyld cache here?

Uhh... because?:

Wingzero wrote:where can we find the cache?
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Next

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest

cron