nyamisty / ssl-kill-switch3 Goto Github PK

Next Generation SSLKillSwitch with much more support!

License: Other

Objective-C 96.12% Makefile 3.88%

ssl-kill-switch3's Introduction

SSL Kill Switch 3

Next Generation of iOS Tweak SSLKillSwitch (https://github.com/nabla-c0d3/ssl-kill-switch2) with much more functionality!

What's New?

[FIXED] Fishhook Support (iOS 15+, ARM64/ARM64e), so that you can hook in non-jailbreak era
[FIXED] Rootless Support (iOS 15+, ARM64/ARM64e), happy rootless :)
[ADDED] Hooks SecIsInternalRelease, so AppleServerAuthenticationNoPinning can be set
- see https://vtky.github.io/2021/01/05/apple-globalpreferences for more
[ADDED] Hooks to Disable Security SecTrustEvaluate series function
[ADDED] Hooks to Disable [NSURLSessionDelegate URLSession:didReceiveChallenge:completionHandler:]
[ADDED] Various bypass technique from sensepost/objection
- AFNetworking, TrustKit, Cordova SSLCertificateChecker-PhoneGap-Plugin

Usage

Grab a build from https://github.com/NyaMisty/ssl-kill-switch3/releases, or build it yourself
- Note: nightly build also available in GitHub CI
(For New Rootless Jailbreak, like Dopamine) Download +rootless deb, and open it in Sileo (or install the deb using dpkg -i), then check Settings after respring
(For Old Rootful Jailbreak, like checkra1n) Download +rootful deb, and open it in Sileo (or install the deb using dpkg -i), then check Settings after respring
(If Not Jailbroken) Use Signing tools like Sideloadly or ESign to inject the dylib into IPA and install it

Building

Note: Theos Needed! MacOS is also needed if you are building for rootless

Substrate Version (jailbreak version):

Rootful:
```
make package
ls packages
```
Rootless:
```
make package ROOTLESS=1
ls packages
```

Fishhook Version (non-jailbreak version)

Debug Version:

make FISHHOOK=1
ls .theos/obj/debug/SSLKillSwitch2.dylib

Release Version:

make FISHHOOK=1 FINALPACKAGE=1
ls .theos/obj/SSLKillSwitch2.dylib

ssl-kill-switch3's People

Contributors

Stargazers

Watchers

Forkers

akshayjaing boringapp huchundong derekselander xmamonx adm1n007 r3ggi scriptidiot benny00000 jonathanjonathanjonathan alyfreym mkll p3j0t klinklinklin vinnyvinoth jm-lemmi zionyzbot iohongwal lessica daerduotutu922 xfoxtbat eairou jiuwei95 7alva7 ventedloves wt666666 raphaelts3 ac-km hookingstuff chlitsec mark-joy rojolang mister-giga catalizcs rxbit lk26 jiayunpower athna jiazl2022 ismael034 shtuseriff iphone5s fanfan493 420646826

ssl-kill-switch3's Issues

Does the RootHide work on iOS 15, iPhone XS? Can anybody confirm?

Doesn't build?

Grabbed the code via download as .zip

Build as a ROOTFUL Substrate Tweak
==> Notice: Build may be slow as Theos isn’t using all available CPU cores on this computer. Consider upgrading GNU Make: https://theos.dev/docs/parallel-building
==> Warning: Building for iOS 9.0, but the current toolchain can’t produce arm64e binaries for iOS earlier than 14.0. More information: https://theos.dev/docs/arm64e-deployment
> Making all for tweak SSLKillSwitch2…
Build as a ROOTFUL Substrate Tweak
Build as a ROOTFUL Substrate Tweak
Build as a ROOTFUL Substrate Tweak
==> Linking tweak SSLKillSwitch2 (arm64)…
ld: warning: -multiply_defined is obsolete
ld: warning: ignoring duplicate libraries: '-lc++'
ld: building for 'iOS', but linking in dylib (/private/var/theos/vendor/lib/CydiaSubstrate.framework/CydiaSubstrate.tbd) built for 'iOS-simulator'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [/Users/ben/Downloads/ssl-kill-switch3-release/.theos/obj/debug/arm64/SSLKillSwitch2.dylib] Error 1
make[2]: *** [/Users/ben/Downloads/ssl-kill-switch3-release/.theos/obj/debug/arm64/SSLKillSwitch2.dylib] Error 2
make[1]: *** [internal-library-all_] Error 2
make: *** [SSLKillSwitch2.all.tweak.variables] Error 2

Rename project so it's not confused with OG SSL-Kill-Switch?

The name of this project implies it is associated with the creator of SSL Kill Switch 1 and 2. It may be good to rename this project to something unique to avoid confusion; or perhaps open PRs on SSL-Kill-Switch2 with your feature enhancements

How to generate ipa package ah, and certificate description file

Doubts about IOS 15.8.2

Any article or video that teaches how to install it on the iPhone 7 Plus 15.8.2, I didn't find anything like that on the internet

IPhone OS arm64 cannot be installed

Doesn't work with cloudflare

When you proxy and open Sileo, servers that use cloudflare still fail after ssl kill enabled.
Culprits so far:
https://featuredpage.getsileo.app/
https://havoc.app/
both use cloudflare

The rest of the repos proxy fine because they don't use cloudflare

proof:

log:

Mar 19 00:04:49 Sileo(SSLKillSwitch2.dylib)[386] <Notice>: === SSL Kill Switch 2: __NSCFLocalSessionTask _onqueue_didReceiveChallenge! protectionSpace: <NSURLProtectionSpace: 0x283c257e0>: Host:havoc.app, Server:https, Auth-Scheme:NSURLAuthenticationMethodServerTrust, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Notice>: Task <A914AFF7-E315-467A-9AA6-D2CFA45C74ED>.<37> auth completion disp=0 cred=0x283c34590
Mar 19 00:04:49 trustd[120] <Notice>: cert[1]: TemporalValidity =(leaf)[]> 0
Mar 19 00:04:49 trustd[120] <Notice>: cert[1]: TemporalValidity =(leaf)[]> 0
Mar 19 00:04:49 trustd[120] <Notice>: cert[1]: TemporalValidity =(leaf)[]> 0
Mar 19 00:04:49 trustd[120] <Notice>: cert[1]: TemporalValidity =(path)[]> 0
Mar 19 00:04:49 trustd[120] <Notice>: SCT signature failed (log={
    "end_exclusive" = "2024-01-01 00:00:00 +0000";
    key = {length = 91, bytes = 0x30593013 06072a86 48ce3d02 0106082a ... efa461cf bc84b5a8 };
    "log_id" = {length = 32, bytes = 0x7a328c54 d8b72db6 20ea38e0 521ee984 ... 2bc13a57 a352eb52 };
    operator = Cloudflare;
--
Mar 19 00:04:49 Sileo(libnetwork.dylib)[386] <Notice>: [C45 havoc.app:443 tcp, url hash: 4acb2153, tls, definite, attribution: developer] cancelled
Mar 19 00:04:49 Sileo(libusrtcp.dylib)[386] <Notice>: nw_protocol_tcp_log_summary [C45.1:4]
	[73CB4B6E-BD3C-43D2-A103-108138B465A6 10.0.0.103:61547<->10.0.0.158:8888]
	Init: 1, Conn_Time: 16.212ms, SYNs: 1, WR_T: 0/0, RD_T: 0/0, TFO: 0/0/0, ECN: 0/1/1, TS: 1
	rtt_cache: process, rtt_upd: 3, rtt: 21.687ms, rtt_var: 6.062ms rtt_nc: 16.687ms, rtt_var_nc: 5.625ms base rtt: 2ms
	ACKs-compressed: 0, ACKs delayed: 0 delayed ACKs sent: 0
Mar 19 00:04:49 Sileo(libnetwork.dylib)[386] <Notice>: nw_flow_disconnected [C45.1 10.0.0.158:8888 cancelled channel-flow ((null))] Output protocol disconnected
Mar 19 00:04:49 Sileo(libnetwork.dylib)[386] <Notice>: nw_connection_report_state_with_handler_on_nw_queue [C45] reporting state cancelled
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Notice>: Task <A914AFF7-E315-467A-9AA6-D2CFA45C74ED>.<37> can retry(N) with reason(4) for error [3:-9802]
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Error>: Task <A914AFF7-E315-467A-9AA6-D2CFA45C74ED>.<37> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
Mar 19 00:04:49 Sileo(libboringssl.dylib)[386] <Notice>: boringssl_context_evaluate_trust_async_external_block_invoke(1604) [C45.1:2][0x100f0f610] Cancelled during verify block
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Notice>: Connection 45: done
Mar 19 00:04:49 Sileo(libusrtcp.dylib)[386] <Notice>: tcp_output [C45.1:4] flags=[F.] seq=1351944460, ack=3702123184, win=2048 state=FIN_WAIT_1 rcv_nxt=3702123184, snd_una=1351944460
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Notice>: Task <A914AFF7-E315-467A-9AA6-D2CFA45C74ED>.<37> summary for task failure {transaction_duration_ms=319, response_status=-1, connection=45, reused=1, request_start_ms=0, request_duration_ms=0, response_start_ms=0, response_duration_ms=0, request_bytes=0, response_bytes=0, cache_hit=false}
Mar 19 00:04:49 Sileo(CFNetwork)[386] <Error>: Task <A914AFF7-E315-467A-9AA6-D2CFA45C74ED>.<37> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
    "<cert(0x10684c200) s: *.havoc.app i: Charles Proxy CA (1 Sep 2021, Hackintosh-Pro)>",
    "<cert(0x10684ca00) s: Charles Proxy CA (1 Sep 2021, Hackintosh-Pro) i: Charles Proxy CA (1 Sep 2021, Hackintosh-Pro)>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://havoc.app/Packages, NSErrorFailingURLStringKey=https://havoc.app/Packages, NSUnderlyingError=0x2830b3360 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x280f297c0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamP

App cannot start when ssl-kill-switch3 is enabled

It’s not a crash. After the app is launched, it will flash for about 2 seconds and then return to the home screen.

iPhone 11 | iOS14.7.1 | tweak version 1.5.1

00:19:13.808027+0800 APP-sample === SSL Kill Switch 3: [info] Using LogLevel = 10
00:19:13.808084+0800 APP-sample === SSL Kill Switch 3: [info] Preference set to 1.
00:19:13.808182+0800 APP-sample === SSL Kill Switch 3: [info] Hook enabled.
00:19:13.808233+0800 APP-sample === SSL Kill Switch 3: [info] iOS 13+ detected
00:19:13.808270+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('/usr/lib/libboringssl.dylib', 'SSL_set_custom_verify', 0x106c079a8, 0x106c100c0);
00:19:13.809169+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1b9cc0160 -> 0x1b9cc0160
00:19:13.809221+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SSL_set_custom_verify ptr 0x1b9cc0160, from 0xb4000068f9400408 0xf900190239056101 0x7945f008d65f03c0 to 0x9126a231f0a67a31 0xf9001902d61f0220 0x7945f008d65f03c0
00:19:13.809257+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('/usr/lib/libboringssl.dylib', 'SSL_get_psk_identity', 0x106c0683c, 0x0);
00:19:13.810126+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1b9cc0878 -> 0x1b9cc0878
00:19:13.810182+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SSL_get_psk_identity ptr 0x1b9cc0878, from 0xa9bf7bfdd503237f 0xb4000080910003fd 0xb4000040940072b6 to 0x9120f231d0a67a31 0xb4000080d61f0220 0xb4000040940072b6
00:19:13.810233+0800 APP-sample === SSL Kill Switch 3: [info] Hooking Security framework...
00:19:13.810282+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecIsInternalRelease', 0x106c0836c, 0x106c10108);
00:19:13.810331+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3f238c -> 0x1ab3f238c
00:19:13.810367+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecIsInternalRelease ptr 0x1ab3f238c, from 0x911e4400f0000260 0xd503237f164b0157 0xa90167faa9ba6ffc to 0x910db231d0adc0b1 0xd503237fd61f0220 0xa90167faa9ba6ffc
00:19:13.810420+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluate', 0x106c08474, 0x106c10110);
00:19:13.810467+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e90b4 -> 0x1ab3e90b4
00:19:13.810501+0800 APP-sample === SSL Kill Switch 3: [info] SecTrustEvaluate jumps to 0x1ab3e90b8: d101c3ffd503237f, hook new addr instead!
00:19:13.810537+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluate ptr 0x1ab3e90b4, from 0xd503237f14000001 0xa9054ff4d101c3ff 0x910183fda9067bfd to 0xf0adc0f114000001 0xd61f02209111d231 0x910183fda9067bfd
00:19:13.810571+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateAsync', 0x106c085d4, 0x106c10118);
00:19:13.810604+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3ea6e8 -> 0x1ab3ea6e8
00:19:13.810638+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateAsync ptr 0x1ab3ea6e8, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x91175231d0adc0f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:13.810671+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateWithError', 0x106c08750, 0x106c10120);
00:19:13.810702+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e9584 -> 0x1ab3e9584
00:19:13.810735+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateWithError ptr 0x1ab3e9584, from 0xd100c3ffd503237f 0xa9027bfda9014ff4 0xaa0103f3910083fd to 0x911d4231f0adc0f1 0xa9027bfdd61f0220 0xaa0103f3910083fd
00:19:13.810770+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateAsyncWithError', 0x106c088b8, 0x106c10128);
00:19:13.810802+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3eb618 -> 0x1ab3eb618
00:19:13.810837+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateAsyncWithError ptr 0x1ab3eb618, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x9122e231b0adc0f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:13.810869+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateFastAsync', 0x106c08a34, 0x106c10130);
00:19:13.810908+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3ea7f0 -> 0x1ab3ea7f0
00:19:13.810940+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateFastAsync ptr 0x1ab3ea7f0, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x9128d231d0adc0f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:13.810978+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustSetPolicies', 0x106c08bb4, 0x106c10138);
00:19:13.811011+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e6858 -> 0x1ab3e6858
00:19:13.811044+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustSetPolicies ptr 0x1ab3e6858, from 0xd10303ffd503237f 0xa9085ff8a90767fa 0xa90a4ff4a90957f6 to 0x912ed231d0adc111 0xa9085ff8d61f0220 0xa90a4ff4a90957f6
00:19:13.811083+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecKeyVerifySignature', 0x106c08cbc, 0x106c10140);
00:19:13.811115+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3be0fc -> 0x1ab3be0fc
00:19:13.811148+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecKeyVerifySignature ptr 0x1ab3be0fc, from 0xd101c3ffd503237f 0xa90457f6a9035ff8 0xa9067bfda9054ff4 to 0x9132f231d0adc251 0xa90457f6d61f0220 0xa9067bfda9054ff4
00:19:13.811187+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecKeyRawVerify', 0x106c08dec, 0x106c10148);
00:19:13.811220+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3bdffc -> 0x1ab3bdffc
00:19:13.811260+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecKeyRawVerify ptr 0x1ab3bdffc, from 0xd101c3ffd503237f 0xa90457f6a9035ff8 0xa9067bfda9054ff4 to 0x9137b231f0adc251 0xa90457f6d61f0220 0xa9067bfda9054ff4
00:19:13.811302+0800 APP-sample === SSL Kill Switch 3: [info] Hooking URLSession...
00:19:13.811336+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x2064ed048, '_onqueue_didReceiveChallenge:request:withCompletion:', 0x106c08ef4, 0x106c10150);
00:19:13.811383+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x206c4e220, '_onqueue_sendSessionChallenge:completionHandler:', 0x106c090d8, 0x106c10158);
00:19:13.811415+0800 APP-sample === SSL Kill Switch 3: [info] AFNetworking detected; hooking it...
00:19:13.811448+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x103ba30e8, 'setSSLPinningMode:', 0x106c092a0, 0x106c10160);
00:19:13.811486+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x103ba30e8, 'setAllowInvalidCertificates:', 0x106c09424, 0x106c10168);
00:19:13.811531+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x103ba3110, 'policyWithPinningMode:', 0x106c095bc, 0x106c10170);
00:19:13.811577+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x103ba3110, 'policyWithPinningMode:withPinnedCertificates:', 0x106c09744, 0x106c10178);
00:19:13.811626+0800 APP-sample === SSL Kill Switch 3: [info] Finished Hooking!
00:19:13.860332+0800 APP-sample === SSL Kill Switch 3: [verb] >> Entering new__AFSecurityPolicy_setSSLPinningMode()
00:19:13.860366+0800 APP-sample === SSL Kill Switch 3: [verb] AFSecurityPolicy setSSLPinningMode: 0 -> 0
00:19:13.860399+0800 APP-sample === SSL Kill Switch 3: [verb] << Leaving new__AFSecurityPolicy_setSSLPinningMode()
00:19:13.860634+0800 APP-sample === SSL Kill Switch 3: [verb] >> Entering new__AFSecurityPolicy_policyWithPinningMode()
00:19:13.860677+0800 APP-sample === SSL Kill Switch 3: [verb] AFSecurityPolicy policyWithPinningMode: 0 -> AFSSLPinningModeNone
00:19:13.860711+0800 APP-sample === SSL Kill Switch 3: [verb] << Leaving new__AFSecurityPolicy_policyWithPinningMode()
00:19:14.411916+0800 APP-sample === SSL Kill Switch 3: [info] Using LogLevel = 10
00:19:14.411967+0800 APP-sample === SSL Kill Switch 3: [info] Preference set to 1.
00:19:14.412122+0800 APP-sample === SSL Kill Switch 3: [info] Hook enabled.
00:19:14.412189+0800 APP-sample === SSL Kill Switch 3: [info] iOS 13+ detected
00:19:14.412245+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('/usr/lib/libboringssl.dylib', 'SSL_set_custom_verify', 0x1027279a8, 0x1027300c0);
00:19:14.413136+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1b9cc0160 -> 0x1b9cc0160
00:19:14.413188+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SSL_set_custom_verify ptr 0x1b9cc0160, from 0xb4000068f9400408 0xf900190239056101 0x7945f008d65f03c0 to 0x9126a231f0a45331 0xf9001902d61f0220 0x7945f008d65f03c0
00:19:14.413244+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('/usr/lib/libboringssl.dylib', 'SSL_get_psk_identity', 0x10272683c, 0x0);
00:19:14.414326+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1b9cc0878 -> 0x1b9cc0878
00:19:14.414393+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SSL_get_psk_identity ptr 0x1b9cc0878, from 0xa9bf7bfdd503237f 0xb4000080910003fd 0xb4000040940072b6 to 0x9120f231d0a45331 0xb4000080d61f0220 0xb4000040940072b6
00:19:14.414442+0800 APP-sample === SSL Kill Switch 3: [info] Hooking Security framework...
00:19:14.414486+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecIsInternalRelease', 0x10272836c, 0x102730108);
00:19:14.414520+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3f238c -> 0x1ab3f238c
00:19:14.414555+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecIsInternalRelease ptr 0x1ab3f238c, from 0x911e4400f0000260 0xd503237f164b0157 0xa90167faa9ba6ffc to 0x910db231d0ab99b1 0xd503237fd61f0220 0xa90167faa9ba6ffc
00:19:14.414592+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluate', 0x102728474, 0x102730110);
00:19:14.414628+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e90b4 -> 0x1ab3e90b4
00:19:14.414669+0800 APP-sample === SSL Kill Switch 3: [info] SecTrustEvaluate jumps to 0x1ab3e90b8: d101c3ffd503237f, hook new addr instead!
00:19:14.414705+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluate ptr 0x1ab3e90b4, from 0xd503237f14000001 0xa9054ff4d101c3ff 0x910183fda9067bfd to 0xf0ab99f114000001 0xd61f02209111d231 0x910183fda9067bfd
00:19:14.414738+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateAsync', 0x1027285d4, 0x102730118);
00:19:14.414771+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3ea6e8 -> 0x1ab3ea6e8
00:19:14.414805+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateAsync ptr 0x1ab3ea6e8, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x91175231d0ab99f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:14.414839+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateWithError', 0x102728750, 0x102730120);
00:19:14.414870+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e9584 -> 0x1ab3e9584
00:19:14.414905+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateWithError ptr 0x1ab3e9584, from 0xd100c3ffd503237f 0xa9027bfda9014ff4 0xaa0103f3910083fd to 0x911d4231f0ab99f1 0xa9027bfdd61f0220 0xaa0103f3910083fd
00:19:14.414947+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateAsyncWithError', 0x1027288b8, 0x102730128);
00:19:14.414980+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3eb618 -> 0x1ab3eb618
00:19:14.415015+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateAsyncWithError ptr 0x1ab3eb618, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x9122e231b0ab99f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:14.415049+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustEvaluateFastAsync', 0x102728a34, 0x102730130);
00:19:14.415081+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3ea7f0 -> 0x1ab3ea7f0
00:19:14.415116+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustEvaluateFastAsync ptr 0x1ab3ea7f0, from 0xd10183ffd503237f 0xa9044ff4a90357f6 0x910143fda9057bfd to 0x9128d231d0ab99f1 0xa9044ff4d61f0220 0x910143fda9057bfd
00:19:14.415149+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecTrustSetPolicies', 0x102728bb4, 0x102730138);
00:19:14.415180+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3e6858 -> 0x1ab3e6858
00:19:14.415226+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecTrustSetPolicies ptr 0x1ab3e6858, from 0xd10303ffd503237f 0xa9085ff8a90767fa 0xa90a4ff4a90957f6 to 0x912ed231d0ab9a11 0xa9085ff8d61f0220 0xa90a4ff4a90957f6
00:19:14.415261+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecKeyVerifySignature', 0x102728cbc, 0x102730140);
00:19:14.415303+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3be0fc -> 0x1ab3be0fc
00:19:14.415347+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecKeyVerifySignature ptr 0x1ab3be0fc, from 0xd101c3ffd503237f 0xa90457f6a9035ff8 0xa9067bfda9054ff4 to 0x9132f231d0ab9b51 0xa90457f6d61f0220 0xa9067bfda9054ff4
00:19:14.415380+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF('(null)', 'SecKeyRawVerify', 0x102728dec, 0x102730148);
00:19:14.415416+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF resolved pFunc -> 0x1ab3bdffc -> 0x1ab3bdffc
00:19:14.415451+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookF result: func SecKeyRawVerify ptr 0x1ab3bdffc, from 0xd101c3ffd503237f 0xa90457f6a9035ff8 0xa9067bfda9054ff4 to 0x9137b231f0ab9b51 0xa90457f6d61f0220 0xa9067bfda9054ff4
00:19:14.415491+0800 APP-sample === SSL Kill Switch 3: [info] Hooking URLSession...
00:19:14.415524+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x2064ed048, '_onqueue_didReceiveChallenge:request:withCompletion:', 0x102728ef4, 0x102730150);
00:19:14.415556+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x206c4e220, '_onqueue_sendSessionChallenge:completionHandler:', 0x1027290d8, 0x102730158);
00:19:14.415606+0800 APP-sample === SSL Kill Switch 3: [info] AFNetworking detected; hooking it...
00:19:14.415640+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x101a830e8, 'setSSLPinningMode:', 0x1027292a0, 0x102730160);
00:19:14.415673+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x101a830e8, 'setAllowInvalidCertificates:', 0x102729424, 0x102730168);
00:19:14.415704+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x101a83110, 'policyWithPinningMode:', 0x1027295bc, 0x102730170);
00:19:14.415738+0800 APP-sample === SSL Kill Switch 3: [verb] [init] hookM(0x101a83110, 'policyWithPinningMode:withPinnedCertificates:', 0x102729744, 0x102730178);
00:19:14.415767+0800 APP-sample === SSL Kill Switch 3: [info] Finished Hooking!
00:19:14.462752+0800 APP-sample === SSL Kill Switch 3: [verb] >> Entering new__AFSecurityPolicy_setSSLPinningMode()
00:19:14.462784+0800 APP-sample === SSL Kill Switch 3: [verb] AFSecurityPolicy setSSLPinningMode: 0 -> 0
00:19:14.462816+0800 APP-sample === SSL Kill Switch 3: [verb] << Leaving new__AFSecurityPolicy_setSSLPinningMode()
00:19:14.462964+0800 APP-sample === SSL Kill Switch 3: [verb] >> Entering new__AFSecurityPolicy_policyWithPinningMode()
00:19:14.462995+0800 APP-sample === SSL Kill Switch 3: [verb] AFSecurityPolicy policyWithPinningMode: 0 -> AFSSLPinningModeNone
00:19:14.463027+0800 APP-sample === SSL Kill Switch 3: [verb] << Leaving new__AFSecurityPolicy_policyWithPinningMode()

Not Working on iOS 15.7.9

Hi team,

I installed this on my iPhone 6s on iOS 15.7.9 but it does not work for different apps when proxy is turned on.

But i am able to achieve this using Objection framework to bypass ssl pining.

Non-Jailbreak version which IPA should I inject the dylib file to?

I don't understand the instruction as it says inject the dylib to IPA and install
does it mean inject to any IPA? since I tried that but failed

Does it support IOS16?

Support for Dopamine/Rootless

Does it support ios 16.7.7 on plera1n jailbreak

Hi,
Does it support ios 16.7.7 on plera1n jailbreak

Disabled Validation leads to not working Wifi after re-jailbreak

I see on my iPhone 8 iOS 16.7.2 that when I re-jailbreak rootless via palera1n v2.0.0 beta 8 with activated "Disable Certification Validation" that wifi is not working.

until I deactivate "Disable Certification Validation" and re-jailbreak rootless again

Non-jailbroken device but encrypted ipa?

Hello,
i tried to inject the dylib (from releases) into an "encrypted" IPA using sideloadly on non-jailbroken device (iOS 15) but the app crashes.
So, is this related to the ipa being encrypted ? and hence it's a requirement for non-jailbroken devices to use unecrypted IPAs ?

+[AFSecurityPolicy setPinnedCertificates:]: unrecognized selector sent to class

hello! thanks for this great development ❤️

i got some exception:

Exception NSException * "+[AFSecurityPolicy setPinnedCertificates:]: unrecognized selector sent to class 0x10689d820"
i also see name = "NSInvalidArgumentException"

the last thing I see in the logs:

=== SSL Kill Switch 3: [verb]  >> Entering new__AFSecurityPolicy_setSSLPinningMode()
=== SSL Kill Switch 3: [verb] AFSecurityPolicy setSSLPinningMode: 0 -> 0
=== SSL Kill Switch 3: [verb]  << Leaving new__AFSecurityPolicy_setSSLPinningMode()
=== SSL Kill Switch 3: [verb]  >> Entering new__AFSecurityPolicy_policyWithPinningMode()
=== SSL Kill Switch 3: [verb] AFSecurityPolicy policyWithPinningMode: 1 -> AFSSLPinningModeNone
=== SSL Kill Switch 3: [verb]  << Leaving new__AFSecurityPolicy_policyWithPinningMode()

versions <= 1.2 work fine, v1.3 and above cause exception

iOS 17.1.2, not jailbroken

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.