realitynet / ios_triage Goto Github PK

View Code? Open in Web Editor NEW

132.0 15.0 36.0 37 KB

Bash script to extract data from a "chekcra1ned" iOS device

Shell 100.00%

bash ios-bfu-triage ios digital-forensics checkra1n ios-triage

ios_triage's Introduction

iOS Triage

Bash script to extract data from a "checkra1ned" iOS device

Developed and tested on Mac OS X Mojave (10.14.6)

Mandatory Requirements

checkra1n (https://checkra.in/)
libimobiledevice (https://www.libimobiledevice.org/)
SSHPASS for Mac OS X (https://gist.github.com/arunoda/7790979)
dialog for Mac OS X (http://macappstore.org/dialog/)

Optional Requirements

python3 (https://www.python.org/downloads/)
sysdiagnose scripts (https://github.com/cheeky4n6monkey/iOS_sysdiagnose_forensic_scripts)
APOLLO (https://github.com/mac4n6/APOLLO)
iOS Mobile Installation Logs Parser (https://github.com/abrignoni/iOS-Mobile-Installation-Logs-Parser)

How to use it

checkra1n an iOS device
Open a terminal and execute "sudo iproxy 22 44"
Open a new terminal and execute ssh root@localhost and add localhost to the list of known hosts
Download the script in the folder where you want to save the extraction (i.e. Desktop)
Make the script executable (chmod +x ios_bfu_triage.sh)
Execute the script and follow the instructions

Version 0.1 [5/12/2019] First release

Version 0.2 [6/12/2019] Changed the output folder name to the device UDID instead of the device NAME

Version 1.0 [23/12/2019] For detailed instructions read this: Checkra1n Era - Ep 5 - Automating extraction and processing (aka "Marry Xmas!") (https://blog.digital-forensics.it/2019/12/checkra1n-era-ep-5-automating.html)

Version 2.0 [5/6/2020]

Improved direct extraction and processing with APOLLO, iLEAPP and sysdiagnose
Improved "find" function

ios_triage's People

Contributors

Stargazers

Watchers

ios_triage's Issues

Message authentication code incorrect

Hi
good job!!!

I report a problem, even if it is not directly related to the script.
In the Full acquisition after a few seconds the ssh session ends with this error.

sshpass -p alpine ssh [email protected] tar -cf - / > full.tar
tar: Removing leading `/' from member names
tar: Removing leading `//' from member names
tar: /.fseventsd: Cannot open: Operation not permitted
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 22: message authentication code incorrect

kex_exchange_identification: Connection closed by remote host

I am having issues connecting to my device via sudo iproxy 22 44 and ssh root@localhost. I have tried with two devices - iPad and iPhoneX both JB with uncov0er.

In both cases the error is the same. I've tried jailbreaking both of them again and rebooting my Mac but I keep getting the same error.

$ sudo iproxy 22 44                                               
Password: [...]
Creating listening port 22 for device port 44
waiting for connection
New connection for 22->44, fd = 5
waiting for connection
Requesting connecion to USB device handle 6 (serial: af009 [...] b7b13e), port 44
Error connecting to device: No such file or directory

and

$ ssh root@localhost                                                      
kex_exchange_identification: Connection closed by remote host

I am connected via USB and can ssh to them either ssh root@deviceIP or

sudo iproxy 44 22

ssh -p 44 root@localhost

I think am missing something too obvious. Any ideas?

Thanks in advance

Edit: forgot to say that I am able to run this repo by manually modifying lines 56, 580, 581 and 582 but still curious as per why am not able to run it as above.

realitynet / ios_triage Goto Github PK

ios_triage's Introduction

iOS Triage

ios_triage's People

Contributors

Stargazers

Watchers

Forkers

ios_triage's Issues

Message authentication code incorrect

kex_exchange_identification: Connection closed by remote host

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent