Not working on iOS 12.1: Apps are crashing, SpringBoard in safe mode #60
Comments
|
@markus0m Same here, any app will just crash upon making a request with me when SSLKillSwitch is toggled, and I'm on 12.1.2 |
|
Same problem here. I even tried re-implementing the iOS 12 method using Frida but I didn't have much success. Not sure if I'm just doing something wrong as this was my first attempt at using Frida for scripting. If anyone wants to try messing with it then feel free: note: For some reason, I couldn't find SSL_get_psk_identity in the symbols list so I just ignored it considering the blog post (which is awesome btw) stated that it only fixed the error on the first connection. function main()
{
var module = Process.getModuleByName('libboringssl.dylib');
var symbols = module.enumerateSymbols();
var SSL_get_psk_identity_pointer = null;
var SSL_CTX_set_custom_verify_pointer = null;
for (var i = 0; i < symbols.length; i++)
{
if (symbols[i]['name'] == 'SSL_get_psk_identity')
{
console.log('found SSL_get_psk_identity');
SSL_get_psk_identity_pointer = symbols[i]['address'];
break;
}
else if (symbols[i]['name'] == 'SSL_CTX_set_custom_verify')
{
console.log('found SSL_CTX_set_custom_verify');
SSL_CTX_set_custom_verify_pointer = symbols[i]['address'];
break;
}
}
// if (SSL_get_psk_identity_pointer == null)
// {
// console.log('ERROR: SSL_get_psk_identity address pointer not found!');
// return;
// }
if (SSL_CTX_set_custom_verify_pointer == null)
{
console.log('ERROR: SSL_CTX_set_custom_verify address pointer not found!');
return;
}
const SSL_VERIFY_NONE = 0;
var SSL_CTX_set_custom_verify = new NativeFunction(SSL_CTX_set_custom_verify_pointer, "void", ["pointer", "int", "pointer"]);
var SSL_CTX_set_custom_verify_callback = new NativeCallback(function(ssl, out_alert) {
console.log('called fake callback');
return 0; // ssl_verify_ok
}, "int", ["pointer", "pointer"]);
Interceptor.replace(
ptr(SSL_CTX_set_custom_verify_pointer),
new NativeCallback(function(ctx, mode, callback) {
console.log('hit');
SSL_CTX_set_custom_verify(ctx, SSL_VERIFY_NONE, ptr(SSL_CTX_set_custom_verify_callback));
},
"void", ["pointer", "int", "pointer"]));
}
main(); |
|
It works fine for me on two different devices, one with iOS 12.1 and one with iOS 12.2. Both are jailbroken with the unc0ver jailbreak. Others with the same issue described here seemed to use the Chimera jailbreak which uses their own Mobile Substrate replacement called Substitute which can cause issues with some tweaks from what I've heard. |
|
Duplicate of #63 |
I can't seem to get the latest release to properly work with iOS 12.1
Apps initially seemed to just crash on accessing network data when the tweak was active.
Respring with the tweak active now always puts SpringBoard in safe mode.
So I have no way of disabling it through the Settings any more but can only re-/deinstall it.
I managed to fire a request from the App Store app with the tweak (probably) active but all I got in Charles was handshake_failure (40)
Any hints where I could start?
Does anyone have a working setup on 12.1?
The text was updated successfully, but these errors were encountered: