I was trying to get the requests made by apple identity's service, and i never succeed. But here's how i finally made with the help of some people from Hack Different
discord server.
(This is a memo for me)
- MacOS
- A jailbroken iOS 12 device (for me: iphone 6, unc0ver jailbroken -- worked with checkra1n --)
- Wireshark
ssh
on the device (easy to install, search by yourself how to install it on jailbroken devices)sslkeylog
tweak on the iphone (obtainable here, intallation tutorial here (2 paragraphs after "tutorial"))- Xcode's command line (
xcode-select --install
) libimobiledevice
- Create the file where you're gonna store the files we'll generate. It will be
unpintest
for me.mkdir unpintest
cd unpintest
- Make sure you don't have proxy set on the iphone's wifi setting.
idevicepair pair
-> pair the device on the device. -> note the device id that will also show up in the terminal message (for me:292439...8f5b34
(the...
are obviously other chars in my term)).rvictl -s DEVICEID
(for mervictl -s 292439...8f5b34
).- In order to create the
sslkeylog
file, runssh root@DEVICE_IP sslkeylog | tee kl.keylog
.DEVICE_IP
for me is192.168.1.57
.- You can find out the local ip of your device by going to
Settings
->Wifi
-> click on thei
of the current wifi you're on -> The number next toIP Address
is what you're searching for.
- It will ask for the ssh password,
alpine
by default. CTRL
+C
to quit the keylog. Now the keylog file has been created.- Open wireshark
- In the list of devices under
Capture
, double click onrvi0
. - Go to
Wireshark
->Preferences
->Protocols
->TLS
- Click on
Browse
next to the bar under(Pre)-MasterSecret log filename
and selectkl.keylog
in the directory you created at the first step. Ok
- Now run again
ssh root@DEVICE_IP sslkeylog | tee kl.keylog
. - Do the action you want to unpin.
- Once done, click on the red square in Wireshark in order to stop the capture.
- You can stop the keydump.
- You can now try to find the requests sent by your action. The decrypted ones are the one in green.
Do not ask me for more, it took me many weeks to find how to make this, with the help of other people. I am a noob, do not comment questions, I won't answer !!! Sources:
https://andydavies.me/blog/2019/12/12/capturing-and-decrypting-https-traffic-from-ios-apps/
https://blog.nicolas17.xyz/posts/decrypting-ios-tls-traffic.html