Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors running modules targeting an application with a space character in the name #151

Closed
cobbr opened this issue Apr 11, 2017 · 5 comments
Closed

Errors running modules targeting an application with a space character in the name #151

cobbr opened this issue Apr 11, 2017 · 5 comments
Labels
bug loc-core

Comments

@cobbr
Copy link

cobbr commented Apr 11, 2017

Issue

It seems that needle does not properly handle spaces in the name of the application when dealing with filepaths.

Expected behaviour

Needle should use the backlash '\' escape character to escape out spaces in the filepath.

Actual behaviour

Needle uses HTML encoding, inserting '%20' for spaces in the name of an application.

Steps to reproduce

  1. Install an application with a space in the name
  2. Start needle
  3. Run a module

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True
[needle] > set APP <redacted>
APP => <redacted>
[needle] > use binary/reversing/class_dump_frida_enum-classes
[needle][class_dump_frida_enum-classes] > run
[*] Checking connection with device...
[+] Already connected to: 127.0.0.1
[D] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: <redacted>
[*] Retrieving app's metadata...
/private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app/Info.plist
[D] Copying the plist to temp: /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app/Info.plist -> /root/.needle/tmp/plist
[*] Pulling: /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app/Info.plist -> /root/.needle/tmp/plist
[D] Downloading: "/private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app/Info.plist" -> /root/.needle/tmp/plist
[D] [LOCAL CMD] Local Command: sshpass -p "<redacted>" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 [email protected]:"/private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app/Info.plist" /root/.needle/tmp/plist
------------------------------------------------------------
Traceback (most recent call last):
  File "/opt/needle/needle/core/framework/module.py", line 111, in do_run
    pre = self.module_pre()
  File "/opt/needle/needle/core/framework/module.py", line 275, in module_pre
    FridaModule.module_pre(self)
  File "/opt/needle/needle/core/framework/module.py", line 255, in module_pre
    res = BaseModule.module_pre(self)
  File "/opt/needle/needle/core/framework/module.py", line 147, in module_pre
    if self.app_check() is None: return None
  File "/opt/needle/needle/core/framework/framework.py", line 665, in app_check
    self.APP_METADATA = Framework.APP_METADATA = self.device.app.get_metadata(app)
  File "/opt/needle/needle/core/device/app.py", line 19, in get_metadata
    return self._retrieve_metadata()
  File "/opt/needle/needle/core/device/app.py", line 31, in _retrieve_metadata
    plist_info = self._device.remote_op.parse_plist(plist_info_path)
  File "/opt/needle/needle/core/device/remote_operations.py", line 219, in parse_plist
    content = Utils.plist_read_from_file(plist_copy)
  File "/opt/needle/needle/core/utils/utils.py", line 149, in plist_read_from_file
    plist = biplist.readPlist(path)
  File "/usr/local/lib/python2.7/dist-packages/biplist/__init__.py", line 122, in readPlist
    pathOrFile = open(pathOrFile, 'rb')
IOError: [Errno 2] No such file or directory: '/root/.needle/tmp/plist'
------------------------------------------------------------
[!] IOError: [Errno 2] No such file or directory: '/root/.needle/tmp/plist'.

It might be difficult to tell from above (I am forced to remove the application name), but the application has a space in the name. Needle is trying to access the app filepath, shown as /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>%20<redacted>.app. However, the space should not be encoded, it should be escaped like this: /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/<redacted>\ <redacted>.app.

A non-redacted example would be /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/My%20Application%20Name.app. This should be handled by needle as /private/var/containers/Bundle/Application/D4EE87E5-FBDD-49D2-B33A-8898FF27E257/My\ Application\ Name.app.

Let me know if this is still confusing, and I can try to explain further.

Environment

Workstation Operating System

Kali Linux 2.0 Rolling

Python Version

Python 2.7.13

Device iOS Version

iOS 10.2
ccsplit added a commit to ccsplit/needle that referenced this issue May 8, 2017
@ccsplit
Use unquote to convert spaces. Fixes WithSecureLabs#151.
fb953a6 
Since the information is passed back and forth through JSON with the agent
it is URL-Encoded and therefore it needs to be removed when passing the
string to an local_operation/remote_operation path command.
@ccsplit ccsplit mentioned this issue May 8, 2017
Merged
marco-lancini added a commit that referenced this issue May 22, 2017
@marco-lancini
Merge pull request #162 from ccsplit/develop
ff5fccd 
Use unquote to convert spaces. Fixes #151.
@marco-lancini marco-lancini mentioned this issue Jul 4, 2017
Closed
@gk0us
Copy link

gk0us commented Apr 4, 2019

In v1.3.2 I get a similar error.

[*] Checking connection with device...
[+] Already connected to: 127.0.0.1
[D] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Target app: com.example.app
[*] Retrieving app's metadata...
[D] Copying the plist to temp: '/private/var/containers/Bundle/Application/52A5FC17-C611-4DA1-9666-306E371868AF/Example App.app'"'"'/Info.plist' -> /home/test-user/.needle/tmp/plist
[*] Pulling: '/private/var/containers/Bundle/Application/52A5FC17-C611-4DA1-9666-306E371868AF/Example App.app'"'"'/Info.plist' -> /home/test-user/.needle/tmp/plist
[D] Downloading: "'/private/var/containers/Bundle/Application/52A5FC17-C611-4DA1-9666-306E371868AF/Example App.app'"'"'"'"'"'"'"'"'/Info.plist'" -> /home/test-user/.needle/tmp/plist
[D] [LOCAL CMD] Local Command: sshpass -p "Password" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 2222 [email protected]:"'/private/var/containers/Bundle/Application/52A5FC17-C611-4DA1-9666-306E371868AF/Example App.app'"'"'"'"'"'"'"'"'/Info.plist'" /home/test-user/.needle/tmp/plist
------------------------------------------------------------
Traceback (most recent call last):
  File "/home/test-user/mobileScripts/needle/needle/core/framework/module.py", line 111, in do_run
    pre = self.module_pre()
  File "/home/test-user/mobileScripts/needle/needle/core/framework/module.py", line 147, in module_pre
    if self.app_check() is None: return None
  File "/home/test-user/mobileScripts/needle/needle/core/framework/framework.py", line 693, in app_check
    self.APP_METADATA = Framework.APP_METADATA = self.device.app.get_metadata(app)
  File "/home/test-user/mobileScripts/needle/needle/core/device/app.py", line 17, in get_metadata
    return self._retrieve_metadata()
  File "/home/test-user/mobileScripts/needle/needle/core/device/app.py", line 26, in _retrieve_metadata
    plist_info = self._device.remote_op.parse_plist(plist_info_path)
  File "/home/test-user/mobileScripts/needle/needle/core/device/remote_operations.py", line 219, in parse_plist
    content = Utils.plist_read_from_file(plist_copy)
  File "/home/test-user/mobileScripts/needle/needle/core/utils/utils.py", line 162, in plist_read_from_file
    plist = biplist.readPlist(path)
  File "/home/test-user/.local/lib/python2.7/site-packages/biplist/__init__.py", line 105, in readPlist
    pathOrFile = open(pathOrFile, 'rb')
IOError: [Errno 2] No such file or directory: '/home/test-user/.needle/tmp/plist'
------------------------------------------------------------
[!] IOError: [Errno 2] No such file or directory: '/home/test-user/.needle/tmp/plist'

@flamecopper
Copy link

Same for me. In the latest version I am still getting the same.

@poldenais
Copy link

Pulling: '/private/var/containers/Bundle/Application/DCCCD482-C14A-4DBC-8BDF-F3F5B4640A3A/TESTNAME UAT.app'"'"'/Info.plist' -> /var/root/.needle/tmp/plist

Is this still a problem?

@flamecopper
Copy link

flamecopper commented Sep 11, 2019 via email

@poldenais
Copy link

Im getting the following so was just wondering: IOError: [Errno 2] No such file or directory: '/var/root/.needle/tmp/plist'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug loc-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@flamecopper @marco-lancini @cobbr @poldenais @gk0us