Archive for August, 2015

What you need:

  • a jailbroken iDevice
  • MobileTerminal iOS app (available from default cydia repos) or you can do a USB SSH tunnel thru iFunbox (you will need afc2add and openssh from default cydia re posfor this) DOWNLOAD iFUNBOX
  • iFIle or iFunbox to explore the iPhone’s filesystem and set permissions (if using iFunbox, you need afc2add from default cydia scources) grab a .deb for a crackedcopy of ifile here: (HERE)
  • a copy of clutch

I WILL ADD MORE TO THIS TUTORIAL AS I GET SCREENSHOT , ETC.
#teamclutch

 

STEP 1 – CYDIA INSTALLATION

get the latest clutch – by installing clutch (stable) from the repo – cydia.iphonecake.com ) (zorro put that thing on the repo xD)

STEP 1 – MANUAL INSTALLATION (skip if you installed thru cydia)

Spoiler

1. DOWNLOAD a copy of Clutch
2. MOVE clutch to usr/bin using iFile or iFunobx
1_ifile.jpg

3. RENAME clutch, by default the file will be named something unwieldy like clutch131 or Clutch 1.3.2-git,
you can rename it to something easier to type in, for the purpose of this tutorial, we will name it ” clutch “, but really you can name it whatever you like.
To rename it, in iFile press the blue arrow next to the filename, then delete the old name and enter “clutch”
2_rename.jpg

4. SET permissions to Read, Write, Execute , to do this in iFile, press the blue arrow next to the filename, to get the file info, and then scroll down a little bit until you see permissions.

SET permissions for user, group, and world to Read, Write, Execute.
4_set_permissions.jpg

you should have this:
3_permissions.jpg

How to SET permissions in iFunbox:

Spoiler

RIGHT CLICK on the file in iFunbox, and select set permissions
permissions_ifunbox.jpg

SET permissions for user, group, and world to Read, Write, Execute.
i_Fiunbox_File_Ownership_and_Permissions

STEP 2 – CONFIGURATION

Spoiler

Instead of using MobileTerminal on your iDevice, you can do a SSH Tunnel via USB with iFunbox, install openSSH (defualt cydia repos) first.

1. OPEN the terminal app on your springboard.
Terminal.png

You will get this window:
5_terminal.png

2. Next you will get root access to your device, which is necessary for clutch.

ENTER EXACTLY: su root
IMG_1007_PNG.jpg

press RETURN, you will be prompted for a password, your default password is alpine
ENTER your password and press RETURN, you now have root access
IMG_1039_PNG.jpg

3. LAUNCH the configuration utility. Enter exactly : clutch -C (notice the letter “C” must be capitalized)
7_clutch_C.jpg

4. There will be a series of options to configure.
8_configu_utitlity_opneend.jpg

Enter “YES” or “NO” to each of them, and for the email, enter anything you want to come up in the apple ID in the metadata, it doesn’t necessarily have to be in email format
9_enter_email.jpg

5.Then you can’t set compression, etc.When you get thru config, you will get a message and there will be nothing more to configure, simply restart terminal, or open a new tab in terminal, etc.
10_abort_trap4.jpg

CRACKING APPS
Instead of using MobileTerminal on your iDevice, you can do a SSH Tunnel via USB with iFunbox

1. OPEN the terminal app on your springboard.
2. GET root access (how to coverd above0
3. ENTER ” clutch ” (remember, if you renamed the script something else, enter that instead of “clutch”)
4. You will get this numbered menu

5. ENTER clutch followed by the number that corresponds with the app you want to crack.
If I want to crack Facebook, I enter” clutch -b 5″
6. The application will then crack
7.The IPAs are in /var/tmp/clutch copy them to your PC with iFunbox and upload.

 

 

Or simply use the terminal:

 

Once I was connected I typed “Clutch2” which showed the following options:

Clutch1

Typing “Clutch2 –i” displayed all of the app store apps installed on the device:

clutch2

 

I decided to dump the third application (which I don’t want to display since I didn’t write the app) so I ran “Clutch2 –b <BundleID#>”. If I had wanted to dump the second app (WordPress) I would have typed “Clutch2 –b org.wordpress”. Clutch2 quickly generated the following output:

clutch3

 

The decrypted binary was placed under the /var/tmp/clutch directory. I used ifunbox to copy both the decrypted binary and the original binary (located in /var/mobile/Containers/Bundle/Application/xxxx) to my computer so I could compare the before and after results. Normally Mach-O executable files contain code for multiple arm architectures and you need to use the OSX command line tool “lipo” to extract the arm version that you would like to analyze but in this case the application only contained code for armv7 so that wasn’t necessary.

Below you can see where I ran file on an iOS app with multiple architectures (armv7s and armv7) and file on this application which only has one architecture.

mini

 

 

 

 

 

 

 

 

Once I confirmed that I wasn’t dealing with multiple architectures I used the strings command to extract the txt from both the original binary and the binary which Clutch2 produced. The original encrypted version is on the left and the post Clutch2 decrypted version is on the right.

compare

 

 

 

 

 

 

 

 

As you can see the decrypted version gives us quite a bit more information about what’s going on inside of the application and I can start to use the tricks I learned in the SANS SEC575 course to analyze the app and it’s behavior.

Head over to cloudhq.net

 

 

NOTE: The acceptable mapping in Evernote and OneNote would be:

  • Evernote <> OneNote
  • Evernote stacks and notebooks <> OneNote notebooks
  • Evernote/stacks and notebooks/notebook <> OneNote/notebook/section
    where Evernote notebook is mapped to OneNote section

Here are short instructions on how to setup two-way synchronization between notebooks in Evernote and OneNote

  1. Start synchronization wizard to sync two cloud accounts
  2. Click on Evernote icon
    Evernote icon
  3. Select one of already configured Evernote account or click “Add Evernote” to add a new Evernote account
    Evernote account
  4. If you click on “Add Evernote” you will be forwarded to authorize cloudHQ to access account
    authorize cloudHQ
  5. Select notebook you want to sync or click “Create Notebook” if you want to create a new one
    Stacks and Notebooks
  6. Click on OneNote icon

    OneNote icon

  7. Select one of already configured OneNote account or add a new OneNote account

     OneNote account

  8. If you click on “Add OneNote ” you will be forwarded to sign-in Microsoft to authorize cloudHQ to access account
    Add OneNote
    Authorize OneNote
  9. Select OneNote notebook you want to sync or click “Create folder” for a new one
    OneNote folder
  10. Choose Options and synchronization starts automatically
    Start sync
  11. Synchronization status will display after initial synchronization
  12. Synchronization will start – Here is How to Monitor Status of Sync
  13. An email will confirm success of initial synchronization

 

Now as you can see, this site is a one stop solution to sync clouds. Happy syncing:)

If you haven’t flashed a custom ROM, move over to http://wp.me/p4W2R5-s7

 

Now that you have a custom recovery, here’s how to root your stock ROM.

 

To Root OnePlus 2 > tap on Install menu, and then browse and select your SuperSU > Swipe toconfirm the flash

Screenshot_2015-08-19-15-08-22.png

Screenshot_2015-08-19-15-09-00.png

Once Done > Wipe Dalvik & Cache > Reboot System To Restart

To Confirm the root status using a root checker app from play store

Screenshot_2015-08-19-17-44-23.png

Screenshot_2015-08-19-17-44-56.png

4. How To Make A Nandroid Backup With TWRP Recovery

A nandroid backup is a very important thing to have before installing any custom software on yourdevice. It’s basically a backup of your stock system that you can fall back on if anything goes wrong or ifyou just want your stock ROM back. You can also use the backup tool to create a backup of your favourite ROM set up exactly the way you like it. The backup you create can be easily restored using the restore tool in TWRP recovery.

All you need to do is enter TWRP recovery, select the backup option from the TWRP home screen,check the system/data/boot boxes, and swipe to backup. The process will take a few minutes.

Screenshot_2015-08-19-14-39-05.png

Screenshot_2015-08-19-14-53-24.png

Screenshot_2015-08-19-14-55-13.png

 

That’s it. your’e all set! Go go go!

 

If you haven’t unlocked the bootloader, check this out first:

http://wp.me/p4W2R5-s5

Downloads

OnePlus 2 TWRP Recovery | File: Recovery TWRP.img (25.3 MB)

SuperSU

PS: Don’t try this on OnePlus One any other device whatsoever!

> Enable USB debugging from developer options once again.

> Download the TWRP recovery file (Recovery TWRP.img) and SuperSU root package file fromabove.

> Transfer the root package file (SuperSU) to OnePlus 2.

> On PC, rename the TWRP file to this name: op2-twrp.img

> Boot your OnePlus 2 into bootloader mode. Just follow the first paragraph there. (Make sure you have backed up all important data as you’ll lose everything on phone in the steps below.)

> Connect your OnePlus 2 — in bootloader mode — to PC. Let the driver install.

Open a command window on your PC in the folder where you have the op2-twrp.img file.

You will see a command window open up, with location directed to folder where you have theop2-twrp.img file.

Let’s confirm whether fastboot is working. With OnePlus 2 connected to PC, run the following command in command window. You should get a serial no. with fastboot written after it. If not,you need to reinstall the fastboot drivers from above.

fastboot devices

> Flash TWRP recovery on your OnePlus 2 by running the following command.

fastboot flash recovery op2-twrp.img

> Boot TWRP recovery on your OnePlus 2 now. For this, run the following command.

Code:

fastboot boot recovery op2-twrp.img

Screenshot_2015-08-19-14-39-05.png

 

 

That’s it. you’re done 🙂

 

Unlocking bootloader is fairly simple and is just like any other android device as oneplus supports unlocking bootloader and it does not void warranty as well.

Set Up Fastboot & ADB Drivers:

What’s ADB? ADB stands for Android Debug Bridge. It works when the device is powered on and booted into OS or Recovery. The tool helps in sending basic linux commands, and a variety Android specific commands from PC to connected Android devices.

What’s Fastboot?Fastboot works only in bootloader/fastboot mode. It allows you to re-flash system partitions on your Android device and requires a device with an unlocked bootloader. It’s particularly useful when you want to update your device manually or in a rare situation when you accidentally soft-brick your device and need to install a clean stock system image.

Thanks to XDA member Snoop05 who has developed a small program to quickly install both ADB and Fastboot files on your PC (system-wide) along with proper drivers.

Downloads and installation instructions below:

HOW TO SETUP ADB AND FASTBOOT IN 15 SECONDS

Download 15 seconds ADB Installer (9.1 MB)

Filename: adb-setup-1.3.exe

1. Download the adb-setup-1.3.exe file from the download link above.

2. Double-click/Run the adb-setup-1.3.exe file.

3. You will see a command prompt window with blue background. Say YES to all the prompts on this screen.
└ To say YES, just typeYand hit enter.

1.jpg

Once ADB, Fastboot and Drivers are installed, the setup window will automatically close and you’ll have a working ADB and Fastboot setup throughout your system.

Unlock Your Bootloader

Backup important files stored on your OnePlus 2 before proceeding with the steps below, as unlocking the OnePlus 2 Bootloader will completely wipe/delete all files on the device.

After the installation of drivers (OnePlus 2, Fastboot & ADB drivers) follow the below to proceed with Unlocking the Bootloader of your Oneplus Two

1. Enable USB Debugging:

§ Go to Settings > About phone, and then tap ‘Build number’ 7 times or until you get the message ‘You’re now a developer!’.

§ Go back to Settings, choose ‘Developer options’. Find the ‘USB debugging’ option and use itstogglebutton to enable it. Accept warning by tapping on OK button.

2. Connect your OnePlus 2 to PC now. You will get a pop-up as shown below on your phone when you connect for the first time after enabling USB debugging. Select ‘Always allow from this computer’ checkbox and then tap on OK button.

3.jpg

Boot your OnePlus Two into Bootloader/Fastboot mode. (Make sure you have backed up all important data as you’ll lose everything on phone in the steps below.)

Connect your OnePlus Two — in Bootloader mode — to PC. Let the driver install.

Open a command window on your PC. For this:

Open any folder on PC. Now, left click on empty white space inside the folder.

Hold shift key, right click on empty white space to get a pop-up as shown below.

Choose Open command window here option from that.

2.jpg

You will see a command window open up, with location directed to unlock folder.

Power off your phone then boot into fastboot mode (power + volume up).
Connect your phone to your PC via usb cable.

Confirm whether fastboot is working. With OnePlus 2 connected to PC, run the following command in command window.

Code:

fastboot devices

It should return your device serial number, if not you need to make sure your drivers are installed correctly.

4.jpg

Once you’ve confirmed your fastboot connection to unlock the bootloader use:

Code:

fastboot oem unlock

The device will now go through the automated unlocking process, just let it do its thing and it’ll boot up into Android.

5.jpg

You’ll see a new screen on your device. ChooseYes using Volume button specified and then use Power button to confirm it.

That’s it. The device will reboot automatically.

To confirm unlock status, reboot into bootloader/fastboot mode and you shall see the text unlocked now.

Code:

fastboot oem device-info

It should have a couple of lines there, both with the flag set to true.

6.png