Simplify ios monitor command. (#440)

* monitor CommonCrypto in real time * typo * improve output when job already registered * fixed unpad * attempt to convert dataOut to ascii on decrypt * fixed output in CCCryptorUpdate * cleaning up style with tslint * removed dead code * simplified `monitor` command for crypto * removed duplicate helpfile * renamed helpfile to work with new command * renamed helpfile to work with new crypto monitor command Co-authored-by: Corey Gagnon <[email protected]>
sensepost · Feb 22, 2021 · ebd920e · ebd920e
1 parent a343591
commit ebd920e
Show file tree

Hide file tree

Showing 5 changed files with 2 additions and 35 deletions.
diff --git a/agent/src/ios/crypto.ts b/agent/src/ios/crypto.ts
@@ -323,14 +323,6 @@ export namespace ioscrypto {
     });
   };
 
-  export const disable = (): void => {
-    // if we already have a job registered then kill it
-    if (jobs.hasIdent(cryptoidentifier)) {
-      send(c.red(`Killing `) + `${cryptoidentifier}`);
-      jobs.kill(cryptoidentifier);
-    }
-  };
-
   export const monitor = (): void => {
     // if we already have a job registered then return
     if (jobs.hasIdent(cryptoidentifier)) {

diff --git a/agent/src/rpc/ios.ts b/agent/src/rpc/ios.ts
@@ -61,7 +61,6 @@ export const ios = {
     hooking.watchMethod(selector, dargs, dbt, dret),
 
   // ios crypto monitoring
-  iosMonitorCryptoDisable: (): void => ioscrypto.disable(),
   iosMonitorCryptoEnable: (): void => ioscrypto.monitor(),
 
   // jailbreak detection

diff --git a/objection/commands/ios/monitor.py b/objection/commands/ios/monitor.py
@@ -1,18 +1,5 @@
 from objection.state.connection import state_connection
 
-
-def crypto_disable(args: list = None) -> None:
-    """
-        Attempts to disable ios crypto monitoring.
-
-        :param args:
-        :return:
-    """
-
-    api = state_connection.get_api()
-    api.ios_monitor_crypto_disable()
-
-
 def crypto_enable(args: list = None) -> None:
     """
         Attempts to enable ios crypto monitoring.

diff --git a/objection/console/commands.py b/objection/console/commands.py
@@ -757,22 +757,11 @@
                 'meta': 'Commands to work with ios function monitoring',
                 'commands': {
                     'crypto': {
-                        'meta': 'Hooks for working with monitoring iOS CommonCrypto usage',
-                        'commands': {
-                            'disable': {
-                                'meta': 'Disable CommonCrypto monitor',
-                                'exec': ios_crypto.crypto_disable
-                            },
-                            'monitor': {
-                                'meta': 'Monitor CommonCrypto operations',
-                                'exec': ios_crypto.crypto_enable
-                            }
-
-                        }
+                        'meta': 'Monitor CommonCrypto operations',
+                        'exec': ios_crypto.crypto_enable
                     }
                 },
             },
-
         }
     },
 

diff --git a/.../helpfiles/ios.monitor.crypto.monitor.txt → .../console/helpfiles/ios.monitor.crypto.txt b/.../helpfiles/ios.monitor.crypto.monitor.txt → .../console/helpfiles/ios.monitor.crypto.txt