Kotani bald collection
- Brothers have to have first
Prison cell phone“And then pack itOpenSSH plug-in. (Xiao Gu will not demonstrateCell phone Jailbreak processAfter all, teaching fish to swim.
1. SSH to log in
1.1. Login demo
-
This section describes SSH, a network protocol used for encrypted login
-
When we reverse-engineer, we’ll definitely use the phone. In this case, we will use OpenSSH to log in.
-
If we log in using OpenSSH, we have 2 users. One is root login, the other is mobile login. If we reverse engineer, we usually use root login, after all, the permissions are higher
-
- Login command (terminal input)
SSH root @ IP address
The IP address here is the only ONE connected to WiFi on your phone
-
- The first time you have options
Then you can use your mobile phone (you can also play Mobile login, just change root to Mobile, but with lower permissions).
1.2. Login principle
Writing a blog for OpenSSH, I’m sure I’ll explain how it works
- It’s better to draw a picture :(we log in to our phones from computers)
1.3. Man-in-the-middle attack
RAS SHA256 = RAS SHA256 = RAS SHA256 = RAS SHA256 = RAS SHA256
1.3.1. Principle of man-in-the-middle attack
Let’s start with man-in-the-middle attacks. How to protect SSH login
-
You guys can imagine that. If the WiFi connected to us does a wave of operations: intercepts the public key from iPhone to Mac and sends it to Mac– its own public key. Then, after the Mac enters the password, decrypts it with its own private key, and encrypts it with the public key of iPhone and sends it to iPhone, is there something wrong
-
It’s a little hard to say, but it’s better to draw a picture
1.3.2. Anti-middleman measures
Xiaogu is so stupid to think of hidden dangers, so SSH so severe may want to solve the solution, 😁
-
RAS SHA256 from the first login
-
When the Mac is sent, there is a wave of verification so that the iPhone’s public key is encrypted
-
Kotani will not draw this time (drawing quality is limited ~ 😆)
2. Encrypted login (public key login)
2.1. Principle of non-secret Login
-
Guys don’t want to type in the code every time. That’s where cryptographic-free logins come in
-
Encryption-free logins are primarily the Mac’s public and private keys
-
Kotani has to show a lot of talent for painting
So secret login is also called public key login
2.2. Secret Free login demonstration
- If you log in for the first time, you need to generate public and private keys
ssh-keygen
-
If you already have a public and private key, it will automatically match, so you can skip this step
-
And then the request is sent
SSH - copy - id root @ IP address
- Then you can log in without a password
2.3. The config configuration
The lazier the person, the easier it is. (Like me, 😆)
- We could do something a little easier. in
~.sshIn the configurationconfig
- If we log in,
This is a lot more convenient
3. The USB to log in
- Due to the
Reverse developmentFrom time to time. withWiFi LoginSometimescaton. So there’s another oneUSB login
This is really cool
- We use
WiFi login, the default port is22,USB loginifMapping portsIt is ok
Do not set the port mapped by yourself. Find a port that is not used. For example: 12345
-
SSH root@ip == SSH -p 22 root@ip
-
USB login there are a lot of scripts written by big guys on the web. I’m going to talk about libiMobileDevice
-
Let’s start by installing brew List LibiMobileDevice
-
Map port iProxy 12345 22
-
After that we can log in to SSH -p 12345 root@localhost
-
-
I wrote the sh script so as not to type it every time. Direct call
We have a Mac USB plug-in recognition, we mainly is his interface mapping, directory in/System/Library/PrivateFrameworks/MobileDevice framework/Resources
4. To summarize
-
OpenSSH is a must for reverse development. Use more discovery is actually a call script operation ~
-
My next blog post is going to be a shell buster. It’s on the same level as OpenSSH
-
Finally, hope the brothers big guys give more advice ~