-
Notifications
You must be signed in to change notification settings - Fork 135
/
Tweak.xm
105 lines (85 loc) · 3.25 KB
/
Tweak.xm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#import <Security/SecureTransport.h>
#import "substrate.h"
#define PREFERENCEFILE "/private/var/mobile/Library/Preferences/com.isecpartners.nabla.SSLKillSwitchSettings.plist"
// Utility function to read the Tweak's preferences
static BOOL shouldHookFromPreference(NSString *preferenceSetting) {
NSString *preferenceFilePath = @PREFERENCEFILE;
NSMutableDictionary* plist = [[NSMutableDictionary alloc] initWithContentsOfFile:preferenceFilePath];
if (!plist) { // Preference file not found, don't hook
NSLog(@"SSL Kill Switch - Preference file not found.");
return FALSE;
}
else {
id shouldHook = [plist objectForKey:preferenceSetting];
if (shouldHook) {
[plist release];
return [shouldHook boolValue];
}
else { // Property was not set, don't hook
NSLog(@"SSL Kill Switch - Preference not set.");
[plist release];
return FALSE;
}
}
}
// Hook SSLSetSessionOption()
static OSStatus (*original_SSLSetSessionOption)(
SSLContextRef context,
SSLSessionOption option,
Boolean value);
static OSStatus replaced_SSLSetSessionOption(
SSLContextRef context,
SSLSessionOption option,
Boolean value) {
// Remove the ability to modify the value of the kSSLSessionOptionBreakOnServerAuth option
if (option == kSSLSessionOptionBreakOnServerAuth)
return noErr;
else
return original_SSLSetSessionOption(context, option, value);
}
// Hook SSLCreateContext()
static SSLContextRef (*original_SSLCreateContext) (
CFAllocatorRef alloc,
SSLProtocolSide protocolSide,
SSLConnectionType connectionType
);
static SSLContextRef replaced_SSLCreateContext (
CFAllocatorRef alloc,
SSLProtocolSide protocolSide,
SSLConnectionType connectionType
) {
SSLContextRef sslContext = original_SSLCreateContext(alloc, protocolSide, connectionType);
// Immediately set the kSSLSessionOptionBreakOnServerAuth option in order to disable cert validation
original_SSLSetSessionOption(sslContext, kSSLSessionOptionBreakOnServerAuth, true);
return sslContext;
}
// Hook SSLHandshake()
static OSStatus (*original_SSLHandshake)(
SSLContextRef context
);
static OSStatus replaced_SSLHandshake(
SSLContextRef context
) {
OSStatus result = original_SSLHandshake(context);
// Hijack the flow when breaking on server authentication
if (result == errSSLServerAuthCompleted) {
// Do not check the cert and call SSLHandshake() again
return original_SSLHandshake(context);
}
else
return result;
}
%ctor {
NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
// Should we enable the hook ?
if (shouldHookFromPreference(@"killSwitchSSLHandshake")) {
NSLog(@"SSL Kill Switch - Hook Enabled.");
MSHookFunction((void *) SSLHandshake,(void *) replaced_SSLHandshake, (void **) &original_SSLHandshake);
MSHookFunction((void *) SSLSetSessionOption,(void *) replaced_SSLSetSessionOption, (void **) &original_SSLSetSessionOption);
MSHookFunction((void *) SSLCreateContext,(void *) replaced_SSLCreateContext, (void **) &original_SSLCreateContext);
}
else {
NSLog(@"SSL Kill Switch - Hook Disabled.");
}
[pool drain];
}