prateek147 / dvia Goto Github PK

Hi,

Xcode 6.4 threw up many different errors trying to compile this from Github source due to pre-existing developer, app and app group IDs in the project needing to be changed.

I got it to work eventually, but especially given that this project is intended to help beginner pentesters who may not have a lot of experience with Xcode, it would be very helpful to document all the changes that are necessary, particularly since WatchKit App & Extension have been added.

First I had to change the Team & bundle ID for each target in Targets / General / Identity due to an error that the App ID was already taken and had to be unique. Then I had to change the App Group ID (can't remember where I did that).

Next error:

error: WatchKit Extension doesn't contain any WatchKit apps whose bundle identifiers match "com.highaltitudehacks.dvia.watchkitapp". Verify that the value of WKAppBundleIdentifier in your WatchKit Extension's Info.plist matches the value of CFBundleIdentifier in your WatchKit App's Info.plist.

This can be solved by going into Targets / WatchKit Extension / Info / NSExtension / NSExtensionAttributes / WKAppBundleIdentifier and changing this to match the new ID of the WatchKit App that had to be changed in the previous step.

Next I faced a similar error because the WatchKit App had to be updated to match the main app's changed App ID. This seems to require manual editing the Info.plist for the WatchKit App because there's no Info tab exposed for the WatchKit app:

    <key>WKCompanionAppBundleIdentifier</key>
    <string>com.hubert3.dvia</string>

While I fixed the issue I think more documentation about the steps required on recent Xcode would be very valuable to the project.

Hi Prateek! I am on ios 10 currently so I can't use AppSync, and I don't have MacBook too. Is there any other way to install DVIA?

https://github.com/prateek147/DVIA/blob/master/DVIA/DamnVulnerableIOSApp/DamnVulnerableIOSApp/Base.lproj/Main.storyboard#L915

You can probably just add editable="NO" there.

- (IBAction)readArticleTapped:(id)sender {}

Missing the open URL call that the other vulnerability view controllers have. I suspect it should look something like this:

[DamnVulnerableAppUtilities pushWebVCWithURL:kArticleURLClientSideInjection viewController:self];

Compiler optimization strips the initialization of passwd within initializeLogin. Consequently, searching for it in the heap is futile. Below is the disassembled method from the included .ipa:

Tagging the variable volatile wasn't enough, but returning the pointer sufficed to throw the compiler off.

-(NSString *)initializeLogin {
    //DO random stuff
    NSString *passwd = @"MYw0r1d1821";
    //Finish doing random stuff
    return passwd;
}

Hi i tried installing the app with Impactor and see:
the watchkit 2.0 app being installed contains an invalid application executable.
Then I tried installing with ideviceinstaller on linux and see:
ERROR: Install failed. Got error "ApplicationVerificationFailed" with code 0xe8008018: Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.RDwLH7/extracted/Payload/DamnVulnerableIOSApp.app : 0xe8008018 (The identity used to sign the executable is no longer valid.)

When open DamnVulnerableIOSApp.xcworkspace and run the application,prompt 'Parse/Parse.h' file not found.

Checked with fsevents and introspy, it doesn't seem that if writes anything to disk, contrary to what it says.

Tested on 2.0

In AppleWatchFirstChallengeViewController.h

@property (strong, nonatomic) NSNumber *cvvCode;

In AppleWatchFirstChallengeViewController.m

-(IBAction)testButtonTapped:(id)sender
 {
    NSString *keyword = self.cvvCode;  //assigning an NSNumber* to an NSString* won't end well ;)
    if ([keyword isEqualToString:userInput]) { //crash! (unrecognized selector)

"DamnVulnerableIOSApp[53627]: -[__NSCFNumber isEqualToString:]: unrecognized selector sent to instance 0x15da9660"

Hi,

I'm trying to use the app compiling in XCode over iOS 9 and it requires bitcode for all libraries. It can be solved using cocoapods, your project uses it but the pod file is not included in the repository.

Please include it so we can know the library versions and the libraries you are using.

Thanks