Estimated reading time: 2 minutes
Updated Mon 9 OCT 2023
Executive Summary
In this article, I drop into the processing of SRD Cryptex Installation and the manual steps to build and install the SRD Cryptex DMG using the “./example-cryptex/” directory from the Apple Source Code.
Article Content
I created a SRD DMG Installation Script that simplifies the manual build pipeline. This script is for those looking to streamline the installation process, complete with a pre-built example SRD Cryptex DMG from my GitHub Repo.
SRD Abilities
The Apple Security Research Device affords Researchers the following abilities that a user Device doesn’t: (1) Side-load executable code onto the device with arbitrary entitlements at the same permission level as Apple operating system components, (2) Start services at startup, (3) Persist content across restarts. The Researcher can see and interoperate with all system services and devices with root permissions and Apple Entitlements.
Table of contents
Prerequisites
- macOS
- Xcode
- brew install gnu-sed automake hg git-lfs
- Source Code
DMG Installation
To bypass the manual build and install process, I’ve created a script that handles the installation of a pre-built SRD Cryptex to your Device. To automagically install the Cryptex, Copy and Paste the Code below in Terminal to Download and Install an example SRD Cryptex DMG, or manual Build Instructions are shown further below:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/xsscx/srd/main/dmg/install.sh)"Reproduction Video
START HERE
SRD Boot
This example makes use of the directory ../example-cryptex/.
- Plug in your SRD to your X86_64 or M1 HOST
- SRD will Boot
- Open Finder and Trust the Device
- On the SRD Screen, Trust the Host
- Open Terminal
- cd example-cryptex
Get my pre-built, working ./example-cryptex/ for X86_64 or arm64e for srd cryptex installation or build manually the cryptex as shown below:
X86_64
wget https://xss.cx/srd/example-cryptex/hoyt-working-example-cryptex.zip
unzip hoyt-working-example-cryptex.zip
cd public-domain
make installarm64e
wget https://xss.cx/srd/example-cryptex/hoyt-working-example-cryptex-plus-compiled-binaries-arm64e.zip
unzip hoyt-working-example-cryptex.zip
cd public-domain
make installScripted
cd example-cryptex
wget https://xss.cx/srd/dmg/srd-universal-cryptex.dmg
cryptexctl ${CRYPTEXCTL_FLAGS} create --research --replace ${CRYPTEXCTL_CREATE_FLAGS} --identifier=com.example.cryptex --version=1.3.3.7 --variant=research srd-universal-cryptex.dmg
cryptexctl ${CRYPTEXCTL_PERSONALIZE_FLAGS} personalize --replace --variant=research com.example.cryptex.cxbd
cryptexctl uninstall com.example.cryptex
cryptexctl install --variant=research --persist com.example.cryptex.cxbd.signed
cryptexctl listYou now have a fresh cryptex installed on your SRD.
SSH
ssh -l root %SRD-IP%
password = alpine
ssh -l root 192.168.3.88
root@192.168.3.88's password: (alpine)
# uname -a
Darwin iPhone 20.4.0 Darwin Kernel Version 20.4.0: Wed Mar 3 07:07:15 PST 2021; root:xnu-7195.100.367~21/RELEASE_ARM64_T8030 iPhone12,1
# whoami
root
# pwd
/private/var/root
#Logging
When you first login to the SRD, Upgrade or Downgrade an IPSW, consider this CopyPasta to Enable Private Data:
# echo '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>Enable-Private-Data</key><true/></dict></plist>' > /Library/Preferences/Logging/com.apple.system.logging.plist
Then kill -HUP logd and watch your Console Log. Those <private> Log Message will now be populated with actionable data.