iOS Device Update

Updating iOS Agent for Lab Workstation 4.0

Before connecting your iOS device to Lab Workstation 4.0, you must update your device’s iOS agent by completing the following provisioning steps:

Step 1 - Remove old packages and sources

From your iOS device, launch Cydia. In Cydia, go to ‘Sources’ from the bottom bar.  Select the Lab Workstation / cydia.nowsecure.com source.

Remove Old Packages and Sources

Select All Packages and remove any installed packages. Installed packages have a green checkmark to their right.  There may be several packages installed on your device.

Select All Packages

To remove installed packages, select Modify, then Remove.

Modify Packages

Once all packages have been removed, select Sources.  Select Edit, then red circle next to the Lab Workstation source, then Delete.

Remove Lab Workstation SourceDelete Lab Workstation Source

Once the source is removed, proceed to Step 2.

Step 2 - Check for Old Packages

In Cydia, select Installed, and from the top select Expert.

Check Old Packages

Remove the following packages with from Unknown / Local source from the list below, if found:

Cycript (viaLab)

Cycript

SSH Config for viaLab

SSH Config for viaLab

viaLab iOS X (Pro)

viaLab iOS X

Agent iOS X (Pro)

Agent iOS X

Provisioning an iOS Device for Lab Workstation

Note: These instructions assume that you have already factory reset and jailbroken your device.

iOS7 - iOS8 - iOS9 (through 9.3.3)

Lab Workstation is hosted in a Cydia repository.  The repo is responsible for keeping the needed dependencies up-to-date and also responsible for the agent/certificate installation.

Provisioning Steps:

From the jailbroken iOS Device, open safari and browse to this URL: https://cydia.nowsecure.com (requires a connection to the Internet).  From this page, select Click here to Provision.

If prompted to Open in Cydia click Open.  A screen will be presented within Cydia.  Click Install the Source to continue. Once complete, click Return to Cydia.  The Source has now been added. (Note: On first launch, Cydia will need to prep the filesystem.  The device will reboot upon completion.  If this is the case, start back from step one after the device reboots).

A screen will then be presented with a new button that says Continue to Package. click it.

Select Install in the upper-right corner. Select Confirm

The needed packages start to install.  During this installation, you will be prompted to install a certificate.  This root certificate is used in a couple of the network tests that NowSecure Lab performs.  Select Install when you are presented with the certificate

Note (iOS 8 users): If you are not prompted to install a certificate and you are instead presented with a blank Safari screen, then you will need to reinstall the certificate using Cydia.  To do this, launch Cydia, click the search button in the bottom right corner, search for Certificate and select Certificate (viaLab), select Modify in the top right corner, and choose Reinstall. You should then be prompted to install the certificate.

For iOS 9: To install the certificate for iOS 9, return to the cydia.nowsecure.com page from the devices browser.  At the bottom of the page, select Install Profile.  You will then be prompted to install the certificate.

Upon completion of the installation, you will be brought to a blank safari screen.  To ensure that everything was installed properly, we will need to restart the springboard, which will ensure that everything has been installed properly.  Open the Cydia app, and click Restart Springboard.

The device has now been provisioned for Lab Workstation.

Manually Adding a Source (Optional):

If the above instructions don’t work for some reason, you will need to manually add the source within Cydia.  This can be done using these steps:

Ensure that the device is connected to the Internet.

Open Cydia (on first launch, Cydia will need to prep the filesystem.  The device will reboot upon completion).

Select Sources from the bottom menu of the Cydia application.

Select Edit in the upper-right corner, then select Add in the upper-left corner.

Type the following URL: https://cydia.nowsecure.com

Select Add Source. The Lab Workstation repo will be added as a source

Select Search in the bottom right corner of the Cydia application

Type vialab into the search bar.  Select the viaLab package for your respective iOS and viaLab version.  For example, if you have an iOS 7 device and you are using viaLab Community Edition then you would select viaLab iOS 7 (CE).

Factory Reset an IOS Device

Note: This process should only be followed if you are prepared to update to the latest iOS version. Apple forces this behavior and prevents users from selecting a specific version. With this, please ensure that the version you are upgrading to has a supported jailbreak that can be used, as this is a major requirement in Lab Workstation device provisioning.

Requirements: 

  • iOS Device with USB cable

  • Host machine running Windows/Mac OSX with ITunes installed

  • Internet Connection (to download the iOS Update)

  • A SIM card (does NOT have to be an activated one)**

  • SIM card will be required for iPhone (5s and older) and iPad devices that have cellular capability. This is an activation process imposed by Apple and just needs to detect the presence of a SIM card, not an active cellular connection.

Also before beginning, you will want to check the “Find my iPhone” settings on the device itself.  If this feature is enabled, and the device is restored, the device will be locked, and can only be unlocked by using the Apple ID/Password that was used to setup the “Find my iPhone” feature.

You can check this in Settings -> iCloud.  If there is an Apple ID tied to the device itself, this option is usually enabled by default.  Look to see if the “Find My iPhone” feature is enabled.  We recommend just deleting the account from the device completely before restoring, just to be on the safe side.  You can do this by clicking “Delete Account” located at the bottom of the iCloud settings.

Steps:

Plug the device into the host machine using the USB cable. This should launch iTunes automatically. If not, you will need to manually start up iTunes.

iTunes will detect the device. If it starts to sync, you can cancel that action, as we are going to reset the device to a stock state. If this is the first time connecting this iPhone to iTunes, you may need to step through a couple setup screens to continue on to the restore process.

Once you get to the main device screen, you will see two options, “Update” and “Restore iPhone”.  Do not click on the update option as this could cause issues with the device itself.  Use the “Restore iPhone” option to initiate the reset process.

A confirmation menu will appear.  Select “Restore and Update” to proceed.  Note: This WILL erase any and all data (including apps, data, keychain items, certs, history, etc..) from the device.  This is the point of no return.

Once clicked, the iOS download will be initiated.  This may take a few minutes to download based on the speed of the Internet connection.

Once downloaded, the phone will reboot and the device will start the update process.  When the device has been restored, you will be walked-though a few setup screens that collect basic information (country, WiFi network, etc..).

A connection to Apple is required to ensure that the device has not been locked/blacklisted.  This can be accomplished by either connecting the device to WiFi, or connecting to ITunes.

The last step of this process is the SIM card check.  If your device has cellular capability (iPhone 5s or older), you will be prompted with an insert SIM screen:

Insert a SIM card and click “Try Again”.  Once complete, it will progress past this screen and the setup will continue.

Complete the rest of the setup until you arrive at the home screen. This step is now complete.

Jailbreak an iOS 8 - 9.3.3 Device

Note: This method is intended for use on 8.0-9.3.3 devices and utilizes the Pangu/Taig jailbreak method.  Ensure your device is running a compatible version before continuing.

Before jailbreaking, for best results, Disable “Find My iPhone” (if necessary) on your iOS device. Navigate to Settings > iCloud > Find My iPhone and turn off the ‘Find My iPhone’ toggle.  Apple ID password is required to confirm.  Disable Passcode and Touch ID unlock.  You can achieve this by going to Settings > Touch ID & Passcode and then tapping on the ‘Turn Passcode Off’ option.

Requirements:

iOS Device running a jailbreakable version of iOS

iOS 9.2-9.3.3

Additional Requirements:

A 64 bit device running iOS 9.2-9.3.3 which include:

  • iPhone 5s

  • iPhone 6

  • iPhone 6+

  • iPhone 6s

  • iPhone 6s+

  • iPhone SE

  • iPad Mini 2

  • iPad Mini 3

  • iPad Mini 4

  • iPad Air

  • iPad Air 2

  • iPad Pro (both sizes)

  • iPod Touch 6G

A valid Apple ID.

  • The Apple ID can be one that was recently made.

  • WiFi connection for the iOS device.

Restrictions:

The Pangu iOS 9.3.3 jailbreak has several restrictions relating to its persistence on devices, and the requirement of a cert for the app itself.

A device will only remain in jailbreak until it is rebooted.  A soft reboot will not cause the jailbreak to dismiss, but a hard reboot will.  For however long a jailbreak device remains turned on without a hard reboot, that device will remain in jailbreak.

An Apple ID is required to sign the ipa file so it may run on the device. If you need to create an Apple ID, one can be created at https://appleid.apple.com/account.  Due to the signing requirement, there are some limitations to consider:

  • The certificate will expire in 7 days if you use a regular user Apple ID to sign the certificate.

  • There is a limitation on the number of certificates that a regular user Apple ID can sign.

If you have access to a developer membership, it is recommended to sign the ipa file with your own developer certification, which will prevent the certificate from expiring for up to 1 year.

If you do not have a developer membership, there is a workaround.  The Pangu app allows you to use their embedded certificate to sign the application until April 2017.  The directions Pangu provides, referenced in Initial Jailbreak, show how this is performed. Before peforming the jailbreak, the app will have a check box option that. Select that check box if you wish to use their cert.  We recommend using this option if a developer membership is not available.

It should be noted, even if the certificate expires, the device will not lose it’s jailbreak unless it is rebooted.  This means that as long as the device remains powered on and a hard reboot is not performed, the phone will remain in jailbreak.

Initial Jailbreak

We recommend following the directions located on http://en.pangu.io/help.html.  Make sure you are able to connect your iOS device to your computer.

Re-jailbreaking

Due to the nature of this jailbreak, if an iOS device is rebooted, it loses its jailbreak.  To re-jailbreak the device, open the Pangu app , select Start, lock the device, and allow the device to perform a soft reboot.  Once the device comes back on, the jailbreak will be in effect.

Jailbreak an iOS 10 - 10.2 Device

Note: This method is intended for use on 10.0-10.2 devices and utilizes the Yalu102 jailbreak method.  Ensure your device is running a compatible version before continuing.

Requirements:

iOS Device running a jailbreakable version of iOS

iOS 10.0-10.2

Additional Requirements:

A 64 bit device running iOS 10.0-10 which include:

  • iPhone 5s

  • iPhone 6

  • iPhone 6+

  • iPhone 6s

  • iPhone 6s+

  • iPhone SE

  • iPad Mini 2

  • iPad Mini 3

  • iPad Mini 4

  • iPad Air

  • iPad Air 2

  • iPad Pro (both sizes)

  • iPod Touch 6G

A valid Apple ID.

  • The Apple ID can be one that was recently made. It does not need to meet any special criteria

  • WiFi connection for the iOS device.

Restrictions

An Apple ID is required to sign the ipa file so it may run on the device. If you need to create and Apple ID, one can be created at https://appleid.apple.com/account. Due to the signing requirement and tethered jailbreak requirements, there are some limitations to consider:

  • The certificate will expire in 7 days if you use a regular user Apple ID to sign the app

  • A reboot will cause the device to lose it’s jailbreak.

  • openSSH should not be used on your iOS 10 device, as it will break the device. An alternate SSH daemon is used, called Dropbear.

    DO NOT INSTALL OpenSSH.

iOS 10 Jailbreak Tutorial

These directions are intended to be used from within the MacBook. Not the Santoku VM. Please turn off VMWare before you begin this process.

  1. Create an iTunes Backup of your iOS device
  2. Turn off Siri, Find My iPhone, TouchID, and pin code login. Also logout of iCloud/iTunes if you had an account..
  3. Download Cydia Impactor from http://www.cydiaimpactor.com/
  4. Download the NowSecure Yalu102 Jailbreak from: http://downloads.nowsecure.com/direct/ns-yalu102.ipa

    • SHA256: 48e21c0112b442cf77ef552101dcba65aa06ab86fef054d3a44eed31c8408ceb

    • We have modified the Yalu102 jailbreak for testing devices. If you plan to download the Yalu102 Jailbreak for personal use, please download from the official release.

  5. Create an Apple ID: https://appleid.apple.com/account#!&page=create

    • Make sure you have DISABLED 2-Factor Authentication on your Apple ID.
  6. With your iOS device connected to your computer and iTunes closed out, launch Cydia Impactor

  7. With Cydia Impactor launched, you will see the device name in top field of the window. Impactor

  8. Drag the ns-yalu102.IPA on to the Impactor window.

  9. You will be prompted to enter an Apple ID. Enter your Apple ID Username and Password. Impactor

    Impactor

  10. Impactor will sign and sideload the IPA automatically to your device.

  11. On the iOS device go to Settings>General> Device Management. Select the ns-yalu102 app. Select ‘Trust’ on the screen. A message asking to verify the trust will pop up. Select ‘Trust’. Trust App

  12. Launch the yalu102 app. Yalu Jailbreak

  13. When the app has been launched, you will see a prompt stating “May Slow Down Your iPhone”. Press OK. Yalu Jailbreak

  14. Press ‘Go’. Your device will begin performing a reboot. Yalu Jailbreak

  15. Once your device is back on, confirm you have access to the Cydia app. Launch the Cydia app the confirm your device is jailbroken. Cydia

    Yalu Jailbreak

Re-jailbreaking

Due to the nature of this jailbreak, if an iOS device is rebooted, it loses it’s jailbreak. To re-jailbreak the device, open the yalu102 app, select Go, lock the device, and allow the device to perform a soft reboot. Once the device comes back on, the jailbreak will be in effect. If the app opens and does not have the Go option available, this means the jailbreak is already in effect.

If the app does not open, and notifies you that it is not available, you will have to follow the steps in in Jailbreak Instructions. Make sure to remove the yalu102 app from your homescreen before Jailbreaking your device again.

Updating iOS Test Devices

This article will explain:

  1. Why Lab Workstation users should update iOS testing devices with caution because a jailbreak might not yet be available

  2. Why users should keep devices running major iOS versions that are not yet jailbroken on reserve in anticipation of Lab Workstation support for those versions.

To account for all possible scenarios, mobile apps should undergo security testing in a worst-case environment such as on a jailbroken device. For this reason, Lab Workstation tests iOS apps on a jailbroken version of the iOS operating system.

A jailbreak method for a new version of iOS is not immediately available upon Apple’s release of an iOS update. In addition, soon after a jailbreak is available, Apple will release a new version of iOS that patches the jailbreak method.

As soon as a jailbreak method for a newer version of iOS is available to us, our research and development team begins updating Lab Workstation and the agent to support testing of apps on that jailbroken version of iOS. Until that Lab Workstation update is released, however, a device running a non-jailbroken version of iOS will not function with Lab Workstation.

Therefore, we recommend that whenever Apple releases a new major version of iOS (e.g., iOS 8, 9, 10, etc.), Lab Workstation users do the following:

  1. Update another device not currently used for testing to the new major iOS version

  2. Keep that device on reserve

  3. Refrain from performing any further updates on that device

This will ensure that as soon as Lab Workstation supports a new major version of iOS, you have a device on hand you can use to test apps on that jailbroken version of iOS.

Example

  1. Prior to Lab Workstation 3.6, users tested iOS apps on a jailbroken device running iOS 8.4.

  2. When Apple released iOS 9, users continued testing apps on the iOS 8.4 device.

  3. Some users set aside another device and updated it to iOS 9 in anticipation of Lab Workstation eventually supporting it.

  4. With the release of Lab Workstation 3.6, those users that set a device running iOS 9 aside were able to test iOS apps on that reserved device.

  5. Users that did not set aside a device could not test iOS apps on an iOS 9 device

  • If they were to update their iOS 8.4 device, Apple’s update process only allows the update of a device to the most current production version (iOS 9.3.3 in this example).

  • Because 9.3.3 was not jailbroken at the time, the updated test device would not function with Lab Workstation.

Please contact [email protected] with any questions regarding this issue.