Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ios-mobileprovision-finder
Advanced tools
API to find an iOS mobile provision
Usage: ios-mobileprovision-finder -u [device uuid] -i [app bundle id]
Options:
-h, --help Show help [boolean]
-u, --uuid Provide one or more device UUIDs the searched provisioning
profile should be able to deploy to. [array]
-i, --app-id Provide application bundle identifier the searched
provisioning profile should match. [string]
-e, --eligible Prints only eligible profiles [boolean] [default: false]
-t, --team Provide team name the provisioning profile should belong to.
[string]
-p, --type 'development', 'distribution', 'adhoc' or 'all'; - specify the
provisioning profile type. [string] [default: "development"]
Example:
mcsofcankov:ios-mobileprovision-finder cankov$ ios-mobileprovision-finder -e -i org.nativescript.examples -t 'Telerik A D'
eligible:
- 'iOS Team Provisioning Profile: *' Telerik A D (exp: 5 Nov 2017) 16455071-eb38-4ebc-9a79-0ef50f76307a id: CHSQ3M3P37.* Development
- 'NativeScriptWildCard' Telerik A D (exp: 2 Nov 2017) 3aa58a65-f8da-4c67-bce8-ff9624822e31 id: CHSQ3M3P37.* Development
- 'iOS Team Provisioning Profile: org.nativescript.examples' Telerik A D (exp: 5 Nov 2017) f79232c0-b3b3-4b9d-be8e-f4f398cead88 id: CHSQ3M3P37.org.nativescript.examples Development
Read the public API from index.d.ts and the ios-mobileprovision-finder.ts command line tool for example.
import { provision, cert } from "./index";
const certificates = cert.read();
const provisionProfiles = provision.read();
const result = provision.select(provisionProfiles, {
AppId: "org.nativescript.examples",
TeamName: "Telerik AD",
Certificates: certificates.valid
});
result.eligible.forEach(({Name, UUID}) => {
console.log(` - ${Name} ${UUID}`);
});
Read all files in Library/MobileDevice/Provisioning Profiles/ and scan for the plist containing provisioning profile information. Parse the plist and keep the data.
List all the valid certificates in the default keychain search list using:
security find-identity -p codesigning
It yelds output such as:
1) FAE6210D184FCC1707B87F1C582280A286898EE3 "iPhone Distribution: Telerik A D (CHSQ3M3P37)"
2) 89936062DD52C7FEF2273E677AC98D109F198A84 "iPhone Developer: Panayot Cankov (3KZR3BE4ZD)" (CSSMERR_TP_CERT_REVOKED)
3) 0F0077D3EBEA9D0AB6668B8BCB90152ACE7BA4E9 "iPhone Developer: Panayot Cankov (TT4M4FMX2A)" (CSSMERR_TP_CERT_REVOKED)
4) 07AB20E16C86E2B548A91920B83EC27D78AFC7EB "iPhone Developer: Panayot Cankov (3KZR3BE4ZD)"
5) 9354FAEF631DC3E9B07929F20991829FF5E21C36 "iPhone Developer: Panayot Cankov (TT4M4FMX2A)"
6) 9D591A6ADAF9C99A9C19FC1A8EE7FA153C613441 "iPhone Distribution: Telerik AD"
That is then parsed and the PEMs are retrieved using:
security find-certificate -apZ
This prints the certificate SHAs, match ths SHA with the valid certs from the previous step, along PEMs. The PEMs and cert names are combined and later certificates can be matched with the certificates in the provisioning profiles.
This relies on the cert hashes.
FAQs
API to find an iOS mobile provision
The npm package ios-mobileprovision-finder receives a total of 4,528 weekly downloads. As such, ios-mobileprovision-finder popularity was classified as popular.
We found that ios-mobileprovision-finder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.