Skip to content

intrepidusgroup/trustme

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

iOS TrustMe

An extreme method of disabling most certificate verification checks within iOS applications. TrustMe will defeat certificate pinning in most cases.

Description

Requires a jailbroken device. This "Tweak" disables the SecTrustEvaluate. It should only be used on testing devices with no personal data or information, since this will completely disable most SSL safeguards.

Requirements

  • MobileSubstrate (Should come with jailbroken devices)
  • dpkg (Install from Cydia)

Installation

Download the dpkg

wget https://www.dropbox.com/s/zyltyoa7s1x3m47/com.intrepidusgroup.trustme_0.1-4_iphoneos-arm.deb

dpkg -i com.intrepidusgroup.trustme_0.1-4_iphoneos-arm.deb

Usage

To disable it, uninstall the deb:

dpkg -r com.intrepidusgroup.trustme

Alternately, you can edit the plist located at /Library/MobileSubstrate/DynamicLibraries/trustme.plist

Documentation on the format of the plist can be found at

http://iphonedevwiki.net/index.php/MobileSubstrate

Build

Building requires theos.

http://iphonedevwiki.net/index.php/Theos

This is a Theos 'tweak' project. Use theos to create the required files and then run:

make

Acknowledgements

This tool is patterned on ios-ssl-kill-switch (https://github.com/iSECPartners/ios-ssl-kill-switch). Trustme uses a similar technique, but targets a C function that is lower in the call chain of most SSL certificate validation code, which allows it to disable more SSL validation code.

About

Disable certificate trust checks on iOS devices.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published