Page 1 of 1

lockdown SSL behavior

PostPosted: Fri Jul 12, 2019 1:32 am
by jonios
I've noticed that services on ios/tvos spawned via lockdown have strange behavior when it comes to SSL. The issue is that all services I can find do an SSL handshake, but some services continue to speak over the unencrypted channel rather than using SSL-encryption. I know this sounds completely bizarre but I have tested it extensively and its true. Basically a client should act like this:
Code: Select all
1. connect to usbmuxd
2. send connect message to the lockdown port, 62078
3. send lockdown a message to start a service, such as the
4. receive port from lockdown where the service is running and connect to that via usbmuxd
5. perform SSL handshake
6. use ssl_send(), ssl_recv() to talk to the service

The behavior I see differs at step 6. Instead I use standard 'recv' and 'send' to talk to the service. If I don't do the SSL handshake then the service will not talk to me at all. This seems to occur mostly when talking to network devices, but also now usb-connected devices running ios 13. The response from lockdown has EnableSessionSSL=true, so in theory the service should be speaking only SSL. Not every service acts this way, but the debugserver definitely does. A few others do, too.

Just wondering if anyone has seen similar behavior or had any idea on why it is so.