iPhone SSH over USB on Linux

Wednesday, March 22, 2017

iPhone SSH over USB on Linux


I recently got access to an iPhone 5C running iOS 10.2. I wanted such a device specifically to get it Jailbroken for iOS app reverse engineering and pentesting.The jailbreak was pretty simple using Yalu available on github here. 

I will not go into the details on how to Jailbreak the iOS device because its out of scope for this post. There is more than enough tutorials online on how to do this. 

So after a successful jailbreak, it was now time to SSH into the device. Due to some OpenSSH issues, it is not compatible with iOS 10.2. So this means you can not connect to ssh over WiFi with the 10.2 jailbreak. This leaves us with the option of connecting to the device using SSH over usb.

With a bit of googling, i came across this link. It basically gives a guide on how to SSH over USB on a Mac. This is the simplest one to follow:
  • Install iproxy
    • brew install libimobiledevice
  • Plug in USB cable
  • On one terminal run the following command. This will enable you to forward all traffic from port 2222 to port 22 over USB
    • iproxy 2222 22
  • Open another terminal and connect to the iPhone by running ssh
    • ssh root@localhost -p 2222
This simple guide is pretty simple and awesome for Mac but what about Linux? Kali Linux? You can do the same on Linux as shown below:
  • Install Dependencies
    • sudo apt-get install libimobiledevice*
    • sudo apt-get install libgcrypt20-doc gnutls-doc gnutls-bin usbmuxd
  • Plug in USB cable
  • Clone and run tcprelay
    • git clone https://github.com/rcg4u/iphonessh
    • cd iphonessh/python-client/
    • chmod +x *
    • python tcprelay.py -t 22:2222
  • On the other terminal run ssh
    • ssh -p 2222 root@localhost




Voila!!!