/ LocalAuthentication

SuccessID - TouchID override & simulation


iOS 8 activity

Over the past few weeks a lot has happened in the iOS jailbreaking community, PanguTeam dropped an iOS 8.0-8.1 jailbreak, developers frantically tried to iron out performance and stability issues and of course app devs began to update their tweaks and utilities.

One of the many exciting things about an iOS 8 jailbreak for me is the ability to manipulate all of the new SDK additions, HomeKit, HealthKit, ApplePay, LocalAuthentication, etc.

LocalAuthentication - TouchID

The framework of which I was particularly interested in was LocalAuthenticaiton which is responsible for in app use of TouchID.

I started up some discussion with a colleague and friend of mine, James Bowser (@slider0x90) and we started to think about what uses we could have for hooking LocalAuthentication. We came up with a few ideas and Jamie quickly got code working which allowed us to ensure that anytime an app tried to use TouchID, it would believe a valid fingerprint was provided.

We talked a little more and explored what other ideas we could incorporate and came up with a cool tweak - SuccessID.

SuccessID is very simple to use, once installed, the user uses the preferences pane in the settings app to configure its use. The user can disable/enable the weak, select a response to simulate (more on this in the next section) and lastly, configure which apps to target using AppList.
A screenshot of SuccessID

Choosing a response to simulate

One of the cool things which you can do with SuccessID is simulate what response you want LocalAuthentication to give to the app. From the Apple documentation here there are many errors which the API may respond with:

typedef NS_ENUM (NSInteger ,
   LAError )
   LAErrorAuthenticationFailed  = kLAErrorAuthenticationFailed ,
   LAErrorUserCancel            = kLAErrorUserCancel ,
   LAErrorUserFallback          = kLAErrorUserFallback ,
   LAErrorSystemCancel          = kLAErrorSystemCancel ,
   LAErrorPasscodeNotSet        = kLAErrorPasscodeNotSet ,
   LAErrorTouchIDNotAvailable   = kLAErrorTouchIDNotAvailable ,
   LAErrorTouchIDNotEnrolled    = kLAErrorTouchIDNotEnrolled ,

As can be seen above, the API might inform the app that the user wishes to enter their password instead, or that TouchID is not available, or that the user hasn't enrolled any fingerprints yet. See the screenshot below for the full list of options within SuccessID:
A screenshot of the offered successID responses

It's useful to be able to simulate these things so that we can dynamically assess how applications handle such errors when implementing TouchID authentication.

Additionally, SuccessID actually tricks applications running on older devices into believing that the device is TouchID capable. This means that even on devices without TouchID, we can simulate these responses and test the applications' TouchID functionality.

New feature just added - the user can select a response from the list during runtime, i.e. when the app wants to use TouchID, the user is presented with a dialog of which they can select a TouchID response.

Configuring which apps to target

Lastly, it's important for users to be able to use this tweak quickly and with ease so we incorporated the awesome Ryan Petrich's AppList library into the project to allow for easy enabling of apps. As can be seen in the screenshot below, the user can simply enable or disable SuccessID for any system or user application without hassle.
A screenshot of application selection within SuccessID

Downloading SuccessID

For now, SuccessID exists on my own small repo. You can simply add http://grantdouglas.co.uk to Cydia as a source and download SuccessID. SuccessID depends on AppList, Cydia Substrate and PreferenceLoader.

Alternatively, you can download the deb package here.

If you have any problems or issues with this tweak, simply comment here, tweet us at @slider0x90 & @Hexploitable or email me directly at grant AT hexplo DOT it

Grant Douglas

Grant Douglas

Senior Security Consultant @ Cigital/Synopsys. Working on everything appsec but mainly security, strategy and SAST & DAST tooling in the mobile vertical.

Read More