- #3utools find notes full
- #3utools find notes pro
- #3utools find notes software
- #3utools find notes professional
Keep device in normal mode or recovery mode, plug USB cable (please don't use USB extension cable)Ģ. IPhone3G,iPhone3GS,iPhone4,iPhone4s,iPhone5,iPhone 5c,iPhone5s,iPhone6,iPhone6 Plusġ.
#3utools find notes pro
IPad1,iPad2,iPad3,iPad4,iPad Air,iPad Air2,iPad mini/2/3/4,iPad Pro IPod Touch2, iPod Touch3, iPod Touch4, iPod Touch5, iPod Touch6
#3utools find notes professional
Reverse engineering 3utools pays off and the first vulnerability has been fixed.ĭevelopers and researchers benefit from 3utools rest API and filestorage.Below devices support to professional flash:
#3utools find notes full
NOTE FOR DEVELOPERS: You can see the full documentation being developed when clicking the 'wiki' here on GitHub. Great feature if you ask me, again for developers and researchers a good way to automate their work a few more. One can ask the API to only give jailbreakable or jailbreakable and signed firmware or just any firmware for specific devices and OS versions. Probably because they use the 'screenshotr' xpc service to get the live screen.įor developers and researchers this means it is amazingly easy to quickly download the developer dmg from their servers as they are all named logically.Īside the filestorage they also have a REST json API with one can retrieve information about firmware. What is where and where is what is yet to be found out, but at least I discovered that when clicking the 'view screen' button you can see that the corresponding developer dmg image is downloaded for your device and mounted. This makes their service faster than Apple's and able to download files even when Apple's servers are down. They have a persitant file storage server where they store almost any iOS firmware related files, such as developer dmgs and jailbreaks.
Amazing infrastructureģutools seems to have amazing infrastructure.
#3utools find notes software
After all 3utools is free software anyway. Without further interruption or waiting, I immediately reported the vulnerability to 3utools and it got patched the same day.
With that I also found the domain where their UI is located at. Without even using any research tools like burpsuite and fiddler I expected that most of the content loaded in 3utools is actually just a webpage with a lot of javascript, this due to the delays in rendering certain userinterface graphics because that could mean and turned out to be loaded over the network.ģutools was vulnerable to a low-risk cross site scripting vulnerability which I found by simply entering "alert(1)" in almost any of the input fields a user could access in the software.
Since the traffic of 3utools is encrypted via TLS, I am using fiddler with its own CA certificate.Īfter launching fiddler I simply set the proxy server in the settings to be localhost with port 8888, which is what fiddler runs on.īurpsuite is also possible the same way which is amazing for debugging API calls and reproducing / interacting with API calls. The Researchģutools has the ability to specify a proxy in the settings. Not only does it show you a lot information about hardware integrity of your devices, it also helps you fix problems and jailbreak them.ģutools is not opensource but has an API for most of their functionality.įor the freedom of development I wanted to see if this API can be reused by developers as that would make the life of security researchers easier. Whyģutools is amazingly great software for managing iOS devices. Reverse engineering the commonly used 3utools software to make it more open and learn about it.