Problem with Applications that contain a space on their name

[iambooker]

Issue

It seems that Needle cannot play with apps that contain a space or spaces on their package name. For example it works fine with apps that their name composed from a single word (e.g. /private/var/mobile/Container/Bundle/Application/appname/ ). However there is a problem when the Needle dealing with apps that their name composed from more than one word (e.g. /private/var/mobile/Container/Bundle/Application/app name/ ).

Expected behaviour

In case that I use the "metadata" module, Needle should can pull the "Info.plist" file from the target application directory flawlessly.

Actual behaviour

However, when my target app's name has a space or more, then needle cannot pull the "Info.plist" file from the target application directory. As you will see above (in needle error logs section) , some bizarre quotes added on the app's name (that happens only when space/s included on the app's name).

Steps to reproduce

1. set Needle to connect via SSH on the remote device
2. use /binary/info/metadata module (select an app with at lease one space on its package name)
3. run

needle error logs

Ensure verbose and debug mode are enabled:

[needle] > set VERBOSE True
VERBOSE => True
[needle] > set DEBUG True
DEBUG => True

[] Retrieving app's metadata...
[D] Copying the plist to temp: '/private/var/mobile/Containers/Bundle/Application/01BC3B02-EE26-4A00-882C-BDF22154D8A3/My App.app'"'"'/Info.plist' -> /root/.needle/tmp/plist
[] Pulling: '/private/var/mobile/Containers/Bundle/Application/01BC3B02-EE26-4A00-882C-BDF22154D8A3/My App.app'"'"'/Info.plist' -> /root/.needle/tmp/plist
[D] Downloading: "'/private/var/mobile/Containers/Bundle/Application/01BC3B02-EE26-4A00-882C-BDF22154D8A3/My App.app'"'"'"'"'"'"'"'"'/Info.plist'" -> /root/.needle/tmp/plist
[D] [LOCAL CMD] Local Command: sshpass -p "alpine" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 22 [email protected]:"'/private/var/mobile/Containers/Bundle/Application/01BC3B02-EE26-4A00-882C-BDF22154D8A3/My App.app'"'"'"'"'"'"'"'"'/Info.plist'" /root/.needle/tmp/plist

Environment

Needle Version

• Framework (on your machine): Latest version - fresh install
• Agent (on your device): v.1.0.5

Workstation Operating System

Kali Rolling - Latest Release

Python Version

2.7.14

Python Packages (pip freeze)

adns-python==1.2.1
anyjson==0.3.3
argcomplete==1.8.1
argh==0.26.2
asn1crypto==0.22.0
attrs==17.2.0
Automat==0.6.0
backdoor-factory==0.0.0
backports-abc==0.5
backports.shutil-get-terminal-size==1.0.0
backports.ssl-match-hostname==3.5.0.1
BBQSQL==1.0
BeautifulSoup==3.2.1
beautifulsoup4==4.6.0
biplist==1.0.2
BlindElephant==1.0
blinker==1.3
brotlipy==0.6.0
capstone==3.0.4
certifi==2017.4.17
chardet==3.0.4

FIXME: could not find svn URL in dependency_links for this package:

chirp===daily-20170714
click==6.7
colorama==0.3.7
ConfigArgParse==0.11.0
configobj==5.0.6
configparser==3.5.0
constantly==15.1.0
construct==2.5.2
couchdbkit==0.6.5
cryptography==1.9
cssutils==1.0
cycler==0.10.0
decorator==4.1.1
dicttoxml==1.7.4
dissy==9
distorm3==3.3.4
dnslib==0.9.7
dnspython==1.15.0
docutils==0.13.1
easygui==0.96
Elixir==0.7.1
enum34==1.1.6
feedparser==5.1.3
Flask==0.12.2
frida==10.6.18
functools32==3.2.3.post2
fuse-python==0.2.1
future==0.15.2
futures==3.1.1
GDAL==2.2.1
GeoIP==1.3.2
gevent==1.1.2
greenlet==0.4.12
h2==2.5.2
hpack==3.0.0
html2text==2016.9.19
html5lib==0.999999999
http-parser==0.8.3
httplib2==0.9.2
httpretty==0.8.14
hyperframe==4.0.1
hyperlink==17.3.1
idna==2.5
impacket==0.9.15
incremental==16.10.1
ipaddress==1.0.17
IPy==0.83
ipython==5.1.0
ipython-genutils==0.2.0
itsdangerous==0.24
jdcal==1.0
Jinja2==2.9.6
jsbeautifier==1.6.4
jsonpickle==0.9.5
jsonrpclib==0.1.3
keepnote==0.7.8
keyring==10.4.0
keyrings.alt==2.2
killerbee==1.0
lxml==3.8.0
M2Crypto==0.24.0
Mako==1.0.7
MarkupSafe==1.0
matplotlib==2.0.0
mechanize==0.2.5
mercurial==4.0
metaconfig==0.1.4a1
mitmproxy==0.18.2
mockito==0.5.2
msgpack-python==0.4.8
mysqlclient==1.3.10
nassl==0.12
netaddr==0.7.18
NfSpy==1.0
numpy==1.13.1
olefile==0.44
openpyxl==2.3.0
PAM==0.4.2
paramiko==2.0.0
passlib==1.7.1
pathlib2==2.3.0
pathtools==0.1.2
pcapy==0.10.8
pefile==2017.9.3
pexpect==4.2.1
pickleshare==0.7.4
Pillow==4.2.1
prettytable==0.7.2
prompt-toolkit==1.0.14
psycopg2==2.7.3
py==1.4.34
pyasn1==0.1.9
pyasn1-modules==0.0.7
pycrypto==2.6.1
pycurl==7.43.0
pydns==2.3.6
pyenchant==1.6.7
Pygments==2.2.0
pygobject==3.24.1
pygtkspellcheck==4.0.5
pyinotify==0.9.6
pylibemu==0.3.3
pymongo==3.5.1
pymssql==2.1.3
pyOpenSSL==16.2.0
pyparsing==2.1.10
PyPDF2==1.26.0
pyperclip==1.5.27
pyrit==0.5.1
pyscard==1.9.6
pyserial==3.4
pysnmp==4.3.2
pysnmp-apps==0.3.2
pysnmp-mibs==0.1.3
PySocks==1.6.5
pyspatialite==3.0.1
pysqlite==2.7.0
pytest==3.2.1
python-dateutil==2.6.1
python-Levenshtein==0.12.0
pytz==2017.2
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.12
qrcode==5.3
readline==6.2.4.1
requests==2.18.1
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
scandir==1.5
scapy===unknown.version
SecretStorage==2.3.1
service-identity==16.0.0
Shapely==1.6.1
simplegeneric==0.8.1
simplejson==3.11.1
singledispatch==3.4.0.3
six==1.10.0
slowaes==0.1a1
socketpool==0.5.3
SQLAlchemy==1.1.11
sshtunnel==0.1.2
subprocess32==3.2.7
tcpwatch==1.3.1
tornado==4.5.1
traitlets==4.3.2
Twisted==17.5.0
typing==3.5.2.2
unicodecsv==0.14.1
urllib3==1.21.1
urwid==1.3.1
uTidylib==0.3
vinetto==0.7b0
volatility==2.6
wafw00f==0.9.3
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webencodings==0.5
webunit==1.3.10
Werkzeug==0.12.2.dev0
wfuzz==0.0.0
Whoosh==2.7.4
wxPython==3.0.2.0
wxPython-common==3.0.2.0
XlsxWriter==0.9.6
xmlbuilder==1.0
yara-python==3.6.1
zenmap==7.60
zim==0.67
zope.interface==4.3.2

Device iOS Version

iPhone 5 - Version 8.3

[marco-lancini]

duplicate of #80