From 789063e3985587d0846a5c6488825026cde0942b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 12 Apr 2026 18:41:37 +0000 Subject: [PATCH 1/3] Initial plan From 5f3206bfd77f907c479b1bad291facae5ce5d9d0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 12 Apr 2026 18:44:29 +0000 Subject: [PATCH 2/3] Fix _set_bundle_id_from_profile to check security cms return code and use plistlib instead of pipe chain Agent-Logs-Url: https://github.com/sensepost/objection/sessions/38e164a4-354a-4ca7-9a88-73084ba7fa00 Co-authored-by: IPMegladon <30530996+IPMegladon@users.noreply.github.com> --- objection/utils/patchers/ios.py | 45 +++++++++++++++------------------ 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/objection/utils/patchers/ios.py b/objection/utils/patchers/ios.py index f783bfbf..7b26a830 100644 --- a/objection/utils/patchers/ios.py +++ b/objection/utils/patchers/ios.py @@ -460,35 +460,30 @@ def _set_bundle_id_from_profile(self): _, decoded_location = tempfile.mkstemp('decoded_provision') - # Decode the mobile provision using macOS's security cms tool - delegator.run(self.list2cmdline([ - self.required_commands['security']['location'], - 'cms', '-D', '-i', self.provision_file, - '-o', decoded_location - ]), timeout=self.command_run_timeout) + try: + # Decode the mobile provision using macOS's security cms tool + cms_result = delegator.run(self.list2cmdline([ + self.required_commands['security']['location'], + 'cms', '-D', '-i', self.provision_file, + '-o', decoded_location + ]), timeout=self.command_run_timeout) - # https://stackoverflow.com/a/66820375 - # security cms -D -i your.mobileprovision | plutil -extract - # Entitlements.application-identifier xml1 -o - - | grep string | - # sed 's/^[^\.]*\.\(.*\)<\/string>$/\1/g' - c = delegator.run(self.list2cmdline([ - 'cat', decoded_location - ]), timeout=self.command_run_timeout).pipe(self.list2cmdline([ - self.required_commands['plutil']['location'], - '-extract', 'Entitlements.application-identifier', 'xml1', '-o', '-', '-' - ]), timeout=self.command_run_timeout).pipe(self.list2cmdline([ - 'grep', 'string' - ]), timeout=self.command_run_timeout).pipe(self.list2cmdline([ - 'sed', r's/^[^\.]*\.\(.*\)<\/string>$/\1/g' - ]), timeout=self.command_run_timeout) + if cms_result.return_code != 0: + raise Exception('Failed to decode provisioning profile: {}'.format(cms_result.err)) - if len(c.out) > 0: - self.bundle_id = c.out.strip() + # Parse the decoded plist and extract the bundle identifier + with open(decoded_location, 'rb') as f: + parsed_data = plistlib.load(f) - click.secho('Mobile provision bundle identifier is: {}'.format(self.bundle_id), dim=True) + app_id = parsed_data.get('Entitlements', {}).get('application-identifier', '') + if '.' in app_id: + self.bundle_id = app_id.split('.', 1)[1] - # cleanup the temp path - os.remove(decoded_location) + finally: + # cleanup the temp path + os.remove(decoded_location) + + click.secho('Mobile provision bundle identifier is: {}'.format(self.bundle_id), dim=True) def _cleanup_extracted_data(self) -> None: """ From 14e813afd90ebb39ddff4bdf5ab6f5dd77223d3a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 12 Apr 2026 18:45:34 +0000 Subject: [PATCH 3/3] Guard temp file removal in finally block with existence check Agent-Logs-Url: https://github.com/sensepost/objection/sessions/38e164a4-354a-4ca7-9a88-73084ba7fa00 Co-authored-by: IPMegladon <30530996+IPMegladon@users.noreply.github.com> --- objection/utils/patchers/ios.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/objection/utils/patchers/ios.py b/objection/utils/patchers/ios.py index 7b26a830..071acfc6 100644 --- a/objection/utils/patchers/ios.py +++ b/objection/utils/patchers/ios.py @@ -481,7 +481,8 @@ def _set_bundle_id_from_profile(self): finally: # cleanup the temp path - os.remove(decoded_location) + if os.path.exists(decoded_location): + os.remove(decoded_location) click.secho('Mobile provision bundle identifier is: {}'.format(self.bundle_id), dim=True)