add more env for SSH auth

cache port scan result

README.md

@@ -59,6 +59,15 @@ Options:
   -h, --help             display help for command
 ```
 
+Environments variables:
+
+* `DEBUG=1` enable debug output for troubleshooting
+* `DEBUG_SCP=1` debug SCP protocol
+* `SSH_USERNAME` username for iPhone SSH, default to `root`
+* `SSH_PASSWORD` password for iPhone SSH, default to `alpine`
+* `SSH_PORT` port for iPhone SSH. If not given, bagbak will scan port 22 (OpenSSH) and port 44 (Dropbear)
+
+
 Example:
 
 * `bagbak -l` to list all apps

index.js

@@ -26,6 +26,11 @@ export class BagBak extends EventEmitter {
    */
   #app = null;
 
+  /**
+   * @type {import("ssh2").ConnectConfig}
+   */
+  #auth;
+
   /**
    * constructor
    * @param {import("frida").Device} device 
@@ -36,6 +41,21 @@ export class BagBak extends EventEmitter {
 
     this.#app = app;
     this.#device = device;
+
+    if ('SSH_USERNAME' in process.env && 'SSH_PASSWORD' in process.env) {
+      const { SSH_USERNAME, SSH_PASSWORD } = process.env;
+      this.#auth = {
+        username: SSH_USERNAME,
+        password: SSH_PASSWORD
+      };
+    } else if ('SSH_PRIVATE_KEY' in process.env) {
+      throw new Error('key auth not supported yet');
+    } else {
+      this.#auth = {
+        username: 'root',
+        password: 'alpine'
+      };
+    }
   }
 
   /**
@@ -44,7 +64,7 @@ export class BagBak extends EventEmitter {
    * @param {import("fs").PathLike} dest 
    */
   async #copyToLocal(src, dest) {
-    const client = await connect(this.#device);
+    const client = await connect(this.#device, this.#auth);
 
     const pull = new Pull(client, src, dest, true);
     const events = ['download', 'mkdir', 'progress', 'done'];
@@ -70,7 +90,7 @@ export class BagBak extends EventEmitter {
       return; // do not apply to system apps
     }
 
-    const client = await connect(this.#device);
+    const client = await connect(this.#device, this.#auth);
     const cmd = `chmod +xX ${quote(path)}`;
     return new Promise((resolve, reject) => {
       client.exec(cmd, (err, stream) => {

lib/ssh.js

@@ -1,12 +1,23 @@
 import { Client } from 'ssh2';
 
 
+/**
+ * @type {Map<string, number>}
+ */
+const __port_cache = new Map();
+
 /**
  * 
  * @param {import("frida").Device} device 
  * @returns {Promise<number>}
  */
 export async function scan(device) {
+  if (process.env['SSH_PORT']) 
+    return parseInt(process.env['SSH_PORT']);
+
+  const cached = __port_cache.get(device.id);
+  if (cached) return cached;
+
   const canidates = [22, 44]
   for (const port of canidates) {
     const ok = await device.openChannel(`tcp:${port}`)
@@ -22,7 +33,10 @@ export async function scan(device) {
       }))
       .catch(() => false);
 
-    if (ok) return port;
+    if (ok) {
+      __port_cache.set(device.id, port);
+      return port;
+    }
   }
 
   throw Error('Port not found. Target device must be jailbroken and with sshd running.');
@@ -31,11 +45,10 @@ export async function scan(device) {
 /**
  * 
  * @param {import("frida").Device} device 
- * @param {string} user 
- * @param {string} password 
+ * @param {import('ssh2').ConnectConfig} config
  * @returns {Promise<Client>}
  */
-export async function connect(device, user = 'root', password = 'alpine') {
+export async function connect(device, config) {
   const port = await scan(device);
   const channel = await device.openChannel(`tcp:${port}`);
 
@@ -44,11 +57,7 @@ export async function connect(device, user = 'root', password = 'alpine') {
     client
       .on('error', reject)
       .once('ready', () => resolve(client))
-      .connect({
-        sock: channel,
-        username: user,
-        password,
-      });
+      .connect(Object.assign({ sock: channel }, config));
   });
 }
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "bagbak",
-  "version": "3.0.11",
+  "version": "3.0.12",
   "description": "Dump iOS app from a jailbroken device, based on frida.re",
   "main": "index.js",
   "scripts": {