无法绑定()Apple Calendar中的套接字(dylib注入) [英] Cannot bind() a socket inside Apple Calendar (dylib injection)
问题描述
我正在 Apple日历( MobileCal.app ) www.revealapp.comrel =nofollow>显示 本指南。
I’m trying to inspect iOS 8.1's Apple Calendar (MobileCal.app) on Reveal following this guide.
为此,我正在注入 libReveal.dylib 启动OS X Reveal应用程序所连接的自己的HTTP服务器。
For that, I’m injecting libReveal.dylib which launches its own HTTP server to which the OS X Reveal app connects to.
此技术适用于大多数iOS系统应用程序(手机) ,Notes,Reminders等)但Calendar中的某些内容阻止了HTTP服务器的设置。
This technique works fine with most of iOS system apps (Phone, Notes, Reminders, etc.) but something in Calendar is preventing the HTTP server from being set up.
运行Calendar时, libReveal。 dylib 已正确注入,但后来我在日志中看到了这一点:
When Calendar is run, libReveal.dylib is properly injected, but then I see this on the log:
MobileCal [5110]:错误:启动HTTP Server时出错:错误域= NSPOSIXErrorDomain代码= 1不允许操作UserInfo = 0x17426aa40 {NSLocalizedDescription =不允许操作,NSLocalizedFailureReaso n = bind()函数中的错误}
MobileCal[5110] : ERROR: Error starting HTTP Server: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo=0x17426aa40 {NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function}
MobileCal [5110]:错误:显示服务器无法启动时出错:错误域= NSPOSIXErrorDomain代码= 1不允许操作UserInfo = 0x17426aa40 {NSLocalizedDescription =不允许操作,NSLocalizedFailureReason = bind()函数中的错误}
MobileCal[5110] : ERROR: Reveal server failed to start with error: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo=0x17426aa40 {NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function}
关于什么可能停止的任何想法在Calendar中设置HTTP服务器?我注意到 MobileCal.app 包有一个 Entitlements.plist 文件,而大多数其他系统应用程序都没有T。这个问题可能与权利文件有关吗?
Any ideas about what could be stopping the HTTP server from being set up within Calendar? I have noticed that the MobileCal.app bundle has an Entitlements.plist file, whereas most of the other system apps don't. May this issue be related to the entitlements file?
我也联系了Reveal支持,他们反响敏捷,但无法确定导致问题的原因。从 Cydia 中使用 RevealLoader 会产生相同的结果。
I also contacted Reveal support, they were responsive, but could not pinpoint what is causing of the problem. Using RevealLoader from Cydia produces the same result.
推荐答案
你对 Entitlements.plist 是正确的。问题非常简单 - MobileCal.app 正在使用自定义沙箱配置文件。
You're right about Entitlements.plist. Problem is very simple - MobileCal.app is using custom sandbox profile.
iOS中实际上有很多沙箱配置文件,而不仅仅是AppStore应用程序。许多iOS系统组件都使用它们。要知道您需要查看应用程序的权利。更具体地说, seatbelt-profiles 键。
There are actually many sandbox profiles in iOS, not just for AppStore apps. Many iOS system components use them. To know which one you need to look at the app's entitlements. More specifically, seatbelt-profiles key.
MobileCal.app 使用 MobileCal 个人资料进行签名。这就是为什么你不能使用 bind()。我怀疑所有网络都被阻止了。关于 Camera.app 也可以这么说。它使用 MobileSlideShow 配置文件,它也会阻止所有网络。
MobileCal.app is signed with MobileCal profile. And this is exactly why you can't use bind(). I suspect all networking is blocked. Same can be said about Camera.app. It uses MobileSlideShow profile which also blocks all networking.
我能想到并实际使用了两个解决方案来解决这个问题:
I can think of and actually used two solutions to this problem:
-
编写一个守护进程。守护进程将执行被沙箱配置文件阻止的所有工作。应用程序和守护程序将通过某些IPC API(如通知或mach端口)进行通信。这个问题的主要问题 - 也可以通过沙盒配置文件阻止IPC API。例如,
Camera.app沙箱会阻止可以发送任意数据的所有IPC API。只有达尔文通知工作无法发送任意数据。有很多方法可以解决这个问题,但它会非常难看。
Write a daemon. Daemon will do all the work that's blocked by sandbox profile. App and daemon will communicate through some IPC API (like notifications or mach ports). Main problem with this - IPC API could also be blocked by sandbox profile. For example,
Camera.appsandbox blocks all IPC APIs that could send arbitary data. Only Darwin notifications work which can't send arbitary data. There are ways to solve this but it will be very ugly.
在删除沙盒配置文件的情况下重新启动应用程序。这样,应用程序将可以访问所有内容,您可以在注入的dylib中完成所有工作。这就是我现在使用的,它运作良好。它也是一种破解,但它不需要处理IPC及其复杂性,从而显着改善了代码。对我来说值得。
Resign the app with sandbox profile removed. That way the app will have access to everything and you can do all the work inside your injected dylib. This is what I use now and it works very well. It's also kind of hack but it significantly improves your code by not having to deal with IPC and it's complexity. For me it worth it.
这一切都是一般的。对于我的情况,我认为只有第二种解决方案才有效。
That's all in general. For your I case I think only the second solution will work.
对于cource,仅编辑 Entitlements.plist 是不够的。实际权利在应用程序的二进制文件中。您可以在Mac或iDevice上重新签名。在Mac上,您可以选择 codesign 和 ldid 。在iDevice上,您唯一的选择是ldid。
Of cource, just editing Entitlements.plist is not enough. Actual entitlements are in app's binary itself. You can resign either on your mac or on iDevice itself. On mac you have a choice of codesign and ldid. On iDevice your only choice is ldid.
让我们来看看如何使用ldid解决问题。首先,您转储权利
Let's look at how you can solve your problem with ldid. First, you dump entitlements with
ldid -e MobileCal > entitlements.xml
然后编辑转储的权利并使用
Then you edit dumped entitlements and resign the app binary with
ldid -Sentitlements.xml MobileCal
(是的, -S 和权利文件之间没有空格。)
(Yes, there is no space between -S and entitlement file).
就是这样。
这篇关于无法绑定()Apple Calendar中的套接字(dylib注入)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
