365 lines
15 KiB
C
365 lines
15 KiB
C
|
//TODO: find mystery segfault in write_gdb_prep_cmds -> CFURLCreateCopyDeletingLastPathComponent(NULL, disk_app_url)
|
||
|
//TODO: don't copy/mount DeveloperDiskImage.dmg if it's already done - Xcode checks this somehow
|
||
|
|
||
|
#import <CoreFoundation/CoreFoundation.h>
|
||
|
#include <unistd.h>
|
||
|
#include <sys/socket.h>
|
||
|
#include <sys/un.h>
|
||
|
#include <stdio.h>
|
||
|
#include <signal.h>
|
||
|
#include "MobileDevice.h"
|
||
|
|
||
|
#define FDVENDOR_PATH "/tmp/fruitstrap-remote-debugserver"
|
||
|
#define PREP_CMDS_PATH "/tmp/fruitstrap-gdb-prep-cmds"
|
||
|
#define GDB_SHELL "/Developer/Platforms/iPhoneOS.platform/Developer/usr/libexec/gdb/gdb-arm-apple-darwin --arch armv7 -q -x " PREP_CMDS_PATH
|
||
|
|
||
|
// approximation of what Xcode does:
|
||
|
#define GDB_PREP_CMDS CFSTR("set mi-show-protections off\n\
|
||
|
set auto-raise-load-levels 1\n\
|
||
|
set shlib-path-substitutions /usr \"{ds_path}/Symbols/usr\" /System \"{ds_path}/Symbols/System\" \"{device_container}\" \"{disk_container}\" \"/private{device_container}\" \"{disk_container}\" /Developer \"{ds_path}/Symbols/Developer\"\n\
|
||
|
set remote max-packet-size 1024\n\
|
||
|
set sharedlibrary check-uuids on\n\
|
||
|
set env NSUnbufferedIO YES\n\
|
||
|
set minimal-signal-handling 1\n\
|
||
|
set sharedlibrary load-rules \\\".*\\\" \\\".*\\\" container\n\
|
||
|
set inferior-auto-start-dyld 0\n\
|
||
|
file \"{disk_app}\"\n\
|
||
|
set remote executable-directory {device_app}\n\
|
||
|
set remote noack-mode 1\n\
|
||
|
set trust-readonly-sections 1\n\
|
||
|
target remote-mobile " FDVENDOR_PATH "\n\
|
||
|
mem 0x1000 0x3fffffff cache\n\
|
||
|
mem 0x40000000 0xffffffff none\n\
|
||
|
mem 0x00000000 0x0fff none\n\
|
||
|
run\n\
|
||
|
set minimal-signal-handling 0\n\
|
||
|
set inferior-auto-start-cfm off\n\
|
||
|
set sharedLibrary load-rules dyld \".*libobjc.*\" all dyld \".*CoreFoundation.*\" all dyld \".*Foundation.*\" all dyld \".*libSystem.*\" all dyld \".*AppKit.*\" all dyld \".*PBGDBIntrospectionSupport.*\" all dyld \".*/usr/lib/dyld.*\" all dyld \".*CarbonDataFormatters.*\" all dyld \".*libauto.*\" all dyld \".*CFDataFormatters.*\" all dyld \"/System/Library/Frameworks\\\\\\\\|/System/Library/PrivateFrameworks\\\\\\\\|/usr/lib\" extern dyld \".*\" all exec \".*\" all\n\
|
||
|
sharedlibrary apply-load-rules all\n\
|
||
|
set inferior-auto-start-dyld 1")
|
||
|
|
||
|
typedef struct am_device * AMDeviceRef;
|
||
|
int AMDeviceSecureTransferPath(int zero, AMDeviceRef device, CFURLRef url, CFDictionaryRef options, void *callback, int cbarg);
|
||
|
int AMDeviceSecureInstallApplication(int zero, AMDeviceRef device, CFURLRef url, CFDictionaryRef options, void *callback, int cbarg);
|
||
|
int AMDeviceMountImage(AMDeviceRef device, CFStringRef image, CFDictionaryRef options, void *callback, int cbarg);
|
||
|
int AMDeviceLookupApplications(AMDeviceRef device, int zero, CFDictionaryRef* result);
|
||
|
|
||
|
bool found_device = false, debug = false;
|
||
|
char *app_path = NULL;
|
||
|
CFStringRef last_path = NULL;
|
||
|
service_conn_t gdbfd;
|
||
|
|
||
|
CFStringRef copy_device_support_path(AMDeviceRef device) {
|
||
|
CFStringRef version = AMDeviceCopyValue(device, 0, CFSTR("ProductVersion"));
|
||
|
CFStringRef build = AMDeviceCopyValue(device, 0, CFSTR("BuildVersion"));
|
||
|
CFStringRef path_with_build = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@ (%@)"), version, build);
|
||
|
CFStringRef path_without_build = CFStringCreateWithFormat(NULL, NULL, CFSTR("/Developer/Platforms/iPhoneOS.platform/DeviceSupport/%@"), version);
|
||
|
|
||
|
CFRelease(version);
|
||
|
CFRelease(build);
|
||
|
|
||
|
// they tack the build number on for beta builds
|
||
|
if (access(CFStringGetCStringPtr(path_with_build, kCFStringEncodingMacRoman), F_OK) == 0) {
|
||
|
CFRelease(path_without_build);
|
||
|
return path_with_build;
|
||
|
} else if (access(CFStringGetCStringPtr(path_without_build, kCFStringEncodingMacRoman), F_OK) == 0) {
|
||
|
CFRelease(path_with_build);
|
||
|
return path_without_build;
|
||
|
} else {
|
||
|
printf("[ !! ] Unable to locate DeviceSupport directory. Is Xcode installed?\n");
|
||
|
exit(1);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void mount_callback(CFDictionaryRef dict, int arg) {
|
||
|
CFStringRef status = CFDictionaryGetValue(dict, CFSTR("Status"));
|
||
|
|
||
|
if (CFEqual(status, CFSTR("LookingUpImage"))) {
|
||
|
printf("[ 0%%] Looking up developer disk image\n");
|
||
|
} else if (CFEqual(status, CFSTR("CopyingImage"))) {
|
||
|
printf("[ 30%%] Copying DeveloperDiskImage.dmg to device\n");
|
||
|
} else if (CFEqual(status, CFSTR("MountingImage"))) {
|
||
|
printf("[ 90%%] Mounting developer disk image\n");
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void mount_developer_image(AMDeviceRef device) {
|
||
|
CFStringRef ds_path = copy_device_support_path(device);
|
||
|
CFStringRef image_path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@/DeveloperDiskImage.dmg"), ds_path);
|
||
|
CFStringRef sig_path = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@/DeveloperDiskImage.dmg.signature"), ds_path);
|
||
|
CFRelease(ds_path);
|
||
|
|
||
|
FILE* sig = fopen(CFStringGetCStringPtr(sig_path, kCFStringEncodingMacRoman), "rb");
|
||
|
void *sig_buf = malloc(128);
|
||
|
assert(fread(sig_buf, 1, 128, sig) == 128);
|
||
|
fclose(sig);
|
||
|
CFDataRef sig_data = CFDataCreateWithBytesNoCopy(NULL, sig_buf, 128, NULL);
|
||
|
CFRelease(sig_path);
|
||
|
|
||
|
CFTypeRef keys[] = { CFSTR("ImageSignature"), CFSTR("ImageType") };
|
||
|
CFTypeRef values[] = { sig_data, CFSTR("Developer") };
|
||
|
CFDictionaryRef options = CFDictionaryCreate(NULL, (const void **)&keys, (const void **)&values, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
|
||
|
CFRelease(sig_data);
|
||
|
|
||
|
int result = AMDeviceMountImage(device, image_path, options, &mount_callback, 0);
|
||
|
if (result == 0 || result == 0xe8000076 /* already mounted */) {
|
||
|
printf("[ 95%%] Developer disk image mounted successfully\n");
|
||
|
} else {
|
||
|
printf("[ !! ] Unable to mount developer disk image. (%x)\n", result);
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
CFRelease(image_path);
|
||
|
CFRelease(options);
|
||
|
}
|
||
|
|
||
|
void transfer_callback(CFDictionaryRef dict, int arg) {
|
||
|
int percent;
|
||
|
CFStringRef status = CFDictionaryGetValue(dict, CFSTR("Status"));
|
||
|
CFNumberGetValue(CFDictionaryGetValue(dict, CFSTR("PercentComplete")), kCFNumberSInt32Type, &percent);
|
||
|
|
||
|
if (CFEqual(status, CFSTR("CopyingFile"))) {
|
||
|
CFStringRef path = CFDictionaryGetValue(dict, CFSTR("Path"));
|
||
|
|
||
|
if ((last_path == NULL || !CFEqual(path, last_path)) && !CFStringHasSuffix(path, CFSTR(".ipa"))) {
|
||
|
printf("[%3d%%] Copying %s to device\n", percent / 2, CFStringGetCStringPtr(path, kCFStringEncodingMacRoman));
|
||
|
}
|
||
|
|
||
|
if (last_path != NULL) {
|
||
|
CFRelease(last_path);
|
||
|
}
|
||
|
last_path = CFStringCreateCopy(NULL, path);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void install_callback(CFDictionaryRef dict, int arg) {
|
||
|
int percent;
|
||
|
CFStringRef status = CFDictionaryGetValue(dict, CFSTR("Status"));
|
||
|
CFNumberGetValue(CFDictionaryGetValue(dict, CFSTR("PercentComplete")), kCFNumberSInt32Type, &percent);
|
||
|
|
||
|
printf("[%3d%%] %s\n", (percent / 2) + 50, CFStringGetCStringPtr(status, kCFStringEncodingMacRoman));
|
||
|
}
|
||
|
|
||
|
void fdvendor_callback(CFSocketRef s, CFSocketCallBackType callbackType, CFDataRef address, const void *data, void *info) {
|
||
|
CFSocketNativeHandle socket = (CFSocketNativeHandle)(*((CFSocketNativeHandle *)data));
|
||
|
|
||
|
struct msghdr message;
|
||
|
struct iovec iov[1];
|
||
|
struct cmsghdr *control_message = NULL;
|
||
|
char ctrl_buf[CMSG_SPACE(sizeof(int))];
|
||
|
char dummy_data[1];
|
||
|
|
||
|
memset(&message, 0, sizeof(struct msghdr));
|
||
|
memset(ctrl_buf, 0, CMSG_SPACE(sizeof(int)));
|
||
|
|
||
|
dummy_data[0] = ' ';
|
||
|
iov[0].iov_base = dummy_data;
|
||
|
iov[0].iov_len = sizeof(dummy_data);
|
||
|
|
||
|
message.msg_name = NULL;
|
||
|
message.msg_namelen = 0;
|
||
|
message.msg_iov = iov;
|
||
|
message.msg_iovlen = 1;
|
||
|
message.msg_controllen = CMSG_SPACE(sizeof(int));
|
||
|
message.msg_control = ctrl_buf;
|
||
|
|
||
|
control_message = CMSG_FIRSTHDR(&message);
|
||
|
control_message->cmsg_level = SOL_SOCKET;
|
||
|
control_message->cmsg_type = SCM_RIGHTS;
|
||
|
control_message->cmsg_len = CMSG_LEN(sizeof(int));
|
||
|
|
||
|
*((int *) CMSG_DATA(control_message)) = gdbfd;
|
||
|
|
||
|
sendmsg(socket, &message, 0);
|
||
|
CFSocketInvalidate(s);
|
||
|
CFRelease(s);
|
||
|
}
|
||
|
|
||
|
CFURLRef copy_device_app_url(AMDeviceRef device, CFStringRef identifier) {
|
||
|
CFDictionaryRef result;
|
||
|
assert(AMDeviceLookupApplications(device, 0, &result) == 0);
|
||
|
|
||
|
CFDictionaryRef app_dict = CFDictionaryGetValue(result, identifier);
|
||
|
assert(app_dict != NULL);
|
||
|
|
||
|
CFStringRef app_path = CFDictionaryGetValue(app_dict, CFSTR("Path"));
|
||
|
assert(app_path != NULL);
|
||
|
|
||
|
CFURLRef url = CFURLCreateWithFileSystemPath(NULL, app_path, kCFURLPOSIXPathStyle, true);
|
||
|
CFRelease(result);
|
||
|
return url;
|
||
|
}
|
||
|
|
||
|
CFStringRef copy_disk_app_identifier(CFURLRef disk_app_url) {
|
||
|
CFURLRef plist_url = CFURLCreateCopyAppendingPathComponent(NULL, disk_app_url, CFSTR("Info.plist"), false);
|
||
|
CFReadStreamRef plist_stream = CFReadStreamCreateWithFile(NULL, plist_url);
|
||
|
CFReadStreamOpen(plist_stream);
|
||
|
CFPropertyListRef plist = CFPropertyListCreateWithStream(NULL, plist_stream, 0, kCFPropertyListImmutable, NULL, NULL);
|
||
|
CFStringRef bundle_identifier = CFRetain(CFDictionaryGetValue(plist, CFSTR("CFBundleIdentifier")));
|
||
|
CFReadStreamClose(plist_stream);
|
||
|
|
||
|
CFRelease(plist_url);
|
||
|
CFRelease(plist_stream);
|
||
|
CFRelease(plist);
|
||
|
|
||
|
return bundle_identifier;
|
||
|
}
|
||
|
|
||
|
void write_gdb_prep_cmds(AMDeviceRef device, CFURLRef disk_app_url) {
|
||
|
CFMutableStringRef cmds = CFStringCreateMutableCopy(NULL, 0, GDB_PREP_CMDS);
|
||
|
CFRange range = { 0, CFStringGetLength(cmds) };
|
||
|
|
||
|
CFStringRef ds_path = copy_device_support_path(device);
|
||
|
CFStringFindAndReplace(cmds, CFSTR("{ds_path}"), ds_path, range, 0);
|
||
|
|
||
|
CFStringRef bundle_identifier = copy_disk_app_identifier(disk_app_url);
|
||
|
CFURLRef device_app_url = copy_device_app_url(device, bundle_identifier);
|
||
|
CFStringRef device_app_path = CFURLCopyFileSystemPath(device_app_url, kCFURLPOSIXPathStyle);
|
||
|
CFStringFindAndReplace(cmds, CFSTR("{device_app}"), device_app_path, range, 0);
|
||
|
|
||
|
CFStringRef disk_app_path = CFURLCopyFileSystemPath(disk_app_url, kCFURLPOSIXPathStyle);
|
||
|
CFStringFindAndReplace(cmds, CFSTR("{disk_app}"), disk_app_path, range, 0);
|
||
|
|
||
|
CFURLRef device_container_url = CFURLCreateCopyDeletingLastPathComponent(NULL, device_app_url);
|
||
|
CFStringRef device_container_path = CFURLCopyFileSystemPath(device_container_url, kCFURLPOSIXPathStyle);
|
||
|
CFMutableStringRef dcp_noprivate = CFStringCreateMutableCopy(NULL, 0, device_container_path);
|
||
|
CFStringFindAndReplace(dcp_noprivate, CFSTR("/private/var/"), CFSTR("/var/"), range, 0);
|
||
|
CFStringFindAndReplace(cmds, CFSTR("{device_container}"), dcp_noprivate, range, 0);
|
||
|
|
||
|
CFURLRef disk_container_url = CFURLCreateCopyDeletingLastPathComponent(NULL, disk_app_url);
|
||
|
CFStringRef disk_container_path = CFURLCopyFileSystemPath(disk_container_url, kCFURLPOSIXPathStyle);
|
||
|
CFStringFindAndReplace(cmds, CFSTR("{disk_container}"), disk_container_path, range, 0);
|
||
|
|
||
|
CFDataRef cmds_data = CFStringCreateExternalRepresentation(NULL, cmds, kCFStringEncodingASCII, 0);
|
||
|
FILE *out = fopen(PREP_CMDS_PATH, "w");
|
||
|
fwrite(CFDataGetBytePtr(cmds_data), CFDataGetLength(cmds_data), 1, out);
|
||
|
fclose(out);
|
||
|
|
||
|
CFRelease(cmds);
|
||
|
CFRelease(ds_path);
|
||
|
CFRelease(bundle_identifier);
|
||
|
CFRelease(device_app_url);
|
||
|
CFRelease(device_app_path);
|
||
|
CFRelease(disk_app_path);
|
||
|
CFRelease(device_container_url);
|
||
|
CFRelease(device_container_path);
|
||
|
CFRelease(dcp_noprivate);
|
||
|
CFRelease(disk_container_url);
|
||
|
CFRelease(disk_container_path);
|
||
|
CFRelease(cmds_data);
|
||
|
}
|
||
|
|
||
|
void start_remote_debug_server(AMDeviceRef device) {
|
||
|
assert(AMDeviceStartService(device, CFSTR("com.apple.debugserver"), &gdbfd, NULL) == 0);
|
||
|
|
||
|
CFSocketRef fdvendor = CFSocketCreate(NULL, AF_UNIX, 0, 0, kCFSocketAcceptCallBack, &fdvendor_callback, NULL);
|
||
|
|
||
|
int yes = 1;
|
||
|
setsockopt(CFSocketGetNative(fdvendor), SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
|
||
|
|
||
|
struct sockaddr_un address;
|
||
|
memset(&address, 0, sizeof(address));
|
||
|
address.sun_family = AF_UNIX;
|
||
|
strcpy(address.sun_path, FDVENDOR_PATH);
|
||
|
CFDataRef address_data = CFDataCreate(NULL, (const UInt8 *)&address, sizeof(address));
|
||
|
|
||
|
unlink(FDVENDOR_PATH);
|
||
|
|
||
|
CFSocketSetAddress(fdvendor, address_data);
|
||
|
CFRelease(address_data);
|
||
|
CFRunLoopAddSource(CFRunLoopGetMain(), CFSocketCreateRunLoopSource(NULL, fdvendor, 0), kCFRunLoopCommonModes);
|
||
|
}
|
||
|
|
||
|
void handle_device(AMDeviceRef device) {
|
||
|
if (found_device) return; // handle one device only
|
||
|
found_device = true;
|
||
|
CFRetain(device); // don't know if this is necessary?
|
||
|
printf("[ 0%%] Found device, beginning install\n");
|
||
|
|
||
|
AMDeviceConnect(device);
|
||
|
assert(AMDeviceIsPaired(device));
|
||
|
assert(AMDeviceValidatePairing(device) == 0);
|
||
|
assert(AMDeviceStartSession(device) == 0);
|
||
|
|
||
|
CFStringRef path = CFStringCreateWithCString(NULL, app_path, kCFStringEncodingASCII);
|
||
|
CFURLRef relative_url = CFURLCreateWithFileSystemPath(NULL, path, kCFURLPOSIXPathStyle, false);
|
||
|
CFURLRef url = CFURLCopyAbsoluteURL(relative_url);
|
||
|
|
||
|
CFRelease(path);
|
||
|
CFRelease(relative_url);
|
||
|
|
||
|
CFStringRef keys[] = { CFSTR("PackageType") };
|
||
|
CFStringRef values[] = { CFSTR("Developer") };
|
||
|
CFDictionaryRef options = CFDictionaryCreate(NULL, (const void **)&keys, (const void **)&values, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
|
||
|
|
||
|
mach_error_t transfer_error = AMDeviceSecureTransferPath(0, device, url, options, &transfer_callback, 0);
|
||
|
if (transfer_error) {
|
||
|
printf("[ !! ] Unable to transfer package to device. (%x)\n", transfer_error);
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
mach_error_t install_error = AMDeviceSecureInstallApplication(0, device, url, options, &install_callback, 0);
|
||
|
if (install_error) {
|
||
|
printf("[ !! ] Unable to install package. (%x)\n", install_error);
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
CFRelease(options);
|
||
|
printf("[100%%] Installed package %s\n", app_path);
|
||
|
|
||
|
if (!debug) exit(0); // no debug phase
|
||
|
|
||
|
printf("------ Debug phase ------\n");
|
||
|
|
||
|
mount_developer_image(device); // put debugserver on the device
|
||
|
start_remote_debug_server(device); // start debugserver
|
||
|
write_gdb_prep_cmds(device, url); // dump the necessary gdb commands into a file
|
||
|
|
||
|
CFRelease(url);
|
||
|
|
||
|
printf("[100%%] Connecting to remote debug server\n");
|
||
|
printf("-------------------------\n");
|
||
|
|
||
|
pid_t parent = getpid();
|
||
|
int pid = fork();
|
||
|
if (pid == 0) {
|
||
|
system(GDB_SHELL); // launch gdb
|
||
|
kill(parent, SIGTERM); // "No. I am your father."
|
||
|
_exit(0);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void device_callback(struct am_device_notification_callback_info *info, void *arg) {
|
||
|
switch (info->msg) {
|
||
|
case ADNCI_MSG_CONNECTED:
|
||
|
handle_device(info->dev);
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
int main(int argc, char *argv[]) {
|
||
|
if (argc < 2 || argc > 3) {
|
||
|
printf("usage: %s [-d] <app>\n", argv[0]);
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
if (strcmp(argv[1], "-d") == 0) {
|
||
|
assert(argc == 3);
|
||
|
debug = true;
|
||
|
app_path = argv[2];
|
||
|
printf("------ Install phase ------\n");
|
||
|
} else {
|
||
|
assert(argc == 2);
|
||
|
app_path = argv[1];
|
||
|
}
|
||
|
|
||
|
assert(access(app_path, F_OK) == 0);
|
||
|
|
||
|
AMDSetLogLevel(5); // otherwise syslog gets flooded with crap
|
||
|
printf("[....] Waiting for iOS device to be connected\n");
|
||
|
|
||
|
struct am_device_notification *notify;
|
||
|
AMDeviceNotificationSubscribe(&device_callback, 0, 0, NULL, ¬ify);
|
||
|
CFRunLoopRun();
|
||
|
}
|