I'd like to restrict how much access to resources jailbreak tweaks receive. Things like network/keychain/location access... Is it possible to manually add a entitlements plist per tweak?
Many thanks.
Tweak is a dylib - it will be loaded in a process. That process may have entitlements and those entitlements will be used for the tweak. That's it. Tweak doesn't have it's own entitlements.
As for your question. Because of what I said before you can't restrict just a tweak - your restrictions will be applied to the whole process that is being tweaked. You can't do anything about that. That's how tweaks work - they are dylibs dynamically loaded into process address space. After that the tweak becomes a part of the process. So any restrictions will be applied to the whole process which includes the tweak, application code and any other dylib/framework application is linked to.
So if you want to develop an application which will help a user put restrictions on tweaks, I don't think you can do such a thing. What you can do is to analyze which application are being tweaked, what entitlements does they have, what frameworks and dylibs are used by a tweak (mainly the private ones). And from that user can either enable or disable that tweak. You can even analyze import section and string literals of the tweak to determine exactly which APIs does it use.
Update
Could you explain to me how a native process communicates with a
tweak, before being loaded within the process space?
It doesn't. Before injecting tweak is a separate dylib that is not linked to any binary. CydiaSubstrate does all the injecting. The main part of the CydiaSubstrate is a special loader dylib. It's linked dynamically to launchd process on device start, to the process which is the first process in the iOS that starts all other processes. When a new process is spawned CydiaSubstrate loader dylib checks all tweak filters to see which ones it needs to inject into the process and injects them. After that tweak is loaded into process address space (becomes a part of the process) and tweak's constructor is called where usually all the hooks are being setup.
Could you explain to me as to how this is accomplished?
Suppose you have an array of objc class names, C/C++ functions, frameworks and dylibs as strings usage of which you would like to detect. There's easy solution. You can open tweak's file and just search through it for any matches. As tweaks are usually not very large it shouldn't take much time. And there's more difficult solution. Use dyld or any other API to parse mach-o sections to find imported symbols and string literals and then search through them for any matches.
I'm not sure if this answers your question from a user side, but if you are making a tweak, you can add XXX_CODESIGN_FLAGS = -Sentitlements.xml to your Makefile to add the entitlements described in entitlements.xml.
Related
I'm very interested in using GStreamer's iOS framework http://docs.gstreamer.com/display/GstSDK/Installing+for+iOS+development for video streaming, but when I add the framework to a blank project and add a few lines of code to take advantage of its powerful features, the final IPA is 27MB. This is just way to big to be adding to my project, what is the best way to go about stripping this down the the bare necessities as I'm sure I'm only using a small percent of the code that is included in the SDK.
Here's a pic showing the package contents of the IPA:
Thanks!
In the gst_ios_main.h you can disable all the plugins that you don't need (make sure to enable linker optimizations so that unused code is removed). If that's not enough, you can build your own stripped down version of the iOS binaries with http://cgit.freedesktop.org/gstreamer/cerbero/ (you need to remove things from the .package and .recipe files to only build what you need). Just disabling things from gst_ios_main.h should be enough in 99% of the cases though.
Note that by default you'll build applications for multiple architectures, as such the resulting application will be rather large. Depending on your use case you can drop some architectures.
On another note, gstreamer.com is providing an completely outdated version of GStreamer and is in no way related to the GStreamer project. The official website is http://gstreamer.freedesktop.org .
SDKs have their source code encapsulated away from you, the user. You get access only to header files. Thus you just can't extract some class from it because you don't have access to the implementation file.
Of course if this library is opensource you can attempt to isolate one class, but sometimes everything is so deeply connected, that it is close to impossible.
I'm working on research that requires me to be able to load an iOS app from a custom piece of code running on the device. I more or less want to modify the current sandbox and then run an existing application in it. I would rather not modify the application, although I realize at some point I'll at least have to re-sign it.
Mocana can apparently do this with their "MAP" technique, but I've not seen any papers or presentations explaining the technical details of how this is accomplished.
I was attempting to dlopen an application's executable and then dlsym on it's main. That moderately works, but requires a debug version of the application. Trying to use an archived version is problematic since the symbol table is separate. Not sure if there is a way to merge the symbol table with the executable. Tried unsuccessfully with lipo, but no real luck (says the architectures are the same and won't merge).
Any direction or good publications would be appreciated.
There is a process called app wrapping:
IPA is disassembled (taken apart + sometimes executable part of is is really disassembled)
Some new binary code, resources, segments are added
IPA is assembled again
Quite often this process is used as compile time AOP (to add some aspect like security, audit etc to application).
Have you seen any guide + tools which are used for this?
Here is good overview on app wrapping for iOS: http://pauldotcom.com/wiki/index.php/Episode226#Library_Injection
I'm developing an iOS SDK that integrates other SDKs (Facebook SDK 3.5, for example).
To prevent collisions and allow my customers to import those SDKs as well, I want to rename all of the classes/enums in my code (for example, rename FBSession to RDFBSession, etc).
Is there an easy way to do this instead of going class-by-class and using Xcode's rename feature?
Apple provide a command-line tool called tops(1) that is designed for scripting large-scale code refactoring (renaming C functions, Objective-C methods, classes, and other tokens):
tops -verbose replace "FBSession" with "RDFBSession" Sources/*.[hm]
If you have a lot of replacements, you can put all of the replace... commands into a file that you pass with the -scriptfile option. The man page has more information on the more complex commands/options (and examples).
Xcode also offers textual Search and Replace. This will be faster than individual refactors, but it is ultimately less automated. You can make the step by step refactoring faster by first minimizing the project to the relevant dependencies/sources (if possible).
However, renaming the declarations in a library will not alter the symbol names of its associated binary. If it is distributed with a binary, then renaming will just result in linker errors or (in some cases) runtime errors.
The best idea if you need to use a 3rd party library which your clients might also use is to simply inform them they need to link the library with their app, then publish the version(s) the current release supports so they know they have some extra testing if they go too far ahead with some libraries.
I think that a better approach than simply renaming your classes would be to download Facebook's open source code, rename the classes there and compile a new static library with a set of renamed header files. Then you can be sure that no collisions occur and that you're using symbols that you named yourself.
I must warn you though - working like this may make updating the SDK a nightmare regardless of how you tackle this specific issue.
Though we can add a pass in the pass application in iOS 6.0 programmatically given we have .pkpass file in our document directory or we get it from the server. But i have searched all the apple documentation in which steps are given to generate the .pkpass file manually.
Is this feasible to create a .pkpass file programmatically using Xcode.
The .pkpass file is composed of several components. The most difficult component that must be done programmatically is the signature of the manifest file. The other parts are trivial to assemble on the iPhone platform programmatically. You may note that Apple's documentation uses a shell command to compute this value using the OpenSSL library. I had to manually write a function that signed the manifest files using the OpenSSL C library, however it is not trivial due to a lack of examples and the complexity of the library. The signing function selected by Apple for the manifest is not present in their CommonCrypto framework.
Also, in order to sign these passes on the phone, the credentials must be present in the binary's bundle or compiled assets which is probably not a good idea to distribute if you would like to protect the integrity of your profile and signing identities.
So in summary: This is certainly possible, and is doable using the existing specifications and libraries. However, I would not recommend doing this on the phone. It is fairly difficult, and may introduce security risks if not done properly. Additionally, if you incorporate the OpenSSL library in your binary then you must report to Apple that you incorporate encryption in your device and must register for an ERN with the government. There may also be other export conditions on your code depending on your locality (but of course I am not a lawyer so this is a guess).