Are there programmatic ways to access GLONASS satellite signal and position data on iOS on a jailbroken device? That is, are there private calls one can make on a jailbroken device, which return this data? (As far as what I've tried, I don't have a jailbroken device, so I can't try anything out yet, but I'm curious as to what is possible there. Thanks.)
Even if your device isn't jailbroken, you can still see what's available to a jailbroken device ... you just can't fully test it yet.
On your development Mac, you have the complete frameworks, public and private, and you can use something like class-dump (or class-dump-z) to inspect them.
Download class-dump, and then on your Mac, you can use a script like this (to dump all the headers out to a folder under /Users/Shared/Headers/):
#!/bin/bash
cd /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/;
for FRAMEWORKS in Frameworks PrivateFrameworks; do
frameworklib=./System/Library/"${FRAMEWORKS}"
for frameworkpath in "${frameworklib}"/*.framework; do
frameworkdir="$(basename "${frameworkpath}")"
frameworkbin="${frameworkdir%.*}"
if [ -f "${frameworkpath}/${frameworkbin}" ]; then
echo "Framework: ${frameworkbin}"
mkdir -p /Users/Shared/Headers/5.0/${frameworkbin}
class-dump -H -o "/Users/Shared/Headers/5.0/${frameworkbin}" "${frameworkpath}/${frameworkbin}"
fi
done
done
Then, you'll be left with headers that show not just the publicly documented APIs, but the private ones, too. Both frameworks that are completely private, and the private parts of public frameworks.
Then, I'd just go to the root folder of where this script dumps out the .h files, and start grepping:
> find . -name '*.h' | xargs grep -i GLONASS
Sadly, that term (GLONASS) doesn't turn up in the 5.0 headers, but as it sounds like you understand this problem domain, you probably could find some better terms to search on.
Unfortunately, the headers just include method prototypes and data definitions. No documentation. So, where there are int parameters, for example, you may need to do some guessing as to what they mean.
But, such is the trial-and-error nature of discovering hidden device capabilities :)
Note: you certainly can test some private APIs on your own non-jailbroken phone, after discovering them with the above process. Other APIs, however, won't work without the device being jailbroken, the app getting out of its sandbox, or maybe having root privileges, or other entitlements.
Well, for starters you are looking in the right direction: if you don't jailbreak you'll have access to Core Location framework & API that can give you location, precision etc, but no info from GPS/GLONASS receiver (not even which of them was used to get location).
But before you go digging around inside framework: do you need to access build in GPS/GLONASS receiver or is external bluetooth one acceptable? Have a look http://itunes.apple.com/us/app/bluetooth-gps-status-tool/id422661436?mt=8
The iPhone 4S supports AGPS and GLONASS. I am under the believe that Core Location manages the lower level communication and that my app doesn't care whether the lat/long data is coming from US GPS satellites or Russian GLONASS satellites. Core Location will provide you the correct lat/long info regardless.
UPDATE: After rereading your question perhaps I misunderstood the question to begin with. I don't think you will be able to access the GLONASS satellite signal and position. But good luck with that!
Related
This is for a visualisation project on what data gets recorded about us from our phones.
The idea would be to log as much detail as is reasonable to an internal location (probably) on the phone for later analysis, e.g. HTTP requests. It doesn’t need to be secret at all – the subject will be aware they are participating – and it doesn’t have to be 100% automatic; if the phone owner needs to perform some action regularly that’s okay too, although they need to be able to use their phone approximately normally throughout the day.
I can’t find any Apple APIs that look suitable, but that’s hardly surprising. I can find some approaches that would potentially work on OSX (tcpdump, netstat), so perhaps a jailbroken iOS device would support one of those?
Alternatively, running a custom proxy server would open up a bunch more options, but is there any way to get a mobile device to reliably route through a proxy server?
It appears this question provides a viable proxy-server-based approach:
https://apple.stackexchange.com/questions/81102/proxy-settings-for-iphone-3g-connection
Basically, it seems it is possible to route all requests through a proxy server, even over cellular.
I have just tried to run
meteor run ios
That command emulates my application as an app. But there is just one page that would be interesting to have as an app. Can you control this in some way?
I don't think this is possible. The whole app gets exported regardless of platform, hence the universal/isomorphic apps concept. And in the universal app concept is one that I'm starting to find fault in. That said there is a better middle ground.
We'll call it sudo-universal apps. (probably a horrible name, but whatever :D)
Essentially the concept is that you have 3 codebases, for each device (web/ios/andriod) but share many of the same modules via something like npm, or potentially some other way of sharing code.
Then you can focus on the ui for each device and its strengths and weaknesses, but keep all the important logic you've built.
Check out the following:
https://voice.kadira.io/say-no-to-isomorphic-apps-b7b7c419c634#.3bn5ovts1
https://forums.meteor.com/t/say-no-to-universal-apps/16813/7
Hope this helps!
You can check whether the client code is executed on iOS or not, and change the app accordingly:
if(navigator.userAgent.match(/(iPad|iPhone|iPod)/g)) {
// Disable the links, and redirect to which page you want
}
But Justin's answer is great, a new platform usually needs more than just some tweaks. A quickly developed app has very low value for the user.
I'm just learning the Iphone security out of curiosity. This is completely a beginner question.
I've seen the posts on Stack Overflow,
How do I detect that an iOS app is running on a jailbroken phone?
How to detect that the app is running on a jailbroken device?
Those answers are providing the information on "if the app is running on a jail broken device or not". But I need to check "whether the app is running a JailBreak detection or not." ( Not in the programmer point view, but more of a Pentester point of view ). Are there any tools, methods ?
I'd achieve this by downloading Flex 2. With this tool you can view all of the variables, functions and procedures that are in an app.
Go to the patches tab, press the '+' symbol and locate the app to create a patch for. Then process the app by tapping it - don't worry about adding patch name.
Next, when you're inside the processed app you need to press "Add units". This will allow you to add overrides so that you can change what functions return and such.
Anyway, from here, you need to select a class to look inside. The jailbreak detection functions and variables are always stored in the executable. Tap the app name again at the top of all the classes under the 'executable' tab. Then just search.
Just search for "jailbreak" or "jailbroken" and if the app is running checks then it will return functions and vars related to this. I am yet to see an app that runs this check with a different function name that does not include "jailbreak" or "jailbroken".
If you'd like, I can show you how to override this detection.
I suggest you try the app "highway rider", because that has detection and you can easily see, and override it nice and easy and get the startup warning to go away if you want!
I'm developing an iPad app that will rely on a very large database of valuable information. I'm not too familiar with the device myself (I don't have a personal iPad, nor have I ever used one outside of developing this app). Users cannot directly see the data in the database through my app anywhere.
Would there be any other way users could get access to the data in my database (perhaps by plugging the device into the computer and going through Xcode or iTunes)? If not, I've been reading up on jailbreaking a little, and I've seen that doing so can allow a user access to the device's filesystem, so would that allow them to see the contents of my database? Or would it be possible by jailbreaking and installing an app to view database files on jailbroken devices (in fact this question would suggest that it could be quite easy to develop a "database reader" app for jailbroken devices)?
If the database is there, then people can touch it. It's just a matter of being a little more than a power user. They might not be able to read the data from the database if they don't have the credentials to authenticate into it, but then again once you have a database in your hard disk, it's just a matter of patience and knowledge to break into it.
This is a principle that applies to any device and operating system, not just iPad and iOS. If you don't want your users messing up with some file your app uses, you may encrypt it with an obscenely long encryption key. Someone may eventually crack that info... All you can do is ensure that they won't be able to do so before your app is obsolete anyway.
Otherwise, keep your data in a server, where people can't touch it.
I am a Developer (not a hacker) no matter how hard I try to defend my apps, as soon as the code or database is on the device (encrypted or not) I treat the data as public. if the decryption key is passed to the phone and decrypted on the phone, then consider that data public too. basically you are screwed. Give up defending your apps. and just start building cooler stuff, and use HTTPS when sending data over the internet, thats all I can ask for. Defending your keys, api tokens, high scores, coins, etc.. is quite literally impossible. yes do a little to try, but your efforts are fruitless. Every day the public hacker tools to see inside locally encrypted databases, locally encrypted apps, see inside obfuscated apps, is getting better and better every day. you can't beat it. developers are not smarter than hackers, period. Giving the end user a false sense of security. its like locking your house, or locking your car, can you stop someone breaking in? nope. the only way to solve it is to build a big ass bank (aka server), put some tellers at the front desk (aka cloud API), and be done with it.
I'm not an IOS developer, but I do know SQLite. You can encrypt databases in SQLite - look for sqlite3_key_v2() documentation. Your application will need to have the password internally, but you can make it difficult for a hacker to get at that. Don't use a static string as your password - instead take some string and then manipulate it programmatically. This will make it more difficult, though not impossible for an attacker to recover the key. But it will add an order of magnitude more complexity to get at. The attacker will have to get access to the database file itself, and then will have to reverse engineer your app in order to recover the database password.
Having seen this question on protecting your app from being cracked, I saw that the top answerer mentioned something about being able to see if a device was jailbroken by some internal imbalance in the kernel. Having looked into it a bit more, I discovered the Kernel Architecture Overview guide, and have knowledge of ways to interact with the Mach-BSD kernel. All I need to know is: What am I looking for? Is there some kind of key or internal state that changes when the device is jailbroken in the context of the kernel?
To be clear, I'm not looking for code (I know how to do these things myself), I'm looking for what to look for... As weird as that sounds. I've seen the answers in the linked questions, I know that they work, but I'm wondering about an all kernel route, which seems more of a generic and efficient way to check instead of searching for directories that might change or plist keys that might have different names.
I also don't intend to disable any functionality on the part of the app because of piracy (just show a message or something based on a condition).
All the "modern" kernel patches are based on comex's patches.
the main things which are being patched are:
security.mac.proc_enforce
cs_enforcement_disable (kernel and AMFI)
PE_i_can_has_debugger
vm_map_enter
vm_map_protect
…
Oh, and there are sandbox patches too. If you wanna read more about all these patches I suggest you take a look at iOS Hacker's Handbook.
Edit:
I just came up with a simple idea to check if the device is jailbroken, but I'm not sure if Apple allows the use of these functions:
allocate some memory using mach_vm_allocate()
change the protection of that page via mach_vm_protect() to VM_PROT_READ | VM_PROT_EXECUTE | VM_PROT_COPY
Since the stock iOS doesn't allow VM_PROT_EXECUTE from inside your app this will fail, check the return value of mach_vm_protect(), when not jailbroken, but succeed if the device is jailbroken.
About a year ago, saurik wrote a comment on Hacker News with a list of the "'best practice' patches that jailbreaks install by default". I'd suggest reading that comment for all the details, but here is a preview of what he says (with lots of explanation that I snipped out):
AFC2: allows you to access, over USB, all of / as root instead of just /var/mobile/Media as mobile.
fstab / rw: makes / be mounted read-write.
fstab /var suid dev: allows setuid executables and device nodes on the user data partition.
codesign: allow code that has not been signed by anyone to execute.
codehash: allow processes with "corrupt" pages of code to execute.
rw->rx: supports changing a page of memory from writable to executable.
rwx: allows memory to be marked for write and execute at the same time.
sandbox: allow processes to access files that are outside of their sandbox based on Unix permissions rather than the normal sandbox
rules.
crazeles: a ludicrously complicated hack by planetbeing that neuters the FairPlay DRM checks that cause iBooks to refuse to operate
correctly on jailbroken devices.