search

Siguza / iokit-utils

Dev tools for probing IOKit
Mozilla Public License 2.0
196 stars 27 forks source link

iOS / iPhoneOS 13 device capture #3

Open brandonros opened 4 years ago

brandonros commented 4 years ago

I'm doing some really unsupported/stupid stuff where I compiled libusb for Darwin in XCode for iPhoneOS. That works fine, but the hotplug / device resolution doesn't seem to detect devices (it returns nothing) as well as your code, which returns

AppleT8030USBXHCI(AppleT8030USBXHCI): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleT8030USBXHCI</string>
</dict>
</plist>

AppleUSB20XHCILightningPort(usb-drd-port-hs): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>device_type</key>
  <data>
  dXNiLWRyZC1wb3J0LWhzAA==
  </data>
  <key>name</key>
  <data>
  dXNiLWRyZC1wb3J0LWhzAA==
  </data>
</dict>
</plist>

IOUSBHostDevice(USB2.0 HUB): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>9dc7b780-9ec0-11d4-a54f-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

AppleUSB20Hub(AppleUSB20Hub): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleUSB20Hub</string>
</dict>
</plist>

AppleUSB20HubPort(AppleUSB20HubPort): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

AppleUSB20HubPort(AppleUSB20HubPort): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

AppleUSB20HubPort(AppleUSB20HubPort): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

AppleUSB20HubPort(AppleUSB20HubPort): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

IOUSBHostDevice(canable gs_usb): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>9dc7b780-9ec0-11d4-a54f-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

AppleUSBHostCompositeDevice(AppleUSBHostCompositeDevice): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleUSBHostCompositeDevice</string>
</dict>
</plist>

IOUSBHostInterface(IOUSBHostInterface): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

IOUSBHostInterface(canble firmware upgrade interface): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

IOUSBHostInterface(IOUSBHostInterface): (os/kern) successful
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

The USB interface is obviously detected by the iPhoneOS kernel. Could you throw up a small snippet on how somebody might, say,

  1. open the interface / claim it
  2. perform controlTransferOut / controlTransferIn against it
  3. perform transferIn / transferOut against endpoints from that interface

This would open a massive world in iOS/iPhoneOS development where USB device support isn't really documented but is actually secretly supported.

brandonros commented 4 years ago 
Class                                                   Name                                                    Type Spawn                                UC   One   Two Equal
AppleT8030TypeCPhy                                      AppleT8030TypeCPhy                                         0 (iokit/common) unsupported function         0     0      
AppleARMIODevice                                        usb-drd                                                    0 (iokit/common) unsupported function         0     0      
AppleT8030USBXHCI                                       AppleT8030USBXHCI                                          0 (iokit/common) unsupported function         0     0      
AppleUSB20XHCILightningPort                             usb-drd-port-hs                                            0 (iokit/common) unsupported function         0     0      
IOUSBHostDevice                                         USB2.0 HUB                                                 0 (iokit/common) not permitted                0     0      
AppleUSB20Hub                                           AppleUSB20Hub                                              0 (iokit/common) unsupported function         0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                          0 (iokit/common) unsupported function         0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                          0 (iokit/common) unsupported function         0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                          0 (iokit/common) unsupported function         0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                          0 (iokit/common) unsupported function         0     0      
IOUSBHostDevice                                         canable gs_usb                                             0 (iokit/common) not permitted                0     0

I think this means the functionality we need to do anything other than list the device is not supported/permitted but I'd be curious to hear your thoughts.