Error on iOS SDK 5.0 when calling open(&handle);

[GoogleCodeExporter]

Following code (opening a handel with C library dlfcn.h) was working find till 
iOS 4.3.3 

----------
void *handle = 
dlopen("/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager", 
RTLD_LAZY);

    int (*open)(void *) = dlsym(handle, "Apple80211Open");
    int (*bind)(void *, CFStringRef) = dlsym(handle, "Apple80211BindToInterface");
    int (*close)(void *) = dlsym(handle, "Apple80211Close");        
    int (*scan)(void *, CFArrayRef *, void *) = dlsym(handle, "Apple80211Scan");

    open(&handle);    
    bind(handle, CFSTR("en0"));   
    CFDictionaryRef parameters = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);    
    CFArrayRef networks;    
    scan(handle, &networks, parameters);

----------
With new SDK 5.0 on beta getting following error, 
Is there any one who have found a solution on this?

Errors:
warning: check_safe_call: could not restore current frame
warning: Unable to restore previously selected frame.

Original issue reported on code.google.com by tso...@gmail.com on 10 Jun 2011 at 4:23

[GoogleCodeExporter]

Hello, 

I'm in a kind of same situation here ... But my error is that the image is not 
found ... Because Apple change the location of their private framework ... I'm 
now looking for the new location of the WifiManager in order to update my app 
.... 
If I found something i'll share it ! 

Have Fun ! 

MaX

Original comment by Maxime.U...@gmail.com on 14 Jun 2011 at 8:28

[GoogleCodeExporter]

Has anyone found a solution for this?

This is what I have found out so far:

libHandle = 
dlopen("/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager", 
RTLD_LAZY);
now returns always NULL

Just like in older iOS version, this works again now:
libHandle = 
dlopen("/System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi", 
RTLD_LAZY);

So maybe they have switched back to the old location of the framework.
However, using these old functions results in a crash:

open = dlsym(libHandle, "Apple80211Open");
bind = dlsym(libHandle, "Apple80211BindToInterface");
close = dlsym(libHandle, "Apple80211Close");
scan = dlsym(libHandle, "Apple80211Scan");

open(&airportHandle);
bind(airportHandle, @"en0");

Sebastian

Original comment by sebastia...@web.de on 15 Jun 2011 at 8:25

[GoogleCodeExporter]

Any news so far? Im currently working on the same Issue.

Original comment by Philip.B...@gmail.com on 28 Jun 2011 at 3:08

[GoogleCodeExporter]

Calling nm on WifiManager returns the result below. However, I was not able to 
put this together to something meaningful:

         U _CFAbsoluteTimeGetCurrent
         U _CFAllocatorAllocate
         U _CFAllocatorDeallocate
         U _CFArrayAppendValue
         U _CFArrayApplyFunction
         U _CFArrayCreate
         U _CFArrayCreateMutable
         U _CFArrayGetCount
         U _CFArrayGetFirstIndexOfValue
         U _CFArrayGetValueAtIndex
         U _CFBooleanGetTypeID
         U _CFDataCreateWithBytesNoCopy
         U _CFDataGetBytePtr
         U _CFDataGetBytes
         U _CFDataGetLength
         U _CFDataGetTypeID
         U _CFDateCompare
         U _CFDictionaryContainsKey
         U _CFDictionaryCreate
         U _CFDictionaryCreateCopy
         U _CFDictionaryCreateMutable
         U _CFDictionaryCreateMutableCopy
         U _CFDictionaryGetCount
         U _CFDictionaryGetKeysAndValues
         U _CFDictionaryGetTypeID
         U _CFDictionaryGetValue
         U _CFDictionaryRemoveValue
         U _CFDictionarySetValue
         U _CFEqual
         U _CFGetTypeID
         U _CFHash
         U _CFMachPortCreate
         U _CFMachPortCreateRunLoopSource
         U _CFMachPortGetPort
         U _CFMachPortInvalidate
         U _CFNumberCreate
         U _CFNumberGetTypeID
         U _CFNumberGetValue
         U _CFPropertyListCreateFromXMLData
         U _CFPropertyListWriteToStream
         U _CFRelease
         U _CFRetain
         U _CFRunLoopAddSource
         U _CFRunLoopRemoveSource
         U _CFSetAddValue
         U _CFSetApplyFunction
         U _CFSetContainsValue
         U _CFSetCreate
         U _CFSetCreateMutable
         U _CFStringAppendFormat
         U _CFStringCompare
         U _CFStringCreateExternalRepresentation
         U _CFStringCreateFromExternalRepresentation
         U _CFStringCreateMutable
         U _CFStringCreateWithFormat
         U _CFStringGetCStringPtr
         U _CFStringGetTypeID
         U _CFWriteStreamClose
         U _CFWriteStreamCopyProperty
         U _CFWriteStreamCreateWithAllocatedBuffers
         U _CFWriteStreamOpen
         U _EAPTLSRemoveTrustExceptionsBindings
         U _IOMasterPort
         U _IOObjectRelease
         U _IORegistryEntrySearchCFProperty
         U _IOServiceGetMatchingService
         U _IOServiceMatching
         U _MKBDeviceUnlockedSinceBoot
         U _MKBGetDeviceLockState
00007b38 T _MobileWiFiContainsDriver
00007a08 T _MobileWiFiContainsRadio
         U _NDR_record
         U _SCError
         U _SCErrorString
         U _SCLog
         U _SCPreferencesApplyChanges
         U _SCPreferencesCommitChanges
         U _SCPreferencesLock
         U _SCPreferencesSynchronize
         U _SCPreferencesUnlock
         U _SecItemAdd
         U _SecItemCopyMatching
         U _SecItemDelete
         U _SecItemUpdate
00005484 T _WiFiDeviceClientAssociateAsync
00005464 T _WiFiDeviceClientAssociateCancel
00005620 T _WiFiDeviceClientCopyCurrentNetwork
0000528c T _WiFiDeviceClientCopyHostedNetworks
00005814 T _WiFiDeviceClientCopyProperty
00005440 T _WiFiDeviceClientDisassociate
0000515c T _WiFiDeviceClientGetInterfaceName
000055f0 T _WiFiDeviceClientGetPower
00005120 T _WiFiDeviceClientGetTypeID
00005718 T _WiFiDeviceClientRegisterBssidChangeCallback
00005154 T _WiFiDeviceClientRegisterDecryptionCallback
000056e0 T _WiFiDeviceClientRegisterLinkCallback
00005738 T _WiFiDeviceClientRegisterPowerCallback
00005754 T _WiFiDeviceClientRegisterRemovalCallback
000056fc T _WiFiDeviceClientRegisterScanCacheUpdateCallback
0000550c T _WiFiDeviceClientScanAsync
00005474 T _WiFiDeviceClientScanCancel
000055b0 T _WiFiDeviceClientSetPower
00005770 T _WiFiDeviceClientSetProperty
0000523c T _WiFiDeviceClientSetWiFiDirect
000053bc T _WiFiDeviceClientStartNetwork
00005330 T _WiFiDeviceClientStopNetwork
00005c80 T _WiFiGetNetworkChannel
00001764 T _WiFiMIGMachPortCreate
00001574 T _WiFiMIGMachPortGetPort
00001450 T _WiFiMIGMachPortGetTypeID
00001484 T _WiFiMIGMachPortRegisterDemuxCallback
0000148c T _WiFiMIGMachPortRegisterTerminationCallback
000015c8 T _WiFiMIGMachPortScheduleWithRunLoop
00001580 T _WiFiMIGMachPortUnscheduleFromRunLoop
000049dc T _WiFiManagerClientAddNetwork
000046e0 T _WiFiManagerClientCopyDevices
000047e8 T _WiFiManagerClientCopyEnabledNetworks
00004acc T _WiFiManagerClientCopyMisPassword
000047f4 T _WiFiManagerClientCopyNetworks
00004d00 T _WiFiManagerClientCopyProperty
00004f68 T _WiFiManagerClientCreate
00004c88 T _WiFiManagerClientDisable
000048e8 T _WiFiManagerClientDisableNetwork
00004e80 T _WiFiManagerClientDispatchNotificationResponse
00004c9c T _WiFiManagerClientEnable
000048f8 T _WiFiManagerClientEnableNetwork
00004778 T _WiFiManagerClientGetAskToJoinState
00004cb0 T _WiFiManagerClientGetAssociationMode
00004238 T _WiFiManagerClientGetDevice
00004bdc T _WiFiManagerClientGetMISDiscoveryState
00004c18 T _WiFiManagerClientGetMISState
00004c50 T _WiFiManagerClientGetPower
00004a98 T _WiFiManagerClientGetRetryIntervalCap
00003f1c T _WiFiManagerClientGetType
00004f18 T _WiFiManagerClientGetTypeID
00004b84 T _WiFiManagerClientGetWoWCapability
00004ba4 T _WiFiManagerClientGetWoWState
00004800 T _WiFiManagerClientIsNetworkEnabled
00004b64 T _WiFiManagerClientIsTetheringSupported
00004108 T _WiFiManagerClientRegisterBackgroundScanCallback
00004124 T _WiFiManagerClientRegisterDeviceAttachmentCallback
000040ec T _WiFiManagerClientRegisterNotificationCallback
00004908 T _WiFiManagerClientRemoveNetwork
00004198 T _WiFiManagerClientScheduleWithRunLoop
00004ccc T _WiFiManagerClientSetAssociationMode
00004a38 T _WiFiManagerClientSetBackgroundScanNetworks
00004bfc T _WiFiManagerClientSetMISDiscoveryState
00004c38 T _WiFiManagerClientSetMISState
00004b04 T _WiFiManagerClientSetMisPassword
00004c70 T _WiFiManagerClientSetPower
00004dd4 T _WiFiManagerClientSetProperty
00004ab4 T _WiFiManagerClientSetRetryIntervalCap
00004ce4 T _WiFiManagerClientSetType
00004bc4 T _WiFiManagerClientSetWoWState
000048d8 T _WiFiManagerClientTemporarilyDisableNetwork
0000416c T _WiFiManagerClientUnscheduleFromRunLoop
00004980 T _WiFiManagerClientUpdateNetwork
00005ecc T _WiFiNetworkCompareNoSecurity
00006308 T _WiFiNetworkComparePriority
00006cfc T _WiFiNetworkCopyFilteredRecord
00006f84 T _WiFiNetworkCopyPassword
00006f94 T _WiFiNetworkCopyPreparedEAPProfile
000071fc T _WiFiNetworkCopyRecord
00007298 T _WiFiNetworkCreate
000073bc T _WiFiNetworkCreateCopy
00006428 T _WiFiNetworkGet11dCountryCodeFromIe
00005c9c T _WiFiNetworkGetAssociationDate
000060e4 T _WiFiNetworkGetAuthFlags
00006548 T _WiFiNetworkGetBtMacFromIe
000070c4 T _WiFiNetworkGetDirectedState
000065d0 T _WiFiNetworkGetFloatProperty
00006670 T _WiFiNetworkGetIntProperty
00006eec T _WiFiNetworkGetLastAssociationDate
00005b14 T _WiFiNetworkGetNetworkChannelList
000065e0 T _WiFiNetworkGetNetworkUsage
00005ac4 T _WiFiNetworkGetProperty
00006de0 T _WiFiNetworkGetRateBounds
00006e64 T _WiFiNetworkGetSSID
00007128 T _WiFiNetworkGetSSIDData
00005948 T _WiFiNetworkGetTypeID
00005dc8 T _WiFiNetworkIsAdHoc
00006524 T _WiFiNetworkIsApplePersonalHotspot
000059d4 T _WiFiNetworkIsCaptive
000060f0 T _WiFiNetworkIsEAP
0000597c T _WiFiNetworkIsEnabled
00007078 T _WiFiNetworkIsHidden
00007040 T _WiFiNetworkIsHiddenSSID
00005b28 T _WiFiNetworkIsMultiAPEnvironment
00005a9c T _WiFiNetworkIsWAPI
00005a7c T _WiFiNetworkIsWAPICERT
00005a8c T _WiFiNetworkIsWAPIPSK
000059a8 T _WiFiNetworkIsWEP
00005fec T _WiFiNetworkIsWPA
0000653c T _WiFiNetworkIsWoWAllowed
000071ec T _WiFiNetworkMerge
00006c88 T _WiFiNetworkMergeForAssociation
00007188 T _WiFiNetworkMergeProperties
00006a44 T _WiFiNetworkPrepareNetworkChannelList
00006f60 T _WiFiNetworkRemovePassword
0000610c T _WiFiNetworkRequiresIdentity
00005f04 T _WiFiNetworkRequiresOneTimePassword
00006244 T _WiFiNetworkRequiresPassword
00006178 T _WiFiNetworkRequiresUsername
00006b68 T _WiFiNetworkSetAssociationDate
00006bbc T _WiFiNetworkSetDirectedState
00006bf0 T _WiFiNetworkSetFloatProperty
00006c50 T _WiFiNetworkSetIntProperty
000068fc T _WiFiNetworkSetNetworkChannelList
00006c38 T _WiFiNetworkSetNetworkUsage
00006f70 T _WiFiNetworkSetPassword
00006680 T _WiFiNetworkSetProperty
00006b88 T _WiFiNetworkSetWEP
00006784 T _WiFiNetworkSetWPA
00005cbc T _WiFiNetworkSortNetworksByLastUsedDate
000065f8 T _WiFiNetworkSortNetworksByUsageTime
00001538 T _WiFiPortCacheAdd
00001494 T _WiFiPortCacheCopy
000014dc T _WiFiPortCacheCopyWithType
00001500 T _WiFiPortCacheRemove
0000765c T _WiFiSecurityCopyPassword
00007808 T _WiFiSecurityRemovePassword
000078b0 T _WiFiSecuritySetPassword
00001010 T __CFArrayCreateMutableCopyOfCFSet
00000e2c T __CFDictinoarySetFloatValue
00000e74 T __CFDictionarySetIntValue
00000dac T __CFMachPortCreateWithPort
00000dc0 T __CFPropertyListCreateBinaryData
         U __CFRuntimeCreateInstance
         U __CFRuntimeRegisterClass
00000fb4 T __CFSetCreateMutableCopyOfCFArray
00000eac T __CFTypeGetFloatValue
00000efc T __CFTypeGetIntValue
00000e0c T __CFValidateType
000099f0 b __MergedGlobals
00009790 d __MergedGlobals
000099e0 b __MergedGlobals1
         U __SC_CFMachPortCreateWithPort
00001138 T __WiFiCopyEnabledNetworks
00001304 T __WiFiCreateNetworksFromRecords
000011b4 T __WiFiCreateNetworksFromRecordsWithRSSIBounds
00001398 T __WiFiCreateRecordsFromNetworks
00001314 T __WiFiCreateRecordsFromNetworksWithType
000058bc T __WiFiDeviceClientCreate
00005174 T __WiFiDeviceClientDispatchAssociationResult
00005204 T __WiFiDeviceClientDispatchBssidEvent
0000522c T __WiFiDeviceClientDispatchLinkEvent
000051f4 T __WiFiDeviceClientDispatchPowerEvent
000051e4 T __WiFiDeviceClientDispatchRemovalEvent
00005214 T __WiFiDeviceClientDispatchScanCacheUpdateEvent
00005160 T __WiFiDeviceClientDispatchScanResults
00005194 T __WiFiDeviceClientDispatchStartNetworkResult
000051c4 T __WiFiDeviceClientDispatchStopNetworkResult
00005a04 T __WiFiNetworkSetState
00000d1c T __WiFiPreferencesLock
000013a4 T __WiFiPreferencesUnlock
00000d78 T __WiFiScale
00000f54 T __WiFiScaleRSSI
0000105c T __WiFiSerialize
000010cc T __WiFiUnserializeAndVMDealloc
00001afc t __Xwifi_manager_client_dispatch_association_result
00001e08 t __Xwifi_manager_client_dispatch_event
000018f0 t __Xwifi_manager_client_dispatch_notification
00001a14 t __Xwifi_manager_client_dispatch_scan_results
00001c10 t __Xwifi_manager_client_dispatch_start_network_result
00001d2c t __Xwifi_manager_client_dispatch_stop_network_result
0000104c t ___CFArrayCreateMutableCopyOfCFSetApplier
         U ___CFConstantStringClassReference
00001000 t ___CFSetCreateMutableCopyOfCFArrayApplier
00005dfc t ___WiFiCompareDictionaryValues
00005e74 t ___WiFiCompareSSIDorBSSID
000056b4 t ___WiFiDeviceClientAndEventMask
000098f0 s ___WiFiDeviceClientClass
00005688 t ___WiFiDeviceClientOrEventMask
000058a0 t ___WiFiDeviceClientRegister
00005308 t ___WiFiDeviceClientRelease
000097e0 s ___WiFiMIGMachPortClass
00001604 t ___WiFiMIGMachPortPortCallback
00001730 t ___WiFiMIGMachPortRegister
00001834 t ___WiFiMIGMachPortRelease
00003f20 t ___WiFiManagerClientAddDevice
000040d0 t ___WiFiManagerClientAndEventMask
00004140 t ___WiFiManagerClientAvailableCallback
000098c0 s ___WiFiManagerClientClass
0000479c t ___WiFiManagerClientCopyNetworks
0000473c t ___WiFiManagerClientGetRootDevice
00003f90 t ___WiFiManagerClientGetServerPort
00004ee8 t ___WiFiManagerClientMIGDemuxCallback
000040b4 t ___WiFiManagerClientOrEventMask
00004f4c t ___WiFiManagerClientRegister
000050c8 t ___WiFiManagerClientRelease
0000486c t ___WiFiManagerClientSetNetworkState
00009930 s ___WiFiNetworkClass
00005f3c t ___WiFiNetworkContainsAuthSelector
0000759c t ___WiFiNetworkCopyDesc
000073d4 t ___WiFiNetworkEqual
0000608c t ___WiFiNetworkGetAuthFlags
00005a54 t ___WiFiNetworkGetWAPIPolicy
00007580 t ___WiFiNetworkHash
0000605c t ___WiFiNetworkIsEAP
00005fa4 t ___WiFiNetworkIsWPA
00005ff8 t ___WiFiNetworkIsWPAEAP
000064a4 t ___WiFiNetworkIsWoWAllowed
00007214 t ___WiFiNetworkRegister
00005a38 t ___WiFiNetworkRelease
         U ___assert_rtn
00008a70 s ___func__.21048
000099ec b ___wiFiDeviceTypeID
000097cc d ___wiFiDeviceTypeInit
000099e8 b ___wiFiManagerTypeID
000097c4 d ___wiFiManagerTypeInit
000097d4 d ___wifiNetworkTypeInit
000099dc S __dateFormatter
000044d8 T __wifi_manager_client_dispatch_association_result
00004244 T __wifi_manager_client_dispatch_event
00004618 T __wifi_manager_client_dispatch_notification
0000458c T __wifi_manager_client_dispatch_scan_results
00004400 T __wifi_manager_client_dispatch_start_network_result
00004374 T __wifi_manager_client_dispatch_stop_network_result
00009810 S __wifi_manager_client_subsystem
         U _bcmp
         U _bcopy
         U _bootstrap_look_up
         U _bootstrap_port
         U _bzero
         U _free
         U _getpid
         U _kCFAllocatorDefault
         U _kCFAllocatorNull
         U _kCFBooleanFalse
         U _kCFBooleanTrue
         U _kCFStreamPropertyDataWritten
         U _kCFTypeArrayCallBacks
         U _kCFTypeDictionaryKeyCallBacks
         U _kCFTypeDictionaryValueCallBacks
         U _kCFTypeSetCallBacks
         U _kCNSCaptiveNetworkProperty
         U _kIOMasterPortDefault
         U _kSecAttrAccessible
         U _kSecAttrAccessibleAfterFirstUnlock
         U _kSecAttrAccessibleAlways
         U _kSecAttrAccount
         U _kSecAttrService
         U _kSecClass
         U _kSecClassGenericPassword
         U _kSecReturnData
         U _kSecValueData
000099b4 S _kWiFiDeviceCapabilitiesKey
000099cc S _kWiFiDeviceSupportsWAPIKey
000099b8 S _kWiFiDeviceSupportsWoWKey
000099b0 S _kWiFiDeviceVendorIDKey
000099bc S _kWiFiLoggingEnabledKey
000099c0 S _kWiFiLoggingFileEnabledKey
000099c4 S _kWiFiLoggingFileKey
000099d0 S _kWiFiManagerDisableBlackListKey
000099a0 S _kWiFiNetworkEnterpriseProfile
0000999c S _kWiFiNetworkEnterpriseProfileKey
000099c8 S _kWiFiPreferenceCustomNetworksSettingsKey
000099d8 S _kWiFiPreferenceMStageAutoJoinKey
00009998 S _kWiFiRSSIThresholdKey
000099a8 S _kWiFiScaledRSSIKey
000099ac S _kWiFiScaledRateKey
000099a4 S _kWiFiStrengthKey
000099d4 S _kWiFiTetheringCredentialsKey
         U _mach_msg
         U _mach_msg_destroy
         U _mach_port_deallocate
         U _mach_port_get_attributes
         U _mach_port_set_attributes
         U _mach_task_self_
         U _malloc
000099fc b _masterPort.19637
         U _memcpy
         U _mig_dealloc_reply_port
         U _mig_get_reply_port
         U _mig_put_reply_port
         U _notify_register_mach_port
         U _pthread_mutex_lock
         U _pthread_mutex_unlock
         U _pthread_once
         U _vm_deallocate
         U _vm_read
00002228 T _wifi_device_assoc_async
00002bd0 T _wifi_device_copy_current_network
00002934 T _wifi_device_copy_networks
00002e54 T _wifi_device_copy_property
00002294 T _wifi_device_disassociate
00002d1c T _wifi_device_get_power
00002a88 T _wifi_device_scan_async
0000207c T _wifi_device_set_event_mask
000022ec T _wifi_device_set_power
00002354 T _wifi_device_set_property
000020e4 T _wifi_device_set_wifi_direct_state
000021b8 T _wifi_device_start_network
0000214c T _wifi_device_stop_network
00002830 T _wifi_manager_add_network
00001864 T _wifi_manager_client_server
000018c8 T _wifi_manager_client_server_routine
00002904 T _wifi_manager_close
00003dfc T _wifi_manager_copy_devices
00003cc8 T _wifi_manager_copy_networks
00003b7c T _wifi_manager_copy_property
00002688 T _wifi_manager_dispatch_notification_response
00003824 T _wifi_manager_get_ask_to_join_state
000031dc T _wifi_manager_get_association_mode
0000360c T _wifi_manager_get_mis_discovery_state
00003718 T _wifi_manager_get_mis_state
00003a3c T _wifi_manager_get_network_state
00003930 T _wifi_manager_get_power
000032e8 T _wifi_manager_get_retry_cap
000033f4 T _wifi_manager_get_wow_capability
00003500 T _wifi_manager_get_wow_state
000030d0 T _wifi_manager_is_tethering_supported
00002fb0 T _wifi_manager_mis_copy_password
000023c8 T _wifi_manager_mis_set_password
00001ee4 T _wifi_manager_open
00002760 T _wifi_manager_remove_network
000024a8 T _wifi_manager_set_association_mode
00002024 T _wifi_manager_set_background_scan_networks
00002464 T _wifi_manager_set_client_type
00002644 T _wifi_manager_set_enable_state
00002420 T _wifi_manager_set_event_mask
00002574 T _wifi_manager_set_mis_discovery_state
000025bc T _wifi_manager_set_mis_state
000026f4 T _wifi_manager_set_network_state
00002600 T _wifi_manager_set_power
00002898 T _wifi_manager_set_property
000024ec T _wifi_manager_set_retry_cap
00002530 T _wifi_manager_set_wow_state
000027c8 T _wifi_manager_update_network
         U dyld_stub_binder

Original comment by sebastia...@web.de on 30 Jun 2011 at 1:41

[GoogleCodeExporter]

I too ran into this issue when testing on iOS 5 beta 4.  Has anyone made any 
progress with this since the last post?

I am going to scour a jailed iOS 5 device to see if anything turns up on 
there...

Original comment by mattvlas...@gmail.com on 30 Jul 2011 at 2:23

[GoogleCodeExporter]

Has anybody made any progress?  I need to reproduce the functionality of

Apple80211Open
Apple80211Close
Apple80211BindToInterface
Apple80211Associate
Apple80211Scan
Apple80211GetInfoCopy

I guess 

_wifi_manager_open
_wifi_manager_close

are obvious. How about binding to en0?

Original comment by c...@crimtec.com on 13 Oct 2011 at 7:44

[GoogleCodeExporter]

Previously to the WifiManager.framework the MobileWifi.framework was used, am I 
wrong? But symbols do not match...

Original comment by robestra...@gmail.com on 13 Oct 2011 at 9:27

[GoogleCodeExporter]

Hi sebastia...@web.de. It looks you got some good progress.
can you please share how did you managed to get above result from WifiManager?
I started again to figure out a solution.

Original comment by tso...@gmail.com on 14 Oct 2011 at 7:55

[GoogleCodeExporter]

The new "Airport Utility" app from Apple probably uses the new Framework. It 
seems to be scanning for Airport Base stations. Maybe we can decompile the app 
and see what it does?

Original comment by iwha...@gmail.com on 14 Oct 2011 at 8:55

[GoogleCodeExporter]

iwhacko that was actually a very good idea.

Here's a "nm AirPort" to see if it makes sense to anyone (a lot of WifiManager* 
functions)

http://pastebin.com/WSNRvWv1

Original comment by filipe.p...@impactzero.pt on 14 Oct 2011 at 9:42

[GoogleCodeExporter]

I've had some experience with decompiling OSX apps, will try to see what I can 
do with the iPhone app. But that must wait until the weekend. Until then, if 
someone else feels like it, go ahead.

Original comment by iwha...@gmail.com on 14 Oct 2011 at 9:58

[GoogleCodeExporter]

I've tried using class_dump on MobileWifi, but that was pretty useless, all 
I've got was an empty header file.

Original comment by robestra...@gmail.com on 14 Oct 2011 at 11:13

[GoogleCodeExporter]

Then the framework is probably compiled in C instead of Objective-C. Those are 
pretty difficult to reverse engineer.

Original comment by iwha...@gmail.com on 14 Oct 2011 at 11:20

[GoogleCodeExporter]

http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appsto
re-binaries
http://pwnhome.wordpress.com/2009/04/14/basic-reverse-engineering/
http://blog.zynamics.com/2010/04/27/objective-c-reversing-i/
https://github.com/zynamics/objc-helper-plugin-ida

Some links on how to reverse engineer iPhone stuff.

Original comment by iwha...@gmail.com on 14 Oct 2011 at 11:49

[GoogleCodeExporter]

Has anyone made progress on this? I got stuck when class-dump failed and 
haven't got any time to check the links that #14 provided, thanks for them 
anyway I'll check them out.

Original comment by robestra...@gmail.com on 17 Oct 2011 at 3:05

[GoogleCodeExporter]

It seems like someone already figured it out. WiFiFoFum (an app for wifi 
scanning) has an update for the jailbreak community that claims it has been 
fixed to work with iOS 5:

http://www.pokmol.com/download-wififofum-app-for-ios-5-wifi-detector-analyzer-fo
r-iphone/

I wonder how they did it.

Original comment by agrana...@gmail.com on 19 Oct 2011 at 12:30

[GoogleCodeExporter]

that makes it easier (a bit) instead of reversing the aiport utility, which is 
signed, we can decompile the unsigned wififofum app :P

Original comment by iwha...@gmail.com on 19 Oct 2011 at 8:05

[GoogleCodeExporter]

Reversing WiFiFofum I found that is using the IPConfiguration.bundle instead of 
WiFiManager.bundle, did an nm et voila, the Apple80211Functions were there. 

Can anyone confirm if they work right out of the box with the existing code? I 
have no iOS 5 device at hand...

Original comment by robestra...@gmail.com on 19 Oct 2011 at 8:27

[GoogleCodeExporter]

I can try... 
libHandle = 
dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/WiFiManager",
 RTLD_LAZY);

does this look alright? I havent fully reversed WifiFofum yet.. ran class-dump 
but it crashes, and OTX only gave me ARM ASM with some Methodnames

Original comment by iwha...@gmail.com on 19 Oct 2011 at 8:41

[GoogleCodeExporter]

Try libHandle = 
dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfigurati
on", RTLD_LAZY);

Original comment by robestra...@gmail.com on 19 Oct 2011 at 8:43

[GoogleCodeExporter]

Hehe ofcourse... it doesn't crash. However, it doesn't seem to return any 
results on a non-jailbroken device. The log says:

deny system-socket

Original comment by iwha...@gmail.com on 19 Oct 2011 at 9:15

[GoogleCodeExporter]

On iOS 5 I just tried

libHandle = 
dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfigurati
on", RTLD_LAZY);

My app doesn't crash and libHandle and all the function pointers ( i.e. open = 
dlsym(libHandle, "Apple80211Open");) are non NULL.  But when I scan for access 
points the returned array is nil.  I took a shot at binding to en1 but that 
didn't change anything.

Original comment by c...@crimtec.com on 19 Oct 2011 at 9:19

[GoogleCodeExporter]

Anyone else had success with IOS 5.0 X?

I'm two days and this little success. I tried to put IPConfiguration 
Apple80211Open returns null.

Original comment by nin...@gmail.com on 20 Oct 2011 at 3:29

[GoogleCodeExporter]

I tried it on a non-jailbroken device and also get "deny system-socket" when 
performing the scan. Have anyone had a chance to try it out on a jailbroken one?

Original comment by agrana...@gmail.com on 20 Oct 2011 at 6:05

[GoogleCodeExporter]

@robestra (18), could you perhaps share the steps you took, to find that 
WiFiFofum uses the IPConfiguration bundle? This will help me understand a bit 
more about the process, and maybe I can use it if we still need to reverse the 
Airport Utility.

Also, you used "nm" on the IPConfiguration.bundle on the device itself?

If we can figure all of this out, it will make the process easier in the future.

Original comment by iwha...@gmail.com on 20 Oct 2011 at 7:22

[GoogleCodeExporter]

I simply took notepad++ and opened the wififofum binary and looked for 
Apple80211Functions names on the file and the path to the bundles and found it. 

I have no idea if arguments or return types are still the same...

The nm I did was over a dumped IPConfiguration bundle of an iPhone 4 GSM ipsw 
file, you only have to unzip it and decrypt the heavier dmg with a tool lke 
iDecrypt. Keys for the rootfs dmgs can be found putting their filenames at 
google.

Original comment by robestra...@gmail.com on 20 Oct 2011 at 9:32

[GoogleCodeExporter]

alright, thanks for the info, I will check it out after work :)

Original comment by iwha...@gmail.com on 20 Oct 2011 at 9:33

[GoogleCodeExporter]

Hmm I just noticed, that after running an App which tries to use the api, that 
my 3G Data Connection seems to crash. No more internet on my phone, have to 
reboot for it to work again. So I think the API is not completely the same as 
it was.

Original comment by iwha...@gmail.com on 20 Oct 2011 at 9:38

[GoogleCodeExporter]

Just to share... I simply replaced the old framework path with the new one and 
everything works great. Don't know why you guys are getting crashes.

Original comment by fop...@gmail.com on 20 Oct 2011 at 4:57

[GoogleCodeExporter]

Jailbreak or not?

Original comment by iwha...@gmail.com on 20 Oct 2011 at 5:04

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Apple80211Scan function is working but returns null.  
Does anybody know?

Original comment by jeunghwa...@gmail.com on 21 Oct 2011 at 7:47

[GoogleCodeExporter]

It finally works properly or not?

Original comment by robestra...@gmail.com on 23 Oct 2011 at 10:02

[GoogleCodeExporter]

I still haven't gotten the scan to work on iOS 5 with a non jailbroken phone.  
Any idea's?  I can't run with a jailbroken phone for work reasons.

Original comment by c...@crimtec.com on 26 Oct 2011 at 5:55

[GoogleCodeExporter]

I have verified that using the IPConfiguration framework works for jailbroken 
phones, but for non-jailbroken phones I still get the "deny system-socket" 
error when invoking the Apple80211Scan() function. And same as #28, under 
certain circumstances, the 3G data connection breaks after using the API and 
only a reboot will fix it. Don't know why, though.

Original comment by agrana...@gmail.com on 26 Oct 2011 at 6:17

[GoogleCodeExporter]

By the way, one the persons collaborating with me as a beta tester discovered 
that the issue with the 3G data connection may be related to using SemiTether 
(0.7.9-1) in his jailbroken phone. After he removed SemiTether from his phone 
he didn't have any more issues with 3G no matter what he did. I wonder if 
that's the case also in #28. 

Original comment by agrana...@gmail.com on 26 Oct 2011 at 7:31

[GoogleCodeExporter]

no, i don't have mine jailbroken.

Original comment by iwha...@gmail.com on 26 Oct 2011 at 7:38

[GoogleCodeExporter]

@agrana... But I'm using IPConfig framework with a JB iPhone, and scan function 
is returning null, so it is not working, isn´t it? Have you managed to make a 
good wifi scan in a JB iPhone?

I have send some emails to wififofum develoeprs or contact persons but I have 
no answer from them.

I can test in both kind of iPhone, JB and not, so feel free to share what you 
have in order to test anything new.

I have change some libs and frameworks from 4.3.3 to 5.0 so if I get some good 
news I'll post it here.

I jhave notice, that IPConfig terminal command is working properly through SSH 
terminal, was this command working in iPhone JB before iOS 5?

Original comment by m.wazowski.00@gmail.com on 27 Oct 2011 at 8:45

[GoogleCodeExporter]

iPseedtouched also seems to use the new API location. http://fopina.co.cc/

It would suck if the framework is not accessible from a non jailbroken device. 
But Then again, Airport Utility also scans for networks.

Original comment by iwha...@gmail.com on 27 Oct 2011 at 10:22

[GoogleCodeExporter]

Hi again, can anybody explain how to use the nm commands? please. I have both 
devices iPhone 4 and iPhone 4 JB, I,m lokking for changes between 4.3.5 and 
iOS5 WiFiManager frameworks.

Other thing, looking at WiFiFofum binary, I have seen some references to 
WFManager Class. I have seen the same kind of names at WiFiPicker framework. 

Original comment by m.wazowski.00@gmail.com on 27 Oct 2011 at 12:52

[GoogleCodeExporter]

Hi again and again...

I have seen that WiFi Analyzer claims that is fixed to iOS 5. I'm trying to 
contact developer for more info.

Original comment by m.wazowski.00@gmail.com on 27 Oct 2011 at 1:24

[GoogleCodeExporter]

Hi, is any body here finally get it working. Please share for future response. 

Original comment by tso...@gmail.com on 31 Oct 2011 at 9:44

[GoogleCodeExporter]

Hi, could it be possible to use this methods in MobileWiFi.framework(found with 
nm MobileWiFi):
00002960 T _wifi_device_scan_async
0000270c T _wifi_manager_close
00001cec T _wifi_manager_open

Could it be possilbe that they are quite simmilar to the Apple802Functions, but 
don't need to bind any longer?
(I mean a device running iOS usualy has only one WiFi-Chip hasn't it?)

Original comment by wurze...@googlemail.com on 2 Nov 2011 at 4:57

[GoogleCodeExporter]

It seems like Airport Utility also uses MobileWiFi.framework. I however have no 
jailbroken phone with iOS5 so I cannot decrypt the binary and run a classdump 
on it. 

Original comment by iwha...@gmail.com on 2 Nov 2011 at 7:48

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Where did the comment(which was #45) from the WiFiFoFum Developer go?????

Which API can you recommend?

Original comment by mabst...@googlemail.com on 3 Nov 2011 at 8:24

[GoogleCodeExporter]

to quote the missing message:

"Hi dev of WiFiFoFum here! You used to be able to use the WiFiManager in a non 
jailbroken app with the   com.apple.wifi.manager-access entitlement, similar to 
how you give your app keychain access or get-task-allow for ad hoc builds. 
Since about Xcode 4.1 you can no longer give that entitlement to your app 
because Xcode throws an error invalid entitlement when you try to deploy. 
Currently the only way to use WiFI in OS 5 is to deploy to /Applications in a 
jailbroken environment and there are several APIs you can use that offer 
various different features."

I can confirm that the Apple Airport Utility has this entitlement in the 
Entitlements.plist. I'll try to see If i can make a build using an old sdk 
tonight, since it apparently doesnt work with xcode 4

Original comment by iwha...@gmail.com on 3 Nov 2011 at 11:55

[GoogleCodeExporter]

Can any body tell me if its possible to get the method signature of 
WiFiDeviceScanAsync?

If yes how can i do this?

I want to try if that Method (in the MobileWifi.framework) works...

Original comment by mabst...@googlemail.com on 7 Nov 2011 at 7:51

[GoogleCodeExporter]

I just test it with my non-jailbreak phone, iOS5:

[Crushed - image not found error]
/System/Library/SystemConfiguration/IPConfiguration.bundle/WiFiManager
/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager

[Crushed with warning] 
warning: check_safe_call: could not restore current frame
warning: Unable to restore previously selected frame.
/System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi

[Did not crush but it returns zero]
/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration

Original comment by kiichi.t...@objectgraph.com on 10 Nov 2011 at 5:04

[GoogleCodeExporter]

Hello their I just update my iPad to iOS5 and xCode to 4.2 and run again my 
previews application with searching AP. I have the same problem.  
I try all these paths and I realize that no one can do anything.. So I have the 
same problem too.. 
I am looking forward to listen from you guys some solutions because I realize 
that your experts. 

I am using a non-jailbreak iOS too, and I can't do it because of my work. 
Thanks all of you for the above info.. 
However if I can try anything and in my device (iPad 2) let me know.. 
good luck!

Original comment by csiloua...@googlemail.com on 11 Nov 2011 at 2:54