search

samdmarshall / SDMMobileDevice

MobileDevice Implementation
BSD 3-Clause "New" or "Revised" License
574 stars 97 forks source link

Is posible to support send fake location via "com.apple.dt.simulatelocation" service #93

Closed nghiadhd closed 5 years ago

nghiadhd commented 8 years ago

I used Xcode to "Simulate Location" and found it throws the log

com.apple.xpc.launchd[1] (lockdown.6282088763277.com.apple.dt.simulatelocation) <Warning>: com.apple.dt.simulatelocation: This daemon is not allowed to execute. Running anyway.

I also custom iOSConsole to attach into this service and see it throws the same message However I don't know what's next. Could you support this feature?

I know that is undocument but could you guide me how to debug the protocol of existing services as debugserver, afc, etc.

samdmarshall commented 8 years ago

This seems like a lot of work, and this is not a project I can devote lots of time to at the moment. I would suggest you start by decompiling the daemon that runs on iOS to see what it does to send and receive data. I would suspect it follows the same pattern of plists that contain the info as other protocols do. The cases of debugserver and AFC are unique in the sense that they have their own defined protocols. Most of the rest are based on reading and writing plists.

nghiadhd commented 8 years ago

Thank for your feedback I have just jailbreak my iPad to debug daemon process. I found "/Developer/Library/Lockdown/ServiceAgents/com.apple.dt.simulatelocation.plist" on the device. May it will help me a lot.

Otherwise I check the reading & writing plists of other services but they are too different. I also try to use "remote packet capture" (rvictl -s <UDID>) to listen receive packets which sent from Xcode to device but still not success.

So if you have any experiences in the past (support syslog & SpringBoard) please share with me

Thank a lot

nghiadhd commented 8 years ago

I tried to get com.apple.dt.simulatelocation.plist & DTSimulateLocation from real device I also used "otool -tV " to decompile DTSimulateLocation. However still not get helpful info It's not easy to understand other service (aka ScreenShotr). With ScreenShotr, I can easy to identify the protocol to communicate with screenshotr service, but it's not for simulatelocation

com.apple.dt.simulatelocation.plist: https://gist.github.com/nghiadhd/7baf783d6fd0388eca1f96c226a0e204

DTSimulateLocation https://gist.github.com/nghiadhd/86df841cbc84aad85b511446684b2f88

I'm wondering may I need use private framework to communicate with simulatelocation