From d52446b2fc58dcde67036eec91661bfa66f1b5d1 Mon Sep 17 00:00:00 2001 From: Diego Perini Date: Fri, 22 Dec 2023 20:10:33 +0300 Subject: [PATCH 1/3] Made dtx sniffing over utun a little bit more friendly to debug --- ios/debugproxy/utun/decoding.go | 10 ++++++++-- ios/dtx_codec/decoder.go | 33 +++++++++++++++++++++++++++++++++ main.go | 4 ++-- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/ios/debugproxy/utun/decoding.go b/ios/debugproxy/utun/decoding.go index 76c83b6a..e20da955 100644 --- a/ios/debugproxy/utun/decoding.go +++ b/ios/debugproxy/utun/decoding.go @@ -7,6 +7,7 @@ import ( "encoding/binary" "encoding/json" "errors" + "fmt" "io" dtx "github.com/danielpaulus/go-ios/ios/dtx_codec" @@ -116,12 +117,14 @@ func decodeRemoteXpc(w io.Writer, r io.Reader) error { log.Info("file transfer started, skipping remaining data ") return nil } + + fmt.Fprintf(w, "\n") } } func decodeRemoteDtx(w io.Writer, r io.Reader) error { for { - m, err := dtx.ReadMessage(r) + m, err := dtx.ReadMessageNonBlocking(r) if err != nil { if errors.Is(err, io.EOF) { return nil @@ -129,9 +132,12 @@ func decodeRemoteDtx(w io.Writer, r io.Reader) error { return err } - buf := bytes.NewBufferString(m.StringDebug() + "\n") + buf := bytes.NewBufferString(m.StringDebug()) if _, err := io.Copy(w, buf); err != nil { return err } + + fmt.Fprintf(w, "\nRaw Bytes:%x", m.RawBytes) + fmt.Fprintf(w, "\n\n") } } diff --git a/ios/dtx_codec/decoder.go b/ios/dtx_codec/decoder.go index cb667001..90575903 100644 --- a/ios/dtx_codec/decoder.go +++ b/ios/dtx_codec/decoder.go @@ -3,6 +3,7 @@ package dtx import ( "bytes" "encoding/binary" + "encoding/json" "fmt" "io" @@ -92,6 +93,36 @@ func ReadMessage(reader io.Reader) (Message, error) { return result, nil } +// ReadMessage uses the reader to fully read a Message from it in non-blocking mode. User for sniffing the utun interface. +func ReadMessageNonBlocking(reader io.Reader) (Message, error) { + header := make([]byte, 32) + _, err := io.ReadFull(reader, header) + if err != nil { + return Message{}, err + } + if binary.BigEndian.Uint32(header) != DtxMessageMagic { + return Message{}, NewOutOfSync(fmt.Sprintf("Wrong Magic: %x", header[0:4])) + } + result := readHeader(header) + + messageLength := result.MessageLength + + remainingBytes := make([]byte, messageLength) + _, err = io.ReadFull(reader, remainingBytes) + if err != nil { + d, _ := json.Marshal(result) + log.Printf("%s", string(d)) + + return Message{}, err + } + + m, _, err := DecodeNonBlocking(append(header, remainingBytes[:]...)) + if err != nil { + return Message{}, err + } + return m, nil +} + // DecodeNonBlocking should only be used for the debug proxy to on the fly decode DtxMessages. // It is used because if the Decoder encounters an error, we can still keep reading and forwarding the raw bytes. // This ensures that the debug proxy keeps working and the byte dump can be used to fix the DtxDecoder @@ -159,6 +190,8 @@ func DecodeNonBlocking(messageBytes []byte) (Message, []byte, error) { result.RawBytes = messageBytes[:totalMessageLength] if result.HasPayload() { + log.Printf("BYTESSSSSSSSS: %s", result.RawBytes) + payload, err := result.parsePayloadBytes(result.RawBytes) if err != nil { return Message{}, make([]byte, 0), err diff --git a/main.go b/main.go index 327fd36e..cca866df 100644 --- a/main.go +++ b/main.go @@ -101,7 +101,7 @@ Usage: ios ps [--apps] [options] ios ip [options] ios forward [options] - ios dproxy [--binary] + ios dproxy [--binary] [--mode= --iface= --address= --rsd-port=] ios readpair [options] ios pcap [options] [--pid=] [--process=] ios install --path= [options] @@ -199,7 +199,7 @@ The commands work as following: > If you wanna speed it up, open apple maps or similar to force network traffic. > f.ex. "ios launch com.apple.Maps" ios forward [options] Similar to iproxy, forward a TCP connection to the device. - ios dproxy [--binary] [--mode= --iface=] [--address=] [--rsd-port=] Starts the reverse engineering proxy server. + ios dproxy [--binary] [--mode= --iface= --address= --rsd-port=] Starts the reverse engineering proxy server. > It dumps every communication in plain text so it can be implemented easily. > Use "sudo launchctl unload -w /Library/Apple/System/Library/LaunchDaemons/com.apple.usbmuxd.plist" > to stop usbmuxd and load to start it again should the proxy mess up things. From 3383f6207ece12631d31dacad9bf1ce447d2292a Mon Sep 17 00:00:00 2001 From: Diego Perini Date: Fri, 22 Dec 2023 20:16:11 +0300 Subject: [PATCH 2/3] Removed debug logs --- ios/dtx_codec/decoder.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/ios/dtx_codec/decoder.go b/ios/dtx_codec/decoder.go index 90575903..7a5f0351 100644 --- a/ios/dtx_codec/decoder.go +++ b/ios/dtx_codec/decoder.go @@ -190,8 +190,6 @@ func DecodeNonBlocking(messageBytes []byte) (Message, []byte, error) { result.RawBytes = messageBytes[:totalMessageLength] if result.HasPayload() { - log.Printf("BYTESSSSSSSSS: %s", result.RawBytes) - payload, err := result.parsePayloadBytes(result.RawBytes) if err != nil { return Message{}, make([]byte, 0), err From ad0067ab8692dd6faaf805cd71b3537c57f353f7 Mon Sep 17 00:00:00 2001 From: Diego Perini Date: Wed, 17 Jan 2024 17:47:01 +0300 Subject: [PATCH 3/3] Fixed a typo in the code comment docs --- ios/dtx_codec/decoder.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ios/dtx_codec/decoder.go b/ios/dtx_codec/decoder.go index 7a5f0351..1ae80485 100644 --- a/ios/dtx_codec/decoder.go +++ b/ios/dtx_codec/decoder.go @@ -93,7 +93,7 @@ func ReadMessage(reader io.Reader) (Message, error) { return result, nil } -// ReadMessage uses the reader to fully read a Message from it in non-blocking mode. User for sniffing the utun interface. +// ReadMessage uses the reader to fully read a Message from it in non-blocking mode. Used for sniffing the utun interface. func ReadMessageNonBlocking(reader io.Reader) (Message, error) { header := make([]byte, 32) _, err := io.ReadFull(reader, header)