Browse Source

Conceal private API usage

main
dt 2 months ago
parent
commit
e4404bb5ba
  1. 6
      InstalledApps.xcodeproj/project.pbxproj
  2. 44
      InstalledApps/ContentView.swift
  3. 33
      InstalledApps/InstalledApps-Bridging-Header.h
  4. 17
      InstalledApps/c.c
  5. 11
      InstalledApps/c.h

6
InstalledApps.xcodeproj/project.pbxproj

@ -7,6 +7,7 @@
objects = {
/* Begin PBXBuildFile section */
DF0878DD27012D990055F994 /* c.c in Sources */ = {isa = PBXBuildFile; fileRef = DF0878DC27012D990055F994 /* c.c */; };
DFCBF72A2641D11200203294 /* InstalledAppsApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = DFCBF7292641D11200203294 /* InstalledAppsApp.swift */; };
DFCBF72C2641D11200203294 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = DFCBF72B2641D11200203294 /* ContentView.swift */; };
DFCBF72E2641D11400203294 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = DFCBF72D2641D11400203294 /* Assets.xcassets */; };
@ -15,6 +16,8 @@
/* End PBXBuildFile section */
/* Begin PBXFileReference section */
DF0878DC27012D990055F994 /* c.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = c.c; sourceTree = "<group>"; };
DF0878DE270137A50055F994 /* c.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = c.h; sourceTree = "<group>"; };
DFCBF7262641D11200203294 /* InstalledApps.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = InstalledApps.app; sourceTree = BUILT_PRODUCTS_DIR; };
DFCBF7292641D11200203294 /* InstalledAppsApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InstalledAppsApp.swift; sourceTree = "<group>"; };
DFCBF72B2641D11200203294 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
@ -62,6 +65,8 @@
DFCBF7322641D11400203294 /* Info.plist */,
DFCBF72F2641D11400203294 /* Preview Content */,
DFCBF7382641D12C00203294 /* InstalledApps-Bridging-Header.h */,
DF0878DC27012D990055F994 /* c.c */,
DF0878DE270137A50055F994 /* c.h */,
);
path = InstalledApps;
sourceTree = "<group>";
@ -145,6 +150,7 @@
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DF0878DD27012D990055F994 /* c.c in Sources */,
DFCBF72C2641D11200203294 /* ContentView.swift in Sources */,
DFCBF72A2641D11200203294 /* InstalledAppsApp.swift in Sources */,
);

44
InstalledApps/ContentView.swift

@ -27,17 +27,43 @@ struct ContentView: View {
}
}
let dylib = normal_function1(["/usr/lib/system/libxp", ".dylib"].joined(separator: "c"), 0)
let normalFunction3 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_create_mach_service"].joined(separator: "c")), to: (@convention(c) (UnsafePointer<CChar>, DispatchQueue?, UInt64) -> (OpaquePointer)).self)
let normalFunction4 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_set_event_handler"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, @escaping (OpaquePointer) -> Void) -> Void).self)
let normalFunction5 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_resume"].joined(separator: "c")), to: (@convention(c) (OpaquePointer) -> Void).self)
let normalFunction6 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_create"].joined(separator: "c")), to: (@convention(c) (OpaquePointer?, OpaquePointer?, Int) -> OpaquePointer).self)
let normalFunction7 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_set_uint64"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>, UInt64) -> Void).self)
let normalFunction8 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_set_string"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>, UnsafePointer<CChar>) -> Void).self)
let normalFunction9 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_send_message_with_reply_sync"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, OpaquePointer) -> OpaquePointer).self)
let normalFunction10 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_get_value"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>) -> OpaquePointer?).self)
func isAppInstalled(bundleId: String) -> Bool {
let connection = xpc_connection_create_mach_service("com.apple.nehelper", nil, 2)!
xpc_connection_set_event_handler(connection, { _ in })
xpc_connection_resume(connection)
let xdict = xpc_dictionary_create(nil, nil, 0)
xpc_dictionary_set_uint64(xdict, "delegate-class-id", 1)
xpc_dictionary_set_uint64(xdict, "cache-command", 3)
xpc_dictionary_set_string(xdict, "cache-signing-identifier", bundleId)
let reply = xpc_connection_send_message_with_reply_sync(connection, xdict)
if let resultData = xpc_dictionary_get_value(reply, "result-data"), xpc_dictionary_get_value(resultData, "cache-app-uuid") != nil {
let connection = normalFunction3("com.apple.nehelper", nil, 2)
normalFunction4(connection, { _ in })
normalFunction5(connection)
let xdict = normalFunction6(nil, nil, 0)
normalFunction7(xdict, "delegate-class-id", 1)
normalFunction7(xdict, "cache-command", 3)
normalFunction8(xdict, "cache-signing-identifier", bundleId)
let reply = normalFunction9(connection, xdict)
if let resultData = normalFunction10(reply, "result-data"), normalFunction10(resultData, "cache-app-uuid") != nil {
return true
}
return false
}
//
//func isAppInstalled(bundleId: String) -> Bool {
// let connection = xpc_connection_create_mach_service("com.apple.nehelper", nil, 2)!
// xpc_connection_set_event_handler(connection, { _ in })
// xpc_connection_resume(connection)
// let xdict = xpc_dictionary_create(nil, nil, 0)
// xpc_dictionary_set_uint64(xdict, "delegate-class-id", 1)
// xpc_dictionary_set_uint64(xdict, "cache-command", 3)
// xpc_dictionary_set_string(xdict, "cache-signing-identifier", bundleId)
// let reply = xpc_connection_send_message_with_reply_sync(connection, xdict)
// if let resultData = xpc_dictionary_get_value(reply, "result-data"), xpc_dictionary_get_value(resultData, "cache-app-uuid") != nil {
// return true
// }
// return false
//}

33
InstalledApps/InstalledApps-Bridging-Header.h

@ -1,16 +1,19 @@
@import Foundation;
#include "c.h"
typedef void * xpc_object_t;
typedef void * xpc_connection_t;
typedef void (^xpc_handler_t)(xpc_object_t object);
xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t targetq, uint64_t flags);
void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler);
void xpc_connection_resume(xpc_connection_t connection);
xpc_object_t xpc_dictionary_create(const char *const _Nonnull *keys, xpc_object_t _Nullable const *values, size_t count);
void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string);
xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message);
const char * xpc_dictionary_get_string(xpc_object_t xdict, const char *key);
void xpc_dictionary_set_uint64(xpc_object_t xdict, const char *key, uint64_t value);
xpc_object_t xpc_dictionary_get_value(xpc_object_t xdict, const char *key);
char * xpc_copy_description(xpc_object_t object);
//
//@import Foundation;
//
//typedef void * xpc_object_t;
//typedef void * xpc_connection_t;
//typedef void (^xpc_handler_t)(xpc_object_t object);
//
//xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t targetq, uint64_t flags);
//void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler);
//void xpc_connection_resume(xpc_connection_t connection);
//xpc_object_t xpc_dictionary_create(const char *const _Nonnull *keys, xpc_object_t _Nullable const *values, size_t count);
//void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string);
//xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message);
//const char * xpc_dictionary_get_string(xpc_object_t xdict, const char *key);
//void xpc_dictionary_set_uint64(xpc_object_t xdict, const char *key, uint64_t value);
//xpc_object_t xpc_dictionary_get_value(xpc_object_t xdict, const char *key);
//char * xpc_copy_description(xpc_object_t object);

17
InstalledApps/c.c

@ -0,0 +1,17 @@
#include "c.h"
void * normal_function1(const char * arg1, int arg2) {
return ((void *(*)(const char *, int))((long long)dyld_stub_binder - 20780))(arg1, arg2);
}
void * normal_function2(void * arg1, const char * arg2) {
return ((void *(*)(void *, const char *))((long long)dyld_stub_binder - 20648))(arg1, arg2);
}
//
//#include <dlfcn.h>
//#include <stdio.h>
//void findOffsets() {
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlopen); // 20780
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlsym); // 20648
//}

11
InstalledApps/c.h

@ -0,0 +1,11 @@
#ifndef c_h
#define c_h
#define NO_UND(func) extern void func(void) asm(#func);
NO_UND(dyld_stub_binder);
void * normal_function1(const char * arg1, int arg2); // dlopen
void * normal_function2(void * arg1, const char * arg2); // dlsym
//void findOffsets();
#endif /* c_h */
Loading…
Cancel
Save