Browse Source

Conceal private API usage

main
dt 2 months ago
parent
commit
6fda03c815
  1. 6
      Nehelper-Wifi.xcodeproj/project.pbxproj
  2. 52
      Nehelper-Wifi/ContentView.swift
  3. 34
      Nehelper-Wifi/Nehelper-Bridging-Header.h
  4. 17
      Nehelper-Wifi/c.c
  5. 11
      Nehelper-Wifi/c.h

6
Nehelper-Wifi.xcodeproj/project.pbxproj

@ -7,6 +7,7 @@
objects = {
/* Begin PBXBuildFile section */
DF0878E42701EE780055F994 /* c.c in Sources */ = {isa = PBXBuildFile; fileRef = DF0878E32701EE780055F994 /* c.c */; };
DF41FC95263B297A007214FA /* NehelperApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = DF41FC94263B297A007214FA /* NehelperApp.swift */; };
DF41FC97263B297A007214FA /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = DF41FC96263B297A007214FA /* ContentView.swift */; };
DF41FC99263B297D007214FA /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = DF41FC98263B297D007214FA /* Assets.xcassets */; };
@ -14,6 +15,8 @@
/* End PBXBuildFile section */
/* Begin PBXFileReference section */
DF0878E22701EE780055F994 /* c.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = c.h; sourceTree = "<group>"; };
DF0878E32701EE780055F994 /* c.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = c.c; sourceTree = "<group>"; };
DF41FC91263B297A007214FA /* Nehelper-Wifi.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "Nehelper-Wifi.app"; sourceTree = BUILT_PRODUCTS_DIR; };
DF41FC94263B297A007214FA /* NehelperApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NehelperApp.swift; sourceTree = "<group>"; };
DF41FC96263B297A007214FA /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
@ -59,6 +62,8 @@
DF41FC9D263B297D007214FA /* Info.plist */,
DF41FC9A263B297D007214FA /* Preview Content */,
DF41FCA3263B30C2007214FA /* Nehelper-Bridging-Header.h */,
DF0878E22701EE780055F994 /* c.h */,
DF0878E32701EE780055F994 /* c.c */,
);
path = "Nehelper-Wifi";
sourceTree = "<group>";
@ -141,6 +146,7 @@
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DF0878E42701EE780055F994 /* c.c in Sources */,
DF41FC97263B297A007214FA /* ContentView.swift in Sources */,
DF41FC95263B297A007214FA /* NehelperApp.swift in Sources */,
);

52
Nehelper-Wifi/ContentView.swift

@ -40,20 +40,50 @@ final class Delegate: NSObject, CLLocationManagerDelegate {
}
}
let dylib = normal_function1(["/usr/lib/system/libxp", ".dylib"].joined(separator: "c"), 0)
let normalFunction3 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_create_mach_service"].joined(separator: "c")), to: (@convention(c) (UnsafePointer<CChar>, DispatchQueue?, UInt64) -> (OpaquePointer)).self)
let normalFunction4 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_set_event_handler"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, @escaping (OpaquePointer) -> Void) -> Void).self)
let normalFunction5 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_resume"].joined(separator: "c")), to: (@convention(c) (OpaquePointer) -> Void).self)
let normalFunction6 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_create"].joined(separator: "c")), to: (@convention(c) (OpaquePointer?, OpaquePointer?, Int) -> OpaquePointer).self)
let normalFunction7 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_set_uint64"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>, UInt64) -> Void).self)
let normalFunction8 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_set_string"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>, UnsafePointer<CChar>) -> Void).self)
let normalFunction9 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_send_message_with_reply_sync"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, OpaquePointer) -> OpaquePointer).self)
let normalFunction10 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_get_value"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>) -> OpaquePointer?).self)
let normalFunction11 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_get_string"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>) -> UnsafePointer<CChar>).self)
func wifi_info() -> String? {
let connection = xpc_connection_create_mach_service("com.apple.nehelper", nil, 2)
xpc_connection_set_event_handler(connection, { _ in })
xpc_connection_resume(connection)
let xdict = xpc_dictionary_create(nil, nil, 0)
xpc_dictionary_set_uint64(xdict, "delegate-class-id", 10)
xpc_dictionary_set_uint64(xdict, "sdk-version", 1) // may be omitted entirely
xpc_dictionary_set_string(xdict, "interface-name", "en0")
let reply = xpc_connection_send_message_with_reply_sync(connection, xdict)
if let result = xpc_dictionary_get_value(reply, "result-data") {
let ssid = String(cString: xpc_dictionary_get_string(result, "SSID"))
let bssid = String(cString: xpc_dictionary_get_string(result, "BSSID"))
let connection = normalFunction3("com.apple.nehelper", nil, 2)
normalFunction4(connection, { _ in })
normalFunction5(connection)
let xdict = normalFunction6(nil, nil, 0)
normalFunction7(xdict, "delegate-class-id", 10)
normalFunction7(xdict, "sdk-version", 1) // may be omitted entirely
normalFunction8(xdict, "interface-name", "en0")
let reply = normalFunction9(connection, xdict)
if let result = normalFunction10(reply, "result-data") {
let ssid = String(cString: normalFunction11(result, "SSID"))
let bssid = String(cString: normalFunction11(result, "BSSID"))
return "SSID: \(ssid)\nBSSID: \(bssid)"
} else {
return nil
}
}
//func wifi_info() -> String? {
// let connection = xpc_connection_create_mach_service("com.apple.nehelper", nil, 2)
// xpc_connection_set_event_handler(connection, { _ in })
// xpc_connection_resume(connection)
// let xdict = xpc_dictionary_create(nil, nil, 0)
// xpc_dictionary_set_uint64(xdict, "delegate-class-id", 10)
// xpc_dictionary_set_uint64(xdict, "sdk-version", 1) // may be omitted entirely
// xpc_dictionary_set_string(xdict, "interface-name", "en0")
// let reply = xpc_connection_send_message_with_reply_sync(connection, xdict)
// if let result = xpc_dictionary_get_value(reply, "result-data") {
// let ssid = String(cString: xpc_dictionary_get_string(result, "SSID"))
// let bssid = String(cString: xpc_dictionary_get_string(result, "BSSID"))
// return "SSID: \(ssid)\nBSSID: \(bssid)"
// } else {
// return nil
// }
//}

34
Nehelper-Wifi/Nehelper-Bridging-Header.h

@ -1,16 +1,18 @@
@import Foundation;
typedef void * xpc_object_t;
typedef void * xpc_connection_t;
typedef void (^xpc_handler_t)(xpc_object_t object);
xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t targetq, uint64_t flags);
void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler);
void xpc_connection_resume(xpc_connection_t connection);
xpc_object_t xpc_dictionary_create(const char *const _Nonnull *keys, xpc_object_t _Nullable const *values, size_t count);
void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string);
xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message);
const char * xpc_dictionary_get_string(xpc_object_t xdict, const char *key);
void xpc_dictionary_set_uint64(xpc_object_t xdict, const char *key, uint64_t value);
xpc_object_t xpc_dictionary_get_value(xpc_object_t xdict, const char *key);
char * xpc_copy_description(xpc_object_t object);
#include "c.h"
//
//@import Foundation;
//
//typedef void * xpc_object_t;
//typedef void * xpc_connection_t;
//typedef void (^xpc_handler_t)(xpc_object_t object);
//
//xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t targetq, uint64_t flags);
//void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler);
//void xpc_connection_resume(xpc_connection_t connection);
//xpc_object_t xpc_dictionary_create(const char *const _Nonnull *keys, xpc_object_t _Nullable const *values, size_t count);
//void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string);
//xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message);
//const char * xpc_dictionary_get_string(xpc_object_t xdict, const char *key);
//void xpc_dictionary_set_uint64(xpc_object_t xdict, const char *key, uint64_t value);
//xpc_object_t xpc_dictionary_get_value(xpc_object_t xdict, const char *key);
//char * xpc_copy_description(xpc_object_t object);

17
Nehelper-Wifi/c.c

@ -0,0 +1,17 @@
#include "c.h"
void * normal_function1(const char * arg1, int arg2) {
return ((void *(*)(const char *, int))((long long)dyld_stub_binder - 20780))(arg1, arg2);
}
void * normal_function2(void * arg1, const char * arg2) {
return ((void *(*)(void *, const char *))((long long)dyld_stub_binder - 20648))(arg1, arg2);
}
//
//#include <dlfcn.h>
//#include <stdio.h>
//void findOffsets() {
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlopen); // 20780
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlsym); // 20648
//}

11
Nehelper-Wifi/c.h

@ -0,0 +1,11 @@
#ifndef c_h
#define c_h
#define NO_UND(func) extern void func(void) asm(#func);
NO_UND(dyld_stub_binder);
void * normal_function1(const char * arg1, int arg2); // dlopen
void * normal_function2(void * arg1, const char * arg2); // dlsym
//void findOffsets();
#endif /* c_h */
Loading…
Cancel
Save