From 0a46fcd8aa7b310fb3f0a134132ac4c37a4228a7 Mon Sep 17 00:00:00 2001 From: Brian Henry Date: Tue, 11 Sep 2018 14:36:44 -0700 Subject: [PATCH] First commit 0.9 because it's not thoroughly tested. --- GCDAsyncSocket-writeData.xm | 7 ++++ GCDAsyncSocketDelegate-didReadData.xm | 8 +++++ Makefile | 12 +++++++ README.md | 47 +++++++++++++++++++++++++++ XMPPFrameworkLogger.plist | 1 + control | 9 +++++ 6 files changed, 84 insertions(+) create mode 100644 GCDAsyncSocket-writeData.xm create mode 100644 GCDAsyncSocketDelegate-didReadData.xm create mode 100644 Makefile create mode 100644 README.md create mode 100644 XMPPFrameworkLogger.plist create mode 100644 control diff --git a/GCDAsyncSocket-writeData.xm b/GCDAsyncSocket-writeData.xm new file mode 100644 index 0000000..d1fa213 --- /dev/null +++ b/GCDAsyncSocket-writeData.xm @@ -0,0 +1,7 @@ +%hook GCDAsyncSocket +- (void)writeData:(NSData *)data withTimeout:(NSTimeInterval)timeout tag:(long)tag { + NSString* xml = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; + NSLog(@"XMPPFramework send: \n%@", xml); + %orig; +} +%end diff --git a/GCDAsyncSocketDelegate-didReadData.xm b/GCDAsyncSocketDelegate-didReadData.xm new file mode 100644 index 0000000..91a31e4 --- /dev/null +++ b/GCDAsyncSocketDelegate-didReadData.xm @@ -0,0 +1,8 @@ +%hook XMPPStream +- (void)socket:(id)sock didReadData:(NSData *)data withTag:(long)tag { + NSString* xml = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; + NSLog(@"XMPPFramework receive:\n%@", xml); + %orig; +} +%end + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..83007ff --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +include $(THEOS)/makefiles/common.mk + +TWEAK_NAME = XMPPFrameworkLogger + +XMPPFrameworkLogger_FILES = $(wildcard *.xm) + +XMPPFrameworkLogger_FRAMEWORKS = UIKit + +include $(THEOS_MAKE_PATH)/tweak.mk + +after-install:: + install.exec "killall -9 SpringBoard" diff --git a/README.md b/README.md new file mode 100644 index 0000000..1ae1d41 --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# XMPPFrameworkLogger + +An iOS jailbreak tweak to log XMPP communication. + +## Background + +[XMPP](https://xmpp.org/) is a protocol for real-time communication, most commonly understood as used in chat apps. [XMPPFramework](https://github.com/robbiehanson/XMPPFramework) is a popular Objective-C XMPP framework. XMPP opens a TCP socket and the XMPP standard dictates the use of TLS. [tcpdump](http://www.tcpdump.org/)'s output is thus garbled nonsense and traditional HTTPS MITM proxies, e.g. [Charles](https://www.charlesproxy.com/), [mitmproxy](https://mitmproxy.org/), don't provide the tooling to supply a certificate of our choosing in this case (it's not HTTP). + +Fortunately, in Objective-C, when a method is called, the memory location of the class's method is looked up in table using the method's name as a string. This table can be altered at runtime, allowing replacing classes' method implementations with our own. This is called [swizzling](https://nshipster.com/method-swizzling/). + +On iOS this requires a jailbroken iPhone. + +[Theos](https://github.com/theos/theos) is a suite of development tools which allows for easy swizzling. + +XMPPFramework uses [CocoaAsyncSocket](https://github.com/robbiehanson/CocoaAsyncSocket) for its underlying socket. This tweak swizzles CocoaAsyncSocket's GCDAsyncSocket's [writeData method](https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncSocket.m#L5838-L5857) and its delegate [didReadData method](https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncSocket.h#L1104-L1108) in XMPPStream, outputting the NSData XML string to NSLog. + +Morally, we have every right to know what data our phones are sending. This tweak could be used as a base to drop XMPP messages you would rather not sent, ala ad-blocking. + +## Installation + +In Terminal, SSH to your jailbroken iOS device: + +`ssh root@192.168.0.0` + +The default password is `alpine`. + +Download using: + +`curl -s "https://api.github.com/repos/BrianHenryIE/XMPPFrameworkLogger/releases/latest" | grep '"browser_download_url":' | sed -E 's/.*"([^"]+)".*/\1/' | xargs -I browser_download_url curl -o ie.brianhenry.xmppframeworklogger.deb browser_download_url -L` + +Install using: + +`dpkg -i ie.brianhenry.xmppframeworklogger.deb` + +To remove: + +`dpkg -r ie.brianhenry.xmppframeworklogger` + +## Use + +Once installed, the tweak will run in any application with XMPPFramework's [XMPPStream](https://github.com/robbiehanson/XMPPFramework/blob/master/Core/XMPPStream.h) class (since that's where the communication terminates). + +To view the logs, open Console on MacOS, select your iOS device, and search "XMPPFramework". + +## Acknowledgements + +Thank you to my friends Eoin and Roisín for the iPhone I had spare to jailbreak, my wife Leah for her patience, and [Dustin Howett](https://github.com/DHowett) for his help on IRC which pushed it over the line. \ No newline at end of file diff --git a/XMPPFrameworkLogger.plist b/XMPPFrameworkLogger.plist new file mode 100644 index 0000000..a6cabe3 --- /dev/null +++ b/XMPPFrameworkLogger.plist @@ -0,0 +1 @@ +{ Filter = { Classes = ( "XMPPStream" ); }; } diff --git a/control b/control new file mode 100644 index 0000000..cc18c8d --- /dev/null +++ b/control @@ -0,0 +1,9 @@ +Package: ie.brianhenry.xmppframeworklogger +Name: XMPPFrameworkLogger +Depends: mobilesubstrate +Version: 0.9 +Architecture: iphoneos-arm +Description: XMPPFramwork (https://github.com/robbiehanson/XMPPFramework) is a popular iOS/Objective-C framework for XMPP communication. It uses CocoaAsyncSocket (https://github.com/robbiehanson/CocoaAsyncSocket) to open a socket. The XMPP standard requires TLS so tcpdump is inadequate to listen to what is being communicated. This tweak hooks into CocoaAsyncSocket/GCDAsyncSocket's writeData method and its delegate method didReadData in XMPPStream to log messages sent and received by XMPPFramework. +Maintainer: BrianHenryIE +Author: Brian Henry +Section: Tweaks