Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for RemoteXPC #529

Merged
merged 19 commits into from
May 30, 2024
Merged

Add support for RemoteXPC #529

merged 19 commits into from
May 30, 2024

Conversation

oleavr
Copy link
Member

@oleavr oleavr commented May 29, 2024

No description provided.

@oleavr oleavr force-pushed the feature/fruity-remote-xpc-v2 branch 6 times, most recently from b956cde to a9bbd74 Compare May 30, 2024 12:34
oleavr and others added 19 commits May 30, 2024 21:28
@oleavr @hsorbo
plist: Fix support for float and double in to_binary()
859d6cd 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
keyed-archive: Improve NSNumber support
28f7895 
So boolean/float/double values are treated distinctly from int64.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
keyed-archive: Add support for decoding NSData
4865ea0 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
keyed-archive: Add NSArray.add_object()
8a21929 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
keyed-archive: Add support for encoding NSArray
3e86270 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
keyed-archive: Add support for decoding DTTapMessage
c9e541c 
And its subclasses.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
dtx: Bump max message size to 128 MB
333ca2f 
Screenshots can be quite large, and we might in theory be asked to fetch
large files.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
dtx: Fix channel code interpretation for inbound invokes
ed9fcb1 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
dtx: Allow notification payload to be of any type
cf09ba4 
The value is not always an NSDictionary, e.g. in case of a DTTapMessage.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
dtx: Make DTXArgumentList elements visible to consumers
90d6068 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
dtx: Use more appropriate GValue setter for NSObject
2175cc7 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
fruity: Fix spawn() on jailed iOS 17
7ab0cf7 
The jailed equivalent of 827eee3.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
base: Add helpers for handling JSON and GLib.Variant
c0bc5f5 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
meson: Add wrap for ngtcp2
1f820ae 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
meson: Add wrap for lwip
e0d6c29 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
fruity: Add RemoteXPC support
82a68e5 
With two platform integrations:

- macOS: where we use Apple's tunnel, by talking to remotepairingd and
  creating an assertion to ensure the tunnel is up and stays up for as
  long as we need it. The challenging part here was figuring out the
  device-side RemoteServiceDiscovery (RSD) port inside the tunnel, as
  it appears no API exposes it. Our solution is to ask the kernel for
  a list of TCP sockets, and picking out the ones where the foreign
  address is the device-side IPv6 address inside the tunnel, **and**
  where the process that created the socket is remoted. This seems to
  consistenly result in us finding a single socket, connected to the RSD
  port, but we try all of them in case this behavior ends up changing.
- Linux: where we open our own tunnel, assuming the iDevice has been
  mode-switched (e.g. by usbmuxd), and the Linux CDC NCM driver has been
  patched something along the lines of:
  https://lore.kernel.org/all/[email protected]/T/

We don't yet have a platform integration for Windows, as Apple's
software doesn't currently set up a tunnel. The official driver also
appears to keep the USB device busy, meaning we can't easily trigger
a mode-switch. This is an area that needs more research.

Another area that needs future improvement is that we only support
cabled connectivity on macOS. This should be easy to improve on once we
have updated frida-server and frida-gadget so they listen on tunnel
interfaces whenever they appear.

Kudos to @doronz88 for figuring out most of the protocol bits that we
needed.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
meson: Change connectivity option default to enabled
2048115 
So fallbacks trigger, and we build with the same features irrespective
of whether we build with a Frida SDK present.

Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr @hsorbo
meson: Fix build when connectivity deps are subprojects
3a678a3 
Co-authored-by: Håvard Sørbø <[email protected]>
@oleavr
ci: Allow Corellium test steps to fail for now
c8e1ebd 
Until we figure out the stability issue.
@oleavr oleavr force-pushed the feature/fruity-remote-xpc-v2 branch from a42ff44 to c8e1ebd Compare May 30, 2024 19:28
@oleavr oleavr merged commit c8e1ebd into main May 30, 2024
25 of 29 checks passed
@oleavr oleavr deleted the feature/fruity-remote-xpc-v2 branch May 30, 2024 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oleavr