From 10875d50bc2472b2811540fbe0b79caaab7b5c33 Mon Sep 17 00:00:00 2001 From: Sh4w <36655200+sledgeh4w@users.noreply.github.com> Date: Sat, 4 May 2024 02:03:18 +0800 Subject: [PATCH] Enable UIDevice to get device info (#73) --- examples/example_ios_ali_vmp_sign.py | 7 ------- examples/example_ios_bangbang.py | 7 ------- src/chomper/os/ios/hooks.py | 18 +++++++++++++++++- src/chomper/os/ios/os.py | 18 ++++++++++++++---- 4 files changed, 31 insertions(+), 19 deletions(-) diff --git a/examples/example_ios_ali_vmp_sign.py b/examples/example_ios_ali_vmp_sign.py index 5a8915d..bb9e48b 100644 --- a/examples/example_ios_ali_vmp_sign.py +++ b/examples/example_ios_ali_vmp_sign.py @@ -43,12 +43,6 @@ def hook_ns_bundle(emu): emu.add_interceptor("-[NSBundle infoDictionary]", hook_retval(pyobj2nsobj(emu, bundle_info))) -def hook_ui_device(emu): - emu.add_interceptor("-[UIDevice systemVersion]", hook_retval(pyobj2nsobj(emu, "14.4.0"))) - emu.add_interceptor("-[UIDevice name]", hook_retval(pyobj2nsobj(emu, "iPhone"))) - emu.add_interceptor("-[UIDevice model]", hook_retval(pyobj2nsobj(emu, "iPhone13,1"))) - - def main(): emu = Chomper( arch=ARCH_ARM64, @@ -61,7 +55,6 @@ def main(): objc = ObjC(emu) hook_ns_bundle(emu) - hook_ui_device(emu) # Skip a file operation emu.add_interceptor("_fopen", hook_retval(0)) diff --git a/examples/example_ios_bangbang.py b/examples/example_ios_bangbang.py index d6a5ae4..706f355 100644 --- a/examples/example_ios_bangbang.py +++ b/examples/example_ios_bangbang.py @@ -30,12 +30,6 @@ def hook_sec_item(emu): emu.add_interceptor("_CFRelease", hook_retval(0)) -def hook_ui_device(emu): - emu.add_interceptor("-[UIDevice systemVersion]", hook_retval(pyobj2nsobj(emu, "14.4.0"))) - emu.add_interceptor("-[UIDevice name]", hook_retval(pyobj2nsobj(emu, "iPhone"))) - emu.add_interceptor("-[UIDevice model]", hook_retval(pyobj2nsobj(emu, "iPhone13,1"))) - - def main(): emu = Chomper( arch=ARCH_ARM64, @@ -48,7 +42,6 @@ def main(): objc = ObjC(emu) hook_sec_item(emu) - hook_ui_device(emu) emu.load_module(os.path.join(base_path, "ios/apps/com.ceair.b2m/ceair_iOS_branch")) diff --git a/src/chomper/os/ios/hooks.py b/src/chomper/os/ios/hooks.py index 9ef0228..9709109 100644 --- a/src/chomper/os/ios/hooks.py +++ b/src/chomper/os/ios/hooks.py @@ -8,6 +8,7 @@ from unicorn.unicorn import UC_HOOK_CODE_TYPE from chomper.utils import pyobj2nsobj +from chomper.objc import ObjC hooks: Dict[str, UC_HOOK_CODE_TYPE] = {} @@ -431,13 +432,28 @@ def hook_os_log_type_enabled(uc, address, size, user_data): return 0 +@register_hook("_MGCopyAnswer") +def hook_mg_copy_answer(uc, address, size, user_data): + emu = user_data["emu"] + objc = ObjC(emu) + + str_ptr = objc.msg_send(emu.get_arg(0), "cStringUsingEncoding:", 4) + key = emu.read_string(str_ptr) + + if key in emu.os.device_info: + return pyobj2nsobj(emu, emu.os.device_info[key]) + + return 0 + + @register_hook("__CFPreferencesCopyAppValueWithContainerAndConfiguration") def hook_cf_preferences_copy_app_value_with_container_and_configuration( uc, address, size, user_data ): emu = user_data["emu"] + objc = ObjC(emu) - str_ptr = emu.read_pointer(emu.get_arg(0) + 0x10) + str_ptr = objc.msg_send(emu.get_arg(0), "cStringUsingEncoding:", 4) key = emu.read_string(str_ptr) if key in emu.os.preferences: diff --git a/src/chomper/os/ios/os.py b/src/chomper/os/ios/os.py index 188d683..c5de69f 100644 --- a/src/chomper/os/ios/os.py +++ b/src/chomper/os/ios/os.py @@ -21,12 +21,13 @@ def __init__(self, emu, **kwargs): self.loader = MachoLoader(emu) - # By hooking functions: - # `__CFPreferencesCopyAppValueWithContainerAndConfiguration`, - # `___CFXPreferencesCopyCurrentApplicationStateWithDeadlockAvoidance`, - # enable the program to obtain preferences. + # By hooking CF preferences related functions, + # enable the program to get preferences. self.preferences = self._default_preferences.copy() + # By hooking `_MGCopyAnswer`, enable `UIDevice` to get device info. + self.device_info = self._default_device_info.copy() + @property def _default_preferences(self) -> dict: """Define default preferences.""" @@ -38,6 +39,15 @@ def _default_preferences(self) -> dict: "AppleLocale": "zh-Hans", } + @property + def _default_device_info(self) -> dict: + """Define default device info.""" + return { + "UserAssignedDeviceName": "iPhone", + "DeviceName": "iPhone13,1", + "ProductVersion": "14.4.0", + } + def _setup_hooks(self): """Initialize the hooks.""" self.emu.hooks.update(get_hooks())