Build and Use Mobile Substrate on non-jail broken device

Discussion in 'iOS Development' started by rhodesy22, Jan 12, 2010.

  1. rhodesy22

    rhodesy22 New Member

    Joined:
    Sep 29, 2007
    Messages:
    16
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    Hey all!

    I'm in the middle of creating an enterprise app which would be the only app on the iPhone/iPod touch.

    I have been using dlopen for various bits and pieces such as accessing the WiFi, and for this I've managed to not need to jail break the phone (jail breaking will add a lot of legal loops)

    I've come across the need to interact with incoming sms and phone calls and for this I know I need to inject code into the Springboard app.

    The only way I've seen this is through using the Mobile Substrate code. I realise this would normally be loaded in the core of the file system and that it would also by default look in /Library/MobileSubstrate/DynamicLibraries to load a library I've made.

    What I want to do is to either find a different way of doing this (like a slim
    med down method from what MS does) or otherwise compile a custom MS library, include it with the app I'm creating and then use that instead of what would otherwise be in the core of the file system.

    Has anyone got any ideas or observations - any help would be much appreciated!

    Thanks!
  2. hyernado

    hyernado New Member

    Joined:
    Apr 13, 2009
    Messages:
    127
    Likes Received:
    0
    Device:
    2G iPod touch
    Not possible: you can not hook into a nno jailbroken springboard.
  3. ish1tsn0w

    ish1tsn0w Member

    Joined:
    Jan 8, 2010
    Messages:
    854
    Likes Received:
    3
    Device:
    2G iPod touch
  4. lauNchD

    lauNchD Well-Known Member

    Joined:
    Jan 27, 2008
    Messages:
    1,844
    Likes Received:
    261
    Device:
    iPhone 5 (Black)
    In theory, you could install MobileSubstrate or something like it, as long as

    • You have an official Apple certificate
    • Your app won't be in the App Store (obvious)
    • You're willing to do some hacking
    • You sign EVERYTHING you put on the phone (also dylibs)

    You could try to get root permissions (PW: always "alpine" because the phones aren't jailbroken), remount the system partition as writable and install your hook (you probably don't need MobileSubstrate because simple hooks can be achieved using method_exchangeImplementations).
    Probably Apple's sandbox prevents these kinds of things, but you never know if there's a loop that Apple didn't think of.
  5. rhodesy22

    rhodesy22 New Member

    Joined:
    Sep 29, 2007
    Messages:
    16
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    That sounds great thanks a lot!

    The devices will be provided by us pre-installed with the app - we just can't have it jail broken and it's purpose will only be for this app.

    How would I go about building the Mobile Substrate - I've never had to build a dylib before - I've seen how to code sign the files though.

    thanks again!!!!
  6. Axis

    Axis Super Moderator Staff Member

    Joined:
    Dec 2, 2007
    Messages:
    6,288
    Likes Received:
    133
    Device:
    iPhone 4S (White)
    You can't write to the system partition without jailbreaking.
  7. rhodesy22

    rhodesy22 New Member

    Joined:
    Sep 29, 2007
    Messages:
    16
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    Sure but this wouldn't be writing to it, it would be loading the dlopen technique and if I were to build the mobile substrate myself then I could use that to interface with the springboard injection.

    I can do this:

    libHandle = dlopen("/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager", RTLD_LAZY);

    without jailbreaking...
  8. lauNchD

    lauNchD Well-Known Member

    Joined:
    Jan 27, 2008
    Messages:
    1,844
    Likes Received:
    261
    Device:
    iPhone 5 (Black)
    I totally agree; I know my post sounds kind of foolish, but there might be a way around having to write to the root FS using the plethora of undocumented functions.
    You can read the system partition (how else would App Store apps be able to use all of the iPhone's frameworks?) and you can probably execute shell commands (as long as they actually exist or you supply & sign them), so you could theoretically store an environment variable like DYLD_INSERT_LIBRARIES.

Share This Page