From 6abad65f39cda87418e5504e6a061b5ba0b73b3b Mon Sep 17 00:00:00 2001 From: Jackson Coxson Date: Wed, 9 Jul 2025 21:18:18 -0600 Subject: [PATCH] Obfuscate service names --- Cargo.lock | 7 +++++++ ffi/Cargo.toml | 1 + idevice/Cargo.toml | 3 +++ idevice/src/services/afc/mod.rs | 4 ++-- idevice/src/services/amfi.rs | 4 ++-- idevice/src/services/core_device_proxy.rs | 4 ++-- idevice/src/services/crashreportcopymobile.rs | 4 ++-- idevice/src/services/heartbeat.rs | 4 ++-- idevice/src/services/house_arrest.rs | 4 ++-- idevice/src/services/installation_proxy.rs | 4 ++-- idevice/src/services/lockdown.rs | 4 ++-- idevice/src/services/misagent.rs | 5 ++--- idevice/src/services/mobile_image_mounter.rs | 4 ++-- idevice/src/services/os_trace_relay.rs | 4 ++-- idevice/src/services/springboardservices.rs | 5 ++--- idevice/src/services/syslog_relay.rs | 4 ++-- idevice/src/util.rs | 14 ++++++++++++++ justfile | 2 +- 18 files changed, 52 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5ce5386..015659c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1194,6 +1194,7 @@ dependencies = [ "json", "log", "ns-keyed-archive", + "obfstr", "plist", "rand 0.9.1", "reqwest", @@ -1680,6 +1681,12 @@ dependencies = [ "libc", ] +[[package]] +name = "obfstr" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0d354e9a302760d07e025701d40534f17dd1fe4c4db955b4e3bd2907c63bdee" + [[package]] name = "object" version = "0.36.7" diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index fef6311..b734372 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -29,6 +29,7 @@ misagent = ["idevice/misagent"] mobile_image_mounter = ["idevice/mobile_image_mounter"] location_simulation = ["idevice/location_simulation"] pair = ["idevice/pair"] +obfuscate = ["idevice/obfuscate"] rsd = ["idevice/rsd"] syslog_relay = ["idevice/syslog_relay"] tcp = ["idevice/tcp"] diff --git a/idevice/Cargo.toml b/idevice/Cargo.toml index 2ed49a2..5bdb66c 100644 --- a/idevice/Cargo.toml +++ b/idevice/Cargo.toml @@ -48,6 +48,8 @@ x509-cert = { version = "0.2", optional = true, features = [ "pem", ], default-features = false } +obfstr = { version = "0.4", optional = true } + [dev-dependencies] tokio = { version = "1.43", features = ["full"] } tun-rs = { version = "2.0.8", features = ["async_tokio"] } @@ -68,6 +70,7 @@ misagent = [] mobile_image_mounter = ["dep:sha2"] location_simulation = [] pair = ["chrono/default", "tokio/time", "dep:sha2", "dep:rsa", "dep:x509-cert"] +obfuscate = ["dep:obfstr"] rsd = ["xpc"] syslog_relay = ["dep:bytes"] tcp = ["tokio/net"] diff --git a/idevice/src/services/afc/mod.rs b/idevice/src/services/afc/mod.rs index 3882598..19d5e2e 100644 --- a/idevice/src/services/afc/mod.rs +++ b/idevice/src/services/afc/mod.rs @@ -11,7 +11,7 @@ use log::warn; use opcode::{AfcFopenMode, AfcOpcode}; use packet::{AfcPacket, AfcPacketHeader}; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; pub mod errors; pub mod file; @@ -62,7 +62,7 @@ pub struct DeviceInfo { impl IdeviceService for AfcClient { fn service_name() -> &'static str { - "com.apple.afc" + obf!("com.apple.afc") } /// Connects to the AFC service on the device diff --git a/idevice/src/services/amfi.rs b/idevice/src/services/amfi.rs index 2ada3c1..aa28176 100644 --- a/idevice/src/services/amfi.rs +++ b/idevice/src/services/amfi.rs @@ -2,7 +2,7 @@ use plist::Dictionary; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the AMFI service on the device pub struct AmfiClient { @@ -13,7 +13,7 @@ pub struct AmfiClient { impl IdeviceService for AmfiClient { /// Returns the amfi service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.amfi.lockdown" + obf!("com.apple.amfi.lockdown") } /// Establishes a connection to the amfi service diff --git a/idevice/src/services/core_device_proxy.rs b/idevice/src/services/core_device_proxy.rs index b9a6664..18ff69e 100644 --- a/idevice/src/services/core_device_proxy.rs +++ b/idevice/src/services/core_device_proxy.rs @@ -13,7 +13,7 @@ //! # Features //! - `tunnel_tcp_stack`: Enables software TCP/IP tunnel creation using a virtual adapter. See the tcp moduel. -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; use byteorder::{BigEndian, WriteBytesExt}; use serde::{Deserialize, Serialize}; @@ -94,7 +94,7 @@ pub struct CoreDeviceProxy { impl IdeviceService for CoreDeviceProxy { /// Returns the name of the service used for launching the CoreDeviceProxy. fn service_name() -> &'static str { - "com.apple.internal.devicecompute.CoreDeviceProxy" + obf!("com.apple.internal.devicecompute.CoreDeviceProxy") } /// Connects to the CoreDeviceProxy service diff --git a/idevice/src/services/crashreportcopymobile.rs b/idevice/src/services/crashreportcopymobile.rs index bcd4cd2..8a26949 100644 --- a/idevice/src/services/crashreportcopymobile.rs +++ b/idevice/src/services/crashreportcopymobile.rs @@ -9,7 +9,7 @@ use log::{debug, warn}; -use crate::{afc::AfcClient, lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{afc::AfcClient, lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for managing crash logs on an iOS device. /// @@ -23,7 +23,7 @@ pub struct CrashReportCopyMobileClient { impl IdeviceService for CrashReportCopyMobileClient { /// Returns the name of the CrashReportCopyMobile service. fn service_name() -> &'static str { - "com.apple.crashreportcopymobile" + obf!("com.apple.crashreportcopymobile") } /// Connects to the CrashReportCopyMobile service on the device. diff --git a/idevice/src/services/heartbeat.rs b/idevice/src/services/heartbeat.rs index 2fa6792..c94ae6b 100644 --- a/idevice/src/services/heartbeat.rs +++ b/idevice/src/services/heartbeat.rs @@ -3,7 +3,7 @@ //! iOS automatically closes service connections if there is no heartbeat client connected and //! responding. -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS device heartbeat service /// @@ -20,7 +20,7 @@ pub struct HeartbeatClient { impl IdeviceService for HeartbeatClient { /// Returns the heartbeat service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.mobile.heartbeat" + obf!("com.apple.mobile.heartbeat") } /// Establishes a connection to the heartbeat service diff --git a/idevice/src/services/house_arrest.rs b/idevice/src/services/house_arrest.rs index ab1cc15..1c7cf51 100644 --- a/idevice/src/services/house_arrest.rs +++ b/idevice/src/services/house_arrest.rs @@ -6,7 +6,7 @@ use plist::{Dictionary, Value}; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; use super::afc::AfcClient; @@ -22,7 +22,7 @@ pub struct HouseArrestClient { impl IdeviceService for HouseArrestClient { /// Returns the name of the HouseArrest service as registered with lockdownd fn service_name() -> &'static str { - "com.apple.mobile.house_arrest" + obf!("com.apple.mobile.house_arrest") } /// Establishes a connection to the HouseArrest service diff --git a/idevice/src/services/installation_proxy.rs b/idevice/src/services/installation_proxy.rs index e2f2d14..4061d65 100644 --- a/idevice/src/services/installation_proxy.rs +++ b/idevice/src/services/installation_proxy.rs @@ -8,7 +8,7 @@ use std::collections::HashMap; use log::warn; use plist::Dictionary; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS installation proxy service /// @@ -22,7 +22,7 @@ pub struct InstallationProxyClient { impl IdeviceService for InstallationProxyClient { /// Returns the installation proxy service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.mobile.installation_proxy" + obf!("com.apple.mobile.installation_proxy") } /// Establishes a connection to the installation proxy service diff --git a/idevice/src/services/lockdown.rs b/idevice/src/services/lockdown.rs index f25686a..ad7e847 100644 --- a/idevice/src/services/lockdown.rs +++ b/idevice/src/services/lockdown.rs @@ -7,7 +7,7 @@ use log::error; use plist::Value; use serde::{Deserialize, Serialize}; -use crate::{pairing_file, Idevice, IdeviceError, IdeviceService}; +use crate::{obf, pairing_file, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS lockdown service /// @@ -23,7 +23,7 @@ pub struct LockdownClient { impl IdeviceService for LockdownClient { /// Returns the lockdown service name as registered with the device fn service_name() -> &'static str { - "com.apple.mobile.lockdown" + obf!("com.apple.mobile.lockdown") } /// Establishes a connection to the lockdown service diff --git a/idevice/src/services/misagent.rs b/idevice/src/services/misagent.rs index b6a2e04..be2e093 100644 --- a/idevice/src/services/misagent.rs +++ b/idevice/src/services/misagent.rs @@ -6,7 +6,7 @@ use log::warn; use plist::Dictionary; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS misagent service /// @@ -22,7 +22,7 @@ pub struct MisagentClient { impl IdeviceService for MisagentClient { /// Returns the misagent service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.misagent" + obf!("com.apple.misagent") } /// Establishes a connection to the misagent service @@ -219,4 +219,3 @@ impl MisagentClient { } } } - diff --git a/idevice/src/services/mobile_image_mounter.rs b/idevice/src/services/mobile_image_mounter.rs index 57fc6f1..0430204 100644 --- a/idevice/src/services/mobile_image_mounter.rs +++ b/idevice/src/services/mobile_image_mounter.rs @@ -9,7 +9,7 @@ use log::debug; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; use sha2::{Digest, Sha384}; #[cfg(feature = "tss")] @@ -30,7 +30,7 @@ pub struct ImageMounter { impl IdeviceService for ImageMounter { /// Returns the image mounter service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.mobile.mobile_image_mounter" + obf!("com.apple.mobile.mobile_image_mounter") } /// Establishes a connection to the image mounter service diff --git a/idevice/src/services/os_trace_relay.rs b/idevice/src/services/os_trace_relay.rs index 4d9c990..16819a4 100644 --- a/idevice/src/services/os_trace_relay.rs +++ b/idevice/src/services/os_trace_relay.rs @@ -7,7 +7,7 @@ use chrono::{DateTime, NaiveDateTime}; use plist::Dictionary; use tokio::io::AsyncWriteExt; -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS device OsTraceRelay service pub struct OsTraceRelayClient { @@ -18,7 +18,7 @@ pub struct OsTraceRelayClient { impl IdeviceService for OsTraceRelayClient { /// Returns the OsTraceRelay service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.os_trace_relay" + obf!("com.apple.os_trace_relay") } /// Establishes a connection to the OsTraceRelay service diff --git a/idevice/src/services/springboardservices.rs b/idevice/src/services/springboardservices.rs index cb8dd92..3fd4f45 100644 --- a/idevice/src/services/springboardservices.rs +++ b/idevice/src/services/springboardservices.rs @@ -3,7 +3,7 @@ //! Provides functionality for interacting with the SpringBoard services on iOS devices, //! which manages home screen and app icon related operations. -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS SpringBoard services /// @@ -17,7 +17,7 @@ pub struct SpringBoardServicesClient { impl IdeviceService for SpringBoardServicesClient { /// Returns the SpringBoard services name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.springboardservices" + obf!("com.apple.springboardservices") } /// Establishes a connection to the SpringBoard services @@ -104,4 +104,3 @@ impl SpringBoardServicesClient { } } } - diff --git a/idevice/src/services/syslog_relay.rs b/idevice/src/services/syslog_relay.rs index 461d81a..a4ac3c0 100644 --- a/idevice/src/services/syslog_relay.rs +++ b/idevice/src/services/syslog_relay.rs @@ -1,6 +1,6 @@ //! iOS Device SyslogRelay Service Abstraction -use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService}; +use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService}; /// Client for interacting with the iOS device SyslogRelay service pub struct SyslogRelayClient { @@ -11,7 +11,7 @@ pub struct SyslogRelayClient { impl IdeviceService for SyslogRelayClient { /// Returns the SyslogRelay service name as registered with lockdownd fn service_name() -> &'static str { - "com.apple.syslog_relay" + obf!("com.apple.syslog_relay") } /// Establishes a connection to the SyslogRelay service diff --git a/idevice/src/util.rs b/idevice/src/util.rs index 803352a..39b0a2d 100644 --- a/idevice/src/util.rs +++ b/idevice/src/util.rs @@ -126,3 +126,17 @@ fn print_plist(p: &Value, indentation: usize) -> String { _ => "Unknown".to_string(), } } + +#[macro_export] +macro_rules! obf { + ($lit:literal) => {{ + #[cfg(feature = "obfuscate")] + { + obfstr::xref!($lit) + } + #[cfg(not(feature = "obfuscate"))] + { + $lit + } + }}; +} diff --git a/justfile b/justfile index 04b0b18..4b13461 100644 --- a/justfile +++ b/justfile @@ -28,7 +28,7 @@ xcframework: apple-build apple-build: # requires a Mac # iOS device build BINDGEN_EXTRA_CLANG_ARGS="--sysroot=$(xcrun --sdk iphoneos --show-sdk-path)" \ - cargo build --release --target aarch64-apple-ios + cargo build --release --target aarch64-apple-ios --feature obfuscate # iOS Simulator (arm64) BINDGEN_EXTRA_CLANG_ARGS="--sysroot=$(xcrun --sdk iphonesimulator --show-sdk-path)" \