This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
fuss:ios [2015/07/07 17:40] – office | fuss:ios [2022/08/22 11:16] (current) – [Stealing the Phone] office | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Disable Application Updates ====== | ||
+ | |||
+ | To prevent being spammed and nagged by application updates that you do not want: | ||
+ | |||
+ | - SSH to your device, as in open a Terminal and type: ssh root@IP_OF_IDEVICE and enter your password. If you have not set a password yet, the default password will be '' | ||
+ | - Perform the following commands to find the application directory for which you want to remove update notifications: | ||
+ | |||
+ | <code bash> | ||
+ | cd / | ||
+ | </ | ||
+ | |||
+ | where '' | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | mv iTunesMetadata.plist iTunesMetadata.plist.null | ||
+ | </ | ||
+ | |||
+ | Done. You will not receive any more updates from AppStore for that application. To start receiving update notifications, | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | mv iTunesMetadata.plist.null iTunesMetadata.plist | ||
+ | </ | ||
+ | |||
+ | ====== Disable Multitasking ====== | ||
+ | <WRAP important> | ||
+ | Confirmed working perfectly with iOS 4.2.1 but does not work with iOS 5.1.1. For the latest firmware versions, feel free to use a Cydia application that acheives the same effect. | ||
+ | </ | ||
+ | |||
+ | If Apple trapped you on an iPad1, so that upgrading to their newest operating system 5.x makes you run out of RAM and you are also aware that you will be unable to update to iOS6, then you may want to consider turning off multitasking on iOS4 in order to speed it up to something useful. This will also get rid of crashes when switching applications on iOS 4.2.1. | ||
+ | |||
+ | Even if you leave the multitasking turned on, your applications are not running concurrently (perhaps for a few seconds before the scheduler considers them stale) and that is probably one of the reasons why applications such as Backgrounder were created in order to add multitasking. From that point of view, except the quick-switch on the bottom bar, which you could replace if you gather your applications tidily in folders, there is no reason for having the redundant switchboard. All applications that are meant to notify you of events are sending you push notifications regardless whether they are " | ||
+ | ===== Nitro ===== | ||
+ | |||
+ | Multitasking in iOS is not really what you would expect. If you look at your switchboard (the one under the dock which you bring up by double pressing the home button, or with gestures in iO4.3), those applications are NOT really running. Apple introduced something called " | ||
+ | |||
+ | In practice however, Nitro does not offer performance, | ||
+ | |||
+ | |||
+ | ==== Disable Multitasking for iOS4 ==== | ||
+ | |||
+ | * You need to OpenSSH installed and nano from Cydia in order to log on to your device and edit files. | ||
+ | * '' | ||
+ | |||
+ | <code bash> | ||
+ | find . -regextype egrep -regex ' | ||
+ | </ | ||
+ | |||
+ | it should show you a file that would look like: | ||
+ | |||
+ | <code bash> | ||
+ | ./ | ||
+ | </ | ||
+ | |||
+ | but with different letters. Open that file using '' | ||
+ | |||
+ | <code bash> | ||
+ | nano / | ||
+ | </ | ||
+ | |||
+ | and change the lines: | ||
+ | |||
+ | <code xml> | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | to | ||
+ | |||
+ | <code xml> | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | in order to disable multitasking. After that, restart your device and your switchboard will be gone. | ||
+ | |||
+ | ====== Veency with OSX ScreenSharing ====== | ||
+ | |||
+ | You can access your iDevice using the OSX ScreenSharing client by: | ||
+ | |||
+ | * Setting a Veency password. | ||
+ | * Configuring the ScreenSharing client: | ||
+ | |||
+ | {{ ios_screensharing.png |ScreenSharing settings to access iDevice}} | ||
+ | |||
+ | Other settings are possible as well. The most important point is to set a password for Veency in order to be able to connect. | ||
+ | |||
+ | ====== Refreshing Camera Roll Photos ====== | ||
+ | |||
+ | All camera photos are available at: | ||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | If you have Samba installed from Cydia, you can create a share that points directly to that folder. However they will not show up immediately in the Photos applications. You will need to wipe the cache using: | ||
+ | |||
+ | <code bash> | ||
+ | rm -rf / | ||
+ | </ | ||
+ | |||
+ | after which Photos.app should reload all the photos stored in the camera roll. | ||
+ | |||
+ | ====== Using plutil ====== | ||
+ | |||
+ | Suppose we have the following start of a plist xml file called '' | ||
+ | <code xml> | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | </ | ||
+ | |||
+ | And we want to obtain the '' | ||
+ | |||
+ | <code bash> | ||
+ | plutil -key NetworkServices -key 0D1E9088-E273-11E1-91DB-7BC308E606D8 -key IPSec -key AuthenticationMethod preferences.plist | ||
+ | </ | ||
+ | |||
+ | Output: | ||
+ | < | ||
+ | SharedSecret | ||
+ | </ | ||
+ | |||
+ | We can also set the key value by adding the '' | ||
+ | <code bash> | ||
+ | plutil -key NetworkServices -key 0D1E9088-E273-11E1-91DB-7BC308E606D8 -key IPSec -key AuthenticationMethod -value NoMethod preferences.plist | ||
+ | </ | ||
+ | |||
+ | ====== Status Bar Icons ====== | ||
+ | |||
+ | Status bar icons are composed of two images, a small and a large image. The '' | ||
+ | |||
+ | '' | ||
+ | < | ||
+ | PNG image, 14 x 20, 8-bit/color RGBA, non-interlaced | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | < | ||
+ | PNG image, 27 x 40, 8-bit/color RGBA, non-interlaced | ||
+ | </ | ||
+ | |||
+ | ====== Starting and Stopping Samba ====== | ||
+ | |||
+ | The usual way to install Samba on iOS is to get both the '' | ||
+ | |||
+ | ===== smbd ===== | ||
+ | |||
+ | <file xml org.samba.smbd.plist> | ||
+ | <?xml version=" | ||
+ | < | ||
+ | <plist version=" | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== nmbd ===== | ||
+ | |||
+ | <file xml org.samba.nmbd.plist> | ||
+ | <?xml version=" | ||
+ | < | ||
+ | <plist version=" | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Registering Services with mDNS ====== | ||
+ | |||
+ | Services such as '' | ||
+ | |||
+ | For example, if we want to register samba so that the device shows up in the local browse lists, we add a '' | ||
+ | |||
+ | <file xml org.grimore.smb.dns-sd.plist> | ||
+ | <?xml version=" | ||
+ | < | ||
+ | <plist version=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Error 9 ====== | ||
+ | |||
+ | Error 9 is a code-signing error that you may get if the binaries for a certain package have not been signed. The common symptom is that the binary just bails out with Error 9. In order to fix this one can use saurik' | ||
+ | |||
+ | < | ||
+ | ldid -S / | ||
+ | </ | ||
+ | |||
+ | ====== Recursive Sign and Exec (iosign) ====== | ||
+ | |||
+ | The following tool can be used to recursively sign binaries and turn the exec bit on bash scripts: | ||
+ | |||
+ | <file bash iosign> | ||
+ | #!/bin/bash | ||
+ | ########################################################################### | ||
+ | ## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## | ||
+ | ## Please see: http:// | ||
+ | ## rights of fair usage, the disclaimer and warranty conditions. | ||
+ | ########################################################################### | ||
+ | |||
+ | SILENT=0 | ||
+ | if [[ $1 == " | ||
+ | SILENT=1 | ||
+ | fi | ||
+ | |||
+ | for i in `find . -type f`; do | ||
+ | |||
+ | FT=`file -b $i | awk '{ print $1 }'` | ||
+ | case $FT in | ||
+ | Mach-O ) | ||
+ | EXE=`file -b $i | awk '{ print $2 }'` | ||
+ | if [[ $EXE == " | ||
+ | OP=" | ||
+ | sed -i'' | ||
+ | ldid -S $i | ||
+ | fi | ||
+ | ;; | ||
+ | Korn ) | ||
+ | ;& | ||
+ | Bourne ) | ||
+ | OP=" | ||
+ | chmod +x $i | ||
+ | ;; | ||
+ | * ) | ||
+ | OP="" | ||
+ | ;; | ||
+ | esac | ||
+ | if ( [[ $SILENT -eq 0 ]] && [[ ! -z $OP ]] ); then | ||
+ | echo -n $OP | ||
+ | echo $i | ||
+ | fi | ||
+ | done | ||
+ | |||
+ | </ | ||
+ | ====== Offline Maps ====== | ||
+ | |||
+ | We can add a trigger to the ''/ | ||
+ | |||
+ | <code sql> | ||
+ | CREATE TRIGGER prevent_delete BEFORE DELETE ON images BEGIN SELECT raise(IGNORE); | ||
+ | </ | ||
+ | |||
+ | which will prevent the Maps application from deleting the map tiles. | ||
+ | |||
+ | ====== Get Free Memory ====== | ||
+ | |||
+ | <code bash> | ||
+ | echo -e " | ||
+ | </ | ||
+ | |||
+ | ====== Enable Multitask Gestures on iOS 4.x ====== | ||
+ | |||
+ | Edit '' | ||
+ | <code xml> | ||
+ | < | ||
+ | <true /> | ||
+ | </ | ||
+ | |||
+ | Then copy the ''/ | ||
+ | <code bash> | ||
+ | plutil -convert xml1 com.apple.springboard.plist | ||
+ | </ | ||
+ | |||
+ | Now edit '' | ||
+ | <code bash> | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | after: | ||
+ | <code xml> | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | and convert the plist back to binary format: | ||
+ | <code bash> | ||
+ | plutil -convert binary1 com.apple.springboard.plist | ||
+ | </ | ||
+ | |||
+ | Now copy the plist to your device and replace it with the old one: | ||
+ | <code bash> | ||
+ | scp com.apple.springboard.plist root@DEVICE_IP:/ | ||
+ | </ | ||
+ | where '' | ||
+ | |||
+ | After a respring your can open an app and try a four finger pinch. If the app closes, the gestures are enabled. | ||
+ | |||
+ | ====== Downgrade to iOS 4.2.x ====== | ||
+ | |||
+ | It seems that: | ||
+ | < | ||
+ | 16fc33fee028cf71b7fd127d9fbc72b071358ab1 | ||
+ | </ | ||
+ | is best suited for downgrades to 4.2.1. The hash should or may not perfectly match but sn0wbreeze v2 at 1.9.1 should do the trick. | ||
+ | |||
+ | The latest version seems to make iTunes attempt to upgrade the baseband, at which point the downgrade fails with error 1105. | ||
+ | |||
+ | ====== Setting SOCKS Proxy ====== | ||
+ | |||
+ | Setting a SOCKS proxy for iOS can be done conveniently if the device is jailbroken. In the example screenshot below: | ||
+ | |||
+ | {{fuss_ios_socksproxy.png}} | ||
+ | |||
+ | the Wifi connection will load the ''/ | ||
+ | |||
+ | ====== Illegal Instruction 4 ====== | ||
+ | |||
+ | Some old '' | ||
+ | |||
+ | In order to avoid that, run the following command to patch the binaries before signing: | ||
+ | <code bash> | ||
+ | sed -i'' | ||
+ | </ | ||
+ | |||
+ | ====== Exploiting the iPhone 13 without Unlocking via Siri ====== | ||
+ | |||
+ | iOS at version '' | ||
+ | |||
+ | In order to activate Siri from the lock screen, the side button can be held down for three seconds. | ||
+ | |||
+ | Here is a list of potential attack vectors that have been discovered to be working on iOS at version '' | ||
+ | |||
+ | ===== Stealing the Phone ===== | ||
+ | |||
+ | Siri can be told: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | or, for short: | ||
+ | * '' | ||
+ | |||
+ | such that the "Find My Phone" iCloud application on Apple servers at '' | ||
+ | |||
+ | This would allow someone that intends to steal the phone, to effectively turn off any Internet location such that the phone cannot be tracked anymore. | ||
+ | |||
+ | ===== Changing Alarms and Muting Volume ===== | ||
+ | |||
+ | Siri can be told to set an alarm for a certain point in time, ie: | ||
+ | * '' | ||
+ | |||
+ | as well as changing the volume: | ||
+ | * '' | ||
+ | |||
+ | directly from the lock screen without having to unlock the phone. | ||
+ | |||
+ | Conversely: | ||
+ | * '' | ||
+ | |||
+ | such that any calls or appointments will be missed. | ||
+ | |||