go-ios icon indicating copy to clipboard operation
go-ios copied to clipboard

Published 20 hours ago verified publisher icon danielpaulus

Q: is it possible to communicate with ios services without usb mux?

Open chernyka opened this issue 1 year ago • 2 comments

Hi go-ios community!

I'm trying to communicate with ios services via tun interface instead of usbmuxd. It appears ios keeps lockdownd port(62078) open after enabling network access. It's then possible to connect lockdown via regular tcp, establish ssl connection and even start different services. Started via lockdown service is consequentially available on some another tcp port. However connection to this port gets interrupted by peer right after ssl handshake.

For instance, I tried employ installationproxy (com.apple.mobile.installation_proxy) this way on iOS 16.*. When lockdown starts installationproxy service, it responds in turn that ssl connection should be established to installationproxy. As I said, connection gets interrupted by installationproxy promptly after handshake. It's worth to mention that when I connect lockdown via usbmux and ask to start installationproxy, it doesn't require to setup ssl connection.

On the other hand, ssl connection with syslog (com.apple.syslog_relay) established this way seems to work properly and I was succeeded to read syslog via tcp socket.

Any thoughts on this issue? Does anyone have insight how lockdown talks to services on ios site and is it possible to sniff such traffic?

chernyka avatar Mar 29 '24 16:03 chernyka

For iOS 17 this should be possible. It's probably simpler than you're currently approaching it. If you go through the tunnel interface, you don't have to talk to lockdown at all. Remote Service Discovery (RSD) exposes all services that are available via lockdown and usbmuxd.

There is already an implementation available to see how that looks like (the syslog service for example https://github.com/danielpaulus/go-ios/blob/main/ios/syslog/syslog.go#L44). However, in go-ios we still talk to usbmuxd in the beginning to get a list of devices. So it still has to run even if we don't connect to the device over it

dmissmann avatar Apr 02 '24 12:04 dmissmann

Thanks! I've tried it on iOS17, nice that it doesn't require usbmux daemon even on linux systems. However when it comes to managing iOS device over network it seems iOS still requires host peer to be in the same wifi network when I try to connect via vpn network. When device and host both share vpn network and wifi network iOS allows connections tho. I don't understand how exactly iOS figures out if my host is on the same wifi. Sniffing multicast shows there are no mDNS requests from device when host tries to connect. vpn in case above is a custom vpn connection to my server using third party app like OpenVPN, and is not that tunnel that go-ios establishes for iOS17.* devices.

chernyka avatar Apr 08 '24 14:04 chernyka