iokit-utils icon indicating copy to clipboard operation
iokit-utils copied to clipboard
verified publisher icon Siguza

iOS / iPhoneOS 13 device capture

Open brandonros opened this issue 6 years ago • 1 comments

I'm doing some really unsupported/stupid stuff where I compiled libusb for Darwin in XCode for iPhoneOS. That works fine, but the hotplug / device resolution doesn't seem to detect devices (it returns nothing) as well as your code, which returns

[1;96mAppleT8030USBXHCI(AppleT8030USBXHCI):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleT8030USBXHCI</string>
</dict>
</plist>

[1;96mAppleUSB20XHCILightningPort(usb-drd-port-hs):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>device_type</key>
  <data>
  dXNiLWRyZC1wb3J0LWhzAA==
  </data>
  <key>name</key>
  <data>
  dXNiLWRyZC1wb3J0LWhzAA==
  </data>
</dict>
</plist>

[1;96mIOUSBHostDevice(USB2.0 HUB):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>9dc7b780-9ec0-11d4-a54f-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

[1;96mAppleUSB20Hub(AppleUSB20Hub):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleUSB20Hub</string>
</dict>
</plist>

[1;96mAppleUSB20HubPort(AppleUSB20HubPort):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

[1;96mAppleUSB20HubPort(AppleUSB20HubPort):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

[1;96mAppleUSB20HubPort(AppleUSB20HubPort):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

[1;96mAppleUSB20HubPort(AppleUSB20HubPort):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

[1;96mIOUSBHostDevice(canable gs_usb):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>9dc7b780-9ec0-11d4-a54f-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

[1;96mAppleUSBHostCompositeDevice(AppleUSBHostCompositeDevice):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOClass</key>
  <string>AppleUSBHostCompositeDevice</string>
</dict>
</plist>

[1;96mIOUSBHostInterface(IOUSBHostInterface):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

[1;96mIOUSBHostInterface(canble firmware upgrade interface):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

[1;96mIOUSBHostInterface(IOUSBHostInterface):[0m [1;92m(os/kern) successful[0m
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>IOCFPlugInTypes</key>
  <dict>
    <key>2d9786c6-9ef3-11d4-ad51-000a27052861</key>
    <string>IOUSBHostFamily.kext/PlugIns/IOUSBLib.bundle</string>
  </dict>
</dict>
</plist>

The USB interface is obviously detected by the iPhoneOS kernel. Could you throw up a small snippet on how somebody might, say,

  1. open the interface / claim it
  2. perform controlTransferOut / controlTransferIn against it
  3. perform transferIn / transferOut against endpoints from that interface

This would open a massive world in iOS/iPhoneOS development where USB device support isn't really documented but is actually secretly supported.

brandonros avatar Nov 17 '19 18:11 brandonros 

[1;96mClass                                                   Name                                                    Type Spawn                                UC   One   Two Equal[0m
AppleT8030TypeCPhy                                      AppleT8030TypeCPhy                                      [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleARMIODevice                                        usb-drd                                                 [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleT8030USBXHCI                                       AppleT8030USBXHCI                                       [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleUSB20XHCILightningPort                             usb-drd-port-hs                                         [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
IOUSBHostDevice                                         USB2.0 HUB                                              [1;95m   0[0m [1;93m(iokit/common) not permitted        [0m [1;94m  [0m     0     0      
AppleUSB20Hub                                           AppleUSB20Hub                                           [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                       [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                       [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                       [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
AppleUSB20HubPort                                       AppleUSB20HubPort                                       [1;95m   0[0m [1;93m(iokit/common) unsupported function [0m [1;94m  [0m     0     0      
IOUSBHostDevice                                         canable gs_usb                                          [1;95m   0[0m [1;93m(iokit/common) not permitted        [0m [1;94m  [0m     0     0

I think this means the functionality we need to do anything other than list the device is not supported/permitted but I'd be curious to hear your thoughts.

brandonros avatar Nov 17 '19 18:11 brandonros