CustomWatchFaceTest
CustomWatchFaceTest copied to clipboard
hamzasood
#import <NanoTimeKit/NanoTimeKit.h>
How can I import this file? I don't understand what you mean with import carousel into the dylib
I also can't find anything that would get a dylib called Carousel, and can't find the framework on my computer. Running El Capitan 6 and Watch OS 2 5
It's a from the private framework, NanoTimeKit. We need to find a private header dump from a watch device to even build this. I have no clue how make Carousel pick it up though. I've never done jailbreak dev, just regular.
@carbamide do you have any idea what Carousel even is? Maybe we can figure it out.
Seems like this is the dump we need? https://github.com/nickfrey/WatchOS-Headers/tree/master/Device/NanoTimeKit.framework
Thank's @matthijsotterloo, but I allready include this framework in my project but it doesn't compile.
Yes also tried that, it doesn't compile because it's missing NanoTimekit.h which is not included in this framework...
As stated above, NanoTimeKit is an internal framework running on the Watch. To get headers you can either class dump the binary, or simply write them yourself.
I do not know how he has gotten Carousel to load the dylib, however. That is something I would be very interested in hearing, purely to satiate my curiosity.
Carousel is the watchOS equivalent of SpringBoard. It's the app that displays the home screen, notification centre, glances, watch faces etc. I haven't open sourced how I got Carousel to load the dylib. This repo only contains the watch face code and what you'd need to hook once you've got code running in Carousel.
@hamzasood Would you be willing to share what vector/general starting point you're using to get Carousal to load dylibs? Fully understand you don't want to share all your goodies, though this is something that seems very interesting and I'd love to look into it for myself, though I'm not sure where to start.
@codyd51 I may have found at least a way to load the dylib on the simulator. At the moment I am trying to get the dylib to compile.
The NanoTimeKit.h file is pretty much just a file to import everything from the Framework. This can easily be done yourself.
@DJLectr0 I finally decompiled the Carousel headers and compiled the dylib.... would really appreciate your thoughts on loading it.
@DJLectr0 Hey, that's better than nothing! Mind divulging how you did that? Maybe we could go digging together and see what we can figure out :-)
@VedBoon Sure. Could you also share your xcodeproject with me where you got it to compile? (Best would be private because of the NDA)
I thought of loading in the Simulator like when you load tweaks in the ios sim (http://sharedinstance.net/2013/10/running-tweaks-in-simulator/) so editing the lanchdaemons of the sim sdk to include the Dylib injection like in the article just instead of springboard the carousel plist.
@DJLectr0 That post is sorely outdated and does not work on recent versions of the iOS sim. I cannot speak for the Watch sim as I have not tried it, but the current method for loading dylibs into the iOS sim is utilizing optool by @alexzielenski
@DJLectr0 Actually, I have. I totally forgot about this earlier, but @EthanArbuckle and I fooled around with loading some dylibs into the Watch sim's Prefs.app - nothing big, mind you; pushing dumb view controllers and changing color schemes. Neat, but it does not help the final goal of getting dylibs loaded onto an actual device.
@codyd51 Well its a start ;) We could try to load a custom firmware or with the new independent apps look if we can use some methods from some private Frameworks to get it to load the dylib. Another thought: If we can load dylibs we could theoretically change everything hookable in the system (e.g. Making whatsapp quick reply)
@codyd51 When I get home, I will try to load some simple dylibs in the Simulator and then look at how to get the watch OS 2 Firmware
(Addressing each sentence in order)
@DJLectr0 Loading a custom firmware isn't in the spirit of what we're trying to achieve IMHO. It's the argument of using Substrate over manually replacing binaries.
We can't use private frameworks while sandboxed.
Yes, that's kind of the whole idea regarding tweak development ;P
@codyd51 Yes I know, but if we could load a custom Firmware we could inject a dylib, which is what we are trying here. I know its really manual but it would be a nice start. Hamzasood is also in an internal testing mode. Maybe this allows him to load dylibs? I will also dig through the carousel headers, maybe there is something there.
@DJLectr0 @codyd51 Maybe I didn't unsderstand. But we can try to load dylib to carusel with lldb like this http://www.ifans.com/forums/threads/dylib-injection-with-iphone-simulator.109242/
@AlexeyBlezeko the problem is that we need to find a way to inject the dylib into carousel on an actual watch.
@AlexeyBelezeko Simple answer: no. The reason is twofold:
-
That would mean we need native code execution on the watch, which is the end goal in the first place
-
watchOS is just iOS 8.4 using Carousel as a launcher instead of SpringBoard. There is no working version of gdb on > iOS 8, so even if we had native code exec. we could not use gdb.
@codyd51 Not quite true. The DeveloperDiskImage for iOS and watchOS both have debugserver. But it can only attach to processes with the get-task-allow entitlement.