I started making a small research on my jailbroken iOS device and I was wondering which files does a specific process touches while I was using it.
In order to do so, I wanted to use the famous lsof, so I downloaded the package from saurik's packages using Cydia, only to find out that the given lsof is not working on my device:
After trying to figure it out, I decided that it would be the best to just try compiling my own lsof and use it on the device (I also liked the challenge :-) )
lsof: PID 40 information error: Cannot allocate memory
lsof: PID 39 information error: Cannot allocate memory
lsof: PID 38 information error: Cannot allocate memory
lsof: PID 37 information error: Cannot allocate memory
lsof: PID 36 information error: Cannot allocate memory
lsof: PID 35 information error: Cannot allocate memory
lsof: PID 33 information error: Cannot allocate memory
lsof: PID 31 information error: Cannot allocate memory
So my journey begins with downloading lsof from Apple's site:
http://opensource.apple.com/tarballs/lsof/lsof-53.tar.gz
(tarballs can be found here: http://opensource.apple.com/tarballs/ while sources can be found here: https://opensource.apple.com/source/lsof/ )
$ wget http://opensource.apple.com/tarballs/lsof/lsof-53.tar.gz
$ tar zvxf lsof-53.tar.gz
Inside the lsof directory, I ran the configure script:
$ ./Configure darwin
I tried several ways to compile the executable for my iPhone, and while doing so I got several errors.
Using Gregory Pakosz post from here, running:
make CC="$(xcrun --sdk iphoneos --find clang) -isysroot $(xcrun --sdk iphoneos --show-sdk-path) -arch armv7 -arch armv7s -arch arm64"
Gave me a list of errors of missing headers, for example:
In file included from usage.c:39:
In file included from ./lsof.h:195:
./dlsof.h:56:10: fatal error: 'netinet/tcp_fsm.h' file not found
#include <netinet/tcp_fsm.h>
^
1 error generated.
make: *** [usage.o] Error 1
What I did, following this answer was to create my own copy of the SDK headers' folder, adding the missing headers from /usr/include:
- netinet/tcp_fsm.h
- rpc/pmap_prot.h
- libproc.h
- sys/proc_info.h
- sys/kern_control.h
- net/route.h
I also looked at emonti's missing_headers folder from here to make sure I am on the right track.
Trying to build it again gave me the following linking error:
ld: library not found for -lcrt1.3.1.o
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Then, I found this SO post that used the -miphoneos-version-min flag, so I added the flag:
$ make CC="$(xcrun --sdk iphoneos --find clang) -isysroot /Users/talkain/tmp/sdk -arch armv7 -arch armv7s -arch arm64 -miphoneos-version-min=8.1"
Which successfully created the executable.
$ otool -L lsof
lsof (architecture armv7):
/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
lsof (architecture armv7s):
/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
lsof (architecture arm64): /usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
$ file lsof
lsof: Mach-O universal binary with 3 architectures
lsof (for architecture armv7): Mach-O executable arm
lsof (for architecture armv7s): Mach-O executable arm
lsof (for architecture arm64): Mach-O 64-bit executable
Trying to run it on the phone - SUCCESS! The binary was successfully compiled on my OSX for the iOS 8.1 which I was using (Note that the bare minimum I managed to compile it with no errors was to iOS 6.0) and I managed to get the output I was looking for.
That was fun.
Credits goes to:
- webie for his Q&A: http://stackoverflow.com/a/10118021/132847
- Gregory Pakosz for his great post: https://coderwall.com/p/heonhw/compiling-for-ios-outside-of-xcode-with-xcrun
- CRDave for his answer: http://stackoverflow.com/a/21422550/132847
- http://stackoverflow.com/a/6719314/132847
- https://github.com/emonti/iOS_app_re_tools/tree/master/missing_headers
- HaneTV for http://stackoverflow.com/q/15475302/132847
Till next time,
Tal Kain
Thanks for your tutorial !
ReplyDeleteI had follow this tutorial to compilie lsof , but some error occured !
```
dchannel.c:78:16: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_MONITOR'
if ((flags & (PROC_CHANNEL_FLAGS_MONITOR)) != 0) {
^
dchannel.c:80:17: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_MONITOR'
if ((flags & (PROC_CHANNEL_FLAGS_MONITOR))
^
dchannel.c:81:10: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_MONITOR'
== PROC_CHANNEL_FLAGS_MONITOR) {
^
dchannel.c:83:23: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_MONITOR_TX'
} else if ((flags & PROC_CHANNEL_FLAGS_MONITOR_TX) != 0) {
^
dchannel.c:88:16: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_MONITOR_NO_COPY'
if ((flags & PROC_CHANNEL_FLAGS_MONITOR_NO_COPY) != 0) {
^
dchannel.c:104:15: error: use of undeclared identifier 'PROC_CHANNEL_FLAGS_EXCLUSIVE'
if ((flags & PROC_CHANNEL_FLAGS_EXCLUSIVE) != 0) {
^
dchannel.c:125:24: error: variable has incomplete type 'struct channel_fdinfo'
struct channel_fdinfo ci;
^
dchannel.c:125:9: note: forward declaration of 'struct channel_fdinfo'
struct channel_fdinfo ci;
^
dchannel.c:133:31: error: use of undeclared identifier 'PROC_PIDFDCHANNELINFO'
nb = proc_pidfdinfo(pid, fd, PROC_PIDFDCHANNELINFO, &ci, sizeof(ci));
^
8 errors generated.
make: *** [dchannel.o] Error 1
```
I had search on google for any info of these enums, but I got nothing but the source code of [dchannel.c](https://opensource.apple.com/source/lsof/lsof-60/lsof/dialects/darwin/libproc/dchannel.c) .
Could you help me?
My email is hnjyzqq@gmail.com .
Thank you!