Compiling lsof for iOS device on Mac OSX
I started making a small research on my jailbroken iOS device and I was wondering which files does a specific process touches while I was using it.
In order to do so, I wanted to use the famous lsof, so I downloaded the package from saurik's packages using Cydia, only to find out that the given lsof is not working on my device:
lsof: PID 40 information error: Cannot allocate memory
lsof: PID 39 information error: Cannot allocate memory
lsof: PID 38 information error: Cannot allocate memory
lsof: PID 37 information error: Cannot allocate memory
lsof: PID 36 information error: Cannot allocate memory
lsof: PID 35 information error: Cannot allocate memory
lsof: PID 33 information error: Cannot allocate memory
lsof: PID 31 information error: Cannot allocate memory After trying to figure it out, I decided that it would be the best to just try compiling my own lsof and use it on the device (I also liked the challenge :-) )
So my journey begins with downloading lsof from Apple's site:
http://opensource.apple.com/tarballs/lsof/lsof-53.tar.gz
(tarballs can be found here: http://opensource.apple.com/tarballs/ while sources can be found here: https://opensource.apple.com/source/lsof/ )
$ wget http://opensource.apple.com/tarballs/lsof/lsof-53.tar.gz
$ tar zvxf lsof-53.tar.gz
Inside the lsof directory, I ran the configure script:
$ ./Configure darwin
I tried several ways to compile the executable for my iPhone, and while doing so I got several errors.
Using Gregory Pakosz post from here, running:
make CC="$(xcrun --sdk iphoneos --find clang) -isysroot $(xcrun --sdk iphoneos --show-sdk-path) -arch armv7 -arch armv7s -arch arm64"
Gave me a list of errors of missing headers, for example:
In file included from usage.c:39:
In file included from ./lsof.h:195:
./dlsof.h:56:10: fatal error: 'netinet/tcp_fsm.h' file not found
#include <netinet/tcp_fsm.h>
^
1 error generated.
make: *** [usage.o] Error 1
What I did, following this answer was to create my own copy of the SDK headers' folder, adding the missing headers from /usr/include:
netinet/tcp_fsm.h
rpc/pmap_prot.h
libproc.h
sys/proc_info.h
sys/kern_control.h
net/route.h
I also looked at emonti's missing_headers folder from here to make sure I am on the right track.
Trying to build it again gave me the following linking error:
ld: library not found for -lcrt1.3.1.o
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Then, I found this SO post that used the -miphoneos-version-min flag, so I added the flag:
$ make CC="$(xcrun --sdk iphoneos --find clang) -isysroot /Users/talkain/tmp/sdk -arch armv7 -arch armv7s -arch arm64 -miphoneos-version-min=8.1"
Which successfully created the executable.
$ otool -L lsof
lsof (architecture armv7):
/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
lsof (architecture armv7s):
/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
lsof (architecture arm64): /usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.0.0)
$ file lsof
lsof: Mach-O universal binary with 3 architectures
lsof (for architecture armv7): Mach-O executable arm
lsof (for architecture armv7s): Mach-O executable arm
lsof (for architecture arm64): Mach-O 64-bit executable
Trying to run it on the phone - SUCCESS! The binary was successfully compiled on my OSX for the iOS 8.1 which I was using (Note that the bare minimum I managed to compile it with no errors was to iOS 6.0) and I managed to get the output I was looking for.
That was fun.
Credits goes to:
webie for his Q&A: http://stackoverflow.com/a/10118021/132847
Gregory Pakosz for his great post: https://coderwall.com/p/heonhw/compiling-for-ios-outside-of-xcode-with-xcrun
CRDave for his answer: http://stackoverflow.com/a/21422550/132847
https://github.com/emonti/iOS_app_re_tools/tree/master/missing_headers
Till next time,
Tal Kain