前言
MGCopyAnswer 是libMobileGestalt 中的一个函数
libMobileGestalt.dylib
libMobileGestalt is a library that can be used to get various system values such as the UDID, disk usage, device version and much more. It is comparable to liblockdown.dylib. See also lockdownd.
获取设备信息
声明
// extern CFStringRef MGCopyAnswer(CFStringRef key) WEAK_IMPORT_ATTRIBUTE;
- 执行
%ctor { NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; %init(); [[NSNotificationCenter defaultCenter] addObserverForName:UIApplicationDidFinishLaunchingNotification object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification *block) { CFStringRef uniqueIdentifier = MGCopyAnswer(CFSTR("UniqueDeviceID")); UIAlertView *av = [[UIAlertView alloc] initWithTitle:@"UDID" message:(NSString *)uniqueIdentifier delegate:nil cancelButtonTitle:@"OK" otherButtonTitles:nil]; if (uniqueIdentifier) CFRelease(uniqueIdentifier); [av show]; [av release]; }]; [pool drain]; }
Filter = {Bundles = ("com.apple.UIKit");Executables = ("MobileGestaltHelper");Mode = Any;};
例子
使用capstone进行MGCopyAnswer方法地址获取,使用MSHookFunction 进行hook的例子
One of the most abused API is MGCopyAnswer in libMobileGestalt, but directly hooking it will instantly crash the process with an invalid instruction.
Fortunately, we have Capstone Engine, which is a powerful disassembler based on LLVM’s MC to save the day.
See Also
Xcode.app-strings/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/usr/lib/libMobileGestalt.dylib/Users/devzkn/bin//knpost MGCopyAnswer_libMobileGestalt.dylib 硬件信息的获取和修改 -t MGCopy #原来""的参数,需要自己加上""
