1

I want to intercept file read/write on iOS for providing transparent encryption/decryption functionality to some of my apps.

I know I can swizzle the various SDK methods for reading/writing files to do this, but that entails a LOT of hard work and is prone to error (I may miss swizzling some method, causing my application to crash/misbehave).

If there is some common syscall/function used by all these methods, then I'd rather swizzle it and save on some hard work + make it more foolproof. Is there any such common entry point?

PS: Acceptance into the app store is not a criteria here, since all these apps are for in-house enterprise deployment.

Thanks!

Karthik
  • 770
  • 1
  • 6
  • 12
  • You might look into the [built in data protection](https://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/AdvancedAppTricks/AdvancedAppTricks.html) features on iOS (scroll down a bit at that link) rather than reinventing the wheel. In an enterprise deployment you should be able to enforce a pass code requirement, which enables the built in encryption. – rickster Feb 17 '13 at 18:10
  • Er, missing the actual link... [here we go](https://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/AdvancedAppTricks/AdvancedAppTricks.html). – rickster Feb 17 '13 at 18:13

1 Answers1

3

For this, you'll need a jailbroken device.

There are the POSIX syscalls read and write which can be hijacked (here's how - not iOS-specific, but Darwin anyway...)

You can also use MobileSubstrate(http://iphonedevwiki.net/index.php/MobileSubstrate) to hook the read() and write() functions in the C standard libraty which is almost exclusively used for the implementation of many basic frameworks and methods (including that of CocoaTouch - Foundation, CoreFoundation, and in fact some of the C and C++ standard libraries as well, etc.) - so most likely you won't need to alter the syscalls directly. Example:

static size_t (*orig_write)(int fd, void *buf, size_t n);

size_t hijacked_write(int fd, void *buf, size_t n)
{
    // do something, then
    return orig_write(fd, buf, n);
}

// in some initialization:
MSHookFunction(write, hijacked_write, (void **)&original_write);
  • Thanks. PS: I don't need to be jailbroken to do this. I can write the swizzling code myself and use it in my app. I just can't submit it to the app store. – Karthik Aug 13 '12 at 07:28
  • @Karthik you **do** need to be JB'en. MSHookFunction requires kernel patches. –  Aug 13 '12 at 07:30
  • Sorry, just realized that we need to have a patched kernel since we need to do write our custom logic to a memory page which needs to be both writeable and executable; which the default kernel doesn't allow :( – Karthik Aug 13 '12 at 07:45