4

Is it possible to get list of SSID's of networks around by using private API on iOS 7 Jailbroken device?

I know about MobileWiFi.framework that manages WiFi functionality on iOS. (It replaces the obsolete Apple80211 framework.)

Here is 4 years old answer how to use it: Accessing & Using the MobileWiFi.framework

I tried to use these methods on iOS 7, but have no luck.

In one of the comments of author of this solution I receive this answer:

scanNetworks fails because that code is now 4 years old. As I describe in my answer, you have to use a new framework to get the equivalent functionality (and you have had to since at least iOS 5). If you are trying to do this with iOS 7, I would recommend posting a new question.

p.s.

It's not a duplicate of Get SSID's in range iOS 7 . I ask about Jailbreak method of these functionality.

UPD:

There is working code in the link above and in the creker's answer too. But it's needed to pass the sandbox restrictions. So, the right question is: Is there a way to do that with regular iOS app?

Community
  • 1
  • 1
skywinder
  • 21,291
  • 15
  • 93
  • 123

1 Answers1

1

Here is what I use on iOS5-7

void* library = dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration", RTLD_LAZY);

int (*apple80211Open)(void*) = (int(*)(void*))dlsym(library, "Apple80211Open");
int (*apple80211Bind)(void*, NSString*) = (int(*)(void*, NSString*))dlsym(library, "Apple80211BindToInterface");
int (*apple80211Close)(void*) = (int(*)(void*))dlsym(library, "Apple80211Close");
int (*apple80211Scan)(void*, NSArray**, void*) = (int(*)(void*, NSArray**, void*))dlsym(library, "Apple80211Scan");

void *airport = NULL;
apple80211Open(&airport);
apple80211Bind(airport, @"en0");

NSArray* networks = nil;
apple80211Scan(airport, &networks, [NSDictionary dictionary]);

//"networks" is an array of NSDictionary objects for all the visible Wi-Fi networks

apple80211Close(airport);
dlclose(library);

IPConfiguration is not a fat binary. It contains only one architecture matching the device. Thus if you're planning on supporting arm64 devices you have to compile your code for arm64 also - 32-bit applications can't load 64-bit dylibs. armv7 and arm64 are enough for all modern devices.

UPDATE

Unfortunatelly this code doesn't work in regular iOS apps even on jailbroken device. Jailbreak doesn't turn off the sandbox which is the reason the code doesn't work. For this code to work you need to place your application outside /var/mobile/Applications directory where sandbox restrictions aren't applied. It could be a daemon, a tweak or a GUI application inside /Applications directory. Applications inside that directory doesn't have any restrictions by default and can access any private API.

creker
  • 9,400
  • 1
  • 30
  • 47
  • seems very similar with code that I used before. I set breakpoint after `apple80211Scan(airport, &networks, [NSDictionary dictionary]);` , but `networks` always still `nil`. What can cause this? (Running on iPhone 5, iOS 7, wifi enabled). – skywinder Jun 20 '14 at 11:59
  • 1
    Just tested it in a regular iOS app - doesn't work because of the sandbox. You can see it in the console - it says "deny system-socket". The code works outside the sandbox - I use it in a daemon. If you're asking how you can do that with regular iOS app then you need to clarify that in the question. Jailbreak doesn't mean you can do anything you want - sandbox rules are still there. And that's why the code doesn't work. – creker Jun 20 '14 at 13:25
  • Ok, thanks. I'm beginner in jailbreak development, so don't know this details before. Are you mean, that I should use some thing like `THEOS` instead Xcode to build my app and use this code? – skywinder Jun 20 '14 at 14:11
  • 1
    Well, not instead - you could still use Xcode. Take a look at http://www.iosopendev.com/ . It could be anything - tweak, daemon or even a GUI application but inside `/Applications` directory (applications in that directory dont't have any sandbox restrictions by default). – creker Jun 20 '14 at 14:53
  • Ok. Thanks, now will try to do that. So, what did you mean "inside `/Applications` directory applications don't have any sandbox restrictions by default". It seems that all applications places in `/Applications` directory by default. – skywinder Jun 20 '14 at 16:03
  • 1
    There are two directories for applications in iOS. `/var/mobile/Applications` - that's where all AppStore applications are. They are sandboxed by default. And there is `/Applications`- that's where all system apps are. There are no restrictions for them. No sandbox, root privileges, do whatever you want. If you're building GUI application then it needs to be in that `/Applications` directory for the code to work. Therea re many APIs that don't work inside the sandbox. – creker Jun 20 '14 at 17:25
  • I recently posted an answer about various iOS security features http://stackoverflow.com/questions/24056543/ios-user-permissions It may answer some of your questions – creker Jun 20 '14 at 17:35