1

I coded an iOKit fuzzer for iOS. Here is the code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <mach/mach.h>
#include <mach/vm_map.h>
#include <IOKit/IOKitLib.h>

int main()
{
  io_service_t service = IOServiceGetMatching(kIOMasterPortDefault, IOserviceMatching("IOUSBHIDDriver")); // change service each time
  if(!service)
  {
    return -1;
  }
  io_connect_t connect;
  kern_return_t kr = IOServiceOpen(service, mach_task_self(), 0, &connect);
  if(kr != kIOReturnSuccess)
  {
    return -1;
  }

  uint32_t selector =3;
  uint64_t input[0];
        input[0] = 0x44444444444;
  IOConnectCallMethod(connect, selector, input, 1, 0, 0, NULL, NULL, NULL, NULL);
  printf("Did it crash? No? Do it again! -Toxic\n");
}

I've been trying to compile this with GCC for a while now, but I get all kinds of errors. I'd like to know if anyone know exactly how to compile a command line tool for iOS. Thanks.

Hayden
  • 11
  • 1

2 Answers2

0

As far as I'm aware, there's no such thing as a command line tool for (non-jailbroken) iOS, although you can output to the log using NSLog from an App. Also, Apple's toolchain for iOS uses clang (llvm) although the 'gcc' command is typically aliased to clang. The easiest way to get a script is to create a test project in Xcode, build it and look at the build log. This shows you all the commands that were run with what arguments.

pmdj
  • 22,018
  • 3
  • 52
  • 103
  • Ah, sorry. Can't help you there, although I suspect you can still get most of the way there by inspecting Xcode's build steps. – pmdj Apr 01 '16 at 09:26
0

Idk have you found the solution or not but anyways. If you want to conpile with clang on device type: clang -framework IOKit your_app.c -isysroot /var/theos/sdks/iPhoneos_whatever_sdk_you_have -o output

And this should compile. On the mac same just without isysroot & /var...

And if you try in xcode make sure that the driver can run inside the sandbox and include iokit headers

:D

Tomi
  • 31
  • 1
  • 7