How can I monitor an application's API calls on a jailbroken iOS device?
Asked Answered
B

2

20

I am performing a review on an iOS application for which I do not have the source code. In order to gain more control over the environment, I am running the application on a jailbroken iPad.

I'd like to be able to monitor the API calls that the application is making...ideally I'd like to find something like Rohitab's MS Windows based API Monitor, but instead for iOS.

I have done some research and found a project by KennyTM called "Subjective-C" that seems that it may do what I need. I actually have been using a cycript script, along with the libsubjc.dylib available on the Google code site.

However, I have been unable to figure out how to correctly get it to start logging calls for an app. Here's the link to the cycript script, written by the author of Subjective-C (libsubjc). I pasted the script below as well.

/*

libsubjc.cy ... Use libsubjc in cycript.
Copyright (C) 2009  KennyTM~ <[email protected]>

[...GPL3...]
*/

dlopen("libsubjc.dylib", 10);
if (!dlfun) {
    function dlfun(fn, encoding, altname) { var f = new Functor(dlsym(RTLD_DEFAULT, fn), encoding); if (f) this[altname || fn] = f; return f; }
}

dlfun("SubjC_start", "v");
dlfun("SubjC_end", "v");

dlfun("SubjC_set_file", "v^{sFILE=}");
dlfun("SubjC_set_maximum_depth", "vI");
dlfun("SubjC_set_print_arguments", "vB");
dlfun("SubjC_set_print_return_value", "vB");
dlfun("SubjC_set_print_timestamp", "vB");

SubjC_Deny = 0, SubjC_Allow = 1;

dlfun("SubjC_clear_filters", "v");
dlfun("SubjC_filter_method", "vi#:");
dlfun("SubjC_filter_class", "vi#");
dlfun("SubjC_filter_selector", "vi:");
dlfun("SubjC_default_filter_type", "vi");
dlfun("SubjC_filter_class_prefixes", "viI^*");
dlfun("SubjC_filter_class_prefix", "vi*");

dlfun("fopen", "^{sFILE=}**");
dlfun("fclose", "i^{sFILE=}");

I have been able to load the libsubjc cycript script, and call the SubjC_start function. However, how do I specify an input filehandle for the line starting with dlfun("SubjC_set_file", "v^{sFILE=}");

Has anyone successfully used the "libsubjc.cy" cycript script with the Subjective-C library (libsubjc.dylib) to monitor an app's API calls?

UPDATE

This is at least generating the output file, but I don't see any information populated within the output file (/tmp/test.txt).

cycript -p SpringBoard libsubjc.cy; cycript -p SpringBoard
f = fopen("/tmp/test.txt", "w");

SubjC_set_file(f);
SubjC_set_maximum_depth(15);
SubjC_set_print_arguments(YES);
SubjC_set_print_return_value(YES);
SubjC_set_print_timestamp(YES);
SubjC_default_filter_type(SubjC_Deny);
SubjC_start();
//do stuff
SubjC_end();

Or, if anyone knows of another way to monitor API calls (w/o source code) on a jailbroken device, please let me know!

Braddock answered 15/10, 2012 at 12:58 Comment(4)
related: logging objc_msgSend on iOSCrosslegged
The author of the tool, @KennyTM, is on stack overflow. Maybe he'll wander by this post and have some ideas?Jilolo
#9109420Zephyrus
A simulator might be a better suit than a jailbroken device.Zephyrus
H
1

I'm not aware of a direct equivalent to API Monitor. However, Frida is a popular tool for mobile app instrumentation, with a tutorial on iOS usage. Once installed, you can trace API calls with a command like frida-trace -U -i "CCCryptorCreate*" Twitter to trace calls from the Twitter app to functions starting with CCCryptorCreate.

Humphreys answered 29/7, 2022 at 2:55 Comment(2)
I asked this question 10 years ago :-) But I think that Frida is the right answer today.Braddock
@Braddock Hey, it was only 9 years and 10 months ago.Humphreys
T
-2

Set up a proxy server on your computer to redirect and track all the API calls. This is a common way to peak into iOS web traffic and you don't need a jailbroken device.

Turbosupercharger answered 11/8, 2020 at 7:0 Comment(2)
Please avoid asking questions (clarification or rhetorical) in answers. Conisder phrasing a conditional answer like "If your problem is ... then the solution is to ...".Wiersma
This is not a web api. I'm referring to native syscalls.Braddock

© 2022 - 2024 — McMap. All rights reserved.