An iOS jailbreak tweak to log XMPP communication.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
formatter
.gitignore
GCDAsyncSocket-writeData.xm
GCDAsyncSocketDelegate-didReadData.xm
LICENSE
Makefile
README.md
XMPPFrameworkLogger.plist
control

README.md

XMPPFrameworkLogger

An iOS jailbreak tweak to log XMPP communication.

Background

XMPP is a protocol for real-time communication, most commonly understood as used in chat apps. XMPPFramework is its most popular Objective-C library. XMPP opens a TCP socket and the XMPP standard dictates the use of TLS. Thus, after the TLS connection is negotiated, tcpdump's output is garbled nonsense. Traditional HTTPS MITM proxies, e.g. Charles, mitmproxy, don't provide the tooling to supply a certificate of our choosing in this case (it's not HTTP).

Fortunately, in Objective-C, when a method is called, the memory location of the class's method is looked up in table using the method's name as a string for reference. This table can be altered at runtime, allowing replacing classes' method implementations with our own. This is called swizzling.

On iOS this requires a jailbroken iPhone.

Theos is a suite of development tools which allows for easy swizzling.

XMPPFramework uses CocoaAsyncSocket for its underlying socket. This tweak swizzles CocoaAsyncSocket's GCDAsyncSocket's writeData method and its delegate didReadData method in XMPPStream, outputting the NSData XML string to NSLog.

Morally, we have every right to know what data our phones are sending. This tweak could be used as a base to drop XMPP messages you would rather not sent, ala ad-blocking.

Installation

In Terminal, SSH to your jailbroken iOS device:

ssh root@192.168.0.0

The default password is alpine.

Download using:

curl -s "https://api.github.com/repos/BrianHenryIE/XMPPFrameworkLogger/releases/latest" | grep '"browser_download_url":' | sed -E 's/.*"([^"]+)".*/\1/' | xargs -I browser_download_url curl -o ie.brianhenry.xmppframeworklogger.deb browser_download_url -L

Install using:

dpkg -i ie.brianhenry.xmppframeworklogger.deb

To remove:

dpkg -r ie.brianhenry.xmppframeworklogger

Use

Once installed, the tweak will run in any application containing XMPPFramework's XMPPStream class (since that's where the communication terminates).

To view the logs, open Console on MacOS, select your iOS device, and search "XMPPFramework".

Better logs

The Console logs contain all the necessary information, but are very hard to make a mental model from. I've written a script to make them a little easier on the eye. Messages from the client are highlighted blue and responses from the server in orange. XML is indented, JSON inside tags is formatted using PHP JSON_PRETTY_PRINT and style is applied with Google's code-prettify library:

To save the iOS logs to file, use deviceconsole. Install via npm using:

npm install deviceconsole

Then output the logs to file using:

deviceconsole > session_ref.xmpp.log

Once a .xmpp.log file is in the same folder as this project's formatter/formatlogfile.php, running:

php formatlogfile.php

Will output a .xmpp.log.html for every .xmpp.log file in the same directory.

Acknowledgements

Thank you to my friends Eoin and Roisín for the iPhone I had spare to jailbreak, my wife Leah for her patience, and Dustin Howett whose help on IRC clarfied the last few missing pieces to get this working. And my mother, always.