Skip to content
Permalink
Browse files

Remove buffering and make ios-proxy more reliable

  • Loading branch information
ttdennis committed Nov 13, 2019
1 parent ab5e8f2 commit db7f30e26d624a6efe871a4b54687e1322d713e4
Showing with 67 additions and 88 deletions.
  1. +67 −88 ios-proxy/internalblue-ios-proxy/internalblue-ios-proxy.c
  2. BIN ios-proxy/ios-proxy
@@ -50,58 +50,57 @@ int connect_bt_device() {
struct termios term;

if (socket_fd == 0) {
printf("unable to get bluetooth socket\n");
printf("[!] Unable to get Bluetooth socket\n");
return -1;
}

ctl_info_t *ctl_inf = malloc(sizeof(ctl_info_t));
ctl_inf->ctl_id = 0;
strcpy(ctl_inf->ctl_name, "com.apple.uart.bluetooth");
if ((error = ioctl(socket_fd, CTLIOCGINFO, ctl_inf))) {
printf("ioctl(CTLIOCGINFO) = %d - errno: %d\n", error, errno);
printf("error: %s\n", strerror(errno));
printf("[!] ioctl(CTLIOCGINFO) = %d - errno: %d\n", error, errno);
printf("[!] error: %s\n", strerror(errno));
return -1;
}

*(int *)&sock_addr.sa_len = 0x22020;
*(int *)&sock_addr.sa_data[2] = ctl_inf->ctl_id;
ret = connect(socket_fd, &sock_addr, 0x20);
if (ret != 0) {
printf("connect() = %d - errno: %d\n", ret, errno);
printf("error: %s\n", strerror(errno));
printf("[!] connect() = %d - errno: %d\n", ret, errno);
printf("[!] error: %s\n", strerror(errno));
return -1;
}

printf("Connected to bt device\n");
printf("[*] Connected to Bluetooth chip H4 socket\n");

socklen_t len = 72;

ret = getsockopt(socket_fd, 2, TIOCGETA, &term, &len);
if (ret != 0) {
printf("getsockopt(TIOCGETA) = %d - errno: %d\n", ret, errno);
printf("error: %s\n", strerror(errno));
printf("[!] getsockopt(TIOCGETA) = %d - errno: %d\n", ret, errno);
printf("[!] error: %s\n", strerror(errno));
return -1;
}

cfmakeraw(&term);
ret = cfsetspeed(&term, 3000000);
if (ret != 0) {
printf("cfsetspeed() = %d - errno: %d\n", ret, errno);
printf("error: %s\n", strerror(errno));
printf("[!] cfsetspeed() = %d - errno: %d\n", ret, errno);
printf("[!] error: %s\n", strerror(errno));
return -1;
}

term.c_iflag |= 4;
term.c_cflag = 232192;
ret = setsockopt(socket_fd, 2, TIOCSETA, &term, 0x48);
if (ret != 0) {
printf("setsockopt() = %d - errno: %d\n", ret, errno);
printf("error: %s\n", strerror(errno));
printf("[!] setsockopt() = %d - errno: %d\n", ret, errno);
printf("[!] error: %s\n", strerror(errno));
return -1;
}

tcflush(socket_fd, 3);

free(ctl_inf);

return socket_fd;
@@ -115,7 +114,7 @@ int create_server(int port) {

server_fd = socket(AF_INET, SOCK_STREAM, 0);
if (server_fd < 0) {
printf("Unable to create server socket\n");
printf("[!] Unable to create server socket\n");
return -1;
}

@@ -127,16 +126,16 @@ int create_server(int port) {

setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &on, 4);
if (bind(server_fd, (struct sockaddr *)&server, sizeof(server)) < 0) {
printf("Error binding socket\n");
printf("[!] Error binding socket\n");
return -1;
}

if (listen(server_fd, 5) < 0) {
printf("Failed listening: %s\n", strerror(errno));
printf("[!] Failed listening on port %d, Error: %s\n", port, strerror(errno));
return -1;
}

printf("Listening on port %d\n", port);
printf("[*] Listening on port %d\n", port);

return server_fd;
}
@@ -150,82 +149,58 @@ int wait_for_connection(int server_fd) {
client_fd = accept(server_fd, (struct sockaddr *)&client, (socklen_t *)&len);

if (client_fd < 0) {
printf("Accepting connection failed\n");
printf("[!] Accepting connection failed\n");
return -1;
}

return client_fd;
}

size_t buffered_write(int fd, char *buf, int *len)
{
size_t x = write(fd, buf, *len);
if (x < 0)
return x;
if (x == 0)
return x;
if (x != *len)
memmove(buf, buf+x, (*len)-x);
*len -= x;
return x;
}

void proxy_bt_socket(int client, int bt) {
char *client_buf, *bt_buf;
int nfds;
int nfds, x;
fd_set R;
int client_out = 0;
int bt_out = 0;
int x;
size_t n;

client_buf = malloc(1024);
bt_buf = malloc(1024);
client_buf = malloc(0x2000);
bt_buf = malloc(0x2000);

nfds = client > bt ? client : bt;
nfds++;
while(1) {
struct timeval to;
if (client_out) {
buffered_write(bt, client_buf, &client_out);
}
if (bt_out) {
buffered_write(client, bt_buf, &bt_out);
}
FD_ZERO(&R);
if (client_out < 1024)
FD_SET(client, &R);
if (bt_out < 1024)
FD_SET(bt, &R);
FD_SET(client, &R);
FD_SET(bt, &R);

to.tv_sec = 0;
to.tv_usec = 1000;
to.tv_usec = 100;
x = select(nfds+1, &R, 0, 0, &to);
if (x > 0) {
if (FD_ISSET(client, &R)) {
n = read(client, client_buf+client_out, 1024-client_out);
if (n > 0) {
client_out += n;
} else {
close(client);
printf("Client read failed\n");
return;
}
n = read(client, client_buf, 4096);
if (n > 0) {
write(bt, client_buf, n);
} else {
close(client);
printf("[!] Client read failed\n");
return;
}
}

if (FD_ISSET(bt, &R)) {
n = read(bt, bt_buf+bt_out, 1024-bt_out);
if (n > 0) {
bt_out += n;
} else {
close(client);
printf("BT read failed\n");
return;
}
n = read(bt, bt_buf, 4096);
if (n > 0) {
write(client, bt_buf, n);
} else {
close(client);
printf("[!] H4 socket read failed\n");
return;
}
}
} else if (x < 0 && errno != EINTR){
printf("Select failed with %s\n", strerror(errno));
printf("[!] Select failed with %s\n", strerror(errno));
close(client);
return;
}
@@ -250,32 +225,36 @@ int main(int argc, char **argv) {

port = atoi(argv[1]);

// wake BT device
btwake_fd = open("/dev/btwake", 0);
bt_fd = connect_bt_device();
if (bt_fd < 0) {
printf("Error connecting to bluetooth device\n");
return -1;
}
server_fd = create_server(port);
if (server_fd < 0) {
printf("Unable to create server\n");
return -1;
}
printf("Created server\n");
signal(SIGINT, __exit);
while (1) {
printf("Waiting for connection\n");
while (1) {
// wake BT device
btwake_fd = open("/dev/btwake", 0);
bt_fd = connect_bt_device();
if (bt_fd < 0) {
printf("[!] Error connecting to bluetooth device\n");
return -1;
}
server_fd = create_server(port);
if (server_fd < 0) {
printf("[!] Unable to create proxy server\n");
return -1;
}
printf("[*] Created proxy server\n");
signal(SIGINT, __exit);

printf("[*] Waiting for remote connection\n");
client_fd = wait_for_connection(server_fd);
if (client_fd < 0)
continue;
// currently only one connection is supported
printf("[!] Unable to connect remote device to proxy\n");

// currently only one connection is supported
proxy_bt_socket(client_fd, bt_fd);
close(client_fd);
close(server_fd);
close(bt_fd);
close(btwake_fd);
}

return 0;
BIN -208 Bytes (100%) ios-proxy/ios-proxy
Binary file not shown.

0 comments on commit db7f30e

Please sign in to comment.
You can’t perform that action at this time.