An iOS jailbreak tweak to log XMPP communication.
XMPP is a protocol for real-time communication, most commonly understood as used in chat apps. XMPPFramework is its most popular Objective-C library. XMPP opens a TCP socket and the XMPP standard dictates the use of TLS. Thus, after the TLS connection is negotiated, tcpdump's output is garbled nonsense. Traditional HTTPS MITM proxies, e.g. Charles, mitmproxy, don't provide the tooling to supply a certificate of our choosing in this case (it's not HTTP).
Fortunately, in Objective-C, when a method is called, the memory location of the class's method is looked up in table using the method's name as a string for reference. This table can be altered at runtime, allowing replacing classes' method implementations with our own. This is called swizzling.
On iOS this requires a jailbroken iPhone.
Theos is a suite of development tools which allows for easy swizzling.
XMPPFramework uses CocoaAsyncSocket for its underlying socket. This tweak swizzles CocoaAsyncSocket's GCDAsyncSocket's writeData method and its delegate didReadData method in XMPPStream, outputting the NSData XML string to NSLog.
Morally, we have every right to know what data our phones are sending. This tweak could be used as a base to drop XMPP messages you would rather not sent, ala ad-blocking.
In Terminal, SSH to your jailbroken iOS device:
The default password is alpine
.
Download using:
curl -s "https://api.github.com/repos/BrianHenryIE/XMPPFrameworkLogger/releases/latest" | grep '"browser_download_url":' | sed -E 's/.*"([^"]+)".*/\1/' | xargs -I browser_download_url curl -o ie.brianhenry.xmppframeworklogger.deb browser_download_url -L
Install using:
dpkg -i ie.brianhenry.xmppframeworklogger.deb
To remove:
dpkg -r ie.brianhenry.xmppframeworklogger
Once installed, the tweak will run in any application containing XMPPFramework's XMPPStream class (since that's where the communication terminates).
To view the logs, open Console on MacOS, select your iOS device, and search "XMPPFramework".
The Console logs contain all the necessary information, but are very hard to make a mental model from. I've written a script to make them a little easier on the eye. Messages from the client are highlighted blue and responses from the server in orange. XML is indented, JSON inside tags is formatted using PHP JSON_PRETTY_PRINT and style is applied with Google's code-prettify library:
To save the iOS logs to file, use deviceconsole. Install via npm using:
npm install deviceconsole
Then output the logs to file using:
deviceconsole > session_ref.xmpp.log
Once a .xmpp.log
file is in the same folder as this project's formatter/formatlogfile.php
, running:
php formatlogfile.php
Will output a .xmpp.log.html
for every .xmpp.log
file in the same directory.
Thank you to my friends Eoin and Roisín for the iPhone I had spare to jailbreak, my wife Leah for her patience, and Dustin Howett whose help on IRC clarfied the last few missing pieces to get this working. And my mother, always.