iPhone hacking, initial info

**Nightwatch** · 06-30-2007 08:45 AM

I've got my iPhone, it's activated, and I've been doing some rudimentary analysis of what's going on with it. I doubt I'll be able to accomplish the Holy Grail myself - loading 3rd party apps to do whatever you want (portable gaming platform ahoy!) But I bought my iPhone in the hopes that it'll eventually happen, and I'd like to help the hacking community get to that point however I can.

Here's what I've found so far.

When you update iTunes to 7.3, a PrivateFramework called MobileDevice.framework gets installed in /System/Library/PrivateFrameworks. Four applications are inside it, aside from the library binary itself: AppleMobileDeviceHelper.app, AppleMobileSync.app, reenumerate, and usbmuxd. These applications, from a cursory analysis (i.e. strings

), seem to have tons of debugging info left in them.

When I sync my iPhone, iTunes throws this into the Console:

Created child with pid 788...
Starting child at /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper, setting input fd to 27, output fd to 33 and closing all other pipes
Created args array of size 5
Child /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper starting up, argc is 4...
arg[0] = /System/Library/PrivateFrameworks/MobileDevice.framework/Resources/ AppleMobileDeviceHelper.app/Contents/MacOS/AppleMobileDeviceHelper
arg[1] = --pipe
arg[2] = 27
arg[3] = 33
Created child to sync device with pid 789...
Waiter has started running...
Created unique process name from name AppleMobileSync, process name AppleMobileSync: AppleMobileSync.FD62FB24-08FA-4FD6-B7FC-6566D9F5229D

So in order to mess with the iPhone, iTunes calls "AppleMobileDeviceHelper --pipe [input pipe] [output pipe]", which I assume to just be plain old unix file descriptors. Someone should sniff the data running over those pipes to get started.