关于sbutils中的sblaunch插件的疑惑

一、sbutils介绍

  sbutils是一个开源的越狱手机基础功能的插件包,其中包含sblaunch这个启动插件,该插件可以实现命令行下面打开app并传递一个url。

  sbutils下载地址:http://cydia.ppios.com/2013/06/sbutils-v1-0-2-1.html

  sbutils的开源代码:https://github.com/innoying/iOS-sbutils

 

二、sblaunch的开源代码

  

 1 #include <CoreFoundation/CoreFoundation.h>
 2 #include <stdbool.h>
 3 #define SBSApplicationLaunchUnlockDevice 4
 4 #define SBSApplicationDebugOnNextLaunch_plus_SBSApplicationLaunchWaitForDebugger 0x402
 5 
 6 bool SBSProcessIDForDisplayIdentifier(CFStringRef id, pid_t *pid);
 7 int SBSLaunchApplicationWithIdentifier(CFStringRef id, char flags);
 8 int SBSLaunchApplicationForDebugging(CFStringRef bundleID, CFURLRef openURL, CFArrayRef arguments, CFDictionaryRef environment, CFStringRef stdout, CFStringRef stderr, char flags);
 9 
10 int main(int argc, char **argv) {
11     bool p = false;
12     const char *url = NULL;
13     const char *bundle;
14     int flags = SBSApplicationLaunchUnlockDevice;
15 
16     int c;
17     while((c = getopt(argc, argv, "pdbu:")) != -1)
18     switch(c) {
19         case 'p': p = true; break;
20         case 'd': flags |= SBSApplicationDebugOnNextLaunch_plus_SBSApplicationLaunchWaitForDebugger; break;
21         case 'b': flags |= 1; break;
22         case 'u': url = optarg; break;
23         default: goto usage;
24     }
25     if(optind == argc) goto usage;
26     bundle = argv[optind];
27 
28     CFMutableArrayRef arguments = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
29     while(++optind != argc) CFArrayAppendValue(arguments, CFStringCreateWithCString(NULL, argv[optind], kCFStringEncodingUTF8));
30 
31 
32     CFStringRef cs = CFStringCreateWithCString(NULL, bundle, kCFStringEncodingUTF8);
33     CFURLRef cu = url ? CFURLCreateWithBytes(NULL, (UInt8*)url, strlen(url), kCFStringEncodingUTF8, NULL) : NULL;
34     if(url && !cu) {
35         fprintf(stderr, "invalid URL\n");
36         return 1;
37     }
38     int err;
39     if((err = SBSLaunchApplicationForDebugging(cs, cu, arguments, NULL, NULL, NULL, flags))) {
40         fprintf(stderr, "SBSLaunchApplicationWithIdentifier failed: %d\n", err);
41         return 1;
42     }
43     if(p) {
44         pid_t pid;
45         while(!SBSProcessIDForDisplayIdentifier(cs, &pid)) {
46             usleep(50000);
47         }
48         printf("%d\n", (int) pid);
49     }
50     return 0;
51 
52     usage:
53     fprintf(stderr, "Usage: sblaunch [-p] [-d] [-b] [-u url] <bundle> [arguments...]\n"
54                     "  -p: print pid\n"
55                     "  -d: launch for debugging\n"
56                     "  -b: launch in background\n"
57                     );
58     return 1;
59 }

其中着色的函数是关键函数,找了好多资料没有发现这个函数的出处,没有资料显示这里的标准参数是什么。

仿照这个函数的用法,自己写了一段代码,发现同样调用中是可以打开一个app的,但是传递的url无论怎么传递都没有效果。

添加签名:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.springboard.launchapplications</key> <true/> </dict> </plist>

遂怀疑是参数的问题,用IDA反编译sblaunch,得到以下的C代码

  1 int __cdecl main(int argc, const char **argv, const char **envp)
  2 {
  3   const char **v3; // r5@1
  4   signed int v4; // r4@1
  5   int v5; // r6@1
  6   int v6; // r0@11
  7   int v7; // r8@14
  8   int i; // r2@14
  9   int v9; // r0@15
 10   int v10; // r5@16
 11   size_t v11; // r2@18
 12   FILE **v12; // r4@18
 13   const void *v13; // r0@18
 14   int v14; // r4@19
 15   int v15; // r0@19
 16   FILE *v16; // r3@26
 17   const char *v18; // [sp+Ch] [bp-2Ch]@14
 18   int v19; // [sp+10h] [bp-28h]@14
 19   char v20; // [sp+14h] [bp-24h]@1
 20   const char *v21; // [sp+18h] [bp-20h]@1
 21   int v22; // [sp+1Ch] [bp-1Ch]@22
 22 
 23   v3 = argv;
 24   v4 = 4;
 25   v20 = 0;
 26   v21 = 0;
 27   v5 = argc;
 28   while ( 1 )
 29   {
 30     v6 = getopt(v5, (char *const *)v3, "pdbu:");
 31     if ( v6 <= 97 )
 32       break;
 33     if ( v6 > 111 )
 34     {
 35       if ( v6 == 112 )
 36       {
 37         v20 = 1;
 38       }
 39       else
 40       {
 41         if ( v6 != 117 )
 42           goto LABEL_25;
 43         v21 = optarg;
 44       }
 45     }
 46     else if ( v6 == 98 )
 47     {
 48       v4 |= 1u;
 49     }
 50     else
 51     {
 52       if ( v6 != 100 )
 53         goto LABEL_25;
 54       v4 |= 0x402u;
 55     }
 56   }
 57   if ( v6 != -1 || optind == v5 )
 58   {
 59 LABEL_25:
 60     v11 = 134;
 61     v12 = (FILE **)&__stderrp;
 62     v13 = "Usage: sblaunch [-p] [-d] [-b] [-u url] <bundle> [arguments...]\n  -p: print pid\n  -d: launch for debugging\n  -b: launch in background\n";
 63     goto LABEL_26;
 64   }
 65   v18 = v3[optind];
 66   v19 = 0;
 67   v7 = CFArrayCreateMutable(0);
 68   ++optind;
 69   for ( i = optind; i != v5; optind = i )
 70   {
 71     v9 = CFStringCreateWithCString(0, v3[i], 134217984);
 72     CFArrayAppendValue(v7, v9);
 73     i = optind + 1;
 74   }
 75   v10 = CFStringCreateWithCString(0, v18, 134217984);
 76   if ( v21 )
 77   {
 78     strlen(v21);
 79     v19 = CFURLCreateWithBytes(0);
 80     if ( !v19 )
 81     {
 82       v11 = 12;
 83       v12 = (FILE **)&__stderrp;
 84       v13 = "invalid URL\n";
 85 LABEL_26:
 86       v16 = *v12;
 87       v14 = 1;
 88       fwrite(v13, 1u, v11, v16);
 89       return v14;
 90     }
 91   }
 92   v14 = 0;
 93   v15 = SBSLaunchApplicationForDebugging(v10, v19, v7, 0);
 94   if ( v15 )
 95   {
 96     fprintf(__stderrp, "SBSLaunchApplicationWithIdentifier failed: %d\n", v15);
 97     v14 = 1;
 98   }
 99   else if ( v20 )
100   {
101     while ( !SBSProcessIDForDisplayIdentifier(v10, &v22) )
102       usleep(0xC350u);
103     v14 = 0;
104     printf("%d\n", v22);
105   }
106   return v14;
107 }

显示是4个参数,这个函数是位于以下目录中文件中

可是在越狱的手机中找了很久也找不到这个文件,不知道这个库的文件在哪里?

posted @ 2015-11-12 22:47  兜兜有糖的博客  阅读(920)  评论(0编辑  收藏  举报