I'm trying to spoof the location update in Find My Friends with Theos.
我正在尝试欺骗使用Theos查找我的朋友中的位置更新。
What I have so far:
到目前为止我所拥有的:
When the app is in foreground, I was able to spoof the update message(using Theos/Logos to hook FMFLocation class).
当应用程序处于前台时,我能够欺骗更新消息(使用Theos / Logos挂钩FMFLocation类)。
What is missing:
缺什么:
When the app is in background or killed, it still sends my location to the server when my friend requests my location. This background update does NOT invoke the regular update method, so my hook does not work. Moreover, it can respond to location request from the network even if the app is killed. I don't think Apple allows this behavior in regular apps.
当应用程序处于后台或被杀时,当我的朋友请求我的位置时,它仍会将我的位置发送到服务器。此后台更新不会调用常规更新方法,因此我的钩子不起作用。此外,即使应用程序被杀,它也可以响应来自网络的位置请求。我认为Apple不会在常规应用中允许这种行为。
I think this can only be done with some private API. Could anyone point me in the right direction to find out what API/method it is using in background?
我认为这只能通过一些私有API来完成。有人能指出我正确的方向,找出它在后台使用的API /方法吗?
2 个解决方案
#1
1
You might want to check the -startMonitoringSignificantLocationChanges method in CLLocationMananger (docs).
您可能想要检查CLLocationMananger(docs)中的-startMonitoringSignificantLocationChanges方法。
As the docs state:
正如文档所述:
This method initiates the delivery of location events asynchronously, returning shortly after you call it. Location events are delivered to your delegate’s locationManager:didUpdateLocations: method. The first event to be delivered is usually the most recently cached location event (if any) but may be a newer event in some circumstances. Obtaining a current location fix may take several additional seconds, so be sure to check the timestamps on the location events in your delegate method.
此方法异步启动位置事件的传递,在您调用它后不久返回。位置事件将传递给您委托的locationManager:didUpdateLocations:方法。要传递的第一个事件通常是最近缓存的位置事件(如果有),但在某些情况下可能是较新的事件。获取当前位置修复可能需要几秒钟,因此请务必检查委托方法中位置事件的时间戳。
After returning a current location fix, the receiver generates update events only when a significant change in the user’s location is detected. For example, it might generate a new event when the device becomes associated with a different cell tower. It does not rely on the value in the distanceFilter property to generate events. Calling this method several times in succession does not automatically result in new events being generated. Calling stopMonitoringSignificantLocationChanges in between, however, does cause a new initial event to be sent the next time you call this method.
在返回当前位置修复之后,接收器仅在检测到用户位置的显着变化时才生成更新事件。例如,当设备与不同的蜂窝塔相关联时,它可能会生成新事件。它不依赖distanceFilter属性中的值来生成事件。连续多次调用此方法不会自动导致生成新事件。但是,在两者之间调用stopMonitoringSignificantLocationChanges会导致在下次调用此方法时发送新的初始事件。
If you start this service and your application is subsequently terminated, the system automatically relaunches the application into the background if a new event arrives. In such a case, the options dictionary passed to the locationManager:didUpdateLocations: method of your application delegate contains the key UIApplicationLaunchOptionsLocationKey to indicate that your application was launched because of a location event. Upon relaunch, you must still configure a location manager object and call this method to continue receiving location events. When you restart location services, the current event is delivered to your delegate immediately. In addition, the location property of your location manager object is populated with the most recent location object even before you start location services.
如果您启动此服务并且您的应用程序随后终止,则系统会在新事件到达时自动将应用程序重新启动到后台。在这种情况下,传递给locationManager的选项字典:didUpdateLocations:应用程序委托的方法包含密钥UIApplicationLaunchOptionsLocationKey,以指示您的应用程序是由于位置事件而启动的。重新启动后,您仍必须配置位置管理器对象并调用此方法以继续接收位置事件。重新启动位置服务时,会立即将当前事件传递给您的代理。此外,即使在启动位置服务之前,也会使用最新的位置对象填充位置管理器对象的位置属性。
In addition to your delegate object implementing the locationManager:didUpdateLocations: method, it should also implement the locationManager:didFailWithError: method to respond to potential errors.
除了实现locationManager:didUpdateLocations:方法的委托对象之外,它还应该实现locationManager:didFailWithError:方法来响应潜在的错误。
So basically you need to:
所以基本上你需要:
- Set the
locationkey as a background mode in yourInfo.plistfile - Start a
CLLocationMananger - Call
startMonitoringSignificantLocationChanges - On your
AppDelegate, you'll receive a location in the info dictionary, keyed withUIApplicationLaunchOptionsLocationKeywhen the users moves about 500 meters. - On that method, you can update the location on the server.
在Info.plist文件中将位置键设置为后台模式
启动CLLocationMananger
在AppDelegate上,当用户移动大约500米时,您将在信息词典中收到一个位置,并使用UIApplicationLaunchOptionsLocationKey键入。
在该方法上,您可以更新服务器上的位置。
#2
1
I figured it out! It's the aosnotifyd that is sending location in the backgournd.
我想到了!这是在背景中发送位置的aosnotifyd。
I ended up doing this:
我最终这样做了:
#import <CoreLocation/CoreLocation.h>
%hook AOSFindBaseServiceProvider
-(void)sendCurrentLocation:(id)fp8 isFinished:(BOOL)fp12 forCmd:(id)fp16 withReason:(int)fp20 andAccuracyChange:(double)fp24{
//Mess with (CLLocation *)fp8 here
%orig(c,fp12,fp16,fp20,fp24);
}
%end
#1
1
You might want to check the -startMonitoringSignificantLocationChanges method in CLLocationMananger (docs).
您可能想要检查CLLocationMananger(docs)中的-startMonitoringSignificantLocationChanges方法。
As the docs state:
正如文档所述:
This method initiates the delivery of location events asynchronously, returning shortly after you call it. Location events are delivered to your delegate’s locationManager:didUpdateLocations: method. The first event to be delivered is usually the most recently cached location event (if any) but may be a newer event in some circumstances. Obtaining a current location fix may take several additional seconds, so be sure to check the timestamps on the location events in your delegate method.
此方法异步启动位置事件的传递,在您调用它后不久返回。位置事件将传递给您委托的locationManager:didUpdateLocations:方法。要传递的第一个事件通常是最近缓存的位置事件(如果有),但在某些情况下可能是较新的事件。获取当前位置修复可能需要几秒钟,因此请务必检查委托方法中位置事件的时间戳。
After returning a current location fix, the receiver generates update events only when a significant change in the user’s location is detected. For example, it might generate a new event when the device becomes associated with a different cell tower. It does not rely on the value in the distanceFilter property to generate events. Calling this method several times in succession does not automatically result in new events being generated. Calling stopMonitoringSignificantLocationChanges in between, however, does cause a new initial event to be sent the next time you call this method.
在返回当前位置修复之后,接收器仅在检测到用户位置的显着变化时才生成更新事件。例如,当设备与不同的蜂窝塔相关联时,它可能会生成新事件。它不依赖distanceFilter属性中的值来生成事件。连续多次调用此方法不会自动导致生成新事件。但是,在两者之间调用stopMonitoringSignificantLocationChanges会导致在下次调用此方法时发送新的初始事件。
If you start this service and your application is subsequently terminated, the system automatically relaunches the application into the background if a new event arrives. In such a case, the options dictionary passed to the locationManager:didUpdateLocations: method of your application delegate contains the key UIApplicationLaunchOptionsLocationKey to indicate that your application was launched because of a location event. Upon relaunch, you must still configure a location manager object and call this method to continue receiving location events. When you restart location services, the current event is delivered to your delegate immediately. In addition, the location property of your location manager object is populated with the most recent location object even before you start location services.
如果您启动此服务并且您的应用程序随后终止,则系统会在新事件到达时自动将应用程序重新启动到后台。在这种情况下,传递给locationManager的选项字典:didUpdateLocations:应用程序委托的方法包含密钥UIApplicationLaunchOptionsLocationKey,以指示您的应用程序是由于位置事件而启动的。重新启动后,您仍必须配置位置管理器对象并调用此方法以继续接收位置事件。重新启动位置服务时,会立即将当前事件传递给您的代理。此外,即使在启动位置服务之前,也会使用最新的位置对象填充位置管理器对象的位置属性。
In addition to your delegate object implementing the locationManager:didUpdateLocations: method, it should also implement the locationManager:didFailWithError: method to respond to potential errors.
除了实现locationManager:didUpdateLocations:方法的委托对象之外,它还应该实现locationManager:didFailWithError:方法来响应潜在的错误。
So basically you need to:
所以基本上你需要:
- Set the
locationkey as a background mode in yourInfo.plistfile - Start a
CLLocationMananger - Call
startMonitoringSignificantLocationChanges - On your
AppDelegate, you'll receive a location in the info dictionary, keyed withUIApplicationLaunchOptionsLocationKeywhen the users moves about 500 meters. - On that method, you can update the location on the server.
在Info.plist文件中将位置键设置为后台模式
启动CLLocationMananger
在AppDelegate上,当用户移动大约500米时,您将在信息词典中收到一个位置,并使用UIApplicationLaunchOptionsLocationKey键入。
在该方法上,您可以更新服务器上的位置。
#2
1
I figured it out! It's the aosnotifyd that is sending location in the backgournd.
我想到了!这是在背景中发送位置的aosnotifyd。
I ended up doing this:
我最终这样做了:
#import <CoreLocation/CoreLocation.h>
%hook AOSFindBaseServiceProvider
-(void)sendCurrentLocation:(id)fp8 isFinished:(BOOL)fp12 forCmd:(id)fp16 withReason:(int)fp20 andAccuracyChange:(double)fp24{
//Mess with (CLLocation *)fp8 here
%orig(c,fp12,fp16,fp20,fp24);
}
%end