The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "MobileDevice Library"

From The iPhone Wiki
Jump to: navigation, search
 
(65 intermediate revisions by 24 users not shown)
Line 1: Line 1:
  +
{{float toc|right}}
Hacked by Chroniccommand
  
  +
MobileDevice Library is used by [[iTunes]] to transfer data between iPhone and computer over both USB and WiFi connections.
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
   
  +
=== Windows: iTunesMobileDevice.dll ===
Hacked by Chroniccommand
  
  +
* Location: <code>C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll</code> (<code>Program Files (x86)</code> on 64-bit)
Hacked by Chroniccommand
  
  +
* Supporting CoreFoundation.dll (used for CFStringRef, CFPropertyListRef management) is located in the same dir (when using [[iTunes]] prior 9.0).
Hacked by Chroniccommand
  
  +
* For [[iTunes]] 9.0, the location of CoreFoundation.dll is stored in '''InstallDir''' registry value under '''HKLM\SOFTWARE\Apple Inc.\Apple Application Support''' registry key.
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
   
  +
=== Mac OS X: MobileDevice.framework ===
Hacked by Chroniccommand
  
  +
* Location: /System/Library/PrivateFrameworks/MobileDevice.framework
Hacked by Chroniccommand
  
  +
* Export command: <code>nm /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice</code>
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
=== Library Interfaces ===
Hacked by Chroniccommand
  
  +
* [http://www.libimobiledevice.org/ libimobiledevice] (provides the same functionality on GNU/Linux)
Hacked by Chroniccommand
  
  +
* [https://github.com/imkira/mobiledevice mobiledevice] (command line utility for interacting with MobileDevice Framework)
Hacked by Chroniccommand
  
  +
* [https://github.com/samdmarshall/SDMMobileDevice SDMMobileDevice] (OS X framework written in C that can be used interchangeably with Apple's private framework MobileDevice.framework)
Hacked by Chroniccommand
  
  +
* [https://bitbucket.org/tristero/mobiledeviceaccess MobileDeviceAccess] (similar to above, but written in Objective-C)
Hacked by Chroniccommand
  
  +
* [http://samdmarshall.com/media/MobileDevice.h MobileDevice.h] (old reverse engineered header for interfacing with MobileDevice library)
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
=== Private Functions ===
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
==== Obtaining address ====
Hacked by Chroniccommand
  
  +
In order to obtain the address of a usable private function in MobileDevice, you will have to be able to understand x86-64 assembly to reverse engineer it. These methods differ slightly based on platform due to how dynamically linked libraries handle position independent code.
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
=====Mac OS X (MobileDevice.framework)=====
Hacked by Chroniccommand
  
  +
A private function is not marked as exported in the mach-o symbol table. This means it cannot be called by simply linking against the library. To call unexported functions, the mach-o symbol table must be stepped through manually to find the offset of a particular function call. Calls can be verified by checking against the offset of the name inside the name table.
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
=====Windows (MobileDevice.dll)=====
Hacked by Chroniccommand
  
  +
Unlike OS X's dynamically linkable libraries, Windows dynamic libraries do not support position independent code in the same manner. A private function will not have its name in the exported symbol table, so in a debugger, like GDB, it will show up as part of another function. However, you will know that it is a separate function as a new stack frame is set up.
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
=== Known Error Codes ===
Hacked by Chroniccommand
  
  +
* kAMDSuccess = 0x0
Hacked by Chroniccommand
  
  +
* kAMDUndefinedError = 0xe8000001
Hacked by Chroniccommand
  
  +
* kAMDBadHeaderError = 0xe8000002
Hacked by Chroniccommand
  
  +
* kAMDNoResourcesError = 0xe8000003
Hacked by Chroniccommand
  
  +
* kAMDReadError = 0xe8000004
Hacked by Chroniccommand
  
  +
* kAMDWriteError = 0xe8000005
Hacked by Chroniccommand
  
  +
* kAMDUnknownPacketError = 0xe8000006
Hacked by Chroniccommand
  
  +
* kAMDInvalidArgumentError = 0xe8000007
Hacked by Chroniccommand
  
  +
* kAMDNotFoundError = 0xe8000008
Hacked by Chroniccommand
  
  +
* kAMDIsDirectoryError = 0xe8000009
Hacked by Chroniccommand
  
  +
* kAMDPermissionError = 0xe800000a
Hacked by Chroniccommand
  
  +
* kAMDNotConnectedError = 0xe800000b
Hacked by Chroniccommand
  
  +
* kAMDTimeOutError = 0xe800000c
Hacked by Chroniccommand
  
  +
* kAMDOverrunError = 0xe800000d
Hacked by Chroniccommand
  
  +
* kAMDEOFError = 0xe800000e
Hacked by Chroniccommand
  
  +
* kAMDUnsupportedError = 0xe800000f
Hacked by Chroniccommand
  
  +
* kAMDFileExistsError = 0xe8000010
Hacked by Chroniccommand
  
  +
* kAMDBusyError = 0xe8000011
Hacked by Chroniccommand
  
  +
* kAMDCryptoError = 0xe8000012
Hacked by Chroniccommand
  
  +
* kAMDInvalidResponseError = 0xe8000013
Hacked by Chroniccommand
  
  +
* kAMDMissingKeyError = 0xe8000014
Hacked by Chroniccommand
  
  +
* kAMDMissingValueError = 0xe8000015
Hacked by Chroniccommand
  
  +
* kAMDGetProhibitedError = 0xe8000016
Hacked by Chroniccommand
  
  +
* kAMDSetProhibitedError = 0xe8000017
Hacked by Chroniccommand
  
  +
* kAMDRemoveProhibitedError = 0xe8000018
Hacked by Chroniccommand
  
  +
* kAMDImmutableValueError = 0xe8000019
Hacked by Chroniccommand
  
  +
* kAMDPasswordProtectedError = 0xe800001a
Hacked by Chroniccommand
  
  +
* kAMDMissingHostIDError = 0xe800001b
Hacked by Chroniccommand
  
  +
* kAMDInvalidHostIDError = 0xe800001c
Hacked by Chroniccommand
  
  +
* kAMDSessionActiveError = 0xe800001d
Hacked by Chroniccommand
  
  +
* kAMDSessionInactiveError = 0xe800001e
Hacked by Chroniccommand
  
  +
* kAMDMissingSessionIDError = 0xe800001f
Hacked by Chroniccommand
  
  +
* kAMDInvalidSessionIDError = 0xe8000020
Hacked by Chroniccommand
  
  +
* kAMDMissingServiceError = 0xe8000021
Hacked by Chroniccommand
  
  +
* kAMDInvalidServiceError = 0xe8000022
Hacked by Chroniccommand
  
  +
* kAMDInvalidCheckinError = 0xe8000023
Hacked by Chroniccommand
  
  +
* kAMDCheckinTimeoutError = 0xe8000024
Hacked by Chroniccommand
  
  +
* kAMDMissingPairRecordError = 0xe8000025
Hacked by Chroniccommand
  
  +
* kAMDInvalidActivationRecordError = 0xe8000026
Hacked by Chroniccommand
  
  +
* kAMDMissingActivationRecordError = 0xe8000027
Hacked by Chroniccommand
  
  +
* kAMDWrongDroidError = 0xe8000028
Hacked by Chroniccommand
  
  +
* kAMDSUVerificationError = 0xe8000029
Hacked by Chroniccommand
  
  +
* kAMDSUPatchError = 0xe800002a
Hacked by Chroniccommand
  
  +
* kAMDSUFirmwareError = 0xe800002b
Hacked by Chroniccommand
  
  +
* kAMDProvisioningProfileNotValid = 0xe800002c
Hacked by Chroniccommand
  
  +
* kAMDSendMessageError = 0xe800002d
Hacked by Chroniccommand
  
  +
* kAMDReceiveMessageError = 0xe800002e
Hacked by Chroniccommand
  
  +
* kAMDMissingOptionsError = 0xe800002f
Hacked by Chroniccommand
  
  +
* kAMDMissingImageTypeError = 0xe8000030
Hacked by Chroniccommand
  
  +
* kAMDDigestFailedError = 0xe8000031
Hacked by Chroniccommand
  
  +
* kAMDStartServiceError = 0xe8000032
Hacked by Chroniccommand
  
  +
* kAMDInvalidDiskImageError = 0xe8000033
Hacked by Chroniccommand
  
  +
* kAMDMissingDigestError = 0xe8000034
Hacked by Chroniccommand
  
  +
* kAMDMuxError = 0xe8000035
Hacked by Chroniccommand
  
  +
* kAMDApplicationAlreadyInstalledError = 0xe8000036
Hacked by Chroniccommand
  
  +
* kAMDApplicationMoveFailedError = 0xe8000037
Hacked by Chroniccommand
  
  +
* kAMDApplicationSINFCaptureFailedError = 0xe8000038
Hacked by Chroniccommand
  
  +
* kAMDApplicationSandboxFailedError = 0xe8000039
Hacked by Chroniccommand
  
  +
* kAMDApplicationVerificationFailedError = 0xe800003a
Hacked by Chroniccommand
  
  +
* kAMDArchiveDestructionFailedError = 0xe800003b
Hacked by Chroniccommand
  
  +
* kAMDBundleVerificationFailedError = 0xe800003c
Hacked by Chroniccommand
  
  +
* kAMDCarrierBundleCopyFailedError = 0xe800003d
Hacked by Chroniccommand
  
  +
* kAMDCarrierBundleDirectoryCreationFailedError = 0xe800003e
Hacked by Chroniccommand
  
  +
* kAMDCarrierBundleMissingSupportedSIMsError = 0xe800003f
Hacked by Chroniccommand
  
  +
* kAMDCommCenterNotificationFailedError = 0xe8000040
Hacked by Chroniccommand
  
  +
* kAMDContainerCreationFailedError = 0xe8000041
Hacked by Chroniccommand
  
  +
* kAMDContainerP0wnFailedError = 0xe8000042
Hacked by Chroniccommand
  
  +
* kAMDContainerRemovalFailedError = 0xe8000043
Hacked by Chroniccommand
  
  +
* kAMDEmbeddedProfileInstallFailedError = 0xe8000044
Hacked by Chroniccommand
  
  +
* kAMDErrorError = 0xe8000045
Hacked by Chroniccommand
  
  +
* kAMDExecutableTwiddleFailedError = 0xe8000046
Hacked by Chroniccommand
  
  +
* kAMDExistenceCheckFailedError = 0xe8000047
Hacked by Chroniccommand
  
  +
* kAMDInstallMapUpdateFailedError = 0xe8000048
Hacked by Chroniccommand
  
  +
* kAMDManifestCaptureFailedError = 0xe8000049
Hacked by Chroniccommand
  
  +
* kAMDMapGenerationFailedError = 0xe800004a
Hacked by Chroniccommand
  
  +
* kAMDMissingBundleExecutableError = 0xe800004b
Hacked by Chroniccommand
  
  +
* kAMDMissingBundleIdentifierError = 0xe800004c
Hacked by Chroniccommand
  
  +
* kAMDMissingBundlePathError = 0xe800004d
Hacked by Chroniccommand
  
  +
* kAMDMissingContainerError = 0xe800004e
Hacked by Chroniccommand
  
  +
* kAMDNotificationFailedError = 0xe800004f
Hacked by Chroniccommand
  
  +
* kAMDPackageExtractionFailedError = 0xe8000050
Hacked by Chroniccommand
  
  +
* kAMDPackageInspectionFailedError = 0xe8000051
Hacked by Chroniccommand
  
  +
* kAMDPackageMoveFailedError = 0xe8000052
Hacked by Chroniccommand
  
  +
* kAMDPathConversionFailedError = 0xe8000053
Hacked by Chroniccommand
  
  +
* kAMDRestoreContainerFailedError = 0xe8000054
Hacked by Chroniccommand
  
  +
* kAMDSeatbeltProfileRemovalFailedError = 0xe8000055
Hacked by Chroniccommand
  
  +
* kAMDStageCreationFailedError = 0xe8000056
Hacked by Chroniccommand
  
  +
* kAMDSymlinkFailedError = 0xe8000057
Hacked by Chroniccommand
  
  +
* kAMDiTunesArtworkCaptureFailedError = 0xe8000058
Hacked by Chroniccommand
  
  +
* kAMDiTunesMetadataCaptureFailedError = 0xe8000059
Hacked by Chroniccommand
  
  +
* kAMDAlreadyArchivedError = 0xe800005a
Hacked by Chroniccommand
  
  +
* kAMDProhibitedBySupervision = 0xe8000083
Hacked by Chroniccommand
  
  +
Hacked by Chroniccommand
  
  +
For the latest error codes you can look at the pseudo-code of AMDErrorString
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  
Hacked by Chroniccommand
  

Latest revision as of 13:18, 24 January 2020

MobileDevice Library is used by iTunes to transfer data between iPhone and computer over both USB and WiFi connections.

Windows: iTunesMobileDevice.dll

  • Location: C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (Program Files (x86) on 64-bit)
  • Supporting CoreFoundation.dll (used for CFStringRef, CFPropertyListRef management) is located in the same dir (when using iTunes prior 9.0).
  • For iTunes 9.0, the location of CoreFoundation.dll is stored in InstallDir registry value under HKLM\SOFTWARE\Apple Inc.\Apple Application Support registry key.

Mac OS X: MobileDevice.framework

  • Location: /System/Library/PrivateFrameworks/MobileDevice.framework
  • Export command: nm /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice

Library Interfaces

  • libimobiledevice (provides the same functionality on GNU/Linux)
  • mobiledevice (command line utility for interacting with MobileDevice Framework)
  • SDMMobileDevice (OS X framework written in C that can be used interchangeably with Apple's private framework MobileDevice.framework)
  • MobileDeviceAccess (similar to above, but written in Objective-C)
  • MobileDevice.h (old reverse engineered header for interfacing with MobileDevice library)


Private Functions

Obtaining address

In order to obtain the address of a usable private function in MobileDevice, you will have to be able to understand x86-64 assembly to reverse engineer it. These methods differ slightly based on platform due to how dynamically linked libraries handle position independent code.

Mac OS X (MobileDevice.framework)

A private function is not marked as exported in the mach-o symbol table. This means it cannot be called by simply linking against the library. To call unexported functions, the mach-o symbol table must be stepped through manually to find the offset of a particular function call. Calls can be verified by checking against the offset of the name inside the name table.

Windows (MobileDevice.dll)

Unlike OS X's dynamically linkable libraries, Windows dynamic libraries do not support position independent code in the same manner. A private function will not have its name in the exported symbol table, so in a debugger, like GDB, it will show up as part of another function. However, you will know that it is a separate function as a new stack frame is set up.


Known Error Codes

  • kAMDSuccess = 0x0
  • kAMDUndefinedError = 0xe8000001
  • kAMDBadHeaderError = 0xe8000002
  • kAMDNoResourcesError = 0xe8000003
  • kAMDReadError = 0xe8000004
  • kAMDWriteError = 0xe8000005
  • kAMDUnknownPacketError = 0xe8000006
  • kAMDInvalidArgumentError = 0xe8000007
  • kAMDNotFoundError = 0xe8000008
  • kAMDIsDirectoryError = 0xe8000009
  • kAMDPermissionError = 0xe800000a
  • kAMDNotConnectedError = 0xe800000b
  • kAMDTimeOutError = 0xe800000c
  • kAMDOverrunError = 0xe800000d
  • kAMDEOFError = 0xe800000e
  • kAMDUnsupportedError = 0xe800000f
  • kAMDFileExistsError = 0xe8000010
  • kAMDBusyError = 0xe8000011
  • kAMDCryptoError = 0xe8000012
  • kAMDInvalidResponseError = 0xe8000013
  • kAMDMissingKeyError = 0xe8000014
  • kAMDMissingValueError = 0xe8000015
  • kAMDGetProhibitedError = 0xe8000016
  • kAMDSetProhibitedError = 0xe8000017
  • kAMDRemoveProhibitedError = 0xe8000018
  • kAMDImmutableValueError = 0xe8000019
  • kAMDPasswordProtectedError = 0xe800001a
  • kAMDMissingHostIDError = 0xe800001b
  • kAMDInvalidHostIDError = 0xe800001c
  • kAMDSessionActiveError = 0xe800001d
  • kAMDSessionInactiveError = 0xe800001e
  • kAMDMissingSessionIDError = 0xe800001f
  • kAMDInvalidSessionIDError = 0xe8000020
  • kAMDMissingServiceError = 0xe8000021
  • kAMDInvalidServiceError = 0xe8000022
  • kAMDInvalidCheckinError = 0xe8000023
  • kAMDCheckinTimeoutError = 0xe8000024
  • kAMDMissingPairRecordError = 0xe8000025
  • kAMDInvalidActivationRecordError = 0xe8000026
  • kAMDMissingActivationRecordError = 0xe8000027
  • kAMDWrongDroidError = 0xe8000028
  • kAMDSUVerificationError = 0xe8000029
  • kAMDSUPatchError = 0xe800002a
  • kAMDSUFirmwareError = 0xe800002b
  • kAMDProvisioningProfileNotValid = 0xe800002c
  • kAMDSendMessageError = 0xe800002d
  • kAMDReceiveMessageError = 0xe800002e
  • kAMDMissingOptionsError = 0xe800002f
  • kAMDMissingImageTypeError = 0xe8000030
  • kAMDDigestFailedError = 0xe8000031
  • kAMDStartServiceError = 0xe8000032
  • kAMDInvalidDiskImageError = 0xe8000033
  • kAMDMissingDigestError = 0xe8000034
  • kAMDMuxError = 0xe8000035
  • kAMDApplicationAlreadyInstalledError = 0xe8000036
  • kAMDApplicationMoveFailedError = 0xe8000037
  • kAMDApplicationSINFCaptureFailedError = 0xe8000038
  • kAMDApplicationSandboxFailedError = 0xe8000039
  • kAMDApplicationVerificationFailedError = 0xe800003a
  • kAMDArchiveDestructionFailedError = 0xe800003b
  • kAMDBundleVerificationFailedError = 0xe800003c
  • kAMDCarrierBundleCopyFailedError = 0xe800003d
  • kAMDCarrierBundleDirectoryCreationFailedError = 0xe800003e
  • kAMDCarrierBundleMissingSupportedSIMsError = 0xe800003f
  • kAMDCommCenterNotificationFailedError = 0xe8000040
  • kAMDContainerCreationFailedError = 0xe8000041
  • kAMDContainerP0wnFailedError = 0xe8000042
  • kAMDContainerRemovalFailedError = 0xe8000043
  • kAMDEmbeddedProfileInstallFailedError = 0xe8000044
  • kAMDErrorError = 0xe8000045
  • kAMDExecutableTwiddleFailedError = 0xe8000046
  • kAMDExistenceCheckFailedError = 0xe8000047
  • kAMDInstallMapUpdateFailedError = 0xe8000048
  • kAMDManifestCaptureFailedError = 0xe8000049
  • kAMDMapGenerationFailedError = 0xe800004a
  • kAMDMissingBundleExecutableError = 0xe800004b
  • kAMDMissingBundleIdentifierError = 0xe800004c
  • kAMDMissingBundlePathError = 0xe800004d
  • kAMDMissingContainerError = 0xe800004e
  • kAMDNotificationFailedError = 0xe800004f
  • kAMDPackageExtractionFailedError = 0xe8000050
  • kAMDPackageInspectionFailedError = 0xe8000051
  • kAMDPackageMoveFailedError = 0xe8000052
  • kAMDPathConversionFailedError = 0xe8000053
  • kAMDRestoreContainerFailedError = 0xe8000054
  • kAMDSeatbeltProfileRemovalFailedError = 0xe8000055
  • kAMDStageCreationFailedError = 0xe8000056
  • kAMDSymlinkFailedError = 0xe8000057
  • kAMDiTunesArtworkCaptureFailedError = 0xe8000058
  • kAMDiTunesMetadataCaptureFailedError = 0xe8000059
  • kAMDAlreadyArchivedError = 0xe800005a
  • kAMDProhibitedBySupervision = 0xe8000083

For the latest error codes you can look at the pseudo-code of AMDErrorString

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=MobileDevice_Library&oldid=98886"