playing with simbl - mobile jazz inspirational talks
TRANSCRIPT
December 15th, 2014
Playing with SIMBL
What is SIMBL?
SIMple Bundle Loader
3
SIMBL loads an NSBundle in a running applica5on process Mac OS X only (no iOS, sorry) Objec5ve-‐C only (No SwiB!)
SIMple Bundle Loader
4
erm… NSBundle?
Objective-C
Objective-C’s dynamic nature
6
Objec5ve-‐C: All available classes are in a set Classes are dictionaries of methods
As a consequence: Dynamic loading: loading new classes in the application’s “context” Categories: adding new methods to existing classes Method swizzling: exchange implementations of a method
Until the last consequences
NSBundle you said?
7
From Apple docs: An NSBundle object represents a loca%on in the file system that groups code and resources that can be used in a program. NSBundle objects locate program resources, dynamically load and unload executable code, and assist in localiza;on. You build a bundle in Xcode using one of these project types: Applica;on, Framework, plug-‐ins.
You’re already using NSBundles
Using SIMBL
SIMBL and NSBundle
9
SIMBL: Runs as a daemon in the system Watches for new processes to be launched by launchd
This is done by observing NSWorkspace
Hooks in the applica5on’s process and loads your bundle Uses the ScriptingBridge interface, SBApplication
SIMBL mixes your NSBundle with the application’s ones
The entry point
10
PrincipalClass and +load
NSBundles have an Info.plist file Bundle version Principal class: The principal class typically controls all the other classes in the bundle; it should mediate between those classes and classes external to the bundle SIMBLTargetApplications: custom key to indicate applications where you want the bundle loaded by SIMBL
+load method is called whenever any class is loaded in an applica5on’s address space
SIMBL plugins use +load in the Principal Class to ini5alise
Your hooking points
11
Singletons [NSApplication sharedApplication] [NSNotificationCenter defaultCenter] [NSHTTPCookieStorage sharedHTTPCookieStorage],…
Well-‐known classes (by method swizzling) NSWindow,…
Classes found by introspec5on Open source code Debugging the process
Example project
12
demo https://github.com/rs/SafariTabSwitching
Useful tools
Running and debugging in Xcode
14
Run Script build phase to install your project, run your target applica5on and aXach the debugger to it
https://github.com/iandai/Debug-SIMBL-Plugin
List classes in a binary
15
class-dump
Generates .h files for all classes and methods found in a file hXp://stevenygard.com/projects/class-‐dump/
List loaded classes at runtime
16
-(void) printClasses { int numClasses; Class * classes = NULL; classes = NULL; numClasses = objc_getClassList(NULL, 0); if (numClasses > 0 ) { classes = (__unsafe_unretained Class *)malloc(sizeof(Class) * numClasses); numClasses = objc_getClassList(classes, numClasses); for (int i = 0; i < numClasses; i++) { Class c = classes[i]; NSLog(@"%s", class_getName(c)); } free(classes); } }
Debug logging all notifications
17
void MyCallBack (CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo) { NSLog(@"name: %@, userinfo: %@", name, userInfo); }
-(void)install { CFNotificationCenterAddObserver(CFNotificationCenterGetLocalCenter(), NULL, MyCallBack, NULL, NULL, CFNotificationSuspensionBehaviorDeliverImmediately); }
Objective-C tracing
18
Console and graphical debugger
hXp://www.dribin.org/dave/blog/archives/2006/04/22/tracing_objc/
command line: NSObjCMessageLoggingEnabled=YES llvm: call (void)instrumentObjcMessageSends(YES)
dtrace sudo dtrace -q -n 'objc1234:::entry { printf("%s %s\n", probemod, probefunc); }' // where 1234 is the process ID of the app.
F-Script
19
Console and graphical debugger
hXp://www.fscript.org/ hXp://areciv.com/blog/2014/08/f-‐script-‐injec5on-‐in-‐mavericks/ (also works for Yosemite)
Tip: put the Framework under /System, so that you can also get to it from a sandboxed application
Discussion
SIMBL future
21
Doesn’t look that good
SIMBL project no longer maintained, not suppor5ng sandboxed applica5ons EasySIMBL supports sandboxed applica5ons up to Yosemite SwiB design is not so dynamic
Still compatible with Objective-C to some extent One of the main speed gains is because the classes and methods are statically compiled if possible
Security concerns SIMBL allows you to do virtually anything in a process
Reference
22
SIMBL: https://code.google.com/p/simbl/wiki/ https://github.com/norio-nomura/EasySIMBL
Sample plugins: https://github.com/rs/SafariTabSwitching (doesn’t work) https://github.com/inket/cosyTabs (doesn’t work) https://code.google.com/p/greasekit/ (doesn’t work)
Cool images: ano.lolcathost.org
