Scribd
Upload
348 views2 pages

Tweak

This document contains code to spoof device identifiers on iOS. It hooks the IORegistryEntryCreateCFProperty and MGCopyAnswer functions to return spoofed values for the device's serial number, IMEI, MEID, and other identifiers when those values are requested, instead of the real identifiers. The spoofed values are read from a plist file. Logging messages are added to indicate when identifiers are being spoofed.

Uploaded by

Brayan Villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
348 views2 pages

Tweak

This document contains code to spoof device identifiers on iOS. It hooks the IORegistryEntryCreateCFProperty and MGCopyAnswer functions to return spoofed values for the device's serial number, IMEI, MEID, and other identifiers when those values are requested, instead of the real identifiers. The spoofed values are read from a plist file. Logging messages are added to indicate when identifiers are being spoofed.

Uploaded by

Brayan Villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

#import "substrate.

h"
#import <Foundation/Foundation.h>
#import <CoreFoundation/CoreFoundation.h>
#import <UIKit/UIKit.h>
#import "IOKit/IOKit.h"
#import "MobileGestalt.h"

CFTypeRef (*origIORegistryEntryCreateCFProperty) ( io_registry_entry_t entry,


CFStringRef key, CFAllocatorRef allocator, IOOptionBits options );

CFTypeRef hookedIORegistryEntryCreateCFProperty ( io_registry_entry_t entry,


CFStringRef key, CFAllocatorRef allocator, IOOptionBits options )
{
NSDictionary *dictionary = [NSDictionary
dictionaryWithContentsOfFile:@"/fail/fuckeveryone.plist"];
NSString *sn_plist = [dictionary objectForKey:@"SerialNumber"];

CFStringRef SerialNumber = (CFStringRef) sn_plist;

if(!CFStringCompare(key, CFSTR("IOPlatformSerialNumber"), 0))


{
NSLog(@"You've successfully spoofed your IOPlatformSerialNumber");
return SerialNumber;
}
else
{
NSLog(@"The orignal IOPLatformSerialNumber is %@", key);
NSLog(@"IOkit returned: %@", origIORegistryEntryCreateCFProperty(entry, key,
allocator, options));
return origIORegistryEntryCreateCFProperty(entry, key, allocator, options);
}

CFPropertyListRef (*orig_MGCopyAnswer)(CFStringRef key);//hook MGCopyAnswer


CFPropertyListRef hooked_MGCopyAnswer(CFStringRef key)
{
NSDictionary *dictionary = [NSDictionary
dictionaryWithContentsOfFile:@"/fail/fuckeveryone.plist"];
NSString *imei_plist = [dictionary objectForKey:@"Imei"];
NSString *serial_plist = [dictionary objectForKey:@"SerialNumber"];
NSString *meid_plist = [dictionary objectForKey:@"MobileEquipmentIdentifier"];
NSString *UniqueChipID_plist = [dictionary objectForKey:@"UniqueChipID"];

CFStringRef InternationalMobileEquipmentIdentity = (CFStringRef) imei_plist;


CFStringRef SerialNumber = (CFStringRef) serial_plist;
CFStringRef MobileEquipmentIdentifier = (CFStringRef) meid_plist;
CFStringRef UniqueChipID = (CFStringRef) UniqueChipID_plist;

if(!CFStringCompare(key, CFSTR("InternationalMobileEquipmentIdentity"), 0))


{
NSLog(@"Gestalt Key Spoofed: IMEI");
return InternationalMobileEquipmentIdentity;
}
else if(!CFStringCompare(key, CFSTR("SerialNumber"), 0))
{
NSLog(@"Gestalt Key Spoofed: SerialNumber");
return SerialNumber;
}
else if(!CFStringCompare(key, CFSTR("MobileEquipmentIdentifier"), 0))
{
NSLog(@"Gestalt Key Spoofed: MobileEquipmentIdentifier");
return MobileEquipmentIdentifier;
}
else if(!CFStringCompare(key, CFSTR("UniqueChipID"), 0))
{
NSLog(@"Gestalt Key Spoofed: UniqueChipID");
return UniqueChipID;
}
else
{
NSLog(@"Gestalt Key: %@ ",key);
NSLog(@"Gestalt Key Original Value: %@ ", orig_MGCopyAnswer(key) );
return orig_MGCopyAnswer(key);
}
}

__attribute__((constructor)) static void initialize() {


MSHookFunction(MGCopyAnswer, hooked_MGCopyAnswer,&orig_MGCopyAnswer);
MSHookFunction(IORegistryEntryCreateCFProperty,
hookedIORegistryEntryCreateCFProperty,&origIORegistryEntryCreateCFProperty);
}

You might also like