playing with simbl - mobile jazz inspirational talks

December 15th, 2014

Playing with SIMBL

What is SIMBL?

SIMple Bundle Loader

3

SIMBL  loads  an  NSBundle  in  a  running  applica5on  process  Mac  OS  X  only  (no  iOS,  sorry)  Objec5ve-­‐C  only  (No  SwiB!)

SIMple Bundle Loader

4

erm…  NSBundle?

Objective-C

Objective-C’s dynamic nature

6

Objec5ve-­‐C:  All available classes are in a set Classes are dictionaries of methods

As  a  consequence:  Dynamic loading: loading new classes in the application’s “context” Categories: adding new methods to existing classes Method swizzling: exchange implementations of a method

Until the last consequences

NSBundle you said?

7

From  Apple  docs:  An  NSBundle  object  represents  a  loca%on  in  the  file  system  that  groups  code  and  resources  that  can  be  used  in  a  program.  NSBundle  objects  locate  program  resources,  dynamically  load  and  unload  executable  code,  and  assist  in  localiza;on.  You  build  a  bundle  in  Xcode  using  one  of  these  project  types:  Applica;on,  Framework,  plug-­‐ins.

You’re already using NSBundles

Using SIMBL

SIMBL and NSBundle

9

SIMBL:  Runs  as  a  daemon  in  the  system  Watches  for  new  processes  to  be  launched  by  launchd  

This is done by observing NSWorkspace

Hooks  in  the  applica5on’s  process  and  loads  your  bundle  Uses the ScriptingBridge interface, SBApplication

SIMBL mixes your NSBundle with the application’s ones

The entry point

10

PrincipalClass and +load

NSBundles  have  an  Info.plist  file  Bundle version Principal class: The principal class typically controls all the other classes in the bundle; it should mediate between those classes and classes external to the bundle SIMBLTargetApplications: custom key to indicate applications where you want the bundle loaded by SIMBL

+load  method  is  called  whenever  any  class  is  loaded  in  an  applica5on’s  address  space  

SIMBL  plugins  use  +load  in  the  Principal  Class  to  ini5alise

Your hooking points

11

Singletons  [NSApplication sharedApplication] [NSNotificationCenter defaultCenter] [NSHTTPCookieStorage sharedHTTPCookieStorage],…

Well-­‐known  classes  (by  method  swizzling)  NSWindow,…

Classes  found  by  introspec5on  Open source code Debugging the process

Example project

12

demo  https://github.com/rs/SafariTabSwitching

Useful tools

Running and debugging in Xcode

14

Run  Script  build  phase  to  install  your  project,  run  your  target  applica5on  and  aXach  the  debugger  to  it  

https://github.com/iandai/Debug-SIMBL-Plugin

List classes in a binary

15

class-dump

Generates  .h  files  for  all  classes  and  methods  found  in  a  file  hXp://stevenygard.com/projects/class-­‐dump/

List loaded classes at runtime

16

-(void) printClasses { int numClasses; Class * classes = NULL; classes = NULL; numClasses = objc_getClassList(NULL, 0); if (numClasses > 0 ) { classes = (__unsafe_unretained Class *)malloc(sizeof(Class) * numClasses); numClasses = objc_getClassList(classes, numClasses); for (int i = 0; i < numClasses; i++) { Class c = classes[i]; NSLog(@"%s", class_getName(c)); } free(classes); } }

Debug logging all notifications

17

void MyCallBack (CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo) { NSLog(@"name: %@, userinfo: %@", name, userInfo); }

-(void)install { CFNotificationCenterAddObserver(CFNotificationCenterGetLocalCenter(), NULL, MyCallBack, NULL, NULL, CFNotificationSuspensionBehaviorDeliverImmediately); }

Objective-C tracing

18

Console and graphical debugger

hXp://www.dribin.org/dave/blog/archives/2006/04/22/tracing_objc/  

command line: NSObjCMessageLoggingEnabled=YES llvm: call (void)instrumentObjcMessageSends(YES)

dtrace  sudo dtrace -q -n 'objc1234:::entry { printf("%s %s\n", probemod, probefunc); }' // where 1234 is the process ID of the app.

F-Script

19

Console and graphical debugger

hXp://www.fscript.org/  hXp://areciv.com/blog/2014/08/f-­‐script-­‐injec5on-­‐in-­‐mavericks/  (also  works  for  Yosemite)  

Tip: put the Framework under /System, so that you can also get to it from a sandboxed application

Discussion

SIMBL future

21

Doesn’t look that good

SIMBL  project  no  longer  maintained,  not  suppor5ng  sandboxed  applica5ons  EasySIMBL  supports  sandboxed  applica5ons  up  to  Yosemite  SwiB  design  is  not  so  dynamic  

Still compatible with Objective-C to some extent One of the main speed gains is because the classes and methods are statically compiled if possible

Security  concerns  SIMBL allows you to do virtually anything in a process

Reference

22

SIMBL:  https://code.google.com/p/simbl/wiki/ https://github.com/norio-nomura/EasySIMBL

Sample  plugins:  https://github.com/rs/SafariTabSwitching (doesn’t work) https://github.com/inket/cosyTabs (doesn’t work) https://code.google.com/p/greasekit/ (doesn’t work)

Cool  images:  ano.lolcathost.org

Thanks!!

"

mobilejazz.com+34 931 702 770

Jordi Giménez#