From 48e124c8c16087b891c9962770692e1016bff27f Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:53:10 -0700 Subject: [PATCH 1/9] docs rewording - rephrase sentence about lockdownd --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index 77172fce8..c2bbb2da0 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -87,7 +87,7 @@ will we wish to connect to? Probably to [`lockdownd`](#lockdownd). ## lockdownd -The `lockdownd` is daemon that listens on the hard-coded TCP port 62078. It has 3 main purposes: +`lockdownd` is a daemon that listens on the hard-coded TCP port 62078. It has 3 main purposes: - Query general device information (ProductVersion, UDID, ...) - Pairing From 21b3fcea1425901d36d11916f068becbc1130eb3 Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:54:04 -0700 Subject: [PATCH 2/9] docs rewording - rephrase itunes install sentence - remove the possessive on iTunes - let the installations be itunes installations instead of owned by multiple itunes - change includes to include to fit the pluralization --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index c2bbb2da0..3ce08bfb5 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -74,7 +74,7 @@ for device in usbmux_devices: On a macOS workstation this daemon is builtin. On other platforms however you'll need an external tool for that: - Windows - - iTunes' installations includes "Apple Mobile Service" to perform the same thing + - iTunes installations include "Apple Mobile Service" to perform the same thing - This version exposes the same API as `usbmuxd`, but over TCP port 27015 - Linux - From b67e43a27f87eea59ea5ec8fe38e24173f268f0b Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:55:53 -0700 Subject: [PATCH 3/9] docs typo - fix possessive its --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index 3ce08bfb5..3142038a3 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -108,7 +108,7 @@ lockdown = create_using_usbmux(serial='11223344', autopair=False) # Corellium anyone? correlium_lockdown = create_using_usbmux(serial='11223344', autopair=False, usbmux_address='10.11.1.2:5000') -# If the device can be found in our LAN, and we know it's address, we simply connect to it +# If the device can be found in our LAN, and we know its address, we simply connect to it # Please note the device does not allow pairing over LAN, so we must first pair it over USB lockdown = create_using_tcp('192.168.2.7', autopair=False) From 365072f0d31eb17133f19c6e9575cc07f341d99c Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:56:21 -0700 Subject: [PATCH 4/9] docs typo - s/deduct/deduce --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index 3142038a3..bd0e2392c 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -268,7 +268,7 @@ Once the DeveloperMode is on, we can mount the DDI. This however has very much c short, we'll just say you can simply use the following CLI command: ```shell -# This will automatically deduct the correct way to mount the DDI onto your device +# This will automatically deduce the correct way to mount the DDI onto your device # Please note this will require network activity for mounting on iOS 17 pymobiledevice3 mounter auto-mount ``` From 7e8135da4e289eeb96a4e6bb5df523463b0c61f3 Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:57:13 -0700 Subject: [PATCH 5/9] docs reword - consistently use 'into' with delve Swap 'delve as to' with 'delve into' which fits better and is the same form as the other uses of delve in this doc. --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index bd0e2392c..ef5b1d3a6 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -362,7 +362,7 @@ specifically): pymobiledevice3 bonjour rsd ``` -We don't delve too much as to what RSD exposes. For that you may read in: +We don't delve too much into what RSD exposes. For that you may read in: From a0a6d7d572b4b84a6085d9e921f8bba2d29626ad Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 12:58:48 -0700 Subject: [PATCH 6/9] docs reword - remove extra 'both' and reword Reword a clunky sentence by removing an out of place 'both' and trying to clarify what is meant. This might not be the right answer -- created a sentence that means you can access both lockdown and other RemoteXPC services. If this wasn't the desired meaning maybe it should be "all the other lockdown and RemoteXPC services" instead. Also it's possible 'lockdown' should be 'lockdownd' instead. --- misc/understanding_idevice_protocol_layers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index ef5b1d3a6..06c37322f 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -366,8 +366,8 @@ We don't delve too much into what RSD exposes. For that you may read in: -In short, it will allow us to both pair and start a VPN tunnel onto device, where we can access all the other both -lockdown and other RemoteXPC services. As we previously mentioned, starting at iOS 17.0, this is the only way to access +In short, it will allow us to both pair and start a VPN tunnel onto device, where we can access both +lockdown and all the other RemoteXPC services. As we previously mentioned, starting at iOS 17.0, this is the only way to access the developer services. You'll have to start this tunnel using a privileged process, since it requires creating a TUN/TAP device: From 258b1b2f1a151a801b667cb7ea0253a69eae36ed Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 13:03:00 -0700 Subject: [PATCH 7/9] docs typo - remove extra 'all' from sentence --- misc/understanding_idevice_protocol_layers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index 06c37322f..f224fbc10 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -398,7 +398,7 @@ follows: sudo pymobiledevice3 remote start-tunnel -t wifi ``` -This is all nice and all, and as previously mentioned, Apple may have regretted this `remoted` separate pairing, or +This is nice and all, and as previously mentioned, Apple may have regretted this `remoted` separate pairing, or maybe thanks to EU ruling because of the special drivers needed for this pairing, but iOS 17.4 added a new lockdown service, allowing us to just establish this trusted tunnel over our existing lockdown connection - meaning no extra pairing process is required - and the cherry on top is that it's always TCP tunnels, making it MUCH faster. From f0063a37c77f3fa3f7a95f3990964cdc0027e460 Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 13:04:38 -0700 Subject: [PATCH 8/9] docs reword - reword very long sentence The change result is still a very long sentence and could be broken down some more but it as at least a bit shorter and slightly more organized. --- misc/understanding_idevice_protocol_layers.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index f224fbc10..9357881b1 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -398,9 +398,9 @@ follows: sudo pymobiledevice3 remote start-tunnel -t wifi ``` -This is nice and all, and as previously mentioned, Apple may have regretted this `remoted` separate pairing, or -maybe thanks to EU ruling because of the special drivers needed for this pairing, but iOS 17.4 added a new lockdown -service, allowing us to just establish this trusted tunnel over our existing lockdown connection - meaning no extra +This is nice and all but, as previously mentioned, Apple may have regretted this `remoted` separate pairing (perhaps +thanks to EU ruling because of the special drivers needed), because iOS 17.4 added a new lockdown +service allowing us to just establish this trusted tunnel over our existing lockdown connection. This means no extra pairing process is required - and the cherry on top is that it's always TCP tunnels, making it MUCH faster. To do so, simply use: From 519138c871c31eb6255a3c435ded5578779c3f4b Mon Sep 17 00:00:00 2001 From: Collin Green Date: Thu, 12 Sep 2024 13:05:41 -0700 Subject: [PATCH 9/9] docs typo - replace none-standard with non-standard --- misc/understanding_idevice_protocol_layers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/understanding_idevice_protocol_layers.md b/misc/understanding_idevice_protocol_layers.md index 9357881b1..d136ab36e 100644 --- a/misc/understanding_idevice_protocol_layers.md +++ b/misc/understanding_idevice_protocol_layers.md @@ -344,10 +344,10 @@ different pairing logic, leading into two different "Trust/Don't Trust" dialogs the same). Since all this communication is IP-based, but without any additional exported TCP port from the device, `usbmuxd` can't -help us here. Instead, starting at iOS 16.0, when connecting an iDevice, it exports another none-standard USB-Ethernet +help us here. Instead, starting at iOS 16.0, when connecting an iDevice, it exports another non-standard USB-Ethernet adapter (with IPv6 link-local address), placing us in a subnet with the device's `remoted`. -As we've said this communication is none-standard, and requires either: +As we've said this communication is non-standard, and requires either: - macOS Monterey or higher - Special driver on your linux/windows machine