iPhone Honeypot Project

June 8, 2010

GCC on the iPhone

Filed under: Cydia,gcc,libpcap,upgrade — abnev @ 12:03 am
Tags: , , , , ,

Originally, before upgrading to 3.1.3, it was possible to download and install GUN C Compiler via Cydia which worked without a problem. It was also possible to install libpcap via Cydia and a test was conducted to access the wireless interface. Inspecting ‘ifconfig’ while connected to my home network allowed me to identify the network interface of interest.

abnev-ip1:~ mobile$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
ether f8:1e:df:ad:ec:5a
pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450
inet 10.52.79.5 –> 10.52.79.5 netmask 0xffffffff
pdp_ip1: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024
pdp_ip2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024
pdp_ip3: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024
en1: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 0a:0b:ad:0b:ab:e0

This again matches the same as OSX. Writing some quick C code a test was conducted with success.

#include <stdio.h>
#include <pcap.h>

int main(int argc, char *argv[])
{
pcap_t *handle; /* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
struct bpf_program fp; /* The compiled filter */
char filter_exp[] = "port 23"; /* The filter expression */
bpf_u_int32 mask; /* Our netmask */
bpf_u_int32 net; /* Our IP */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */

/* Define the device */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
/* Find the properties for the device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", somedev, errbuf);
return(2);
}
/* Compile and apply the filter */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
/* Grab a packet */
packet = pcap_next(handle, &header);
/* Print its length */
printf("Jacked a packet with length of [%d]\n", header.len);
/* And close the session */
pcap_close(handle);
return(0);
}

This successfully captured and printed the packet length. However, since the upgrade to 3.1.3 this is no longer available. Further investigation showed that libgcc support was removed and is no longer available for the latest version. Following some threads, a google project was found which aims to port gcc over to the iPhone. http://code.google.com/p/iphone-gcc/wiki/Installing. In the mean time, a meeting has been set up with the supervisor (Stephen Blott) to discuss the various approaches I’d like to take towards the development of this project.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: