This repository has been archived by the owner on Apr 17, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathfake.js
92 lines (82 loc) · 2.74 KB
/
fake.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/*
* usage: frida -U Maps -l fake.js
*/
function fakeWithOrigin(location) {
if (location.handle.isNull())
return location;
const CLLocationDegrees = (Process.pointerSize === 4) ? 'float' : 'double';
const CLLocationCoordinate2D = [CLLocationDegrees, CLLocationDegrees];
const CLLocationCoordinate2DMake = new NativeFunction(
Module.findExportByName('CoreLocation', 'CLLocationCoordinate2DMake'),
CLLocationCoordinate2D, [CLLocationDegrees, CLLocationDegrees]);
// Las Cataratas del Iguazú, the other side of earth :)
const fake = CLLocationCoordinate2DMake(-25.6952541, -54.4388549);
const newLocation = ObjC.classes.CLLocation.alloc();
newLocation['- initWithCoordinate:' +
'altitude:' +
'horizontalAccuracy:' +
'verticalAccuracy:' +
'course:' +
'speed:' +
'timestamp:'](
fake,
location.altitude(),
location.horizontalAccuracy(),
location.verticalAccuracy(),
location.course(),
location.speed(),
location.timestamp()
);
return newLocation;
}
const hooked = {};
const callbacks = {
'- locationManager:didUpdateToLocation:fromLocation:': function(args) {
console.log('- locationManager:didUpdateToLocation:fromLocation:',
new ObjC.Object(args[3]),
new ObjC.Object(args[4]));
const to = new ObjC.Object(args[3]);
const from = new ObjC.Object(args[4]);
args[3] = fakeWithOrigin(to);
args[4] = fakeWithOrigin(from);
},
'- locationManager:didUpdateLocations:': function(args) {
const newArray = ObjC.classes.NSMutableArray.alloc().init();
const array = new ObjC.Object(args[3]);
const count = array.count().valueOf();
for (var i = 0; i !== count; i++) {
const location = array.objectAtIndex_(i);
const newLocation = fakeWithOrigin(location);
newArray.addObject_(newLocation);
}
args[3] = newArray.copy();
},
'- locationManager:didUpdateHeading:': function(args) {
console.log('- locationManager:didUpdateHeading:',
new ObjC.Object(args[3]));
}
};
[
'- startUpdatingLocation',
'- startUpdatingHeading', // heading is unavailable on macOS
'- requestLocation'
].forEach(function(methodName) {
if (!(methodName in ObjC.classes.CLLocationManager))
return;
Interceptor.attach(ObjC.classes.CLLocationManager[methodName].implementation, {
onEnter: function(args) {
const delegate = new ObjC.Object(args[0]).delegate();
const className = delegate.$className;
if (hooked[className]) return;
const clazz = ObjC.classes[className];
for (var sel in callbacks) {
if (sel in clazz) {
Interceptor.attach(clazz[sel].implementation, {
onEnter: callbacks[sel]
});
}
}
hooked[className] = true;
}
});
});