iphone4 电话截获
开发环境: iphone4 (ios4.3.2)
使用hook截获系统处理通知事件,然后进行相应的处理来达到截获的效果。目前的截获不是很完美,黑名单中的人打电话时会先出现“嘟.."声之后才会提示所拨打的用户正在通话中……
前提:需要class-dump CoreTelephony framework,并配置hook开发环境
1. 在说截获之前,先说说dlsym的使用
我们通常会在网上看到一些函数具有我们需要的功能,然后我们在class-dump出的头文件中查找去找不到,但是使用grep在framework中确实可以搜索到相应的符号,导致使用上出现一些麻烦。此时我们就可以使用dlsym来从动态库中获取相应的函数。
2. 挂断电话的函数
1 // CoreTelephony framework在系统中的路径
2 #define CTPATH "/XCode4.0andIphoneSDK4.3/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/System/Library/Frameworks/CoreTelephony.framework/CoreTelephony"
3
4 // 挂断电话函数
5 - (BOOL)disconnectCall:(id)call
6 {
7 void *framework = dlopen(CTPATH, RTLD_LAZY);
8 id (*CTCallDisconnect)(id) = dlsym(framework, "CTCallDisconnect");
9 CTCallDisconnect(call);
10 dlclose(framework);
11 return YES;
12 }
CTCallDisconnect为挂断电话的函数,但是却没有在头文件中找到相应的声明,故使用dlsym来获取函数指针,进而来使用该函数。
disconnectCall被我定义在Util.m中,做为一个object clss去使用的,不过最好还是定义成C类型的,比较方便使用。
disconnectCall作为挂断电话的函数在下面的截获实现中会使用到。
dlopen等函数在#include <dlfcn.h>头文件中, dlopen之后一定要dlclose去关闭,否则会出现一些问题。
3. 截获电话通知处理事件
CTCallCenter中有些函数是对电话的状态进行通知的,故对CTCallCenter中的handleNotificationFromConnection进行了处理,代码如下:
1 extern "C" void replaced_CTCallCenter_handleNotificationFromConnection(CTCallCenter *self, SEL cmd, void *arg1, id arg2, id arg3)
2 {
3 // NSLog(@"------------------------------------------replaced_CTCallCenter_handleNotificationFromConnection, arg1 = %@, arg2 = %@, arg3 = %@", arg1, arg2, arg3);
4
5 // NSLog(@"------------arg2Type = %@, arg3Type = %@", NSStringFromClass([arg2 class]), NSStringFromClass([arg3 class]));
6
7 NSDictionary *dic = (NSDictionary *)arg3;
8
9 // 此处获得电话状态,CTCallStateDialing, CTCallStateIncoming, CTCallStateConnected, CTCallStateDisconnected等,定义在CTCallCenter.h(非class-dump的头文件)中
10 NSLog(@"-------kCTCallStatus = %@", [dic objectForKey:@"kCTCallStatus"]);
11
12 NSLog(@"--------currentCalls = %@, callEventHandler = %@", self.currentCalls, self.callEventHandler);
13
14 // 获得CTCall对象
15 CTCall *call = [dic objectForKey:@"kCTCall"];
16
17 // NSLog(@"------callId = %@, callState = %@", call.callID, call.callState);
18
19 // 这里可以根据kCTCallStatus来判断需要进行的操作
20 if (call.callState == CTCallStateDialing)
21 {
22 NSLog(@"Call has been CTCallStateDialing");
23 }
24 else if (call.callState == CTCallStateIncoming)
25 {
26 NSLog(@"Call has just been CTCallStateIncoming");
27 //这儿可接可挂
28 // 挂断电话
29 BOOL flag = [Util disconnectCall:call];
30 NSLog(@"----------------是否挂断. flag = %d", flag);
31 }
32 else if(call.callState == CTCallStateConnected)
33 {
34 NSLog(@"Call is CTCallStateConnected");
35 }
36 else if (call.callState == CTCallStateDisconnected)
37 {
38 NSLog(@"Call is CTCallStateDisconnected");
39 }
40 else
41 {
42
43 NSLog(@"None of the conditions");
44
45 }
46
47 original_CTCallCenter_handleNotificationFromConnection(self, cmd, arg1, arg2, arg3);
48 }
上面的代码会对所有的电话都进行过滤处理,电话也都打不进来的,但是会留下一个未接电话。
此处只是提供一个思路,具体的截获需要对传进来的参数等等进行一些解析,并提供一些细致的处理。
在CoreTelephony framework中还含有其他的一些函数,例如对于电话状态改变等等的都可以去细致的研究下,相信会有很大的收获
http://www.cnblogs.com/ydhliphonedev/archive/2011/10/24/2223242.html
http://blog.csdn.net/laigb/article/details/6623068
extern NSString* const kCTSMSMessageReceivedNotification;
extern NSString* const kCTSMSMessageReplaceReceivedNotification;
extern NSString* const kCTSIMSupportSIMStatusNotInserted;
extern NSString* const kCTSIMSupportSIMStatusReady;
typedef struct __CTCall CTCall;
extern NSString *CTCallCopyAddress(void*, CTCall *);
void* CTSMSMessageSend(id server,id msg);
typedef struct __CTSMSMessage CTSMSMessage;
NSString *CTSMSMessageCopyAddress(void *, CTSMSMessage *);
NSString *CTSMSMessageCopyText(void *, CTSMSMessage *);
int CTSMSMessageGetRecordIdentifier(void * msg);
NSString * CTSIMSupportGetSIMStatus();
NSString * CTSIMSupportCopyMobileSubscriberIdentity();
id CTSMSMessageCreate(void* unknow/*always 0*/,NSString* number,NSString* text);
void * CTSMSMessageCreateReply(void* unknow/*always 0*/,void * forwardTo,NSString* text);
id CTTelephonyCenterGetDefault(void);
void CTTelephonyCenterAddObserver(id,id,CFNotificationCallback,NSString*,void*,int);
void CTTelephonyCenterRemoveObserver(id,id,NSString*,void*);
int CTSMSMessageGetUnreadCount(void);
static void callback(CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo)
{
NSString *notifyname=(NSString *)name;
if ([notifyname isEqualToString:@"kCTCallStatusChangeNotification"])//电话
{
NSDictionary *info = (NSDictionary*)userInfo;
NSString *state=[[info objectForKey:@"kCTCallStatus"] stringValue];
if ([state isEqualToString:@"5"])//disconnect
NSLog(@"未接:%@",state);
}
else if ([notifyname isEqualToString:@"kCTCallIdentificationChangeNotification"])
{
// CTCallCenter *center = [[CTCallCenter alloc] init];
// center.callEventHandler = ^(CTCall *call) {
// NSLog(@"call:%@", [call description]);
// };
NSDictionary *info = (NSDictionary *)userInfo;
CTCall *call = (CTCall *)[info objectForKey:@"kCTCall"];
NSString *caller = CTCallCopyAddress(NULL, call);
NSLog(@"电话号码:%@",caller);
//CTCallDisconnect(call);
/* or one of the following functions: CTCallAnswer
CTCallAnswerEndingActive
CTCallAnswerEndingAllOthers
CTCallAnswerEndingHeld
*/
}
else if ([notifyname isEqualToString:@"kCTRegistrationDataStatusChangedNotification"])
{
}
else if ([notifyname isEqualToString:@"kCTSMSMessageReceivedNotification"])
{//api 已过期
if ([[(NSDictionary *)userInfo allKeys]
containsObject:@"kCTSMSMessage"]) // SMS Message
{
CTSMSMessage *message = (CTSMSMessage *)
[(NSDictionary *)userInfo objectForKey:@"kCTSMSMessage"];
NSString *address = CTSMSMessageCopyAddress(NULL, message);
NSString *text = CTSMSMessageCopyText(NULL, message);
//NSArray *lines = [text componentsSeparatedByString:@"\n"];
//printf(" %s %d\n", [address cString], [lines count]);
//printf(" %s\n", [text cString]);
fflush(stdout);
}
}
else if ([notifyname isEqualToString:@"kCTMessageReceivedNotification"])//收到短信
{
/*
kCTMessageIdKey = "-2147483636";
kCTMessageTypeKey = 1;
*/
NSDictionary *info = (NSDictionary *)userInfo;
CFNumberRef msgID = (CFNumberRef)[info objectForKey:@"kCTMessageIdKey"];
int result;
CFNumberGetValue((CFNumberRef)msgID, kCFNumberSInt32Type, &result);
/*
Class CTMessageCenter = NSClassFromString(@"CTMessageCenter");
id mc = [CTMessageCenter sharedMessageCenter];
id incMsg = [mc incomingMessageWithId: result];
int msgType = (int)[incMsg messageType];
if (msgType == 1) //experimentally detected number
{
id phonenumber = [incMsg sender];
NSString *senderNumber = (NSString *)[phonenumber canonicalFormat];
id incMsgPart = [[incMsg items] objectAtIndex:0];
NSData *smsData = [incMsgPart data];
NSString *smsText = [[NSString alloc] initWithData:smsData encoding:NSUTF8StringEncoding];
}
*/
}
else if ([notifyname isEqualToString:@"kCTIndicatorsSignalStrengthNotification"])//信号
{
/*
kCTIndicatorsGradedSignalStrength = 2;
kCTIndicatorsRawSignalStrength = "-101";
kCTIndicatorsSignalStrength = 19;
*/
}
else if ([notifyname isEqualToString:@"kCTRegistrationStatusChangedNotification"])//网络注册状态
{
/*
kCTRegistrationInHomeCountry = 1;
kCTRegistrationStatus = kCTRegistrationStatusRegisteredHome;
*/
}
else if ([notifyname isEqualToString:@"kCTRegistrationDataStatusChangedNotification"])
{
/*
kCTRegistrationDataActive = 1;
kCTRegistrationDataAttached = 1;
kCTRegistrationDataConnectionServices = (
kCTDataConnectionServiceTypeInternet,
kCTDataConnectionServiceTypeWirelessModemTraffic,
kCTDataConnectionServiceTypeWirelessModemAuthentication
);
kCTRegistrationDataContextID = 0;
kCTRegistrationDataIndicator = kCTRegistrationDataIndicator3G;
kCTRegistrationDataStatus = kCTRegistrationDataStatusAttachedAndActive;
kCTRegistrationDataStatusInternationalRoaming = 1;
kCTRegistrationRadioAccessTechnology = kCTRegistrationRadioAccessTechnologyUTRAN;
*/
}
else if ([notifyname isEqualToString:@"kCTRegistrationCellChangedNotification"])
{
/*
kCTRegistrationGsmCellId = 93204174;
kCTRegistrationGsmLac = 55583;
kCTRegistrationInHomeCountry = 1;
kCTRegistrationRadioAccessTechnology = kCTRegistrationRadioAccessTechnologyUTRAN;
*/
}
else if ([notifyname isEqualToString:@"kCTIndicatorRadioTransmitNotification"])
{
/*
kCTRadioTransmitDCHStatus = 1;
*/
}
//int unread=CTSMSMessageGetUnreadCount();
//if (unread>0)
//NSLog(@"未读短信:%d",unread);
NSLog(@"名字:%@-详细:%@",notifyname,userInfo);
}
static void signalHandler(int sigraised)
{
printf("\nInterrupted.\n");
exit(0);
}
执行
id ct = CTTelephonyCenterGetDefault();
CTTelephonyCenterAddObserver(ct, NULL, callback, NULL, NULL, CFNotificationSuspensionBehaviorHold);
// Handle Interrupts
sig_t oldHandler = signal(SIGINT, signalHandler);
if (oldHandler == SIG_ERR)
{
printf("Could not establish new signal handler");
exit(1);
}
// Run loop lets me catch notifications
printf("Starting run loop and watching for notification.\n");
//CFRunLoopRun();