Name: iOSREGetMyNumber
Depends: mobilesubstrate, firmware (>= 8.0)
Version: 1.0
Architecture: iphoneos-arm
Description: Get my number just like MobilePhoneSettings!
Maintainer: snakeninny
Author: snakeninny
Section: Tweaks
Homepage: http://bbs.iosre.com- Test
Compile and install the tweak on iOS, then launch Preferences without entering
MobilePhoneSettings. After that, ssh into iOS and take a look at the syslog:
FunMaker-5:~ root# grep iOSRE: /var/log/syslog
Nov 29 23:23:01 FunMaker-5 Preferences[2078]: iOSRE: my number = +86PhoneNumber- P.S.
I have set the region of my iPhone 5 to US, so
PhoneSettingsCopyFormattedNumberBySIMCountry has formatted my number from
“+86PhoneNumber” to “+86 Pho-neNu-mber”, which is the American phone number format.
You’ll run into CTSettingCopyMyPhoneNumber more frequently as you reverse more.
Actually, the prototype of CTSettingCopyMyPhoneNumber should be:
CFStringRef CTSettingCopyMyPhoneNumber(void);Since NSString * and CFStringRef are toll-free bridged, our prototype is OK.
Because there is a keyword “copy” in the name of CTSettingCopyMyPhoneNumber and it
returns a CoreData object, we are responsible to release the return value according to Apple’s
“Ownership Policy”.
In this section, we have shed considerable light to refine “locate target functions” with ARM
level reverse engineering and enhanced the methodology of writing a tweak. Specifically, we’ve
divided “locate target functions” into 2 steps, i.e. “cut into the target App and find the UI
function” and “locate the target function from the UI function”. By combining Cycript, IDA and
LLDB, we have not only located the target functions, but also analyzed their arguments and
return values to reconstruct their prototypes. The methodology we used in the examples can
work on at least 95% of all Apps; however, if you unfortunately encounter those 5%, please
share and discuss with us on http://bbs.iosre.com.