0

There are a bunch of launch daemons and agents running on an osx machine which support xpc. To see whether they support IPC over xpc, I look for any xpc functions, particularly xpc_connection_create. My understanding is that in order to speak with these processes, a dictionary has to be made through the xpc api which is then passed to the advertised com.* service. Instead of passing in random stuff, is there any way to see what the arguments of the dictionary should be per process?

If I have any of the above logic wrong, please feel free to correct it. Any advice or comment is helpful, thanks.

daybreak
  • 181
  • 1
  • 8

2 Answers2

1

XPC connections are used to create a connection with an XPC service or to do IPC with another process that advertises a mach service.

"xpc_connection_create" creates the connection which you use to send messages to the other peer of the connection. The protocol of the communication should be defined, and therefore, usually the two peers are owned by the same party.

In other words, if you don't own these daemons/agents, and if there is no public documentation about the protocol of the communication with it (whether it's over XPC or not). It will be almost impossible to do IPC with these processes.

Samir
  • 627
  • 4
  • 9
  • In terms of the strings used in the XPC communication and dictionaries, are they serialized at compile time or can they be pulled out from a binary? – daybreak Aug 28 '12 at 16:11
  • Not sure what you mean by serialized at compile time. An XPC connection message is always an XPC object, which is the XPC serialization of the message. You define the protocol of communication (at compile time), but the serialization itself happens at runtime. – Samir Aug 28 '12 at 20:15
  • Thank you for the help. It seems that trying to analyze the server code looking for comparisons on deserialized strings would be impractical for this – daybreak Aug 28 '12 at 22:05
0

The above answer is, at best, incorrect, and at worst, wrong.

While it is true that the two peers SHOULD be owned by same party, that is not the case. A host of Apple's daemons do communicate over XPC, and the only question is, then, are they reachable from the confines of the sandbox. A surprising number is. Hardly 'almost impossible' - very possible, and very useful for debugging and tweaking beyond Apple documentation.

To get the protocol, you can create a library that will interpose xpc_connection_send_message_[with_reply/syc], and then use DYLD_INSERT_LIBRARIES. You will get a full dump of the dictionary this way.

Technologeeks
  • 7,674
  • 25
  • 36