Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ios-device-lib
Advanced tools
JavaScript library, designed to facilitate communication with iOS devices. The library’s interface is Promise-based.
In order to use ios-device-lib
, just add a reference to it in your package.json by executing
$ npm install --save --save-exact ios-device-lib
In your project. Now you are ready to use ios-device-lib
in your project:
const DeviceLib = require("ios-device-lib");
const dl = new DeviceLib.IOSDeviceLib(device => {
console.log("Device FOUND!", device);
dl.install("./app.ipa", [device.deviceId])
.forEach(promise => {
promise.then(response => {
console.log("INSTALL PASSED", response);
}).catch(err => {
console.log("An error occurred ;(", err);
});
});
}, device => {
console.log("Device UPDATED!", device);
}, device => {
console.log("Device LOST!", device);
});
The ios-device-lib
package can be built on either Windows (requires Visual Studio) or macOS (requires Xcode). In order to build the application one should simply open the .sln
or .xcodeproj
file with the respective tool and click build. Whenever building in release configuration, the result binary will end up in bin/<platform-name>/<architecture>
, relative to the root of this repository. For example bin/win32/x64/
or bin/darwin/x64/
. The JavaScript counterpart of the C++ code expects the binaries to be present in those exact locations, so one would have to build at least once prior to using the application.
When you want to release a new version, you should build the binaries for macOS and Windows. To do this, please follow the steps below:
<repo dir>\bin\win32
- you will find two dirs there - ia32
and x64
.ios-device-lib.exe
file.IOSDeviceLib.xcodeproj
<repo dir>/bin/darwin
directory and check if you have x64
dir there with a single binary file in it.<repo dir>/bin/
put the win32
directory that you've copied from your Windows machine.npm pack
- this will produce a new .tgz file..tgz
file in npm
.This application consists of two separate layers - one C++
and one Node.js
. The C++
layer implements the application's business logic, whereas the Node.js
layer exists simply for alleviation. Whenever the Node.js
part is used, it launches the C++
binary and initiates communication with it. This communication consists of requests to the binary via the stdin
pipe and responses from the binary via the stdout
pipe. Currently the stderr
pipe is only used for debugging purposes.
The nature of this way of communication imposes some quirks:
Node.js
layer can distinguish between different messages and match a request with it's response counterpartstdout
(and the stderr
) pipe. Each message is prefixed with a 4 byte header, containing the length of the succeeding message. These 4-byte prefixes appear as peculiar symbols in the console whenever one decides to launch the binary directly. This is necessary as the messages have variable length and in addition it alleviates printing from the C++
code as the strings we want to print might contain NULL
characters which would otherwise terminate printing.In order to use the application directly one can either launch the binary, either directly or from within an IDE, or use the JavaScript API. Whenever using this library make sure that there is at least one actual iOS device attached to the system. This library has no functionality whatsoever without actual devices.
Upon launching the binary it will report all devices currently attached in the following form:
{
"deviceColor": "1",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"deviceName": "iPhone",
"event": "deviceFound",
"productType": "iPhone9,4",
"productVersion": "11.0.3",
"status": "Connected"
}
After that the binary is ready to accept requests via its standart input. Currently each passed message must be on one line, ending with a new line (Enter key) in order for it to be parsed correctly. Each message contains the name of the method, which you'd like to invoke, an identification string and the method's arguments. Messages are processed asynchronously, hence multiple messages can be passed at once. Example messages for the different opperations can be found below:
{
"methods": [
{
"id": "1",
"name": "apps",
"args": [
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
}
]
}
{
"methods": [
{
"id": "2",
"name": "install",
"args": [
"C:\\\apps\\\app.ipa",
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
]
}
]
}
{
"methods": [
{
"id": "3",
"name": "uninstall",
"args": [
"com.sample.MyApp",
[
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
]
]
}
]
}
{
"methods": [
{
"id": "4",
"name": "list",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"path": "Library\\\Application Support
}
]
}
]
}
{
"methods": [
{
"id": "5",
"name": "upload",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"source": "D:\\\Project\\\app.js",
"destination": "Library\\\Application Support\\\LiveSync\\\app\\\app.js"
}
]
}
]
}
{
"methods": [
{
"id": "6",
"name": "delete",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"destination": "Library\\\Application Support\\\LiveSync\\\app\\\app.js"
}
]
}
]
}
{
"methods": [
{
"id": "7",
"name": "read",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"path": "Library\\\Application Support\\\LiveSync\\\app\\\app.js"
}
]
}
]
}
{
"methods": [
{
"id": "8",
"name": "download",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"source": "Library\\\Application Support\\\LiveSync\\\app\\\app.js",
"destination": "D:\\\Downloads\\\app.js"
}
]
}
]
}
{
"methods": [
{
"id": "9",
"name": "log",
"args": [
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
]
}
]
}
{
"methods": [
{
"id": "10",
"name": "postNotification",
"args": [
{
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"commandType": "PostNotification",
"notificationName": "com.sample.MyApp:NativeScript.Debug.AttachAvailabilityQuery"
}
]
}
]
}
{
"methods": [
{
"id": "11",
"name": "postNotification",
"args": [
{
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"commandType": "ObserveNotification",
"notificationName": "com.sample.MyApp:NativeScript.Debug.AttachAvailable"
}
]
}
]
}
{
"methods": [
{
"id": "12",
"name": "awaitNotificationResponse",
"args": [
{
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"socket": 10,
"timeout": 9,
"responseCommandType": "RelayNotification",
"responsePropertyName": "Name"
}
]
}
]
}
{
"methods": [
{
"id": "13",
"name": "start",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
]
}
]
}
{
"methods": [
{
"id": "14",
"name": "stop",
"args": [
{
"appId": "com.sample.MyApp",
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
]
}
]
}
A detailed definition of all the methods can be found here
ios-device-lib
binary it will immediately start a detached thread with a run loop so that it can proactively detect attaching and detaching of devices.{
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"error": {
"code": -402653081,
"deviceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"message": "Could not install application"
},
"id": "1"
}
How does one go about deciphering the error code?
First off you'd need to convert the code to hex (this can easily be done with a calculator application for example). So -402653081
becomes FFFFFFFFE8000067
or E8000067
if we disregard the sign. Using this hex code you can look the error up in this header file. In this example we can see that this is a kAMDAPIInternalError
, hence an internal error.
FAQs
ios-device-lib ==============
The npm package ios-device-lib receives a total of 1,563 weekly downloads. As such, ios-device-lib popularity was classified as popular.
We found that ios-device-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.