Skip to content

Instantly share code, notes, and snippets.

@kasnder
Last active May 12, 2024 20:41
Show Gist options
  • Save kasnder/91a64a555e962d08cd05b52f7114b897 to your computer and use it in GitHub Desktop.
Save kasnder/91a64a555e962d08cd05b52f7114b897 to your computer and use it in GitHub Desktop.
Grant the location permission to an iOS app. More permissions here: https://gist.github.com/kasnder/3eb32449512a4dba4a92949c8d337a92
#!/bin/bash
# Todo: This currently fails to replace an existing entry in the location permission database. Would be better add to the end of the clients.plist file.
# Usage:./grant_ios_location_permission.sh [bundleId]
# Example: ./grant_ios_location_permission.sh com.spotify.client
# Requirements:
# - iOS device with checkra1n jailbreak (tested on 14.8)
# - Installed `sqlite3` on iOS device from Cydia
# - iOS device plugged into computed and forwarded SSH port with `iproxy 2222 44`
# - Installed public ssh key on your device: `ssh-copy-id -p 2222 root@localhost`
if [ -z "$1" ]; then
echo "Please pass bundleId"
exit -1
fi
# Get bundleId from argument (e.g. cn.DGNorya.Norya)
bundleId=$1
# Create backup (-n makes sure to not overwrite existing backup)
ssh -T -p 2222 root@localhost "cp -n /private/var/root/Library/Caches/locationd/clients.plist ~/clients.backup.plist"
# Get path to executable from install logs
executable=`ssh -T -p 2222 root@localhost "cat /private/var/installd/Library/Logs/MobileInstallation/mobile_installation.log.* | grep 'Made container live for $bundleId at /private/var/containers/Bundle/Application/' | sort | tail -n1"`
executable=${executable##*Made container live for $bundleId at }
executable=`ssh -T -p 2222 root@localhost "find $executable/*.app/ -maxdepth 1 -perm -111 -type f -exec readlink -f {} \;"`
# Download binary plist file
scp -P 2222 root@localhost:/private/var/root/Library/Caches/locationd/clients.plist ./clients.old.plist
# Cleanup if exists
rm ./clients.new.xml || true
# Add to downloaded binary plist file
n=0
echo "`plistutil -i ./clients.old.plist -o -`" | while read p ; do
echo "$p" >> ./clients.new.xml
if [[ "$p" =~ '<dict>' && $n = 0 ]]; then
echo "<key>$bundleId</key>
<dict>
<key>Authorization</key>
<integer>2</integer>
<key>BundleId</key>
<string>$bundleId</string>
<key>Executable</key>
<string>$executable</string>
<key>Registered</key>
<string>$executable</string>
<key>SupportedAuthorizationMask</key>
<integer>7</integer>
<key>Whitelisted</key>
<false/>
</dict>" >> ./clients.new.xml
n=1
fi
done
# Convert plist back to binary
plistutil -i ./clients.new.xml -o ./clients.new.plist
echo "Created new clients configuration at ./clients.new.plist"
echo "Now copy this file to your device, as described here: https://kollnig.net/2022/01/app-research-circumventing-permissions/"
# Stop location service
#ssh -T -p 2222 root@localhost "launchctl unload /System/Library/LaunchDaemons/com.apple.locationd.plist"
#sleep 1
# Copy over new plist file
#scp -P 2222 ./clients.new.plist /private/var/root/Library/Caches/locationd/clients.plist
# Start location service
#ssh -T -p 2222 root@localhost "launchctl load /System/Library/LaunchDaemons/com.apple.locationd.plist"
# Cleanup
#rm ./clients.new.plist
@kasnder
Copy link
Author

kasnder commented May 26, 2023

thanks!!

@SmartBoy84
Copy link

Should I expect this to work for cli apps? I was hoping this would allow me to access perms such as location through cli apps.
It doesn't seem to be working on ios 14 and locationManager.authorizationStatus remains restricted.

I know I'm doing it right as it allows me to bypass the prompt in an app.
I'm on 14.4, fugu14.

@SmartBoy84
Copy link

Hm, locationd appends "com.apple.locationd.executable" ahead of executables and not apps?

@kasnder
Copy link
Author

kasnder commented May 26, 2023

Not sure! I think this is only aimed at regular apps. Other apps should have root access anyway?

@SmartBoy84
Copy link

Even with root access, locationd only allows access if they are in a .app bundle

@SmartBoy84
Copy link

Much, much, MUCH experimentation later - I've come with a suitable solution, check it out here
Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment