Experimental SSL support

MessagesBridge.xcodeproj/project.pbxproj

@@ -10,6 +10,9 @@
 		1AA43E8F219EBB2D00EDF1A7 /* MBIMJSONDataResponse.m in Sources */ = {isa = PBXBuildFile; fileRef = 1AA43E8E219EBB2D00EDF1A7 /* MBIMJSONDataResponse.m */; };
 		1AA43E91219EBC2C00EDF1A7 /* MBIMHTTPConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 1ACFCFE3219EB45300E2C237 /* MBIMHTTPConnection.m */; };
 		1AA43E95219EC38E00EDF1A7 /* MBIMHTTPUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 1AA43E94219EC38E00EDF1A7 /* MBIMHTTPUtilities.m */; };
+		1AAB32B121F82EB7004A2A72 /* MBIMLogging.m in Sources */ = {isa = PBXBuildFile; fileRef = 1AAB32B021F82EB7004A2A72 /* MBIMLogging.m */; };
+		1AAB32B421F837BB004A2A72 /* hookAgent.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = CD83E1B5219BF78E00F4CCEA /* hookAgent.sh */; };
+		1AAB32B621F83B68004A2A72 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1AAB32B521F83B68004A2A72 /* Security.framework */; };
 		1ACFCF2A219EB2AC00E2C237 /* HTTPConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 1ACFCE00219EB2AB00E2C237 /* HTTPConnection.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		1ACFCF2B219EB2AC00E2C237 /* HTTPLogging.h in Headers */ = {isa = PBXBuildFile; fileRef = 1ACFCE01219EB2AB00E2C237 /* HTTPLogging.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		1ACFCF2C219EB2AC00E2C237 /* HTTPMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = 1ACFCE02219EB2AB00E2C237 /* HTTPMessage.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -106,6 +109,16 @@
 /* End PBXContainerItemProxy section */
 
 /* Begin PBXCopyFilesBuildPhase section */
+		1AAB32B321F837AF004A2A72 /* CopyFiles */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 7;
+			files = (
+				1AAB32B421F837BB004A2A72 /* hookAgent.sh in CopyFiles */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		CDF62330219A895D00690038 /* CopyFiles */ = {
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
@@ -135,6 +148,11 @@
 		1AA43E8E219EBB2D00EDF1A7 /* MBIMJSONDataResponse.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMJSONDataResponse.m; sourceTree = "<group>"; };
 		1AA43E93219EC38E00EDF1A7 /* MBIMHTTPUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMHTTPUtilities.h; sourceTree = "<group>"; };
 		1AA43E94219EC38E00EDF1A7 /* MBIMHTTPUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMHTTPUtilities.m; sourceTree = "<group>"; };
+		1AAB32AC21F8212E004A2A72 /* MBIMBridge_Private.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMBridge_Private.h; sourceTree = "<group>"; };
+		1AAB32AF21F82EB7004A2A72 /* MBIMLogging.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMLogging.h; sourceTree = "<group>"; };
+		1AAB32B021F82EB7004A2A72 /* MBIMLogging.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMLogging.m; sourceTree = "<group>"; };
+		1AAB32B221F835BD004A2A72 /* KPServer.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KPServer.pch; sourceTree = "<group>"; };
+		1AAB32B521F83B68004A2A72 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.Internal.sdk/System/Library/Frameworks/Security.framework; sourceTree = DEVELOPER_DIR; };
 		1ACFCDE2219EB28A00E2C237 /* CocoaHTTPServer.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = CocoaHTTPServer.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		1ACFCDFC219EB2AB00E2C237 /* LICENSE.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE.txt; sourceTree = "<group>"; };
 		1ACFCDFE219EB2AB00E2C237 /* README.markdown */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = net.daringfireball.markdown; path = README.markdown; sourceTree = "<group>"; };
@@ -262,6 +280,7 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				1AAB32B621F83B68004A2A72 /* Security.framework in Frameworks */,
 				CD14F1A7219FF2F400E7DD22 /* IMSharedUtilities.framework in Frameworks */,
 				1ACFCFDF219EB31400E2C237 /* CocoaHTTPServer.framework in Frameworks */,
 				CDF62343219A9BE200690038 /* ContactsFoundation.framework in Frameworks */,
@@ -310,6 +329,7 @@
 		1A0C445E219A45B400F2AC00 /* Frameworks */ = {
 			isa = PBXGroup;
 			children = (
+				1AAB32B521F83B68004A2A72 /* Security.framework */,
 				CD14F1A6219FF2F400E7DD22 /* IMSharedUtilities.framework */,
 				CDF62342219A9BE200690038 /* ContactsFoundation.framework */,
 				CDF62340219A9AAA00690038 /* EmailFoundation.framework */,
@@ -327,6 +347,7 @@
 			children = (
 				CD60204C219B5D710024D9C5 /* Operations */,
 				1A0C4469219A4BC300F2AC00 /* MBIMBridge.h */,
+				1AAB32AC21F8212E004A2A72 /* MBIMBridge_Private.h */,
 				1A0C446A219A4BC300F2AC00 /* MBIMBridge.m */,
 				CD14F1A8219FF3B800E7DD22 /* MBIMUpdateQueue.h */,
 				CD14F1A9219FF3B800E7DD22 /* MBIMUpdateQueue.m */,
@@ -334,6 +355,7 @@
 				CD14F1AC219FFAE100E7DD22 /* MBIMConcurrentHTTPServer.m */,
 				1ACFCFE2219EB45300E2C237 /* MBIMHTTPConnection.h */,
 				1ACFCFE3219EB45300E2C237 /* MBIMHTTPConnection.m */,
+				1AAB32A921F81AD0004A2A72 /* Security */,
 			);
 			path = Bridge;
 			sourceTree = "<group>";
@@ -362,6 +384,22 @@
 			path = Utilities;
 			sourceTree = "<group>";
 		};
+		1AAB32A921F81AD0004A2A72 /* Security */ = {
+			isa = PBXGroup;
+			children = (
+			);
+			path = Security;
+			sourceTree = "<group>";
+		};
+		1AAB32AE21F82E73004A2A72 /* Utilities */ = {
+			isa = PBXGroup;
+			children = (
+				1AAB32AF21F82EB7004A2A72 /* MBIMLogging.h */,
+				1AAB32B021F82EB7004A2A72 /* MBIMLogging.m */,
+			);
+			path = Utilities;
+			sourceTree = "<group>";
+		};
 		1ACFCDE3219EB28A00E2C237 /* CocoaHTTPServer */ = {
 			isa = PBXGroup;
 			children = (
@@ -555,10 +593,12 @@
 		CDF62333219A895D00690038 /* kordophone */ = {
 			isa = PBXGroup;
 			children = (
+				1AAB32AE21F82E73004A2A72 /* Utilities */,
 				CD14F1A5219FF22B00E7DD22 /* Categories */,
 				CD83E150219BDB4F00F4CCEA /* Hooking */,
 				1A0C446D219A4BCD00F2AC00 /* Bridge */,
 				CDF62334219A895D00690038 /* main.m */,
+				1AAB32B221F835BD004A2A72 /* KPServer.pch */,
 			);
 			path = kordophone;
 			sourceTree = "<group>";
@@ -652,6 +692,7 @@
 				CD83E15D219BE91500F4CCEA /* Headers */,
 				CD83E15E219BE91500F4CCEA /* Sources */,
 				CD83E15F219BE91500F4CCEA /* Frameworks */,
+				1AAB32B321F837AF004A2A72 /* CopyFiles */,
 			);
 			buildRules = (
 			);
@@ -669,6 +710,7 @@
 				CDF6232E219A895D00690038 /* Sources */,
 				CDF6232F219A895D00690038 /* Frameworks */,
 				CDF62330219A895D00690038 /* CopyFiles */,
+				1AAB32AD21F8245D004A2A72 /* Add current directory to rpath */,
 			);
 			buildRules = (
 			);
@@ -743,6 +785,27 @@
 		};
 /* End PBXResourcesBuildPhase section */
 
+/* Begin PBXShellScriptBuildPhase section */
+		1AAB32AD21F8245D004A2A72 /* Add current directory to rpath */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputFileListPaths = (
+			);
+			inputPaths = (
+			);
+			name = "Add current directory to rpath";
+			outputFileListPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "# Type a script or drag a script file from your workspace to insert its path.\n\nRESULT=$(install_name_tool -delete_rpath $BUILT_PRODUCTS_DIR $BUILT_PRODUCTS_DIR/$EXECUTABLE_NAME 2> /dev/null)\n\ninstall_name_tool -add_rpath $BUILT_PRODUCTS_DIR $BUILT_PRODUCTS_DIR/$EXECUTABLE_NAME\n";
+		};
+/* End PBXShellScriptBuildPhase section */
+
 /* Begin PBXSourcesBuildPhase section */
 		1ACFCDDD219EB28A00E2C237 /* Sources */ = {
 			isa = PBXSourcesBuildPhase;
@@ -802,6 +865,7 @@
 				1AA43E95219EC38E00EDF1A7 /* MBIMHTTPUtilities.m in Sources */,
 				CDE455A421A5308D0041F5DD /* MBIMFetchAttachmentOperation.m in Sources */,
 				CD83E156219BE10A00F4CCEA /* hooking.m in Sources */,
+				1AAB32B121F82EB7004A2A72 /* MBIMLogging.m in Sources */,
 				1AD8936E21EFD986009B599A /* MBIMUploadAttachmentOperation.m in Sources */,
 				CDF6233A219A8A5600690038 /* MBIMBridge.m in Sources */,
 				CDF62335219A895D00690038 /* main.m in Sources */,
@@ -1082,6 +1146,7 @@
 			buildSettings = {
 				CLANG_ENABLE_MODULES = NO;
 				CODE_SIGN_STYLE = Automatic;
+				GCC_PREFIX_HEADER = kordophone/KPServer.pch;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SDKROOT = macosx.internal;
 				SYSTEM_FRAMEWORK_SEARCH_PATHS = (
@@ -1096,6 +1161,7 @@
 			buildSettings = {
 				CLANG_ENABLE_MODULES = NO;
 				CODE_SIGN_STYLE = Automatic;
+				GCC_PREFIX_HEADER = kordophone/KPServer.pch;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SDKROOT = macosx.internal;
 				SYSTEM_FRAMEWORK_SEARCH_PATHS = (

MessagesBridge.xcodeproj/xcshareddata/xcschemes/kordophoned.xcscheme

@@ -63,7 +63,7 @@
       </BuildableProductRunnable>
       <CommandLineArguments>
          <CommandLineArgument
-            argument = "${BUILT_PRODUCTS_DIR}/libagentHook.dylib"
+            argument = "-s -c certificate.p12"
             isEnabled = "YES">
          </CommandLineArgument>
       </CommandLineArguments>

README.md

@@ -15,3 +15,28 @@ If you get dyld errors running from the command line, use `install_name_tool` to
 
 ## Running
 You need to hook imagent first to bypass entitlements check. Look at `hookAgent.sh`
+
+
+## SSL
+If you want to run with SSL, you have to generate a self-signed certificate, and have the Mac trust the root cert.
+
+### Generate a root cert
+1. Generate root key
+    `openssl genrsa -out Kordophone-root.key 4096`
+2. Generate root certificate
+    `openssl req -x509 -new -nodes -key Kordophone-root.key -sha256 -days 1024 -out Kordophone-root.crt`
+
+### Create signing certificate by signing a new cert with the root cert
+1. Generate signing key
+    `openssl genrsa -out kp.localhost.key 2048`
+2. Create certificate signing request
+    `openssl req -new -key kp.localhost.key -out kp.localhost.csr`
+3. Sign the cert with the root cert
+    `openssl x509 -req -in kp.localhost.csr -CA Kordophone-root.crt -CAkey Kordophone-root.key -CAcreateserial -out kp.localhost.crt -days 365 -sha256`
+4. kordophoned works with a signing cert in PKCS12 format. Convert the cert and the privkey to PKCS12
+    `openssl pkcs12 -export -in kp.localhost.crt -inkey kp.localhost.key -out certificate.p12 -name "Kordophone"`
+
+### Start kordophone with the SSL options and provide the p12
+`kordophoned -s -c certificate.p12`
+
+

agentHook/hookAgent.sh

@@ -16,4 +16,5 @@ echo "Telling imagent to launch with inserted libraries for uid $EUID"
 sudo launchctl debug gui/$EUID/com.apple.imagent --environment DYLD_INSERT_LIBRARIES=$LIB_PATH
 launchctl kill SIGKILL gui/501/com.apple.imagent
 
+echo "\nYou might have to kill imagent for changes to take effect (killall imagent)"
 

kordophone/Bridge/MBIMBridge.h

@@ -14,9 +14,13 @@
 NS_ASSUME_NONNULL_BEGIN
 
 @interface MBIMBridge : NSObject
-@property (nonatomic, assign)   const char *dylibPath;
+@property (nonatomic, strong)   NSString   *dylibPath;
+@property (nonatomic, assign)   UInt16      port;
 @property (nonatomic, readonly) NSOperationQueue *operationQueue;
 
+@property (nonatomic, assign) BOOL      usesSSL;
+@property (nonatomic, strong) NSString *sslCertPath;
+
 + (instancetype)sharedInstance;
 
 - (instancetype)init NS_UNAVAILABLE;

kordophone/Bridge/MBIMBridge.m

@@ -7,6 +7,7 @@
 //
 
 #import "MBIMBridge.h"
+#import "MBIMBridge_Private.h"
 #import "MBIMBridgeOperation.h"
 #import "MBIMConcurrentHTTPServer.h"
 #import "MBIMHTTPConnection.h"
@@ -21,9 +22,14 @@
 #import <IMFoundation/IMFoundation.h>
 #import <IMFoundation/IMFoundation_Private.h>
 
+static const UInt16 kDefaultPort = 5738;
+
 static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 
-@interface MBIMBridge (/* INTERNAL */)
+@interface MBIMBridge (/* INTERNAL */) {
+    __strong NSArray *_sslCertificateAndIdentity;
+}
+
 @property (nonatomic, strong) MBIMConcurrentHTTPServer *httpServer;
 @property (nonatomic, strong) NSOperationQueue *operationQueue;
 
@@ -47,11 +53,7 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 {
     self = [super init];
     if (self) {
-        [self registerForNotifications];
+        self.port = kDefaultPort;
-        [self startWebServer];
-        
-        [sDaemonController setDelegate:self];
-        [sDaemonListener addHandler:self];
         
         _operationQueue = [[NSOperationQueue alloc] init];
         _operationQueue.maxConcurrentOperationCount = 5;
@@ -63,7 +65,58 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 - (void)_terminate
 {
     // *shrug*
-    exit(0);
+    exit(1);
+}
+
+- (NSArray *)sslCertificateAndIdentity
+{
+    if (!_sslCertificateAndIdentity && self.sslCertPath) {
+        // Get the p12
+        NSError *error = nil;
+        NSData *certData = [NSData dataWithContentsOfFile:self.sslCertPath options:0 error:&error];
+        if (!certData || error) {
+            MBIMLogError(@"Unable to load SSL certificate from file: %@", [error localizedDescription]);
+            return nil;
+        }
+        
+        CFArrayRef items = nil;
+        OSStatus status = SecPKCS12Import(
+            (__bridge CFDataRef)certData,
+            (__bridge CFDictionaryRef) @{
+                (__bridge id)kSecImportExportPassphrase : @"xNAq3vn)^PNu}[&gyQ4MZeV?J"
+            },
+            &items
+        );
+        
+        if (status != noErr) {
+            MBIMLogError(@"Error importing PKCS12: SecPKCS12Import status: %d", status);
+            return nil;
+        }
+        
+        CFDictionaryRef certDict = CFArrayGetValueAtIndex(items, 0);
+        if (!certDict) {
+            MBIMLogError(@"Error parsing the SSL certificate");
+            return nil;
+        }
+        
+        SecIdentityRef identity = (SecIdentityRef)CFDictionaryGetValue(certDict, kSecImportItemIdentity);
+        _sslCertificateAndIdentity = @[ (__bridge id)identity ];
+    }
+    
+    return _sslCertificateAndIdentity;
+}
+
+- (void)checkSSLCertificate
+{
+    if (self.usesSSL) {
+        NSArray *certAndIdentity = [self sslCertificateAndIdentity];
+        if ([certAndIdentity count]) {
+            MBIMLogInfo(@"SSL Certificate looks okay");
+        } else {
+            MBIMLogFatal(@"Wasn't able to load SSL certificate. Bailing...");
+            [self _terminate];
+        }
+    }
 }
 
 #pragma mark -
@@ -76,18 +129,26 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
     BOOL hooked = HookIMAgent(self.dylibPath, &errorString);
     if (!hooked) {
         NSString *errorNSString = [NSString stringWithUTF8String:errorString];
-        NSLog(@"Error hooking imagent: %@", errorNSString);
+        MBIMLogInfo(@"Error hooking imagent: %@", errorNSString);
         return;
     }
 #endif
     
+    [self registerForNotifications];
+    
+    [sDaemonController setDelegate:self];
+    [sDaemonListener addHandler:self];
+    
     if (![sDaemonController hasListenerForID:MBIMBridgeToken]) {
         if (![sDaemonController addListenerID:MBIMBridgeToken capabilities:(kFZListenerCapFileTransfers | kFZListenerCapManageStatus | kFZListenerCapChats | kFZListenerCapMessageHistory | kFZListenerCapIDQueries | kFZListenerCapSendMessages)]) {
-            NSLog(@"Failed to connect to imagent");
+            MBIMLogFatal(@"Failed to connect to imagent");
             
             [self _terminate];
         }
     }
+    
+    [self checkSSLCertificate];
+    [self startWebServer];
 }
 
 - (void)disconnect
@@ -116,7 +177,7 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 
 - (void)_messageReceived:(NSNotification *)notification
 {
-    NSLog(@"Received message from chat with GUID: %@", [[notification object] guid]);
+    MBIMLogInfo(@"Received message from chat with GUID: %@", [[notification object] guid]);
     
     IMChat *chat = [notification object];
     IMMessage *message = [[notification userInfo] objectForKey:IMChatValueKey];
@@ -135,14 +196,14 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 
 - (void)_chatRegistryDidLoad:(NSNotification *)notification
 {
-    NSLog(@"Loaded chat registry. %lu existing chats", (unsigned long)[sChatRegistry numberOfExistingChats]);
+    MBIMLogInfo(@"Loaded chat registry. %lu existing chats", (unsigned long)[sChatRegistry numberOfExistingChats]);
 }
 
 - (void)_chatItemsDidChange:(NSNotification *)notification
 {
     IMChat *chat = [notification object];
     if (chat) {
-        NSLog(@"Chat items change for GUID: %@", [chat guid]);
+        MBIMLogInfo(@"Chat items change for GUID: %@", [chat guid]);
         
         MBIMUpdateItem *updateItem = [[MBIMUpdateItem alloc] init];
         updateItem.changedChat = chat;
@@ -157,11 +218,13 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 {
     self.httpServer = [[MBIMConcurrentHTTPServer alloc] init];
     [self.httpServer setConnectionClass:[MBIMHTTPConnection class]];
-    [self.httpServer setPort:8080];
+    [self.httpServer setPort:self.port];
     
     NSError *error = nil;
     if (![self.httpServer start:&error]) {
-        NSLog(@"Error starting HTTP server: %@", [error localizedDescription]);
+        MBIMLogError(@"Error starting HTTP server: %@", [error localizedDescription]);
+    } else {
+        MBIMLogNotify(@"Started Kordophone HTTP server on port %u", self.port);
     }
 }
 
@@ -170,31 +233,31 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone";
 
 - (void)daemonControllerWillConnect
 {
-    NSLog(@"Connecting to imagent...");
+    MBIMLogInfo(@"Connecting to imagent...");
 }
 
 - (void)daemonControllerDidConnect
 {
-    NSLog(@"imagent responded.");
+    MBIMLogInfo(@"imagent responded.");
     
     IMAccount *iMessageAccount = [[IMAccountController sharedInstance] bestAccountForService:[IMServiceImpl iMessageService]];
     if (iMessageAccount) {
-        NSLog(@"Successfully got accounts from imagent");
+        MBIMLogInfo(@"Successfully got accounts from imagent");
-        NSLog(@"iMessage account connected: %@", iMessageAccount);
+        MBIMLogInfo(@"iMessage account connected: %@", iMessageAccount);
     } else {
-        NSLog(@"imagent returned no accounts (not entitled?)");
+        MBIMLogFatal(@"ERROR: imagent returned no accounts (not entitled? speak with Agent Hook)");
         [self _terminate];
     }
 }
 
 - (void)daemonControllerDidDisconnect
 {
-    NSLog(@"Disconnected from imagent");
+    MBIMLogInfo(@"Disconnected from imagent");
 }
 
 - (void)daemonConnectionLost
 {
-    NSLog(@"Connection lost to imagent");
+    MBIMLogError(@"Connection lost to imagent");
 }
 
 @end

kordophone/Bridge/MBIMBridge_Private.h

@@ -0,0 +1,14 @@
+//
+//  MBIMBridge_Private.h
+//  MessagesBridge
+//
+//  Created by James Magahern on 1/22/19.
+//  Copyright © 2019 James Magahern. All rights reserved.
+//
+
+#import "MBIMBridge.h"
+
+@interface MBIMBridge (/*PRIVATE*/)
+- (NSArray *)sslCertificateAndIdentity;
+
+@end

kordophone/Bridge/MBIMHTTPConnection.m

@@ -9,13 +9,26 @@
 #import "MBIMHTTPConnection.h"
 
 #import "MBIMBridge.h"
+#import "MBIMBridge_Private.h"
 #import "MBIMBridgeOperation.h"
 
+#import <Security/Security.h>
+
 @implementation MBIMHTTPConnection {
     NSMutableData *_bodyData;
     MBIMBridgeOperation *_currentOperation;
 }
 
+- (BOOL)isSecureServer
+{
+    return [[MBIMBridge sharedInstance] usesSSL];
+}
+
+- (NSArray *)sslIdentityAndCertificates
+{
+    return [[MBIMBridge sharedInstance] sslCertificateAndIdentity];
+}
+
 - (BOOL)supportsMethod:(NSString *)method atPath:(NSString *)path
 {
     if ([method isEqualToString:@"GET"] || [method isEqualToString:@"POST"]) {

kordophone/Bridge/Operations/MBIMFetchAttachmentOperation.m

@@ -27,20 +27,20 @@
         NSString *guid = [self valueForQueryItemWithName:@"guid"];
         
         if (!guid) {
-            NSLog(@"No query item provided");
+            MBIMLogInfo(@"No query item provided");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
         
         IMFileTransfer *transfer = [[IMFileTransferCenter sharedInstance] transferForGUID:guid];
         if (!transfer) {
-            NSLog(@"No transfer found for guid: %@", guid);
+            MBIMLogInfo(@"No transfer found for guid: %@", guid);
             response = [[HTTPErrorResponse alloc] initWithErrorCode:404];
             break;
         }
         
         if (![transfer existsAtLocalPath]) {
-            NSLog(@"We don't have the file for this yet (still downloading to server?)");
+            MBIMLogInfo(@"We don't have the file for this yet (still downloading to server?)");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:404];
             break;
         }
@@ -48,7 +48,7 @@
         NSString *localPath = [transfer localPath];
         NSData *responseData = [NSData dataWithContentsOfFile:localPath];
         if (!responseData) {
-            NSLog(@"Wasn't able to load data from local path: %@", localPath);
+            MBIMLogInfo(@"Wasn't able to load data from local path: %@", localPath);
             response = [[HTTPErrorResponse alloc] initWithErrorCode:404];
             break;
         }

kordophone/Bridge/Operations/MBIMMarkOperation.m

@@ -25,7 +25,7 @@
         NSString *guid = [self valueForQueryItemWithName:@"guid"];
         
         if (!guid) {
-            NSLog(@"No query item provided");
+            MBIMLogInfo(@"No query item provided");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
@@ -33,7 +33,7 @@
         dispatch_sync([[self class] sharedIMAccessQueue], ^{
             IMChat *chat = [sChatRegistry existingChatWithGUID:guid];
             if (!chat) {
-                NSLog(@"Chat with guid: %@ not found", guid);
+                MBIMLogInfo(@"Chat with guid: %@ not found", guid);
                 response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             } else {
                 // TODO: be smarter about this and mark individual messages as read? Could lead

kordophone/Bridge/Operations/MBIMMessagesListOperation.m

@@ -28,7 +28,7 @@
         NSString *guid = [self valueForQueryItemWithName:@"guid"];
         
         if (!guid) {
-            NSLog(@"No query item provided");
+            MBIMLogInfo(@"No query item provided");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
@@ -37,7 +37,7 @@
         dispatch_sync([[self class] sharedIMAccessQueue], ^{
             IMChat *chat = [sChatRegistry existingChatWithGUID:guid];
             if (!chat) {
-                NSLog(@"Chat with guid: %@ not found", guid);
+                MBIMLogInfo(@"Chat with guid: %@ not found", guid);
                 response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             } else {
                 // Load messages

kordophone/Bridge/Operations/MBIMSendMessageOperation.m

@@ -44,7 +44,7 @@
         }
         
         if (!chat) {
-            NSLog(@"Chat does not exist: %@", chatGUID);
+            MBIMLogInfo(@"Chat does not exist: %@", chatGUID);
             result = NO;
         } else {
             [chat sendMessage:reply];

kordophone/Bridge/Operations/MBIMUploadAttachmentOperation.m

@@ -26,14 +26,14 @@
     do {
         NSString *filename = [self valueForQueryItemWithName:@"filename"];
         if ([filename length] == 0) {
-            NSLog(@"No filename provided");
+            MBIMLogInfo(@"No filename provided");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
         
         NSData *attachmentData = self.requestBodyData;
         if ([attachmentData length] == 0) {
-            NSLog(@"No attachment data in request");
+            MBIMLogInfo(@"No attachment data in request");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
@@ -42,14 +42,14 @@
         NSURL *localURL = [NSURL fileURLWithPath:localPath];
         BOOL success = [attachmentData writeToURL:localURL atomically:NO];
         if (!success) {
-            NSLog(@"Error writing attachment to temporary directory");
+            MBIMLogInfo(@"Error writing attachment to temporary directory");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }
         
         NSString *guid = [[IMFileTransferCenter sharedInstance] guidForNewOutgoingTransferWithLocalURL:localURL];
         if (!guid) {
-            NSLog(@"There was some problem shuttling the file to IMCore");
+            MBIMLogInfo(@"There was some problem shuttling the file to IMCore");
             response = [[HTTPErrorResponse alloc] initWithErrorCode:500];
             break;
         }

kordophone/Hooking/hooking.m

@@ -13,7 +13,7 @@
 
 BOOL HookIMAgent(const char *relativeDylibPath, char **errorString)
 {
-    NSLog(@"Hooking imagent");
+    MBIMLogInfo(@"Hooking imagent");
     
     const char *hookDylibPath = realpath(relativeDylibPath, NULL);
     
@@ -61,10 +61,10 @@ BOOL HookIMAgent(const char *relativeDylibPath, char **errorString)
         return NO;
     }
     
-    NSLog(@"Successfully setup environment variables");
+    MBIMLogInfo(@"Successfully setup environment variables");
     
     // Kill imagent so the new one has the loaded bundle
-    NSLog(@"Killing imagent...");
+    MBIMLogInfo(@"Killing imagent...");
     int killAgentSuccess = system("killall imagent");
     
     dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.5 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{

kordophone/KPServer.pch

@@ -0,0 +1,14 @@
+//
+//  KPServer.pch
+//  MessagesBridge
+//
+//  Created by James Magahern on 1/22/19.
+//  Copyright © 2019 James Magahern. All rights reserved.
+//
+
+#ifndef KPServer_h
+#define KPServer_h
+
+#include "MBIMLogging.h"
+
+#endif /* KPServer_h */

kordophone/Utilities/MBIMLogging.h

@@ -0,0 +1,34 @@
+//
+//  MBIMLogging.h
+//  kordophoned
+//
+//  Created by James Magahern on 1/22/19.
+//  Copyright © 2019 James Magahern. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+typedef enum {
+    ML_INFO,
+    ML_NOTIFY,
+    ML_ERROR,
+    ML_FATAL
+} MBIMLogLevel;
+
+extern void __MBIMLogCommon(MBIMLogLevel level, NSString *format, ...);
+
+#define MBIMLogInfo(format, ...) \
+    __MBIMLogCommon(ML_INFO, format, ##__VA_ARGS__)
+
+#define MBIMLogNotify(format, ...) \
+    __MBIMLogCommon(ML_NOTIFY, format, ##__VA_ARGS__)
+
+#define MBIMLogError(format, ...) \
+    __MBIMLogCommon(ML_ERROR, format, ##__VA_ARGS__)
+
+#define MBIMLogFatal(format, ...) \
+    __MBIMLogCommon(ML_FATAL, format, ##__VA_ARGS__)
+
+NS_ASSUME_NONNULL_END

kordophone/Utilities/MBIMLogging.m

@@ -0,0 +1,44 @@
+//
+//  MBIMLogging.m
+//  kordophoned
+//
+//  Created by James Magahern on 1/22/19.
+//  Copyright © 2019 James Magahern. All rights reserved.
+//
+
+#import "MBIMLogging.h"
+
+#define ESC(inner) "\033[" inner "m"
+#define CLR ESC("0")
+#define BLD "1;"
+#define RED "31;"
+
+extern void __MBIMLogCommon(MBIMLogLevel level, NSString *format, ...)
+{
+    static dispatch_once_t onceToken;
+    static NSDateFormatter *dateFormatter = nil;
+    dispatch_once(&onceToken, ^{
+        dateFormatter = [[NSDateFormatter alloc] init];
+        dateFormatter.dateFormat = @"Y-MM-d HH:mm:ss";
+    });
+    
+    va_list args;
+    va_start(args, format);
+    NSString *message = [[NSString alloc] initWithFormat:format arguments:args];
+    va_end(args);
+    
+    const char *c_fmt = "%s";
+    if (level == ML_NOTIFY) {
+        // BOLD
+        c_fmt = ESC(BLD) "%s";
+    } else if (level == ML_ERROR) {
+        c_fmt = ESC(RED) "%s";
+    } else if (level == ML_FATAL) {
+        c_fmt = ESC(BLD RED) "%s";
+    }
+    
+    NSString *dateStr = [dateFormatter stringFromDate:[NSDate date]];
+    fprintf(stdout, "%s: ", [dateStr UTF8String]);
+    fprintf(stdout, c_fmt, [message UTF8String]);
+    fprintf(stdout, CLR "\n");
+}

kordophone/main.m

@@ -10,18 +10,62 @@
 
 #import "MBIMBridge.h"
 
-int main(int argc, const char * argv[]) {
+void printUsage()
-    @autoreleasepool {
+{
-        MBIMBridge *bridge = [MBIMBridge sharedInstance];
+    fprintf(stderr, "Usage: kordophoned [-h] [-s | -c (certificate.p12)]\n");
+    fprintf(stderr, "\t-h \t Show this help message\n");
+    fprintf(stderr, "\t-s \t Use SSL (requires -c option)\n");
+    fprintf(stderr, "\t-c \t SSL certificate path encoded as pkcs12\n");
+}
 
-#if HOOK_IMAGENT
+int main(int argc, char *const argv[]) {
-        if (argc < 2) {
+    @autoreleasepool {
-            fprintf(stderr, "Usage: kordophoned agentHook.dylib\n");
+        BOOL usesSSL = NO;
+        BOOL showHelp = NO;
+        const char *certPath = NULL;
+        
+        int c = -1;
+        while ( (c = getopt(argc, argv, "hsc:")) != -1 ) {
+            switch (c) {
+                case 's':
+                    usesSSL = YES;
+                    break;
+                case 'c':
+                    certPath = optarg;
+                    break;
+                case 'h':
+                    showHelp = YES;
+                    break;
+                case '?':
+                    if (optopt == 'c') {
+                        fprintf (stderr, "Option -%c requires an argument.\n", optopt);
+                    } else if (isprint(optopt)) {
+                        fprintf (stderr, "Unknown option `-%c'.\n", optopt);
+                    } else {
+                        fprintf (stderr, "Unknown option character `\\x%x'.\n", optopt);
+                        return 1;
+                    }
+                default:
+                    abort ();
+            }
+        }
+        
+        if (showHelp) {
+            printUsage();
             return 1;
         }
         
-        bridge.dylibPath = argv[1];
+        if (usesSSL && certPath == NULL) {
-#endif
+            fprintf(stderr, "Error: wants SSL (-s) but no ssl certificate path (-c) provided\n");
+            return 1;
+        }
+        
+        MBIMBridge *bridge = [MBIMBridge sharedInstance];
+        
+        if (usesSSL && certPath != NULL) {
+            bridge.usesSSL = YES;
+            bridge.sslCertPath = [NSString stringWithCString:certPath encoding:NSASCIIStringEncoding];
+        }
         
         [bridge connect];
         
@@ -30,5 +74,6 @@ int main(int argc, const char * argv[]) {
             [[NSRunLoop currentRunLoop] run];
         }
     }
+    
     return 0;
 }