Principle of virtual positioning
After investigation, there are about three kinds of technical routes for iOS virtual positioning: Xcode simulation positioning, jailbroken mobile dynamic library injection and location writing through the MFI communication protocol between peripherals and devices
1. Xcode changes the location
Start Xcode, create a new project, and then write the GPX file.
Monitoring method
Xcode virtual location will use GPX protocol files, only support coordinates, not altitude, altitude return value is 0, and altitude vertical accuracy return value is fixed -1. So the detection method is very simple: determine whether the altitude and altitude accuracy are the two fixed values.
Note: For ordinary users, some iOS assistants in China reverse Simulate location and integrate it into their own software. For example, The following Ai Si Assistant can directly modify the location of a mobile phone (provided that the phone is connected to a computer).
2. Dynamic library injection
After the iOS jailbreak, install the jailbreak plug-in with the virtual location function. In God mode, jailbreak mods can hijack system functions at will. GPS location manager, able to manage the location of each iOS app, (free version can only set the location of one app) (jailbreak version has a lot of plugins to modify location, because jailbreak test machine 14.3, there are many plugins can not use) hijacking CoreLocation in the following commonly used to get location information function, Can tamper with normal location data:
CLLocationManager->delegate()CLLocationManager->initialize()CLLocationManager->setDelegate()CLLocationManager->startMoni toringSignificantLocationChanges()CLLocationManager->startUpdatingHeading()CLLocationManager->startUpdatingLocation()CLL ocationManager->stopMonitoringSignificantLocationChanges()CLLocationManager->stopUpdatingHeading()CLLocationManager->sto pUpdatingLocation()
Here’s the bee-friend experiment:
Monitoring method
According to the test, for the modified positioning of GPS positioning master of jailbroken mobile phone, since the values of latitude and longitude and altitude can be edited, it is impossible to determine whether it is a virtual location by the accuracy of latitude and longitude and whether the altitude is 0, so the risk can only be determined by judging whether the phone is jailbroken.
3. Through peripherals
Typical products, such as displacement wizard, not only have virtual positioning ability, but also have the function of charging bank. So how does this thing work? It’s easy to explain, it’s a feature apple provides, it’s not black tech. Apple’s Made For iOS (MFi) Accessory Interface Specification document describes iAP2, the communication protocol between USB and peripherals, with many rich features:
You can see that there is location location function, according to the protocol format, send the corresponding location data, you can change the location information.
Monitoring method
After the test, all APP locations based on LBS positioning have been changed to the location you specified by selecting the location of peripherals. However, only the latitude and longitude are changed. The value of altitude obtained by the positioning system is 0, and the return value of altitude vertical accuracy is fixed -1. Similar to xcode simulation modification position, the whole position of the machine is changed, which is different from jailbroken phone. Jailbroken phone hijacks the system positioning function for a specific APP and tampers with the actual position obtained by the function to achieve false positioning.
In view of the above Xcode simulation positioning and peripheral positioning, a Demo of monitoring and judging virtual positions is written. Principle is judged by the precision of the latitude and longitude and altitude (LocationDataSourceMFIDevice orientation of false and real LocationDataSourceRealWorld said)
1. Real positioning
2. False positioning
