Communication Protocol USB muxd between ituns and iPhone

Http://liang8305.github.com/ios/itunsand iphone的 usbusb/

The first research on communication with the iPhone would take Google for granted the USB protocol. The iPhone must be connected to the computer through a USB cable. In fact, iTunes does not communicate with the iPhone through the TCP protocol.

Usbmuxd

ITunes uses something called usb mux to communicate with the iPhone, which provides a USB-TCP conversion service.
This service is/System/Library/PrivateFrameworks/MobileDevice.framework/Resources/usbmuxdProvided, of course, boot automatically.
It creates a Unix domain socket in/var/run/usbmuxdThe USB muxd Service monitors the connection of the iPhone to the USB port.User ModeConnect to USB (relativerecoveryMode ),
The usbmuxd service program will connect to this/var/run/usbmuxdAnd start to become a USB-TCPRequestForwarder

If you want to write a third-party program to communicate with the iPhone and implement functions similar to iTunes, your program can use usbmuxd! Create a TCP connection/var/run/usbmuxdPort, send the corresponding request packet according to the protocol, the USB muxd service will forward the request to the USB iPhone

Lockdownd Protocol

// Protocol header struct usbmux_header {u32 length; // message length, including Header u32 version; // Protocol version number u32 type; // message type, request, response, handshake, u32 tag; // Message ID, used to respond to Char payload; // Request body}; // type Enum {usbmux_result = 1, usbmux_connect = 2 in the header, usbmux_hello = 3, usbmux_payload = 8 ,};

Listeners

If you know the protocol used by iTunes, is there a way to check which packages have been sent by iTunes? There is a simple way to usesocat, For example:

sudo mv /var/run/usbmuxd /var/run/usbmuxxsudo socat -t100 -x -v UNIX-LISTEN:/var/run/usbmuxd,mode=777,reuseaddr,fork UNIX-CONNECT:/var/run/usbmuxx

Package example:

> 2013/02/04 00:07:19.567563  length=483 from=0 to=482 e3 01 00 00 01 00 00 00 08 00 00 00 02 00 00 00  ................ 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31  <?xml version="1 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54  .0" encoding="UT 46 2d 38 22 3f 3e 0a                             F-8"?>. 3c 21 44 4f 43 54 59 50 45 20 70 6c 69 73 74 20  <!DOCTYPE plist 50 55 42 4c 49 43 20 22 2d 2f 2f 41 70 70 6c 65  PUBLIC "-//Apple 2f 2f 44 54 44 20 50 4c 49 53 54 20 31 2e 30 2f  //DTD PLIST 1.0/ 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77  /EN" "http://www 2e 61 70 70 6c 65 2e 63 6f 6d 2f 44 54 44 73 2f  .apple.com/DTDs/ 50 72 6f 70 65 72 74 79 4c 69 73 74 2d 31 2e 30  PropertyList-1.0 2e 64 74 64 22 3e 0a                             .dtd">. 3c 70 6c 69 73 74 20 76 65 72 73 69 6f 6e 3d 22  <plist version=" 31 2e 30 22 3e 0a                                1.0">. 3c 64 69 63 74 3e 0a                             <dict>. 09 3c 6b 65 79 3e 42 75 6e 64 6c 65 49 44 3c 2f  .<key>BundleID</ 6b 65 79 3e 0a                                   key>. 09 3c 73 74 72 69 6e 67 3e 63 6f 6d 2e 61 70 70  .<string>com.app 6c 65 2e 69 54 75 6e 65 73 48 65 6c 70 65 72 3c  le.iTunesHelper< 2f 73 74 72 69 6e 67 3e 0a                       /string>. 09 3c 6b 65 79 3e 43 6c 69 65 6e 74 56 65 72 73  .<key>ClientVers 69 6f 6e 53 74 72 69 6e 67 3c 2f 6b 65 79 3e 0a  ionString</key>. 09 3c 73 74 72 69 6e 67 3e 75 73 62 6d 75 78 64  .<string>usbmuxd 2d 32 39 36 2e 33 3c 2f 73 74 72 69 6e 67 3e 0a  -296.3</string>. 09 3c 6b 65 79 3e 4d 65 73 73 61 67 65 54 79 70  .<key>MessageTyp 65 3c 2f 6b 65 79 3e 0a                          e</key>. 09 3c 73 74 72 69 6e 67 3e 4c 69 73 74 65 6e 3c  .<string>Listen< 2f 73 74 72 69 6e 67 3e 0a                       /string>. 09 3c 6b 65 79 3e 50 72 6f 67 4e 61 6d 65 3c 2f  .<key>ProgName</ 6b 65 79 3e 0a                                   key>. 09 3c 73 74 72 69 6e 67 3e 69 54 75 6e 65 73 48  .<string>iTunesH 65 6c 70 65 72 3c 2f 73 74 72 69 6e 67 3e 0a     elper</string>. 09 3c 6b 65 79 3e 6b 4c 69 62 55 53 42 4d 75 78  .<key>kLibUSBMux 56 65 72 73 69 6f 6e 3c 2f 6b 65 79 3e 0a        Version</key>. 09 3c 69 6e 74 65 67 65 72 3e 33 3c 2f 69 6e 74  .<integer>3</int 65 67 65 72 3e 0a                                eger>. 3c 2f 64 69 63 74 3e 0a                          </dict>. 3c 2f 70 6c 69 73 74 3e 0a                       </plist>.--< 2013/02/04 00:07:19.570319  length=294 from=0 to=293 26 01 00 00 01 00 00 00 08 00 00 00 02 00 00 00  &............... 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31  <?xml version="1 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54  .0" encoding="UT 46 2d 38 22 3f 3e 0a                             F-8"?>. 3c 21 44 4f 43 54 59 50 45 20 70 6c 69 73 74 20  <!DOCTYPE plist 50 55 42 4c 49 43 20 22 2d 2f 2f 41 70 70 6c 65  PUBLIC "-//Apple 2f 2f 44 54 44 20 50 4c 49 53 54 20 31 2e 30 2f  //DTD PLIST 1.0/ 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77  /EN" "http://www 2e 61 70 70 6c 65 2e 63 6f 6d 2f 44 54 44 73 2f  .apple.com/DTDs/ 50 72 6f 70 65 72 74 79 4c 69 73 74 2d 31 2e 30  PropertyList-1.0 2e 64 74 64 22 3e 0a                             .dtd">. 3c 70 6c 69 73 74 20 76 65 72 73 69 6f 6e 3d 22  <plist version=" 31 2e 30 22 3e 0a                                1.0">. 3c 64 69 63 74 3e 0a                             <dict>. 09 3c 6b 65 79 3e 4d 65 73 73 61 67 65 54 79 70  .<key>MessageTyp 65 3c 2f 6b 65 79 3e 0a                          e</key>. 09 3c 73 74 72 69 6e 67 3e 52 65 73 75 6c 74 3c  .<string>Result< 2f 73 74 72 69 6e 67 3e 0a                       /string>. 09 3c 6b 65 79 3e 4e 75 6d 62 65 72 3c 2f 6b 65  .<key>Number</ke 79 3e 0a                                         y>. 09 3c 69 6e 74 65 67 65 72 3e 30 3c 2f 69 6e 74  .<integer>0</int 65 67 65 72 3e 0a                                eger>. 3c 2f 64 69 63 74 3e 0a                          </dict>. 3c 2f 70 6c 69 73 74 3e 0a                       </plist>.--

The first/var/run/usbmuxdRequest package, the first linee3 01 00 00 01 00 00 00 08 00 00 00 02 00 00 00Yes Headere3 01 00 00That is, 0x01e3
= 483, package Length

The header is followed by payload, which is the request content in XML format.