Original analysis: Install IPA using mobile installation in IOS (using the same installation API as iTunes/appstore)

Original article: http://www.yonsm.net/post/553

To install a program in iOS, there are three types from the user's perspective:

1. Deb method similar to cydia: directly installed to/applications as the system app, cannot be long-pressed to delete (cydelete is not discussed ).

2. Similar to ucweb/installous's pseudo IPA method: directly unpack IPA (actually zip) and simulate the official IPA installation method. It can be understood as the result-only mode of black box testing. This installation method may be due to issues such as failure to refresh the logo and failure to synchronize IPA back to iTunes. From this perspective, I personally do not recommend that you use ucweb to download and install IPA, nor installous.

3. The officially supported appstore/iTunes installation IPA mode: This is the mobile installation framework method I will talk about here. This is the most official, secure, and perfect way to install IPA. Currently, it is known that synchronous push/ifunbox/ifanbox/itools all use these methods (ifanbox should be completed after I communicate with me :)

Mobile installation is the framework for installing IPA in iOS, Which is analyzed by IDA/developer/platforms/iphoneos. platform/developer/sdks/iphoneos5.0.sdk/system/library/privateframeworks/mobileinstallation. framework/mobileinstallation
We can see that it exports the following APIs:

Name address ordinal

--------

_ Mobileinstallationarchive 00000f80

_ Mobileinstallationbrowse 00000fe0

_ Mobileinstallationcheckcapabilitiesmatch 00000be0

_ Mobileinstallationcopysafeharbors 00000ca4

_ Mobileinstallationinstall 00001144

_ Mobileinstallationlookup 00001034

_ Mobileinstallationlookuparchives 00000e70

_ Mobileinstallationprocessrestoredcontainer 00000e10

_ Mobileinstallationregistersafeharbor 00000d58

_ Mobileinstallationremovearchive 00000ec0

_ Mobileinstallationremovesafeharbor 00000cf4

_ Mobileinstallationrestore 00000f20

_ Mobileinstallationsetdevicecapabilities 00000c40

_ Mobileinstallationuninstall 00001084

_ Mobileinstallationupgrade 255.10e4

_ Mobileinstallationrebuildmap 00000b90

Two APIs are very useful:

_ Mobileinstallationinstall: Install IPA

_ Mobileinstallationlookup: List Installed IPA

The analysis result of mobileinstallationinstall is directly pasted. The analysis process depends on the previous phases :)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

// Typedef int (* mobileinstallationinstall) (nsstring * path, nsdictionary * dict, void * na, nsstring * path2_equal_path_maybe_no_use ); Iparesult ipainstall (nsstring * path) { Void * Lib = dlopen ("/system/library/privateframeworks/mobileinstallation. Framework/mobileinstallation ", Rtld_lazy ); If (LIB) { Mobileinstallationinstall pmobileinstallationinstall = (mobileinstallationinstall) dlsym (Lib, "mobileinstallationinstall "); If (pmobileinstallationinstall) { Nsstring * name = [@ "Install _" stringbyappendingstring: path. lastpathcomponent]; Nsstring * temp = [nstemporarydirectory () stringbyappendingpathcomponent: Name]; If (! [[Nsfilemanager defaultmanager] copyitematpath: Path Topath: temp error: Nil]) return iparesultfilenotfound; Int ret = (iparesult) pmobileinstallationinstall (temp, [nsdictionary dictionarywithobject: @ "user" forkey: @ "applicationtype"], 0, Path ); [[Nsfilemanager defamanager manager] removeitematpath: temp Error: Nil]; Return ret; } } Return iparesultnofunction; }

In addition, the reason for copying IPA is that it may be deleted after IPA is installed. If you can delete the installation IPA, you do not need to copy it to a new place.

For detailed code, please mail for Yonsm@msn.com.