iPhone Wireless Scanner iOS5
As followers know, last year Apple has blocked wifi scanners from App Store, however till iOS5 it was still available for private usage via WiFiManager bundle:
Old Path: /System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager
in iOS5, WifiManager bundle no more exists however 80211 functions are still available via IPConfiguration bundle
New Path: /System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration
The scanning functions are the same as previous version
(For detailed information: http://code.google.com/p/iphone-wireless/ )
but there is one thing you need to pay attention while developing
Your application requires super user privileges in order to perform network scan.
That’s why, you need to put your application in Root’s Applications folder
Correct Path in IOS: /Applications (in this path, app runs with root user permissions)
Wrong Path in IOS: /private/var/mobile/Applications (in this path, app runs with mobile user permissions)
I have prepared a sample project for using Stumbler class on iOS5,
you can download it via
Stumbler Class on iOS5 Usage Sample Download Link.
Also I would like to share couple of screens that may be interesting for some developers.
1) Disassembled screen of iPConfiguration (Processed with IDA Evaluation by HEx Rays )
2) Screenshots of sample project on iPod Touch 4G running iOS 5
Credits:
WifiFofum, They are the first developers who realized IPConfiguration.bundle.
Stumbler “iphone-wireless”, they have provided a lot to community. many thanks.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Flickr
What I am doing?
Recent Posts
Subscribe to my blog
Purnima
Guvener
November 11th, 2011 at 6:50 pmWe noticed a strange phenomenon. When running the app on a non-jailbroken device via the debugger the Wi-Fi scans would not work. However as soon as we hit the stop button on Xcode for debugger the scan results came through. Is there a way around it by programatically issuing a stop that mimics the stop issued from debugger.
with best regards
Jagan
Guvener Gokce
Hi Jagan,
That’s very interesting phenomenon. Although I haven’t tried (yet) hitting a break point programmatically, I will check and let you know if I can succeed.
Many thanks for letting me know, really interesting notice.
November 12th, 2011 at 10:03 amBests,
Guvener
Dwarf
Hi!
How can I put my application in Root’s Applications folder instead of /private/var/mobile/Applications?
I can´t get the sample working…
Thanxs!
November 14th, 2011 at 3:25 amGuvener Gokce
Hi Dwarf,
I’m assuming that your device is already jailbroken (otherwise not possible)
You shall create release build of sample app and upload release build in to /Applications folder.
(you can use open ssh for that )
Bests,
November 14th, 2011 at 3:32 amGuvener
Dwarf
Ohhh!
I want to distribute my app in the App Store…
This may work for Cydia apps, but Stumbler class will never work in “official” apps, am I right?
Thanxs!
November 14th, 2011 at 6:41 amGuvener Gokce
Hi Dwarf,
You’re right, it’s not allowed to publish an app that uses private frameworks,
and just to be clear, Apple has never published an iOS API for wifi scanning.
Bests,
November 14th, 2011 at 8:01 amGuvener
Dwarf
My app is in the Store, using this framework and working in iOS4, but it crashes in iOS5.
November 14th, 2011 at 11:28 amGuvener Gokce
that’s lucky, good for u.
November 14th, 2011 at 11:45 amPurnima
Guvener
December 3rd, 2011 at 10:59 pmAny progress on doing Wi-Fi scans for non-jailbroken devices with the workaround I mentioned.
Jagan
nimesh
i have tried wifi neworks scanning using stumbler class but when i tried
dlopen(”System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration”,1)
It gives “file not find”
Please help me out in this.
December 19th, 2011 at 5:59 amkimtaeil
hi~
I tried to build in Xcode 4.2 but it does’t work.
Is it only work on Device???
please tell me how to test T.T
December 21st, 2011 at 4:28 amtpnolan
I’m curious, has anyone tested the monitor mode support ?
March 1st, 2012 at 2:03 amCan captured packets be successfully parsed into aircrack-ng ?
Dan O
I am trying to get this to work in an private app that needs to know what WiFi Connection the Ipad is on. Any way when I put the SOStumber.h/m in my code I get an error with the following
apple80211Scan(airportHandle, &scan_networks, parameters);
It gives me an “implicit conversion of Objectiv-C pointer type ‘NSDictionary *’ to C pointer type ‘void *’ requires a bridged cast
I have looked at all the settings from your test app and they all look the same. I know I am missing something but can’t figure it out.
I just need to see what WiFi I am currently attached to.
Any help would be great.
March 15th, 2012 at 9:59 ampengpeng
Hi,
March 31st, 2012 at 12:33 amI test the sample on my jailbroken iPod 4G running IOS5.0.1. I copy StumblerIOS5.app to /Applications, but it will terminate immediately so I can’t see the scan results. I try using Xcode4.2 to build and run on my iPod, this time it will not exit, but the results is nil, I am sure there is a Wi-Fi network nearby.
Any help would be great. Sorry for my poor English.
henry
Hi,
I test the sample on my ipod without jb and IOS 5.0.1
but when I scan Networks, I never find wifi server.
it’s always null….
can you help me ? thanks~
April 4th, 2012 at 8:55 pmJeff
Everyone only finds the dlsym for Apple80211Open, Apple80211Close, Apple80211BindToInterface, and Apple80211Scan. But what about WirelessGetAssociationInfo and alike? Are there other parts of Apple80211 available in the IPConfiguration bundle according to your library dumps?
April 12th, 2012 at 7:44 pmHorst Kopper
The Apple80211Scan only provides empty results on iOS-5.1.1 (iPhone4S). Furthermore, the WiFiFoFum app seems not to link against the Apple80211* methods, but to use a DLWiFiManager class.
June 29th, 2012 at 10:26 amtheman
@ Horst
im getting the same results on 5.1.1. Are you running as root and
July 6th, 2012 at 2:56 amis your /Applications ’stashed’ - which still point to a private folder on the iPad1.
Also, what DLWiFiManager class are you referring to?
Guvener Gokce
Hello everyone,
I should update my post sometime, since it’s a bit old right now.
however till then if you would like to try some code,
please check stumbler code via:
http://ininjas.com/boococky/cli-stumbler.tar.gz,
one of my follower got successful result with this.
Actually i haven’t noticed the difference between their code:
void *handle = dlopen(”/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration”, RTLD_LAZY);
int (*open)(void *) = dlsym(handle, “Apple80211Open”);
int (*bind)(void *, CFStringRef) = dlsym(handle, “Apple80211BindToInterface”);
int (*close)(void *) = dlsym(handle, “Apple80211Close”);
int (*scan)(void *, CFArrayRef *, void *) = dlsym(handle, “Apple80211Scan”);
open(&handle);
bind(handle, CFSTR(”en0″));
and mine:
libHandle = dlopen(”/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration”, RTLD_LAZY);
apple80211Open = dlsym(libHandle, “Apple80211Open”);
apple80211Bind = dlsym(libHandle, “Apple80211BindToInterface”);
apple80211Close = dlsym(libHandle, “Apple80211Close”);
apple80211Scan = dlsym(libHandle, “Apple80211Scan”);
apple80211Open(&airportHandle);
apple80211Bind(airportHandle, @”en0″);
however something genius might be in there,
please feel free to comment if you’re successful on your experiments, we’ll all be celebrating with you :)
I’ll keep the post updated as soon,
Bests,
July 6th, 2012 at 3:08 amGuvener
Naren
How can I put my application in Root’s Applications folder instead of /private/var/mobile/Applications How toi Change to root applications i am New to this plz give me some guide about how to change root application folder in device….
regards,
August 2nd, 2012 at 7:32 amnaren
Clay
if you are now wanting to jail break your phone but still get signal strength on the current connection you can use this…
http://code.google.com/p/iphone-wireless/wiki/Apple80211GetInfoCopy
August 30th, 2012 at 4:20 pmHensel
Vielen Dank für den Artikel, ich habe ihn auf meinen Blog erwähnt.
September 8th, 2012 at 6:24 amNam Nguyen
Dear Guvener Gokce, I have successfully tested the “Apple80211GetPower” and “Apple80211Scan” methods, however when it comes to “Apple80211SetPower” to turn on/off the wifi interface, I could not make it worked on my Iphone(IOS 5.1.1).
September 20th, 2012 at 10:53 pmwificontroller[774] : Wifi Power=1
kernel[0] : AppleBCMWLANCore::setPOWER(): state(1) stateFlags(34a23)
the Log said that my phone executed the same command as when I manually set Wi-Fi on/off via Settings. Still, it still did not turn on/off as I expected.
Have anyone succeeded with “Apple80211SetPower”?
Blair
Hi Guvener Gokce. I ‘m still confused about how to put my application into root folder. could you explain it more clearly.
October 10th, 2012 at 2:11 amOr could you give me a website to solve this problem?
best regards
Blair
moses
i want to turn on/off wifi
is any succeeded with Apple80211SetPower?
October 19th, 2012 at 2:08 amPatrick
hey,ive got a working implementation of this as part of a package but I was wondering if you know how come noise always is measured as 0? can it not measure it properly?? other desktop tools measure the noise so I have a benchmark to compare with..
February 7th, 2013 at 10:52 pmcars
There is no denying the fact that purchasing a car can be
May 18th, 2013 at 11:30 pma nerve-wracking, stress-filled experience.
Before you make a decision and spend a great amount of money on a vehicle, it pays
to acquire a bit of knowledge on the subject.
Keep the tips that follow close at hand, and you will have what it takes to make an optimal decision.