- [Tcp2UsbBridge iOS](#tcp2usbbridge-ios) - [1. Command reference](#1-com

1. - [Tcp2UsbBridge iOS](#tcp2usbbridge-ios)
2. - [1. Command reference](#1-command-reference)
3. - [2. USBMux Example](#2-usbmux-example)
4. + [3. Implementation of UsbMuxD Command Reference](#3-implementation-of-usbmuxd-command-reference)
5. - [Merging Multiple Devices](#merging-multiple-devices)
6. * [Implementation](#implementation)
7. + [1. ListDevices](#1-listdevices)
8. + [2. Listen](#2-listen)
9. + [3. Connect](#3-connect)
10. + [4. ReadPair](#4-readpair)
11. + [5. SavePair](#5-savepair)
12. + [6. DeletePair](#6-deletepair)
13. + [7. ReadBUID](#7-readbuid)
14. + [8. ListListeners](#8-listlisteners)
15. - [UsbMux Command Reference](#usbmux-command-reference)
16. - [1. List Devices](#1-list-devices)
17. * [Request](#request)
18. * [Response](#response)
19. - [2. Connect](#2-connect)
20. * [Request](#request-1)
21. * [Response](#response-1)
22. - [3. ReadPairRecord](#3-readpairrecord)
23. * [Request](#request-2)
24. - [Response](#response-2)
25. - [4. ReadBUID](#4-readbuid)
26. * [Request](#request-3)
27. * [Response](#response-3)
28. - [5. SavePairRecord](#5-savepairrecord)
29. * [Request](#request-4)
30. * [Response](#response-4)
31. - [6. Listen](#6-listen)
32. * [Request](#request-5)
33. * [Response](#response-5)
34. * [Attached a new Device](#attached-a-new-device)
35. * [Detached device](#detached-device)
36. - [7. ListListeners](#7-listlisteners)
37. - [8. DeletePairRecord](#8-deletepairrecord)
38.  
39.  
40. # Tcp2UsbBridge iOS
41. The Tcp Bridge will basically work exactly like Android.
42. The difference is, the tcp ports won't pipe directly to services on the phone but expose a usbmux compatible protocol for a number of reasons:
43. - Unlike adb-server, there is no way to connect a running instance of usbmuxd to another remote device. It only has usb support.
44. - Anything else you could think of, will just end up in writing a custom usbmux clone, that does exactly the same things just in another custom protocol
45. - Exposing a fully compatible usbmux protocol makes using the bridge at any part of the stack super easy! just run j4ios directly or use socat to make a device available locally on /var/run/usbmuxd
46.  
47. #### 1. Command reference
48. `GET /devices` returns json containing devices and their properties
49. ```
50. [{..,"serial":"udid01"},
51. {..,"serial":"udid02"},
52. {..,"serial":"udid03"}]
53. ```
54.  
55. `PUT -d {\"descriptor\":\"udid01\"} /bridges`
56. Will start the device bridge for iOS device with udid01 and return the TCP/IP port.
57.  
58. `DELETE "/bridge?descriptor=udid01"`
59. Will stop the device bridge for iOS device with udid01
60.  
61. #### 2. USBMux Example
62.  
63. The most important commands for understanding usbmuxd are the ListDevices and the Connect command (see [UsbMux Command Reference](#UsbMux-Command-Reference)).
64. The following explanation will use an example to show how exactly the TcpBride will work.
65.  
66. First `PUT -d {\"descriptor\":\"udid01\"} /bridges` is executed to start a bridge for iOS-Device01 (udid01). Let's assume it returns `15000` as the port. We consider two scenarios now:
67. 1. Using iOS-Device01 with java for ios
68. This is fairly easy, as java for ios supports TCP Sockets out of the box. So connecting to the device is as easy as creating a new ChannelInstance connecting to `bridgeIp:15000`
69. 2. Using the device on a Mac or with MacOS/libimobiledevice based tools
70. These tools require the device to be available on a Unix Domain Socket, so we need to convert our TCP port into a UDS and create it at the common location `/var/run/usbmuxd`. We can use Socat or a custom netty tool for that.
71.  
72. When you run the ListDevices command with either of these tools, you will always receive the same plist:
73. ```
74. <?xml version="1.0" encoding="UTF-8"?>
75. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
76. <plist version="1.0">
77. <dict>
78. <key>DeviceList</key>
79. <array>
80. <dict>
81. <key>DeviceID</key>
82. <integer>27</integer>
83. <key>MessageType</key>
84. <string>Attached</string>
85. <key>Properties</key>
86. <dict>
87. <key>ConnectionSpeed</key>
88. <integer>480000000</integer>
89. <key>ConnectionType</key>
90. <string>USB</string>
91. <key>DeviceID</key>
92. <integer>0</integer>
93. <key>LocationID</key>
94. <integer>337641472</integer>
95. <key>ProductID</key>
96. <integer>4779</integer>
97. <key>SerialNumber</key>
98. <string>udid01</string>
99. </dict>
100. </dict>
101. </array>
102. </dict>
103. </plist>
104. ```
105. This way, every software will only be able to access one device per TCP Port. In other words, devices will be perfectly isolated, just the same as they are for android. Clients will only be able to run Connect calls specifying the DeviceID of 0 and therefore only connect to services on the device they are allowed to use.
106. Should it be desired to have multiple or all devices of a tcpbridge available, see [Merging multiple Devices](#Merging-Multiple-Devices)
107.  
108. ### 3. Implementation of UsbMuxD Command Reference
109. (see [UsbMux Command Reference](#UsbMux-Command-Reference))
110. ListDevices -> Always return the same Device, the one associated with the TCP Port of the connection ListDevices was called on
111.  
112. Connect -> Only allow a Connection to the one allowed Device
113.  
114. SavePairRecord -> Ignore, maybe log a warning
115.  
116. DeletePairRecord -> Ignore, maybe log a warning
117.  
118. Listen -> ignore, no new devices will ever be attached
119.  
120. ReadPairRecord -> Send this devices PairRecord
121.  
122. # Merging Multiple Devices
123. We will need a Java Library/Component that can do the following:
124. Manage A list of DeviceEntries to associate a tuple of (TcpConnection, DeviceID, udid) with a newly generated DeviceID.
125. It needs to discover devices from a local unix domains socket automatically. Remote devices need to be added and removed by API calls.
126. When a remote service tries to execute a UsbMux Command, the merger must decide what to do like so:
127. ## Implementation
128. ### 1. ListDevices
129. Return a Plist conforming to usbmux protocol, containing all devices this merger manages
130. ### 2. Listen
131. - When devices are Added, Removed via API calls, send attached/detached message
132. - On connect, send attached for all already connected devices
133. - Send a Listen command to the local unix domain socket and if something happens there update managed devices, then forward the message further
134. ### 3. Connect
135. - Forward the connect call to the correct device by mapping the DeviceIDs
136. ### 4. ReadPair
137. - Retrieve the correct PairRecord using the udid from remote or local device
138. ### 5. SavePair
139. Forward to remote or local usbmuxd
140. ### 6. DeletePair
141. Forward to remote or local usbmuxd
142. ### 7. ReadBUID
143. This is only needed for pairing, so
144. If a local usbmuxd is connected, forward to there
145. else return random UUID
146. ### 8. ListListeners
147. if local unix domain socket is connected, Return all Listeners from local unix domain socket
148. else return emptylist
149.  
150.  
151.  
152. # UsbMux Command Reference
153.  
154. UsbMux Commands are basically just an RPC mechanism for calling remote procedures on the usbmux daemon (a process running on the mac host). This is important to distinguish, not every command listed here will actually do something with the iOS device. Most of them run on the host machine only.
155. The Request is a Plist that usually contains a MessageType that indicates the procedure to invoke. The return type will be also a Plist.
156.  
157. #### 1. List Devices
158. List devices is the entry point for doing anything with devices connected to the host. It enumerates all of them and lets applications know which devices they can use. You will typically see this being executed whenever applications start. It is the equivalent of the device discovery if you wish. As you can see the return value is just an array of device properties, most notably the `DeviceID` which is a simple int enumerating devices on the host as well as the `SerialNumber` which uniquely identifies the device independent from the actual host it is connected to.
159. No interaction with the iOS Device takes place.
160. ##### Request
161. ```
162. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
163. <plist version="1.0">
164. <dict>
165. <key>ClientVersionString</key>
166. <string>arbitraryString</string>
167. <key>MessageType</key>
168. <string>ListDevices</string>
169. <key>ProgName</key>
170. <string>arbitraryName</string>
171. </dict>
172. </plist>
173. ```
174. ##### Response
175. ```
176. <?xml version="1.0" encoding="UTF-8"?>
177. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
178. <plist version="1.0">
179. <dict>
180. <key>DeviceList</key>
181. <array>
182. <dict>
183. <key>DeviceID</key>
184. <integer>27</integer>
185. <key>MessageType</key>
186. <string>Attached</string>
187. <key>Properties</key>
188. <dict>
189. <key>ConnectionSpeed</key>
190. <integer>480000000</integer>
191. <key>ConnectionType</key>
192. <string>USB</string>
193. <key>DeviceID</key>
194. <integer>27</integer>
195. <key>LocationID</key>
196. <integer>337641472</integer>
197. <key>ProductID</key>
198. <integer>4779</integer>
199. <key>SerialNumber</key>
200. <string>6303db9964ec93381d6d80077a30c62089f16706</string>
201. </dict>
202. </dict>
203. </array>
204. </dict>
205. </plist>
206. ```
207. #### 2. Connect
208. Connect is the command that forwards the TCP Connection used to make the connect call transparently to a TCP Service on the phone. The DeviceID is used to determine the device instead of the udid. The port is the port where the service runs on the phone.
209. Beware, the port is in little endian byte order.
210. Beware2, after the response is sent back, that connection will immediately send and receive bytes
211. directly to and from the phone, without any further delay.
212. ##### Request
213. ```
214. <?xml version="1.0" encoding="UTF-8"?>
215. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
216. <plist version="1.0">
217. <dict>
218. <key>BundleID</key>
219. <string>go.ios.control</string>
220. <key>ClientVersionString</key>
221. <string>go-usbmux-0.0.1</string>
222. <key>DeviceID</key>
223. <integer>27</integer>
224. <key>MessageType</key>
225. <string>Connect</string>
226. <key>PortNumber</key>
227. <integer>32498</integer>
228. <key>ProgName</key>
229. <string>go-usbmux</string>
230. <key>kLibUSBMuxVersion</key>
231. <integer>3</integer>
232. </dict>
233. </plist>
234. ```
235. ##### Response
236. ```
237. <?xml version="1.0" encoding="UTF-8"?>
238. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
239. <plist version="1.0">
240. <dict>
241. <key>MessageType</key>
242. <string>Result</string>
243. <key>Number</key>
244. <integer>0</integer>
245. </dict>
246. </plist>
247. ```
248. #### 3. ReadPairRecord
249. This is used to retrieve a pairrecord (usually in /var/db/lockdown/{udid}.plist)
250. for a device. The `PairRecordID` is the device' udid.
251. No interaction with the iOS Device takes place.
252. ##### Request
253. ```
254. <?xml version="1.0" encoding="UTF-8"?>
255. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
256. <plist version="1.0">
257. <dict>
258. <key>BundleID</key>
259. <string>go.ios.control</string>
260. <key>ClientVersionString</key>
261. <string>go-usbmux-0.0.1</string>
262. <key>MessageType</key>
263. <string>ReadPairRecord</string>
264. <key>PairRecordID</key>
265. <string>6303db9964ec93381d6d80077a30c62089f16706</string>
266. <key>ProgName</key>
267. <string>go-usbmux</string>
268. <key>kLibUSBMuxVersion</key>
269. <integer>3</integer>
270. </dict>
271. </plist>
272. ```
273. #### Response
274. ```
275. <?xml version="1.0" encoding="UTF-8"?>
276. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
277. <plist version="1.0">
278. <dict>
279. <key>PairRecordData</key>
280. <data>
281. {Base64 encoded FileBytes of pairrecord}
282. </data>
283. </dict>
284. </plist>
285. ```
286. #### 4. ReadBUID
287. Reads the BUID which is stored in the pair record and later will be used for starting lockdown sessions. It's usually some random UUID.
288. This command is only used before Pairing, because the BUID is used during pairing and persisted in the pairrecord.
289. No interaction with the iOS Device takes place.
290. ##### Request
291. ```
292. <?xml version="1.0" encoding="UTF-8"?>
293. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
294. <plist version="1.0">
295. <dict>
296. <key>BundleID</key>
297. <string>org.libimobiledevice.usbmuxd</string>
298. <key>ClientVersionString</key>
299. <string>usbmuxd built for freedom</string>
300. <key>MessageType</key>
301. <string>ReadBUID</string>
302. <key>ProgName</key>
303. <string>libusbmuxd</string>
304. <key>kLibUSBMuxVersion</key>
305. <integer>3</integer>
306. </dict>
307. </plist>
308. ```
309. ##### Response
310. ```
311. <?xml version="1.0" encoding="UTF-8"?>
312. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
313. <plist version="1.0">
314. <dict>
315. <key>BUID</key>
316. <string>50E770E0-FF35-444B-96BC-AA365041FB82</string>
317. </dict>
318. </plist>
319. ```
320. #### 5. SavePairRecord
321. UsbMux will store the PairRecord file in `/var/db/lockdown`
322. No interaction with the iOS Device takes place.
323. ##### Request
324. ```
325. <?xml version="1.0" encoding="UTF-8"?>
326. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
327. <plist version="1.0">
328. <dict>
329. <key>BundleID</key>
330. <string>org.libimobiledevice.usbmuxd</string>
331. <key>ClientVersionString</key>
332. <string>usbmuxd built for freedom</string>
333. <key>MessageType</key>
334. <string>SavePairRecord</string>
335. <key>ProgName</key>
336. <string>libusbmuxd</string>
337. <key>kLibUSBMuxVersion</key>
338. <integer>3</integer>
339. <key>PairRecordID</key>
340. <string>6303db9964ec93381d6d80077a30c62089f16706</string>
341. <key>PairRecordData</key>
342. <data>
343. {Base 64 Encoded Pair Record}
344. </data>
345. </dict>
346. </plist>
347. ```
348. ##### Response
349. ```
350. <?xml version="1.0" encoding="UTF-8"?>
351. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
352. <plist version="1.0">
353. <dict>
354. <key>MessageType</key>
355. <string>Result</string>
356. <key>Number</key>
357. <integer>0</integer>
358. </dict>
359. </plist>
360. ```
361. #### 6. Listen
362. Creates a persistent TCP Connection that will send a message (see examples) whenever a new device is connect or disconnected from USB. Also it will send a Attached message right after the first response, for every device that is already connected.
363. All apple tools use this and start it by default.
364.  
365. ##### Request
366. ```
367. <?xml version="1.0" encoding="UTF-8"?>
368. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
369. <plist version="1.0">
370. <dict>
371. <key>BundleID</key>
372. <string>com.apple.AccessibilityInspector</string>
373. <key>ClientVersionString</key>
374. <string>usbmuxd-423.208.1</string>
375. <key>ConnType</key>
376. <integer>0</integer>
377. <key>MessageType</key>
378. <string>Listen</string>
379. <key>ProgName</key>
380. <string>Accessibility Inspector</string>
381. <key>kLibUSBMuxVersion</key>
382. <integer>3</integer>
383. </dict>
384. </plist>
385. ```
386. ##### Response
387. ```
388. <?xml version="1.0" encoding="UTF-8"?>
389. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
390. <plist version="1.0">
391. <dict>
392. <key>MessageType</key>
393. <string>Result</string>
394. <key>Number</key>
395. <integer>0</integer>
396. </dict>
397. </plist>
398. ```
399. ##### Attached a new Device
400. ```
401. <?xml version="1.0" encoding="UTF-8"?>
402. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
403. <plist version="1.0">
404. <dict>
405. <key>DeviceID</key>
406. <integer>27</integer>
407. <key>MessageType</key>
408. <string>Attached</string>
409. <key>Properties</key>
410. <dict>
411. <key>ConnectionSpeed</key>
412. <integer>480000000</integer>
413. <key>ConnectionType</key>
414. <string>USB</string>
415. <key>DeviceID</key>
416. <integer>27</integer>
417. <key>LocationID</key>
418. <integer>337641472</integer>
419. <key>ProductID</key>
420. <integer>4779</integer>
421. <key>SerialNumber</key>
422. <string>6303db9964ec93381d6d80077a30c62089f16706</string>
423. </dict>
424. </dict>
425. </plist>
426. ```
427. ##### Detached device
428. ```
429. <?xml version="1.0" encoding="UTF-8"?>
430. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
431. <plist version="1.0">
432. <dict>
433. <key>DeviceID</key>
434. <integer>28</integer>
435. <key>MessageType</key>
436. <string>Detached</string>
437. </dict>
438. </plist>
439. ```
440. #### 7. ListListeners
441. Returns a list of all Listener connections
442. #### 8. DeletePairRecord