- Bidirectional XPC message interception.
- iOS and macOS support.
bplist00, and the infamousbplist15deserialization.- Filter by message direction (incoming or outgoing) and service name.
- More to come?
Usage: xpcspy [OPTIONS] [TARGET]
Intercept XPC messages and more
Options:
-U, --usb Use the USB-connected device instead of the local
one
-p, --attach-pid INTEGER Attach using the process' PID
-f, --filter-by TEXT Filter by message direction and service name.
'i' denotes incoming and 'o' denotes outgoing.
Service name can include the wildcard character
'*'. For exmaple 'i:com.apple.*',
'o:com.apple.apsd' or just 'o'/'i'.
-r, --parse Parse XPC dictionary keys that include either
`bplist00` or `bplist16` data.
--help Show this message and exit.
pip3 install xpcspy
- Add support for
bplist16. - Deserialize data within the parsed
bplists recursively. - Improve script loading performance, kinda slow for some reason.
- Add an option to get the address, perhaps ASLR adjusted, for the XPC event handler, by spawning the process and hooking
xpc_connection_set_event_handler. - Add fancy colors.
- More pretty printing?
- Why are you reinventing the wheel?
- I'm not; XPoCe doesn't intercept incoming messages, and doesn't support
bplist00orbplist15. `
- I'm not; XPoCe doesn't intercept incoming messages, and doesn't support