August 26th, 2007
Splunking your iPhone
| Topics: | Homepage |
|---|---|
| Tags: | |
| Share: |
Had a little fun last night. Enabled syslogd on the iPhone and sent the logs to a splunk instance via UDP/514
Process is hacking your iPhone and install ssh. Enable syslogd by the following method. (Thanks to core on #iphone)
syslog
20:00 so to get syslog running you need /etc/syslogd.conf from your mac
20:01 then break the syslog in /System/Library/LaunchDaemons/apple.com.syslogd by putting in bad values
20:01 then restart the phone and run 20:01 /usr/sbin/syslogd -bsd_out 1 &
Then edit /etc/syslog.conf and append *.* @loghost
Restart syslogd and you’re set.
Then just set splunk up to listen on 514/UDP and you have iPhone logs.
Interesting bit found? launchd, the service that starts up the daemons on the iPhone just keeps respawning services. The iPhone lacks a standard service control mechanism such as the sysv-compatible init process.
