如何模拟（越狱）iPhone的主屏幕点击？

Question

我想模拟点击越狱 iPhone 主屏幕上的应用程序图标。我使用了下面的代码，但它无法生效。我是不是做错了什么？

getFrontMostAppPort()的方法对吗？事件如果我尝试使用GSSendSystemEvent()，它没有效果。

顺便说一句，我的意思是越狱设备。有人可以帮我吗？非常感谢。

// Framework Paths
#define SBSERVPATH  "/System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices"

static mach_port_t getFrontMostAppPort() {
    bool locked;
    bool passcode;
    mach_port_t *port;
    void *lib = dlopen(SBSERVPATH, RTLD_LAZY);
    int (*SBSSpringBoardServerPort)() = dlsym(lib, "SBSSpringBoardServerPort");
    void* (*SBGetScreenLockStatus)(mach_port_t* port, bool *lockStatus, bool *passcodeEnabled) = dlsym(lib, "SBGetScreenLockStatus");
    port = (mach_port_t *)SBSSpringBoardServerPort();
    dlclose(lib);
    SBGetScreenLockStatus(port, &locked, &passcode);
    void *(*SBFrontmostApplicationDisplayIdentifier)(mach_port_t *port, char *result) = dlsym(lib, "SBFrontmostApplicationDisplayIdentifier");
    char appId[256];
    memset(appId, 0, sizeof(appId));
    SBFrontmostApplicationDisplayIdentifier(port, appId);
    NSString * frontmostApp=[NSString stringWithFormat:@"%s",appId];
    if([frontmostApp length] == 0 || locked)
        return GSGetPurpleSystemEventPort();
    else
        return GSCopyPurpleNamedPort(appId);
}

static void sendTouchEvent(GSHandInfoType handInfoType, CGPoint point) {

    uint8_t touchEvent[sizeof(GSEventRecord) + sizeof(GSHandInfo) + sizeof(GSPathInfo)];

    // structure of touch GSEvent
    struct GSTouchEvent {
        GSEventRecord record;
        GSHandInfo    handInfo;
    } * event = (struct GSTouchEvent*) &touchEvent;
    bzero(touchEvent, sizeof(touchEvent));

    // set up GSEvent
    event->record.type = kGSEventHand;
    event->record.subtype = kGSEventSubTypeUnknown;
    event->record.windowLocation = point;
    event->record.timestamp = GSCurrentEventTimestamp();
    event->record.infoSize = sizeof(GSHandInfo) + sizeof(GSPathInfo);
    event->handInfo.type = handInfoType;
    event->handInfo.x52 = 1;

    bzero(&event->handInfo.pathInfos[0], sizeof(GSPathInfo));
    event->handInfo.pathInfos[0].pathIndex     = 1;
    event->handInfo.pathInfos[0].pathIdentity  = 2;
    event->handInfo.pathInfos[0].pathProximity = (handInfoType == kGSHandInfoTypeTouchDown || handInfoType == kGSHandInfoTypeTouchDragged || handInfoType == kGSHandInfoTypeTouchMoved) ? 0x03 : 0x00;;
    event->handInfo.pathInfos[0].pathLocation  = point;


    mach_port_t port = (mach_port_t)getFrontMostAppPort();
    GSSendEvent((GSEventRecord *)event, port);
}

// why nothing happened?
static clickOnHome() {
    sendTouchEvent(kGSHandInfoTypeTouchDown, CGPointMake(100, 200));
    sleep(1);
    sendTouchEvent(kGSHandInfoTypeTouchUp, CGPointMake(100, 200));
}

Answer 1

是的，我认为您的getFrontMostAppPort() 方法很好，if you got it from here。

我想了解你想要什么：

1. 如果您只是想打开一个特定的应用程序（通过 bundleId），那么我建议您使用 Cydia 上提供的命令行 open 实用程序。您可以使用system() 或exec 以编程方式调用它。或者，如果您想将这种“开放”功能构建到您自己的应用程序中，see my answer here。

2. 现在，也许您正在为后台而不是前台的应用或调整编写代码应用。而且，也许您确实需要触摸特定的 {x,y} 坐标，而不是通过其 bundleId 打开应用程序。如果你真的想要，这段代码对我有用 (based on this answer ... with corrections)：

static void sendTouchEvent(GSHandInfoType handInfoType, CGPoint point) {

   uint8_t gsTouchEvent[sizeof(GSEventRecord) + sizeof(GSHandInfo) + sizeof(GSPathInfo)];

   // structure of touch GSEvent
   struct GSTouchEvent {
      GSEventRecord record;
      GSHandInfo    handInfo;
   } * touchEvent = (struct GSTouchEvent*) &gsTouchEvent;
   bzero(touchEvent, sizeof(touchEvent));

   touchEvent->record.type = kGSEventHand;
   touchEvent->record.subtype = kGSEventSubTypeUnknown;
   touchEvent->record.location = point;
   touchEvent->record.windowLocation = point;
   touchEvent->record.infoSize = sizeof(GSHandInfo) + sizeof(GSPathInfo);
   touchEvent->record.timestamp = GSCurrentEventTimestamp();
   //touchEvent->record.window = winRef;
   //touchEvent->record.senderPID = 919;  
   bzero(&touchEvent->handInfo, sizeof(GSHandInfo));
   bzero(&touchEvent->handInfo.pathInfos[0], sizeof(GSPathInfo));
   GSHandInfo touchEventHandInfo;
   touchEventHandInfo._0x5C = 0;
   touchEventHandInfo.deltaX = 0;
   touchEventHandInfo.deltaY = 0;
   touchEventHandInfo.height = 0;
   touchEventHandInfo.width = 0;
   touchEvent->handInfo = touchEventHandInfo;
   touchEvent->handInfo.type = (handInfoType == kGSHandInfoTypeTouchDown) ? 2 : 1;
   touchEvent->handInfo.deltaX = 1;
   touchEvent->handInfo.deltaY = 1;
   touchEvent->handInfo.pathInfosCount = 0;
   touchEvent->handInfo.pathInfos[0].pathIndex = 1;
   touchEvent->handInfo.pathInfos[0].pathIdentity = 2;
   touchEvent->handInfo.pathInfos[0].pathProximity = (handInfoType == kGSHandInfoTypeTouchDown || handInfoType == kGSHandInfoTypeTouchDragged || handInfoType == kGSHandInfoTypeTouchMoved) ? 0x03: 0x00;
   touchEvent->handInfo.x52 = 1;  // iOS 5+, I believe
   touchEvent->handInfo.pathInfos[0].pathLocation = point;
   //touchEvent->handInfo.pathInfos[0].pathWindow = winRef;

   GSEventRecord* record = (GSEventRecord*) touchEvent;
   record->timestamp = GSCurrentEventTimestamp();

   GSSendEvent(record, getFrontMostAppPort());
}

- (void) simulateHomeScreenTouch {
   CGPoint location = CGPointMake(50, 50);
   sendTouchEvent(kGSHandInfoTypeTouchDown, location);

   double delayInSeconds = 0.1;
   dispatch_time_t popTime = dispatch_time(DISPATCH_TIME_NOW, (int64_t)(delayInSeconds * NSEC_PER_SEC));
   dispatch_after(popTime, dispatch_get_main_queue(), ^(void){
      sendTouchEvent(kGSHandInfoTypeTouchUp, location);
   });
}

这将向 SpringBoard 发送一个触地/向上事件对，只要 SpringBoard 是最前面的应用程序（没有其他应用程序打开）。此外，您还可以看到handInfoType 值映射到2 或1 的位置以用于触地和向上事件。上面的代码假定您生成的只有这两种类型的事件。

---

注意：我首先尝试使用您的坐标 x=100，y=200，但没有任何反应。我认为坐标是在两个主屏幕图标之间。使用其他坐标（例如 x=50，y=50）可以正常工作。

---

注意二：我不相信这个解决方案实际上需要越狱。它使用私有 API，因此无法提交到 App Store，但这应该适用于企业中的被监禁手机或爱好者部署。