Splunking your iPhone

Had a little fun last night. Enabled syslogd on the iPhone and sent the logs to a splunk instance via UDP/514

Process is hacking your iPhone and install ssh. Enable syslogd by the following method. (Thanks to core on #iphone)

20:00 so to get syslog running you need /etc/syslogd.conf from your mac
20:01 then break the syslog in /System/Library/LaunchDaemons/ by putting in bad values
20:01 then restart the phone and run 20:01 /usr/sbin/syslogd -bsd_out 1 &

Then edit /etc/syslog.conf and append *.* @loghost

Restart syslogd and you’re set.

Then just set splunk up to listen on 514/UDP and you have iPhone logs.

Interesting bit found? launchd, the service that starts up the daemons on the iPhone just keeps respawning services. The iPhone lacks a standard service control mechanism such as the sysv-compatible init process.

By Mark Cohen

Posted by


Join the Discussion