My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 45: Error on iOS SDK 5.0 when calling open(&handle);
19 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----

Sign in to add a comment
Reported by, Jun 9, 2011
Following code (opening a handel with C library dlfcn.h) was working find till iOS 4.3.3 

void *handle = dlopen("/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager", RTLD_LAZY);
    int (*open)(void *) = dlsym(handle, "Apple80211Open");
    int (*bind)(void *, CFStringRef) = dlsym(handle, "Apple80211BindToInterface");
    int (*close)(void *) = dlsym(handle, "Apple80211Close");        
    int (*scan)(void *, CFArrayRef *, void *) = dlsym(handle, "Apple80211Scan");
    bind(handle, CFSTR("en0"));   
    CFDictionaryRef parameters = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);    
    CFArrayRef networks;    
    scan(handle, &networks, parameters);

With new SDK 5.0 on beta getting following error, 
Is there any one who have found a solution on this?

warning: check_safe_call: could not restore current frame
warning: Unable to restore previously selected frame.

Jun 14, 2011

I'm in a kind of same situation here ... But my error is that the image is not found ... Because Apple change the location of their private framework ... I'm now looking for the new location of the WifiManager in order to update my app .... 
If I found something i'll share it ! 

Have Fun ! 

Jun 15, 2011
Has anyone found a solution for this?

This is what I have found out so far:

libHandle = dlopen("/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager", RTLD_LAZY);
now returns always NULL

Just like in older iOS version, this works again now:
libHandle = dlopen("/System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi", RTLD_LAZY);

So maybe they have switched back to the old location of the framework.
However, using these old functions results in a crash:

open = dlsym(libHandle, "Apple80211Open");
bind = dlsym(libHandle, "Apple80211BindToInterface");
close = dlsym(libHandle, "Apple80211Close");
scan = dlsym(libHandle, "Apple80211Scan");
bind(airportHandle, @"en0");


Jun 28, 2011
Any news so far? Im currently working on the same Issue.
Jun 30, 2011
Calling nm on WifiManager returns the result below. However, I was not able to put this together to something meaningful:

         U _CFAbsoluteTimeGetCurrent
         U _CFAllocatorAllocate
         U _CFAllocatorDeallocate
         U _CFArrayAppendValue
         U _CFArrayApplyFunction
         U _CFArrayCreate
         U _CFArrayCreateMutable
         U _CFArrayGetCount
         U _CFArrayGetFirstIndexOfValue
         U _CFArrayGetValueAtIndex
         U _CFBooleanGetTypeID
         U _CFDataCreateWithBytesNoCopy
         U _CFDataGetBytePtr
         U _CFDataGetBytes
         U _CFDataGetLength
         U _CFDataGetTypeID
         U _CFDateCompare
         U _CFDictionaryContainsKey
         U _CFDictionaryCreate
         U _CFDictionaryCreateCopy
         U _CFDictionaryCreateMutable
         U _CFDictionaryCreateMutableCopy
         U _CFDictionaryGetCount
         U _CFDictionaryGetKeysAndValues
         U _CFDictionaryGetTypeID
         U _CFDictionaryGetValue
         U _CFDictionaryRemoveValue
         U _CFDictionarySetValue
         U _CFEqual
         U _CFGetTypeID
         U _CFHash
         U _CFMachPortCreate
         U _CFMachPortCreateRunLoopSource
         U _CFMachPortGetPort
         U _CFMachPortInvalidate
         U _CFNumberCreate
         U _CFNumberGetTypeID
         U _CFNumberGetValue
         U _CFPropertyListCreateFromXMLData
         U _CFPropertyListWriteToStream
         U _CFRelease
         U _CFRetain
         U _CFRunLoopAddSource
         U _CFRunLoopRemoveSource
         U _CFSetAddValue
         U _CFSetApplyFunction
         U _CFSetContainsValue
         U _CFSetCreate
         U _CFSetCreateMutable
         U _CFStringAppendFormat
         U _CFStringCompare
         U _CFStringCreateExternalRepresentation
         U _CFStringCreateFromExternalRepresentation
         U _CFStringCreateMutable
         U _CFStringCreateWithFormat
         U _CFStringGetCStringPtr
         U _CFStringGetTypeID
         U _CFWriteStreamClose
         U _CFWriteStreamCopyProperty
         U _CFWriteStreamCreateWithAllocatedBuffers
         U _CFWriteStreamOpen
         U _EAPTLSRemoveTrustExceptionsBindings
         U _IOMasterPort
         U _IOObjectRelease
         U _IORegistryEntrySearchCFProperty
         U _IOServiceGetMatchingService
         U _IOServiceMatching
         U _MKBDeviceUnlockedSinceBoot
         U _MKBGetDeviceLockState
00007b38 T _MobileWiFiContainsDriver
00007a08 T _MobileWiFiContainsRadio
         U _NDR_record
         U _SCError
         U _SCErrorString
         U _SCLog
         U _SCPreferencesApplyChanges
         U _SCPreferencesCommitChanges
         U _SCPreferencesLock
         U _SCPreferencesSynchronize
         U _SCPreferencesUnlock
         U _SecItemAdd
         U _SecItemCopyMatching
         U _SecItemDelete
         U _SecItemUpdate
00005484 T _WiFiDeviceClientAssociateAsync
00005464 T _WiFiDeviceClientAssociateCancel
00005620 T _WiFiDeviceClientCopyCurrentNetwork
0000528c T _WiFiDeviceClientCopyHostedNetworks
00005814 T _WiFiDeviceClientCopyProperty
00005440 T _WiFiDeviceClientDisassociate
0000515c T _WiFiDeviceClientGetInterfaceName
000055f0 T _WiFiDeviceClientGetPower
00005120 T _WiFiDeviceClientGetTypeID
00005718 T _WiFiDeviceClientRegisterBssidChangeCallback
00005154 T _WiFiDeviceClientRegisterDecryptionCallback
000056e0 T _WiFiDeviceClientRegisterLinkCallback
00005738 T _WiFiDeviceClientRegisterPowerCallback
00005754 T _WiFiDeviceClientRegisterRemovalCallback
000056fc T _WiFiDeviceClientRegisterScanCacheUpdateCallback
0000550c T _WiFiDeviceClientScanAsync
00005474 T _WiFiDeviceClientScanCancel
000055b0 T _WiFiDeviceClientSetPower
00005770 T _WiFiDeviceClientSetProperty
0000523c T _WiFiDeviceClientSetWiFiDirect
000053bc T _WiFiDeviceClientStartNetwork
00005330 T _WiFiDeviceClientStopNetwork
00005c80 T _WiFiGetNetworkChannel
00001764 T _WiFiMIGMachPortCreate
00001574 T _WiFiMIGMachPortGetPort
00001450 T _WiFiMIGMachPortGetTypeID
00001484 T _WiFiMIGMachPortRegisterDemuxCallback
0000148c T _WiFiMIGMachPortRegisterTerminationCallback
000015c8 T _WiFiMIGMachPortScheduleWithRunLoop
00001580 T _WiFiMIGMachPortUnscheduleFromRunLoop
000049dc T _WiFiManagerClientAddNetwork
000046e0 T _WiFiManagerClientCopyDevices
000047e8 T _WiFiManagerClientCopyEnabledNetworks
00004acc T _WiFiManagerClientCopyMisPassword
000047f4 T _WiFiManagerClientCopyNetworks
00004d00 T _WiFiManagerClientCopyProperty
00004f68 T _WiFiManagerClientCreate
00004c88 T _WiFiManagerClientDisable
000048e8 T _WiFiManagerClientDisableNetwork
00004e80 T _WiFiManagerClientDispatchNotificationResponse
00004c9c T _WiFiManagerClientEnable
000048f8 T _WiFiManagerClientEnableNetwork
00004778 T _WiFiManagerClientGetAskToJoinState
00004cb0 T _WiFiManagerClientGetAssociationMode
00004238 T _WiFiManagerClientGetDevice
00004bdc T _WiFiManagerClientGetMISDiscoveryState
00004c18 T _WiFiManagerClientGetMISState
00004c50 T _WiFiManagerClientGetPower
00004a98 T _WiFiManagerClientGetRetryIntervalCap
00003f1c T _WiFiManagerClientGetType
00004f18 T _WiFiManagerClientGetTypeID
00004b84 T _WiFiManagerClientGetWoWCapability
00004ba4 T _WiFiManagerClientGetWoWState
00004800 T _WiFiManagerClientIsNetworkEnabled
00004b64 T _WiFiManagerClientIsTetheringSupported
00004108 T _WiFiManagerClientRegisterBackgroundScanCallback
00004124 T _WiFiManagerClientRegisterDeviceAttachmentCallback
000040ec T _WiFiManagerClientRegisterNotificationCallback
00004908 T _WiFiManagerClientRemoveNetwork
00004198 T _WiFiManagerClientScheduleWithRunLoop
00004ccc T _WiFiManagerClientSetAssociationMode
00004a38 T _WiFiManagerClientSetBackgroundScanNetworks
00004bfc T _WiFiManagerClientSetMISDiscoveryState
00004c38 T _WiFiManagerClientSetMISState
00004b04 T _WiFiManagerClientSetMisPassword
00004c70 T _WiFiManagerClientSetPower
00004dd4 T _WiFiManagerClientSetProperty
00004ab4 T _WiFiManagerClientSetRetryIntervalCap
00004ce4 T _WiFiManagerClientSetType
00004bc4 T _WiFiManagerClientSetWoWState
000048d8 T _WiFiManagerClientTemporarilyDisableNetwork
0000416c T _WiFiManagerClientUnscheduleFromRunLoop
00004980 T _WiFiManagerClientUpdateNetwork
00005ecc T _WiFiNetworkCompareNoSecurity
00006308 T _WiFiNetworkComparePriority
00006cfc T _WiFiNetworkCopyFilteredRecord
00006f84 T _WiFiNetworkCopyPassword
00006f94 T _WiFiNetworkCopyPreparedEAPProfile
000071fc T _WiFiNetworkCopyRecord
00007298 T _WiFiNetworkCreate
000073bc T _WiFiNetworkCreateCopy
00006428 T _WiFiNetworkGet11dCountryCodeFromIe
00005c9c T _WiFiNetworkGetAssociationDate
000060e4 T _WiFiNetworkGetAuthFlags
00006548 T _WiFiNetworkGetBtMacFromIe
000070c4 T _WiFiNetworkGetDirectedState
000065d0 T _WiFiNetworkGetFloatProperty
00006670 T _WiFiNetworkGetIntProperty
00006eec T _WiFiNetworkGetLastAssociationDate
00005b14 T _WiFiNetworkGetNetworkChannelList
000065e0 T _WiFiNetworkGetNetworkUsage
00005ac4 T _WiFiNetworkGetProperty
00006de0 T _WiFiNetworkGetRateBounds
00006e64 T _WiFiNetworkGetSSID
00007128 T _WiFiNetworkGetSSIDData
00005948 T _WiFiNetworkGetTypeID
00005dc8 T _WiFiNetworkIsAdHoc
00006524 T _WiFiNetworkIsApplePersonalHotspot
000059d4 T _WiFiNetworkIsCaptive
000060f0 T _WiFiNetworkIsEAP
0000597c T _WiFiNetworkIsEnabled
00007078 T _WiFiNetworkIsHidden
00007040 T _WiFiNetworkIsHiddenSSID
00005b28 T _WiFiNetworkIsMultiAPEnvironment
00005a9c T _WiFiNetworkIsWAPI
00005a7c T _WiFiNetworkIsWAPICERT
00005a8c T _WiFiNetworkIsWAPIPSK
000059a8 T _WiFiNetworkIsWEP
00005fec T _WiFiNetworkIsWPA
0000653c T _WiFiNetworkIsWoWAllowed
000071ec T _WiFiNetworkMerge
00006c88 T _WiFiNetworkMergeForAssociation
00007188 T _WiFiNetworkMergeProperties
00006a44 T _WiFiNetworkPrepareNetworkChannelList
00006f60 T _WiFiNetworkRemovePassword
0000610c T _WiFiNetworkRequiresIdentity
00005f04 T _WiFiNetworkRequiresOneTimePassword
00006244 T _WiFiNetworkRequiresPassword
00006178 T _WiFiNetworkRequiresUsername
00006b68 T _WiFiNetworkSetAssociationDate
00006bbc T _WiFiNetworkSetDirectedState
00006bf0 T _WiFiNetworkSetFloatProperty
00006c50 T _WiFiNetworkSetIntProperty
000068fc T _WiFiNetworkSetNetworkChannelList
00006c38 T _WiFiNetworkSetNetworkUsage
00006f70 T _WiFiNetworkSetPassword
00006680 T _WiFiNetworkSetProperty
00006b88 T _WiFiNetworkSetWEP
00006784 T _WiFiNetworkSetWPA
00005cbc T _WiFiNetworkSortNetworksByLastUsedDate
000065f8 T _WiFiNetworkSortNetworksByUsageTime
00001538 T _WiFiPortCacheAdd
00001494 T _WiFiPortCacheCopy
000014dc T _WiFiPortCacheCopyWithType
00001500 T _WiFiPortCacheRemove
0000765c T _WiFiSecurityCopyPassword
00007808 T _WiFiSecurityRemovePassword
000078b0 T _WiFiSecuritySetPassword
00001010 T __CFArrayCreateMutableCopyOfCFSet
00000e2c T __CFDictinoarySetFloatValue
00000e74 T __CFDictionarySetIntValue
00000dac T __CFMachPortCreateWithPort
00000dc0 T __CFPropertyListCreateBinaryData
         U __CFRuntimeCreateInstance
         U __CFRuntimeRegisterClass
00000fb4 T __CFSetCreateMutableCopyOfCFArray
00000eac T __CFTypeGetFloatValue
00000efc T __CFTypeGetIntValue
00000e0c T __CFValidateType
000099f0 b __MergedGlobals
00009790 d __MergedGlobals
000099e0 b __MergedGlobals1
         U __SC_CFMachPortCreateWithPort
00001138 T __WiFiCopyEnabledNetworks
00001304 T __WiFiCreateNetworksFromRecords
000011b4 T __WiFiCreateNetworksFromRecordsWithRSSIBounds
00001398 T __WiFiCreateRecordsFromNetworks
00001314 T __WiFiCreateRecordsFromNetworksWithType
000058bc T __WiFiDeviceClientCreate
00005174 T __WiFiDeviceClientDispatchAssociationResult
00005204 T __WiFiDeviceClientDispatchBssidEvent
0000522c T __WiFiDeviceClientDispatchLinkEvent
000051f4 T __WiFiDeviceClientDispatchPowerEvent
000051e4 T __WiFiDeviceClientDispatchRemovalEvent
00005214 T __WiFiDeviceClientDispatchScanCacheUpdateEvent
00005160 T __WiFiDeviceClientDispatchScanResults
00005194 T __WiFiDeviceClientDispatchStartNetworkResult
000051c4 T __WiFiDeviceClientDispatchStopNetworkResult
00005a04 T __WiFiNetworkSetState
00000d1c T __WiFiPreferencesLock
000013a4 T __WiFiPreferencesUnlock
00000d78 T __WiFiScale
00000f54 T __WiFiScaleRSSI
0000105c T __WiFiSerialize
000010cc T __WiFiUnserializeAndVMDealloc
00001afc t __Xwifi_manager_client_dispatch_association_result
00001e08 t __Xwifi_manager_client_dispatch_event
000018f0 t __Xwifi_manager_client_dispatch_notification
00001a14 t __Xwifi_manager_client_dispatch_scan_results
00001c10 t __Xwifi_manager_client_dispatch_start_network_result
00001d2c t __Xwifi_manager_client_dispatch_stop_network_result
0000104c t ___CFArrayCreateMutableCopyOfCFSetApplier
         U ___CFConstantStringClassReference
00001000 t ___CFSetCreateMutableCopyOfCFArrayApplier
00005dfc t ___WiFiCompareDictionaryValues
00005e74 t ___WiFiCompareSSIDorBSSID
000056b4 t ___WiFiDeviceClientAndEventMask
000098f0 s ___WiFiDeviceClientClass
00005688 t ___WiFiDeviceClientOrEventMask
000058a0 t ___WiFiDeviceClientRegister
00005308 t ___WiFiDeviceClientRelease
000097e0 s ___WiFiMIGMachPortClass
00001604 t ___WiFiMIGMachPortPortCallback
00001730 t ___WiFiMIGMachPortRegister
00001834 t ___WiFiMIGMachPortRelease
00003f20 t ___WiFiManagerClientAddDevice
000040d0 t ___WiFiManagerClientAndEventMask
00004140 t ___WiFiManagerClientAvailableCallback
000098c0 s ___WiFiManagerClientClass
0000479c t ___WiFiManagerClientCopyNetworks
0000473c t ___WiFiManagerClientGetRootDevice
00003f90 t ___WiFiManagerClientGetServerPort
00004ee8 t ___WiFiManagerClientMIGDemuxCallback
000040b4 t ___WiFiManagerClientOrEventMask
00004f4c t ___WiFiManagerClientRegister
000050c8 t ___WiFiManagerClientRelease
0000486c t ___WiFiManagerClientSetNetworkState
00009930 s ___WiFiNetworkClass
00005f3c t ___WiFiNetworkContainsAuthSelector
0000759c t ___WiFiNetworkCopyDesc
000073d4 t ___WiFiNetworkEqual
0000608c t ___WiFiNetworkGetAuthFlags
00005a54 t ___WiFiNetworkGetWAPIPolicy
00007580 t ___WiFiNetworkHash
0000605c t ___WiFiNetworkIsEAP
00005fa4 t ___WiFiNetworkIsWPA
00005ff8 t ___WiFiNetworkIsWPAEAP
000064a4 t ___WiFiNetworkIsWoWAllowed
00007214 t ___WiFiNetworkRegister
00005a38 t ___WiFiNetworkRelease
         U ___assert_rtn
00008a70 s ___func__.21048
000099ec b ___wiFiDeviceTypeID
000097cc d ___wiFiDeviceTypeInit
000099e8 b ___wiFiManagerTypeID
000097c4 d ___wiFiManagerTypeInit
000097d4 d ___wifiNetworkTypeInit
000099dc S __dateFormatter
000044d8 T __wifi_manager_client_dispatch_association_result
00004244 T __wifi_manager_client_dispatch_event
00004618 T __wifi_manager_client_dispatch_notification
0000458c T __wifi_manager_client_dispatch_scan_results
00004400 T __wifi_manager_client_dispatch_start_network_result
00004374 T __wifi_manager_client_dispatch_stop_network_result
00009810 S __wifi_manager_client_subsystem
         U _bcmp
         U _bcopy
         U _bootstrap_look_up
         U _bootstrap_port
         U _bzero
         U _free
         U _getpid
         U _kCFAllocatorDefault
         U _kCFAllocatorNull
         U _kCFBooleanFalse
         U _kCFBooleanTrue
         U _kCFStreamPropertyDataWritten
         U _kCFTypeArrayCallBacks
         U _kCFTypeDictionaryKeyCallBacks
         U _kCFTypeDictionaryValueCallBacks
         U _kCFTypeSetCallBacks
         U _kCNSCaptiveNetworkProperty
         U _kIOMasterPortDefault
         U _kSecAttrAccessible
         U _kSecAttrAccessibleAfterFirstUnlock
         U _kSecAttrAccessibleAlways
         U _kSecAttrAccount
         U _kSecAttrService
         U _kSecClass
         U _kSecClassGenericPassword
         U _kSecReturnData
         U _kSecValueData
000099b4 S _kWiFiDeviceCapabilitiesKey
000099cc S _kWiFiDeviceSupportsWAPIKey
000099b8 S _kWiFiDeviceSupportsWoWKey
000099b0 S _kWiFiDeviceVendorIDKey
000099bc S _kWiFiLoggingEnabledKey
000099c0 S _kWiFiLoggingFileEnabledKey
000099c4 S _kWiFiLoggingFileKey
000099d0 S _kWiFiManagerDisableBlackListKey
000099a0 S _kWiFiNetworkEnterpriseProfile
0000999c S _kWiFiNetworkEnterpriseProfileKey
000099c8 S _kWiFiPreferenceCustomNetworksSettingsKey
000099d8 S _kWiFiPreferenceMStageAutoJoinKey
00009998 S _kWiFiRSSIThresholdKey
000099a8 S _kWiFiScaledRSSIKey
000099ac S _kWiFiScaledRateKey
000099a4 S _kWiFiStrengthKey
000099d4 S _kWiFiTetheringCredentialsKey
         U _mach_msg
         U _mach_msg_destroy
         U _mach_port_deallocate
         U _mach_port_get_attributes
         U _mach_port_set_attributes
         U _mach_task_self_
         U _malloc
000099fc b _masterPort.19637
         U _memcpy
         U _mig_dealloc_reply_port
         U _mig_get_reply_port
         U _mig_put_reply_port
         U _notify_register_mach_port
         U _pthread_mutex_lock
         U _pthread_mutex_unlock
         U _pthread_once
         U _vm_deallocate
         U _vm_read
00002228 T _wifi_device_assoc_async
00002bd0 T _wifi_device_copy_current_network
00002934 T _wifi_device_copy_networks
00002e54 T _wifi_device_copy_property
00002294 T _wifi_device_disassociate
00002d1c T _wifi_device_get_power
00002a88 T _wifi_device_scan_async
0000207c T _wifi_device_set_event_mask
000022ec T _wifi_device_set_power
00002354 T _wifi_device_set_property
000020e4 T _wifi_device_set_wifi_direct_state
000021b8 T _wifi_device_start_network
0000214c T _wifi_device_stop_network
00002830 T _wifi_manager_add_network
00001864 T _wifi_manager_client_server
000018c8 T _wifi_manager_client_server_routine
00002904 T _wifi_manager_close
00003dfc T _wifi_manager_copy_devices
00003cc8 T _wifi_manager_copy_networks
00003b7c T _wifi_manager_copy_property
00002688 T _wifi_manager_dispatch_notification_response
00003824 T _wifi_manager_get_ask_to_join_state
000031dc T _wifi_manager_get_association_mode
0000360c T _wifi_manager_get_mis_discovery_state
00003718 T _wifi_manager_get_mis_state
00003a3c T _wifi_manager_get_network_state
00003930 T _wifi_manager_get_power
000032e8 T _wifi_manager_get_retry_cap
000033f4 T _wifi_manager_get_wow_capability
00003500 T _wifi_manager_get_wow_state
000030d0 T _wifi_manager_is_tethering_supported
00002fb0 T _wifi_manager_mis_copy_password
000023c8 T _wifi_manager_mis_set_password
00001ee4 T _wifi_manager_open
00002760 T _wifi_manager_remove_network
000024a8 T _wifi_manager_set_association_mode
00002024 T _wifi_manager_set_background_scan_networks
00002464 T _wifi_manager_set_client_type
00002644 T _wifi_manager_set_enable_state
00002420 T _wifi_manager_set_event_mask
00002574 T _wifi_manager_set_mis_discovery_state
000025bc T _wifi_manager_set_mis_state
000026f4 T _wifi_manager_set_network_state
00002600 T _wifi_manager_set_power
00002898 T _wifi_manager_set_property
000024ec T _wifi_manager_set_retry_cap
00002530 T _wifi_manager_set_wow_state
000027c8 T _wifi_manager_update_network
         U dyld_stub_binder

Jul 29, 2011
I too ran into this issue when testing on iOS 5 beta 4.  Has anyone made any progress with this since the last post?

I am going to scour a jailed iOS 5 device to see if anything turns up on there...
Oct 13, 2011
Has anybody made any progress?  I need to reproduce the functionality of


I guess 


are obvious. How about binding to en0?

Oct 13, 2011
Previously to the WifiManager.framework the MobileWifi.framework was used, am I wrong? But symbols do not match...
Oct 14, 2011
Hi It looks you got some good progress.
can you please share how did you managed to get above result from WifiManager?
I started again to figure out a solution.
Oct 14, 2011
The new "Airport Utility" app from Apple probably uses the new Framework. It seems to be scanning for Airport Base stations. Maybe we can decompile the app and see what it does?
Oct 14, 2011
iwhacko that was actually a very good idea.

Here's a "nm AirPort" to see if it makes sense to anyone (a lot of WifiManager* functions)
Oct 14, 2011
I've had some experience with decompiling OSX apps, will try to see what I can do with the iPhone app. But that must wait until the weekend. Until then, if someone else feels like it, go ahead.
Oct 14, 2011
I've tried using class_dump on MobileWifi, but that was pretty useless, all I've got was an empty header file.
Oct 14, 2011
Then the framework is probably compiled in C instead of Objective-C. Those are pretty difficult to reverse engineer.
Oct 17, 2011
Has anyone made progress on this? I got stuck when class-dump failed and haven't got any time to check the links that #14 provided, thanks for them anyway I'll check them out.
Oct 19, 2011
It seems like someone already figured it out. WiFiFoFum (an app for wifi scanning) has an update for the jailbreak community that claims it has been fixed to work with iOS 5:

I wonder how they did it.
Oct 19, 2011
that makes it easier (a bit) instead of reversing the aiport utility, which is signed, we can decompile the unsigned wififofum app :P
Oct 19, 2011
Reversing WiFiFofum I found that is using the IPConfiguration.bundle instead of WiFiManager.bundle, did an nm et voila, the Apple80211Functions were there. 

Can anyone confirm if they work right out of the box with the existing code? I have no iOS 5 device at hand...
Oct 19, 2011
I can try... 
libHandle = dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/WiFiManager", RTLD_LAZY);

does this look alright? I havent fully reversed WifiFofum yet.. ran class-dump but it crashes, and OTX only gave me ARM ASM with some Methodnames
Oct 19, 2011
Try libHandle = dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration", RTLD_LAZY);
Oct 19, 2011
Hehe ofcourse... it doesn't crash. However, it doesn't seem to return any results on a non-jailbroken device. The log says:

deny system-socket
Oct 19, 2011
On iOS 5 I just tried

libHandle = dlopen("/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration", RTLD_LAZY);

My app doesn't crash and libHandle and all the function pointers ( i.e. open = dlsym(libHandle, "Apple80211Open");) are non NULL.  But when I scan for access points the returned array is nil.  I took a shot at binding to en1 but that didn't change anything.

Oct 19, 2011
Anyone else had success with IOS 5.0 X?

I'm two days and this little success. I tried to put IPConfiguration Apple80211Open returns null.
Oct 19, 2011
I tried it on a non-jailbroken device and also get "deny system-socket" when performing the scan. Have anyone had a chance to try it out on a jailbroken one?
Oct 20, 2011
@robestra (18), could you perhaps share the steps you took, to find that WiFiFofum uses the IPConfiguration bundle? This will help me understand a bit more about the process, and maybe I can use it if we still need to reverse the Airport Utility.

Also, you used "nm" on the IPConfiguration.bundle on the device itself?

If we can figure all of this out, it will make the process easier in the future.

Oct 20, 2011
I simply took notepad++ and opened the wififofum binary and looked for Apple80211Functions names on the file and the path to the bundles and found it. 

I have no idea if arguments or return types are still the same...

The nm I did was over a dumped IPConfiguration bundle of an iPhone 4 GSM ipsw file, you only have to unzip it and decrypt the heavier dmg with a tool lke iDecrypt. Keys for the rootfs dmgs can be found putting their filenames at google.
Oct 20, 2011
alright, thanks for the info, I will check it out after work :)
Oct 20, 2011
Hmm I just noticed, that after running an App which tries to use the api, that my 3G Data Connection seems to crash. No more internet on my phone, have to reboot for it to work again. So I think the API is not completely the same as it was.
Oct 20, 2011
Just to share... I simply replaced the old framework path with the new one and everything works great. Don't know why you guys are getting crashes.
Oct 20, 2011
Jailbreak or not?
Oct 21, 2011
Apple80211Scan function is working but returns null.  
Does anybody know?
Oct 23, 2011
It finally works properly or not?
Oct 26, 2011
I still haven't gotten the scan to work on iOS 5 with a non jailbroken phone.  Any idea's?  I can't run with a jailbroken phone for work reasons.
Oct 26, 2011
I have verified that using the IPConfiguration framework works for jailbroken phones, but for non-jailbroken phones I still get the "deny system-socket" error when invoking the Apple80211Scan() function. And same as #28, under certain circumstances, the 3G data connection breaks after using the API and only a reboot will fix it. Don't know why, though.
Oct 26, 2011
By the way, one the persons collaborating with me as a beta tester discovered that the issue with the 3G data connection may be related to using SemiTether (0.7.9-1) in his jailbroken phone. After he removed SemiTether from his phone he didn't have any more issues with 3G no matter what he did. I wonder if that's the case also in #28. 
Oct 26, 2011
no, i don't have mine jailbroken.
Oct 27, 2011
@agrana... But I'm using IPConfig framework with a JB iPhone, and scan function is returning null, so it is not working, isnĀ“t it? Have you managed to make a good wifi scan in a JB iPhone?

I have send some emails to wififofum develoeprs or contact persons but I have no answer from them.

I can test in both kind of iPhone, JB and not, so feel free to share what you have in order to test anything new.

I have change some libs and frameworks from 4.3.3 to 5.0 so if I get some good news I'll post it here.

I jhave notice, that IPConfig terminal command is working properly through SSH terminal, was this command working in iPhone JB before iOS 5?
Oct 27, 2011
iPseedtouched also seems to use the new API location.

It would suck if the framework is not accessible from a non jailbroken device. But Then again, Airport Utility also scans for networks.
Oct 27, 2011
Hi again, can anybody explain how to use the nm commands? please. I have both devices iPhone 4 and iPhone 4 JB, I,m lokking for changes between 4.3.5 and iOS5 WiFiManager frameworks.

Other thing, looking at WiFiFofum binary, I have seen some references to WFManager Class. I have seen the same kind of names at WiFiPicker framework. 
Oct 27, 2011
Hi again and again...

I have seen that WiFi Analyzer claims that is fixed to iOS 5. I'm trying to contact developer for more info.
Oct 31, 2011
Hi, is any body here finally get it working. Please share for future response. 
Nov 2, 2011
Hi, could it be possible to use this methods in MobileWiFi.framework(found with nm MobileWiFi):
00002960 T _wifi_device_scan_async
0000270c T _wifi_manager_close
00001cec T _wifi_manager_open

Could it be possilbe that they are quite simmilar to the Apple802Functions, but don't need to bind any longer?
(I mean a device running iOS usualy has only one WiFi-Chip hasn't it?)

Nov 2, 2011
It seems like Airport Utility also uses MobileWiFi.framework. I however have no jailbroken phone with iOS5 so I cannot decrypt the binary and run a classdump on it. 
Nov 3, 2011
Where did the comment(which was #45) from the WiFiFoFum Developer go?????

Which API can you recommend?
Nov 3, 2011
to quote the missing message:

"Hi dev of WiFiFoFum here! You used to be able to use the WiFiManager in a non jailbroken app with the entitlement, similar to how you give your app keychain access or get-task-allow for ad hoc builds. Since about Xcode 4.1 you can no longer give that entitlement to your app because Xcode throws an error invalid entitlement when you try to deploy. Currently the only way to use WiFI in OS 5 is to deploy to /Applications in a jailbroken environment and there are several APIs you can use that offer various different features."

I can confirm that the Apple Airport Utility has this entitlement in the Entitlements.plist. I'll try to see If i can make a build using an old sdk tonight, since it apparently doesnt work with xcode 4
Nov 6, 2011
Can any body tell me if its possible to get the method signature of WiFiDeviceScanAsync?

If yes how can i do this?

I want to try if that Method (in the MobileWifi.framework) works...
Nov 10, 2011
I just test it with my non-jailbreak phone, iOS5:

[Crushed - image not found error]

[Crushed with warning] 
warning: check_safe_call: could not restore current frame
warning: Unable to restore previously selected frame.

[Did not crush but it returns zero]
Nov 10, 2011
Hello their I just update my iPad to iOS5 and xCode to 4.2 and run again my previews application with searching AP. I have the same problem.  
I try all these paths and I realize that no one can do anything.. So I have the same problem too.. 
I am looking forward to listen from you guys some solutions because I realize that your experts. 

I am using a non-jailbreak iOS too, and I can't do it because of my work. Thanks all of you for the above info.. 
However if I can try anything and in my device (iPad 2) let me know.. 
good luck!
Nov 11, 2011
Substituting "/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager" with
"/System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration"  works.

However per we need a jailbroken device.

However during our tests we found that issuing the stop command from the XCODE debugger seems to get the scan results even on non-jailbroken devices. Is there a way to send a SIGINT inside the code and add a handler to catch the signal to mimic the GDB stop. This could work around needing root permissions.

Nov 11, 2011
How can I do to run GDB in sending the SIGINT dear friend "Comment 51:
Nov 16, 2011
I don't know anything about this stuff but I thought of something that I'm now wondering about.  Like many of you I need to run my app on a non-jailbroken iPhone. But....  What if I had a jailbroken iPhone. Is it possible to copy the WiFiManager or IPConfiguration dylib off the iPhone and include it as a resource in my Xcode project.  Then when running on a non-jailbroken iPhone, use the version from my app bundle.  I don't know if this is even possible and if so does it get around the permissions problem?
Nov 17, 2011
Seems currently all the applications(include those in APP store) are not available for iOS5. Anyhow, the hint is Airport Utility is able to do the scan...
Hope we can find new solution soon for not Jail breaked iPhones.
Nov 18, 2011
Airport Utility, uses the string in the entitlements.plist, but it's
impossible to put the app on the device with that string.
Nov 23, 2011
So anybody have a response to my Comment #53?
Nov 27, 2011
Today I found the debug that Apple uses the "/System/Library/SystemConfiguration/WiFiManager.bundle/WiFiManager"  
Nov 29, 2011
At comment 57: My friend this does not work with iOS 5. it crashes me when I use this path.
So is not the solution. I don't know if solution will exist (for non jailbreak iOS devices).
Jan 23, 2012
Anyone have updates regarding this? Are there any hope for non-jailbreaking users?
Apr 10, 2012
hi everyone, i tested /System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration, i can get rssi from  Apple80211GetInfoCopy and it need not jailbreak your ios, but i doesn't test other APIs.

My devices are ipad2-ios5.0.1 and ipad2-ios5.1.
Apr 17, 2012
Could anyone please confirm yupengs findings?

If anyone could test if works with 5.0.1 and 5.1 I would be greatful.
Apr 17, 2012
Apple80211Scan works with 5.0.1 and 5.1 but only on jailbreak devices. On non-jailbreak devices you still get the "deny system-socket" due to sandboxing.
Apr 17, 2012
Thanks for the answer
Apr 23, 2012
Has anyone managed to get the Apple80211Associate method to work?
I can successfully run Apple80211Open, Apple80211Close, Apple80211BindToInterface, Apple80211Scan, and Apple80211GetInfoCopy on my jailbroken device thanks to but I can't seem to associate to a network; any help would be much appreciated 
(going through did not solve my problem).
Apr 25, 2012
Apple80211Scan can not work on jailbreak devics with ios 5.0.1 and ios 5.1, I use the sample from
Jun 11, 2012
unable to scan wifi using Apple80211Scan with iOS 5.1.0. Did someone manage to make it work.

Sign in to add a comment

Powered by Google Project Hosting