What function/syscall is used by iOS to read and write files

Question

I want to intercept file read/write on iOS for providing transparent encryption/decryption functionality to some of my apps.

I know I can swizzle the various SDK methods for reading/writing files to do this, but that entails a LOT of hard work and is prone to error (I may miss swizzling some method, causing my application to crash/misbehave).

If there is some common syscall/function used by all these methods, then I'd rather swizzle it and save on some hard work + make it more foolproof. Is there any such common entry point?

PS: Acceptance into the app store is not a criteria here, since all these apps are for in-house enterprise deployment.

Thanks!

Answer 1

For this, you'll need a jailbroken device.

There are the POSIX syscalls read and write which can be hijacked (here's how - not iOS-specific, but Darwin anyway...)

You can also use MobileSubstrate(http://iphonedevwiki.net/index.php/MobileSubstrate) to hook the read() and write() functions in the C standard libraty which is almost exclusively used for the implementation of many basic frameworks and methods (including that of CocoaTouch - Foundation, CoreFoundation, and in fact some of the C and C++ standard libraries as well, etc.) - so most likely you won't need to alter the syscalls directly. Example:

static size_t (*orig_write)(int fd, void *buf, size_t n);

size_t hijacked_write(int fd, void *buf, size_t n)
{
    // do something, then
    return orig_write(fd, buf, n);
}

// in some initialization:
MSHookFunction(write, hijacked_write, (void **)&original_write);