rpcclient

rpcclient.allocated

class rpcclient.allocated.Allocated

Bases: object

resource allocated on remote host that needs to be free

deallocate()

rpcclient.client

class rpcclient.client.Client(sock, sysname: str, arch: <Enum <FormatField>>, create_socket_cb: ~typing.Callable)

Bases: object

Main client interface to access remote rpcserver

DEFAULT_ARGV = ['/bin/sh']

DEFAULT_ENVP = []

property arch

get remote arch

call(address: int, argv: List[int] = None, return_float64=False, return_float32=False, return_float16=False, return_raw=False, va_list_index: int = 65535) → Symbol

call a remote function and retrieve its return value as Symbol object

close()

dlclose(lib: int)

call dlclose() at remote and return its handle. see the man page for more details.

dlopen(filename: str, mode: int) → Symbol

call dlopen() at remote and return its handle. see the man page for more details.

dlsym(lib: int, symbol_name: str)

call dlsym() at remote and return its handle. see the man page for more details.

property environ: List[str]

property errno

freeing(symbol)

get_dummy_block() → Symbol

get an address for a stub block containing nothing

getenv(name: str) → str | None

get process environment variable

info()

print information about current target

interactive(additional_namespace: Mapping = None)

Start an interactive shell

property last_error

get info about the last occurred error

listdir(filename: str)

get an address for a stub block containing nothing

peek(address: int, size: int) → bytes

peek data at given address

property pid

poke(address: int, data: bytes)

poke data at given address

raise_errno_exception(message: str)

reconnect()

close current socket and attempt to reconnect

safe_calloc(size: int)

safe_malloc(size: int)

setenv(name: str, value: str)

set process environment variable

shell()

spawn(argv: ~typing.List[str] = None, envp: ~typing.List[str] = None, stdin: ~rpcclient.client.io_or_str = <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>, stdout=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>, raw_tty=False, background=False) → SpawnResult

spawn a new process and forward its stdin, stdout & stderr

Parameters:

• argv – argv of the process to be executed

• envp – envp of the process to be executed

• stdin – either a file object to read from OR a string

• stdout – a file object to write both stdout and stderr to. None if background is requested

• raw_tty – should enable raw tty mode

• background – should execute process in background

Returns:

a SpawnResult. error is None if background is requested

symbol(symbol: int)

at a symbol object from a given address

property uname

get the utsname struct from remote

class rpcclient.client.ProtocolDirent(d_inode: int, d_type: int, d_name: str, lstat: rpcclient.client.ProtocolDitentStat, stat: rpcclient.client.ProtocolDitentStat)

Bases: object

d_inode: int

d_name: str

d_type: int

lstat: ProtocolDitentStat

stat: ProtocolDitentStat

class rpcclient.client.ProtocolDitentStat(errno: int, st_dev: int, st_mode: int, st_nlink: int, st_ino: int, st_uid: int, st_gid: int, st_rdev: int, st_size: int, st_blocks: int, st_blksize: int, st_atime: int, st_mtime: int, st_ctime: int)

Bases: object

errno: int

st_atime: int

st_blksize: int

st_blocks: int

st_ctime: int

st_dev: int

st_gid: int

st_ino: int

st_mode: int

st_mtime: int

st_nlink: int

st_rdev: int

st_size: int

st_uid: int

class rpcclient.client.SpawnResult(error, pid, stdout)

Bases: tuple

error

Alias for field number 0

pid

Alias for field number 1

stdout

Alias for field number 2

rpcclient.client_factory

rpcclient.client_factory.create_client(create_socket_cb: Callable) → Client | IosClient | MacosClient | LinuxClient

rpcclient.client_factory.create_local() → Client | IosClient | MacosClient | LinuxClient

rpcclient.client_factory.create_tcp_client(hostname: str, port: int = 5910) → Client | IosClient | MacosClient | LinuxClient

rpcclient.client_factory.recvall(sock, size: int) → bytes

rpcclient.exceptions

exception rpcclient.exceptions.ArgumentError

Bases: RpcClientException

at least one of the supplied arguments for a given function was invalid

exception rpcclient.exceptions.BadReturnValueError

Bases: RpcClientException

remote c function returned an error

exception rpcclient.exceptions.CfSerializationError

Bases: RpcClientException

failed to encode/decode a cfobject into/from a python object

exception rpcclient.exceptions.ElementNotFoundError

Bases: RpcClientException

Failed to find element

exception rpcclient.exceptions.FailedToConnectError

Bases: RpcClientException

failed to connect to rpcserver

exception rpcclient.exceptions.FirstElementNotFoundError

Bases: ElementNotFoundError

Failed to find the first element

exception rpcclient.exceptions.GettingObjectiveCClassError

Bases: RpcClientException

failed to create an objc class wrapper for a given object

exception rpcclient.exceptions.HarGlobalNotFoundError

Bases: RpcClientException

Failed to find Harlogger global

exception rpcclient.exceptions.InvalidServerVersionMagicError

Bases: RpcClientException

server handshake failed due to an invalid magic

exception rpcclient.exceptions.LastElementNotFoundError

Bases: ElementNotFoundError

Failed to find the last element

exception rpcclient.exceptions.MissingLibraryError

Bases: RpcClientException

a required library could not be found

exception rpcclient.exceptions.NoEntitlementsError

Bases: RpcClientException

binary contains no entitlements

exception rpcclient.exceptions.NoSuchActivityError

Bases: RpcClientException

exception rpcclient.exceptions.NoSuchPreferenceError

Bases: RpcClientException

attempt to read a preference data which doesn’t exist

exception rpcclient.exceptions.ProcessSymbolAbsentError

Bases: RpcClientException

trying to access a symbol which is not exported from any library currently loaded into the process’s memory

exception rpcclient.exceptions.RpcAccessibilityTurnedOffError

Bases: BadReturnValueError

Application AX and Automation is turned off

exception rpcclient.exceptions.RpcAppleScriptError

Bases: BadReturnValueError

Failed to execute given AppleScript

exception rpcclient.exceptions.RpcBrokenPipeError

Bases: BadReturnValueError

RPC version for BrokenPipeError (errno = EPIPE)

exception rpcclient.exceptions.RpcClientException

Bases: Exception

general exception

exception rpcclient.exceptions.RpcConnectionRefusedError

Bases: BadReturnValueError

RPC version for ConnectionRefusedError (errno = ECONNREFUSED)

exception rpcclient.exceptions.RpcFailedLaunchingAppError

Bases: BadReturnValueError

Failed to launch application

exception rpcclient.exceptions.RpcFailedToPlayError

Bases: BadReturnValueError

An attempt to play has failed

exception rpcclient.exceptions.RpcFailedToRecordError

Bases: BadReturnValueError

An attempt to record has failed

exception rpcclient.exceptions.RpcFileExistsError

Bases: BadReturnValueError

RPC version for FileExistsError (errno = EEXIST)

exception rpcclient.exceptions.RpcFileNotFoundError

Bases: BadReturnValueError

RPC version for FileNotFoundError (errno = ENOENTRY)

exception rpcclient.exceptions.RpcIsADirectoryError

Bases: BadReturnValueError

RPC version for IsADirectoryError (errno = ENOTEMPTY)

exception rpcclient.exceptions.RpcNotADirectoryError

Bases: BadReturnValueError

RPC version for NotADirectoryError (errno = ENOTDIR)

exception rpcclient.exceptions.RpcNotEmptyError

Bases: BadReturnValueError

raised when errno = ENOTEMPTY

exception rpcclient.exceptions.RpcPermissionError

Bases: BadReturnValueError

RPC version for PermissionError (errno = EPERM)

exception rpcclient.exceptions.RpcResourceTemporarilyUnavailableError

Bases: BadReturnValueError

raised when errno = EAGAIN

exception rpcclient.exceptions.RpcSetDeveloperModeError

Bases: BadReturnValueError

Failed to set Developer Mode

exception rpcclient.exceptions.RpcXpcError

Bases: BadReturnValueError

XPC-related error

exception rpcclient.exceptions.RpcXpcSerializationError

Bases: RpcXpcError

Failed to serialize/deserialize XPC message

exception rpcclient.exceptions.ServerDiedError

Bases: RpcClientException

server became disconnected during an operation

exception rpcclient.exceptions.SpawnError

Bases: RpcClientException

failed to spawn a child process

exception rpcclient.exceptions.SymbolAbsentError

Bases: RpcClientException

trying to access a symbol which is not exported from any library currently loaded into the server’s memory

exception rpcclient.exceptions.UnrecognizedSelectorError

Bases: RpcClientException

tried to access a non-existing objc object selector

rpcclient.fs

class rpcclient.fs.DirEntry(path, entry, client)

Bases: object

inode()

Return inode of the entry; cached per entry.

is_dir(*, follow_symlinks=True)

Return True if the entry is a directory; cached per entry.

is_file(*, follow_symlinks=True)

Return True if the entry is a file; cached per entry.

is_symlink()

Return True if the entry is a symbolic link; cached per entry.

property name: str

property path: str

stat(*, follow_symlinks=True)

Return stat_result object for the entry; cached per entry.

class rpcclient.fs.File(client, fd: int)

Bases: Allocated

CHUNK_SIZE = 65536

dup() → int

fdatasync()

fsync()

pread(length: int, offset: int) → bytes

call pread() at remote

pwrite(buf: bytes, offset: int)

call pwrite() at remote

read(size: int = -1, chunk_size: int = 65536) → bytes

read file at remote

seek(offset: int, whence: int) → int

lseek(fd, offset, whence) at remote. read man for more details.

tell() → int

write(buf: bytes)

continue call write() until

class rpcclient.fs.Fs(client)

Bases: object

filesystem utils

accessible(path: str, mode: int = 4)

check if a given path can be accessed.

chdir(path: str)

chdir(path) at remote. read man for more details.

chflags(path: str, flags: int = 0)

set file flags

chmod(path: str, mode: int, recursive=False)

chmod(path, mode) at remote. read man for more details.

chown(path: str, uid: int, gid: int, recursive=False)

chmod(path, mode) at remote. read man for more details.

find(top: str, topdown=True)

traverse a file tree top to down

is_file(path: str) → bool

Return True if the entry is a file

is_symlink(path: str) → bool

link(src: str, dst: str) → int

link(src, dst) - hardlink at remote. read man for more details.

listdir(path: str = '.') → List[str]

get directory listing for a given dirname

lstat(path: str)

lstat(filename) at remote. read man for more details.

mkdir(path: str, mode: int = 511, parents=False, exist_ok=False)

mkdir(path, mode) at remote. read man for more details.

open(file: str, mode: str, access: int = 511) → File

call open(file, mode, access) at remote and get a context manager file object :param file: filename to be opened :param mode: one of:

‘r’ - read only ‘r+’ - read and write. exception if file doesn’t exist ‘rw’ - read and write. create if it doesn’t exist. also truncate. ‘w’ - write only. create if it doesn’t exist. also truncate. ‘w+’ - read and write. create if doesn’t exist.

Parameters:

access – access mode as octal value

Returns:

a context manager file object

pull(remote: str, local: str, onerror=None)

pull complete directory tree

push(local: str, remote: str, onerror=None)

push complete directory tree

pwd() → str

calls getcwd(buf, size_t) and prints current path. with the special values NULL, 0 the buffer is allocated dynamically

read_file(file: str) → bytes

readlink(path: str, absolute=True) → str

readlink() at remote. read man for more details.

realpath(path: str) → str

realpath() at remote. read man for more details.

remote_file(remote: str)

remove(path: str, recursive=False, force=False)

remove(path) at remote. read man for more details.

rename(old: str, new: str)

rename(old, new) at remote. read man for more details.

scandir(path: str = '.') → List[DirEntry]

get directory listing for a given dirname

stat(path: str)

stat(filename) at remote. read man for more details.

symlink(src: str, dst: str) → int

symlink(src, dst) at remote. read man for more details.

touch(file: str, mode: int = None)

simulate unix touch command for given file

walk(top: str, topdown=True, onerror=None)

provides the same results as os.walk(top)

write_file(file: str, buf: bytes, access: int = 511)

rpcclient.lief

class rpcclient.lief.Lief(client)

Bases: object

” parse and patch executable files

get_symbols(path: str) → Mapping[str, Symbol]

parse(path: str)

class rpcclient.lief.Symbol(origin, value)

Bases: tuple

origin

Alias for field number 0

value

Alias for field number 1

rpcclient.network

class rpcclient.network.Hostentry(name, aliases, addresses)

Bases: tuple

addresses

Alias for field number 2

aliases

Alias for field number 1

name

Alias for field number 0

class rpcclient.network.Interface(name, address, netmask, broadcast)

Bases: tuple

address

Alias for field number 1

broadcast

Alias for field number 3

name

Alias for field number 0

netmask

Alias for field number 2

class rpcclient.network.Network(client)

Bases: object

gethostbyname(name: str) → Hostentry

property interfaces: List[Interface]

get current interfaces

socket(family=2, type=1, proto=0) → int

socket(family, type, proto) at remote. read man for more details.

tcp_connect(address: str, port: int) → Socket

make target connect to given address:port and get socket object

unix_connect(filename: str) → Socket

make target connect to given unix path and get socket object

class rpcclient.network.Socket(client, fd: int)

Bases: Allocated

CHUNK_SIZE = 1024

getblocking() → bool

gettimeout() → int | None

recv(size: int = 1024, flags: int = 0) → bytes

recv() at remote. read man for more details.

Parameters:

• size – chunk size

• flags – flags for recv() syscall. MSG_NOSIGNAL will always be added

Returns:

received bytes

recvall(size: int, flags: int = 0) → bytes

recv at remote until all buffer is received

send(buf: bytes | Symbol, size: int = None, flags: int = 0) → int

send(fd, buf, size, 0) at remote. read man for more details.

Parameters:

• buf – buffer to send

• size – If None, use len(buf)

• flags – flags for send() syscall. MSG_NOSIGNAL will always be added

Returns:

how many bytes were sent

sendall(buf: bytes, flags: int = 0) → None

continue call send() until

setblocking(blocking: bool)

setsockopt(level: int, option_name: int, option_value: bytes)

settimeout(seconds: int)

rpcclient.processes

class rpcclient.processes.Processes(client)

Bases: object

kill(pid: int, sig: int = 15)

kill(pid, sig) at remote. read man for more details.

waitpid(pid: int, flags: int = 0)

waitpid(pid, sig) at remote. read man for more details.

rpcclient.protocol

rpcclient.symbol

class rpcclient.symbol.Symbol

Bases: int

wrapper for a remote symbol object

PROXY_METHODS = ['peek', 'poke']

property c_bool: bool

cast to c_bool

property c_int16: int

cast to c_int16

property c_int32: int

cast to c_int32

property c_int64: int

cast to c_int64

property c_uint16: int

cast to c_uint16

property c_uint32: int

cast to c_uint32

property c_uint64: int

cast to c_uint64

change_item_size(new_item_size: int)

Temporarily change item size :param new_item_size: Temporary item size

close()

Construct compliance.

classmethod create(value: int, client)

Create a Symbol object. :param value: Symbol address. :param rpcclient.darwin_client.Client client: client. :return: Symbol object. :rtype: Symbol

disass(size=40) → List[CsInsn]

peek disassembled lines of ‘size’ bytes

property dl_info: Container

property filename: str

property name: str

peek(count)

peek_str(encoding='utf-8') → str

peek string at given address

poke(buf)

read(count: int)

Construct compliance.

seek(offset, whence)

Construct compliance.

tell()

Construct compliance.

write(buf)

Construct compliance.

rpcclient.symbols_jar

class rpcclient.symbols_jar.SymbolsJar

Bases: dict

static create(client)

Factory method for creating symbols jars :param client: client :rtype: SymbolsJar

get_lazy(name)

rpcclient.sysctl

class rpcclient.sysctl.CTL(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: IntEnum

DEBUG = 5

HW = 6

KERN = 1

MACHDEP = 7

MAXID = 9

NET = 4

UNSPEC = 0

USER = 8

VFS = 3

VM = 2

class rpcclient.sysctl.KERN(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: IntEnum

AFFINITY = 43

AIOMAX = 46

AIOPROCMAX = 47

AIOTHREADS = 48

ARGMAX = 8

BOOTFILE = 28

BOOTTIME = 21

CHECKOPENEVT = 70

CLASSIC = 44

CLASSICHANDLER = 45

CLOCKRATE = 12

COREDUMP = 51

COREFILE = 50

DOMAINNAME = 22

DUMMY = 33

DUMPDEV = 31

EXEC = 45

FILE = 15

HOSTID = 11

HOSTNAME = 10

IPC = 32

JOB_CONTROL = 19

KDEBUG = 24

LOGSIGEXIT = 36

LOW_PRI_DELAY = 57

LOW_PRI_WINDOW = 56

MAXFILES = 7

MAXFILESPERPROC = 29

MAXID = 72

MAXPROC = 6

MAXPROCPERUID = 30

MAXVNODES = 5

NETBOOT = 40

NGROUPS = 18

NISDOMAINNAME = 22

NTP_PLL = 27

NX_PROTECTION = 60

OSRELDATE = 26

OSRELEASE = 2

OSREV = 3

OSTYPE = 1

OSVERSION = 65

POSIX = 58

POSIX1 = 17

PROC = 14

PROCARGS = 38

PROCARGS2 = 49

PROCDELAYTERM = 53

PROCNAME = 62

PROF = 16

PS_STRINGS = 34

RAGEVNODE = 68

SAFEBOOT = 66

SAVED_IDS = 20

SECURELVL = 9

SHREG_PRIVATIZABLE = 54

SPECULATIVE_READS = 64

SUGID_COREDUMP = 52

SYMFILE = 37

SYSV = 42

TFP = 61

THALTSTACK = 63

THREADNAME = 71

TRANSLATE = 44

UPDATEINTERVAL = 25

USRSTACK32 = 35

USRSTACK64 = 59

VERSION = 4

VNODE = 13

class rpcclient.sysctl.Sysctl(client)

Bases: object

sysctl utils. read man page for sysctl(3) for more details

get(ctl: CTL, kern: KERN, arg: int = None, size=262144) → bytes

call sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen) on remote

get_by_name(name: str, size=262144) → bytes

equivalent of: sysctl <name>

get_int_by_name(name: str) → int

equivalent of: sysctl <name>

get_str_by_name(name: str) → str

equivalent of: sysctl <name>

set(ctl: CTL, kern: KERN, oldp: DarwinSymbol, oldenp: DarwinSymbol, arg: int = None)

call sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen) on remote

set_by_name(name: str, value: bytes)

equivalent of: sysctl <name> -w value

set_int_by_name(name: str, value: int)

equivalent of: sysctl <name> -w value

set_str_by_name(name: str, value: str)

equivalent of: sysctl <name> -w value

rpcclient.xonshrc