如何分析Apple Watch Assisted-GPS (AGPS)

Codebaby
1,564 阅读7分钟

准备

  1. 筛选相关进程 locationdgeodgpsd

  2. 逆向上述进程文件得到runtime headers 并且 查看伪代码逻辑确定关键字

    1. 数据类型支持: GPSGLONASSGalileoQZSS 和北斗
    2. 筛选的关键词: CLFileUpdate(CLFU)#gpsdassistance

  3. 本次数据测试采用Apple Watch Series 6 [规格]只支持一种GPS/GNSS数据类型;从Series 7 开始支持多种类型

日志获取

  1. 先从手机浏览器下载Apple Watch对应的描述文件

  2. 将下载的描述文件通过手机选择安装到手表 。

  3. 长按Apple Watch上的两个按键2到3秒松开,设备震动,触发诊断日志生成。

  4. 过一段时间,到手机Watch App中 通用 -> 诊断日志中找到sysdiagnose_xxxx,下载并导出日志。

日志分析

1、日志摘要

  1. Apple Watch 连接上WIFI 或者 连接到iPhone并且有网络情况下(Apple Watch Series 6
  2. Apple Watch根据过期时间检查来判断是否下载辅助定位文件(LTO)
  3. 触发体能训练 或者 定位引擎工作的时候注入辅助文件
  4. 开始定位

2、主要的流程日志

// 1、检测是否可以网络下载LTO 
默认        2023-09-05 16:32:35.291908 +0800        locationd        CLFU,we are now on large reachability (WiFi or companion nearby), scheduling a download for https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat (period 43200.000)

默认        2023-09-05 16:32:35.292411 +0800        locationd        CLFU,last https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat downloaded over 43200.000 seconds ago (715545547.971), starting a download now

默认        2023-09-05 16:32:35.301971 +0800        locationd        CLFU,downloading from https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat to /var/root/Library/Caches/locationd/lto2.dat.temp

默认        2023-09-05 16:32:48.978981 +0800        locationd        CLFU,download completed to /var/root/Library/Caches/locationd/lto2.dat

// ----------------------------------------------------------------------

// 2、开始体能训练之前,注入辅助定位文件
默认        2023-09-05 16:38:27.970741 +0800        gpsd        #gdm,#ee,Injecting uncompressed assistance file,size,<private>

// -----------------------------------------------------------------------

// 3、开始定位
默认        2023-09-05 16:38:31.165296 +0800        gpsd        #gdm,Position,latitude,<private>,longitude,<private>,altWgs84,<private>,undulation,<private>,vertUnc,10.08,semiMajorHorizUnc,2.83,semiMinorHorizUnc,2.83,semiMajorAzimuthHorizUnc,90.00,source,11,reliability,50,gnssContent,4,estTech,0,assistanceUsed,c000c

// ... 省略 ...

默认        2023-09-05 16:38:32.172308 +0800        gpsd        #gdm,Position,latitude,<private>,longitude,<private>,altWgs84,<private>,undulation,<private>,vertUnc,4.81,semiMajorHorizUnc,2.12,semiMinorHorizUnc,2.12,semiMajorAzimuthHorizUnc,90.00,source,11,reliability,50,gnssContent,4,estTech,0,assistanceUsed,80008

3、体能训练前后


默认        2023-09-06 16:05:00.017374 +0800        locationd        CLFU,download completed to /var/root/Library/Caches/locationd/lto2.dat

// ... 省略 ...

默认        2023-09-06 16:29:00.353317 +0800        locationd        #gpsd,registerKeepAlive
默认        2023-09-06 16:29:00.359770 +0800        locationd        #gpsd,b13Enable,0,context.fB13,0
默认        2023-09-06 16:29:00.360153 +0800        locationd        #gpsd,benignPowerSave,0,context,0
默认        2023-09-06 16:29:00.374497 +0800        locationd        #gpsd,#ee,injectAssistanceFile,size,161590,file_age_sec,1440.389,is_lzma,0
默认        2023-09-06 16:29:00.376662 +0800        locationd        #gpsd,#rte,failed to read file,
// 16:29 时间点开始体能训练【室内步行】
// 设置GPS频率,我的这个Series 6只支持一种类型,仅支持 L1 
默认        2023-09-06 16:29:00.377126 +0800        locationd        #gpsd,setRfBandEnable,L1,1,L5,0
默认        2023-09-06 16:29:00.394357 +0800        gpsd        #gdm,start,initiated
默认        2023-09-06 16:29:00.394387 +0800        gpsd        #gdm,takeOsTransaction
默认        2023-09-06 16:29:00.394637 +0800        gpsd        #gdm,decodeCoexConfig,#coexConfig,0x0,lte,0,blanking,0,band,0,L5notch,0,xtal,0
默认        2023-09-06 16:29:00.398751 +0800        gpsd        #gdm,start,onAccepted success
默认        2023-09-06 16:29:00.399657 +0800        locationd        @ClxGps, state, 1, GnssDaemonDevice/gpsd
默认        2023-09-06 16:29:00.399977 +0800        gpsd        #rti,sha,0xBB49397A,sz,232
// 注入辅助定位文件
默认        2023-09-06 16:29:00.400777 +0800        gpsd        #gdm,#ee,Injecting uncompressed assistance file,size,<private>
默认        2023-09-06 16:29:00.401712 +0800        gpsd        #ee,sha,0x6FDD759D,sz,161590

默认        2023-09-06 16:29:01.944149 +0800        gpsd        #gdm,start,onCompleted success
默认        2023-09-06 16:29:01.944473 +0800        locationd        #gpsd,startCompleted,success

4、未下载且未运动辅助文件注入场景

配带手表,未运动;正常配带打字使用,gps系统启动也会注入辅助文件。

// 配带手表,未运动;正常配带打字使用,gps系统启动也会注入辅助文件
默认        2023-09-07 09:45:43.819818 +0800        locationd        System is waking: kIOMessageSystemWillPowerOn
默认        2023-09-07 09:45:43.828995 +0800        locationd        #gpsd,registerKeepAlive
默认        2023-09-07 09:45:43.830403 +0800        locationd        #gpsd,b13Enable,0,context.fB13,0
默认        2023-09-07 09:45:43.830823 +0800        locationd        #gpsd,benignPowerSave,0,context,0
默认        2023-09-07 09:45:43.833111 +0800        locationd        #gpsd,#ee,injectAssistanceFile,size,161814,file_age_sec,1699.343,is_lzma,0
默认        2023-09-07 09:45:43.833971 +0800        locationd        #gpsd,#rte,failed to read file,
默认        2023-09-07 09:45:43.834383 +0800        locationd        #gpsd,setRfBandEnable,L1,1,L5,0
默认        2023-09-07 09:45:43.841167 +0800        gpsd        #gdm,start,initiated
默认        2023-09-07 09:45:43.841187 +0800        gpsd        #gdm,takeOsTransaction
默认        2023-09-07 09:45:43.841707 +0800        gpsd        #gdm,decodeCoexConfig,#coexConfig,0x0,lte,0,blanking,0,band,0,L5notch,0,xtal,0
默认        2023-09-07 09:45:43.842339 +0800        gpsd        #gdm,start,onAccepted success
默认        2023-09-07 09:45:43.858285 +0800        gpsd        #gdm,#ee,Injecting uncompressed assistance file,size,<private>
默认        2023-09-07 09:45:43.862507 +0800        gpsd        #gdm,thermalRisk,0
错误        2023-09-07 09:45:43.864068 +0800        locationd        #gpsd,Ready,FailedRequest,Drop,GpsdResponseFailureStatusCode,SET_CONFIG_RF_BAND_ENABLE
错误        2023-09-07 09:45:43.866597 +0800        locationd        #gpsd,Ready,FailedRequest,Drop,GpsdResponseFailureStatusCode,SET_ASSISTANCE_SIGNAL_ENVIRONMENT
默认        2023-09-07 09:45:43.872565 +0800        calaccessd        System is waking: kIOMessageSystemWillPowerOn

5、过期规则

推理结论: 在使用iPhone蜂窝网络和WIFI的情况下,过期时间规则不一样

clhrseavl.avlltobcwv.plistrtistatus5.dat
iPhone蜂窝网络7天3天7天1.5天
WIFI网络1天12小时7天6小时
// ... 省略 ...

默认        2023-09-05 16:32:35.071151 +0800        locationd        CLFU,we are now on short reachability (Cell), scheduling a download for https://cl3.apple.com/2/v1/clhrseavl.avl.gz (period 604800.000)
默认        2023-09-05 16:32:35.072920 +0800        locationd        CLFU,last https://cl3.apple.com/2/v1/clhrseavl.avl.gz downloaded less than 604800.000 seconds ago (715506660.366), scheduling download for 716111460.366 (515905.295 away)

默认        2023-09-05 16:32:35.224061 +0800        locationd        CLFU,we are now on short reachability (Cell), scheduling a download for https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat (period 259200.000)
默认        2023-09-05 16:32:35.229582 +0800        locationd        CLFU,last https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat downloaded less than 259200.000 seconds ago (715545547.971), scheduling download for 715804747.971 (209192.742 away)

// ----------------------------------------------------------------------

默认        2023-09-05 16:32:35.291908 +0800        locationd        CLFU,we are now on large reachability (WiFi or companion nearby), scheduling a download for https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat (period 43200.000)
默认        2023-09-05 16:32:35.292411 +0800        locationd        CLFU,last https://iphone-ld.apple.com/lto/7day/v5/latest/lto2.dat downloaded over 43200.000 seconds ago (715545547.971), starting a download now

默认        2023-09-05 16:32:35.300026 +0800        locationd        CLFU,we are now on large reachability (WiFi or companion nearby), scheduling a download for https://cl3.apple.com/2/v1/clhrseavl.avl.gz (period 86400.000)
默认        2023-09-05 16:32:35.300542 +0800        locationd        CLFU,last https://cl3.apple.com/2/v1/clhrseavl.avl.gz downloaded over 86400.000 seconds ago (715506660.366), starting a download now

// ... 省略 ...


// 摘自其他日期日志记录
默认        2023-09-07 10:48:34.518655 +0800        locationd        CLFU,we are now on large reachability (WiFi or companion nearby), scheduling a download for https://configuration.apple.com/configurations/internetservices/bt/bcwv.plist (period 604800.000)
默认        2023-09-07 10:48:34.519651 +0800        locationd        CLFU,last https://configuration.apple.com/configurations/internetservices/bt/bcwv.plist downloaded less than 604800.000 seconds ago (715501783.023), scheduling download for 716106583.023 (358868.505 away)
默认        2023-09-07 10:48:34.731067 +0800        locationd        CLFU,we are now on large reachability (WiFi or companion nearby), scheduling a download for https://iphone-ld.apple.com/lto/a/rtistatus5.dat (period 21600.000)
默认        2023-09-07 10:48:34.731591 +0800        locationd        CLFU,last https://iphone-ld.apple.com/lto/a/rtistatus5.dat downloaded less than 21600.000 seconds ago (715742243.624), scheduling download for 715763843.624 (16128.893 away)

默认        2023-09-07 10:48:35.877919 +0800        locationd        CLFU,we are now on short reachability (Cell), scheduling a download for https://configuration.apple.com/configurations/internetservices/bt/bcwv.plist (period 604800.000)
默认        2023-09-07 10:48:35.878218 +0800        locationd        CLFU,last https://configuration.apple.com/configurations/internetservices/bt/bcwv.plist downloaded less than 604800.000 seconds ago (715501783.023), scheduling download for 716106583.023 (358867.145 away)
默认        2023-09-07 10:48:35.880554 +0800        locationd        CLFU,we are now on short reachability (Cell), scheduling a download for https://iphone-ld.apple.com/lto/a/rtistatus5.dat (period 129600.000)
默认        2023-09-07 10:48:35.880713 +0800        locationd        CLFU,last https://iphone-ld.apple.com/lto/a/rtistatus5.dat downloaded less than 129600.000 seconds ago (715742243.624), scheduling download for 715871843.624 (124127.743 away)
avatar
文章
阅读
粉丝