Technical Musings: iOS consolidated.db workaround for hacked devices

Wednesday, April 20, 2011

iOS consolidated.db workaround for hacked devices

Looks like Apple is tracking iOS devices an recording that info in clear text:
http://radar.oreilly.com/2011/04/apple-location-tracking.html

Here's a way to ensure this data is not recorded:
 
You must have a hacked iOS device, and either Mobile Terminal or an SSH login.  You must also know the root password.  You first remove/move this file, and recreate it as a symbolic link to /dev/null like:
 
su
cd /System/Library/Frameworks/CoreLocation.framework/Support
rm consolidated.db
ln -s /dev/null consolidated.db
 
Anything written to this 'file' is sent to /dev/null, so it is not saved on the file system.  I've done this on a hacked device, and Location Services continue to work.

5 comments:

Udo said...

Did you check if the find-my-iphone service still works?

Drew Gulino said...

No, I have a 3GS and don't want to pay for MobileMe, so I don't use Find My iPhone, but from what I've seen, it's highly unlikely this file has anything to do with the Find My feature.

Nick said...

the mobile me service still works after linking file to /dev/null

keyman said...

can you please post the reversal command for this action!

thanks!

Drew Gulino said...

1) If you've moved the file, just delete the symlink, and move the file back:

su
cd /System/Library/Frameworks/CoreLocation.framework/Support
rm consolidated.db
cp consolidated.db.bak consolidated.db

2) I don't know any way to restore a deleted file on iOS. Just remove the symlink and wait for the device to recreate the file:

su
cd /System/Library/Frameworks/CoreLocation.framework/Support
rm consolidated.db
...