Hi. I wish I'd found a way to determine the USB hub port to which an iPad is connected, even if it means creating a one-time mapping of identifiers and ports beforehand. I thought I'd find some hardware identifiers that might help, but they appear to fluctuate depending on how the iPad carts are connected to the Mac. Is there anything reliable to achieve the desired result? Thanks for your insights. Franck

I need to developer a USB DEXT to support a custom device and something like this will be very useful. If not, is there another way to monitor DEXT/Kernel activity on iPadOS? Perhaps in LLDB?

When my macOS app try to deactivate CameraExtension, my app's didFailWithError is called with this error. Error Domain=OSSystemExtensionErrorDomain Code=4 "(null)" I cannot search for error code=4 with that domain. MyApp calls OSSystemExtensionManager.shared.submitRequest with OSSystemExtensionRequest.deactivationRequest I did implement these tasks. BundleID, MyApp: com.myapp, BundleID, CameraExtension: com.myapp.camera Added entitlement and App Groups for app and extension MyApp has SystemExtension capability on Xcode and provision MyApp is installed on /Applications/MyAppGroup/MyApp.app MyApp is executed by Finder macOS is Sonoma 14.2.1 (23C71) on M1 MacBook

Can anyone advise, or give example of, communicating large (>128 byte) incoming buffers from a dext to a user-space app? My specific situation is interrupt reads from a USB device. These return reports which are too large to fit into the asyncData field of an AsyncCompletion call. Apple's CommunicatingBetweenADriverKitExtensionAndAClientApp sample shows examples of returning a "large" struct, but the example is synchronous. The asynchronous example returns data by copying into a IOUserClientAsyncArgumentsArray, which isn't very big. I can allocate a single buffer larger than 4K in user space, and communicate that buffer to my driver as an IOMemoryDescriptor when I set up my async callback. The driver retains the descriptor, maps it into its memory space and can thus write into it when the hardware returns interrupt data. The driver then calls AsyncCompletion, which will cause my user-side callback to be called, so the user side software knows that there's new data available in the previously allocated buffer. That's fine, it works, but there are data race problems - since USB interrupt reads complete whenever the hardware has provided data, incoming completions happen at unpredictable times, so the shared buffer contents could change while the user side code is examining them. Is there an example somewhere of how to deal with this? Can I allocate memory on the driver side on demand, create an IOMemoryDescriptor for it and return that descriptor packed inside the asyncData? If so, how does the driver know when it can relinquish that memory? I have a feeling there's something here I just don't understand...

this is a repost with more appropriate tags. The original is here: https://developer.apple.com/forums/thread/744268 Can anyone advise, or give example of, communicating large (>128 byte) incoming buffers from a dext to a user-space app? My specific situation is interrupt reads from a USB device. These return reports which are too large to fit into the asyncData field of an AsyncCompletion call. Apple's CommunicatingBetweenADriverKitExtensionAndAClientApp sample shows examples of returning a "large" struct, but the example is synchronous. The asynchronous example returns data by copying into a IOUserClientAsyncArgumentsArray, which isn't very big. I can allocate a single buffer larger than 4K in user space, and communicate that buffer to my driver as an IOMemoryDescriptor when I set up my async callback. The driver retains the descriptor, maps it into its memory space and can thus write into it when the hardware returns interrupt data. The driver then calls AsyncCompletion, which will cause my user-side callback to be called, so the user side software knows that there's new data available in the previously allocated buffer. That's fine, it works, but there are data race problems - since USB interrupt reads complete whenever the hardware has provided data, incoming completions happen at unpredictable times, so the shared buffer contents could change while the user side code is examining them. Is there an example somewhere of how to deal with this? Can I allocate memory on the driver side on demand, create an IOMemoryDescriptor for it and return that descriptor packed inside the asyncData? If so, how does the driver know when it can relinquish that memory? I have a feeling there's something here I just don't understand...

Hi! There are two fields in ES message: global_seq_num and seq_num, which are described as a continuous number sequence unless the kernel is "dropping events" because "kernel generated more events than the client could handle." https://developer.apple.com/documentation/endpointsecurity/es_message_t/3684979-global_seq_num https://developer.apple.com/documentation/endpointsecurity/es_message_t/3538607-seq_num However, as we all know, system will kill ES client, if the message is not answered in (deadline) time. I've a lot questions about this thing: What the "drop" actually is? The event is not provided to es client from the kernel? What does the "client could handle" means exactly? (I mean, es client will be already killed, if it can't respond to event in deadline) Are the dropped events responded by the system immediately, or they do wait something? Are only auth events could be dropped, or notify too? What is the system resolution for dropped auth events? (allow I guess) What I'm expected to do as a developer with these two fields - should I just log them and hope to find something out later, or can I react somehow during runtime if I met the break in *seq_num sequence?

iOS uses the USB HID protocol to communicate wiredly with external peripherals. Is this technology feasible? Why?

I am new to macOS development and presently tearing my hair out trying to get a driverkit extension to build. I have tried following the instructions here: https://developer.apple.com/documentation/driverkit/communicating_between_a_driverkit_extension_and_a_client_app namely, disabling SIP, but I am still unable to get my extension to build. The instructions say to set the code signing identity to "Sign to Run Locally" for all three targets, but this is not listed as an option for the driver extension.

I was trying to hide some external drives from desktop, I know I can do it from finder preferences, but it will hide all my external drives from desktop. I want drive A, B, C to be visible on desktop but don't want drive D to be visible. Some website suggest this solution: sudo SetFile -a V /Volumes/"Drive Name" but it says I need command line tools, since I was in terminal, and prompt come from MacOS itself, I stared installation. But what are this tools actually is it sahe to install it? And why this tool taking 2.35GB of storage just to hide one icon from desktop?

I have a custom HID device that works on Windows totally fine with the default HID driver. The HID device knows how to accept string commands to control it and respond accordingly. I am trying to control it on Mac using IOKit. I am able to get the io_service_t reference to the IOHIDInterface for the device from the I/ORegistery. I use this to instantiate a class to represent the device. But when I try to establish a connection to the service, I keep getting -536870201 which corresponds to kIOReturnUnsupported. I'm not entirely sure what I am doing wrong here and I wasn't able to find anything online that could really help.

I have a custom HID USB device that I can control on Mac with IOKit via the default HID MacOS driver. I am using IOHIDManager to detect it and send reports to it. I would like to extend this capability to iPad but the full IOKit framework is not supported on iOS/iPadOS. I saw that USBDriverKit is now supported on iPads with an M1 chip or newer. But, both MacOS and Windows can operate the device with their generic HID driver. As such, having to create a whole custom driver to interact with an HID device on iOS is really overkill. Would registering it in the MFi Program and operating it with the External Accessory framework be the correct route to take here? Or is there another framework for controlling HID devices on iPad over USB that I am not aware of?

In another question on this forum (https://developer.apple.com/forums/thread/124775) eskimo stated that launching a system extension from an daemon is not the right approach and that the OSSystemExtensionRequest.activationRequest API should be called from an App. My question is, does this same restriction apply to a LaunchAgent started App? If so, to ensure activation as soon as possible is the only option to use a SMLoginItemSetEnabled helper to start the App on login?

I want to get the information of USB like, USB name, size, VID, PID, etc using DriverKit Extension but I'm facing difficulty finding such references or Sample code for the same. Please help me with the Sample code to get USB info with the help of Dext. Thanks

Hello, The latest version of Metal (on macOS 14) seems to have the instance property for the Metal device architecture. I was curious how this could be achieved on versions of macOS prior to 14 programatically? xcrun metal-arch The above command provides exactly what I need. I was thinking that I could use Metal and IOKit to grab the architecture, but I am lead to believe that there is some kind of mapping in the metal-arch tool and it may not be that easy. Any help would be greatly appreciated. Thanks.

I built an app which hosts a CMIOExtension. The app works, and it can activate the extension. The extension loads in e.g. Photo Booth and shows the expected video (a white horizontal line which moves down the picture). I have a couple of questions about this though. The sample Camera Extension is built with a CMIOExtension dictionary with just one entry, CMIOExtensionMachServiceName which is $(TeamIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER) This Mach service name won't work though. When attempting to activate the extension, sysextd says that the extensions has an invalid mach service name or is not signed, the value must be prefixed with one of the App Groups in the entitlement. So in order to get the sample extension to activate from my app, I have to change its CMIOExtensionMachServiceName to <my team ID>.com.mycompany.my-app-group.<myextensionname> Is this to be expected? The template CMIOExtension generates its own video using a timer. My app is intended to capture video from a source, filter that video, then feed it to the CMIOExtension, somehow. The template creates an app group called "$(TeamIdentifierPrefix)com.example.app-group", which suggests that it might be possible to use XPC to send frames from the app to the extension. However, I've been unable to do so. I've used NSXPCConnection * connection = [[NSXPCConnection alloc] initWithMachServiceName:, using the CMIOExtensionMachServiceName with no options and with the NSXPCConnectionPrivileged option. I've tried NSXPCConnection * connection = [[NSXPCConnection alloc] initWithServiceName: using the extension's bundle identifier. In all cases when I send the first message I get an error in the remote object proxy's handler: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named <whatever name I try> was invalidated: failed at lookup with error 3 - No such process." According to the "Daemons and Services Programming Guide" an XPC service should have a CFBundlePackageType of XPC!, but a CMIOExtension is of type SYSX. It can't be both. Does the CMIOExtension loading apparatus cook up a synthetic name for the XPC service, and if so, what is it? If none, how is one expected to get pixel buffers into the camera extension?

I can't find any useful help about the content described in the title on Apple's official website. The relevant help on its official website is almost all based on OC language, and even their sample programs are written in OC language. Can I ask if SWIFT can only use the COM port through the bridge of OC-SWIFT?

Hey! I'am trying to write my own driver for usb serial device. I'am trying to subclass from IOUserUSBSerial #include <DriverKit/IOService.iig> #include <USBSerialDriverKit/IOUserUSBSerial.iig> class NewDriver: public IOUserUSBSerial { public:     virtual kern_return_t     Start(IOService * provider) override; }; but get a lot of errors such as   "IOUserUSBSerial::handleRxPacket(unsigned char*&, unsigned int&)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::handleInterruptPacket(unsigned char const*, unsigned int)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::free()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::init()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::initWith(IOBufferMemoryDescriptor*)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "IOUserUSBSerial::_Dispatch(IOUserUSBSerial*, IORPC)", referenced from:       NewDriver::Start_Impl(IOService*) in NewDriver-e6d71af2158103084ce0c1eba7c6088d.o       NewDriver::_Dispatch(NewDriver*, IORPC) in NewDriver.iig.o   "vtable for IOUserSerial", referenced from:       IOUserSerial::IOUserSerial() in NewDriver.iig.o   NOTE: a missing vtable usually means the first non-inline virtual member function has no definition.   "vtable for IOUserUSBSerial", referenced from:       IOUserUSBSerial::IOUserUSBSerial() in NewDriver.iig.o   NOTE: a missing vtable usually means the first non-inline virtual member function has no definition.   "non-virtual thunk to IOUserUSBSerial::free()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::init()", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::initWith(IOBufferMemoryDescriptor*)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::handleRxPacket(unsigned char*&, unsigned int&)", referenced from:       vtable for NewDriver in NewDriver.iig.o   "non-virtual thunk to IOUserUSBSerial::handleInterruptPacket(unsigned char const*, unsigned int)", referenced from:       vtable for NewDriver in NewDriver.iig.o ld: symbol(s) not found for architecture x86_64 If I making any implementations of this methods errors staying on. What Im doing wrong? Is there anywhere examples for USBSerialDriverKit? Didn't find anything on github

Hey folks, I have an application that ships a CoreMedia I/O system extension to create a virtual camera. We separately ship an "uninstaller" app, which is a notarised AppKit app. This uninstaller removes the app, containers, and the system extension via the following API: let request = OSSystemExtensionRequest.deactivationRequest(forExtensionWithIdentifier: pluginIdentifier, queue: .main) request.delegate = self OSSystemExtensionManager.shared.submitRequest(request) The OSSystemExtensionRequest API does correctly deliver metadata via propertiesRequest(forExtensionWithIdentifier: …), but when we attempt to remove the extension using the above snippet, we get a failure OSSystemExtensionError.extensionNotFound. The uninstaller app is signed with the same entitlements and certificate as the host app. It also embeds a copy of the system extension as required by the API. I think the crux of the issue is: Should this be expected to work? We're all code-signed correctly etc, and the only difference is that the removal request is coming from an app with a different bundle identifier to the one that installed it start with. Thanks!

I'm using IOKit to connect to a custom USB HID device. I'm using XCode 14 and running Swift/SwiftUI. So far I have had great success reading from the device with IOHIDDeviceGetReport and this can be done repeatedly with no issues. However, when I use IOHIDDeviceSetReport, I can only successfully set the report to the device one time correctly but any subsequent call to this function would just end up with an I/O Timeout. Any calls using IOHIDDeviceGetReport still works fine so the USB Device is still functioning correctly, but I couldn't receive any additional IOHIDDeviceSetReport call. If I unplug the USB and plug it in again, I can once again successfully send a command. This is, of course, not very practical for the end user to have to unplug and plug the device in after a single set command, and I don't quite understand what's going on with this. Here's my SetOutputReport function to call the IOHIDDeviceSetReport. The IOHIDDevice must already be connected and opened before calling this function so it's not nil. I don't have this "one shot send command" problem on the PC (Windows 7, 10, 11) or Android (v.11,12,13,14) implementation of this Custom USB HID device. It seems like there's something at the lower level of IOHIDDeviceSetReport on macOS which might be done differently than what's available on the PC or Android. Many searches on the web yielded no useful results. There's an IOHIDDeviceSetReportWithCallback function and it also seems only to work one time as well. private func SetOutputReport(dev: IOHIDDevice? ,reportID: Int, data:[UInt8], reportLength: Int) -&gt; String{ let inputReportID = reportID var buffer = data buffer[0] = UInt8(inputReportID) let bufferPointer = UnsafeMutablePointer&lt;UInt8&gt;.allocate(capacity: buffer.count) bufferPointer.initialize(from: &amp;buffer, count: buffer.count) //print(bufferPointer[0]) let bufferLength: CFIndex = buffer.count var success: IOReturn = kIOReturnError if(dev != nil){ success = IOHIDDeviceSetReport(dev!, kIOHIDReportTypeOutput, CFIndex(buffer[0]), bufferPointer, bufferLength) } print("Set report result \(krToString(success))") return krToString(success) }

I have implemented an AppProxyProvider (NETransparentProxyProvider) and I am able to capture traffic with it. I am also able to define network rules allowing me to exclude some traffic: let settings = NETransparentProxyNetworkSettings(tunnelRemoteAddress: "127.0.0.1:8080") settings.includedNetworkRules = [ NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "0", remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) ] Now the documentation states that if I want to capture localhost traffic, I need to explicitly add the following rule: NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "127.0.0.0", port: "0", remotePrefix: 8, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) and if I want to capture ipv6 localhost address: NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "::1", port: "0", remotePrefix: 128, localNetwork: nil, localPrefix: 0, protocol: .TCP, direction: .outbound) All this works great. Now I am having trouble capturing external ipv6 traffic. For example my ISP supports ipv6 and facebook.com resolves to 2a03:2880:f128:181:face:b00c:0:25de on my machine. I am unable to write any rule allowing me to capture with the system extension such traffic. Either I get errors that the network mask cannot be greater than 32 or the traffic simply doesn't flow through the extension. Here's an example request that I would like to capture: curl https://facebook.com -kvp * Trying [2a03:2880:f128:181:face:b00c:0:25de]:443... * Connected to facebook.com (2a03:2880:f128:181:face:b00c:0:25de) port 443 (#0) * ALPN: offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * (304) (IN), TLS handshake, Server hello (2): * (304) (IN), TLS handshake, Unknown (8): * (304) (IN), TLS handshake, Certificate (11): * (304) (IN), TLS handshake, CERT verify (15): * (304) (IN), TLS handshake, Finished (20): * (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: C=US; ST=California; L=Menlo Park; O=Meta Platforms, Inc.; CN=*.facebook.com * start date: Aug 26 00:00:00 2023 GMT * expire date: Nov 24 23:59:59 2023 GMT * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. * using HTTP/2 * h2 [:method: GET] * h2 [:scheme: https] * h2 [:authority: facebook.com] * h2 [:path: /] * h2 [user-agent: curl/8.1.2] * h2 [accept: */*] * Using Stream ID: 1 (easy handle 0x7fcb5c011e00) &gt; GET / HTTP/2 &gt; Host: facebook.com &gt; User-Agent: curl/8.1.2 &gt; Accept: */* &gt; &lt; HTTP/2 301 &lt; location: https://www.facebook.com/ &lt; strict-transport-security: max-age=15552000; preload &lt; content-type: text/html; charset="utf-8" &lt; x-fb-debug: uWVEw8FZUIXozHae5VgKvIDY5lgH/4Aph+h+nJNJpIr7jFZIFGy9LRLGCSwPudcFBdi4Mf4rLaKsNGCBxHDmrA== &lt; content-length: 0 &lt; date: Fri, 17 Nov 2023 14:14:03 GMT &lt; alt-svc: h3=":443"; ma=86400 &lt; * Connection #0 to host facebook.com left intact Can this be achieved?