Using Private Framework is banned by Apple. It’s the biggest violation to Apple’s sdk agrement. But who cares, that doesn’t mean we can try and experiment what we can really do with an iphone. I’ll show you here in few lines how to link at runtime your application with a private framework. In this case I will use Apple80211.

  1. void *libHandle;
  2. void *airportHandle;
  3. int (*open)(void *);
  4. int (*bind)(void *, NSString *);
  5. int (*close)(void *);
  6. int (*associate)(void *, NSDictionary*, NSString*);
  7. int (*scan)(void *, NSArray **, void *);
  8.  
  9. libHandle = dlopen(/System/Library/PrivateFrameworks/Apple80211.framework/Apple80211″, RTLD_LAZY);
  10. open  = dlsym(libHandle, “Apple80211Open”);
  11. bind  = dlsym(libHandle, “Apple80211BindToInterface”);
  12. close = dlsym(libHandle, “Apple80211Close”);
  13. associate = dlsym(libHandle, “Apple80211Associate”);
  14. scan  = dlsym(libHandle, “Apple80211Scan”);

The real drawback of this approach is that the framework absolute path is hardcoded in our call to dlopen, which means Apple is able, with a real small change to the OS, to breaks our app. For completeness, the last framework organization change happened with the big step between firmware 1.x and 2.x.