Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Sam Bingner
|
ce3e5035a7 | ||
|
Sam Bingner
|
ccfdf1294f | ||
|
Sam Bingner
|
1e3a86e836 | ||
 Pwn20wnd
|
9583329c5c | ||
|
Pwn20wnd
|
7cad24e8f4 |
+10
-13
@@ -237,6 +237,11 @@ NSArray *allDepsForPkg(NSString *pkg) {
|
||||
}
|
||||
|
||||
NSArray *resolveDepsForPkgWithQueue(NSString *pkg, NSMutableArray *queue, BOOL preDeps) {
|
||||
if (pkg == nil) {
|
||||
LOG("I can't resolve deps for no pkg. WTF.");
|
||||
return nil;
|
||||
}
|
||||
|
||||
NSArray *deps = preDeps?allDepsForPkg(pkg):getDepsForPkg(pkg);
|
||||
NSDictionary *pkgs = getPkgs();
|
||||
|
||||
@@ -244,14 +249,6 @@ NSArray *resolveDepsForPkgWithQueue(NSString *pkg, NSMutableArray *queue, BOOL p
|
||||
queue = [NSMutableArray new];
|
||||
}
|
||||
|
||||
if (deps == nil) {
|
||||
return queue;
|
||||
}
|
||||
|
||||
if (deps.count < 1) {
|
||||
return queue;
|
||||
}
|
||||
|
||||
NSRegularExpression *or = [NSRegularExpression regularExpressionWithPattern:@"\\s*([^\\|]+)\\s*\\|?" options:0 error:nil];
|
||||
for (NSString *dep in deps) {
|
||||
BOOL __block resolved = NO;
|
||||
@@ -318,25 +315,24 @@ NSArray *resolveDepsForPkgWithQueue(NSString *pkg, NSMutableArray *queue, BOOL p
|
||||
return nil;
|
||||
}
|
||||
}
|
||||
[queue removeObject:pkg];
|
||||
[queue addObject:pkg];
|
||||
if (![queue containsObject:pkg])
|
||||
[queue addObject:pkg];
|
||||
return queue;
|
||||
}
|
||||
|
||||
NSArray *resolveDepsForPkg(NSString *pkg, BOOL preDeps) {
|
||||
if (pkg == nil) {
|
||||
return nil;
|
||||
}
|
||||
return resolveDepsForPkgWithQueue(pkg, nil, preDeps);
|
||||
}
|
||||
|
||||
BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps) {
|
||||
NSArray *pkgsForPkg = resolveDepsForPkg(pkg, preDeps);
|
||||
if (pkgsForPkg == nil || pkgsForPkg.count < 1) {
|
||||
LOG("Found no pkgs to install for \"%@\"", pkg);
|
||||
return NO;
|
||||
}
|
||||
NSMutableArray *debsForPkg = [debsForPkgs(pkgsForPkg) mutableCopy];
|
||||
if (debsForPkg == nil) {
|
||||
LOG("Found no debs to install for \"%@\"", pkg);
|
||||
return NO;
|
||||
}
|
||||
if (installed != nil) {
|
||||
@@ -347,6 +343,7 @@ BOOL extractDebsForPkg(NSString *pkg, NSMutableArray *installed, BOOL preDeps) {
|
||||
return YES;
|
||||
}
|
||||
if (!extractDebs(debsForPkg)) {
|
||||
LOG("Failed to extract debs for \"%@\"", pkg);
|
||||
return NO;
|
||||
}
|
||||
[installed addObjectsFromArray:debsForPkg];
|
||||
|
||||
@@ -1405,6 +1405,19 @@ void exploit()
|
||||
}
|
||||
|
||||
// Dpkg better work now
|
||||
|
||||
if (pkgIsInstalled("science.xnu.undecimus.resources")) {
|
||||
LOG("Removing old resources...");
|
||||
_assert(removePkg("science.xnu.undecimus.resources", true), message, true);
|
||||
}
|
||||
|
||||
if (pkgIsInstalled("apt7") && compareInstalledVersion("apt7", "lt", "1:0")) {
|
||||
LOG("Installing newer version of apt7");
|
||||
NSString *apt7deb = debForPkg(@"apt7");
|
||||
_assert(apt7deb != nil, message, true);
|
||||
[debsToInstall addObject:apt7deb];
|
||||
}
|
||||
|
||||
if (debsToInstall.count > 0) {
|
||||
LOG("Installing manually exctracted debs...");
|
||||
_assert(installDebs(debsToInstall, true), message, true);
|
||||
|
||||
@@ -23,7 +23,7 @@ uint64_t cached_task_self_addr = 0;
|
||||
uint64_t task_self_addr()
|
||||
{
|
||||
if (cached_task_self_addr == 0) {
|
||||
cached_task_self_addr = (kCFCoreFoundationVersionNumber >= 1450.14) ? get_address_of_port(getpid(), mach_task_self()) : find_port_address(mach_task_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
cached_task_self_addr = have_kmem_read() ? get_address_of_port(getpid(), mach_task_self()) : find_port_address(mach_task_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
LOG("task self: 0x%llx", cached_task_self_addr);
|
||||
}
|
||||
return cached_task_self_addr;
|
||||
@@ -36,13 +36,13 @@ uint64_t ipc_space_kernel()
|
||||
|
||||
uint64_t current_thread()
|
||||
{
|
||||
uint64_t thread_port = (kCFCoreFoundationVersionNumber >= 1450.14) ? get_address_of_port(getpid(), mach_thread_self()) : find_port_address(mach_thread_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t thread_port = have_kmem_read() ? get_address_of_port(getpid(), mach_thread_self()) : find_port_address(mach_thread_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
return ReadKernel64(thread_port + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT));
|
||||
}
|
||||
|
||||
uint64_t find_kernel_base()
|
||||
{
|
||||
uint64_t hostport_addr = (kCFCoreFoundationVersionNumber >= 1450.14) ? get_address_of_port(getpid(), mach_host_self()) : find_port_address(mach_host_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t hostport_addr = have_kmem_read() ? get_address_of_port(getpid(), mach_host_self()) : find_port_address(mach_host_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t realhost = ReadKernel64(hostport_addr + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT));
|
||||
the_realhost = realhost;
|
||||
|
||||
@@ -65,7 +65,7 @@ mach_port_t fake_host_priv()
|
||||
return fake_host_priv_port;
|
||||
}
|
||||
// get the address of realhost:
|
||||
uint64_t hostport_addr = (kCFCoreFoundationVersionNumber >= 1450.14) ? get_address_of_port(getpid(), mach_host_self()) : find_port_address(mach_host_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t hostport_addr = have_kmem_read() ? get_address_of_port(getpid(), mach_host_self()) : find_port_address(mach_host_self(), MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t realhost = ReadKernel64(hostport_addr + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT));
|
||||
|
||||
// allocate a port
|
||||
@@ -81,7 +81,7 @@ mach_port_t fake_host_priv()
|
||||
mach_port_insert_right(mach_task_self(), port, port, MACH_MSG_TYPE_MAKE_SEND);
|
||||
|
||||
// locate the port
|
||||
uint64_t port_addr = (kCFCoreFoundationVersionNumber >= 1450.14) ? get_address_of_port(getpid(), port) : find_port_address(port, MACH_MSG_TYPE_COPY_SEND);
|
||||
uint64_t port_addr = have_kmem_read() ? get_address_of_port(getpid(), port) : find_port_address(port, MACH_MSG_TYPE_COPY_SEND);
|
||||
|
||||
// change the type of the port
|
||||
#define IKOT_HOST_PRIV 4
|
||||
|
||||
Reference in New Issue
Block a user