diff --git a/RootHelperSample/exepatch.c b/RootHelperSample/exepatch.c index 2a1267c..7b28c76 100644 --- a/RootHelperSample/exepatch.c +++ b/RootHelperSample/exepatch.c @@ -18,8 +18,7 @@ #include #define SYSLOG(...) // do {printf(__VA_ARGS__);printf("\n");} while(0) - -#define BOOTSTRAP_INSTALL_NAME "@loader_path/generalhooksigned.dylib" +char* BOOTSTRAP_INSTALL_NAME = "@loader_path/generalhooksigned.dylib"; extern void abort(void); //??? static size_t write_uleb128(uint64_t val, uint8_t buf[10]) @@ -261,6 +260,7 @@ int patch_macho(int fd, struct mach_header_64* header) { int libOrdinal=1; int prelibOrdinal=0; + bool found_new_bootstrap = false; int first_sec_off = 0; struct segment_command_64* linkedit_seg = NULL; struct symtab_command* symtab = NULL; @@ -289,6 +289,7 @@ int patch_macho(int fd, struct mach_header_64* header) if(strcmp(name, BOOTSTRAP_INSTALL_NAME)==0) { SYSLOG("bootstrap library exists @ %d!\n", libOrdinal); prelibOrdinal = libOrdinal; + found_new_bootstrap = true; } libOrdinal++; @@ -351,8 +352,11 @@ int patch_macho(int fd, struct mach_header_64* header) lc = (struct load_command *) ((char *)lc + lc->cmdsize); } - if(prelibOrdinal > 0) { - //keep old way, assert(prelibOrdinal == 1); +// if(prelibOrdinal > 0) { +// //keep old way, assert(prelibOrdinal == 1); +// return 0; +// } + if(found_new_bootstrap) { return 0; } @@ -617,9 +621,11 @@ int patch_executable(const char* file, uint64_t offset, uint64_t size) #include #include - -int patch_app_exe(const char* file) +int patch_app_exe(const char* file, char* insert_path) { + if (insert_path != NULL && insert_path[0] != '\0') { + BOOTSTRAP_INSTALL_NAME = insert_path; + } FAT *fat = fat_init_from_path(file); if (!fat) return -1; MachO *macho = fat_find_preferred_slice(fat); diff --git a/RootHelperSample/exepatch.h b/RootHelperSample/exepatch.h index 3663e7b..220b968 100644 --- a/RootHelperSample/exepatch.h +++ b/RootHelperSample/exepatch.h @@ -4,19 +4,6 @@ #include #include -// Define the bootstrap install name -#define BOOTSTRAP_INSTALL_NAME "@loader_path/generalhook.dylib" - -//// Function to rebind Mach-O binary -//void* rebind(struct mach_header_64* header, enum bindtype type, void* data, uint32_t* size); -// -//// Function to patch Mach-O binary -//int patch_macho(int fd, struct mach_header_64* header); -// -//// Function to patch executable -//int patch_executable(const char* file, uint64_t offset, uint64_t size); - -// Function to patch application executable -int patch_app_exe(const char* file); +int patch_app_exe(const char* file, char* insert_path); #endif // MACHO_PATCHER_H diff --git a/RootHelperSample/launchdshim/cfprefsdshim/Makefile b/RootHelperSample/launchdshim/cfprefsdshim/Makefile index 9dd9c02..cb8b395 100644 --- a/RootHelperSample/launchdshim/cfprefsdshim/Makefile +++ b/RootHelperSample/launchdshim/cfprefsdshim/Makefile @@ -9,6 +9,8 @@ cfprefsdshim_FILES = $(wildcard *.c) $(wildcard *.m) cfprefsdshim_CFLAGS = -fobjc-arc -isystem -Wno-error cfprefsdshim_LDFLAGS = -L./ -lbsm -lhooker cfprefsdshim_CODESIGN_FLAGS = -Sent.plist +# EDIT substrate.h similarly to libhooker's tbd in vendor/lib!!! +# old: //install-name: /Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate after-package:: ct_bypass -i .theos/obj/debug/cfprefsdshim -o cfprefsd diff --git a/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshim.m b/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshim.m index 1a5b2db..e774222 100644 --- a/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshim.m +++ b/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshim.m @@ -100,12 +100,13 @@ bool new_CFPrefsGetPathForTriplet(CFStringRef bundleIdentifier, CFStringRef user } int (*__CFXPreferencesDaemon_main)(int argc, char *argv[], char *envp[], char* apple[]); +int ptrace(int request, pid_t pid, caddr_t addr, int data); int main(int argc, char *argv[], char *envp[], char* apple[]) { @autoreleasepool { - NSLog(@"cfprefsdshim loaded"); +// NSLog(@"cfprefsdshim loaded"); / if (argc > 1 && strcmp(argv[1], "--jit") == 0) { - NSLog(@"cfprefsdshim jit 1"); +// NSLog(@"cfprefsdshim jit 1"); ptrace(0, 0, 0, 0); exit(0); } else { @@ -113,7 +114,7 @@ int main(int argc, char *argv[], char *envp[], char* apple[]) { char *modified_argv[] = {argv[0], "--jit", NULL }; int ret = posix_spawnp(&pid, argv[0], NULL, NULL, modified_argv, envp); if (ret == 0) { - NSLog(@"cfprefsdshim jit 2"); +// NSLog(@"cfprefsdshim jit 2"); waitpid(pid, NULL, WUNTRACED); ptrace(11, pid, 0, 0); kill(pid, SIGTERM); @@ -133,7 +134,7 @@ int main(int argc, char *argv[], char *envp[], char* apple[]) { LHHookFunctions(hooks, 3); void *handle = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_GLOBAL); __CFXPreferencesDaemon_main = dlsym(handle, "__CFXPreferencesDaemon_main"); - NSLog(@"cfprefsdshim starting..."); +// NSLog(@"cfprefsdshim starting..."); return __CFXPreferencesDaemon_main(argc, argv, envp, apple); } } diff --git a/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshimsignedinjected b/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshimsignedinjected index 9be0dfb..f9a42fc 100755 Binary files a/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshimsignedinjected and b/RootHelperSample/launchdshim/cfprefsdshim/cfprefsdshimsignedinjected differ diff --git a/RootHelperSample/launchdshim/launchdhook/main.m b/RootHelperSample/launchdshim/launchdhook/main.m index 3944986..cc51d74 100644 --- a/RootHelperSample/launchdshim/launchdhook/main.m +++ b/RootHelperSample/launchdshim/launchdhook/main.m @@ -107,16 +107,16 @@ int hooked_posix_spawnp(pid_t *restrict pid, const char *restrict path, const po argv[0] = (char *)path; posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); return posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); -// } else if (!strncmp(path, xpcproxyPath, strlen(xpcproxyPath))) { -// // FILE *file = fopen("/var/mobile/launchd.log", "a"); -// // char output[512]; -// // sprintf(output, "[launchd] changing path %s to %s\n", path, coolerMrui); -// // fputs(output, file); -// path = coolerXpcProxyPath; -// // fclose(file); -// argv[0] = (char *)path; -// posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); -// return posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); + } else if (!strncmp(path, xpcproxyPath, strlen(xpcproxyPath))) { + // FILE *file = fopen("/var/mobile/launchd.log", "a"); + // char output[512]; + // sprintf(output, "[launchd] changing path %s to %s\n", path, coolerMrui); + // fputs(output, file); + path = coolerXpcProxyPath; + // fclose(file); + argv[0] = (char *)path; + posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); + return posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); } return orig_posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); } diff --git a/RootHelperSample/launchdshim/xpcproxyhook/xpcproxyhook.m b/RootHelperSample/launchdshim/xpcproxyhook/xpcproxyhook.m index c1f92fb..0e1ce33 100644 --- a/RootHelperSample/launchdshim/xpcproxyhook/xpcproxyhook.m +++ b/RootHelperSample/launchdshim/xpcproxyhook/xpcproxyhook.m @@ -51,14 +51,13 @@ int hooked_posix_spawnp(pid_t *restrict pid, const char *restrict path, const po } __attribute__((constructor)) static void init(int argc, char **argv) { - FILE *file; - file = fopen("/var/mobile/xpcproxyhook.log", "w"); - char output[512]; - sprintf(output, "[xpcproxyhook] xpcproxyhook pid %d", getpid()); -// printf("[launchd] launchdhook pid %d", getpid()); - fputs(output, file); - fclose(file); - sync(); +// FILE *file; +// file = fopen("/var/mobile/xpcproxyhook.log", "w"); +// char output[512]; +// sprintf(output, "[xpcproxyhook] xpcproxyhook pid %d", getpid()); +// fputs(output, file); +// fclose(file); +// sync(); struct rebinding rebindings[] = (struct rebinding[]){ {"csops", hooked_csops, (void *)&orig_csops}, diff --git a/RootHelperSample/main.m b/RootHelperSample/main.m index 969656e..e798eac 100644 --- a/RootHelperSample/main.m +++ b/RootHelperSample/main.m @@ -299,17 +299,23 @@ void installClone(NSString *path) { [[NSFileManager defaultManager] copyItemAtPath:path toPath:jbroot(path) error:nil]; NSString* ents = [usprebooterappPath() stringByAppendingPathComponent:@"launchdentitlements.plist"]; + NSString *hook_file = @"generalhooksigned.dylib"; + NSString *insert_path = @""; if ([path isEqual:@"/Applications/MediaRemoteUI.app/MediaRemoteUI"]) { ents = [usprebooterappPath() stringByAppendingPathComponent:@"MRUIents.plist"]; } else if ([path isEqual:@"/System/Library/CoreServices/SpringBoard.app/SpringBoard"]) { ents = [usprebooterappPath() stringByAppendingPathComponent:@"SpringBoardEnts.plist"]; + } else if ([path isEqual:@"/usr/libexec/xpcproxy"]) { + ents = [usprebooterappPath() stringByAppendingPathComponent:@"xpcproxydents.plist"]; + hook_file = @"xpcproxyhooksigned.dylib"; + insert_path = @"@loader_path/xpcproxyhooksigned.dylib"; } else { NSLog(@"Note: no dedicated ents file for this, shit will likely break"); } // strip arm64e replaceByte(jbroot(path), 8, "\x00\x00\x00\x00"); - NSLog(@"insert dylib ret %d", patch_app_exe([jbroot(path) UTF8String])); + NSLog(@"insert dylib ret %d", patch_app_exe([jbroot(path) UTF8String], [insert_path UTF8String])); signAdhoc(jbroot(path), ents); NSString *fastPathSignPath = [usprebooterappPath() stringByAppendingPathComponent:@"fastPathSign"]; @@ -318,11 +324,10 @@ void installClone(NSString *path) { NSString *stdErr; spawnRoot(fastPathSignPath, @[@"-i", jbroot(path), @"-r", @"-o", jbroot(path)], &stdOut, &stdErr); - NSString *dylib_path = [[path stringByDeletingLastPathComponent] stringByAppendingPathComponent:@"generalhooksigned.dylib"]; - + NSString *dylib_path = [[path stringByDeletingLastPathComponent] stringByAppendingPathComponent:hook_file]; NSString *symlink_path = [[path stringByDeletingLastPathComponent] stringByAppendingPathComponent:@".jbroot"]; - [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:@"generalhooksigned.dylib"] toPath:jbroot(dylib_path) error:nil]; + [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:hook_file] toPath:jbroot(dylib_path) error:nil]; [[NSFileManager defaultManager] createSymbolicLinkAtPath:jbroot(symlink_path) withDestinationPath:jbroot(@"/") error:nil]; } @@ -368,10 +373,13 @@ int main(int argc, char *argv[], char *envp[]) { [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"launchd") error:nil]; [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"launchdhook.dylib") error:nil]; [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/Applications/MediaRemoteUI.app/MediaRemoteUI") error:nil]; - [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/Applications/MediaRemoteUI.app/generalhooksigned") error:nil]; + [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/Applications/MediaRemoteUI.app/generalhooksigned.dylib") error:nil]; [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/Applications/MediaRemoteUI.app/") error:nil]; [[NSFileManager defaultManager] removeItemAtPath:[jbroot(@"/usr/lib/TweakInject") stringByAppendingPathComponent:@"hideconfidentialtext.plist"] error:nil]; [[NSFileManager defaultManager] removeItemAtPath:[jbroot(@"/usr/lib/TweakInject") stringByAppendingPathComponent:@"hideconfidentialtext.dylib"] error:nil]; + [[NSFileManager defaultManager] removeItemAtPath:[jbroot(@"/usr/libexec/") stringByAppendingPathComponent:@"xpcproxyhooksigned.dylib"] error:nil]; + [[NSFileManager defaultManager] removeItemAtPath:[jbroot(@"/usr/libexec/") stringByAppendingPathComponent:@"generalhooksigned.dylib"] error:nil]; + [[NSFileManager defaultManager] removeItemAtPath:[jbroot(@"/usr/libexec/") stringByAppendingPathComponent:@"xpcproxy"] error:nil]; } } } else if ([action isEqual: @"reinstall"]) {