Add exploit options to UI

SerotoninApp · Jan 19, 2024 · cd1722e · cd1722e
1 parent dc09ea5
commit cd1722e
Show file tree

Hide file tree

Showing 6 changed files with 191 additions and 30 deletions.
diff --git a/Makefile b/Makefile
@@ -42,14 +42,14 @@ Serotonin.tipa: $(wildcard **/*.c **/*.m **/*.swift **/*.plist **/*.xml)
 	cp RootHelperSample/Exploits/fastPathSign/fastPathSign ChOma/output/ios/tests
 
 	echo "[*] Building Serotonin"
-	xcodebuild clean build -project Serotonin.xcodeproj -scheme usprebooter -sdk iphoneos -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED="NO"
+	xcodebuild clean build -project Serotonin.xcodeproj -scheme usprebooter -sdk iphoneos -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED="NO" -derivedDataPath build
 
 	echo "[*] Done building. Packaging for TS..."
 	$(MAKE) -C RootHelperSample
 	rm -rf Payload
 	rm -rf Serotonin.tipa
 	mkdir Payload
-	cp -a build/Release-iphoneos/usprebooter.app Payload
+	cp -a build/Build/Products/Release-iphoneos/usprebooter.app Payload
 	rm -rf Payload/usprebooter.app/Frameworks
 	cp RootHelperSample/.theos/obj/debug/arm64/trolltoolsroothelper Payload/usprebooter.app/trolltoolsroothelper
 	install -m755 RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib Payload/usprebooter.app/launchdhooksigned.dylib

diff --git a/usprebooter/SettingsManager.swift b/usprebooter/SettingsManager.swift
@@ -15,7 +15,10 @@ class SettingsManager {
     private init() {}
 
     static let didStaticHeadroomChange = Notification.Name("didFontSizeChange")
-    static let didPuafPagesChange = Notification.Name("didFontSizeChange")
+    static let didPuafPagesChange = Notification.Name("didPuafPagesChange")
+    static let didPuafMethodChange = Notification.Name("didPuafMethodChange")
+    static let didkReadMethodChange = Notification.Name("didkReadMethodChange")
+    static let didkWriteMethodChange = Notification.Name("didkWriteMethodChange")
 
     private var _staticHeadroom: Int? {
         didSet { NotificationCenter.default.post(name: SettingsManager.didStaticHeadroomChange, object: nil) }
@@ -25,6 +28,18 @@ class SettingsManager {
         didSet { NotificationCenter.default.post(name: SettingsManager.didPuafPagesChange, object: nil) }
     }
 
+    private var _puafMethod: Int? {
+        didSet { NotificationCenter.default.post(name: SettingsManager.didPuafMethodChange, object: nil) }
+    }
+
+    private var _kReadMethod: Int? {
+        didSet { NotificationCenter.default.post(name: SettingsManager.didkReadMethodChange, object: nil) }
+    }
+
+    private var _kWriteMethod: Int? {
+        didSet { NotificationCenter.default.post(name: SettingsManager.didkWriteMethodChange, object: nil) }
+    }
+
     var staticHeadroom: Int {
         get { return _staticHeadroom ?? UserDefaults.standard.value(forKey: "staticHeadroom") as? Int ?? 512 }
         set {
@@ -34,7 +49,7 @@ class SettingsManager {
     }
 
     var isBetaIos: Bool {
-        get { return UserDefaults.standard.bool(forKey: "isBetaIos", defaultValue: false) }
+        get { return UserDefaults.standard.bool(forKey: "isBetaIos", defaultValue: isBetaiOS()) }
         set { UserDefaults.standard.set(newValue, forKey: "isBetaIos") }
     }
 
@@ -49,12 +64,41 @@ class SettingsManager {
     }
 
     var puafPages: Int {
-        get { return _puafPages ?? UserDefaults.standard.value(forKey: "puafPages") as? Int ?? 512 }
+        get { return _puafPages ?? UserDefaults.standard.value(forKey: "puafPages") as? Int ?? 3072 }
         set {
             _puafPages = newValue
             UserDefaults.standard.set(newValue, forKey: "puafPages")
         }
     }
+
+    var puafMethod: Int {
+        get { return _puafMethod ?? UserDefaults.standard.value(forKey: "puafMethod") as? Int ?? 2 }
+        set {
+            _puafMethod = newValue
+            UserDefaults.standard.set(newValue, forKey: "puafMethod")
+        }
+    }
+
+    var kreadMethod: Int {
+        get { return _kReadMethod ?? UserDefaults.standard.value(forKey: "kreadMethod") as? Int ?? 1 }
+        set {
+            _kReadMethod = newValue
+            UserDefaults.standard.set(newValue, forKey: "kreadMethod")
+        }
+    }
+
+    var kwriteMethod: Int {
+        get { return _kWriteMethod ?? UserDefaults.standard.value(forKey: "kwriteMethod") as? Int ?? 1 }
+        set {
+            _kWriteMethod = newValue
+            UserDefaults.standard.set(newValue, forKey: "kwriteMethod")
+        }
+    }
+
+    var useMemoryHogger: Bool {
+        get { return UserDefaults.standard.bool(forKey: "useMemoryHogger", defaultValue: ((getPhysicalMemorySize() > UInt64(5369221120)))) } // 5 GB
+        set { UserDefaults.standard.set(newValue, forKey: "useMemoryHogger") }
+    }
 }
 
 extension UserDefaults {
@@ -68,9 +112,13 @@ extension UserDefaults {
 extension SettingsManager {
     func resetToDefaultDefaults() {
         staticHeadroom = 512
-        isBetaIos = false
         verboseBoot = true
         hideInternalText = true
-        puafPages = 4096
+        useMemoryHogger = ((getPhysicalMemorySize() > UInt64(5369221120)))
+        puafPages = 3072
+        puafMethod = 2
+        kwriteMethod = 1
+        kreadMethod = 1
+        isBetaIos = isBetaiOS()
     }
 }
diff --git a/usprebooter/UI/Tabs/JailbreakViewController.swift b/usprebooter/UI/Tabs/JailbreakViewController.swift
@@ -12,6 +12,7 @@ class JailbreakViewController: UIViewController, UITableViewDelegate, UITableVie
 
     let tableView = UITableView()
     let cellReuseIdentifier = "Cell"
+    let settingsManager = SettingsManager.shared
 
 
 
@@ -84,8 +85,8 @@ class JailbreakViewController: UIViewController, UITableViewDelegate, UITableVie
 
 extension JailbreakViewController: JBButtonDelegate {
     func jbButtonDidFinishAction(_ button: jbButton) {
-        do_kopen(4096, 2, 1, 1, 0, false)
-        go(false, "reinstall")
+        do_kopen(UInt64(settingsManager.puafPages), UInt64(settingsManager.puafMethod), UInt64(settingsManager.kreadMethod), UInt64(settingsManager.kwriteMethod), settingsManager.staticHeadroom, settingsManager.useMemoryHogger)
+        go(settingsManager.isBetaIos, "reinstall")
         button.updateButtonState(.jailbreaking)
         Logger.shared.log(logType: .warning, subTitle: "meow")
         DispatchQueue.global().async {

diff --git a/usprebooter/UI/Tabs/OptionsViewController.swift b/usprebooter/UI/Tabs/OptionsViewController.swift
@@ -7,20 +7,24 @@
 //
 
 import Foundation
+import Darwin
 import UIKit
 
 class OptionsViewController: UIViewController, UITableViewDelegate, UITableViewDataSource, UITextFieldDelegate {
     var tableView: UITableView!
     var tableData = [
         ["About", "Changelogs"],
         ["Beta iOS", "Verbose Boot", "Hide Internal Text"],
-        ["PUAF Pages", "Static Headroom"],
+        ["PUAF Pages", "PUAF Method", "KRead Method", "KWrite Method" ,"Use Memory Hogger", "Headroom"],
         ["Set Defaults"]
     ]
 
     var sectionTitles = [
         "", "Options", "Exploit", ""
     ]
+    let puaf_method_options = [ "physpuppet", "smith", "landa" ]
+    let kread_method_options = [ "kqueue_workloop_ctl", "sem_open" ]
+    let kwrite_method_options = [ "dup", "sem_open" ]
 
     var settingsManager = SettingsManager.shared
 
@@ -82,27 +86,38 @@ class OptionsViewController: UIViewController, UITableViewDelegate, UITableViewD
             cell.textLabel?.textColor = UIColor(named: "AccentColor")
             cell.selectionStyle = .default
 
-        case "Static Headroom":
+        case "Headroom":
             let slider = UISlider()
-            slider.value = Float(settingsManager.staticHeadroom)
-            slider.minimumValue = 0
-            slider.maximumValue = 1920
+            slider.setValue(Float(settingsManager.staticHeadroom), animated: false);
+            //slider.value = Float(settingsManager.staticHeadroom)
+            slider.minimumValue = 4
+            slider.maximumValue = log2(Float(getPhysicalMemorySize() / 1048576) / 1.3)
             slider.addTarget(self, action: #selector(headroomValueChanged(_:)), for: .valueChanged)
 
             cell.accessoryView = slider
             cell.detailTextLabel?.text = "\(settingsManager.staticHeadroom) MB"
 
         case "PUAF Pages":
             let slider = UISlider()
-            slider.value = Float(settingsManager.puafPages)
-            slider.minimumValue = 512
-            slider.maximumValue = 32768
+            slider.setValue(Float(settingsManager.puafPages), animated: false);
+            //slider.value = Float(log2(Float(settingsManager.puafPages)))
+            slider.minimumValue = 4
+            slider.maximumValue = 15
             slider.addTarget(self, action: #selector(puafValueChanged(_:)), for: .valueChanged)
 
             cell.accessoryView = slider
             cell.detailTextLabel?.text = "\(settingsManager.puafPages) MB"
 
-        case "Beta iOS", "Verbose Boot", "Hide Internal Text":
+        case "PUAF Method":
+            let _ = createPickerButton(in: cell, with: puaf_method_options, currentValue: puaf_method_options[settingsManager.puafMethod], actionHandler: puafMethodChanged);
+
+        case "KRead Method":
+            let _ = createPickerButton(in: cell, with: kread_method_options, currentValue: kread_method_options[settingsManager.kreadMethod], actionHandler: kreadMethodChanged);
+
+        case "KWrite Method":
+            let _ = createPickerButton(in: cell, with: kwrite_method_options, currentValue: kread_method_options[settingsManager.kwriteMethod], actionHandler: kwriteMethodChanged);
+
+        case "Beta iOS", "Verbose Boot", "Hide Internal Text", "Use Memory Hogger":
             let switchView = UISwitch()
             switchView.isOn = switchStateForSetting(cellText)
             switchView.addTarget(self, action: #selector(switchChanged), for: .valueChanged)
@@ -116,43 +131,74 @@ class OptionsViewController: UIViewController, UITableViewDelegate, UITableViewD
     }
 
     @objc func headroomValueChanged(_ sender: UISlider) {
-        let step: Float = 128
-        let roundedValue = round(sender.value / step) * step
+        let roundedValue = roundLog(sender.value)
         sender.value = roundedValue
 
-        let value = Int(roundedValue)
-        settingsManager.staticHeadroom = value
+        settingsManager.staticHeadroom = Int(pow(Double(2), Double(roundedValue)));
 
         if let sectionIndex = sectionTitles.firstIndex(of: "Exploit"),
-           let rowIndex = tableData[sectionIndex].firstIndex(of: "Static Headroom") {
+           let rowIndex = tableData[sectionIndex].firstIndex(of: "Headroom") {
 
             let indexPath = IndexPath(row: rowIndex, section: sectionIndex)
 
             if let cell = tableView.cellForRow(at: indexPath) {
-                cell.detailTextLabel?.text = "\(value) MB"
+                cell.detailTextLabel?.text = "\(settingsManager.staticHeadroom) MB"
             }
         }
     }
 
     @objc func puafValueChanged(_ sender: UISlider) {
-        let step: Float = 128
-        let roundedValue = round(sender.value / step) * step
+        let roundedValue = roundLog(sender.value)
         sender.value = roundedValue
 
-        let value = Int(roundedValue)
-        settingsManager.puafPages = value
+        settingsManager.puafPages = Int(pow(Double(2), Double(roundedValue)));
 
         if let sectionIndex = sectionTitles.firstIndex(of: "Exploit"),
            let rowIndex = tableData[sectionIndex].firstIndex(of: "PUAF Pages") {
 
             let indexPath = IndexPath(row: rowIndex, section: sectionIndex)
 
             if let cell = tableView.cellForRow(at: indexPath) {
-                cell.detailTextLabel?.text = "\(value) MB"
+                cell.detailTextLabel?.text = "\(settingsManager.puafPages) MB"
             }
         }
     }
 
+    @objc func puafMethodChanged(_ method: String) {
+        switch method {
+        case "physpuppet":
+            settingsManager.puafMethod = 0;
+        case "smith":
+            settingsManager.puafMethod = 1;
+        case "landa":
+            settingsManager.puafMethod = 2;
+        default:
+            break;
+        }
+    }
+
+    @objc func kreadMethodChanged(_ method: String) {
+        switch method {
+        case "kqueue_workloop_ctl":
+            settingsManager.kreadMethod = 0;
+        case "sem_open":
+            settingsManager.kreadMethod = 1;
+        default:
+            break;
+        }
+    }
+
+    @objc func kwriteMethodChanged(_ method: String) {
+        switch method {
+        case "dup":
+            settingsManager.kwriteMethod = 0;
+        case "sem_open":
+            settingsManager.kwriteMethod = 1;
+        default:
+            break;
+        }
+    }
+
     func tableView(_ tableView: UITableView, didSelectRowAt indexPath: IndexPath) {
         let cellText = tableData[indexPath.section][indexPath.row]
 
@@ -208,6 +254,8 @@ class OptionsViewController: UIViewController, UITableViewDelegate, UITableViewD
             return settingsManager.verboseBoot
         case "Hide Internal Text":
             return settingsManager.hideInternalText
+        case "Use Memory Hogger":
+            return settingsManager.useMemoryHogger
         default:
             return false
         }
@@ -223,4 +271,40 @@ class OptionsViewController: UIViewController, UITableViewDelegate, UITableViewD
         }
         return nil
     }
+
+    private func createPickerButton<T: Hashable & CustomStringConvertible>(
+        in cell: UITableViewCell,
+        with options: [T],
+        currentValue: T,
+        actionHandler: @escaping (T) -> Void
+    ) -> UIButton {
+        let cfg = UIButton.Configuration.plain()
+        let pickerButton = UIButton(configuration: cfg)
+
+        let menuItems: [UIAction] = options.map { option in
+            UIAction(title: option.description, state: (option == currentValue) ? .on : .off) { action in
+                actionHandler(option)
+            }
+        }
+
+        let fontMenu = UIMenu(options: [.singleSelection], children: menuItems)
+
+        pickerButton.menu = fontMenu
+        pickerButton.showsMenuAsPrimaryAction = true
+        pickerButton.changesSelectionAsPrimaryAction = true
+
+        if let detailTextColor = cell.detailTextLabel?.textColor {
+            pickerButton.setTitleColor(detailTextColor, for: .normal)
+            pickerButton.tintColor = .tertiaryLabel
+        }
+        cell.contentView.addSubview(pickerButton)
+
+        pickerButton.translatesAutoresizingMaskIntoConstraints = false
+        NSLayoutConstraint.activate([
+            pickerButton.trailingAnchor.constraint(equalTo: cell.contentView.trailingAnchor, constant: -4),
+            pickerButton.centerYAnchor.constraint(equalTo: cell.contentView.centerYAnchor),
+        ])
+
+        return pickerButton
+    }
 }
diff --git a/usprebooter/usprebooter-Bridging-Header.h b/usprebooter/usprebooter-Bridging-Header.h
@@ -9,8 +9,12 @@
 //#include "fun/helpers.h"
 #include <stdint.h>
 #include <stdbool.h>
+#include <math.h>
+#include <CoreFoundation/CoreFoundation.h>
 
 
 int go(bool isBeta, NSString* argument);
 int userspaceReboot(void);
-
+float roundLog(float input);
+extern CFDictionaryRef _CFCopySystemVersionDictionary(void);
+bool isBetaiOS(void);
diff --git a/usprebooter/util.m b/usprebooter/util.m
@@ -288,3 +288,27 @@ uint64_t resolve_jbrand_value(const char* name)
     NSString* jbroot = find_jbroot();
     return [jbroot stringByAppendingPathComponent:path];
 }
+
+float roundLog(float input) {
+    double floored = floor(input);
+    double decimal = input - floored;
+    if (decimal < 0.159925) {
+        return floored;
+    } else if (decimal < 0.45943162) {
+        return (floored + 0.32192809);
+    } else if (decimal < 0.70043972) {
+        return (floored + 0.5849625);
+    } else if (decimal < 0.9068906) {
+        return (floored + 0.80735492);
+    } else {
+        return floored + 1;
+    }
+}
+
+bool isBetaiOS(void) {
+    char type[256];
+    size_t type_size = 256;
+    int ret = sysctlbyname("kern.osreleasetype", &type, &type_size, NULL, 0);
+    if (ret) return false;
+    return (!strcmp(type, "Beta"));
+}