Update shellcode

macho-go/pkg/ios/macho/edit.go

@@ -472,7 +472,7 @@ func (mc *MachoContext) ReworkForObjc() {
 	main_offset := int(mc.entryoff)
 	var shellcode_offset int
 
-	if (mc.header.cputype & 0xff) == 12{
+	if (mc.header.cputype & 0xff) == 12 {
 		shellcode = []uint32{
 			0x10000008,
 			0, // x9 = (offset end of __DATA) - (offset shellcode)
@@ -488,22 +488,22 @@ func (mc *MachoContext) ReworkForObjc() {
 			0xF9400509,
 			0xD61F0120,
 		}
-	
+
 		shellcode_offset = text_start - (ins_size_byte * len(shellcode))
-	
+
 		encode_movz := func(v int) uint32 {
 			return uint32(uint32(v)<<5 | uint32(0x694)<<21 | uint32(0x09))
 		}
-	
+
 		// movz_shellcode_offset := encode_movz(shellcode_offset)
 		// movz_main_offset := encode_movz(main_offset)
 		// movz_data_end_offset := encode_movz(data_end)
 		movz_calculate_offset := encode_movz(data_end - shellcode_offset)
-	
+
 		shellcode[1] = movz_calculate_offset
 		// shellcode[10] = movz_data_end_offset
 		// shellcode[19] = movz_main_offset
-	
+
 		fmt.Printf("// shellcode_offset=%x\n", shellcode_offset)
 		fmt.Printf("// main_offset=%x\n", main_offset)
 		fmt.Printf("// data_end=%x\n", data_end)
@@ -514,31 +514,69 @@ func (mc *MachoContext) ReworkForObjc() {
 		fmt.Printf("// lc_main_offset=%x\n", lc_main_offset)
 	} else {
 		// TODO: fix to work with offset larger than 0xffff
-		shellcode = []uint32{
+		// shellcode = []uint32{
-			0x00058d4c,
+		// 	0x00058d4c,
-			0x66000000,
+		// 	0x66000000,
-			0, 				// offset
+		// 	0, // offset
-			0x57c8014d,
+		// 	0x57c8014d,
-			0x41515256,
+		// 	0x41515256,
-			0x088b4d50,
+		// 	0x088b4d50,
-			0x41d1ff41,
+		// 	0x41d1ff41,
-			0x5e5a5958,
+		// 	0x5e5a5958,
-			0x488b4d5f,
+		// 	0x488b4d5f,
-			0xe1ff4108,
+		// 	0xe1ff4108,
+		// }
+
+		shellcode_x := []uint8{
+			0x4c, 0x8d, 0x05, 0x00, 0x00, 0x00, 0x00,
+			0x49, 0xC7, 0xC1,
 		}
 
-		shellcode_offset = text_start - (ins_size_byte * len(shellcode))
+		offset := []uint8{0x00, 0x00, 0x00, 0x00} // offset
-		
+		shellcode_offset = text_start - 44
-		encode_movz := func(v int) uint32 {
+
-			return uint32(uint32(v-7)<<16 | uint32(0xb941))
+		encode_movz := func(v int) {
+			for i := 0; i < 4; i++ {
+				offset[i] = uint8(v >> (i * 8))
+			}
 		}
 
-		// movz_shellcode_offset := encode_movz(shellcode_offset)
+		// 7 is shellcode size to get RIP
-		// movz_main_offset := encode_movz(main_offset)
+		encode_movz((data_end - text_start) + (44 - 7))
-		// movz_data_end_offset := encode_movz(data_end)
+
-		movz_calculate_offset := encode_movz(data_end - shellcode_offset)
+		shellcode_end := []uint8{
+			0x4d, 0x01, 0xc8,
+			0x57,
+			0x56,
+			0x52,
+			0x51,
+			0x41, 0x50,
+			0x4d, 0x8b, 0x08,
+			0x41, 0xff, 0xd1,
+			0x41,
+			0x58,
+			0x59,
+			0x5a,
+			0x5e,
+			0x5f, 0x4d, 0x8b, 0x48, 0x08,
+			0x41, 0xff, 0xe1,
+		}
+
+		shellcode_x = append(shellcode_x, offset...)
+		shellcode_x = append(shellcode_x, shellcode_end...)
+
+		for i := 0; i < len(shellcode_x)-2; i += 4 {
+			val := 0
+			// little endian
+			val |= int(shellcode_x[i+0]) << 0
+			val |= int(shellcode_x[i+1]) << 8
+			val |= int(shellcode_x[i+2]) << 16
+			val |= int(shellcode_x[i+3]) << 24
+			shellcode = append(shellcode, uint32(val))
+		}
+
+		shellcode = append(shellcode, 0x0000e1ff)
 
-		shellcode[2] = movz_calculate_offset
 		// shellcode[10] = movz_data_end_offset
 		// shellcode[19] = movz_main_offset
 
@@ -580,6 +618,15 @@ func (mc *MachoContext) RewriteImportsTable(keepSymbols []string) {
 	// but because we keep a few symbols, we need to rewrite the pointers
 	// as well as rebuild the import table and strings table, and bind values
 
+	// we keep all symbols that are referenced by libintl.8.dylib
+	intlSymbols := []string{}
+	for _, symbol := range allSymbols {
+		if symbol.Dylib() == "/usr/local/opt/gettext/lib/libintl.8.dylib" {
+			intlSymbols = append(intlSymbols, symbol.Name())
+		}
+	}
+	keepSymbols = append(keepSymbols, intlSymbols...)
+
 	keepCount := uint32(0)
 	for _, symbol := range keepSymbols {
 		name := symbol