From 1c495989d431443eb3c19d7ecc86c9e4361d3d76 Mon Sep 17 00:00:00 2001
From: nganhkhoa <mail.nganhkhoa@gmail.com>
Date: Thu, 29 Aug 2024 15:23:50 +0700
Subject: [PATCH] simple xor string data

---
 macho-go/pkg/ios/macho/edit.go    |  6 +++++-
 research/strings_empty/restore.cc | 32 +++++++++++++++++++------------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/macho-go/pkg/ios/macho/edit.go b/macho-go/pkg/ios/macho/edit.go
index e2de0da..7ff6b38 100644
--- a/macho-go/pkg/ios/macho/edit.go
+++ b/macho-go/pkg/ios/macho/edit.go
@@ -772,7 +772,11 @@ func (mc *MachoContext) RemoveStrings() {
   // this is a way to divert their effort, writing fake strings
   // will be written again at runtime
   dummy := make([]byte, edit_segment.Fileoff() - string_segment.Fileoff())
-  copy(dummy, []byte("We R BShield\n"))
+  mc.file.ReadAt(dummy, int64(cstring.Offset()))
+  // copy(dummy, []byte("We R BShield\n"))
+  for i := 0; i < len(dummy); i++ {
+    dummy[i] = dummy[i] ^ 0x4f
+  }
   mc.file.WriteAt(dummy, int64(string_segment.Fileoff()))
 
   // TODO: erase old strings
diff --git a/research/strings_empty/restore.cc b/research/strings_empty/restore.cc
index b629db5..77f6b6b 100644
--- a/research/strings_empty/restore.cc
+++ b/research/strings_empty/restore.cc
@@ -112,6 +112,7 @@ void restore_strings(void* main) {
   uint32_t slide = 0;
 
   char* secrets = 0;
+  uint64_t secrets_size = 0;
 
   for (int i = 0; i < ncmds; i++) {
     const uint32_t cmd = *((uint32_t *)ptr + 0);
@@ -134,8 +135,10 @@ void restore_strings(void* main) {
           if (custom_strncmp(secname, "__secrets", 16) == 0) {
             uint64_t addr = *((uint64_t *)sections_ptr + 4);
             uint64_t size = *((uint64_t *)sections_ptr + 5);
+            printf("secrets offset 0x%lx\n", addr);
 
             secrets = (char*)(addr + slide);
+            secrets_size = size;
           }
           sections_ptr += 16 * 2 + 8 * 2 + 4 * 8;
         }
@@ -144,16 +147,21 @@ void restore_strings(void* main) {
     ptr += cmdsize;
   }
 
-  secrets[0] = 'F';
-  secrets[1] = 'R';
-  secrets[2] = 'E';
-  secrets[3] = 'E';
-  secrets[4] = ' ';
-  secrets[5] = 'S';
-  secrets[6] = 'P';
-  secrets[7] = 'A';
-  secrets[8] = 'C';
-  secrets[9] = 'E';
-  secrets[10] = '\n';
-  secrets[11] = 0;
+  printf("secrets %p\n", secrets);
+  printf("secrets_size = 0x%lx\n", secrets_size);
+  for (size_t i = 0; i < 0x4000; i++) {
+    secrets[i] = secrets[i] ^ 0x4f;
+  }
+  // secrets[0] = 'F';
+  // secrets[1] = 'R';
+  // secrets[2] = 'E';
+  // secrets[3] = 'E';
+  // secrets[4] = ' ';
+  // secrets[5] = 'S';
+  // secrets[6] = 'P';
+  // secrets[7] = 'A';
+  // secrets[8] = 'C';
+  // secrets[9] = 'E';
+  // secrets[10] = '\n';
+  // secrets[11] = 0;
 }