From 9a8ab15d8875548ff7b8c0b265807fd3f81a9f1c Mon Sep 17 00:00:00 2001 From: nganhkhoa Date: Wed, 10 Jan 2024 14:50:53 +0700 Subject: [PATCH] clean code --- macho-go/internal/wrapper/cli.go | 2 +- research/custom_loader/a.mm | 2 +- research/custom_loader/b.cc | 47 ++++++++++++++++---------------- research/custom_loader/build.sh | 15 ++++++++++ 4 files changed, 41 insertions(+), 25 deletions(-) diff --git a/macho-go/internal/wrapper/cli.go b/macho-go/internal/wrapper/cli.go index 905c1c2..3e7efda 100644 --- a/macho-go/internal/wrapper/cli.go +++ b/macho-go/internal/wrapper/cli.go @@ -308,7 +308,7 @@ func bcell2header(bfile string, header string) { fmt.Fprintf(w, "};\n") fmt.Fprintf(w, "__attribute__((section(\"__DATA,bshield\")))\n") - fmt.Fprintf(w, "char* special_selectors_name[] = {\n") + fmt.Fprintf(w, "const char* special_selectors_name[] = {\n") for _, selector := range info.GetSpecialSelectors() { fmt.Fprintf(w, "\"%s\",\n", selector.Name) } diff --git a/research/custom_loader/a.mm b/research/custom_loader/a.mm index dfdc845..5eb730e 100644 --- a/research/custom_loader/a.mm +++ b/research/custom_loader/a.mm @@ -53,7 +53,7 @@ int main(int argc, const char * argv[]) { NSLog(@"directly call \"bar\" %p through objc_msgSend %p with object foo %p\n", @selector(bar), objc_msgSend, foo); typedef void (*barfunc)(id, SEL); - barfunc bar_ = &objc_msgSend; + barfunc bar_ = (barfunc)&objc_msgSend; bar_(foo, @selector(bar)); } diff --git a/research/custom_loader/b.cc b/research/custom_loader/b.cc index e2e8013..c6a4e83 100644 --- a/research/custom_loader/b.cc +++ b/research/custom_loader/b.cc @@ -74,7 +74,7 @@ struct libcache { void *libdyld; int nrpath; - char** rpaths; + char **rpaths; }; uint32_t fnv_hash_extend(const char *str, uint32_t h) { @@ -93,9 +93,7 @@ uint32_t fnv_hash_extend(const char *str, uint32_t h) { return h; } -uint32_t fnv_hash(const char* str) { - return fnv_hash_extend(str, 0x811c9dc5); -} +uint32_t fnv_hash(const char *str) { return fnv_hash_extend(str, 0x811c9dc5); } // try these hashes // https://gist.github.com/sgsfak/9ba382a0049f6ee885f68621ae86079b @@ -122,9 +120,9 @@ uint32_t calculate_libname_hash(const libcache *cache, const char *name) { // then resolve the full path for all rpath // // which rpath is correct can be done by checking if the cache has that hash - for (int i = 0; i < cache->nrpath; i++){ - char* rpath = cache->rpaths[i]; - char* p = realpath(rpath, 0); + for (int i = 0; i < cache->nrpath; i++) { + char *rpath = cache->rpaths[i]; + char *p = realpath(rpath, 0); hash = hash_func(p); hash = fnv_hash_extend(&name[6], hash); for (size_t j = 0; j < cache->size; j++) { @@ -448,7 +446,7 @@ uint32_t should_follow_symbol(char *&buffer, char *&_find) { return is_prefix; } -void *find_in_export_trie(const void *header, void *trie, char *& symbol) { +void *find_in_export_trie(const void *header, void *trie, char *&symbol) { uint32_t func = 0; char *ptr = (char *)trie; @@ -512,10 +510,10 @@ void *find_in_export_trie(const void *header, void *trie, char *& symbol) { } void *find_in_lib(struct libcache *cache, struct libcache_item *lib, - char *& symbol); + char *&symbol); void *find_in_reexport(struct libcache *cache, struct libcache_item *lib, - char *& symbol) { + char *&symbol) { void *header = lib->header; const uint32_t magic = *(uint32_t *)header; char *ptr = (char *)header; @@ -551,7 +549,7 @@ void *find_in_reexport(struct libcache *cache, struct libcache_item *lib, } void *find_in_lib(struct libcache *cache, struct libcache_item *lib, - char *& symbol) { + char *&symbol) { void *direct = find_in_export_trie(lib->header, lib->trie, symbol); if (direct) { return direct; @@ -582,8 +580,8 @@ void *custom_dlsym(struct libcache *cache, uint32_t hash, const char *symbol) { // C has X but it is a re-export from B with the name Y // then we have to perform a search again from the top // but with symbol Y - char** symbol_copy = (char**)&symbol; - void* func = find_in_lib(cache, cache_lib, *symbol_copy); + char **symbol_copy = (char **)&symbol; + void *func = find_in_lib(cache, cache_lib, *symbol_copy); if (*symbol_copy != symbol) { func = find_in_lib(cache, cache_lib, *symbol_copy); } @@ -896,7 +894,7 @@ void build_cache(struct libcache &cache, void *main) { printf("lib header at %p\n", thislib); printf("libdyld header at %p\n", libdyld); - find_all_rpath(cache ,main); + find_all_rpath(cache, main); uint32_t trie_size; void *libdyld_export_trie = get_export_trie(libdyld, trie_size); @@ -908,16 +906,16 @@ void build_cache(struct libcache &cache, void *main) { typedef char *(*dyld_get_image_name_t)(int); typedef void *(*dyld_get_image_header_t)(int); - char* dyld_image_count_s = "__dyld_image_count"; + char *dyld_image_count_s = (char*)"__dyld_image_count"; int (*dyld_image_count_func)(void) = (dyld_image_count_t)find_in_export_trie( libdyld, libdyld_export_trie, dyld_image_count_s); - char* dyld_get_image_header_s = "__dyld_get_image_header"; + char *dyld_get_image_header_s = (char*)"__dyld_get_image_header"; void *(*dyld_get_image_header_func)(int) = (dyld_get_image_header_t)find_in_export_trie(libdyld, libdyld_export_trie, dyld_get_image_header_s); - char* dyld_get_image_name_s = "__dyld_get_image_name"; + char *dyld_get_image_name_s = (char*)"__dyld_get_image_name"; char *(*dyld_get_image_name_func)(int) = (dyld_get_image_name_t)find_in_export_trie(libdyld, libdyld_export_trie, dyld_get_image_name_s); @@ -950,7 +948,8 @@ void find_all_rpath(struct libcache &cache, void *header) { for (uint32_t i = 0; i < ncmds; i++) { const uint32_t cmd = *((uint32_t *)ptr + 0); const uint32_t cmdsize = *((uint32_t *)ptr + 1); - if (cmd == LC_RPATH) cache.nrpath++; + if (cmd == LC_RPATH) + cache.nrpath++; ptr += cmdsize; } uint32_t idx = 0; @@ -1333,16 +1332,18 @@ void fix_objc(struct libcache_item *libfixing, struct libcache &cache) { uint64_t *data_ptr = (uint64_t *)(addr + slide); uint32_t trie_size; - void* libdyld = cache.libdyld; + char* symbol = (char*)"__dyld_get_objc_selector"; + void *libdyld = cache.libdyld; void *libdyld_export_trie = get_export_trie(libdyld, trie_size); - typedef void *(*dyld_get_objc_selector_t)(const char*); - dyld_get_objc_selector_t dyld_get_objc_selector_func = (dyld_get_objc_selector_t)find_in_export_trie( - libdyld, libdyld_export_trie, "__dyld_get_objc_selector"); + typedef void *(*dyld_get_objc_selector_t)(const char *); + dyld_get_objc_selector_t dyld_get_objc_selector_func = + (dyld_get_objc_selector_t)find_in_export_trie( + libdyld, libdyld_export_trie, symbol); // resolve method names that cached in the dyld for (int i = 0; i < bshield_data::n_selectors; i++) { uint32_t idx = bshield_data::special_selectors_idx[i]; - char* name = bshield_data::special_selectors_name[i]; + const char *name = bshield_data::special_selectors_name[i]; data_ptr[idx] = (uint64_t)dyld_get_objc_selector_func(name); } } diff --git a/research/custom_loader/build.sh b/research/custom_loader/build.sh index f82064b..491460b 100755 --- a/research/custom_loader/build.sh +++ b/research/custom_loader/build.sh @@ -14,6 +14,21 @@ else echo "Resulting binary uses LEGACY symbol resolver" fi +cat <<'fly' + ______ + _\ _~-\___ + = = ==(____AA____D + \_____\___________________,-~~~~~~~`-.._ + / o O o o o o O O o o o o o o O o |\_ + `~-.__ ___..----.. ) + `---~~\___________/------------````` + = ===(_________D +fly + +# this is a joke for those who knows +# https://www.blackhat.com/presentations/bh-dc-09/Iozzo/BlackHat-DC-09-Iozzo-let-your-mach0-fly-whitepaper.pdf +echo "make your Mach-O fly" + if [[ $LOGIC -eq 0 ]] then