fixes
This commit is contained in:
parent
9149062ebb
commit
e6d05a9368
2
Makefile
2
Makefile
@ -33,6 +33,8 @@ $(OUTDIR)/grapher: $(OUTDIR)/grapher.o $(DATA)/$(OUTDIR)/libdata.a
|
||||
$(GXX) -o $@ $^ -O3
|
||||
$(OUTDIR)/decrypt_kern: $(OUTDIR)/decrypt_kern.o $(DATA)/$(OUTDIR)/libdata.a
|
||||
$(GCC) -o $@ $^ -O3
|
||||
$(OUTDIR)/codesign_allocate: $(OUTDIR)/codesign_allocate.o
|
||||
$(GCC) -o $@ $^ -O3
|
||||
|
||||
clean: .clean
|
||||
rm -f sandboxc-{armv6,armv7}.c sandbox-{armv6,armv7}.o
|
||||
|
49
codesign_allocate.c
Normal file
49
codesign_allocate.c
Normal file
@ -0,0 +1,49 @@
|
||||
#include <assert.h>
|
||||
#include <data/mach-o/binary.h>
|
||||
#include <mach-o/loader.h>
|
||||
#include <copyfile.h>
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
const char *infile = NULL, *outfile = NULL;
|
||||
size_t size = 0;
|
||||
for(char **p = argv; *p; p++) {
|
||||
if(!strcmp(*p, "-i")) {
|
||||
infile = *p++;
|
||||
} else if(!strcmp(*p, "-a")) {
|
||||
p++;
|
||||
size = strtol(*p++, NULL, 0);
|
||||
} else if(!strcmp(*p, "-o")) {
|
||||
outfile = *p++;
|
||||
} else {
|
||||
die("??");
|
||||
}
|
||||
|
||||
assert(!copyfile(infile, outfile, NULL, COPYFILE_ALL));
|
||||
|
||||
int fd = open(outfile, O_RDWR);
|
||||
assert(fd != -1);
|
||||
off_t fend = lseek(fd, 0, SEEK_END);
|
||||
ftruncate(fd, fend + size);
|
||||
void *file = mmap(NULL, (size_t) fend, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
|
||||
assert(file != MAP_FAILED);
|
||||
|
||||
struct mach_header *mh = file;
|
||||
mh->ncmds++;
|
||||
mh->sizeofcmds += sizeof(struct linkedit_data_command);
|
||||
CMD_ITERATE(mh, cmd) {
|
||||
if(cmd->cmd == LC_SEGMENT) {
|
||||
struct segment_command *sc = (void *) cmd;
|
||||
if(!strncmp(sc->segname, "__LINKEDIT", 16)) {
|
||||
sc->filesize += size;
|
||||
sc->vmsize += size;
|
||||
}
|
||||
} else if(cmd->cmd == 0) {
|
||||
struct linkedit_data_command *dc = (void *) cmd;
|
||||
dc->cmd = LC_CODE_SIGNATURE;
|
||||
dc->cmdsize = sizeof(*dc);
|
||||
dc->dataoff = (uint32_t) fend;
|
||||
dc->datasize = (uint32_t) size;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
11
grapher.cpp
11
grapher.cpp
@ -356,7 +356,7 @@ struct Binary {
|
||||
assert(constructor);
|
||||
unordered_map<addr_t, const char *> metaClasses;
|
||||
for(auto edge : constructor->backward) {
|
||||
auto nameAddr = edge->source->refs.begin()->second;
|
||||
auto nameAddr = edge->source->refs.begin()->first.second;
|
||||
if(!nameAddr) continue;
|
||||
// xxx
|
||||
auto className = (const char *) rangeconv((range_t) {&binary, nameAddr, 128}, 0).start;
|
||||
@ -366,15 +366,16 @@ struct Binary {
|
||||
addr_t metaClass;
|
||||
auto it = mcInstantiator->refs.begin();
|
||||
for(it++; it != mcInstantiator->refs.end(); it++) {
|
||||
if(it->second == edge->source->startAddr) {
|
||||
if(it->first.second == edge->source->startAddr) {
|
||||
auto it2 = it;
|
||||
it2--;
|
||||
metaClass = it2->second;
|
||||
metaClass = it2->first.second;
|
||||
goto ok;
|
||||
}
|
||||
}
|
||||
continue;
|
||||
ok:
|
||||
if(explain) printf("ok %s\n", className);
|
||||
metaClasses[metaClass] = className;
|
||||
}
|
||||
|
||||
@ -382,9 +383,9 @@ struct Binary {
|
||||
for(auto edge : constructed->backward) {
|
||||
if(edge->source->refs.size() == 4) {
|
||||
auto it = edge->source->refs.begin();
|
||||
auto metaClass = it->second;
|
||||
auto metaClass = it->first.second;
|
||||
it++; it++;
|
||||
auto vtable = it->second - 8;
|
||||
auto vtable = it->first.second - 8;
|
||||
auto className = metaClasses[metaClass];
|
||||
if(!className) continue;
|
||||
|
||||
|
@ -87,8 +87,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) {
|
||||
patch("cs_enforcement_disable", resolve_ldr(binary, csedp), uint32_t, {1});
|
||||
|
||||
addr_t scratch = resolve_ldr(binary, is_armv7 ? (mystery + 9) : 42);
|
||||
|
||||
|
||||
scratch = (scratch + 3) & ~3;
|
||||
|
||||
// patches
|
||||
//patch("-lunchd",
|
||||
@ -120,7 +119,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) {
|
||||
//if(!strcmp(name, "c_dvp_struct_offset")) return spec2(0xde, 0xad, 0xbe);
|
||||
die("? %s", name);
|
||||
})
|
||||
b_relocate(sandbox, (void *) l.arg, (void *) l.func, 0);
|
||||
b_relocate(sandbox, (void *) l.arg, RELOC_DEFAULT, (void *) l.func, 0);
|
||||
prange_t sandbox_pr = rangeconv_off(sandbox->segments[0].file_range, MUST_FIND);
|
||||
store_file(sandbox_pr, "/tmp/wtf.o", 0644);
|
||||
patch_with_range("sb_evaluate hook",
|
||||
|
Loading…
Reference in New Issue
Block a user