diff --git a/Makefile b/Makefile index 02985ac..18b5222 100644 --- a/Makefile +++ b/Makefile @@ -33,6 +33,8 @@ $(OUTDIR)/grapher: $(OUTDIR)/grapher.o $(DATA)/$(OUTDIR)/libdata.a $(GXX) -o $@ $^ -O3 $(OUTDIR)/decrypt_kern: $(OUTDIR)/decrypt_kern.o $(DATA)/$(OUTDIR)/libdata.a $(GCC) -o $@ $^ -O3 +$(OUTDIR)/codesign_allocate: $(OUTDIR)/codesign_allocate.o + $(GCC) -o $@ $^ -O3 clean: .clean rm -f sandboxc-{armv6,armv7}.c sandbox-{armv6,armv7}.o diff --git a/codesign_allocate.c b/codesign_allocate.c new file mode 100644 index 0000000..7d84aa7 --- /dev/null +++ b/codesign_allocate.c @@ -0,0 +1,49 @@ +#include +#include +#include +#include + +int main(int argc, char **argv) { + const char *infile = NULL, *outfile = NULL; + size_t size = 0; + for(char **p = argv; *p; p++) { + if(!strcmp(*p, "-i")) { + infile = *p++; + } else if(!strcmp(*p, "-a")) { + p++; + size = strtol(*p++, NULL, 0); + } else if(!strcmp(*p, "-o")) { + outfile = *p++; + } else { + die("??"); + } + + assert(!copyfile(infile, outfile, NULL, COPYFILE_ALL)); + + int fd = open(outfile, O_RDWR); + assert(fd != -1); + off_t fend = lseek(fd, 0, SEEK_END); + ftruncate(fd, fend + size); + void *file = mmap(NULL, (size_t) fend, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + assert(file != MAP_FAILED); + + struct mach_header *mh = file; + mh->ncmds++; + mh->sizeofcmds += sizeof(struct linkedit_data_command); + CMD_ITERATE(mh, cmd) { + if(cmd->cmd == LC_SEGMENT) { + struct segment_command *sc = (void *) cmd; + if(!strncmp(sc->segname, "__LINKEDIT", 16)) { + sc->filesize += size; + sc->vmsize += size; + } + } else if(cmd->cmd == 0) { + struct linkedit_data_command *dc = (void *) cmd; + dc->cmd = LC_CODE_SIGNATURE; + dc->cmdsize = sizeof(*dc); + dc->dataoff = (uint32_t) fend; + dc->datasize = (uint32_t) size; + } + } + +} diff --git a/grapher.cpp b/grapher.cpp index 3b530e6..17c19ac 100644 --- a/grapher.cpp +++ b/grapher.cpp @@ -356,7 +356,7 @@ struct Binary { assert(constructor); unordered_map metaClasses; for(auto edge : constructor->backward) { - auto nameAddr = edge->source->refs.begin()->second; + auto nameAddr = edge->source->refs.begin()->first.second; if(!nameAddr) continue; // xxx auto className = (const char *) rangeconv((range_t) {&binary, nameAddr, 128}, 0).start; @@ -366,15 +366,16 @@ struct Binary { addr_t metaClass; auto it = mcInstantiator->refs.begin(); for(it++; it != mcInstantiator->refs.end(); it++) { - if(it->second == edge->source->startAddr) { + if(it->first.second == edge->source->startAddr) { auto it2 = it; it2--; - metaClass = it2->second; + metaClass = it2->first.second; goto ok; } } continue; ok: + if(explain) printf("ok %s\n", className); metaClasses[metaClass] = className; } @@ -382,9 +383,9 @@ struct Binary { for(auto edge : constructed->backward) { if(edge->source->refs.size() == 4) { auto it = edge->source->refs.begin(); - auto metaClass = it->second; + auto metaClass = it->first.second; it++; it++; - auto vtable = it->second - 8; + auto vtable = it->first.second - 8; auto className = metaClasses[metaClass]; if(!className) continue; diff --git a/make_kernel_patchfile.c b/make_kernel_patchfile.c index 502112c..eb6a278 100644 --- a/make_kernel_patchfile.c +++ b/make_kernel_patchfile.c @@ -87,8 +87,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) { patch("cs_enforcement_disable", resolve_ldr(binary, csedp), uint32_t, {1}); addr_t scratch = resolve_ldr(binary, is_armv7 ? (mystery + 9) : 42); - - + scratch = (scratch + 3) & ~3; // patches //patch("-lunchd", @@ -120,7 +119,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) { //if(!strcmp(name, "c_dvp_struct_offset")) return spec2(0xde, 0xad, 0xbe); die("? %s", name); }) - b_relocate(sandbox, (void *) l.arg, (void *) l.func, 0); + b_relocate(sandbox, (void *) l.arg, RELOC_DEFAULT, (void *) l.func, 0); prange_t sandbox_pr = rangeconv_off(sandbox->segments[0].file_range, MUST_FIND); store_file(sandbox_pr, "/tmp/wtf.o", 0644); patch_with_range("sb_evaluate hook",