nganhkhoa/ios-kernel-patch
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
comex 2011-07-12 18:13:35 -04:00
parent 9149062ebb
commit e6d05a9368
4 changed files with 59 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -33,6 +33,8 @@ $(OUTDIR)/grapher: $(OUTDIR)/grapher.o $(DATA)/$(OUTDIR)/libdata.a
$(GXX) -o $@ $^ -O3 $(GXX) -o $@ $^ -O3
$(OUTDIR)/decrypt_kern: $(OUTDIR)/decrypt_kern.o $(DATA)/$(OUTDIR)/libdata.a $(OUTDIR)/decrypt_kern: $(OUTDIR)/decrypt_kern.o $(DATA)/$(OUTDIR)/libdata.a
$(GCC) -o $@ $^ -O3 $(GCC) -o $@ $^ -O3
$(OUTDIR)/codesign_allocate: $(OUTDIR)/codesign_allocate.o
$(GCC) -o $@ $^ -O3
clean: .clean clean: .clean
rm -f sandboxc-{armv6,armv7}.c sandbox-{armv6,armv7}.o rm -f sandboxc-{armv6,armv7}.c sandbox-{armv6,armv7}.o

49
codesign_allocate.c Normal file
View File

@ -0,0 +1,49 @@
#include <assert.h>
#include <data/mach-o/binary.h>
#include <mach-o/loader.h>
#include <copyfile.h>
int main(int argc, char **argv) {
const char *infile = NULL, *outfile = NULL;
size_t size = 0;
for(char **p = argv; *p; p++) {
if(!strcmp(*p, "-i")) {
infile = *p++;
} else if(!strcmp(*p, "-a")) {
p++;
size = strtol(*p++, NULL, 0);
} else if(!strcmp(*p, "-o")) {
outfile = *p++;
} else {
die("??");
}
assert(!copyfile(infile, outfile, NULL, COPYFILE_ALL));
int fd = open(outfile, O_RDWR);
assert(fd != -1);
off_t fend = lseek(fd, 0, SEEK_END);
ftruncate(fd, fend + size);
void *file = mmap(NULL, (size_t) fend, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
assert(file != MAP_FAILED);
struct mach_header *mh = file;
mh->ncmds++;
mh->sizeofcmds += sizeof(struct linkedit_data_command);
CMD_ITERATE(mh, cmd) {
if(cmd->cmd == LC_SEGMENT) {
struct segment_command *sc = (void *) cmd;
if(!strncmp(sc->segname, "__LINKEDIT", 16)) {
sc->filesize += size;
sc->vmsize += size;
}
} else if(cmd->cmd == 0) {
struct linkedit_data_command *dc = (void *) cmd;
dc->cmd = LC_CODE_SIGNATURE;
dc->cmdsize = sizeof(*dc);
dc->dataoff = (uint32_t) fend;
dc->datasize = (uint32_t) size;
}
}
}

11
grapher.cpp
View File

@ -356,7 +356,7 @@ struct Binary {
assert(constructor); assert(constructor);
unordered_map<addr_t, const char *> metaClasses; unordered_map<addr_t, const char *> metaClasses;
for(auto edge : constructor->backward) { for(auto edge : constructor->backward) {
auto nameAddr = edge->source->refs.begin()->second; auto nameAddr = edge->source->refs.begin()->first.second;
if(!nameAddr) continue; if(!nameAddr) continue;
// xxx // xxx
auto className = (const char *) rangeconv((range_t) {&binary, nameAddr, 128}, 0).start; auto className = (const char *) rangeconv((range_t) {&binary, nameAddr, 128}, 0).start;
@ -366,15 +366,16 @@ struct Binary {
addr_t metaClass; addr_t metaClass;
auto it = mcInstantiator->refs.begin(); auto it = mcInstantiator->refs.begin();
for(it++; it != mcInstantiator->refs.end(); it++) { for(it++; it != mcInstantiator->refs.end(); it++) {
if(it->second == edge->source->startAddr) { if(it->first.second == edge->source->startAddr) {
auto it2 = it; auto it2 = it;
it2--; it2--;
metaClass = it2->second; metaClass = it2->first.second;
goto ok; goto ok;
} }
} }
continue; continue;
ok: ok:
if(explain) printf("ok %s\n", className);
metaClasses[metaClass] = className; metaClasses[metaClass] = className;
} }
@ -382,9 +383,9 @@ struct Binary {
for(auto edge : constructed->backward) { for(auto edge : constructed->backward) {
if(edge->source->refs.size() == 4) { if(edge->source->refs.size() == 4) {
auto it = edge->source->refs.begin(); auto it = edge->source->refs.begin();
auto metaClass = it->second; auto metaClass = it->first.second;
it++; it++; it++; it++;
auto vtable = it->second - 8; auto vtable = it->first.second - 8;
auto className = metaClasses[metaClass]; auto className = metaClasses[metaClass];
if(!className) continue; if(!className) continue;

5
make_kernel_patchfile.c
View File

@ -87,8 +87,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) {
patch("cs_enforcement_disable", resolve_ldr(binary, csedp), uint32_t, {1}); patch("cs_enforcement_disable", resolve_ldr(binary, csedp), uint32_t, {1});
addr_t scratch = resolve_ldr(binary, is_armv7 ? (mystery + 9) : 42); addr_t scratch = resolve_ldr(binary, is_armv7 ? (mystery + 9) : 42);
scratch = (scratch + 3) & ~3;
// patches // patches
//patch("-lunchd", //patch("-lunchd",
@ -120,7 +119,7 @@ void do_kernel(struct binary *binary, struct binary *sandbox) {
//if(!strcmp(name, "c_dvp_struct_offset")) return spec2(0xde, 0xad, 0xbe); //if(!strcmp(name, "c_dvp_struct_offset")) return spec2(0xde, 0xad, 0xbe);
die("? %s", name); die("? %s", name);
}) })
b_relocate(sandbox, (void *) l.arg, (void *) l.func, 0); b_relocate(sandbox, (void *) l.arg, RELOC_DEFAULT, (void *) l.func, 0);
prange_t sandbox_pr = rangeconv_off(sandbox->segments[0].file_range, MUST_FIND); prange_t sandbox_pr = rangeconv_off(sandbox->segments[0].file_range, MUST_FIND);
store_file(sandbox_pr, "/tmp/wtf.o", 0644); store_file(sandbox_pr, "/tmp/wtf.o", 0644);
patch_with_range("sb_evaluate hook", patch_with_range("sb_evaluate hook",