Merge remote-tracking branch 'ichi/master'

Baw-Appie · Jun 14, 2020 · d0d7e41 · d0d7e41
2 parents 5569cf4 + cbe1b78
commit d0d7e41
Show file tree

Hide file tree

Showing 8 changed files with 163 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,15 @@ theos/
 _/
 obj/
 packages/
-*.deb
+*.deb
+*.o
+.theos/*
+debs/*
+*.deb
+*.dylib
+**/.theos/*
+*/.theos/*
+*.sublime-workspace
+_/*
+*/obj/*
+obj/*
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-ARCHS = arm64
+ARCHS = arm64 arm64e
 
 include $(THEOS)/makefiles/common.mk
 
@@ -17,7 +17,9 @@ ifdef USE_JELBREK_LIB
 	changerootfs_LDFLAGS = $(LIB_DIR)/jelbrekLib.dylib
 endif
 
+include $(THEOS)/makefiles/common.mk
 include $(THEOS_MAKE_PATH)/tool.mk
+include $(THEOS_MAKE_PATH)/aggregate.mk
 
 ifdef USE_JELBREK_LIB
 before-package::
@@ -27,8 +29,22 @@ endif
 before-package::
 	mkdir -p $(THEOS_STAGING_DIR)/usr/lib/
 	cp $(LIB_DIR)/jelbrekLib.dylib $(THEOS_STAGING_DIR)/usr/lib
-	$(THEOS)/toolchain/linux/iphone/bin/ldid -S./ent.plist $(THEOS_STAGING_DIR)/usr/bin/changerootfs
-	$(THEOS)/toolchain/linux/iphone/bin/ldid -S./ent.plist $(THEOS_STAGING_DIR)/usr/bin/preparerootfs	
+	ldid -S./ent.plist $(THEOS_STAGING_DIR)/usr/bin/changerootfs
+	ldid -S./ent.plist $(THEOS_STAGING_DIR)/usr/bin/preparerootfs	
+	ldid -S./ent.plist $(THEOS_STAGING_DIR)/usr/bin/changerootfs
+	sudo chown -R root:wheel $(THEOS_STAGING_DIR)
+	sudo chmod -R 755 $(THEOS_STAGING_DIR)
+	sudo chmod 6755 $(THEOS_STAGING_DIR)/usr/bin/kernbypassd
+	sudo chmod 666 $(THEOS_STAGING_DIR)/DEBIAN/control
+
 
 SUBPROJECTS += zzzzzzzzznotifychroot
+SUBPROJECTS += kernbypassd
 include $(THEOS_MAKE_PATH)/aggregate.mk
+
+after-package::
+	make clean
+	sudo rm -rf .theos/_
+
+after-install::
+	install.exec "killall backboardd"
diff --git a/control b/control
@@ -1,6 +1,6 @@
 Package: jp.akusio.kernbypass
 Name: KernBypass
-Version: 0.0.3
+Version: 0.0.4
 Depends: mobilesubstrate, applist, preferenceloader, com.comex.attachanddetach, Firmware(>=12.0)
 Architecture: iphoneos-arm
 Description: kernel level jailbreak detection bypass.

diff --git a/kernbypassd/Makefile b/kernbypassd/Makefile
@@ -0,0 +1,10 @@
+DEBUG = 0
+ARCHS = arm64 arm64e
+
+TOOL_NAME = kernbypassd
+kernbypassd_FILES = kernbypassd.m
+kernbypassd_CFLAGS = -objc-arc
+kernbypassd_CODESIGN_FLAGS = -S../ent.plist
+
+include $(THEOS)/makefiles/common.mk
+include $(THEOS_MAKE_PATH)/tool.mk
diff --git a/kernbypassd/kernbypassd.m b/kernbypassd/kernbypassd.m
@@ -0,0 +1,62 @@
+#include <spawn.h>
+#import <dlfcn.h>
+#import <sys/sysctl.h>
+
+#define FLAG_PLATFORMIZE (1 << 1)
+
+static void easy_spawn(const char* args[]) {
+    pid_t pid;
+    int status;
+    posix_spawn(&pid, args[0], NULL, NULL, (char* const*)args, NULL);
+    waitpid(pid, &status, WEXITED);
+}
+
+void platformize_me() {
+    void* handle = dlopen("/usr/lib/libjailbreak.dylib", RTLD_LAZY);
+    if (!handle) return;
+    // Reset errors
+    dlerror();
+    typedef void (*fix_entitle_prt_t)(pid_t pid, uint32_t what);
+    fix_entitle_prt_t ptr = (fix_entitle_prt_t)dlsym(handle, "jb_oneshot_entitle_now");
+
+    const char *dlsym_error = dlerror();
+    if (dlsym_error) return;
+
+    ptr(getpid(), FLAG_PLATFORMIZE);
+}
+
+void patch_setuid() {
+    void* handle = dlopen("/usr/lib/libjailbreak.dylib", RTLD_LAZY);
+    if (!handle) return;
+    // Reset errors
+    dlerror();
+    typedef void (*fix_setuid_prt_t)(pid_t pid);
+    fix_setuid_prt_t ptr = (fix_setuid_prt_t)dlsym(handle, "jb_oneshot_fix_setuid_now");
+
+    const char *dlsym_error = dlerror();
+    if (dlsym_error) return;
+
+    ptr(getpid());
+}
+
+int main(int argc, char **argv, char **envp) {
+    @autoreleasepool {
+        patch_setuid();
+        platformize_me();
+        setuid(0);
+        if((chdir("/")) < 0) {
+            exit(EXIT_FAILURE);
+        }
+
+        printf("/usr/bin/changerootfs &\n");
+        easy_spawn((const char *[]){"/usr/bin/changerootfs", "&", NULL});
+
+        sleep(3);
+
+        printf("disown %%1\n");
+        easy_spawn((const char *[]){"disown", "%1", NULL});
+
+        printf("RUNNING DAEMON\n");
+    }
+	return 0;
+}
diff --git a/layout/DEBIAN/postinst b/layout/DEBIAN/postinst
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if ! [ -d /var/MobileSoftwareUpdate/mnt1 ]; then
+ echo "/var/MobileSoftwareUpdate/mnt1 FOLDER NOT FOUND"
+
+ mkdir -p /var/MobileSoftwareUpdate/mnt1
+ chmod 700 /var/MobileSoftwareUpdate/mnt1
+ chown root:wheel /var/MobileSoftwareUpdate/mnt1
+
+ echo "/var/MobileSoftwareUpdate/mnt1 FOLDER CREATED SUCCESS"
+fi
+
+/usr/bin/changerootfs &
+
+echo "/usr/bin/changerootfs &"
+sleep 3
+
+disown %1
+echo "disown %1"
+
+echo "RUNNING DAEMON"
+
+exit 0
diff --git a/layout/DEBIAN/postrm b/layout/DEBIAN/postrm
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+echo "Reboot after uninstalling."
+
+exit 0
diff --git a/zzzzzzzzznotifychroot/Tweak.x b/zzzzzzzzznotifychroot/Tweak.x
@@ -1,13 +1,32 @@
 #import <Foundation/Foundation.h>
 #import <CoreFoundation/CoreFoundation.h>
 #import "Tweak.h"
+#include <spawn.h>
+
+#define kCFCoreFoundationVersionNumber_iOS_12_0 1556.00
 
 #define PLIST_PATH @"/var/mobile/Library/Preferences/jp.akusio.kernbypass.plist"
 #define SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(v)  ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] != NSOrderedAscending)
 
+static void easy_spawn(const char* args[]){
+    pid_t pid;
+    int status;
+    posix_spawn(&pid, args[0], NULL, NULL, (char* const*)args, NULL);
+    waitpid(pid, &status, WEXITED);
+}
+
+// Automatically enabled on ldrestart and Re-Jailbreak
+%group SpringBoardHook %hook SpringBoard
+- (void)applicationDidFinishLaunching:(id)arg1{
+    %orig;
+    easy_spawn((const char *[]){"/usr/bin/kernbypassd", NULL});
+}
+%end %end
+
 extern CFNotificationCenterRef CFNotificationCenterGetDistributedCenter(void);
 
-BOOL isEnableApplication(NSString *bundleID){
+BOOL isEnableApplication(){
+
     NSDictionary* pref = [NSDictionary dictionaryWithContentsOfFile:PLIST_PATH];
     if(!pref || pref[bundleID] == nil){
         return NO;
@@ -16,9 +35,17 @@ BOOL isEnableApplication(NSString *bundleID){
     return ret;
 }
 
-void bypassApplication(NSString *bundleID){
-    int pid = [[%c(FBSSystemService) sharedService] pidForApplication:bundleID];
-    if(!isEnableApplication(bundleID) || pid == -1){
+%ctor{
+    // SpringBoard Hook
+    NSString* identifier = [[NSBundle mainBundle] bundleIdentifier];
+
+    if(kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_12_0 &&
+       [identifier isEqualToString:@"com.apple.springboard"] &&
+       [[NSFileManager defaultManager] fileExistsAtPath:@"/usr/bin/kernbypassd"]){
+        %init(SpringBoardHook);
+    }
+
+    if(!isEnableApplication()){
         return;
     }
     NSDictionary* info = @{