Various improvements, fix arm64 iOS 16.x

m1337v · Apr 21, 2024 · db615ad · db615ad
1 parent b301095
commit db615ad
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 13 deletions.
diff --git a/Application/Dopamine/Jailbreak/DOJailbreaker.m b/Application/Dopamine/Jailbreak/DOJailbreaker.m
@@ -172,9 +172,8 @@ - (NSError *)doExploitation
         if ([pplBypass run] != 0) {[pacBypass cleanup]; [kernelExploit cleanup]; return [NSError errorWithDomain:JBErrorDomain code:JBErrorCodeFailedExploitation userInfo:@{NSLocalizedDescriptionKey:@"Failed to bypass PPL"}];}
         // At this point we presume the PPL bypass gave us unrestricted phys write primitives
     }
-
-    if (@available(iOS 16.0, *)) {
-        // IOSurface kallocs don't work on iOS 16+, use these instead
+    if (!gPrimitives.kalloc_global) {
+        // IOSurface kallocs don't work on iOS 16+, use leaked page tables as allocations instead
         libjailbreak_kalloc_pt_init();
     }
 

diff --git a/BaseBin/boomerang/src/main.c b/BaseBin/boomerang/src/main.c
@@ -62,7 +62,7 @@ int main(int argc, char* argv[])
 	libjailbreak_translation_init();
 
 	libjailbreak_IOSurface_primitives_init();
-	if (__builtin_available(iOS 16.0, *)) {
+	if (!gPrimitives.kalloc_global) {
 		libjailbreak_kalloc_pt_init();
 	}
 

diff --git a/BaseBin/launchdhook/src/boomerang.c b/BaseBin/launchdhook/src/boomerang.c
@@ -104,7 +104,7 @@ int boomerang_recoverPrimitives(bool firstRetrieval, bool shouldEndBoomerang)
 	libjailbreak_translation_init();
 
 	libjailbreak_IOSurface_primitives_init();
-	if (__builtin_available(iOS 16.0, *)) {
+	if (!gPrimitives.kalloc_global) {
 		libjailbreak_kalloc_pt_init();
 	}
 

diff --git a/BaseBin/libjailbreak/src/kcall_Fugu14.c b/BaseBin/libjailbreak/src/kcall_Fugu14.c
@@ -340,9 +340,10 @@ void fugu14_kexec(kRegisterState *state)
 	fugu14_kexec_on_thread(&gFugu14KcallThread, state);
 }
 
-void jbclient_get_fugu14_kcall(void)
+int jbclient_get_fugu14_kcall(void)
 {
-	fugu14_kcall_init(^int(mach_port_t threadToSign) {
+	if (!gPrimitives.kalloc_local) return -1;
+	return fugu14_kcall_init(^int(mach_port_t threadToSign) {
 		return jbclient_root_sign_thread(threadToSign);
 	});
 }
diff --git a/BaseBin/libjailbreak/src/kcall_Fugu14.h b/BaseBin/libjailbreak/src/kcall_Fugu14.h
@@ -21,7 +21,7 @@ typedef struct {
 } Fugu14KcallThread;
 
 int fugu14_kcall_init(int (^threadSigner)(mach_port_t threadPort));
-void jbclient_get_fugu14_kcall(void);
+int jbclient_get_fugu14_kcall(void);
 
 
 #endif
diff --git a/BaseBin/libjailbreak/src/kcall_arm64.c b/BaseBin/libjailbreak/src/kcall_arm64.c
@@ -110,9 +110,7 @@ uint64_t arm64_kcall(uint64_t func, int argc, const uint64_t *argv)
 
 int arm64_kcall_init(void)
 {
-	if (!gPrimitives.kalloc_local) {
-		return -1;
-	} 
+	if (!gPrimitives.kalloc_local) return -1;
 
 	pthread_mutex_init(&gArm64KcallThead.lock, NULL);
 

diff --git a/BaseBin/libjailbreak/src/primitives_IOSurface.m b/BaseBin/libjailbreak/src/primitives_IOSurface.m
@@ -207,7 +207,10 @@ void libjailbreak_IOSurface_primitives_init(void)
 	}
 	CFRelease(surfaceRef);
 
-	gPrimitives.kalloc_global = IOSurface_kalloc_global;
-	gPrimitives.kalloc_local  = IOSurface_kalloc_local;
 	gPrimitives.kmap          = IOSurface_map;
+	if (@available(iOS 16.0, *)) {}
+	else {
+		gPrimitives.kalloc_global = IOSurface_kalloc_global;
+		gPrimitives.kalloc_local  = IOSurface_kalloc_local;
+	}
 }