From db615adba44288bee811a8b2b80d6e75c907a569 Mon Sep 17 00:00:00 2001 From: opa334 Date: Sun, 21 Apr 2024 19:58:06 +0200 Subject: [PATCH] Various improvements, fix arm64 iOS 16.x --- Application/Dopamine/Jailbreak/DOJailbreaker.m | 5 ++--- BaseBin/boomerang/src/main.c | 2 +- BaseBin/launchdhook/src/boomerang.c | 2 +- BaseBin/libjailbreak/src/kcall_Fugu14.c | 5 +++-- BaseBin/libjailbreak/src/kcall_Fugu14.h | 2 +- BaseBin/libjailbreak/src/kcall_arm64.c | 4 +--- BaseBin/libjailbreak/src/primitives_IOSurface.m | 7 +++++-- 7 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Application/Dopamine/Jailbreak/DOJailbreaker.m b/Application/Dopamine/Jailbreak/DOJailbreaker.m index f52ce5667..1a54e1e16 100644 --- a/Application/Dopamine/Jailbreak/DOJailbreaker.m +++ b/Application/Dopamine/Jailbreak/DOJailbreaker.m @@ -172,9 +172,8 @@ - (NSError *)doExploitation if ([pplBypass run] != 0) {[pacBypass cleanup]; [kernelExploit cleanup]; return [NSError errorWithDomain:JBErrorDomain code:JBErrorCodeFailedExploitation userInfo:@{NSLocalizedDescriptionKey:@"Failed to bypass PPL"}];} // At this point we presume the PPL bypass gave us unrestricted phys write primitives } - - if (@available(iOS 16.0, *)) { - // IOSurface kallocs don't work on iOS 16+, use these instead + if (!gPrimitives.kalloc_global) { + // IOSurface kallocs don't work on iOS 16+, use leaked page tables as allocations instead libjailbreak_kalloc_pt_init(); } diff --git a/BaseBin/boomerang/src/main.c b/BaseBin/boomerang/src/main.c index 61a9906c0..d3492288c 100644 --- a/BaseBin/boomerang/src/main.c +++ b/BaseBin/boomerang/src/main.c @@ -62,7 +62,7 @@ int main(int argc, char* argv[]) libjailbreak_translation_init(); libjailbreak_IOSurface_primitives_init(); - if (__builtin_available(iOS 16.0, *)) { + if (!gPrimitives.kalloc_global) { libjailbreak_kalloc_pt_init(); } diff --git a/BaseBin/launchdhook/src/boomerang.c b/BaseBin/launchdhook/src/boomerang.c index 1c04add70..dbc4c8542 100644 --- a/BaseBin/launchdhook/src/boomerang.c +++ b/BaseBin/launchdhook/src/boomerang.c @@ -104,7 +104,7 @@ int boomerang_recoverPrimitives(bool firstRetrieval, bool shouldEndBoomerang) libjailbreak_translation_init(); libjailbreak_IOSurface_primitives_init(); - if (__builtin_available(iOS 16.0, *)) { + if (!gPrimitives.kalloc_global) { libjailbreak_kalloc_pt_init(); } diff --git a/BaseBin/libjailbreak/src/kcall_Fugu14.c b/BaseBin/libjailbreak/src/kcall_Fugu14.c index 108b10690..66406f33d 100644 --- a/BaseBin/libjailbreak/src/kcall_Fugu14.c +++ b/BaseBin/libjailbreak/src/kcall_Fugu14.c @@ -340,9 +340,10 @@ void fugu14_kexec(kRegisterState *state) fugu14_kexec_on_thread(&gFugu14KcallThread, state); } -void jbclient_get_fugu14_kcall(void) +int jbclient_get_fugu14_kcall(void) { - fugu14_kcall_init(^int(mach_port_t threadToSign) { + if (!gPrimitives.kalloc_local) return -1; + return fugu14_kcall_init(^int(mach_port_t threadToSign) { return jbclient_root_sign_thread(threadToSign); }); } \ No newline at end of file diff --git a/BaseBin/libjailbreak/src/kcall_Fugu14.h b/BaseBin/libjailbreak/src/kcall_Fugu14.h index 31e2a6340..a6e8702cf 100644 --- a/BaseBin/libjailbreak/src/kcall_Fugu14.h +++ b/BaseBin/libjailbreak/src/kcall_Fugu14.h @@ -21,7 +21,7 @@ typedef struct { } Fugu14KcallThread; int fugu14_kcall_init(int (^threadSigner)(mach_port_t threadPort)); -void jbclient_get_fugu14_kcall(void); +int jbclient_get_fugu14_kcall(void); #endif \ No newline at end of file diff --git a/BaseBin/libjailbreak/src/kcall_arm64.c b/BaseBin/libjailbreak/src/kcall_arm64.c index 483698e99..1bbb0a83f 100644 --- a/BaseBin/libjailbreak/src/kcall_arm64.c +++ b/BaseBin/libjailbreak/src/kcall_arm64.c @@ -110,9 +110,7 @@ uint64_t arm64_kcall(uint64_t func, int argc, const uint64_t *argv) int arm64_kcall_init(void) { - if (!gPrimitives.kalloc_local) { - return -1; - } + if (!gPrimitives.kalloc_local) return -1; pthread_mutex_init(&gArm64KcallThead.lock, NULL); diff --git a/BaseBin/libjailbreak/src/primitives_IOSurface.m b/BaseBin/libjailbreak/src/primitives_IOSurface.m index 4ca049dc9..f68f92450 100644 --- a/BaseBin/libjailbreak/src/primitives_IOSurface.m +++ b/BaseBin/libjailbreak/src/primitives_IOSurface.m @@ -207,7 +207,10 @@ void libjailbreak_IOSurface_primitives_init(void) } CFRelease(surfaceRef); - gPrimitives.kalloc_global = IOSurface_kalloc_global; - gPrimitives.kalloc_local = IOSurface_kalloc_local; gPrimitives.kmap = IOSurface_map; + if (@available(iOS 16.0, *)) {} + else { + gPrimitives.kalloc_global = IOSurface_kalloc_global; + gPrimitives.kalloc_local = IOSurface_kalloc_local; + } } \ No newline at end of file