Skip to content

Commit

Permalink
Also wire down everything in launchd, add additional debug log
Browse files Browse the repository at this point in the history
  • Loading branch information
opa334 committed Apr 26, 2024
1 parent 04e370c commit 39f1aa0
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 2 deletions.
Binary file not shown.
2 changes: 1 addition & 1 deletion BaseBin/launchdhook/src/jbserver/jbdomain_systemwide.c
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ static int systemwide_mlock_dsc(audit_token_t *callerToken, uint64_t unslidStart
return -1;
}
FILE *f = fopen("/var/mobile/launchd_dsc_lock.log", "a");
fprintf(f, "[%s] mlock_dsc(addr: 0x%llx, size: 0x%llx)\n", procPath, unslidStart, size);
fprintf(f, "[%s] systemwide_mlock_dsc(addr: 0x%llx, size: 0x%llx)\n", procPath, unslidStart, size);
fclose(f);
#endif

Expand Down
41 changes: 41 additions & 0 deletions BaseBin/launchdhook/src/main.m
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
#import <Foundation/Foundation.h>
#import <libjailbreak/libjailbreak.h>
#import <libjailbreak/util.h>
#import <libjailbreak/dyld.h>
#import <libjailbreak/kernel.h>
#include <dlfcn.h>
#include <mach/mach.h>
#include <mach-o/dyld.h>
#include <mach-o/getsect.h>
#import <mach-o/dyld.h>
#import <spawn.h>
#import <substrate.h>
Expand All @@ -15,11 +20,36 @@
#import "crashreporter.h"
#import "boomerang.h"
#import "update.h"
#import "mlock_dsc.h"

bool gInEarlyBoot = true;

void abort_with_reason(uint32_t reason_namespace, uint64_t reason_code, const char *reason_string, uint64_t reason_flags);

static kern_return_t (*EKHookMemoryRaw_orig)(void *target, const void *data, size_t size);
static kern_return_t EKHookMemoryRaw_impl(void *target, const void *data, size_t size)
{
static uint64_t dscSlide = 0;
static dispatch_once_t ot;
dispatch_once(&ot, ^{
task_dyld_info_data_t dyldInfo;
uint32_t count = TASK_DYLD_INFO_COUNT;
task_info(mach_task_self_, TASK_DYLD_INFO, (task_info_t)&dyldInfo, &count);
DyldAllImageInfos64 *infos = (DyldAllImageInfos64 *)dyldInfo.all_image_info_addr;
dscSlide = infos->shared_cache_slide;
});

Dl_info targetInfo;
if (dladdr(target, &targetInfo) != 0) {
if (_dyld_shared_cache_contains_path(targetInfo.dli_fname)) {
uint64_t unslidTarget = (uint64_t)target - dscSlide;
mlock_dsc(unslidTarget, size);
}
}

return EKHookMemoryRaw_orig(target, data, size);
}

__attribute__((constructor)) static void initializer(void)
{
crashreporter_start();
Expand Down Expand Up @@ -71,6 +101,17 @@

cs_allow_invalid(proc_self(), false);

#ifdef __arm64e__
if (@available(iOS 16.0, *)) {}
else {
kern_return_t (**EKHookMemoryRaw)(void *, const void *, size_t) = dlsym(RTLD_DEFAULT, "EKHookMemoryRaw");
if (EKHookMemoryRaw) {
EKHookMemoryRaw_orig = *EKHookMemoryRaw;
*EKHookMemoryRaw = EKHookMemoryRaw_impl;
}
}
#endif

initXPCHooks();
initDaemonHooks();
initSpawnHooks();
Expand Down
6 changes: 5 additions & 1 deletion BaseBin/launchdhook/src/mlock_dsc.m
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,11 @@ int mlock_dsc(uint64_t unslid_addr, size_t size)
if (unslid_addr >= curSegment->address && (unslid_addr + size) < (curSegment->address + curSegment->size)) {
uint64_t rel = unslid_addr - curSegment->address;
void *start = (void *)((uint64_t)curSegment->mapping + rel);
return mlock(start, size);
int r = mlock(start, size);
FILE *f = fopen("/var/mobile/launchd_dsc_lock.log", "a");
fprintf(f, "mlock(unslid_addr: 0x%llx, addr: %p, size: 0x%zx) => %d\n", unslid_addr, start, size, r);
fclose(f);
return r;
}
}

Expand Down

0 comments on commit 39f1aa0

Please sign in to comment.