From 849bd9ad598e5dd4a06cc7bad1a5b3c734c23a86 Mon Sep 17 00:00:00 2001 From: Cryptiiiic Date: Wed, 15 Mar 2023 16:29:30 -0700 Subject: [PATCH 1/3] rootless --- libdimentio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libdimentio.c b/libdimentio.c index 3b5c337..0da5efa 100644 --- a/libdimentio.c +++ b/libdimentio.c @@ -862,7 +862,7 @@ init_kbase(void) { CFArrayRef kext_names; if(kbase == 0) { - if((((kernrw_0 == NULL || (kernrw_0_kbase = (kernrw_0_kbase_func_t)dlsym(kernrw_0, "kernRW_getKernelBase")) == NULL || kernrw_0_kbase(&kbase) != KERN_SUCCESS)) && (krw_0 == NULL || (krw_0_kbase = (krw_0_kbase_func_t)dlsym(krw_0, "kbase")) == NULL || krw_0_kbase(&kbase) != 0)) || tfp0 == TASK_NULL || task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &cnt) != KERN_SUCCESS || (kbase = vm_kernel_link_addr + dyld_info.all_image_info_size) == 0) { + if((((kernrw_0 == NULL || (kernrw_0_kbase = (kernrw_0_kbase_func_t)dlsym(kernrw_0, "kernRW_getKernelBase")) == NULL || kernrw_0_kbase(&kbase) != KERN_SUCCESS)) && (krw_0 == NULL || (krw_0_kbase = (krw_0_kbase_func_t)dlsym(krw_0, "kbase")) == NULL || krw_0_kbase(&kbase) != 0)) && (tfp0 == TASK_NULL || task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &cnt) != KERN_SUCCESS || (kbase = vm_kernel_link_addr + dyld_info.all_image_info_size) == 0)) { for(pri.pri_addr = 0; proc_pidinfo(0, PROC_PIDREGIONINFO, pri.pri_addr, &pri, sizeof(pri)) == sizeof(pri); pri.pri_addr += pri.pri_sz) { if(pri.pri_prot == VM_PROT_READ && pri.pri_user_tag == VM_KERN_MEMORY_OSKEXT) { if(kread_buf(pri.pri_addr + LOADED_KEXT_SUMMARY_HDR_NAME_OFF, kext_name, sizeof(kext_name)) == KERN_SUCCESS) { @@ -1339,10 +1339,10 @@ dimentio_init(kaddr_t _kbase, kread_func_t _kread_buf, kwrite_func_t _kwrite_buf printf("tfp0: 0x%" PRIX32 "\n", tfp0); kread_buf = kread_buf_tfp0; kwrite_buf = kwrite_buf_tfp0; - } else if((kernrw_0 = dlopen("/usr/lib/libkernrw.0.dylib", RTLD_LAZY)) != NULL && (kernrw_0_req = (kernrw_0_req_kernrw_func_t)dlsym(kernrw_0, "requestKernRw")) != NULL && kernrw_0_req() == 0) { + } else if((kernrw_0 = dlopen("/var/jb/usr/lib/libkernrw.0.dylib", RTLD_LAZY)) != NULL && (kernrw_0_req = (kernrw_0_req_kernrw_func_t)dlsym(kernrw_0, "requestKernRw")) != NULL && kernrw_0_req() == 0) { kread_buf = (kread_func_t)dlsym(kernrw_0, "kernRW_readbuf"); kwrite_buf = (kwrite_func_t)dlsym(kernrw_0, "kernRW_writebuf"); - } else if((krw_0 = dlopen("/usr/lib/libkrw.0.dylib", RTLD_LAZY)) != NULL && (krw_0_kread = (krw_0_kread_func_t)dlsym(krw_0, "kread")) != NULL && (krw_0_kwrite = (krw_0_kwrite_func_t)dlsym(krw_0, "kwrite")) != NULL) { + } else if((krw_0 = dlopen("/var/jb/usr/lib/libkrw.0.dylib", RTLD_LAZY)) != NULL && (krw_0_kread = (krw_0_kread_func_t)dlsym(krw_0, "kread")) != NULL && (krw_0_kwrite = (krw_0_kwrite_func_t)dlsym(krw_0, "kwrite")) != NULL) { kread_buf = kread_buf_krw_0; kwrite_buf = kwrite_buf_krw_0; } else if((kmem_fd = open("/dev/kmem", O_RDWR | O_CLOEXEC)) != -1) { From 5c8ae746d0271d04df6313025374a4d11b94f321 Mon Sep 17 00:00:00 2001 From: Cryptiiiic Date: Tue, 18 Apr 2023 14:44:25 -0700 Subject: [PATCH 2/3] Fix 2 year old bug --- libdimentio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libdimentio.c b/libdimentio.c index 0da5efa..7ba6ed9 100644 --- a/libdimentio.c +++ b/libdimentio.c @@ -101,7 +101,7 @@ typedef uint32_t IOOptionBits; typedef mach_port_t io_object_t; typedef kern_return_t (*kernrw_0_kbase_func_t)(kaddr_t *); typedef io_object_t io_service_t, io_connect_t, io_registry_entry_t; -typedef int (*krw_0_kbase_func_t)(kaddr_t *), (*krw_0_kread_func_t)(kaddr_t, void *, size_t), (*krw_0_kwrite_func_t)(const void *, kaddr_t, size_t), (*kernrw_0_req_kernrw_func_t)(void); +typedef int (*krw_0_kbase_func_t)(kaddr_t *), (*krw_0_kread_func_t)(kaddr_t, void *, size_t), (*krw_0_kwrite_func_t)(kaddr_t, const void *, size_t), (*kernrw_0_req_kernrw_func_t)(void); typedef struct { struct section_64 s64; @@ -309,7 +309,7 @@ kread_buf_krw_0(kaddr_t addr, void *buf, size_t sz) { static kern_return_t kwrite_buf_krw_0(kaddr_t addr, const void *buf, size_t sz) { - return krw_0_kwrite(buf, addr, sz) == 0 ? KERN_SUCCESS : KERN_FAILURE; + return krw_0_kwrite(addr, buf, sz) == 0 ? KERN_SUCCESS : KERN_FAILURE; } static kern_return_t From 88cd108b5dc5523d90d1f421289eb979f76cedec Mon Sep 17 00:00:00 2001 From: Cryptiiiic Date: Fri, 21 Apr 2023 21:01:20 -0700 Subject: [PATCH 3/3] Add rootless option to makefile --- Makefile | 10 +++++++++- libdimentio.c | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 49d0dbe..6e88b7d 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,15 @@ .PHONY: all macos clean +ROOTLESS := 0 +RPREFIX := "/usr" +RLPREFIX := "/var/jb/usr" + all: - xcrun -sdk iphoneos clang -arch arm64 -mios-version-min=10.0 -Weverything libdimentio.c dimentio.c -o dimentio -framework IOKit -framework CoreFoundation -lcompression -Os +ifeq ($(shell [ "$(ROOTLESS)" -gt 0 ] && echo 1),1) + xcrun -sdk iphoneos clang -arch arm64 -mios-version-min=10.0 -Weverything libdimentio.c dimentio.c -o dimentio -DPREFIX=\"$(RLPREFIX)\" -framework IOKit -framework CoreFoundation -lcompression -Os +else + xcrun -sdk iphoneos clang -arch arm64 -mios-version-min=10.0 -Weverything libdimentio.c dimentio.c -o dimentio -DPREFIX=\"$(RPREFIX)\" -framework IOKit -framework CoreFoundation -lcompression -Os +endif macos: xcrun -sdk macosx clang -arch arm64 -Weverything libdimentio.c dimentio.c -o dimentio -framework IOKit -framework CoreFoundation -lcompression -Os diff --git a/libdimentio.c b/libdimentio.c index 7ba6ed9..5c8eb24 100644 --- a/libdimentio.c +++ b/libdimentio.c @@ -1339,10 +1339,10 @@ dimentio_init(kaddr_t _kbase, kread_func_t _kread_buf, kwrite_func_t _kwrite_buf printf("tfp0: 0x%" PRIX32 "\n", tfp0); kread_buf = kread_buf_tfp0; kwrite_buf = kwrite_buf_tfp0; - } else if((kernrw_0 = dlopen("/var/jb/usr/lib/libkernrw.0.dylib", RTLD_LAZY)) != NULL && (kernrw_0_req = (kernrw_0_req_kernrw_func_t)dlsym(kernrw_0, "requestKernRw")) != NULL && kernrw_0_req() == 0) { + } else if((kernrw_0 = dlopen(""PREFIX"/lib/libkernrw.0.dylib", RTLD_LAZY)) != NULL && (kernrw_0_req = (kernrw_0_req_kernrw_func_t)dlsym(kernrw_0, "requestKernRw")) != NULL && kernrw_0_req() == 0) { kread_buf = (kread_func_t)dlsym(kernrw_0, "kernRW_readbuf"); kwrite_buf = (kwrite_func_t)dlsym(kernrw_0, "kernRW_writebuf"); - } else if((krw_0 = dlopen("/var/jb/usr/lib/libkrw.0.dylib", RTLD_LAZY)) != NULL && (krw_0_kread = (krw_0_kread_func_t)dlsym(krw_0, "kread")) != NULL && (krw_0_kwrite = (krw_0_kwrite_func_t)dlsym(krw_0, "kwrite")) != NULL) { + } else if((krw_0 = dlopen(""PREFIX"/lib/libkrw.0.dylib", RTLD_LAZY)) != NULL && (krw_0_kread = (krw_0_kread_func_t)dlsym(krw_0, "kread")) != NULL && (krw_0_kwrite = (krw_0_kwrite_func_t)dlsym(krw_0, "kwrite")) != NULL) { kread_buf = kread_buf_krw_0; kwrite_buf = kwrite_buf_krw_0; } else if((kmem_fd = open("/dev/kmem", O_RDWR | O_CLOEXEC)) != -1) {