├── !ABypass2.plist ├── .github └── FUNDING.yml ├── .gitignore ├── ABWindow.h ├── ABWindow.m ├── ABdyld ├── ABDYLD.dylib ├── ABDYLD.plist ├── Makefile ├── RGELog.h ├── RGELog.m ├── RGEProxy.h ├── RGEProxy.m ├── RogueHook-Testing.h ├── RogueHook.h ├── RogueHook.m ├── ent.plist └── main.m ├── LICENSE ├── Makefile ├── README.md ├── Tweak.xm ├── absubloader ├── ABSubLoader.plist ├── Makefile ├── Tweak.m └── ent.plist ├── absysent.zip ├── abypassloader ├── ABPattern.h ├── ABPattern.m ├── ABypassLoader.plist ├── DYLDSaver.xm ├── ImagePatcher.h ├── ImagePatcher.xm ├── Makefile ├── Tweak.xm ├── codesign.h ├── ent.plist ├── fishhook.c ├── fishhook.h └── writeData.h ├── abypassprefs ├── ABPAppDetailController.h ├── ABPAppDetailController.m ├── ABPAppListController.m ├── ABPRootListController.h ├── ABPRootListController.m ├── AppList.h ├── AppList.m ├── Makefile ├── Resources │ ├── Info.plist │ ├── en.lproj │ │ └── prefs.strings │ ├── icon.png │ ├── icon@2x.png │ └── ko.lproj │ │ └── prefs.strings └── entry.plist ├── afterProcess.sh ├── control ├── ent.plist ├── header.h ├── layout ├── DEBIAN │ └── postinst ├── Library │ └── BawAppie │ │ └── ABypass │ │ ├── Dependency.dylib │ │ └── NoPerm └── var │ └── mobile │ └── Library │ └── Preferences │ └── ABPattern └── signcert.p12 /!ABypass2.plist: -------------------------------------------------------------------------------- 1 | { Filter = { Bundles = ( "com.apple.UIKit" ); }; } 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: Baw-Appie 2 | patreon: bawappie 3 | custom: ["https://paypal.me/pp121324", "https://l.bawappie.com/kakaopay"] 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .theos 2 | packages/ 3 | test/ 4 | temp.txt -------------------------------------------------------------------------------- /ABWindow.h: -------------------------------------------------------------------------------- 1 | #import 2 | 3 | @interface ABViewController : UIViewController 4 | @end 5 | 6 | @interface ABWindow : UIWindow 7 | + (instancetype)sharedInstance; 8 | @end -------------------------------------------------------------------------------- /ABWindow.m: -------------------------------------------------------------------------------- 1 | #import 2 | #import "ABWindow.h" 3 | 4 | @implementation ABViewController 5 | 6 | - (BOOL)shouldAutorotate { 7 | return FALSE; 8 | } 9 | 10 | @end 11 | 12 | @implementation ABWindow 13 | 14 | + (instancetype)sharedInstance { 15 | static dispatch_once_t p = 0; 16 | __strong static id _sharedSelf = nil; 17 | dispatch_once(&p, ^{ 18 | _sharedSelf = [[self alloc] init]; 19 | }); 20 | return _sharedSelf; 21 | } 22 | 23 | - (instancetype)init { 24 | self = [super initWithFrame:[[UIScreen mainScreen] bounds]]; 25 | if (self != nil){ 26 | [self setHidden:NO]; 27 | [self setWindowLevel:UIWindowLevelAlert]; 28 | [self setRootViewController:[[ABViewController alloc] init]]; 29 | [self setBackgroundColor:[UIColor clearColor]]; 30 | [self setUserInteractionEnabled:YES]; 31 | } 32 | return self; 33 | } 34 | 35 | -(bool)_shouldCreateContextAsSecure { 36 | return 0x0; 37 | } 38 | 39 | -(UIView *)hitTest:(CGPoint)point withEvent:(UIEvent *)event { 40 | return nil; 41 | } 42 | 43 | @end 44 | -------------------------------------------------------------------------------- /ABdyld/ABDYLD.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/ABdyld/ABDYLD.dylib -------------------------------------------------------------------------------- /ABdyld/ABDYLD.plist: -------------------------------------------------------------------------------- 1 | { Filter = { Bundles = ( "com.apple.UIKit" ); }; } 2 | -------------------------------------------------------------------------------- /ABdyld/Makefile: -------------------------------------------------------------------------------- 1 | include $(THEOS)/makefiles/common.mk 2 | 3 | TWEAK_NAME = ABDYLD 4 | 5 | ABDYLD_FILES = main.m RGEProxy.m RogueHook.m RGELog.m 6 | ABDYLD_CODESIGN_FLAGS=-K../signcert.p12 -S./ent.plist 7 | 8 | include $(THEOS_MAKE_PATH)/tweak.mk 9 | -------------------------------------------------------------------------------- /ABdyld/RGELog.h: -------------------------------------------------------------------------------- 1 | // 2 | // RGELog.h 3 | // Created on 8/4/19 4 | // 5 | 6 | #import 7 | 8 | NS_ASSUME_NONNULL_BEGIN 9 | 10 | @interface RGELog : NSObject 11 | 12 | + (void)log:(NSString *)format, ... NS_FORMAT_FUNCTION(1,2); 13 | 14 | @end 15 | 16 | NS_ASSUME_NONNULL_END 17 | -------------------------------------------------------------------------------- /ABdyld/RGELog.m: -------------------------------------------------------------------------------- 1 | // 2 | // RGELog.m 3 | // Created on 8/4/19 4 | // 5 | 6 | #import "RGELog.h" 7 | 8 | #import 9 | // @import os.log; 10 | 11 | @implementation RGELog 12 | 13 | + (void)log:(NSString *)format, ... { 14 | static os_log_t log; 15 | static dispatch_once_t onceToken; 16 | dispatch_once(&onceToken, ^{ 17 | const char *identifier = "com.rogue"; 18 | log = os_log_create(identifier, "log"); 19 | }); 20 | 21 | va_list ap; 22 | va_start (ap, format); 23 | NSString *message = [[NSString alloc] initWithFormat:format arguments:ap]; 24 | va_end (ap); 25 | 26 | os_log(log, "[Rougue] %{public}@", message); 27 | } 28 | 29 | @end 30 | -------------------------------------------------------------------------------- /ABdyld/RGEProxy.h: -------------------------------------------------------------------------------- 1 | // 2 | // RGEProxy.h 3 | // Created on 10/18/19 4 | // 5 | 6 | #import 7 | 8 | NS_ASSUME_NONNULL_BEGIN 9 | 10 | @interface RGEProxy : NSObject 11 | 12 | @property (nonatomic, assign) id target; 13 | 14 | - (instancetype)initWithTarget:(id)target; 15 | 16 | + (BOOL)instance:(id)target getVariabledNamed:(NSString *)variable outValue:(void * _Nonnull * _Nullable)outValue; 17 | + (id)instance:(id)target getObjectVariabledNamed:(NSString *)variable; 18 | 19 | @end 20 | 21 | NS_ASSUME_NONNULL_END 22 | -------------------------------------------------------------------------------- /ABdyld/RGEProxy.m: -------------------------------------------------------------------------------- 1 | // 2 | // RGEProxy.m 3 | // Created on 10/18/19 4 | // 5 | 6 | #import "RGEProxy.h" 7 | #import "RGELog.h" 8 | #import 9 | // @import ObjectiveC.runtime; 10 | 11 | @implementation RGEProxy 12 | 13 | - (instancetype)initWithTarget:(id)target { 14 | self = [super init]; 15 | if (self) { 16 | _target = target; 17 | } 18 | return self; 19 | } 20 | 21 | - (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector { 22 | return [self.target methodSignatureForSelector:aSelector]; 23 | } 24 | 25 | - (void)forwardInvocation:(NSInvocation *)invocation { 26 | SEL aSelector = [invocation selector]; 27 | NSString *targetMethodName = NSStringFromSelector(aSelector); 28 | 29 | NSString *originalStorePrefix = @"original_"; 30 | 31 | NSString *originalStoreMethodName = [originalStorePrefix stringByAppendingString:targetMethodName]; 32 | SEL originalStoreSelector = NSSelectorFromString(originalStoreMethodName); 33 | 34 | if ([self.target respondsToSelector:originalStoreSelector]) { 35 | invocation.selector = originalStoreSelector; 36 | [invocation invokeWithTarget:self.target]; 37 | } else { 38 | [self.target forwardInvocation:invocation]; 39 | } 40 | } 41 | 42 | - (BOOL)getVariabledNamed:(NSString *)variable outValue:(void **)outValue { 43 | return [self.class instance:self.target getVariabledNamed:variable outValue:outValue]; 44 | } 45 | 46 | + (BOOL)instance:(id)target getVariabledNamed:(NSString *)variable outValue:(void **)outValue { 47 | if (!target) { 48 | return FALSE; 49 | } 50 | 51 | uint32_t ivarCount; 52 | Ivar *ivars = class_copyIvarList([target class], &ivarCount); 53 | if (!ivars) { 54 | [RGELog log:@"Failed to copy ivar list for %@", NSStringFromClass([target class])]; 55 | return FALSE; 56 | } 57 | 58 | const char *variableNameCString = variable.UTF8String; 59 | for(uint32_t index = 0; index < ivarCount; index += 1) { 60 | Ivar ivar = ivars[index]; 61 | if (strcmp(ivar_getName(ivar), variableNameCString) != 0) { 62 | continue; 63 | } 64 | *outValue = (__bridge void *)object_getIvar(target, ivar); 65 | free(ivars); 66 | return TRUE; 67 | } 68 | 69 | [RGELog log:@"Failed to find ivar %@", variable]; 70 | free(ivars); 71 | return FALSE; 72 | } 73 | 74 | + (id)instance:(id)target getObjectVariabledNamed:(NSString *)variable { 75 | if (!target) { 76 | [RGELog log:@"-instance:getObjectVariabledNamed: passed NULL target for %@", variable]; 77 | return nil; 78 | } 79 | 80 | uint32_t ivarCount; 81 | Ivar *ivars = class_copyIvarList([target class], &ivarCount); 82 | if (!ivars) { 83 | [RGELog log:@"Failed to copy ivar list for %@", NSStringFromClass([target class])]; 84 | return nil; 85 | } 86 | 87 | const char *variableNameCString = variable.UTF8String; 88 | for(uint32_t index = 0; index < ivarCount; index += 1) { 89 | Ivar ivar = ivars[index]; 90 | if (strcmp(ivar_getName(ivar), variableNameCString) != 0) { 91 | continue; 92 | } 93 | id value = NULL; 94 | value = object_getIvar(target, ivar); 95 | free(ivars); 96 | return value; 97 | } 98 | 99 | [RGELog log:@"Failed to find ivar %@", variable]; 100 | free(ivars); 101 | return nil; 102 | } 103 | 104 | @end 105 | -------------------------------------------------------------------------------- /ABdyld/RogueHook-Testing.h: -------------------------------------------------------------------------------- 1 | // 2 | // RogueHook-Testing.h 3 | // Created on 8/4/19 4 | // 5 | 6 | @interface RogueHookImplementor : NSObject 7 | 8 | + (const char *)currentImage; 9 | 10 | + (BOOL)implementAllMethodHooksForImage:(const char *)image; 11 | 12 | @end 13 | -------------------------------------------------------------------------------- /ABdyld/RogueHook.h: -------------------------------------------------------------------------------- 1 | // 2 | // RogueHook.h 3 | // Created on 8/4/19 4 | // 5 | 6 | #import 7 | // @import Foundation; 8 | 9 | NS_ASSUME_NONNULL_BEGIN 10 | 11 | @protocol RogueHook 12 | 13 | @optional 14 | 15 | /// The classes that should be hooked. 16 | @property (class, readonly, nonatomic) NSArray *targetClasses; 17 | 18 | /// The class that should be hooked. 19 | @property (class, readonly, nonatomic) NSString *targetClass; 20 | 21 | /// Whether hooks should be implemented on load of the library the class is contained within. 22 | /// Defaults to TRUE. 23 | @property (class, readonly, nonatomic) BOOL hookOnLoad; 24 | 25 | /// When hookOnLoad is set to FALSE, this method is added to your class so you can hook 26 | /// after loading. 27 | + (BOOL)hook; 28 | 29 | /// Use this to call original class methods. 30 | @property (class, readonly, nonatomic) id original; 31 | 32 | /// Use this to call original instance methods. 33 | /// Adheres to protocol RogueInstanceProxy 34 | @property (readonly, nonatomic) id original; 35 | 36 | @end 37 | 38 | @protocol RogueInstanceProxy 39 | 40 | - (BOOL)getVariabledNamed:(NSString *)variable outValue:(void * _Nonnull * _Nullable)outValue; 41 | 42 | @end 43 | 44 | NS_ASSUME_NONNULL_END 45 | -------------------------------------------------------------------------------- /ABdyld/RogueHook.m: -------------------------------------------------------------------------------- 1 | // 2 | // RogueHook.m 3 | // Created on 8/4/19 4 | // 5 | 6 | #import 7 | // @import Foundation; 8 | #import 9 | // @import ObjectiveC.runtime; 10 | #import 11 | // @import MachO.dyld; 12 | #import 13 | // @import Darwin.POSIX.dlfcn; 14 | 15 | #import "RogueHook.h" 16 | #import "RogueHook-Testing.h" 17 | #import "RGELog.h" 18 | #import "RGEProxy.h" 19 | 20 | @implementation RogueHookImplementor 21 | 22 | static __attribute__((constructor)) 23 | void ctor() { 24 | hookProtocol = @protocol(RogueHook); 25 | // dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.2 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ 26 | [RogueHookImplementor implementAllMethodHooksForCurrentImage]; 27 | // }); 28 | } 29 | 30 | 31 | static Protocol *hookProtocol; 32 | 33 | // + (void)load { 34 | // hookProtocol = @protocol(RogueHook); 35 | // dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.2 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ 36 | // [self implementAllMethodHooksForCurrentImage]; 37 | // }); 38 | 39 | // } 40 | 41 | + (BOOL)implementAllMethodHooksForCurrentImage { 42 | const char *image = [self currentImage]; 43 | if (!image) { 44 | [RGELog log:@"Couldn't find image for class %@", NSStringFromClass(self.class)]; 45 | return FALSE; 46 | } 47 | 48 | return [self implementAllMethodHooksForImage:image]; 49 | } 50 | 51 | + (BOOL)implementAllMethodHooksForImage:(const char *)image { 52 | unsigned int classCount = 0; 53 | const char **classNames; 54 | classNames = objc_copyClassNamesForImage(image, &classCount); 55 | 56 | for (unsigned int index = 0; index < classCount; index += 1) { 57 | const char *className = classNames[index]; 58 | Class metaClass = objc_getMetaClass(className); 59 | if (!metaClass) { 60 | [RGELog log:@"Couldn't get MetaClass %s", className]; 61 | continue; 62 | } 63 | 64 | Class hookClass = objc_getClass(className); 65 | if (!hookClass) { 66 | [RGELog log:@"Couldn't get class %s", className]; 67 | continue; 68 | } 69 | 70 | if (class_conformsToProtocol(hookClass, hookProtocol) == FALSE) { 71 | continue; 72 | } 73 | [self implementHooksForMetaClassOnLoad:metaClass hookClass:hookClass className:className]; 74 | } 75 | 76 | free(classNames); 77 | return TRUE; 78 | } 79 | 80 | // MARK: - Hooking 81 | 82 | + (BOOL)implementHooksForMetaClassOnLoad:(Class)metaClass 83 | hookClass:(Class)hookClass 84 | className:(const char *)className { 85 | if ([hookClass respondsToSelector:@selector(hookOnLoad)]) { 86 | if ([hookClass hookOnLoad] == FALSE) { 87 | Method hookMethod = class_getClassMethod(self.class, @selector(hookClass_hook)); 88 | [self addMethodToClass:metaClass fromClass:self.class method:hookMethod newName:@selector(hook)]; 89 | return FALSE; 90 | } 91 | } 92 | 93 | [self implementHooksForMetaClass:metaClass hookClass:hookClass className:className]; 94 | return TRUE; 95 | } 96 | 97 | + (BOOL)implementHooksForClass:(Class)targetClass { 98 | const char *className = class_getName(targetClass); 99 | Class metaClass = objc_getMetaClass(className); 100 | Class hookClass = objc_getClass(className); 101 | return [self implementHooksForMetaClass:metaClass hookClass:hookClass className:className]; 102 | } 103 | 104 | + (BOOL)implementHooksForMetaClass:(Class)metaClass 105 | hookClass:(Class)hookClass 106 | className:(const char *)classNameCString { 107 | NSString *className = @(classNameCString); 108 | 109 | NSArray *targetClasses; 110 | NSString *hookClassPrefix = @"HOOK_"; 111 | if ([hookClass respondsToSelector:@selector(targetClasses)]) { 112 | targetClasses = [hookClass targetClasses]; 113 | } else if ([hookClass respondsToSelector:@selector(targetClass)]) { 114 | targetClasses = @[[hookClass targetClass]]; 115 | } else if ([className hasPrefix:hookClassPrefix]) { 116 | targetClasses = @[[className substringFromIndex:hookClassPrefix.length]]; 117 | } else { 118 | [RGELog log:@"%@ must implement a target class method.", className]; 119 | return FALSE; 120 | } 121 | 122 | for (NSString *targetClassName in targetClasses) { 123 | void (^handleHook)(Class targetClass) = ^(Class targetClass) { 124 | [RGELog log:@"Class: %@, target: %@", className, targetClassName]; 125 | [self implementMethodHooksForClass:hookClass 126 | isMetaClass:FALSE 127 | targetClass:targetClass 128 | className:className.UTF8String]; 129 | Class targetMetaClass = objc_getMetaClass(class_getName(targetClass)); 130 | if (!targetMetaClass) { 131 | return; 132 | } 133 | 134 | [self implementMethodHooksForClass:metaClass 135 | isMetaClass:TRUE 136 | targetClass:targetMetaClass 137 | className:className.UTF8String]; 138 | }; 139 | 140 | Class targetClass = objc_getClass(targetClassName.UTF8String); 141 | if (!targetClass) { 142 | [RGELog log:@"Couldn't find target class %@, trying in 2 seconds", targetClassName]; 143 | dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(2 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ 144 | Class targetClass = objc_getClass(targetClassName.UTF8String); 145 | if (targetClass) { 146 | handleHook(targetClass); 147 | } 148 | }); 149 | continue; 150 | } 151 | 152 | handleHook(targetClass); 153 | } 154 | 155 | return TRUE; 156 | } 157 | 158 | + (void)implementMethodHooksForClass:(Class)hookClass 159 | isMetaClass:(BOOL)isMetaClass 160 | targetClass:(Class)targetClass 161 | className:(const char *)className { 162 | unsigned int methodCount; 163 | Method *methods = class_copyMethodList(hookClass, &methodCount); 164 | if (!methods) { 165 | [RGELog log:@"Couldn't get method list for class: %s", className]; 166 | return; 167 | } 168 | 169 | Method originalMethod = class_getClassMethod(self.class, @selector(targetClass_original)); 170 | [self addMethodToClass:targetClass fromClass:self.class method:originalMethod newName:@selector(original)]; 171 | 172 | NSArray *blacklistedMethods = @[@".cxx_destruct"]; 173 | 174 | for (unsigned int methodIndex = 0; methodIndex < methodCount; methodIndex += 1) { 175 | Method hookMethod = methods[methodIndex]; 176 | if (!hookMethod) { 177 | [RGELog log:@"Unable to get method at index: %d", methodIndex]; 178 | continue; 179 | } 180 | 181 | SEL hookMethodSelector = method_getName(hookMethod); 182 | if (!hookMethodSelector) { 183 | [RGELog log:@"Unable to get method method name index: %d", methodIndex]; 184 | continue; 185 | } 186 | 187 | NSString *hookMethodName = NSStringFromSelector(hookMethodSelector); 188 | 189 | if ([blacklistedMethods containsObject:hookMethodName]) { 190 | continue; 191 | } 192 | 193 | NSString *originalStorePrefix = @"original_"; 194 | if ([hookMethodName hasPrefix:originalStorePrefix]) { 195 | continue; 196 | } 197 | 198 | NSString *targetMethodName = hookMethodName; 199 | SEL targetMethodSelector = NSSelectorFromString(targetMethodName); 200 | Method targetMethod = class_getInstanceMethod(targetClass, targetMethodSelector); 201 | 202 | BOOL isHookProtocolMethod = FALSE; 203 | BOOL isInstance = isMetaClass == FALSE; 204 | struct objc_method_description protocolMethod; 205 | protocolMethod = protocol_getMethodDescription(hookProtocol, targetMethodSelector, FALSE, isInstance); 206 | isHookProtocolMethod = protocolMethod.name != NULL; 207 | 208 | if (isHookProtocolMethod) { 209 | continue; 210 | } 211 | 212 | if (targetMethod == NULL) { 213 | [self addMethodToClass:targetClass fromClass:hookClass method:hookMethod]; 214 | continue; 215 | } 216 | 217 | const char *targetTypeEncoding = method_getTypeEncoding(targetMethod); 218 | const char *hookedTypeEncoding = method_getTypeEncoding(hookMethod); 219 | if (strcmp(targetTypeEncoding, hookedTypeEncoding) != 0) { 220 | [RGELog log:@"Error: Not implementing hook: target type encoding %s doesn't match hook type encoding: %s for selector %s", 221 | targetTypeEncoding, hookedTypeEncoding, sel_getName(targetMethodSelector)]; 222 | // return; 223 | } 224 | 225 | IMP hookImplementation = method_getImplementation(hookMethod); 226 | if (!hookImplementation) { 227 | [RGELog log:@"Error: Couldn't get implementation for method %@", hookMethodName]; 228 | continue; 229 | } 230 | 231 | NSString *originalStoreMethodName = [originalStorePrefix stringByAppendingString:targetMethodName]; 232 | SEL originalStoreSelector = NSSelectorFromString(originalStoreMethodName); 233 | class_getClassMethod(hookClass, originalStoreSelector); 234 | 235 | IMP originalImplementation = method_getImplementation(targetMethod); 236 | if (!originalImplementation) { 237 | [RGELog log:@"Error: Couldn't get implementation for method %@", targetMethodName]; 238 | continue; 239 | } 240 | 241 | class_addMethod(targetClass, originalStoreSelector, originalImplementation, targetTypeEncoding); 242 | 243 | IMP previousImplementation = class_replaceMethod(targetClass, 244 | targetMethodSelector, 245 | hookImplementation, 246 | targetTypeEncoding); 247 | if (previousImplementation != NULL) { 248 | [RGELog log:@"Implemented hook for [%s %@]", class_getName(targetClass), targetMethodName]; 249 | } else { 250 | [RGELog log:@"Failed to implement hook for [%s %@]", class_getName(targetClass), targetMethodName]; 251 | } 252 | 253 | } 254 | 255 | free(methods); 256 | } 257 | 258 | + (void)addMethodToClass:(Class)targetClass fromClass:(Class)fromClass method:(Method)method { 259 | [self addMethodToClass:targetClass fromClass:fromClass method:method newName:NULL]; 260 | } 261 | 262 | + (void)addMethodToClass:(Class)targetClass fromClass:(Class)fromClass method:(Method)method newName:(SEL)name { 263 | SEL selector; 264 | if (name) { 265 | selector = name; 266 | } else { 267 | selector = method_getName(method); 268 | } 269 | 270 | [RGELog log:@"Adding method %s to class: %s", sel_getName(selector), class_getName(targetClass)]; 271 | 272 | const char *typeEncoding = method_getTypeEncoding(method); 273 | IMP implementation = method_getImplementation(method); 274 | class_addMethod(targetClass, selector, implementation, typeEncoding); 275 | } 276 | 277 | // MARK: - Utilities 278 | 279 | + (const char *)currentImage { 280 | static int imageSymbolMarker = 1; 281 | 282 | static int DLADDR_ERROR = 0; 283 | Dl_info result; 284 | if (dladdr(&imageSymbolMarker, &result) == DLADDR_ERROR) { 285 | return nil; 286 | } 287 | 288 | return result.dli_fname; 289 | } 290 | 291 | // MARK: - Methods Added To Hook Classes 292 | 293 | + (BOOL)hookClass_hook { 294 | id target = (id)self; 295 | return [RogueHookImplementor implementHooksForClass:target.class]; 296 | } 297 | 298 | + (id)targetClass_original { 299 | return [[RGEProxy alloc] initWithTarget:self]; 300 | } 301 | 302 | @end 303 | 304 | -------------------------------------------------------------------------------- /ABdyld/ent.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | platform-application 6 | 7 | get-task-allow 8 | 9 | com.apple.system-task-ports 10 | 11 | task_for_pid-allow 12 | 13 | run-unsigned-code 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /ABdyld/main.m: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #import 4 | #import 5 | #import 6 | #import 7 | 8 | #import "RogueHook.h" 9 | #import "RGELog.h" 10 | 11 | @interface CTCarrierHook : NSObject 12 | @end 13 | @implementation CTCarrierHook 14 | + (NSString *)targetClass { 15 | return @"CTCarrier"; 16 | } 17 | -(NSString *)mobileNetworkCode { 18 | return @"06"; 19 | } 20 | -(NSString *)mobileCountryCode { 21 | return @"450"; 22 | } 23 | @end 24 | 25 | @interface AMSLBouncerHook : NSObject 26 | @end 27 | @implementation AMSLBouncerHook 28 | + (NSString *)targetClass { 29 | return @"AMSLBouncer"; 30 | } 31 | -(NSData *)decrypt:(NSData *)arg1 key:(NSData *)arg2 padding:(unsigned int *)arg3 { 32 | return [@"ㅇㅇㄷ" dataUsingEncoding:4]; 33 | } 34 | @end 35 | 36 | @interface AMSLFairPlayInspectorHook : NSObject 37 | @end 38 | @implementation AMSLFairPlayInspectorHook 39 | + (NSString *)targetClass { 40 | return @"AMSLFairPlayInspector"; 41 | } 42 | +(id)unarchive:(id)arg1 { 43 | NSMutableDictionary *dict = [NSMutableDictionary dictionary]; 44 | NSData *object_nsdata = [@"ㅎㅇ" dataUsingEncoding:NSUTF8StringEncoding]; 45 | [dict setObject:object_nsdata forKey:@"kConfirm"]; 46 | [dict setObject:object_nsdata forKey:@"kConfirmValidation"]; 47 | return dict; 48 | } 49 | +(id)hmacWithSierraEchoCharlieRomeoEchoTango:(id)arg1 andData:(id)arg2 { 50 | NSData *object_nsdata = [@"ㅎㅇ" dataUsingEncoding:NSUTF8StringEncoding]; 51 | return object_nsdata; 52 | } 53 | -(id)fairPlayWithResponseAck:(id)arg1 { 54 | return nil; 55 | } 56 | @end 57 | 58 | @interface BSAppIronHook : NSObject 59 | @end 60 | @implementation BSAppIronHook 61 | + (NSString *)targetClass { 62 | return @"BSAppIron"; 63 | } 64 | -(int)IiiIiIiiI { 65 | return 9013; 66 | } 67 | @end 68 | 69 | @interface mVaccineHook : NSObject 70 | @end 71 | @implementation mVaccineHook 72 | + (NSString *)targetClass { 73 | return @"mVaccine"; 74 | } 75 | -(BOOL)isJailBreak { 76 | return false; 77 | } 78 | -(BOOL)mvc { 79 | return false; 80 | } 81 | -(BOOL)checkUrl { 82 | return false; 83 | } 84 | -(BOOL)checkFSTabFileSize { 85 | return false; 86 | } 87 | @end 88 | 89 | @interface KSFileUtilHook : NSObject 90 | @end 91 | @implementation KSFileUtilHook 92 | + (NSString *)targetClass { 93 | return @"KSFileUtil"; 94 | } 95 | +(int)checkJailBreak { 96 | return 1; 97 | } 98 | @end 99 | 100 | @interface AppJailBrokenCheckerHook : NSObject 101 | @end 102 | @implementation AppJailBrokenCheckerHook 103 | + (NSString *)targetClass { 104 | return @"AppJailBrokenChecker"; 105 | } 106 | +(unsigned char)isAppJailbroken { 107 | return 0; 108 | } 109 | @end 110 | 111 | @interface SFAntiPiracyHook : NSObject 112 | @end 113 | @implementation SFAntiPiracyHook 114 | + (NSString *)targetClass { 115 | return @"SFAntiPiracy"; 116 | } 117 | +(BOOL)isTheDeviceJailbroken { 118 | return false; 119 | } 120 | +(BOOL)isTheApplicationCracked { 121 | return false; 122 | } 123 | +(BOOL)isTheApplicationTamperedWith { 124 | return false; 125 | } 126 | +(void)lllI { 127 | 128 | } 129 | @end 130 | 131 | @interface NSFileManagerHook : NSObject 132 | @end 133 | @implementation NSFileManagerHook 134 | +(NSString *)targetClass { 135 | return @"NSFileManager"; 136 | } 137 | -(BOOL)fileExistsAtPath:(NSString *)path { 138 | if([path hasPrefix:@"/Applications/"]) return false; 139 | return [self.original fileExistsAtPath:path]; 140 | } 141 | @end 142 | 143 | @interface UIApplicationHook : NSObject 144 | @end 145 | @implementation UIApplicationHook 146 | +(NSString *)targetClass { 147 | return @"UIApplication"; 148 | } 149 | -(BOOL)canOpenURL:(NSURL *)path { 150 | for (NSString* key in @[@"cydia", @"sileo"]) { 151 | if([path.absoluteString hasPrefix:key]) return false; 152 | } 153 | return [self.original canOpenURL:path]; 154 | } 155 | @end 156 | 157 | @interface StockNewsdmManager 158 | +(char *)defRandomString; 159 | @end 160 | 161 | @interface StockNewsdmManagerHook : NSObject 162 | @end 163 | @implementation StockNewsdmManagerHook 164 | +(NSString *)targetClass { 165 | return @"StockNewsdmManager"; 166 | } 167 | +(char *)defRandomString { 168 | return "00000000"; 169 | } 170 | @end 171 | 172 | @interface LiappHook : NSObject 173 | @end 174 | @implementation LiappHook 175 | +(NSString *)targetClass { 176 | dlopen("/Library/BawAppie/ABypass/ABLicense", RTLD_NOW); 177 | return @"Liapp"; 178 | } 179 | +(int)LA1 { 180 | return 0; 181 | } 182 | +(int)LA2 { 183 | return 0; 184 | } 185 | @end 186 | 187 | // @interface UnityLiappWrapperHook : NSObject 188 | // @end 189 | // @implementation UnityLiappWrapperHook 190 | // +(NSString *)targetClass { 191 | // return @"UnityLiappWrapper"; 192 | // } 193 | // +(int)LA1 { 194 | // return 0; 195 | // } 196 | // +(int)LA2 { 197 | // return 0; 198 | // } 199 | // @end 200 | 201 | @interface w0n6YHook : NSObject 202 | @end 203 | @implementation w0n6YHook 204 | +(NSString *)targetClass { 205 | return @"w0n6Y"; 206 | } 207 | -(id)u0tutZS { 208 | return [[NSUUID UUID] UUIDString]; 209 | } 210 | @end -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | TARGET = iphone:clang:12.2:12.2 2 | ARCHS = arm64 arm64e 3 | PREFIX="/Library/Developer/TheosToolchains/Xcode11.xctoolchain/usr/bin/" 4 | # STRIP = 0 5 | 6 | CURDIR := $(shell pwd) 7 | 8 | include $(THEOS)/makefiles/common.mk 9 | 10 | TWEAK_NAME = !ABypass2 11 | !ABypass2_FILES = Tweak.xm ABWindow.m 12 | !ABypass2_LIBRARIES = mryipc MobileGestalt 13 | 14 | include $(THEOS_MAKE_PATH)/tweak.mk 15 | 16 | # after-install:: 17 | # install.exec "killall -9 SpringBoard" 18 | 19 | before-stage:: 20 | find . -name ".DS\_Store" -delete 21 | 22 | SUBPROJECTS += abypassprefs 23 | SUBPROJECTS += abypassloader 24 | SUBPROJECTS += ABdyld 25 | SUBPROJECTS += absubloader 26 | include $(THEOS_MAKE_PATH)/aggregate.mk 27 | 28 | 29 | after-stage:: 30 | @mkdir -p $(THEOS_STAGING_DIR)/usr/lib 31 | @mv $(THEOS_STAGING_DIR)/Library/MobileSubstrate/DynamicLibraries/ABDYLD.dylib $(THEOS_STAGING_DIR)/usr/lib/ABDYLD.dylib 32 | @rm $(THEOS_STAGING_DIR)/Library/MobileSubstrate/DynamicLibraries/ABDYLD.plist 33 | @mv $(THEOS_STAGING_DIR)/Library/MobileSubstrate/DynamicLibraries/ABSubLoader.dylib $(THEOS_STAGING_DIR)/usr/lib/ABSubLoader.dylib 34 | @rm $(THEOS_STAGING_DIR)/Library/MobileSubstrate/DynamicLibraries/ABSubLoader.plist 35 | @./afterProcess.sh $(DEBUG) 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## [A-Bypass](https://repo.co.kr/ko/package/com.rpgfarm.a-bypass) 2 | 3 | ## Github Sponsor 4 | 이 프로젝트는 [한국모바일상품권](https://korgiftcard.io)으로부터 금전적인 지원을 받았습니다. 5 | This project received financial support from [Korea Mobile Gift Card](https://korgiftcard.io). 6 | -------------------------------------------------------------------------------- /Tweak.xm: -------------------------------------------------------------------------------- 1 | #import 2 | #import 3 | #import 4 | #import 5 | #include 6 | #include 7 | #include 8 | #include 9 | #import 10 | #import 11 | #import 12 | #import 13 | #import 14 | #import 15 | #import 16 | #include 17 | #include 18 | #include 19 | #import 20 | #import "header.h" 21 | #import "ABWindow.h" 22 | 23 | // NSFileManager *fileManager = [NSFileManager defaultManager]; 24 | #define fileManager [NSFileManager defaultManager] 25 | BOOL isSubstitute = ([fileManager fileExistsAtPath:@"/usr/lib/libsubstitute.dylib"] && ![fileManager fileExistsAtPath:@"/usr/lib/substrate"]) && ![fileManager fileExistsAtPath:@"/usr/lib/libhooker.dylib"]; 26 | BOOL isXinaA12 = [fileManager fileExistsAtPath:@"/var/LIY/"]; 27 | NSString *ABLoaderPath = isXinaA12 ? @"/var/LIY/BawAppie/ABypass/ABLicense" : @"/Library/BawAppie/ABypass/ABLicense"; 28 | const char *DisableLocation = "/var/tmp/.substitute_disable_loader"; 29 | const char *ABKVDLockPath = "/var/tmp/.abkvd.lock"; 30 | 31 | static BBServer *bbServer = nil; 32 | static MRYIPCCenter* center; 33 | NSArray *disableIdentifiers; 34 | NSArray *subloader; 35 | NSArray *vnodeBypassIdentifiers; 36 | NSArray *vnodeHidePath; 37 | float iosVersion; 38 | 39 | static void easy_spawn(const char* args[]){ 40 | pid_t pid; 41 | int status; 42 | posix_spawn(&pid, args[0], NULL, NULL, (char* const*)args, NULL); 43 | waitpid(pid, &status, WEXITED); 44 | } 45 | 46 | static dispatch_queue_t getBBServerQueue() { 47 | static dispatch_queue_t queue; 48 | static dispatch_once_t predicate; 49 | dispatch_once(&predicate, ^{ 50 | void *handle = dlopen(NULL, RTLD_GLOBAL); 51 | if (handle) { 52 | dispatch_queue_t *pointer = (dispatch_queue_t *) dlsym(handle, "__BBServerQueue"); 53 | if (pointer) { 54 | queue = *pointer; 55 | } 56 | dlclose(handle); 57 | } 58 | }); 59 | return queue; 60 | } 61 | static void fakeNotification(NSString *sectionID, NSString *title, NSString *message) { 62 | BBBulletin *bulletin = [[%c(BBBulletin) alloc] init]; 63 | NSDate *date = [NSDate date]; 64 | 65 | bulletin.title = title; 66 | bulletin.message = message; 67 | bulletin.sectionID = sectionID; 68 | bulletin.bulletinID = [[NSProcessInfo processInfo] globallyUniqueString]; 69 | bulletin.recordID = [[NSProcessInfo processInfo] globallyUniqueString]; 70 | bulletin.publisherBulletinID = [[NSProcessInfo processInfo] globallyUniqueString]; 71 | bulletin.date = date; 72 | bulletin.defaultAction = [%c(BBAction) actionWithLaunchBundleID:sectionID callblock:nil]; 73 | bulletin.clearable = YES; 74 | bulletin.showsMessagePreview = YES; 75 | bulletin.publicationDate = date; 76 | bulletin.lastInterruptDate = date; 77 | 78 | if ([bbServer respondsToSelector:@selector(publishBulletin:destinations:)]) { 79 | dispatch_sync(getBBServerQueue(), ^{ 80 | [bbServer publishBulletin:bulletin destinations:15]; 81 | }); 82 | } 83 | } 84 | 85 | %group SpringBoard 86 | %hook BBServer 87 | -(id)initWithQueue:(id)arg1 { 88 | bbServer = %orig; 89 | return bbServer; 90 | } 91 | -(id)initWithQueue:(id)arg1 dataProviderManager:(id)arg2 syncService:(id)arg3 dismissalSyncCache:(id)arg4 observerListener:(id)arg5 utilitiesListener:(id)arg6 conduitListener:(id)arg7 systemStateListener:(id)arg8 settingsListener:(id)arg9 { 92 | bbServer = %orig; 93 | return bbServer; 94 | } 95 | - (void)dealloc { 96 | if (bbServer == self) bbServer = nil; 97 | %orig; 98 | } 99 | %end 100 | 101 | extern "C" CFPropertyListRef MGCopyAnswer(CFStringRef property); 102 | 103 | @interface SpringBoard 104 | @property (nonatomic, strong) MRYIPCCenter *centerForABypass; 105 | @property (nonatomic, strong) APLoadingToast *loadingToastForABypass; 106 | -(SBApplication *)_accessibilityFrontMostApplication; 107 | @end 108 | %hook SpringBoard 109 | %property (strong) MRYIPCCenter *centerForABypass; 110 | %property (strong) APLoadingToast *loadingToastForABypass; 111 | -(void)applicationDidFinishLaunching:(id)application { 112 | %orig; 113 | 114 | self.centerForABypass = [MRYIPCCenter centerNamed:@"com.rpgfarm.a-bypass"]; 115 | [self.centerForABypass addTarget:self action:@selector(handleShowNotification:)]; 116 | [self.centerForABypass addTarget:self action:@selector(handleUpdateLicense:)]; 117 | 118 | self.loadingToastForABypass = [[objc_getClass("APLoadingToast") alloc] initWithView:[[ABWindow sharedInstance] rootViewController].view]; 119 | } 120 | 121 | %new 122 | -(void)handleShowNotification:(NSDictionary *)userInfo { 123 | fakeNotification(userInfo[@"identifier"], userInfo[@"title"], userInfo[@"message"]); 124 | } 125 | 126 | %new 127 | -(NSDictionary *)handleUpdateLicense:(NSDictionary *)userInfo { 128 | NSError *error = nil; 129 | if([userInfo[@"type"] isEqual:@3]) { 130 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^() { 131 | dispatch_async(dispatch_get_main_queue(), ^() { 132 | [self.loadingToastForABypass showToast:@"Loading A-Bypass" withMessage:[NSString stringWithFormat:@"0/%@ Completed", userInfo[@"max"]]]; 133 | }); 134 | }); 135 | } else if([userInfo[@"type"] isEqual:@4]) { 136 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^() { 137 | dispatch_async(dispatch_get_main_queue(), ^() { 138 | [self.loadingToastForABypass setPercent:[userInfo[@"per"] doubleValue]/[userInfo[@"max"] doubleValue]]; 139 | self.loadingToastForABypass.subtitleLabel.text = [NSString stringWithFormat:@"%@/%@ Completed", userInfo[@"per"], userInfo[@"max"]]; 140 | }); 141 | }); 142 | } else if([userInfo[@"type"] isEqual:@5]) { 143 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^() { 144 | dispatch_async(dispatch_get_main_queue(), ^() { 145 | [self.loadingToastForABypass hideToast]; 146 | }); 147 | }); 148 | } else if([userInfo[@"type"] isEqual:@6]) { 149 | [fileManager removeItemAtPath:@"/var/mobile/Library/Preferences/ABLivePatch" error:&error]; 150 | } 151 | if(error) return @{@"success": @0, @"message": [error localizedDescription]}; 152 | return @{@"success": @1}; 153 | } 154 | %end 155 | 156 | 157 | %hook _SBApplicationLaunchAlertInfo 158 | -(NSString *)bundleID { 159 | if (isSubstitute && access(DisableLocation, F_OK) != -1) remove(DisableLocation); 160 | return %orig; 161 | } 162 | %end 163 | 164 | %hook SBMainWorkspace 165 | -(void)applicationProcessDidLaunch:(FBProcess *)arg1 { 166 | if (isSubstitute && access(DisableLocation, F_OK) != -1) remove(DisableLocation); 167 | // if([vnodeBypassIdentifiers containsObject:arg1.bundleIdentifier]) { 168 | // // [NSThread sleepForTimeInterval:2]; 169 | // } 170 | return %orig; 171 | } 172 | %end 173 | #define ABKVD_IS_AVAILABLE access(ABKVDLockPath, F_OK) != -1 174 | void saveAndHideVnode() { 175 | if (ABKVD_IS_AVAILABLE) { 176 | MRYIPCCenter *ABKVDCenter = [MRYIPCCenter centerNamed:@"com.rpgfarm.abkvd"]; 177 | [ABKVDCenter callExternalMethod:@selector(handleABKVDRequest:) withArguments:@{ @"type" : @"updateVnodeHidePath", @"vnodeHidePath": vnodeHidePath }]; 178 | [ABKVDCenter callExternalMethod:@selector(handleABKVDRequest:) withArguments:@{ @"type" : @"saveAndHideVnode" }]; 179 | // HBLogError(@"[ABKVD] saveAndHideVnode"); 180 | } 181 | } 182 | void revertAndRecoveryVnode() { 183 | if (ABKVD_IS_AVAILABLE) { 184 | MRYIPCCenter *ABKVDCenter = [MRYIPCCenter centerNamed:@"com.rpgfarm.abkvd"]; 185 | [ABKVDCenter callExternalMethod:@selector(handleABKVDRequest:) withArguments:@{ @"type" : @"revertAndRecoveryVnode" }]; 186 | // HBLogError(@"[ABKVD] revertAndRecoveryVnode"); 187 | } 188 | } 189 | %hook FBProcessManager 190 | -(void)noteProcess:(FBApplicationProcess *)process didUpdateState:(FBProcessState *)state { 191 | if(process.executionContext.identity.embeddedApplicationIdentifier) { 192 | dispatch_async(dispatch_get_main_queue(), ^{ 193 | SpringBoard *springBoardInstance = (SpringBoard *)[UIApplication sharedApplication]; 194 | if(!springBoardInstance) return; 195 | SBApplication *frontApplication = [springBoardInstance _accessibilityFrontMostApplication]; 196 | if(!frontApplication) { 197 | revertAndRecoveryVnode(); 198 | return; 199 | } 200 | NSString *bundleID = [frontApplication bundleIdentifier]; 201 | if([vnodeBypassIdentifiers containsObject:bundleID]) saveAndHideVnode(); 202 | else revertAndRecoveryVnode(); 203 | }); 204 | } 205 | %orig; 206 | } 207 | - (id)_createProcessWithExecutionContext:(FBProcessExecutionContext *)executionContext { 208 | NSString *bundleID = executionContext.identity.embeddedApplicationIdentifier; 209 | NSMutableDictionary* environmentM = [executionContext.environment mutableCopy]; 210 | NSMutableDictionary *plistDict = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist"]; 211 | if(![plistDict[bundleID] isEqual:@1]) return %orig; 212 | if([subloader containsObject:bundleID]) [environmentM setObject:@"/usr/lib/ABSubLoader.dylib" forKey:@"DYLD_INSERT_LIBRARIES"]; 213 | if([disableIdentifiers containsObject:bundleID]) [environmentM setObject:@"/usr/lib/ABDYLD.dylib" forKey:@"DYLD_INSERT_LIBRARIES"]; 214 | if([vnodeBypassIdentifiers containsObject:bundleID]) saveAndHideVnode(); 215 | if([disableIdentifiers containsObject:bundleID] || [subloader containsObject:bundleID] || ([vnodeBypassIdentifiers containsObject:bundleID] && ABKVD_IS_AVAILABLE)) { 216 | if(isSubstitute) { 217 | fopen(DisableLocation, "w"); 218 | } else { 219 | [environmentM setObject:@(1) forKey:@"_MSSafeMode"]; 220 | [environmentM setObject:@(1) forKey:@"_SafeMode"]; 221 | } 222 | } 223 | executionContext.environment = [environmentM copy]; 224 | return %orig(executionContext); 225 | } 226 | 227 | -(id)createApplicationProcessForBundleID:(NSString *)bundleID withExecutionContext:(FBProcessExecutionContext*)executionContext { 228 | NSMutableDictionary* environmentM = [executionContext.environment mutableCopy]; 229 | NSMutableDictionary *plistDict = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist"]; 230 | if(![plistDict[bundleID] isEqual:@1]) return %orig; 231 | if([subloader containsObject:bundleID]) [environmentM setObject:@"/usr/lib/ABSubLoader.dylib" forKey:@"DYLD_INSERT_LIBRARIES"]; 232 | if([disableIdentifiers containsObject:bundleID]) [environmentM setObject:@"/usr/lib/ABDYLD.dylib" forKey:@"DYLD_INSERT_LIBRARIES"]; 233 | if([vnodeBypassIdentifiers containsObject:bundleID]) saveAndHideVnode(); 234 | if([disableIdentifiers containsObject:bundleID] || [subloader containsObject:bundleID] || ([vnodeBypassIdentifiers containsObject:bundleID] && ABKVD_IS_AVAILABLE)) { 235 | if(isSubstitute) { 236 | fopen(DisableLocation, "w"); 237 | } else { 238 | [environmentM setObject:@(1) forKey:@"_MSSafeMode"]; 239 | [environmentM setObject:@(1) forKey:@"_SafeMode"]; 240 | } 241 | } 242 | executionContext.environment = [environmentM copy]; 243 | return %orig(bundleID, executionContext); 244 | } 245 | 246 | %end 247 | 248 | %end 249 | 250 | %ctor { 251 | HBLogError(@"Hello! Jailbreak Detection! A-Bypass is Loading..."); 252 | HBLogError(@"A-Bypass by Baw Appie "); 253 | 254 | NSString *identifier = [NSBundle mainBundle].bundleIdentifier; 255 | NSMutableDictionary *plistDict = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist"]; 256 | center = [MRYIPCCenter centerNamed:@"com.rpgfarm.a-bypass"]; 257 | isXinaA12 = [fileManager fileExistsAtPath:@"/var/LIY/"]; 258 | ABLoaderPath = isXinaA12 ? @"/var/LIY/BawAppie/ABypass/ABLicense" : @"/Library/BawAppie/ABypass/ABLicense"; 259 | 260 | if([identifier isEqualToString:@"com.apple.springboard"]) { 261 | dlopen("/usr/local/lib/libAPToast.dylib", RTLD_NOW); 262 | 263 | NSData *data = [NSData dataWithContentsOfFile:@"/var/mobile/Library/Preferences/ABPattern" options:0 error:nil]; 264 | NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil]; 265 | 266 | iosVersion = [[[UIDevice currentDevice] systemVersion] floatValue]; 267 | disableIdentifiers = [dic[@"disableIdentifiers"] copy]; 268 | subloader = [dic[@"subloader"] copy]; 269 | vnodeBypassIdentifiers = [dic[@"vnodeBypassIdentifiers"] copy]; 270 | vnodeHidePath = [dic[@"vnodeHidePath"] copy]; 271 | 272 | if([fileManager fileExistsAtPath:@"/usr/bin/ABKVD"]) easy_spawn((const char *[]){"/usr/bin/ABKVD", NULL}); 273 | 274 | %init(SpringBoard); 275 | return; 276 | } 277 | 278 | if([plistDict[identifier] isEqual:@1]) { 279 | 280 | if(plistDict[@"stopABLivePatch"] && ![fileManager fileExistsAtPath:ABLoaderPath]) { 281 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 282 | @"title" : @"A-Bypass Live Patch", 283 | @"message" : @"A-Bypass Live Patch is not available. Starting Live Patch Update..", 284 | @"identifier": @"com.apple.Preferences" 285 | }]; 286 | plistDict[@"stopABLivePatch"] = nil; 287 | } 288 | 289 | if(!plistDict[@"stopABLivePatch"]) { 290 | if([fileManager fileExistsAtPath:@"/var/mobile/Library/Preferences/ABLivePatch"]) { 291 | [center callExternalMethod:@selector(handleUpdateLicense:) withArguments:@{ @"type": @6, @"identifier": identifier }]; 292 | } 293 | NSDictionary *result = [center callExternalMethod:@selector(handleUpdateLicense:) withArguments:@{ 294 | @"type": @1, 295 | @"identifier": identifier 296 | }]; 297 | if([result[@"success"] isEqual:@0]) { 298 | if([result[@"errno"] isEqual:@1] && [fileManager fileExistsAtPath:ABLoaderPath]) { 299 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 300 | @"title" : @"A-Bypass Live Patch", 301 | @"message" : [NSString stringWithFormat:@"ABLoader is unable to update A-Bypass. (A network error has occurred: %@)", result[@"message"]], 302 | @"identifier": @"com.apple.Preferences" 303 | }]; 304 | } else { 305 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 306 | @"title" : @"A-Bypass License Manager Error", 307 | @"message" : [NSString stringWithFormat:@"ABLoader is unable to update A-Bypass. (A storage error has occurred: %@)", result[@"message"]], 308 | @"identifier": @"com.apple.Preferences" 309 | }]; 310 | exit(0); 311 | return; 312 | } 313 | } 314 | 315 | if(![fileManager fileExistsAtPath:ABLoaderPath]) { 316 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 317 | @"title" : @"ABLoader Exception", 318 | @"message" : @"ABLoader is unable to load A-Bypass. Please report this error to @BawAppie (License is not verified)", 319 | @"identifier": @"com.apple.Preferences" 320 | }]; 321 | exit(0); 322 | return; 323 | } 324 | } 325 | 326 | // HBLogError(@"[ABLoader] Start Loading!"); 327 | void *loader = dlopen([ABLoaderPath UTF8String], RTLD_NOW); 328 | 329 | if(loader == nil) { 330 | // easy_spawn((const char *[]){"/usr/bin/cynject", [[NSString stringWithFormat:@"%d", getpid()] UTF8String], "/Library/BawAppie/ABypass/ABLicense", NULL}); 331 | [[NSString stringWithFormat:@"ABLOADER EXCEPTION\n\n%s", dlerror()] writeToFile:[NSString stringWithFormat:@"%@/Documents/ABLoaderError.log", NSHomeDirectory()] atomically:true encoding:NSUTF8StringEncoding error:nil]; 332 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 333 | @"title" : @"ABLoader Exception", 334 | @"message" : @"ABLoader is unable to load A-Bypass. Please report this error to @BawAppie (A-Bypass injection failed)", 335 | @"identifier": @"com.apple.Preferences" 336 | }]; 337 | exit(0); 338 | } 339 | NSLog(@"A-Bypass V2 Initialize complete!"); 340 | } 341 | return; 342 | } 343 | -------------------------------------------------------------------------------- /absubloader/ABSubLoader.plist: -------------------------------------------------------------------------------- 1 | { Filter = { Bundles = ( "com.apple.UIKit" ); }; } 2 | -------------------------------------------------------------------------------- /absubloader/Makefile: -------------------------------------------------------------------------------- 1 | include $(THEOS)/makefiles/common.mk 2 | 3 | TWEAK_NAME = ABSubLoader 4 | 5 | ABSubLoader_FILES = Tweak.m 6 | ABSubLoader_CODESIGN_FLAGS=-K../signcert.p12 -S./ent.plist 7 | 8 | ADDITIONAL_OBJCFLAGS = -fobjc-arc 9 | 10 | include $(THEOS_MAKE_PATH)/tweak.mk 11 | -------------------------------------------------------------------------------- /absubloader/Tweak.m: -------------------------------------------------------------------------------- 1 | #import 2 | #import 3 | @import Darwin.POSIX.dlfcn; 4 | 5 | __attribute__((constructor)) 6 | int main(int argc, char *argv[], char *envp[]) { 7 | NSString *identifier = [NSBundle mainBundle].bundleIdentifier; 8 | dlopen("/usr/lib/libmryipc.dylib", RTLD_NOW); 9 | 10 | NSMutableDictionary *plistDict = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist"]; 11 | MRYIPCCenter *center = [objc_getClass("MRYIPCCenter") centerNamed:@"com.rpgfarm.a-bypass"]; 12 | 13 | if([plistDict[identifier] isEqual:@1]) { 14 | NSDictionary *result = [center callExternalMethod:@selector(handleUpdateLicense:) withArguments:@{ 15 | @"type": @1, 16 | @"identifier": identifier 17 | }]; 18 | if([result[@"success"] isEqual:@0]) { 19 | if([result[@"errno"] isEqual:@1] && [[NSFileManager defaultManager] fileExistsAtPath:@"/Library/BawAppie/ABypass/ABLicense"]) { 20 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 21 | @"title" : @"A-Bypass Live Patch", 22 | @"message" : [NSString stringWithFormat:@"A network error has occurred. Skipping live patch update... (%@)", result[@"message"]], 23 | @"identifier": @"com.apple.Preferences" 24 | }]; 25 | } else { 26 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 27 | @"title" : @"A-Bypass License Manager Error.", 28 | @"message" : result[@"message"], 29 | @"identifier": @"com.apple.Preferences" 30 | }]; 31 | exit(0); 32 | return 0; 33 | } 34 | } 35 | if(![[NSFileManager defaultManager] fileExistsAtPath:@"/Library/BawAppie/ABypass/ABLicense"]) { 36 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 37 | @"title" : @"ABLoader Exception", 38 | @"message" : @"A-Bypass license cannot be verified or server is offline.", 39 | @"identifier": @"com.apple.Preferences" 40 | }]; 41 | exit(0); 42 | return 0; 43 | } 44 | 45 | // HBLogError(@"[ABLoader] Start Loading!"); 46 | void *loader = dlopen("/Library/BawAppie/ABypass/ABLicense", RTLD_NOW); 47 | 48 | if(loader == nil) { 49 | [[NSString stringWithFormat:@"ABLOADER EXCEPTION\n\n%s", dlerror()] writeToFile:[NSString stringWithFormat:@"%@/Documents/ABLoaderError.log", NSHomeDirectory()] atomically:true encoding:NSUTF8StringEncoding error:nil]; 50 | [center callExternalVoidMethod:@selector(handleShowNotification:) withArguments:@{ 51 | @"title" : @"ABLoader Exception", 52 | @"message" : @"ABLoader is unable to load A-Bypass. Please report this error to @BawAppie", 53 | @"identifier": @"com.apple.Preferences" 54 | }]; 55 | exit(0); 56 | } 57 | NSLog(@"A-Bypass V2 Initialize complete!"); 58 | } 59 | return 0; 60 | } -------------------------------------------------------------------------------- /absubloader/ent.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | platform-application 6 | 7 | get-task-allow 8 | 9 | com.apple.system-task-ports 10 | 11 | task_for_pid-allow 12 | 13 | run-unsigned-code 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /absysent.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/absysent.zip -------------------------------------------------------------------------------- /abypassloader/ABPattern.h: -------------------------------------------------------------------------------- 1 | // #import "ABPattern.m" 2 | 3 | // #define MSHookFunction DobbyHook 4 | #define ABPattern AppIePattern 5 | 6 | #define getIvar(object, ivar) [object valueForKey:ivar] 7 | #define setIvar(object, ivar, value) [object setValue:value forKey:ivar] 8 | 9 | #define objcInvokeT(a, b, t) ((t (*)(id, SEL))objc_msgSend)(a, NSSelectorFromString(b)) 10 | #define objcInvoke(a, b) objcInvokeT(a, b, id) 11 | #define objcInvoke_1(a, b, c) ((id (*)(id, SEL, typeof(c)))objc_msgSend)(a, NSSelectorFromString(b), c) 12 | #define objcInvoke_2(a, b, c, d) ((id (*)(id, SEL, typeof(c), typeof(d)))objc_msgSend)(a, NSSelectorFromString(b), c, d) 13 | #define objcInvoke_3(a, b, c, d, e) ((id (*)(id, SEL, typeof(c), typeof(d), typeof(e)))objc_msgSend)(a, NSSelectorFromString(b), c, d, e) 14 | 15 | #define assertGotExpectedObject(obj, type) if (!obj || ![obj isKindOfClass:NSClassFromString(type)]) [NSException raise:@"UnexpectedObjectException" format:@"Expected %@ but got %@", type, obj] 16 | 17 | @interface AppIePattern : NSObject { 18 | NSMutableArray *k; 19 | NSMutableDictionary *m; 20 | NSMutableArray *p; 21 | NSMutableArray *z; 22 | NSMutableArray *u; 23 | NSMutableDictionary *I; 24 | NSMutableDictionary *o; 25 | } 26 | @property (nonatomic) BOOL a; 27 | @property (nonatomic, retain) NSNumber *b; 28 | @property (nonatomic, copy) NSMutableArray *d; 29 | @property (nonatomic, retain) NSMutableArray *e; 30 | @property (nonatomic, copy) NSMutableArray *f; 31 | @property (nonatomic, copy) NSArray *ABASMBlackList; 32 | @property (nonatomic, copy) NSArray *hookSVC80; 33 | @property (nonatomic, copy) NSArray *noHookingPlz; 34 | @property (nonatomic, copy) NSArray *enforceDYLD; 35 | @property (nonatomic, copy) NSArray *aaaa; 36 | + (instancetype)sharedInstance; 37 | - (NSArray *)pattern; 38 | -(void)usk:(NSString *)oldpath n:(NSString *)newpath; 39 | -(BOOL)i:(NSString *)path; 40 | -(BOOL)u:(NSString *)path i:(int)index; 41 | - (NSString *)re:(NSString *)path; 42 | -(BOOL)c:(NSString *)path; 43 | -(BOOL)k:(NSString *)path; 44 | -(void)setup:(NSArray *)array; 45 | -(NSError *)er; 46 | -(BOOL)ozd:(NSString *)name; 47 | @end 48 | 49 | 50 | @interface ABPatternObject : NSObject 51 | @property (nonatomic, retain) id dummy; 52 | @end 53 | 54 | 55 | 56 | struct STS1 { 57 | unsigned char uv[16]; 58 | id il; 59 | unsigned char uq[12]; 60 | struct STS2 *pSTS2; 61 | }; 62 | 63 | struct STS2 { 64 | unsigned char iu[16]; 65 | const struct mach_header *lo; 66 | unsigned char we[7]; 67 | id il; 68 | struct STS3 *nb; 69 | unsigned char uh[30]; 70 | unsigned char uq[30]; 71 | unsigned char sd[30]; 72 | unsigned char ur; 73 | unsigned char op; 74 | unsigned char mv; 75 | unsigned char ao; 76 | unsigned char ei; 77 | unsigned char wz; 78 | unsigned char vu[7]; 79 | }; 80 | 81 | struct STS3 { 82 | unsigned char po[16]; 83 | id pu; 84 | unsigned char pa[9]; 85 | id px; 86 | unsigned char pb[7]; 87 | id pz; 88 | unsigned char pm[7]; 89 | id pl; 90 | id pv; 91 | id ps; 92 | id pi; 93 | id pc; 94 | }; -------------------------------------------------------------------------------- /abypassloader/ABPattern.m: -------------------------------------------------------------------------------- 1 | #import "ABPattern.h" 2 | 3 | @implementation AppIePattern 4 | BOOL isLibHooker; 5 | +(instancetype)sharedInstance { 6 | static dispatch_once_t p = 0; 7 | __strong static id _sharedSelf = nil; 8 | dispatch_once(&p, ^{ 9 | _sharedSelf = [[self alloc] init]; 10 | }); 11 | return _sharedSelf; 12 | } 13 | 14 | -(id)init { 15 | isLibHooker = [[NSFileManager defaultManager] fileExistsAtPath:@"/usr/lib/libhooker.dylib"]; 16 | self = [super init]; 17 | if(self) { 18 | k = [NSMutableArray new]; 19 | p = [NSMutableArray new]; 20 | z = [NSMutableArray new]; 21 | u = [NSMutableArray new]; 22 | // 이거 절대 l 아님.. 대문자 i 임!! 23 | I = [NSMutableDictionary new]; 24 | o = [NSMutableDictionary new]; 25 | } 26 | return self; 27 | } 28 | 29 | -(NSArray *)pattern { 30 | return z; 31 | } 32 | 33 | -(void)setup:(NSMutableArray *)array { 34 | z = [array mutableCopy]; 35 | HBLogError(@"%@", @"ABPattern setup complete!"); 36 | } 37 | 38 | -(void)usk:(NSString *)oldpath n:(NSString *)newpath { 39 | if(![oldpath isAbsolutePath]) { 40 | NSString *oldpath_abs = [[[NSFileManager defaultManager] currentDirectoryPath] stringByAppendingPathComponent:oldpath]; 41 | oldpath = oldpath_abs; 42 | } 43 | if(![newpath isAbsolutePath]) { 44 | NSString *newpath_abs = [[[NSFileManager defaultManager] currentDirectoryPath] stringByAppendingPathComponent:newpath]; 45 | newpath = newpath_abs; 46 | } 47 | // HBLogError(@"[ABZZ] %@ is %@.. OK!", oldpath, newpath); 48 | I[newpath] = oldpath; 49 | } 50 | 51 | -(BOOL)c:(NSString *)path { 52 | return [self u:path i:0]; 53 | } 54 | 55 | -(BOOL)u:(NSString *)path i:(int)index { 56 | #ifdef DEBUG 57 | // NSLog(@"ABPattern Request %@", path); 58 | #endif 59 | path = [path stringByReplacingOccurrencesOfString:@"file://" withString:@""]; 60 | path = [path stringByReplacingOccurrencesOfString:@"//" withString:@"/"]; 61 | if(![path isAbsolutePath]) { 62 | NSString *path_abs = [[[NSFileManager defaultManager] currentDirectoryPath] stringByAppendingPathComponent:path]; 63 | path = path_abs; 64 | } 65 | for(NSString *item in [I allKeys]) { 66 | if([path hasPrefix:item]) { 67 | path = [path stringByReplacingOccurrencesOfString:item withString:I[item]]; 68 | path = [path stringByReplacingOccurrencesOfString:@"file://" withString:@""]; 69 | path = [path stringByReplacingOccurrencesOfString:@"//" withString:@"/"]; 70 | if(![path isAbsolutePath]) { 71 | NSString *path_abs = [[[NSFileManager defaultManager] currentDirectoryPath] stringByAppendingPathComponent:path]; 72 | path = path_abs; 73 | } 74 | } 75 | } 76 | if([path hasPrefix:@"/User"]) { 77 | NSMutableArray *pathComponents = [NSMutableArray arrayWithArray:[path pathComponents]]; 78 | [pathComponents removeObjectAtIndex:0]; 79 | [pathComponents removeObjectAtIndex:0]; 80 | [pathComponents insertObject:@"/mobile" atIndex:0]; 81 | [pathComponents insertObject:@"/var" atIndex:0]; 82 | path = [NSString pathWithComponents:pathComponents]; 83 | } 84 | if([path hasPrefix:@"/private/"]) { 85 | if(![path isEqualToString:@"/private/"] && ![path hasPrefix:@"/private/etc"] && ![path hasPrefix:@"/private/system_data"] && ![path hasPrefix:@"/private/var"] && ![path hasPrefix:@"/private/xarts"]) { 86 | return false; 87 | } 88 | } 89 | if([path hasPrefix:@"/private/var"] || [path hasPrefix:@"/private/etc"] || [path hasPrefix:@"/var/tmp"]) { 90 | NSMutableArray *pathComponents = [NSMutableArray arrayWithArray:[path pathComponents]]; 91 | [pathComponents removeObjectAtIndex:1]; 92 | path = [NSString pathWithComponents:pathComponents]; 93 | } 94 | if([path containsString:@"ABypass"] || [path containsString:@"ABPattern"] || [path containsString:@"AutoTouch"] || [path containsString:@"flyjb"] || [path containsString:@"Flex.plist"]) { 95 | // HBLogError(@"[ABPattern] 아니 뭐하세요..?? %@ %@", path, [NSThread callStackSymbols]); 96 | return false; 97 | } 98 | if([path isEqualToString:@"/dev/null"] || [path isEqualToString:@"/sbin/launchd"]) return true; 99 | if([path isEqualToString:@"/sbin/mount"] && index == 30001) return true; 100 | if([path isEqualToString:@"/sbin/mount"]) return false; 101 | if([path isEqualToString:@"/Applications"] || [path isEqualToString:@"/Applications/"] || [path isEqualToString:@"/usr/lib/"] || [path hasPrefix:@"/usr/lib/libobjc"] || [path containsString:@"libobjc"] || [path containsString:@"DSTK_DO_LOG"] || [path hasPrefix:@"/usr/lib/system"]) return true; 102 | if([path containsString:@"liberty"] || [path containsString:@"jailprotect"] || [path containsString:@"tsprotector"] || [path containsString:@"kernbypass"] || [path containsString:@"vnodebypass"]) return false; 103 | if([path containsString:@"AppList"] || [path containsString:@"PreferenceLoader"] || [path containsString:@"SnowBoard"] || [path containsString:@"Snowboard"] || [path containsString:@"iCleaner"]) return false; 104 | if([path hasSuffix:@"xargs"] || [path hasSuffix:@"unzip2"] || [path hasSuffix:@"libsubstrate.dylib"] || [path hasSuffix:@"substrate.h"] || [path hasSuffix:@"recache"]) return false; 105 | if(([path hasPrefix:@"/Library/MobileSubstrate/"] || [path hasPrefix:@"/usr/lib/TweakInject/"]) && ([path hasSuffix:@".dylib"] || [path hasSuffix:@".plist"]) && !isLibHooker) { 106 | if([path isEqualToString:@"/Library/MobileSubstrate/MobileSubstrate.dylib"]) return false; 107 | #ifdef DEBUG 108 | HBLogError(@"ABPattern Requesting Tweak File %@ %d", path, index); 109 | #endif 110 | if(!o[path]) { 111 | o[path] = @1; 112 | return true; 113 | } else if([o[path] isEqual:@1]) { 114 | o[path] = @2; 115 | return true; 116 | } else { 117 | return false; 118 | } 119 | } 120 | for(NSString *search in z) { 121 | if([path hasPrefix:search]) { 122 | #ifdef DEBUG 123 | HBLogError(@"ABPattern Threat Detected %@, %@, %d", path, search, index); 124 | #endif 125 | return false; 126 | } 127 | } 128 | #ifdef DEBUG 129 | if(![path containsString:@"/System"] && ![path containsString:@"/var/mobile/Containers/Data"] && ![path containsString:@"/var/containers/Bundle/Application/"] && ![path isEqualToString:@"/"]) HBLogError(@"ABPattern Detection Fail %@ %d", path, index); 130 | #endif 131 | return true; 132 | } 133 | -(BOOL)k:(NSURL *)url { 134 | return [self c:[url absoluteString]]; 135 | } 136 | 137 | -(BOOL)i:(NSString *)name { 138 | if([name hasPrefix:@"/Library/Frameworks"] 139 | || [name hasPrefix:@"/Library/Caches"] 140 | || [name hasPrefix:@"/Library/MobileSubstrate"] 141 | || [name hasPrefix:@"/usr/lib/tweaks"] 142 | || [name hasPrefix:@"/usr/lib/TweakInject"] 143 | || [name hasPrefix:@"/var/containers/Bundle/tweaksupport"] 144 | || [name hasPrefix:@"/var/containers/Bundle/dylibs"] 145 | || [name containsString:@"ubstrate"] 146 | || [name containsString:@"substrate"] 147 | || [name containsString:@"substitute"] 148 | || [name containsString:@"Substitrate"] 149 | || [name containsString:@"TweakInject"] 150 | || [name containsString:@"jailbreak"] 151 | || [name containsString:@"cycript"] 152 | || [name containsString:@"SBInject"] 153 | || [name containsString:@"pspawn"] 154 | || [name containsString:@"rocketbootstrap"] 155 | || [name containsString:@"libCS"] 156 | || [name containsString:@"libjailbreak"] 157 | || [name containsString:@"cynject"] 158 | || [name containsString:@"frida"] 159 | || [name containsString:@"Frida"] 160 | || [name containsString:@"libhooker"] 161 | || [name containsString:@"mryipc"] 162 | || [name containsString:@"ABLicense"] 163 | || [name containsString:@"Cephei"] 164 | || [name containsString:@"SnowBoard"] 165 | || [name containsString:@"ABypass"] 166 | || [name containsString:@"bfdecrypt"]) return YES; 167 | // if(![name isAbsolutePath]) name = [NSString stringWithFormat:@"/usr/lib/lib%@.dylib", name]; 168 | // if(![self c:name]) return YES; 169 | return NO; 170 | } 171 | -(BOOL)ozd:(NSString *)name { 172 | if ([name containsString:@"substrate"] || 173 | [name containsString:@"abdyld"] || 174 | [name containsString:@"bawappie"] || 175 | [name containsString:@"substitute"] || 176 | [name containsString:@"substitrate"] || 177 | [name containsString:@"cephei"] || 178 | [name containsString:@"rocketbootstrap"] || 179 | [name containsString:@"tweakinject"] || 180 | [name containsString:@"jailbreak"] || 181 | [name containsString:@"cycript"] || 182 | [name containsString:@"pspawn"] || 183 | [name containsString:@"libcolorpicker"] || 184 | [name containsString:@"libcs"] || 185 | [name containsString:@"bfdecrypt"] || 186 | [name containsString:@"sbinject"] || 187 | [name containsString:@"dobby"] || 188 | [name containsString:@"libhooker"] || 189 | [name containsString:@"snowboard"] || 190 | [name containsString:@"libblackjack"] || 191 | // [name containsString:@"libobjc-trampolines"] || 192 | [name containsString:@"cephei"] || 193 | [name containsString:@"libmryipc"] || 194 | [name containsString:@"libactivator"] || 195 | [name containsString:@"blackjack"] || 196 | [name containsString:@"alderis"]) { 197 | return true; 198 | } else return false; 199 | } 200 | 201 | - (NSString *)re:(NSString *)path { 202 | NSDictionary *links = [m copy]; 203 | 204 | for(NSString *key in links) { 205 | if([path hasPrefix:key]) { 206 | NSString *value = links[key]; 207 | if([key isEqualToString:@"/"]) { 208 | path = [value stringByAppendingPathComponent:path]; 209 | } else { 210 | path = [path stringByReplacingOccurrencesOfString:key withString:value]; 211 | } 212 | break; 213 | } 214 | } 215 | 216 | return path; 217 | } 218 | // 페이크 끝 219 | 220 | -(NSError *)er { 221 | NSDictionary *userInfo = @{ 222 | NSLocalizedDescriptionKey: @"Operation was unsuccessful.", 223 | NSLocalizedFailureReasonErrorKey: @"Object does not exist.", 224 | NSLocalizedRecoverySuggestionErrorKey: @"Don't access this again" 225 | }; 226 | 227 | NSError *error = [NSError errorWithDomain:NSCocoaErrorDomain code:NSFileNoSuchFileError userInfo:userInfo]; 228 | return error; 229 | } 230 | 231 | 232 | @end 233 | @implementation ABPatternObject 234 | // ASML 235 | - (id)objectForKeyedSubscript:(id)key { 236 | return [@"겨우 이걸로 막을라고?" dataUsingEncoding:NSUTF8StringEncoding]; 237 | } 238 | - (id)valueForUndefinedKey:(id)key { 239 | return [@"겨우 이걸로 막을라고?" dataUsingEncoding:NSUTF8StringEncoding]; 240 | } 241 | @end 242 | -------------------------------------------------------------------------------- /abypassloader/ABypassLoader.plist: -------------------------------------------------------------------------------- 1 | { Filter = { Bundles = ( "com.apple.springboard" ); }; } 2 | -------------------------------------------------------------------------------- /abypassloader/DYLDSaver.xm: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #import 15 | #import "ABPattern.h" 16 | 17 | uint32_t dyldCount = 0; 18 | char **dyldNames = 0; 19 | struct mach_header **dyldHeaders = 0; 20 | intptr_t *dyldSlides = 0; 21 | 22 | 23 | static uint32_t (*orig_dyld_image_count)(); 24 | static uint32_t hook_dyld_image_count() { 25 | return dyldCount; 26 | } 27 | static const char *(*orig_dyld_get_image_name)(uint32_t image_index); 28 | static const char *hook_dyld_get_image_name(uint32_t image_index) { 29 | return dyldNames[image_index]; 30 | } 31 | static struct mach_header *(*orig_dyld_get_image_header)(uint32_t image_index); 32 | static struct mach_header *hook_dyld_get_image_header(uint32_t image_index) { 33 | return dyldHeaders[image_index]; 34 | } 35 | static intptr_t (*orig_dyld_get_image_vmaddr_slide)(uint32_t image_index); 36 | static intptr_t hook_dyld_get_image_vmaddr_slide(uint32_t image_index) { 37 | return dyldSlides[image_index]; 38 | } 39 | 40 | 41 | void syncDyldArray() { 42 | uint32_t count = orig_dyld_image_count(); 43 | uint32_t counter = 0; 44 | //NSLog(@"[FlyJB] There are %u images", count); 45 | dyldNames = (char **) calloc(count, sizeof(char **)); 46 | dyldHeaders = (struct mach_header **) calloc(count, sizeof(struct mach_header **)); 47 | dyldSlides = (intptr_t *) calloc(count, sizeof(intptr_t *)); 48 | for (int i = 0; i < count; i++) { 49 | const char *charName = orig_dyld_get_image_name(i); 50 | if (!charName) { 51 | continue; 52 | } 53 | NSString *name = [NSString stringWithUTF8String: charName]; 54 | if (!name) { 55 | continue; 56 | } 57 | NSString *lower = [name lowercaseString]; 58 | if ([[ABPattern sharedInstance] ozd:lower]) { 59 | // HBLogError(@"[ABPattern] BYPASSED dyld = %@", name); 60 | // if([lower containsString:@"eversafe"]) HBLogError(@"[ABPattern] Eversafe? %@", lower); 61 | continue; 62 | } 63 | uint32_t idx = counter++; 64 | dyldNames[idx] = strdup(charName); 65 | dyldHeaders[idx] = (struct mach_header *) orig_dyld_get_image_header(i); 66 | dyldSlides[idx] = orig_dyld_get_image_vmaddr_slide(i); 67 | } 68 | dyldCount = counter; 69 | } 70 | 71 | void add_binary_image(const struct mach_header *header, intptr_t slide) { 72 | Dl_info DlInfo; 73 | dladdr(header, &DlInfo); 74 | const char* image_name = DlInfo.dli_fname; 75 | if([[@(image_name) lowercaseString] containsString:@"eversafe"]) { 76 | // HBLogError(@"[ABPattern] Eversafe일까? %s", image_name); 77 | syncDyldArray(); 78 | } 79 | } 80 | 81 | // %group DYLDSaver 82 | // %hookf(uint32_t, _dyld_image_count) { 83 | // return dyldCount; 84 | // } 85 | // %hookf(const char *, _dyld_get_image_name, uint32_t image_index) { 86 | // return dyldNames[image_index]; 87 | // } 88 | // %hookf(struct mach_header *, _dyld_get_image_header, uint32_t image_index) { 89 | // return dyldHeaders[image_index]; 90 | // } 91 | // %hookf(intptr_t, _dyld_get_image_vmaddr_slide, uint32_t image_index) { 92 | // return dyldSlides[image_index]; 93 | // } 94 | // %end 95 | 96 | void DYLDSaver() { 97 | MSHookFunction((void *)_dyld_image_count, (void *)hook_dyld_image_count, (void **)&orig_dyld_image_count); 98 | MSHookFunction((void *)_dyld_get_image_name, (void *)hook_dyld_get_image_name, (void **)&orig_dyld_get_image_name); 99 | MSHookFunction((void *)_dyld_get_image_header, (void *)hook_dyld_get_image_header, (void **)&orig_dyld_get_image_header); 100 | MSHookFunction((void *)_dyld_get_image_vmaddr_slide, (void *)hook_dyld_get_image_vmaddr_slide, (void **)&orig_dyld_get_image_vmaddr_slide); 101 | // %init(DYLDSaver); 102 | syncDyldArray(); 103 | _dyld_register_func_for_add_image(&add_binary_image); 104 | } -------------------------------------------------------------------------------- /abypassloader/ImagePatcher.h: -------------------------------------------------------------------------------- 1 | void findSegment(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *), int image_num); 2 | void findSegment(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *)); 3 | void findSegmentForDyldImage(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *)); 4 | uint8_t *findS(const uint8_t *target); 5 | uint8_t *findSA(const uint8_t *target); 6 | void findSegment2ForDyldImage(const uint64_t *target, const uint64_t *mask, const uint32_t target_len, void (*callback)(uint8_t *), int image_num); 7 | void findSegment2(const uint64_t *target, const uint64_t *mask, const uint32_t target_len, void (*callback)(uint8_t *)); 8 | bool patchCode(void *target, const void *data, size_t size); 9 | void removeSYS_access(); 10 | void removeSYS_access2(); 11 | void removeSYS_open(); 12 | void removeSYS_symlink(); 13 | void remove1(); 14 | void remove2(); 15 | void remove3(); 16 | void remove4(); 17 | void remove5(); 18 | void remove6(); 19 | void remove7(); 20 | void _hookSymbol(void *hook); 21 | void hookSymbol(const char *string); 22 | void hookSymbolWithDLSYM(const char *string); 23 | void hookSymbolWithDLSYMImage(const char *string, const char *image); 24 | void _hookSymbol0(void *hook); 25 | void hookSymbol0(const char *string); 26 | void hookSymbol0WithDLSYM(const char *string); 27 | void _hookSymbol1(void *hook); 28 | void hookSymbol1WithDLSYMImage(const char *string, const char *image); 29 | void hookSymbol1WithPrivateImage(const char *string, const char *image); 30 | void hookingSVC80(); 31 | void hookingSVC80_NC(); 32 | void hookingAccessSVC80(); -------------------------------------------------------------------------------- /abypassloader/ImagePatcher.xm: -------------------------------------------------------------------------------- 1 | #import 2 | #import 3 | #import 4 | #import 5 | #import 6 | #import 7 | #import 8 | #import 9 | #import 10 | #import 11 | #import 12 | #import 13 | #import 14 | #import 15 | #import 16 | #import 17 | #import 18 | #import 19 | #import 20 | #import 21 | #import 22 | #import 23 | #import 24 | #import 25 | #include 26 | #import "ABPattern.h" 27 | 28 | #ifdef DEBUG 29 | #define debugMsg(...) HBLogError(__VA_ARGS__) 30 | #else 31 | #define debugMsg(...) 32 | #endif 33 | 34 | int getImageIndex(NSString *imageName); 35 | bool patchData(uintptr_t offset, unsigned int data); 36 | 37 | uint8_t RET[] = { 38 | 0xC0, 0x03, 0x5F, 0xD6 //RET 39 | }; 40 | uint8_t RET0[] = { 41 | 0x00, 0x00, 0x80, 0xD2, //MOV X0, #0 42 | 0xC0, 0x03, 0x5F, 0xD6 //RET 43 | }; 44 | uint8_t RET1[] = { 45 | 0x20, 0x00, 0x80, 0xD2, //MOV X0, #1 46 | 0xC0, 0x03, 0x5F, 0xD6 //RET 47 | }; 48 | 49 | 50 | 51 | 52 | 53 | void findSegmentByImageNum(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *), int image_num) { 54 | const struct mach_header_64 *header = (const struct mach_header_64*) _dyld_get_image_header(image_num); 55 | const struct section_64 *executable_section = getsectbynamefromheader_64(header, "__TEXT", "__text"); 56 | 57 | uint8_t *start_address = (uint8_t *) ((intptr_t) header + executable_section->offset); 58 | uint8_t *end_address = (uint8_t *) (start_address + executable_section->size); 59 | 60 | uint8_t *current = start_address; 61 | uint32_t index = 0; 62 | 63 | uint8_t current_target = 0; 64 | 65 | while (current < end_address) { 66 | current_target = target[index]; 67 | 68 | if (current_target == *current++ || current_target == 0xFF) index++; 69 | else index = 0; 70 | 71 | if (index == target_len) { 72 | index = 0; 73 | callback(current - target_len); 74 | } 75 | } 76 | } 77 | 78 | void findSegment(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *)) { 79 | findSegmentByImageNum(target, target_len, callback, 0); 80 | } 81 | 82 | void findSegmentForDyldImage(const uint8_t *target, const uint32_t target_len, void (*callback)(uint8_t *)) { 83 | uint32_t count = _dyld_image_count(); 84 | Dl_info dylib_info; 85 | for(uint32_t i = 0; i < count; i++) { 86 | dladdr(_dyld_get_image_header(i), &dylib_info); 87 | NSString *detectedDyld = [NSString stringWithUTF8String:dylib_info.dli_fname]; 88 | if([detectedDyld containsString:@"/var"]) { 89 | debugMsg(@"[ABZZ] We'll hooking %s! haha!", dylib_info.dli_fname); 90 | findSegmentByImageNum(target, target_len, callback, i); 91 | } 92 | } 93 | } 94 | 95 | uint8_t *findS(const uint8_t *target) { 96 | const struct mach_header_64 *header = (const struct mach_header_64*) _dyld_get_image_header(0); 97 | const struct section_64 *executable_section = getsectbynamefromheader_64(header, "__TEXT", "__text"); 98 | uint32_t *start = (uint32_t *) ((intptr_t) header + executable_section->offset); 99 | 100 | uint32_t *current = (uint32_t *)target; 101 | 102 | for (; current >= start; current--) { 103 | uint32_t op = *current; 104 | 105 | if ((op & 0xFFC003FF) == 0x910003FD) { 106 | unsigned delta = (op >> 10) & 0xFFF; 107 | if ((delta & 0xF) == 0) { 108 | uint8_t *prev = (uint8_t *)current - ((delta >> 4) + 1) * 4; 109 | if ((*(uint32_t *)prev & 0xFFC003E0) == 0xA98003E0 110 | || (*(uint32_t *)prev & 0xFFC003E0) == 0x6D8003E0 111 | || (*(uint32_t *)prev & 0xFFC003E0) == 0xD10003E0) { //STP x, y, [SP,#-imm]! 112 | return prev; 113 | } 114 | } 115 | } 116 | } 117 | 118 | return (uint8_t *)target; 119 | } 120 | 121 | bool isSTP(uint32_t op) { 122 | return ((op & 0xFFC003E0) == 0xA98003E0 123 | || (op & 0xFFC003E0) == 0xA90003E0 124 | || (op & 0xFFC003E0) == 0x6D8003E0 125 | || (op & 0xFFC003E0) == 0xD10003E0 126 | ); 127 | } 128 | 129 | uint8_t *findSA(const uint8_t *target) { 130 | const struct mach_header_64 *header = (const struct mach_header_64*) _dyld_get_image_header(0); 131 | const struct section_64 *executable_section = getsectbynamefromheader_64(header, "__TEXT", "__text"); 132 | uint32_t *start = (uint32_t *) ((intptr_t) header + executable_section->offset); 133 | 134 | uint32_t *current = (uint32_t *)target; 135 | 136 | for(; current >= start; current -= 1) { 137 | uint32_t op = *current; 138 | if (isSTP(op)) { 139 | uint8_t *next = (uint8_t *)(current-1); 140 | if(isSTP(*(uint32_t *)next)) continue; 141 | return (uint8_t *)current; 142 | } 143 | } 144 | 145 | return (uint8_t *)target; 146 | } 147 | 148 | void findSegment2ForDyldImage(const uint64_t *target, const uint64_t *mask, const uint32_t target_len, void (*callback)(uint8_t *), int image_num) { 149 | const struct mach_header_64 *header = (const struct mach_header_64*) _dyld_get_image_header(image_num); 150 | const struct section_64 *executable_section = getsectbynamefromheader_64(header, "__TEXT", "__text"); 151 | 152 | uint64_t *start_address = (uint64_t *) ((intptr_t) header + executable_section->offset); 153 | uint64_t *end_address = (uint64_t *) (start_address + executable_section->size); 154 | 155 | uint32_t *current = (uint32_t *)start_address; 156 | uint32_t index = 0; 157 | 158 | uint32_t current_target = 0; 159 | 160 | while (start_address < end_address) { 161 | current_target = target[index]; 162 | if (current_target == (*current++ & mask[index])) index++; 163 | else index = 0; 164 | if (index == target_len) { 165 | index = 0; 166 | callback((uint8_t *)(current - target_len)); 167 | // debugMsg(@"[ABASM] findSegment2 is worked! %s", _dyld_get_image_name(image_num)); 168 | } 169 | start_address+=0x4; 170 | } 171 | } 172 | 173 | void findSegment2(const uint64_t *target, const uint64_t *mask, const uint32_t target_len, void (*callback)(uint8_t *)) { 174 | uint32_t count = _dyld_image_count(); 175 | Dl_info dylib_info; 176 | for(uint32_t i = 0; i < count; i++) { 177 | dladdr(_dyld_get_image_header(i), &dylib_info); 178 | NSString *detectedDyld = [NSString stringWithUTF8String:dylib_info.dli_fname]; 179 | if([detectedDyld containsString:@"/var"]) { 180 | debugMsg(@"[ABZZ] We'll hooking %s! haha!", dylib_info.dli_fname); 181 | findSegment2ForDyldImage(target, mask, target_len, callback, i); 182 | } 183 | } 184 | } 185 | 186 | bool patchCode(void *target, const void *data, size_t size) { 187 | @try { 188 | kern_return_t err; 189 | mach_port_t port = mach_task_self(); 190 | vm_address_t address = (vm_address_t) target; 191 | 192 | err = vm_protect(port, address, size, false, VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY); 193 | if (err != KERN_SUCCESS) return false; 194 | 195 | err = vm_write(port, address, (vm_address_t) data, size); 196 | if (err != KERN_SUCCESS) return false; 197 | 198 | err = vm_protect(port, address, size, false, VM_PROT_READ | VM_PROT_EXECUTE); 199 | if (err != KERN_SUCCESS) return false; 200 | } @catch(NSException *e) { 201 | debugMsg(@"[ABASM] ABASM Patcher has crashed. Aborting patch.. (%p)", target); 202 | return false; 203 | } 204 | 205 | return true; 206 | } 207 | 208 | 209 | 210 | 211 | void patchSVC70(uint8_t* match) { 212 | patchCode(findSA(match), RET0, sizeof(RET0)); 213 | debugMsg(@"[ABASM] A-Bypass found the malware and removed it. (SVC70: %p)", match); 214 | } 215 | 216 | void removeSVC70() { 217 | const uint8_t target[] = { 218 | 0x01, 0x10, 0x00, 0xD4, // SVC 0x80 219 | }; 220 | debugMsg(@"[ABASM] Starting malware detection. (SVC70)"); 221 | findSegment(target, sizeof(target), &patchSVC70); 222 | } 223 | 224 | 225 | void patchSYS_access(uint8_t* match) { 226 | uint8_t patch[] = { 227 | 0x40, 0x00, 0x80, 0xD2 // MOV X16, #2 228 | }; 229 | patchCode(match+4, patch, sizeof(patch)); 230 | debugMsg(@"[ABASM] A-Bypass found the malware and removed it. (SYS_access: %p)", match); 231 | } 232 | 233 | void removeSYS_access() { 234 | const uint8_t target[] = { 235 | 0x30, 0x04, 0x80, 0xD2, // MOV X16, #0x21 236 | 0x01, 0x10, 0x00, 0xD4, // SVC 0x80 237 | }; 238 | debugMsg(@"[ABASM] Starting malware detection. (SYS_access)"); 239 | findSegment(target, sizeof(target), &patchSYS_access); 240 | } 241 | 242 | void patchSYS_access2(uint8_t* match) { 243 | uint8_t patch[] = { 244 | 0xB0, 0x00, 0x80, 0xD2, //MOV X16, #21 245 | 0x1F, 0x20, 0x03, 0xD5, //NOP 246 | 0x1F, 0x20, 0x03, 0xD5, //NOP 247 | 0x1F, 0x20, 0x03, 0xD5, //NOP 248 | 0x40, 0x00, 0x80, 0x52 //MOV X0, #2 249 | }; 250 | patchCode(match+4, patch, sizeof(patch)); 251 | debugMsg(@"[ABASM] A-Bypass found the malware and removed it. (SYS_access: %p)", match); 252 | } 253 | 254 | void removeSYS_access2() { 255 | const uint8_t target[] = { 256 | 0x30, 0x04, 0x80, 0xD2, //MOV X16, #21 257 | 0x1F, 0x20, 0x03, 0xD5, //NOP 258 | 0x1F, 0x20, 0x03, 0xD5, //NOP 259 | 0x1F, 0x20, 0x03, 0xD5, //NOP 260 | 0x01, 0x10, 0x00, 0xD4 //SVC #0x80 261 | }; 262 | debugMsg(@"[ABASM] Starting malware detection. (SYS_access)"); 263 | findSegment(target, sizeof(target), &patchSYS_access2); 264 | } 265 | 266 | void patchSYS_open(uint8_t* match) { 267 | uint8_t patch[] = { 268 | 0x40, 0x00, 0x80, 0xD2 // MOV X16, #2 269 | }; 270 | patchCode(match+4, patch, sizeof(patch)); 271 | debugMsg(@"[ABASM] A-Bypass found the malware and removed it. (SYS_open: %p)", match); 272 | } 273 | 274 | void removeSYS_open() { 275 | const uint8_t target[] = { 276 | 0xB0, 0x04, 0x80, 0xD2, // MOV X16, #5 277 | 0x01, 0x10, 0x00, 0xD4 // SVC 0x80 278 | }; 279 | const uint8_t target2[] = { 280 | 0xF0, 0x07, 0x40, 0xF9, // ldr x16, [sp, #0x30 + var_28] 281 | 0x01, 0x10, 0x00, 0xD4 // SVC 0x80 282 | }; 283 | const uint8_t target3[] = { 284 | 0xB0, 0x04, 0x80, 0xD2, // movz x16, #0x5 285 | 0x01, 0x10, 0x00, 0xD4 // SVC 0x80 286 | }; 287 | debugMsg(@"[ABASM] Starting malware detection. (SYS_open)"); 288 | findSegment(target, sizeof(target), &patchSYS_open); 289 | findSegment(target2, sizeof(target2), &patchSYS_open); 290 | findSegment(target3, sizeof(target3), &patchSYS_open); 291 | } 292 | 293 | void patchSYS_symlink(uint8_t* match) { 294 | uint8_t patch[] = { 295 | 0x40, 0x00, 0x80, 0xD2 // MOV X16, #2 296 | }; 297 | patchCode(match+4, patch, sizeof(patch)); 298 | debugMsg(@"[ABASM] A-Bypass found the malware and removed it. (SYS_symlink: %p)", match); 299 | } 300 | 301 | void removeSYS_symlink() { 302 | const uint8_t target[] = { 303 | 0x30, 0x07, 0x80, 0xD2, // MOV X16, #57 304 | 0x01, 0x10, 0x00, 0xD4 // SVC 0x80 305 | }; 306 | debugMsg(@"[ABASM] Starting malware detection. (SYS_symlink)"); 307 | findSegment(target, sizeof(target), &patchSYS_symlink); 308 | } 309 | 310 | 311 | 312 | 313 | void patchCrazyRET(uint8_t* match) { 314 | patchCode(findS(match), RET0, sizeof(RET0)); 315 | } 316 | 317 | void removeCrazyRET(NSString *imageName) { 318 | const uint8_t target[] = { 319 | 0xC0, 0x03, 0x5F, 0xD6 // RET 320 | }; 321 | findSegmentByImageNum(target, sizeof(target), &patchSYS_symlink, getImageIndex(imageName)); 322 | } 323 | 324 | 325 | 326 | 327 | 328 | // iXGuard 329 | void patch1(uint8_t* match) { 330 | patchCode(findS(match), RET, sizeof(RET)); 331 | patchCode(findSA(match), RET, sizeof(RET)); 332 | debugMsg(@"[ABASM] patched or1: %p", match - _dyld_get_image_vmaddr_slide(0)); 333 | debugMsg(@"[ABASM] patched r1: %p", findS(match) - _dyld_get_image_vmaddr_slide(0)); 334 | debugMsg(@"[ABASM] patched r1 SA: %p", findSA(match) - _dyld_get_image_vmaddr_slide(0)); 335 | } 336 | void remove1() { 337 | const uint64_t target[] = { 338 | 0x7100041F, // CMP wN, #1 339 | 0xF9000000, // STR x*, [x*] 340 | 0x540000A1, // B.NE #0x14 341 | 0xF9400000 // LDR x*, [x*, ...] 342 | }; 343 | 344 | const uint64_t mask[] = { 345 | 0xFFFFFC1F, 346 | 0xFF000000, 347 | 0xFFFFFFFF, 348 | 0xFFC00000 349 | }; 350 | 351 | findSegment2(target, mask, sizeof(target)/sizeof(uint64_t), &patch1); 352 | debugMsg(@"[ABASM] S: r1"); 353 | } 354 | // LxShields 355 | void patch2(uint8_t* match) { 356 | patchCode(findS(match), RET, sizeof(RET)); 357 | } 358 | void patch2_1(uint8_t* match) { 359 | patchCode(findSA(match), RET0, sizeof(RET0)); 360 | // debugMsg(@"[ABASM] patched r2-1: %p", match - _dyld_get_image_vmaddr_slide(0)); 361 | // debugMsg(@"[ABASM] patched ret r2-1: %p", findSA(match) - _dyld_get_image_vmaddr_slide(0)); 362 | } 363 | void remove2() { 364 | const uint8_t target[] = { 365 | 0xFD, 0x83, 0x01, 0x91, 366 | 0xFF, 0x03, 0x15, 0xD1, 367 | 0xA8, 0x43, 0x08, 0xD1 368 | }; 369 | findSegment(target, sizeof(target), &patch2); 370 | 371 | const uint8_t target2[] = { //v2 ~ v4 372 | 0x00, 0x40, 0x62, 0x1E, 373 | 0x00, 0x20, 0x28, 0x1E, 374 | 0xE8, 0x57, 0x9F, 0x1A 375 | }; 376 | findSegment(target2, sizeof(target2), &patch2); 377 | 378 | // 탈옥 감지 결과 조회 379 | // Paycoin: -[Global checkLxShield:] 380 | // SKT PASS: -[SplashViewController lxShieldCheck] 381 | const uint8_t target3[] = { 382 | 0x39, 0x01, 0x36, 0x0A, 383 | 0xC9, 0x02, 0x29, 0x0A, 384 | 0x29, 0x03, 0x09, 0x2A, 385 | 0x59, 0x00, 0x36, 0x0A, 386 | 0xC2, 0x02, 0x22, 0x0A, 387 | 0x22, 0x03, 0x02, 0x2A, 388 | }; 389 | findSegment(target3, sizeof(target3), &patch2_1); 390 | 391 | // Paycoin: -[Global checkLxShield:] (1.1.19) 392 | // 미래에셋PAY (0.2021.11) 393 | const uint8_t target4[] = { 394 | 0xF8, 0x03, 0x40, 0xB9, 395 | 0xF8, 0x0B, 0x00, 0xB9, 396 | 0xF8, 0x0B, 0x40, 0xB9, 397 | 0x1F, 0x03, 0x0A, 0x6B, 398 | }; 399 | findSegment(target4, sizeof(target4), &patch2_1); 400 | } 401 | // AppSolid Legacy 402 | void patch3(uint8_t* match) { 403 | uint8_t patch[] = { 404 | 0x1F, 0x20, 0x03, 0xD5 405 | }; 406 | patchCode(match-0x2C, patch, sizeof(patch)); 407 | } 408 | void remove3() { 409 | const uint8_t target[] = { 410 | 0x2B, 0x81, 0x00, 0x91, 411 | 0x29, 0xA1, 0x00, 0x91, 412 | 0xE0, 0x03, 0x08, 0xAA 413 | }; 414 | findSegment(target, sizeof(target), &patch3); 415 | } 416 | // AppSolid NEW 417 | void patch4(uint8_t* match) { 418 | patchCode(match, RET, sizeof(RET)); 419 | } 420 | void remove4() { 421 | const uint8_t target[] = { 422 | 0x08, 0x00, 0x80, 0xD2, 423 | 0xE0, 0x03, 0x08, 0xAA, 424 | 0x01, 0x80, 0x9C, 0xD2 425 | }; 426 | findSegment(target, sizeof(target), &patch4); 427 | } 428 | // AppSolid NEW 429 | void patch5(uint8_t* match) { 430 | patchCode(match, RET, sizeof(RET)); 431 | } 432 | void remove5() { 433 | const uint8_t target[] = { 434 | 0xFD, 0x83, 0x01, 0x91, 435 | 0xFF, 0x03, 0x16, 0xD1, 436 | 0xA8, 0x83, 0x08, 0xD1 437 | }; 438 | findSegment(target, sizeof(target), &patch5); 439 | } 440 | 441 | // ixShield 442 | struct ix_detected_pattern { 443 | char resultCode[12]; 444 | char object[128]; 445 | char description[128]; 446 | }; 447 | 448 | struct ix_detected_pattern_list_gamehack { 449 | struct ix_detected_pattern *pattern; 450 | int listCount; 451 | }; 452 | 453 | struct ix_verify_info { 454 | char verify_result[12]; 455 | char verify_data[2048]; 456 | }; 457 | 458 | int (*orig_ix_sysCheckStart)(struct ix_detected_pattern **p_info); 459 | int hook_ix_sysCheckStart(struct ix_detected_pattern **p_info) { 460 | // orig_ix_sysCheckStart(p_info); 461 | // HBLogError(@"[ABZZ] %s", (*p_info)->resultCode); 462 | struct ix_detected_pattern *patternInfo = (struct ix_detected_pattern*)malloc(sizeof(struct ix_detected_pattern)); 463 | strcpy(patternInfo->resultCode, "0000"); 464 | strcpy(patternInfo->object, "SYSTEM_OK"); 465 | strcpy(patternInfo->description, "SYSTEM_OK"); 466 | *p_info = patternInfo; 467 | return 1; 468 | } 469 | 470 | int (*orig_ix_sysCheck_gamehack)(struct ix_detected_pattern **p_info, struct ix_detected_pattern_list_gamehack **p_list_gamehack); 471 | int hook_ix_sysCheck_gamehack(struct ix_detected_pattern **p_info, struct ix_detected_pattern_list_gamehack **p_list_gamehack) { 472 | struct ix_detected_pattern *patternInfo = (struct ix_detected_pattern*)malloc(sizeof(struct ix_detected_pattern)); 473 | struct ix_detected_pattern_list_gamehack *patternList = (struct ix_detected_pattern_list_gamehack*)malloc(sizeof(struct ix_detected_pattern_list_gamehack)); 474 | 475 | strcpy(patternInfo->resultCode, "0000"); 476 | strcpy(patternInfo->object, "SYSTEM_OK"); 477 | strcpy(patternInfo->description, "SYSTEM_OK"); 478 | patternList->listCount = 0; 479 | 480 | *p_info = patternInfo; 481 | *p_list_gamehack = patternList; 482 | 483 | return 1; 484 | } 485 | 486 | int (*orig_ix_sysCheck_integrity)(void **arg1, struct ix_verify_info *p_integrity_info); 487 | int hook_ix_sysCheck_integrity(void **arg1, struct ix_verify_info *p_integrity_info) { 488 | strcpy(p_integrity_info->verify_result, "VERIFY_SUCC"); 489 | strcpy(p_integrity_info->verify_data, ""); 490 | return 1; 491 | } 492 | 493 | void patch6(uint8_t* match) { 494 | MSHookFunction((void *)findS(match), (void *)hook_ix_sysCheckStart, (void **)&orig_ix_sysCheckStart); 495 | debugMsg(@"[ABASM] finded6 %p", match-_dyld_get_image_vmaddr_slide(0)); 496 | } 497 | void patch6_1(uint8_t* match) { 498 | MSHookFunction((void *)findS(match), (void *)hook_ix_sysCheck_gamehack, (void **)&orig_ix_sysCheck_gamehack); 499 | debugMsg(@"[ABASM] finded6_1 %p", match-_dyld_get_image_vmaddr_slide(0)); 500 | } 501 | void patch6_2(uint8_t* match) { 502 | MSHookFunction((void *)findS(match), (void *)hook_ix_sysCheck_integrity, (void **)&orig_ix_sysCheck_integrity); 503 | debugMsg(@"[ABASM] finded6_2 %p", match-_dyld_get_image_vmaddr_slide(0)); 504 | } 505 | void patch6_3(uint8_t* match) { 506 | patchCode(findS(match), RET, sizeof(RET)); 507 | debugMsg(@"[ABASM] finded6_3 %p", match-_dyld_get_image_vmaddr_slide(0)); 508 | } 509 | 510 | void remove6() { 511 | const uint64_t ix_sysCheckStart_target[] = { 512 | 0x37000AAA, // TBNZ w10, #0, #0x154 513 | 0x4A090108, // EOR w8, w8, w9 514 | 0x37000A68 // TBNZ w8, #0, #0x154 515 | }; 516 | 517 | const uint64_t ix_sysCheckStart_mask[] = { 518 | 0xFFFFFFFF, 519 | 0xFFFFFFFF, 520 | 0xFFFFFFFF 521 | }; 522 | 523 | findSegment2(ix_sysCheckStart_target, ix_sysCheckStart_mask, sizeof(ix_sysCheckStart_target)/sizeof(uint64_t), &patch6); 524 | 525 | const uint64_t ix_sysCheck_gamehack_target[] = { 526 | 0x90000000, // ADRP 527 | 0x90000000, // ADD 528 | 0x88DFFD08, // LDAR w8, [x8] 529 | 0x35015B68 // CBNZ w8, loc_100467eac 530 | }; 531 | 532 | const uint64_t ix_sysCheck_gamehack_mask[] = { 533 | 0x9F000000, 534 | 0x90000000, 535 | 0xFFFFFFFF, 536 | 0xFFFFFFFF 537 | }; 538 | 539 | findSegment2(ix_sysCheck_gamehack_target, ix_sysCheck_gamehack_mask, sizeof(ix_sysCheck_gamehack_target)/sizeof(uint64_t), &patch6_1); 540 | 541 | const uint64_t ix_sysCheckStart_target2[] = { 542 | 0x90000000, // ADRP 543 | 0x90000000, // ADD 544 | 0x88DFFD08, // LDAR w8, [x8] 545 | 0xF81903A0, // STUR x0, [x29, var_70] 546 | 0x35016CA8 // CBNZ w8, loc_* 547 | }; 548 | 549 | const uint64_t ix_sysCheckStart_target2_2[] = { 550 | 0x90000000, // ADRP 551 | 0x90000000, // ADD 552 | 0x88DFFD08, // LDAR w8, [x8] 553 | 0xF81903A0, // STUR x0, [x29, var_70] 554 | 0x35016C28 // CBNZ w8, loc_* 555 | }; 556 | 557 | const uint64_t ix_sysCheckStart_mask2[] = { 558 | 0x9F000000, 559 | 0x90000000, 560 | 0xFFFFFFFF, 561 | 0xFFFFFFFF, 562 | 0xFFFFFFFF 563 | }; 564 | 565 | const uint64_t ix_sysCheckStart_target3[] = { 566 | // 0x910C394A, // add x10, x10 567 | 0xA93903A8, // stp x8, x0, [x29, var_70] 568 | 0xF81883AA, // stur x10, [x29, var_78] 569 | 0x35050E49 // cbnz w9, loc_1009e4994 570 | }; 571 | 572 | const uint64_t ix_sysCheckStart_mask3[] = { 573 | // 0xFFFFFFFF, 574 | 0xFFFFFFFF, 575 | 0xFFFFFFFF, 576 | 0xFFFFFFFF 577 | }; 578 | 579 | findSegment2(ix_sysCheckStart_target2, ix_sysCheckStart_mask2, sizeof(ix_sysCheckStart_target2)/sizeof(uint64_t), &patch6); 580 | findSegment2(ix_sysCheckStart_target2_2, ix_sysCheckStart_mask2, sizeof(ix_sysCheckStart_target2)/sizeof(uint64_t), &patch6); 581 | findSegment2(ix_sysCheckStart_target3, ix_sysCheckStart_mask3, sizeof(ix_sysCheckStart_target3)/sizeof(uint64_t), &patch6); 582 | 583 | const uint8_t ix_sysCheckIntegrity[] = { 584 | 0x4A, 0xB1, 0x33, 0x91, // add x10, x10, #0xcec 585 | 0xA0, 0x07, 0x39, 0xA9, // stp x0, x1, [x29, var_70] 586 | 0xAA, 0x23, 0x38, 0xA9, // stp x10, x8, [x29, var_80] 587 | 0x49, 0xF5, 0x01, 0x35 // cbnz w9, loc_100c1e428 588 | }; 589 | findSegment(ix_sysCheckIntegrity, sizeof(ix_sysCheckIntegrity), &patch6_2); 590 | 591 | const uint8_t ix_sysCheckInit[] = { 592 | 0x8C, 0x09, 0x14, 0x91, // add x12, x12, #0x502 593 | 0xAA, 0x23, 0x39, 0xA9, // stp x10, x8, [x29, var_70] 594 | 0xAC, 0x2F, 0x38, 0xA9, // stp x12, x11, [x29, var_80] 595 | 0x69, 0x6B, 0x00, 0x35 // cbnz w9, loc_10099a7d8 596 | }; 597 | findSegment(ix_sysCheckInit, sizeof(ix_sysCheckInit), &patch6_3); 598 | 599 | // 마이 케이티(6.4.2): -[MyKtIntroViewController checkRoutine] 600 | const uint64_t ix_sysCheckInit_Target_2[] = { 601 | 0x88DFFD09, // LDAR 602 | 0x90000000, // ADRP 603 | 0x90000000, // ADD 604 | 0xA93923AA, // STP 605 | 0x35013269 // CNBZ 606 | }; 607 | 608 | const uint64_t ix_sysCheckInit_Mask_2[] = { 609 | 0xFFFFFFFF, 610 | 0x9F000000, 611 | 0x90000000, 612 | 0xFFFFFFFF, 613 | 0xFFFFFFFF 614 | }; 615 | findSegment2(ix_sysCheckInit_Target_2, ix_sysCheckInit_Mask_2, sizeof(ix_sysCheckInit_Target_2)/sizeof(uint64_t), &patch6_3); 616 | } 617 | // AirArmor 618 | void patch7(uint8_t* match) { 619 | patchCode(findSA(match), RET0, sizeof(RET0)); 620 | debugMsg(@"[ABASM] patched or7: %p", match - _dyld_get_image_vmaddr_slide(0)); 621 | debugMsg(@"[ABASM] patched r7: %p", findS(match) - _dyld_get_image_vmaddr_slide(0)); 622 | debugMsg(@"[ABASM] patched r7 SA: %p", findSA(match) - _dyld_get_image_vmaddr_slide(0)); 623 | } 624 | void remove7() { 625 | const uint8_t target[] = { 626 | // [AirArmor][\xEC\xB4\x88\xEA\xB8\xB0\xED\x99\x94][\xEC\x8B\xA4\xED\x8C\xA8] result 627 | 0xFD, 0x83, 0x01, 0x91, 0xF4, 0x03, 0x01, 0xAA, 0x13, 0x40, 0x00, 0x91, 0xE1, 0x63, 0x00, 0x91, 0xE0, 0x03, 0x13, 0xAA, 0x02, 0x00, 0x80, 0xD2, 0x03, 0x00, 0x80, 0xD2 628 | }; 629 | findSegment(target, sizeof(target), &patch7); 630 | } 631 | 632 | 633 | 634 | 635 | void (*orig)(void); 636 | void repl(void) { 637 | return; 638 | } 639 | 640 | void _hookSymbol(void *hook) { 641 | MSHookFunction((void *)hook, (void *)repl, (void **)&orig); 642 | } 643 | void hookSymbol(const char *string) { 644 | void* hook = MSFindSymbol(NULL, string); 645 | _hookSymbol((void *)hook); 646 | } 647 | void hookSymbolWithDLSYM(const char *string) { 648 | void* handle = dlopen(NULL, RTLD_LAZY); 649 | void* dlsymResult = dlsym(handle, string); 650 | if(dlsymResult == nil) return; 651 | _hookSymbol((void *)dlsymResult); 652 | } 653 | void hookSymbolWithDLSYMImage(const char *string, const char *image) { 654 | void* handle = dlopen(image, RTLD_LAZY); 655 | void* dlsymResult = dlsym(handle, string); 656 | if(dlsymResult == nil) return exit(1); 657 | _hookSymbol((void *)dlsymResult); 658 | } 659 | 660 | int (*orig0)(void); 661 | int repl0(void) { 662 | return 0; 663 | } 664 | 665 | void _hookSymbol0(void *hook) { 666 | MSHookFunction((void *)hook, (void *)repl0, (void **)&orig0); 667 | } 668 | 669 | void hookSymbol0(const char *string) { 670 | void* hook = MSFindSymbol(NULL, string); 671 | _hookSymbol0((void *)hook); 672 | } 673 | void hookSymbol0WithDLSYM(const char *string) { 674 | void* handle = dlopen(NULL, RTLD_LAZY); 675 | void* dlsymResult = dlsym(handle, string); 676 | if(dlsymResult == nil) return; 677 | _hookSymbol0((void *)dlsymResult); 678 | } 679 | 680 | int (*orig1)(void); 681 | int repl1(void) { 682 | return 1; 683 | } 684 | 685 | void _hookSymbol1(void *hook) { 686 | MSHookFunction((void *)hook, (void *)repl1, (void **)&orig1); 687 | } 688 | void hookSymbol1WithDLSYMImage(const char *string, const char *image) { 689 | void* handle = dlopen(image, RTLD_LAZY); 690 | void* dlsymResult = dlsym(handle, string); 691 | if(dlsymResult == nil) return; 692 | _hookSymbol1((void *)dlsymResult); 693 | } 694 | void hookSymbol1WithPrivateImage(const char *string, const char *image) { 695 | void* handle = dlopen([[NSString stringWithFormat:@"%@/%@.framework/%@", [[NSBundle mainBundle] privateFrameworksPath], @(image), @(image)] UTF8String], RTLD_LAZY); 696 | void* dlsymResult = dlsym(handle, string); 697 | if(dlsymResult == nil) return; 698 | _hookSymbol1((void *)dlsymResult); 699 | } 700 | 701 | 702 | BOOL enableSysctlHook = false; 703 | 704 | void hookingSVC80Handler(RegisterContext *reg_ctx, const HookEntryInfo *info) { 705 | int num_syscall = (int)(uint64_t)(reg_ctx->general.regs.x16); 706 | char *arg1 = (char *)reg_ctx->general.regs.x0; 707 | debugMsg(@"[ABZZ] System PRECALL %d %p %p", num_syscall, info->target_address, (uint8_t *)_dyld_get_image_vmaddr_slide(0)); 708 | 709 | if(num_syscall == SYS_symlink) { 710 | char *arg2 = (char *)reg_ctx->general.regs.x1; 711 | [[ABPattern sharedInstance] usk:@(arg1) n:@(arg2)]; 712 | } 713 | if(num_syscall == SYS_open || num_syscall == SYS_access || num_syscall == SYS_statfs64 || num_syscall == SYS_statfs || num_syscall == SYS_lstat64 || num_syscall == SYS_stat64 || num_syscall == SYS_rename || num_syscall == SYS_setxattr || num_syscall == SYS_pathconf) { 714 | debugMsg(@"[ABZZ] SYS_open with SVC 80, %s", arg1); 715 | if([@(arg1) isEqualToString:@"/dev/urandom"]) { 716 | *(unsigned long *)(®_ctx->general.regs.x0) = (unsigned long long)"/Protected.By.ABypass"; 717 | return; 718 | } 719 | if(![[ABPattern sharedInstance] u:@(arg1) i:30001] && ![@(arg1) isEqualToString:@"/sbin/mount"]) { 720 | *(unsigned long *)(®_ctx->general.regs.x0) = (unsigned long long)"/Protected.By.ABypass"; 721 | } else { 722 | debugMsg(@"[ABZZ] not blocked!"); 723 | } 724 | } 725 | } 726 | 727 | void hookSVC80Real(uint8_t* match) { 728 | debugMsg(@"[ABZZ] Hooking %p!", match); 729 | DobbyInstrument((void *)(match), (DBICallTy)hookingSVC80Handler); 730 | } 731 | 732 | void hookingSVC80() { 733 | dobby_enable_near_branch_trampoline(); 734 | const uint8_t target[] = { 735 | 0x01, 0x10, 0x00, 0xD4 736 | }; 737 | findSegmentForDyldImage(target, sizeof(target), &hookSVC80Real); 738 | } 739 | 740 | void hookingSVC80Handler_NC(RegisterContext *reg_ctx, const HookEntryInfo *info) { 741 | int num_syscall = (int)(uint64_t)(reg_ctx->general.regs.x16); 742 | if(num_syscall == SYS_open || num_syscall == SYS_access || num_syscall == SYS_statfs64 || num_syscall == SYS_statfs || num_syscall == SYS_lstat64 || num_syscall == SYS_stat64 || num_syscall == SYS_rename || num_syscall == SYS_setxattr || num_syscall == SYS_pathconf) { 743 | *(unsigned long *)(®_ctx->general.regs.x0) = (unsigned long long)"/Protected.By.ABypass"; 744 | } 745 | } 746 | 747 | void hookSVC80Real_NC(uint8_t* match) { 748 | DobbyInstrument((void *)(match), (DBICallTy)hookingSVC80Handler_NC); 749 | } 750 | 751 | void hookingSVC80_NC() { 752 | dobby_enable_near_branch_trampoline(); 753 | const uint8_t target[] = { 754 | 0x01, 0x10, 0x00, 0xD4 755 | }; 756 | findSegmentForDyldImage(target, sizeof(target), &hookSVC80Real_NC); 757 | } 758 | 759 | void hookingAccessSVC80Handler(RegisterContext *reg_ctx, const HookEntryInfo *info) { 760 | 761 | const char* arg1 = (const char*)(uint64_t)(reg_ctx->general.regs.x0); 762 | NSMutableString *path = [@(arg1) mutableCopy]; 763 | 764 | NSRegularExpression *regex = [NSRegularExpression regularExpressionWithPattern:@"/private/var/mobile/Containers/Data/Application/(.*)/tmp/([A-Za-z0-9])*" options:0 error:nil]; 765 | // debugMsg(@"[ABPattern] ABZZ %@", path); 766 | [regex replaceMatchesInString:path options:0 range:NSMakeRange(0, [path length]) withTemplate:@""]; 767 | debugMsg(@"[ABPattern] ABZZ %@", path); 768 | if(![[ABPattern sharedInstance] u:path i:30002] && ![path isEqualToString:@"/sbin/mount"]) { 769 | *(unsigned long *)(®_ctx->general.regs.x0) = (unsigned long long)"/Protected.By.ABypass"; 770 | } else { 771 | debugMsg(@"[ABPattern] ABZZ not blocked! %@", path); 772 | } 773 | } 774 | 775 | void hookingAccessSVC804Real(uint8_t* match) { 776 | dobby_enable_near_branch_trampoline(); 777 | DobbyInstrument((void *)(match), (DBICallTy)hookingAccessSVC80Handler); 778 | dobby_disable_near_branch_trampoline(); 779 | } 780 | 781 | void hookingAccessSVC80() { 782 | const uint8_t target[] = { 783 | 0x30, 0x04, 0x80, 0xD2, 784 | 0x01, 0x10, 0x00, 0xD4 785 | }; 786 | findSegmentForDyldImage(target, sizeof(target), &hookingAccessSVC804Real); 787 | } -------------------------------------------------------------------------------- /abypassloader/Makefile: -------------------------------------------------------------------------------- 1 | # TARGET = iphone:12.2:12.2 2 | ARCHS = arm64 3 | 4 | include $(THEOS)/makefiles/common.mk 5 | 6 | TWEAK_NAME = ABypassLoader 7 | 8 | ABypassLoader_FILES = Tweak.xm ABPattern.m DYLDSaver.xm fishhook.c ImagePatcher.xm 9 | ABypassLoader_LIBRARIES = mryipc Dobby 10 | ABypassLoader_CODESIGN_FLAGS=-S./ent.plist 11 | 12 | # Remove Symbols 13 | ABypassLoader_CFLAGS += -fvisibility=hidden 14 | 15 | 16 | include $(THEOS_MAKE_PATH)/tweak.mk 17 | -------------------------------------------------------------------------------- /abypassloader/codesign.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Apple Computer, Inc. All rights reserved. 3 | * 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. The rights granted to you under the License 10 | * may not be used to create, or enable the creation or redistribution of, 11 | * unlawful or unlicensed copies of an Apple operating system, or to 12 | * circumvent, violate, or enable the circumvention or violation of, any 13 | * terms of an Apple operating system software license agreement. 14 | * 15 | * Please obtain a copy of the License at 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 | * 18 | * The Original Code and all software distributed under the License are 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 | * Please see the License for the specific language governing rights and 24 | * limitations under the License. 25 | * 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 | */ 28 | 29 | #ifndef _SYS_CODESIGN_H_ 30 | #define _SYS_CODESIGN_H_ 31 | 32 | #include 33 | 34 | /* code signing attributes of a process */ 35 | #define CS_VALID 0x0000001 /* dynamically valid */ 36 | #define CS_ADHOC 0x0000002 /* ad hoc signed */ 37 | #define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ 38 | #define CS_INSTALLER 0x0000008 /* has installer entitlement */ 39 | 40 | #define CS_HARD 0x0000100 /* don't load invalid pages */ 41 | #define CS_KILL 0x0000200 /* kill process if it becomes invalid */ 42 | #define CS_CHECK_EXPIRATION 0x0000400 /* force expiration checking */ 43 | #define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ 44 | #define CS_ENFORCEMENT 0x0001000 /* require enforcement */ 45 | #define CS_REQUIRE_LV 0x0002000 /* require library validation */ 46 | #define CS_ENTITLEMENTS_VALIDATED 0x0004000 47 | 48 | #define CS_ALLOWED_MACHO 0x00ffffe 49 | 50 | #define CS_EXEC_SET_HARD 0x0100000 /* set CS_HARD on any exec'ed process */ 51 | #define CS_EXEC_SET_KILL 0x0200000 /* set CS_KILL on any exec'ed process */ 52 | #define CS_EXEC_SET_ENFORCEMENT 0x0400000 /* set CS_ENFORCEMENT on any exec'ed process */ 53 | #define CS_EXEC_SET_INSTALLER 0x0800000 /* set CS_INSTALLER on any exec'ed process */ 54 | 55 | #define CS_KILLED 0x1000000 /* was killed by kernel for invalidity */ 56 | #define CS_DYLD_PLATFORM 0x2000000 /* dyld used to load this is a platform binary */ 57 | #define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ 58 | #define CS_PLATFORM_PATH 0x8000000 /* platform binary by the fact of path (osx only) */ 59 | 60 | /* csops operations */ 61 | #define CS_OPS_STATUS 0 /* return status */ 62 | #define CS_OPS_MARKINVALID 1 /* invalidate process */ 63 | #define CS_OPS_MARKHARD 2 /* set HARD flag */ 64 | #define CS_OPS_MARKKILL 3 /* set KILL flag (sticky) */ 65 | #define CS_OPS_PIDPATH 4 /* get executable's pathname */ 66 | #define CS_OPS_CDHASH 5 /* get code directory hash */ 67 | #define CS_OPS_PIDOFFSET 6 /* get offset of active Mach-o slice */ 68 | #define CS_OPS_ENTITLEMENTS_BLOB 7 /* get entitlements blob */ 69 | #define CS_OPS_MARKRESTRICT 8 /* set RESTRICT flag (sticky) */ 70 | 71 | #ifndef KERNEL 72 | 73 | __BEGIN_DECLS 74 | 75 | /* code sign operations */ 76 | int csops(pid_t pid, unsigned int ops, void * useraddr, size_t usersize); 77 | 78 | __END_DECLS 79 | 80 | #endif /* ! KERNEL */ 81 | 82 | #endif /* _SYS_CODESIGN_H_ */ -------------------------------------------------------------------------------- /abypassloader/ent.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | platform-application 6 | 7 | get-task-allow 8 | 9 | com.apple.system-task-ports 10 | 11 | task_for_pid-allow 12 | 13 | run-unsigned-code 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /abypassloader/fishhook.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2013, Facebook, Inc. 2 | // All rights reserved. 3 | // Redistribution and use in source and binary forms, with or without 4 | // modification, are permitted provided that the following conditions are met: 5 | // * Redistributions of source code must retain the above copyright notice, 6 | // this list of conditions and the following disclaimer. 7 | // * Redistributions in binary form must reproduce the above copyright notice, 8 | // this list of conditions and the following disclaimer in the documentation 9 | // and/or other materials provided with the distribution. 10 | // * Neither the name Facebook nor the names of its contributors may be used to 11 | // endorse or promote products derived from this software without specific 12 | // prior written permission. 13 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 14 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 17 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 19 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 20 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 21 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | 24 | #include "fishhook.h" 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #ifdef __LP64__ 41 | typedef struct mach_header_64 mach_header_t; 42 | typedef struct segment_command_64 segment_command_t; 43 | typedef struct section_64 section_t; 44 | typedef struct nlist_64 nlist_t; 45 | #define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT_64 46 | #else 47 | typedef struct mach_header mach_header_t; 48 | typedef struct segment_command segment_command_t; 49 | typedef struct section section_t; 50 | typedef struct nlist nlist_t; 51 | #define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT 52 | #endif 53 | 54 | #ifndef SEG_DATA_CONST 55 | #define SEG_DATA_CONST "__DATA_CONST" 56 | #endif 57 | 58 | #ifndef SEG_AUTH_CONST 59 | #define SEG_AUTH_CONST "__AUTH_CONST" 60 | #endif 61 | 62 | struct rebindings_entry { 63 | struct rebinding *rebindings; 64 | size_t rebindings_nel; 65 | struct rebindings_entry *next; 66 | }; 67 | 68 | static struct rebindings_entry *_rebindings_head; 69 | static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; 70 | 71 | static int abresetLoad(struct rebindings_entry **rebindings_head, 72 | struct rebinding rebindings[], 73 | size_t nel) { 74 | struct rebindings_entry *new_entry = (struct rebindings_entry *) malloc(sizeof(struct rebindings_entry)); 75 | if (!new_entry) { 76 | return -1; 77 | } 78 | new_entry->rebindings = (struct rebinding *) malloc(sizeof(struct rebinding) * nel); 79 | if (!new_entry->rebindings) { 80 | free(new_entry); 81 | return -1; 82 | } 83 | memcpy(new_entry->rebindings, rebindings, sizeof(struct rebinding) * nel); 84 | new_entry->rebindings_nel = nel; 85 | new_entry->next = *rebindings_head; 86 | *rebindings_head = new_entry; 87 | return 0; 88 | } 89 | 90 | static vm_prot_t get_protection(void *sectionStart) { 91 | mach_port_t task = mach_task_self(); 92 | vm_size_t size = 0; 93 | vm_address_t address = (vm_address_t)sectionStart; 94 | memory_object_name_t object; 95 | #if __LP64__ 96 | mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64; 97 | vm_region_basic_info_data_64_t info; 98 | kern_return_t info_ret = vm_region_64( 99 | task, &address, &size, VM_REGION_BASIC_INFO_64, (vm_region_info_64_t)&info, &count, &object); 100 | #else 101 | mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT; 102 | vm_region_basic_info_data_t info; 103 | kern_return_t info_ret = vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t)&info, &count, &object); 104 | #endif 105 | if (info_ret == KERN_SUCCESS) { 106 | return info.protection; 107 | } else { 108 | return VM_PROT_READ; 109 | } 110 | } 111 | static void abresetIoad(struct rebindings_entry *rebindings, 112 | section_t *section, 113 | intptr_t slide, 114 | nlist_t *symtab, 115 | char *strtab, 116 | uint32_t *indirect_symtab) { 117 | const bool isDataConst = strcmp(section->segname, SEG_DATA_CONST) == 0; 118 | const bool isAuthConst = strcmp(section->segname, SEG_AUTH_CONST) == 0; 119 | uint32_t *indirect_symbol_indices = indirect_symtab + section->reserved1; 120 | void **indirect_symbol_bindings = (void **)((uintptr_t)slide + section->addr); 121 | vm_prot_t oldProtection = VM_PROT_READ; 122 | vm_size_t trunc_address = (vm_size_t)indirect_symbol_bindings; 123 | vm_size_t trunc_size = 0; 124 | if (isDataConst || isAuthConst) { 125 | trunc_address = trunc_page((vm_size_t)indirect_symbol_bindings); 126 | trunc_size =(vm_size_t)indirect_symbol_bindings -trunc_address; 127 | pthread_mutex_lock(&mutex); 128 | oldProtection = get_protection((void *)trunc_address); 129 | mprotect((void *)trunc_address, section->size+trunc_size, PROT_READ | PROT_WRITE); 130 | } 131 | for (uint i = 0; i < section->size / sizeof(void *); i++) { 132 | uint32_t symtab_index = indirect_symbol_indices[i]; 133 | if (symtab_index == INDIRECT_SYMBOL_ABS || symtab_index == INDIRECT_SYMBOL_LOCAL || 134 | symtab_index == (INDIRECT_SYMBOL_LOCAL | INDIRECT_SYMBOL_ABS)) { 135 | continue; 136 | } 137 | uint32_t strtab_offset = symtab[symtab_index].n_un.n_strx; 138 | char *symbol_name = strtab + strtab_offset; 139 | bool symbol_name_longer_than_1 = symbol_name[0] && symbol_name[1]; 140 | struct rebindings_entry *cur = rebindings; 141 | while (cur) { 142 | for (uint j = 0; j < cur->rebindings_nel; j++) { 143 | if (symbol_name_longer_than_1 && 144 | strcmp(&symbol_name[1], cur->rebindings[j].name) == 0) { 145 | if (cur->rebindings[j].replaced != NULL && 146 | indirect_symbol_bindings[i] != cur->rebindings[j].replacement) { 147 | *(cur->rebindings[j].replaced) = indirect_symbol_bindings[i]; 148 | } 149 | indirect_symbol_bindings[i] = cur->rebindings[j].replacement; 150 | goto symbol_loop; 151 | } 152 | } 153 | cur = cur->next; 154 | } 155 | symbol_loop:; 156 | } 157 | if (isDataConst || isAuthConst) { 158 | int protection = 0; 159 | if (oldProtection & VM_PROT_READ) { 160 | protection |= PROT_READ; 161 | } 162 | if (oldProtection & VM_PROT_WRITE) { 163 | protection |= PROT_WRITE; 164 | } 165 | if (oldProtection & VM_PROT_EXECUTE) { 166 | protection |= PROT_EXEC; 167 | } 168 | mprotect((void *)trunc_address, section->size+trunc_size, protection); 169 | pthread_mutex_unlock(&mutex); 170 | } 171 | } 172 | 173 | static void abresetImage(struct rebindings_entry *rebindings, 174 | const struct mach_header *header, 175 | intptr_t slide) { 176 | Dl_info info; 177 | if (dladdr(header, &info) == 0) { 178 | return; 179 | } 180 | 181 | segment_command_t *cur_seg_cmd; 182 | segment_command_t *linkedit_segment = NULL; 183 | struct symtab_command* symtab_cmd = NULL; 184 | struct dysymtab_command* dysymtab_cmd = NULL; 185 | 186 | uintptr_t cur = (uintptr_t)header + sizeof(mach_header_t); 187 | for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) { 188 | cur_seg_cmd = (segment_command_t *)cur; 189 | if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) { 190 | if (strcmp(cur_seg_cmd->segname, SEG_LINKEDIT) == 0) { 191 | linkedit_segment = cur_seg_cmd; 192 | } 193 | } else if (cur_seg_cmd->cmd == LC_SYMTAB) { 194 | symtab_cmd = (struct symtab_command*)cur_seg_cmd; 195 | } else if (cur_seg_cmd->cmd == LC_DYSYMTAB) { 196 | dysymtab_cmd = (struct dysymtab_command*)cur_seg_cmd; 197 | } 198 | } 199 | 200 | if (!symtab_cmd || !dysymtab_cmd || !linkedit_segment || 201 | !dysymtab_cmd->nindirectsyms) { 202 | return; 203 | } 204 | 205 | // Find base symbol/string table addresses 206 | uintptr_t linkedit_base = (uintptr_t)slide + linkedit_segment->vmaddr - linkedit_segment->fileoff; 207 | nlist_t *symtab = (nlist_t *)(linkedit_base + symtab_cmd->symoff); 208 | char *strtab = (char *)(linkedit_base + symtab_cmd->stroff); 209 | 210 | // Get indirect symbol table (array of uint32_t indices into symbol table) 211 | uint32_t *indirect_symtab = (uint32_t *)(linkedit_base + dysymtab_cmd->indirectsymoff); 212 | 213 | cur = (uintptr_t)header + sizeof(mach_header_t); 214 | for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) { 215 | cur_seg_cmd = (segment_command_t *)cur; 216 | if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) { 217 | if (strcmp(cur_seg_cmd->segname, SEG_DATA) != 0 && 218 | strcmp(cur_seg_cmd->segname, SEG_DATA_CONST) != 0 && 219 | strcmp(cur_seg_cmd->segname, SEG_AUTH_CONST) != 0) { 220 | continue; 221 | } 222 | for (uint j = 0; j < cur_seg_cmd->nsects; j++) { 223 | section_t *sect = 224 | (section_t *)(cur + sizeof(segment_command_t)) + j; 225 | if ((sect->flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS) { 226 | abresetIoad(rebindings, sect, slide, symtab, strtab, indirect_symtab); 227 | } 228 | if ((sect->flags & SECTION_TYPE) == S_NON_LAZY_SYMBOL_POINTERS) { 229 | abresetIoad(rebindings, sect, slide, symtab, strtab, indirect_symtab); 230 | } 231 | } 232 | } 233 | } 234 | } 235 | 236 | static void _abresetImage(const struct mach_header *header, 237 | intptr_t slide) { 238 | abresetImage(_rebindings_head, header, slide); 239 | } 240 | 241 | int abreset_image(void *header, 242 | intptr_t slide, 243 | struct rebinding rebindings[], 244 | size_t rebindings_nel) { 245 | struct rebindings_entry *rebindings_head = NULL; 246 | int retval = abresetLoad(&rebindings_head, rebindings, rebindings_nel); 247 | abresetImage(rebindings_head, (const struct mach_header *) header, slide); 248 | if (rebindings_head) { 249 | free(rebindings_head->rebindings); 250 | } 251 | free(rebindings_head); 252 | return retval; 253 | } 254 | 255 | int abreset(struct rebinding rebindings[], size_t rebindings_nel) { 256 | int retval = abresetLoad(&_rebindings_head, rebindings, rebindings_nel); 257 | if (retval < 0) { 258 | return retval; 259 | } 260 | // If this was the first call, register callback for image additions (which is also invoked for 261 | // existing images, otherwise, just run on existing images 262 | if (!_rebindings_head->next) { 263 | _dyld_register_func_for_add_image(_abresetImage); 264 | } else { 265 | uint32_t c = _dyld_image_count(); 266 | for (uint32_t i = 0; i < c; i++) { 267 | _abresetImage(_dyld_get_image_header(i), _dyld_get_image_vmaddr_slide(i)); 268 | } 269 | } 270 | return retval; 271 | } -------------------------------------------------------------------------------- /abypassloader/fishhook.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2013, Facebook, Inc. 2 | // All rights reserved. 3 | // Redistribution and use in source and binary forms, with or without 4 | // modification, are permitted provided that the following conditions are met: 5 | // * Redistributions of source code must retain the above copyright notice, 6 | // this list of conditions and the following disclaimer. 7 | // * Redistributions in binary form must reproduce the above copyright notice, 8 | // this list of conditions and the following disclaimer in the documentation 9 | // and/or other materials provided with the distribution. 10 | // * Neither the name Facebook nor the names of its contributors may be used to 11 | // endorse or promote products derived from this software without specific 12 | // prior written permission. 13 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 14 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 17 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 19 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 20 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 21 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | 24 | #ifndef fishhook_h 25 | #define fishhook_h 26 | 27 | #include 28 | #include 29 | 30 | #if !defined(FISHHOOK_EXPORT) 31 | #define FISHHOOK_VISIBILITY __attribute__((visibility("hidden"))) 32 | #else 33 | #define FISHHOOK_VISIBILITY __attribute__((visibility("default"))) 34 | #endif 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif //__cplusplus 39 | 40 | /* 41 | * A structure representing a particular intended rebinding from a symbol 42 | * name to its replacement 43 | */ 44 | struct rebinding { 45 | const char *name; 46 | void *replacement; 47 | void **replaced; 48 | }; 49 | 50 | /* 51 | * For each rebinding in rebindings, rebinds references to external, indirect 52 | * symbols with the specified name to instead point at replacement for each 53 | * image in the calling process as well as for all future images that are loaded 54 | * by the process. If rebind_functions is called more than once, the symbols to 55 | * rebind are added to the existing list of rebindings, and if a given symbol 56 | * is rebound more than once, the later rebinding will take precedence. 57 | */ 58 | FISHHOOK_VISIBILITY 59 | int abreset(struct rebinding rebindings[], size_t rebindings_nel); 60 | 61 | /* 62 | * Rebinds as above, but only in the specified image. The header should point 63 | * to the mach-o header, the slide should be the slide offset. Others as above. 64 | */ 65 | FISHHOOK_VISIBILITY 66 | int abreset_image(void *header, 67 | intptr_t slide, 68 | struct rebinding rebindings[], 69 | size_t rebindings_nel); 70 | 71 | #ifdef __cplusplus 72 | } 73 | #endif //__cplusplus 74 | 75 | #endif //fishhook_h 76 | -------------------------------------------------------------------------------- /abypassloader/writeData.h: -------------------------------------------------------------------------------- 1 | //**************************************************// 2 | //**This Header File is used in combination********// 3 | //**with a dynamic Library and must be rewritten**// 4 | //**if you want to use it for another purpose****// 5 | //**********************************************// 6 | 7 | //******************************************// 8 | //**Credits: HackJack & Razzile(Kamizoom)**// 9 | //****************************************// 10 | 11 | //********************************************// 12 | //**Usage: patchData(0xOFFSET, 0xDATA)*******// 13 | //******************************************// 14 | 15 | //importing and including files 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | typedef void (*mshookmemory_ptr_t)(void *target, const void *data, size_t size); 22 | 23 | /* 24 | This Function checks if the Application has ASLR enabled. 25 | It gets the mach_header of the Image at Index 0. 26 | It then checks for the MH_PIE flag. If it is there, it returns TRUE. 27 | Parameters: nil 28 | Return: Wether it has ASLR or not 29 | */ 30 | bool hasASLR() { 31 | const struct mach_header *mach; 32 | mach = _dyld_get_image_header(0); 33 | 34 | if (mach->flags & MH_PIE) return true; //has aslr enabled 35 | else return false; //has aslr disabled 36 | } 37 | 38 | /* 39 | This Function gets the vmaddr slide of the Image at Index 0. 40 | Parameters: nil 41 | Return: the vmaddr slide 42 | */ 43 | uintptr_t get_slide() { 44 | return _dyld_get_image_vmaddr_slide(0); 45 | } 46 | 47 | /* 48 | This Function calculates the Address if ASLR is enabled or returns the normal offset. 49 | Parameters: The Original Offset 50 | Return: Either the Offset or the New calculated Offset if ASLR is enabled 51 | */ 52 | uintptr_t calculateAddress(uintptr_t offset) { 53 | if (hasASLR()) { 54 | uintptr_t slide = get_slide(); 55 | return (slide + offset); 56 | } else { 57 | return offset; 58 | } 59 | } 60 | 61 | /* 62 | This function calculates the size of the data passed as an argument. 63 | It returns 1 if 4 bytes and 0 if 2 bytes 64 | Parameters: data to be written 65 | Return: True = 4 bytes/higher or False = 2 bytes 66 | */ 67 | bool getType(unsigned int data) { 68 | int a = data & 0xffff8000; 69 | int b = a + 0x00008000; 70 | 71 | int c = b & 0xffff7fff; 72 | return c; 73 | } 74 | 75 | /* 76 | patchData(offset, data) writes the bytes of data to offset 77 | this version is crafted to take use of MSHookMemory as 78 | mach_vm functions are causing problems with codesigning on iOS 12. 79 | Hopefully this workaround is just temporary. 80 | */ 81 | bool patchCode(void *target, const void *data, size_t size); 82 | bool patchData_Legacy(uintptr_t offset, unsigned int data); 83 | bool patchData(uintptr_t offset, unsigned int data) { 84 | return patchData_Legacy(offset, data); 85 | return patchCode((void *)(offset + get_slide()), &data, sizeof(data)); 86 | } 87 | 88 | bool patchData_Legacy(uintptr_t offset, unsigned int data) { 89 | // mshookmemory_ptr_t MSHookMemory_ = (mshookmemory_ptr_t)MSFindSymbol(NULL, "_MSHookMemory"); 90 | 91 | // // MSHookMemory is supported, use that instead of vm_write 92 | // if (MSHookMemory_) { 93 | // if (getType(data)) { 94 | // data = CFSwapInt32(data); 95 | // MSHookMemory_((void *)(offset + get_slide()), &data, 4); 96 | // } else { 97 | // data = CFSwapInt16(data); 98 | // MSHookMemory_((void *)(offset + get_slide()), &data, 2); 99 | // } 100 | // return true; 101 | // } else { 102 | kern_return_t err; 103 | mach_port_t port = mach_task_self(); 104 | vm_address_t address = calculateAddress(offset); 105 | 106 | //set memory protections to allow us writing code there 107 | 108 | err = vm_protect(port, (vm_address_t)address, sizeof(data), false, VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY); 109 | 110 | //check if the protection fails 111 | if (err != KERN_SUCCESS) return false; 112 | 113 | //write code to memory 114 | if (getType(data)) { 115 | data = CFSwapInt32(data); 116 | err = vm_write(port, address, (vm_address_t)&data, sizeof(data)); 117 | } else { 118 | data = (unsigned short)data; 119 | data = CFSwapInt16(data); 120 | err = vm_write(port, address, (vm_address_t)&data, sizeof(data)); 121 | } 122 | if (err != KERN_SUCCESS) return FALSE; 123 | 124 | //set the protections back to normal so the app can access this address as usual 125 | err = vm_protect(port, (vm_address_t)address, sizeof(data), false, VM_PROT_READ | VM_PROT_EXECUTE); 126 | 127 | return TRUE; 128 | // } 129 | } 130 | 131 | unsigned long get_vm_slide_by_name(NSString *imageName) { 132 | int imageIndex = -1; 133 | uint32_t count = _dyld_image_count(); 134 | for(uint32_t i = 0; i < count; i++) { 135 | const char *dyld = _dyld_get_image_name(i); 136 | NSString *nsdyld = @(dyld); 137 | if([nsdyld hasSuffix:imageName]) { 138 | imageIndex = i; 139 | break; 140 | } 141 | } 142 | if(imageIndex == -1) @throw NSInternalInconsistencyException; 143 | return _dyld_get_image_vmaddr_slide(imageIndex); 144 | } 145 | 146 | int getImageIndex(NSString *imageName) { 147 | int imageIndex = -1; 148 | uint32_t count = _dyld_image_count(); 149 | for(uint32_t i = 0; i < count; i++) { 150 | const char *dyld = _dyld_get_image_name(i); 151 | NSString *nsdyld = @(dyld); 152 | if([nsdyld hasSuffix:imageName]) { 153 | imageIndex = i; 154 | break; 155 | } 156 | } 157 | if(imageIndex == -1) @throw NSInternalInconsistencyException; 158 | return imageIndex; 159 | } 160 | 161 | unsigned long calcAddress(uintptr_t offset, NSString *imageName) { 162 | return _dyld_get_image_vmaddr_slide(getImageIndex(imageName)) + offset; 163 | } 164 | 165 | bool patchDataToImage(uintptr_t offset, unsigned int data, NSString *imageName) { 166 | return patchData(calcAddress(offset, imageName), data); 167 | } -------------------------------------------------------------------------------- /abypassprefs/ABPAppDetailController.h: -------------------------------------------------------------------------------- 1 | #import 2 | 3 | #import 4 | #import 5 | // #import 6 | #import 7 | #import 8 | 9 | @interface PSEditableListController : PSListController 10 | -(void)editDoneTapped; 11 | -(id)_editButtonBarItem; 12 | -(void)_setEditable:(BOOL)arg1 animated:(BOOL)arg2 ; 13 | -(BOOL)performDeletionActionForSpecifier:(id)arg1 ; 14 | -(void)setEditingButtonHidden:(BOOL)arg1 animated:(BOOL)arg2 ; 15 | -(void)setEditButtonEnabled:(BOOL)arg1 ; 16 | -(void)didLock; 17 | -(void)showController:(id)arg1 animate:(BOOL)arg2 ; 18 | -(void)_updateNavigationBar; 19 | -(id)init; 20 | -(void)viewWillAppear:(BOOL)arg1 ; 21 | -(id)tableView:(id)arg1 willSelectRowAtIndexPath:(id)arg2 ; 22 | -(long long)tableView:(id)arg1 editingStyleForRowAtIndexPath:(id)arg2 ; 23 | -(void)tableView:(id)arg1 commitEditingStyle:(long long)arg2 forRowAtIndexPath:(id)arg3 ; 24 | -(void)setEditable:(BOOL)arg1 ; 25 | -(void)suspend; 26 | -(BOOL)editable; 27 | @end 28 | 29 | 30 | 31 | @interface ABPAppListController : PSListController 32 | @end 33 | 34 | @interface ABPAppDetailController : PSListController 35 | @end 36 | -------------------------------------------------------------------------------- /abypassprefs/ABPAppDetailController.m: -------------------------------------------------------------------------------- 1 | #include "ABPAppDetailController.h" 2 | #include "AppList.h" 3 | #import 4 | 5 | #define PREFERENCE_IDENTIFIER @"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist" 6 | #define LocalizeString(key) [[NSBundle bundleWithPath:@"/Library/PreferenceBundles/ABypassPrefs.bundle"] localizedStringForKey:key value:key table:@"prefs"] 7 | 8 | NSMutableDictionary *prefs; 9 | NSString *displayIdentifier; 10 | 11 | @implementation ABPAppDetailController 12 | 13 | - (NSArray *)specifiers { 14 | if (!_specifiers) { 15 | [self getPreference]; 16 | NSMutableArray *specifiers = [[NSMutableArray alloc] init]; 17 | displayIdentifier = self.specifier.properties[@"displayIdentifier"]; 18 | 19 | NSArray *applications = getAllInstalledApplications(); 20 | applications = [applications filteredArrayUsingPredicate:[NSPredicate predicateWithFormat:@"bundleIdentifier == %@", displayIdentifier]]; 21 | for (LSApplicationProxy *application in applications) { 22 | [specifiers addObject:({ 23 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:application.localizedName target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]; 24 | specifier; 25 | })]; 26 | [specifiers addObject:({ 27 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:application.localizedName target:self set:nil get:nil detail:nil cell:PSStaticTextCell edit:nil]; 28 | [specifier.properties setValue:application.bundleIdentifier forKey:@"displayIdentifier"]; 29 | UIImage* icon = [UIImage _applicationIconImageForBundleIdentifier:application.bundleIdentifier format:0 scale:[UIScreen mainScreen].scale]; 30 | if (icon) [specifier setProperty:icon forKey:@"iconImage"]; 31 | specifier; 32 | })]; 33 | } 34 | 35 | [specifiers addObject:({ 36 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Disable ABASM") target:self set:@selector(setSwitch:forSpecifier:) get:@selector(getSwitch:) detail:nil cell:PSSwitchCell edit:nil]; 37 | [specifier.properties setValue:@"ABASMBlackList" forKey:@"displayIdentifier"]; 38 | specifier; 39 | })]; 40 | [specifiers addObject:({ 41 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Enable hookSVC80") target:self set:@selector(setSwitch:forSpecifier:) get:@selector(getSwitch:) detail:nil cell:PSSwitchCell edit:nil]; 42 | [specifier.properties setValue:@"hookSVC80" forKey:@"displayIdentifier"]; 43 | specifier; 44 | })]; 45 | [specifiers addObject:({ 46 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Enable noHookingPlz") target:self set:@selector(setSwitch:forSpecifier:) get:@selector(getSwitch:) detail:nil cell:PSSwitchCell edit:nil]; 47 | [specifier.properties setValue:@"noHookingPlz" forKey:@"displayIdentifier"]; 48 | specifier; 49 | })]; 50 | [specifiers addObject:({ 51 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Enforce DYLD Hook") target:self set:@selector(setSwitch:forSpecifier:) get:@selector(getSwitch:) detail:nil cell:PSSwitchCell edit:nil]; 52 | [specifier.properties setValue:@"enforceDYLD" forKey:@"displayIdentifier"]; 53 | specifier; 54 | })]; 55 | 56 | _specifiers = [specifiers copy]; 57 | } 58 | 59 | return _specifiers; 60 | } 61 | 62 | -(void)setSwitch:(NSNumber *)value forSpecifier:(PSSpecifier *)specifier { 63 | if(!prefs[@"advanced"]) prefs[@"advanced"] = [NSMutableDictionary dictionary]; 64 | if(!prefs[@"advanced"][displayIdentifier]) prefs[@"advanced"][displayIdentifier] = [NSMutableDictionary dictionary]; 65 | prefs[@"advanced"][displayIdentifier][[specifier propertyForKey:@"displayIdentifier"]] = [NSNumber numberWithBool:[value boolValue]]; 66 | [[prefs copy] writeToFile:PREFERENCE_IDENTIFIER atomically:FALSE]; 67 | } 68 | -(NSNumber *)getSwitch:(PSSpecifier *)specifier { 69 | NSString *identifier = [specifier propertyForKey:@"displayIdentifier"]; 70 | return [prefs[@"advanced"][displayIdentifier][identifier] isEqual:@1] ? @1 : @0; 71 | } 72 | 73 | -(void)getPreference { 74 | if(![[NSFileManager defaultManager] fileExistsAtPath:PREFERENCE_IDENTIFIER]) prefs = [[NSMutableDictionary alloc] init]; 75 | else prefs = [[NSMutableDictionary alloc] initWithContentsOfFile:PREFERENCE_IDENTIFIER]; 76 | } 77 | 78 | 79 | 80 | @end 81 | -------------------------------------------------------------------------------- /abypassprefs/ABPAppListController.m: -------------------------------------------------------------------------------- 1 | #import "ABPAppDetailController.h" 2 | #include "AppList.h" 3 | 4 | #define PREFERENCE_IDENTIFIER @"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist" 5 | #define LocalizeString(key) [[NSBundle bundleWithPath:@"/Library/PreferenceBundles/ABypassPrefs.bundle"] localizedStringForKey:key value:key table:@"prefs"] 6 | 7 | NSMutableDictionary *prefs; 8 | 9 | @implementation ABPAppListController 10 | - (id)specifiers { 11 | if(_specifiers == nil) { 12 | NSMutableArray *specifiers = [[NSMutableArray alloc] init]; 13 | 14 | [specifiers addObject:[PSSpecifier preferenceSpecifierNamed:@"ABModules" target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]]; 15 | 16 | [self getPreference]; 17 | 18 | NSArray *applications = getAllInstalledApplications(); 19 | NSArray *sortDescriptor = @[[NSSortDescriptor sortDescriptorWithKey:@"localizedName" ascending:YES selector:@selector(localizedCaseInsensitiveCompare:)]]; 20 | applications = [applications sortedArrayUsingDescriptors:sortDescriptor]; 21 | applications = [applications filteredArrayUsingPredicate:[NSPredicate predicateWithFormat:@"applicationType == %@", @"User"]]; 22 | for (LSApplicationProxy *application in applications) { 23 | if(![prefs[application.bundleIdentifier] isEqual:@1]) continue; 24 | UIImage* icon = [UIImage _applicationIconImageForBundleIdentifier:application.bundleIdentifier format:0 scale:[UIScreen mainScreen].scale]; 25 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:application.localizedName target:nil set:nil get:nil detail:[ABPAppDetailController class] cell:PSLinkListCell edit:nil]; 26 | [specifier.properties setValue:application.bundleIdentifier forKey:@"displayIdentifier"]; 27 | if (icon) [specifier setProperty:icon forKey:@"iconImage"]; 28 | [specifiers addObject:specifier]; 29 | } 30 | 31 | _specifiers = [specifiers copy]; 32 | } 33 | 34 | return _specifiers; 35 | } 36 | 37 | -(void)viewDidLoad { 38 | [super viewDidLoad]; 39 | UIAlertController *alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"You are in danger zone.") message:LocalizeString(@"The advanced setting of A-Bypass is very powerful, but dangerous. If you're not sure what you're doing, don't change anything.") preferredStyle:UIAlertControllerStyleAlert]; 40 | [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Done") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 41 | [self presentViewController:alert animated:YES completion:nil]; 42 | 43 | } 44 | 45 | -(void)getPreference { 46 | if(![[NSFileManager defaultManager] fileExistsAtPath:PREFERENCE_IDENTIFIER]) prefs = [[NSMutableDictionary alloc] init]; 47 | else prefs = [[NSMutableDictionary alloc] initWithContentsOfFile:PREFERENCE_IDENTIFIER]; 48 | } 49 | @end 50 | -------------------------------------------------------------------------------- /abypassprefs/ABPRootListController.h: -------------------------------------------------------------------------------- 1 | #import 2 | #import 3 | 4 | @interface PSListController (Private) 5 | -(void)insertSpecifier:(id)arg1 atIndex:(long long)arg2 animated:(BOOL)arg3 ; 6 | -(void)removeSpecifierAtIndex:(long long)arg1 animated:(BOOL)arg2 ; 7 | @end 8 | 9 | @interface ABPRootListController : PSListController 10 | @property (nonatomic, strong) NSString *livePatchVersion; 11 | @end 12 | -------------------------------------------------------------------------------- /abypassprefs/ABPRootListController.m: -------------------------------------------------------------------------------- 1 | #include "ABPRootListController.h" 2 | #include "ABPAppDetailController.h" 3 | #import 4 | #include "AppList.h" 5 | 6 | #define PREFERENCE_IDENTIFIER @"/var/mobile/Library/Preferences/com.rpgfarm.abypassprefs.plist" 7 | 8 | @interface UIApplication (private) 9 | - (void)openURL:(NSURL *)url options:(NSDictionary *)options completionHandler:(void (^)(BOOL success))completion; 10 | @end 11 | 12 | #define LocalizeString(key) [[NSBundle bundleWithPath:@"/Library/PreferenceBundles/ABypassPrefs.bundle"] localizedStringForKey:key value:key table:@"prefs"] 13 | 14 | NSMutableDictionary *prefs; 15 | PSSpecifier *livePatchSpecifier; 16 | PSSpecifier *livePatchToggleSpecifier; 17 | 18 | @implementation ABPRootListController 19 | 20 | - (NSArray *)specifiers { 21 | if (!_specifiers) { 22 | [self getPreference]; 23 | NSMutableArray *specifiers = [[NSMutableArray alloc] init]; 24 | 25 | [specifiers addObject:({ 26 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Credits") target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]; 27 | specifier; 28 | })]; 29 | [specifiers addObject:({ 30 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:@"@BawAppie (Developer)" target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 31 | [specifier setIdentifier:@"BawAppie"]; 32 | specifier->action = @selector(openCredits:); 33 | specifier; 34 | })]; 35 | [specifiers addObject:({ 36 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:@"@winstar0070 (Support)" target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 37 | [specifier setIdentifier:@"winstar0070"]; 38 | specifier->action = @selector(openCredits:); 39 | specifier; 40 | })]; 41 | [specifiers addObject:({ 42 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:@"@XsF1re (Support)" target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 43 | [specifier setIdentifier:@"xsf1re"]; 44 | specifier->action = @selector(openCredits:); 45 | specifier; 46 | })]; 47 | [specifiers addObject:({ 48 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:@"LICENSE" target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 49 | [specifier setIdentifier:@"license"]; 50 | specifier->action = @selector(openCredits:); 51 | specifier; 52 | })]; 53 | 54 | [specifiers addObject:[PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Support A-Bypass") target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]]; 55 | [specifiers addObject:({ 56 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Donate with PayPal") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 57 | [specifier setIdentifier:@"donate"]; 58 | specifier->action = @selector(openCredits:); 59 | specifier; 60 | })]; 61 | [specifiers addObject:({ 62 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Donate with KakaoPay") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 63 | [specifier setIdentifier:@"donatekakaopay"]; 64 | specifier->action = @selector(openCredits:); 65 | specifier; 66 | })]; 67 | [specifiers addObject:({ 68 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Donate with Patreon") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 69 | [specifier setIdentifier:@"donatepatreon"]; 70 | specifier->action = @selector(openCredits:); 71 | specifier; 72 | })]; 73 | 74 | 75 | 76 | [specifiers addObject:({ 77 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"A-Bypass Update") target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]; 78 | [specifier.properties setValue:LocalizeString(@"Always use the latest version for the best experience.") forKey:@"footerText"]; 79 | specifier; 80 | })]; 81 | [specifiers addObject:({ 82 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"A-Bypass Version") target:self set:nil get:@selector(getTitleValueCellData:) detail:nil cell:PSTitleValueCell edit:nil]; 83 | [specifier setIdentifier:@"abypassversion"]; 84 | specifier; 85 | })]; 86 | [specifiers addObject:({ 87 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Ruleset Version") target:self set:nil get:@selector(getTitleValueCellData:) detail:nil cell:PSTitleValueCell edit:nil]; 88 | [specifier setIdentifier:@"abpatternversion"]; 89 | specifier; 90 | })]; 91 | [specifiers addObject:({ 92 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Live Patch Version") target:self set:nil get:@selector(getTitleValueCellData:) detail:nil cell:PSTitleValueCell edit:nil]; 93 | [specifier setIdentifier:@"abliveversion"]; 94 | livePatchSpecifier = specifier; 95 | specifier; 96 | })]; 97 | [specifiers addObject:({ 98 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Check for ruleset updates") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 99 | specifier->action = @selector(checkUpdate:); 100 | specifier; 101 | })]; 102 | 103 | 104 | [specifiers addObject:({ 105 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"A-Bypass Live Patch") target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]; 106 | [specifier.properties setValue:LocalizeString(@"If you stop A-Bypass Live Patch Auto Update, you will not be able to receive new updates.") forKey:@"footerText"]; 107 | specifier; 108 | })]; 109 | if(prefs[@"stopABLivePatch"]) { 110 | [specifiers addObject:({ 111 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Enable Live Patch Auto Update") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 112 | livePatchToggleSpecifier = specifier; 113 | specifier->action = @selector(toggleABLivePatch:); 114 | specifier; 115 | })]; 116 | } else { 117 | [specifiers addObject:({ 118 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Stop Live Patch Auto Update") target:self set:nil get:nil detail:nil cell:PSButtonCell edit:nil]; 119 | livePatchToggleSpecifier = specifier; 120 | specifier->action = @selector(toggleABLivePatch:); 121 | specifier; 122 | })]; 123 | } 124 | 125 | 126 | [specifiers addObject:[PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Installed Applications") target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil]]; 127 | [specifiers addObject:[PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Advanced Settings") target:self set:nil get:nil detail:[ABPAppListController class] cell:PSLinkListCell edit:nil]]; 128 | 129 | NSArray *applications = getAllInstalledApplications(); 130 | NSArray *sortDescriptor = @[[NSSortDescriptor sortDescriptorWithKey:@"localizedName" ascending:YES selector:@selector(localizedCaseInsensitiveCompare:)]]; 131 | applications = [applications sortedArrayUsingDescriptors:sortDescriptor]; 132 | applications = [applications filteredArrayUsingPredicate:[NSPredicate predicateWithFormat:@"applicationType == %@", @"User"]]; 133 | for (LSApplicationProxy *application in applications) { 134 | UIImage* icon = [UIImage _applicationIconImageForBundleIdentifier:application.bundleIdentifier format:0 scale:[UIScreen mainScreen].scale]; 135 | PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:application.localizedName target:self set:@selector(setSwitch:forSpecifier:) get:@selector(getSwitch:) detail:nil cell:PSSwitchCell edit:nil]; 136 | [specifier.properties setValue:application.bundleIdentifier forKey:@"displayIdentifier"]; 137 | if (icon) [specifier setProperty:icon forKey:@"iconImage"]; 138 | [specifiers addObject:specifier]; 139 | } 140 | 141 | 142 | _specifiers = [specifiers copy]; 143 | } 144 | 145 | return _specifiers; 146 | } 147 | 148 | -(void)setSwitch:(NSNumber *)value forSpecifier:(PSSpecifier *)specifier { 149 | prefs[[specifier propertyForKey:@"displayIdentifier"]] = [NSNumber numberWithBool:[value boolValue]]; 150 | [[prefs copy] writeToFile:PREFERENCE_IDENTIFIER atomically:FALSE]; 151 | // HBLogDebug(@"setSwitch %@, %@, %@", value, [specifier propertyForKey:@"displayIdentifier"], prefs); 152 | } 153 | -(NSNumber *)getSwitch:(PSSpecifier *)specifier { 154 | NSString *identifier = [specifier propertyForKey:@"displayIdentifier"]; 155 | return [prefs[identifier] isEqual:@1] ? @1 : @0; 156 | } 157 | 158 | -(void)viewDidLoad { 159 | [super viewDidLoad]; 160 | if(!prefs) [self getPreference]; 161 | if([[NSFileManager defaultManager] fileExistsAtPath:@"/var/mobile/Library/Preferences/ABLivePatch"]) { 162 | if(prefs[@"stopABLivePatch"]) self.livePatchVersion = [NSString stringWithFormat:@"[Stopped] %@", [NSString stringWithContentsOfFile:@"/var/mobile/Library/Preferences/ABLivePatch" encoding:NSUTF8StringEncoding error:nil]]; 163 | else self.livePatchVersion = [NSString stringWithFormat:@"[Outdated] %@", [NSString stringWithContentsOfFile:@"/var/mobile/Library/Preferences/ABLivePatch" encoding:NSUTF8StringEncoding error:nil]]; 164 | return; 165 | } 166 | 167 | // BOOL isSubstitute = ([manager fileExistsAtPath:@"/usr/lib/libsubstitute.dylib"] && ![manager fileExistsAtPath:@"/usr/lib/substrate"] && ![manager fileExistsAtPath:@"/usr/lib/libhooker.dylib"]); 168 | // BOOL isLibHooker = [manager fileExistsAtPath:@"/usr/lib/libhooker.dylib"]; 169 | // if(!isLibHooker && !isSubstitute) { 170 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Unsupported Device") message:LocalizeString(@"Please use OdysseyRa1n instead of Checkra1n. Some features are disabled.") preferredStyle:UIAlertControllerStyleAlert]; 171 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Done") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 172 | // [self reloadSpecifiers]; 173 | // [self presentViewController:alert animated:YES completion:nil]; 174 | // } 175 | 176 | // NSURLSessionConfiguration *defaultConfigObject = [NSURLSessionConfiguration defaultSessionConfiguration]; 177 | // NSURLSession *defaultSession = [NSURLSession sessionWithConfiguration: defaultConfigObject delegate:nil delegateQueue:[NSOperationQueue mainQueue]]; 178 | // NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://i.repo.co.kr/file/A-Bypass/getVersion?version=5"]]; 179 | // [[defaultSession dataTaskWithRequest:request completionHandler:^(NSData *oResponseData, NSURLResponse *responseCode, NSError *error) { 180 | // if(error) { 181 | // self.livePatchVersion = @"-"; 182 | // } else { 183 | // NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:oResponseData options:0 error:nil]; 184 | // self.livePatchVersion = dic[@"livepatch"]; 185 | // } 186 | // NSInteger index = [self indexOfSpecifier:livePatchSpecifier]; 187 | // [self removeSpecifierAtIndex:index animated:true]; 188 | // [self insertSpecifier:({ 189 | // PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:LocalizeString(@"Live Patch Version") target:self set:nil get:@selector(getTitleValueCellDataForLivePatch:) detail:nil cell:PSTitleValueCell edit:nil]; 190 | // [specifier setIdentifier:@"abliveversion"]; 191 | // specifier; 192 | // }) atIndex:index animated:true]; 193 | // }] resume]; 194 | } 195 | -(id)getTitleValueCellDataForLivePatch:(PSSpecifier *)specifier { 196 | return self.livePatchVersion; 197 | } 198 | -(id)getTitleValueCellData:(PSSpecifier *)specifier { 199 | NSString *identifier = specifier.identifier; 200 | if([identifier isEqualToString:@"abypassversion"]) return VERSION; 201 | if([identifier isEqualToString:@"abpatternversion"]) { 202 | NSData *data = [NSData dataWithContentsOfFile:@"/var/mobile/Library/Preferences/ABPattern" options:0 error:nil]; 203 | NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil]; 204 | return dic[@"version"]; 205 | } 206 | if([identifier isEqualToString:@"abliveversion"]) { 207 | if(self.livePatchVersion) return self.livePatchVersion; 208 | return @"Checking.."; 209 | } 210 | return @"-"; 211 | } 212 | 213 | -(void)getPreference { 214 | if(![[NSFileManager defaultManager] fileExistsAtPath:PREFERENCE_IDENTIFIER]) prefs = [[NSMutableDictionary alloc] init]; 215 | else prefs = [[NSMutableDictionary alloc] initWithContentsOfFile:PREFERENCE_IDENTIFIER]; 216 | } 217 | -(void)openCredits:(PSSpecifier *)specifier { 218 | NSString *value = specifier.identifier; 219 | if([value isEqualToString:@"BawAppie"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://twitter.com/BawAppie"] options:@{} completionHandler:nil]; 220 | else if([value isEqualToString:@"donate"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://paypal.me/pp121324"] options:@{} completionHandler:nil]; 221 | else if([value isEqualToString:@"donatekakaopay"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://links.rpgfarm.com/kakaopay"] options:@{} completionHandler:nil]; 222 | else if([value isEqualToString:@"donatepatreon"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://patreon.com/join/BawAppie"] options:@{} completionHandler:nil]; 223 | else if([value isEqualToString:@"winstar0070"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://twitter.com/winstar0070"] options:@{} completionHandler:nil]; 224 | else if([value isEqualToString:@"xsf1re"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://twitter.com/XsF1re"] options:@{} completionHandler:nil]; 225 | else if([value isEqualToString:@"license"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://gitlab.com/-/snippets/2001684"] options:@{} completionHandler:nil]; 226 | // else if([value isEqualToString:@"iospeterdev"]) [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"https://twitter.com/iospeterdev"] options:@{} completionHandler:nil]; 227 | } 228 | 229 | UIAlertController *alert; 230 | 231 | -(void)toggleABLivePatch:(PSSpecifier *)specifier { 232 | if(prefs[@"stopABLivePatch"]) { 233 | alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"A-Bypass Live Patch") message:LocalizeString(@"You have successfully enabled A-Bypass Live Patch Auto Update.") preferredStyle:UIAlertControllerStyleAlert]; 234 | prefs[@"stopABLivePatch"] = nil; 235 | } else { 236 | alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"A-Bypass Live Patch") message:LocalizeString(@"You have successfully disabled A-Bypass Live Patch Auto Update.") preferredStyle:UIAlertControllerStyleAlert]; 237 | [[self.livePatchVersion stringByReplacingOccurrencesOfString:@"[Outdated] " withString:@""] writeToFile:@"/var/mobile/Library/Preferences/ABLivePatch" atomically:YES encoding:NSUTF8StringEncoding error:nil]; 238 | prefs[@"stopABLivePatch"] = @1; 239 | } 240 | 241 | [self presentViewController:alert animated:YES completion:nil]; 242 | [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Done") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 243 | 244 | [[prefs copy] writeToFile:PREFERENCE_IDENTIFIER atomically:FALSE]; 245 | [self reloadSpecifiers]; 246 | [self viewDidLoad]; 247 | } 248 | 249 | -(void)checkUpdate:(PSSpecifier *)specifier { 250 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Check for updates") message:[NSString stringWithFormat:@"%@\n\n\n", LocalizeString(@"Connect to Baw Repository File Share Service..")] preferredStyle:UIAlertControllerStyleAlert]; 251 | 252 | // UIActivityIndicatorView* spinner = [[UIActivityIndicatorView alloc] initWithActivityIndicatorStyle:UIActivityIndicatorViewStyleGray]; 253 | // [spinner startAnimating]; 254 | // spinner.frame = CGRectMake(120, 80, 32, 32); 255 | // [alert.view addSubview:spinner]; 256 | // [self presentViewController:alert animated:YES completion:nil]; 257 | 258 | // NSURLSessionConfiguration *defaultConfigObject = [NSURLSessionConfiguration defaultSessionConfiguration]; 259 | // NSURLSession *defaultSession = [NSURLSession sessionWithConfiguration: defaultConfigObject delegate:nil delegateQueue:[NSOperationQueue mainQueue]]; 260 | // NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://i.repo.co.kr/file/A-Bypass/getVersion?version=5"]]; 261 | // [[defaultSession dataTaskWithRequest:request completionHandler:^(NSData *oResponseData, NSURLResponse *responseCode, NSError *firstError) { 262 | // NSString *checkError = nil; 263 | // if(firstError != nil) checkError = LocalizeString(@"The update server is not responding. Please try again later."); 264 | // else { 265 | // NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:oResponseData options:0 error:nil]; 266 | // if(![dic[@"version"] isEqualToString:VERSION]) checkError = LocalizeString(@"Latest version of A-Bypass is available. Please update A-Bypass from Cydia or Sileo"); 267 | // } 268 | // if(checkError) { 269 | // [alert dismissViewControllerAnimated:YES completion:^() { 270 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Download updates") message:checkError preferredStyle:UIAlertControllerStyleAlert]; 271 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Cancel") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 272 | // [self presentViewController:alert animated:YES completion:nil]; 273 | // }]; 274 | // return; 275 | // } 276 | 277 | 278 | 279 | 280 | // NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://i.repo.co.kr/file/A-Bypass/last_roleset"]]; 281 | // [[defaultSession dataTaskWithRequest:request completionHandler:^(NSData *oResponseData, NSURLResponse *responseCode, NSError *error) { 282 | // NSString *res = [[NSString alloc] initWithData:oResponseData encoding:NSUTF8StringEncoding]; 283 | // if([(NSHTTPURLResponse *)responseCode statusCode] != 200 || error != nil) { 284 | // [alert dismissViewControllerAnimated:YES completion:^() { 285 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Check for updates") message:LocalizeString(@"Failed to connect to Baw Repository File Share Service. Please try again.") preferredStyle:UIAlertControllerStyleAlert]; 286 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Cancel") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 287 | // [self presentViewController:alert animated:YES completion:nil]; 288 | // }]; 289 | // } else { 290 | // NSData *data = [NSData dataWithContentsOfFile:@"/var/mobile/Library/Preferences/ABPattern" options:0 error:nil]; 291 | // NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil]; 292 | // if([res isEqualToString:dic[@"version"]]) { 293 | // [alert dismissViewControllerAnimated:YES completion:^() { 294 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Download updates") message:[NSString stringWithFormat:LocalizeString(@"Already up to date. (%@)"), res] preferredStyle:UIAlertControllerStyleAlert]; 295 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Cancel") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 296 | // [self presentViewController:alert animated:YES completion:nil]; 297 | // }]; 298 | // return; 299 | // } 300 | 301 | // NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://i.repo.co.kr/file/A-Bypass/roleset/%@.json", res]]]; 302 | // [[defaultSession dataTaskWithRequest:request completionHandler:^(NSData *updateData, NSURLResponse *responseCode2, NSError *error2) { 303 | 304 | // if([(NSHTTPURLResponse *)responseCode2 statusCode] != 200 || error2 != nil) { 305 | 306 | // [alert dismissViewControllerAnimated:YES completion:^() { 307 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Download updates") message:[NSString stringWithFormat:LocalizeString(@"Failed to download update. Please try again. (%@)"), res] preferredStyle:UIAlertControllerStyleAlert]; 308 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Cancel") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 309 | // [self presentViewController:alert animated:YES completion:nil]; 310 | // }]; 311 | 312 | // } else { 313 | // NSError *errorr = nil; 314 | // [[[NSString alloc] initWithData:updateData encoding:NSUTF8StringEncoding] writeToFile:@"/var/mobile/Library/Preferences/ABPattern" atomically:YES encoding:NSUTF8StringEncoding error:&errorr]; 315 | 316 | // NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:updateData options:0 error:nil]; 317 | // [alert dismissViewControllerAnimated:YES completion:^() { 318 | // alert = [UIAlertController alertControllerWithTitle:LocalizeString(@"Check for updates") message:[NSString stringWithFormat:LocalizeString(@"A-Bypass engine ruleset has been updated. (%@)"), dic[@"version"]] preferredStyle:UIAlertControllerStyleAlert]; 319 | // [alert addAction:[UIAlertAction actionWithTitle:LocalizeString(@"Done") style:UIAlertActionStyleDefault handler:^(UIAlertAction * action) {}]]; 320 | // [self reloadSpecifiers]; 321 | // [self presentViewController:alert animated:YES completion:nil]; 322 | // }]; 323 | // } 324 | // }] resume]; 325 | // } 326 | // }] resume]; 327 | 328 | // }] resume]; 329 | 330 | } 331 | 332 | 333 | 334 | @end 335 | -------------------------------------------------------------------------------- /abypassprefs/AppList.h: -------------------------------------------------------------------------------- 1 | @interface LSApplicationProxy 2 | -(NSString *)bundleIdentifier; 3 | -(NSString *)localizedName; 4 | -(NSString *)applicationType; 5 | @end 6 | 7 | @interface LSApplicationWorkspace : NSObject 8 | +(id)defaultWorkspace; 9 | -(id)allInstalledApplications; 10 | - (void)enumerateApplicationsOfType:(NSUInteger)type block:(void (^)(LSApplicationProxy*))block; 11 | @end 12 | 13 | @interface UIImage (Icon) 14 | +(id)_applicationIconImageForBundleIdentifier:(id)arg1 format:(int)arg2 scale:(double)arg3; 15 | @end 16 | 17 | NSArray *getAllInstalledApplications(); -------------------------------------------------------------------------------- /abypassprefs/AppList.m: -------------------------------------------------------------------------------- 1 | #import "AppList.h" 2 | 3 | NSArray *getAllInstalledApplications() { 4 | LSApplicationWorkspace *workspace = [LSApplicationWorkspace defaultWorkspace]; 5 | if(![workspace respondsToSelector:@selector(enumerateApplicationsOfType:block:)]) return [workspace allInstalledApplications]; 6 | 7 | NSMutableArray* installedApplications = [NSMutableArray new]; 8 | [workspace enumerateApplicationsOfType:0 block:^(LSApplicationProxy* appProxy) { 9 | [installedApplications addObject:appProxy]; 10 | }]; 11 | [workspace enumerateApplicationsOfType:1 block:^(LSApplicationProxy* appProxy) { 12 | [installedApplications addObject:appProxy]; 13 | }]; 14 | return installedApplications; 15 | } -------------------------------------------------------------------------------- /abypassprefs/Makefile: -------------------------------------------------------------------------------- 1 | TARGET = iphone:12.2:12.2 2 | ARCHS = arm64 arm64e 3 | 4 | include $(THEOS)/makefiles/common.mk 5 | 6 | BUNDLE_NAME = ABypassPrefs 7 | ABypassPrefs_FILES = AppList.m ABPRootListController.m ABPAppDetailController.m ABPAppListController.m 8 | ABypassPrefs_INSTALL_PATH = /Library/PreferenceBundles 9 | ABypassPrefs_FRAMEWORKS = UIKit 10 | ABypassPrefs_PRIVATE_FRAMEWORKS = Preferences CoreServices 11 | ABypassPrefs_CFLAGS = -DVERSION="@\"$(THEOS_PACKAGE_BASE_VERSION)\"" 12 | 13 | include $(THEOS_MAKE_PATH)/bundle.mk 14 | 15 | internal-stage:: 16 | $(ECHO_NOTHING)mkdir -p $(THEOS_STAGING_DIR)/Library/PreferenceLoader/Preferences$(ECHO_END) 17 | $(ECHO_NOTHING)cp entry.plist $(THEOS_STAGING_DIR)/Library/PreferenceLoader/Preferences/ABypassPrefs.plist$(ECHO_END) 18 | -------------------------------------------------------------------------------- /abypassprefs/Resources/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | English 7 | CFBundleExecutable 8 | ABypassPrefs 9 | CFBundleIdentifier 10 | com.rpgfarm.abypassprefs 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundlePackageType 14 | BNDL 15 | CFBundleShortVersionString 16 | 1.0.0 17 | CFBundleSignature 18 | ???? 19 | CFBundleVersion 20 | 1.0 21 | NSPrincipalClass 22 | ABPRootListController 23 | 24 | 25 | -------------------------------------------------------------------------------- /abypassprefs/Resources/en.lproj/prefs.strings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Credits 6 | Credits 7 | 8 | Support A-Bypass 9 | Support A-Bypass 10 | 11 | Donate with PayPal 12 | Donate with PayPal 13 | 14 | Donate with KakaoPay 15 | Donate with KakaoPay 16 | 17 | Donate with Patreon 18 | Donate with Patreon 19 | 20 | A-Bypass Update 21 | A-Bypass Update 22 | 23 | Check for ruleset updates 24 | Check for ruleset updates 25 | 26 | A-Bypass Version 27 | A-Bypass Version 28 | 29 | Always use the latest version for the best experience. 30 | Always use the latest version for the best experience. 31 | 32 | Ruleset Version 33 | Ruleset Version 34 | 35 | Live Patch Version 36 | Live Patch Version 37 | 38 | The update server is not responding. Please try again later. 39 | The update server is not responding. Please try again later. 40 | 41 | Latest version of A-Bypass is available. Please update A-Bypass from Cydia or Sileo 42 | Latest version of A-Bypass is available. Please update A-Bypass from Cydia or Sileo 43 | 44 | Installed Applications 45 | Installed Applications 46 | 47 | Check for updates 48 | Check for updates 49 | 50 | Connect to Baw Repository File Share Service.. 51 | Connect to Baw Repository File Share Service.. 52 | 53 | Failed to connect to Baw Repository File Share Service. Please try again. 54 | Failed to connect to Baw Repository File Share Service. Please try again. 55 | 56 | Download updates 57 | Download updates 58 | 59 | Already up to date. (%@) 60 | Already up to date. (%@) 61 | 62 | Failed to download update. Please try again. (%@) 63 | Failed to download update. Please try again. (%@) 64 | 65 | A-Bypass engine ruleset has been updated. (%@) 66 | A-Bypass engine ruleset has been updated. (%@) 67 | 68 | Done 69 | Done 70 | 71 | Cancel 72 | Cancel 73 | 74 | Unsupported Device 75 | Unsupported Device 76 | 77 | Please use OdysseyRa1n instead of Checkra1n. Some features are disabled. 78 | Please use OdysseyRa1n instead of Checkra1n. Some features are disabled. 79 | 80 | ABPolicy Error 81 | ABPolicy Error 82 | 83 | ABPolicy is misconfigured. Some features are disabled. 84 | ABPolicy is misconfigured. Some features are disabled. 85 | 86 | Some settings of A-Bypass are controlled by other tweak. 87 | Some settings of A-Bypass are controlled by other tweak. 88 | 89 | Compatibility 90 | Compatibility 91 | 92 | A-Bypass works best with libhooker and does not require these options. Please consider switching to Odyssey/Chimera. These options are applied after respring. 93 | A-Bypass works best with libhooker and does not require these options. Please consider switching to Odyssey/Chimera. These options are applied after respring. 94 | 95 | Disable ABSubLoader 96 | Disable ABSubLoader 97 | 98 | ABSubLoader loads A-Bypass instead of Substitute 2.0 to fix A-Bypass not working in some applications. 99 | ABSubLoader loads A-Bypass instead of Substitute 2.0 to fix A-Bypass not working in some applications. 100 | 101 | Advanced Settings 102 | Advanced Settings 103 | 104 | You are in danger zone. 105 | You are in danger zone. 106 | 107 | The advanced setting of A-Bypass is very powerful, but dangerous. If you're not sure what you're doing, don't change anything. 108 | The advanced setting of A-Bypass is very powerful, but dangerous. If you're not sure what you're doing, don't change anything. 109 | 110 | A-Bypass Live Patch 111 | A-Bypass Live Patch 112 | 113 | If you stop A-Bypass Live Patch Auto Update, you will not be able to receive new updates. 114 | If you stop A-Bypass Live Patch Auto Update, you will not be able to receive new updates. 115 | 116 | Enable Live Patch Auto Update 117 | Enable Live Patch Auto Update 118 | 119 | Stop Live Patch Auto Update 120 | Stop Live Patch Auto Update 121 | 122 | You have successfully enabled A-Bypass Live Patch Auto Update. 123 | You have successfully enabled A-Bypass Live Patch Auto Update. 124 | 125 | You have successfully disabled A-Bypass Live Patch Auto Update. 126 | You have successfully disabled A-Bypass Live Patch Auto Update. 127 | 128 | -------------------------------------------------------------------------------- /abypassprefs/Resources/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/abypassprefs/Resources/icon.png -------------------------------------------------------------------------------- /abypassprefs/Resources/icon@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/abypassprefs/Resources/icon@2x.png -------------------------------------------------------------------------------- /abypassprefs/Resources/ko.lproj/prefs.strings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Credits 6 | 크레딧 7 | 8 | Support A-Bypass 9 | A-Bypass 지원하기 10 | 11 | Donate with PayPal 12 | PayPal로 후원하기 13 | 14 | Donate with KakaoPay 15 | KakaoPay로 후원하기 16 | 17 | Donate with Patreon 18 | Patreon으로 후원하기 19 | 20 | A-Bypass Update 21 | A-Bypass 업데이트 22 | 23 | Check for ruleset updates 24 | 룰셋 업데이트 확인 25 | 26 | A-Bypass Version 27 | A-Bypass 버전 28 | 29 | Always use the latest version for the best experience. 30 | 최고의 경험을 위하여 항상 최신 버전을 사용하세요. 31 | 32 | Ruleset Version 33 | 룰셋 버전 34 | 35 | Live Patch Version 36 | 실시간 패치 버전 37 | 38 | The update server is not responding. Please try again later. 39 | 업데이트 서버가 응답하지 않습니다. 잠시 후 다시 시도하세요. 40 | 41 | Latest version of A-Bypass is available. Please update A-Bypass from Cydia or Sileo 42 | 최신 버전의 A-Bypass를 사용할 수 있습니다. Cydia 또는 Sileo에서 A-Bypass를 업데이트해주세요. 43 | 44 | Installed Applications 45 | 설치된 애플리케이션 46 | 47 | Check for updates 48 | 업데이트 확인 49 | 50 | Connect to Baw Repository File Share Service.. 51 | Baw Repository 파일 공유 서비스에 연결하는 중입니다.. 52 | 53 | Failed to connect to Baw Repository File Share Service. Please try again. 54 | Baw Repository 파일 공유 서비스에 연결할 수 없습니다. 다시 시도해주세요. 55 | 56 | Download updates 57 | 업데이트 다운로드 58 | 59 | Already up to date. (%@) 60 | 이미 최신입니다. (%@) 61 | 62 | Failed to download update. Please try again. (%@) 63 | 업데이트를 다운로드할 수 없습니다. 다시 시도해주세요. (%@) 64 | 65 | A-Bypass engine ruleset has been updated. (%@) 66 | A-Bypass 엔진 룰셋이 업데이트되었습니다. (%@) 67 | 68 | Done 69 | 완료 70 | 71 | Cancel 72 | 취소 73 | 74 | Unsupported Device 75 | 지원되지 않는 기기 76 | 77 | Please use OdysseyRa1n instead of Checkra1n. Some features are disabled. 78 | Checkra1n 대신 OdysseyRa1n을 사용하세요. 일부 기능이 비활성화되었습니다. 79 | 80 | ABPolicy Error 81 | ABPolicy 오류 82 | 83 | ABPolicy is misconfigured. Some features are disabled. 84 | ABPolicy가 잘못 구성되었습니다. 일부 기능이 비활성화되었습니다. 85 | 86 | Some settings of A-Bypass are controlled by other tweak. 87 | A-Bypass의 일부 설정이 다른 트윅에 의하여 제어되고 있습니다. 88 | 89 | Compatibility 90 | 호환성 91 | 92 | A-Bypass works best with libhooker and does not require these options. Please consider switching to Odyssey/Chimera. These options are applied after respring. 93 | A-Bypass는 libhooker와 가장 잘 작동하며 이러한 옵션이 필요하지 않습니다. Odyssey/Chimera로 전환하는 것을 고려하세요. 이 옵션들은 리스프링 이후 적용됩니다. 94 | 95 | Disable ABSubLoader 96 | ABSubLoader 비활성화 97 | 98 | ABSubLoader loads A-Bypass instead of Substitute 2.0 to fix A-Bypass not working in some applications. 99 | ABSubLoader은 Substitute 2.0 업데이트로 인하여 일부 애플리케이션이 우회되지 않는 문제를 해결합니다. 100 | 101 | Advanced Settings 102 | 고급 설정 103 | 104 | You are in danger zone. 105 | 위험 구역에 진입했습니다. 106 | 107 | The advanced setting of A-Bypass is very powerful, but dangerous. If you're not sure what you're doing, don't change anything. 108 | A-Bypass의 고급 설정은 강력하지만, 위험합니다. 무엇을 하고 있는지 알지 못한다면, 아무것도 변경하지 마세요. 109 | 110 | A-Bypass Live Patch 111 | A-Bypass 실시간 패치 112 | 113 | If you stop A-Bypass Live Patch Auto Update, you will not be able to receive new updates. 114 | A-Bypass 실시간 패치 자동 업데이트를 중단하면, 새 업데이트를 받지 못하게 됩니다. 115 | 116 | Enable Live Patch Auto Update 117 | 실시간 패치 자동 업데이트 활성화 118 | 119 | Stop Live Patch Auto Update 120 | 실시간 패치 자동 업데이트 중단 121 | 122 | You have successfully enabled A-Bypass Live Patch Auto Update. 123 | 성공적으로 A-Bypass 실시간 패치 자동 업데이트를 활성화했습니다. 124 | 125 | You have successfully disabled A-Bypass Live Patch Auto Update. 126 | 성공적으로 A-Bypass 실시간 패치 자동 업데이트를 비활성화했습니다. 127 | 128 | -------------------------------------------------------------------------------- /abypassprefs/entry.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | entry 6 | 7 | bundle 8 | ABypassPrefs 9 | cell 10 | PSLinkCell 11 | detail 12 | ABPRootListController 13 | icon 14 | icon.png 15 | isController 16 | 17 | label 18 | A-Bypass 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /afterProcess.sh: -------------------------------------------------------------------------------- 1 | #/bin/sh 2 | 3 | echo !!!! ----------------------------------------------------------- !!!! 4 | echo !!!! YOU MUST RESPRING YOUR DEVICE !!!! 5 | echo !!!! ----------------------------------------------------------- !!!! 6 | mkdir ./.theos/_/Library/BawAppie/ 7 | mkdir ./.theos/_/Library/BawAppie/ABypass 8 | mv ./.theos/_/Library/MobileSubstrate/DynamicLibraries/ABypassLoader.dylib ./.theos/_/Library/BawAppie/ABypass/ABLicense 9 | rm ./.theos/_/Library/MobileSubstrate/DynamicLibraries/ABypassLoader.plist -------------------------------------------------------------------------------- /control: -------------------------------------------------------------------------------- 1 | Package: com.rpgfarm.a-bypass 2 | Name: A-Bypass 3 | Depends: mobilesubstrate, com.muirey03.libmryipc, com.rpgfarm.libaptoast, preferenceloader 4 | Version: 1.5.8 5 | Architecture: iphoneos-arm 6 | Description: Super Jailbreak detection bypass! 7 | Maintainer: Baw Appie 8 | Author: Baw Appie 9 | Section: Tweaks 10 | -------------------------------------------------------------------------------- /ent.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | platform-application 6 | 7 | get-task-allow 8 | 9 | com.apple.system-task-ports 10 | 11 | task_for_pid-allow 12 | 13 | run-unsigned-code 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /header.h: -------------------------------------------------------------------------------- 1 | @interface SBApplication 2 | -(NSString *)bundleIdentifier; 3 | @end 4 | 5 | @interface FBProcessState 6 | @property (assign,nonatomic) int pid; 7 | @property (assign,nonatomic) long long taskState; 8 | @property (assign,nonatomic) long long visibility; 9 | @end 10 | 11 | @interface FBProcess 12 | @property (nonatomic,copy,readonly) NSString * bundleIdentifier; 13 | @end 14 | 15 | @interface RBSProcessIdentity : NSObject 16 | @property(readonly, copy, nonatomic) NSString *embeddedApplicationIdentifier; 17 | @end 18 | 19 | @interface FBProcessExecutionContext : NSObject 20 | @property (nonatomic,copy) NSDictionary* environment; 21 | @property (nonatomic,copy) RBSProcessIdentity* identity; 22 | @end 23 | @interface FBApplicationProcess : NSObject 24 | @property (nonatomic,copy,readonly) FBProcessExecutionContext * executionContext; 25 | @end 26 | 27 | 28 | @interface BBAction : NSObject 29 | 30 | +(id)actionWithLaunchURL:(id)arg1 callblock:(/*^block*/id)arg2 ; 31 | +(id)actionWithLaunchBundleID:(id)arg1 callblock:(/*^block*/id)arg2 ; 32 | +(id)actionWithCallblock:(/*^block*/id)arg1 ; 33 | +(id)actionWithAppearance:(id)arg1 ; 34 | +(id)actionWithLaunchURL:(id)arg1 ; 35 | +(id)actionWithActivatePluginName:(id)arg1 activationContext:(id)arg2 ; 36 | +(id)actionWithIdentifier:(id)arg1 ; 37 | +(id)actionWithIdentifier:(id)arg1 title:(id)arg2 ; 38 | +(id)actionWithLaunchBundleID:(id)arg1 ; 39 | @end 40 | 41 | @interface BBBulletin : NSObject 42 | 43 | @property (nonatomic,readonly) NSString * sectionDisplayName; 44 | @property (nonatomic,readonly) BOOL sectionDisplaysCriticalBulletins; 45 | @property (nonatomic,readonly) BOOL showsSubtitle; 46 | @property (nonatomic,readonly) unsigned long long messageNumberOfLines; 47 | @property (nonatomic,readonly) BOOL usesVariableLayout; 48 | @property (nonatomic,readonly) BOOL orderSectionUsingRecencyDate; 49 | @property (nonatomic,readonly) BOOL showsDateInFloatingLockScreenAlert; 50 | @property (nonatomic,readonly) NSString * subtypeSummaryFormat; 51 | @property (nonatomic,readonly) NSString * hiddenPreviewsBodyPlaceholder; 52 | @property (nonatomic,readonly) NSString * missedBannerDescriptionFormat; 53 | @property (nonatomic,readonly) NSString * fullUnlockActionLabel; 54 | @property (nonatomic,readonly) NSString * unlockActionLabel; 55 | @property (nonatomic,readonly) NSSet * alertSuppressionAppIDs; 56 | @property (nonatomic,readonly) BOOL suppressesAlertsWhenAppIsActive; 57 | @property (nonatomic,readonly) BOOL coalescesWhenLocked; 58 | @property (nonatomic,readonly) unsigned long long realertCount; 59 | @property (nonatomic,readonly) BOOL inertWhenLocked; 60 | @property (nonatomic,readonly) BOOL preservesUnlockActionCase; 61 | @property (nonatomic,readonly) BOOL visuallyIndicatesWhenDateIsInFuture; 62 | @property (nonatomic,readonly) NSString * fullAlternateActionLabel; 63 | @property (nonatomic,readonly) NSString * alternateActionLabel; 64 | @property (nonatomic,readonly) BOOL canBeSilencedByMenuButtonPress; 65 | @property (nonatomic,readonly) BOOL preventLock; 66 | @property (nonatomic,readonly) BOOL suppressesTitle; 67 | @property (nonatomic,readonly) BOOL showsUnreadIndicatorForNoticesFeed; 68 | @property (nonatomic,readonly) BOOL showsContactPhoto; 69 | @property (nonatomic,readonly) BOOL playsSoundForModify; 70 | @property (nonatomic,readonly) BOOL allowsAutomaticRemovalFromLockScreen; 71 | @property (nonatomic,readonly) BOOL allowsAddingToLockScreenWhenUnlocked; 72 | @property (nonatomic,readonly) BOOL prioritizeAtTopOfLockScreen; 73 | @property (nonatomic,readonly) BOOL preemptsPresentedAlert; 74 | @property (nonatomic,readonly) BOOL revealsAdditionalContentOnPresentation; 75 | @property (nonatomic,readonly) BOOL shouldDismissBulletinWhenClosed; 76 | @property (nonatomic,readonly) unsigned long long subtypePriority; 77 | @property (nonatomic,readonly) long long iPodOutAlertType; 78 | @property (nonatomic,readonly) NSString * bannerAccessoryRemoteViewControllerClassName; 79 | @property (nonatomic,readonly) NSString * bannerAccessoryRemoteServiceBundleIdentifier; 80 | @property (nonatomic,readonly) NSString * secondaryContentRemoteViewControllerClassName; 81 | @property (nonatomic,readonly) NSString * secondaryContentRemoteServiceBundleIdentifier; 82 | @property (nonatomic,readonly) unsigned long long privacySettings; 83 | @property (nonatomic,readonly) BOOL suppressesMessageForPrivacy; 84 | @property (nonatomic) BOOL showsMessagePreview; 85 | @property (nonatomic,readonly) NSString * topic; 86 | @property (nonatomic,copy) NSString * section; 87 | @property (nonatomic,copy) NSString * sectionID; //@synthesize sectionID=_sectionID - In the implementation block 88 | @property (nonatomic,copy) NSSet * subsectionIDs; //@synthesize subsectionIDs=_subsectionIDs - In the implementation block 89 | @property (nonatomic,copy) NSString * recordID; //@synthesize publisherRecordID=_publisherRecordID - In the implementation block 90 | @property (nonatomic,copy) NSString * publisherBulletinID; //@synthesize publisherBulletinID=_publisherBulletinID - In the implementation block 91 | @property (nonatomic,copy) NSString * dismissalID; //@synthesize dismissalID=_dismissalID - In the implementation block 92 | @property (nonatomic,copy) NSString * categoryID; //@synthesize categoryID=_categoryID - In the implementation block 93 | @property (nonatomic,copy) NSString * threadID; //@synthesize threadID=_threadID - In the implementation block 94 | @property (nonatomic,copy) NSArray * peopleIDs; //@synthesize peopleIDs=_peopleIDs - In the implementation block 95 | @property (assign,nonatomic) long long addressBookRecordID; //@synthesize addressBookRecordID=_addressBookRecordID - In the implementation block 96 | @property (assign,nonatomic) long long sectionSubtype; //@synthesize sectionSubtype=_sectionSubtype - In the implementation block 97 | @property (nonatomic,copy) NSArray * intentIDs; //@synthesize intentIDs=_intentIDs - In the implementation block 98 | @property (assign,nonatomic) unsigned long long counter; //@synthesize counter=_counter - In the implementation block 99 | @property (nonatomic,copy) NSString * header; //@synthesize header=_header - In the implementation block 100 | @property (nonatomic,copy) NSString * title; 101 | @property (nonatomic,copy) NSString * subtitle; 102 | @property (nonatomic,copy) NSString * message; 103 | @property (nonatomic,copy) NSString * summaryArgument; //@synthesize summaryArgument=_summaryArgument - In the implementation block 104 | @property (assign,nonatomic) unsigned long long summaryArgumentCount; //@synthesize summaryArgumentCount=_summaryArgumentCount - In the implementation block 105 | @property (assign,nonatomic) BOOL hasCriticalIcon; //@synthesize hasCriticalIcon=_hasCriticalIcon - In the implementation block 106 | @property (assign,nonatomic) BOOL hasEventDate; //@synthesize hasEventDate=_hasEventDate - In the implementation block 107 | @property (nonatomic,retain) NSDate * date; //@synthesize date=_date - In the implementation block 108 | @property (nonatomic,retain) NSDate * endDate; //@synthesize endDate=_endDate - In the implementation block 109 | @property (nonatomic,retain) NSDate * recencyDate; //@synthesize recencyDate=_recencyDate - In the implementation block 110 | @property (assign,nonatomic) long long dateFormatStyle; //@synthesize dateFormatStyle=_dateFormatStyle - In the implementation block 111 | @property (assign,nonatomic) BOOL dateIsAllDay; //@synthesize dateIsAllDay=_dateIsAllDay - In the implementation block 112 | @property (nonatomic,retain) NSTimeZone * timeZone; //@synthesize timeZone=_timeZone - In the implementation block 113 | @property (assign,nonatomic) BOOL clearable; //@synthesize clearable=_clearable - In the implementation block 114 | @property (assign,nonatomic) BOOL turnsOnDisplay; //@synthesize turnsOnDisplay=_turnsOnDisplay - In the implementation block 115 | @property (nonatomic,copy) NSArray * additionalAttachments; //@synthesize additionalAttachments=_additionalAttachments - In the implementation block 116 | @property (assign,nonatomic) BOOL wantsFullscreenPresentation; //@synthesize wantsFullscreenPresentation=_wantsFullscreenPresentation - In the implementation block 117 | @property (assign,nonatomic) BOOL ignoresQuietMode; //@synthesize ignoresQuietMode=_ignoresQuietMode - In the implementation block 118 | @property (assign,nonatomic) BOOL ignoresDowntime; //@synthesize ignoresDowntime=_ignoresDowntime - In the implementation block 119 | @property (nonatomic,copy) NSString * unlockActionLabelOverride; //@synthesize unlockActionLabelOverride=_unlockActionLabelOverride - In the implementation block 120 | @property (nonatomic,copy) BBAction * defaultAction; 121 | @property (nonatomic,copy) BBAction * alternateAction; 122 | @property (nonatomic,copy) BBAction * acknowledgeAction; 123 | @property (nonatomic,copy) BBAction * snoozeAction; 124 | @property (nonatomic,copy) BBAction * raiseAction; 125 | @property (nonatomic,copy) NSArray * buttons; //@synthesize buttons=_buttons - In the implementation block 126 | @property (nonatomic,retain) NSMutableDictionary * actions; //@synthesize actions=_actions - In the implementation block 127 | @property (nonatomic,retain) NSMutableDictionary * supplementaryActionsByLayout; //@synthesize supplementaryActionsByLayout=_supplementaryActionsByLayout - In the implementation block 128 | @property (nonatomic,copy) NSSet * alertSuppressionContexts; //@synthesize alertSuppressionContexts=_alertSuppressionContexts - In the implementation block 129 | @property (assign,nonatomic) BOOL expiresOnPublisherDeath; //@synthesize expiresOnPublisherDeath=_expiresOnPublisherDeath - In the implementation block 130 | @property (nonatomic,retain) NSDictionary * context; //@synthesize context=_context - In the implementation block 131 | @property (assign,nonatomic) BOOL usesExternalSync; //@synthesize usesExternalSync=_usesExternalSync - In the implementation block 132 | @property (nonatomic,copy) NSString * bulletinID; //@synthesize bulletinID=_bulletinID - In the implementation block 133 | @property (nonatomic,retain) NSDate * lastInterruptDate; //@synthesize lastInterruptDate=_lastInterruptDate - In the implementation block 134 | @property (nonatomic,retain) NSDate * publicationDate; //@synthesize publicationDate=_publicationDate - In the implementation block 135 | @property (nonatomic,copy) NSString * bulletinVersionID; //@synthesize bulletinVersionID=_bulletinVersionID - In the implementation block 136 | @property (nonatomic,retain) NSDate * expirationDate; //@synthesize expirationDate=_expirationDate - In the implementation block 137 | @property (assign,nonatomic) unsigned long long expirationEvents; //@synthesize expirationEvents=_expirationEvents - In the implementation block 138 | @property (nonatomic,copy) BBAction * expireAction; 139 | @property (assign,nonatomic) unsigned long long realertCount_deprecated; 140 | @property (nonatomic,copy) NSSet * alertSuppressionAppIDs_deprecated; 141 | @property (nonatomic,copy) NSString * parentSectionID; //@synthesize parentSectionID=_parentSectionID - In the implementation block 142 | @property (nonatomic,copy) NSString * universalSectionID; //@synthesize universalSectionID=_universalSectionID - In the implementation block 143 | @property (assign,nonatomic) BOOL hasPrivateContent; 144 | @property (assign,nonatomic) long long contentPreviewSetting; //@synthesize contentPreviewSetting=_contentPreviewSetting - In the implementation block 145 | @property (assign,nonatomic) BOOL preventAutomaticRemovalFromLockScreen; //@synthesize preventAutomaticRemovalFromLockScreen=_preventAutomaticRemovalFromLockScreen - In the implementation block 146 | @property (assign,nonatomic) long long lockScreenPriority; //@synthesize lockScreenPriority=_lockScreenPriority - In the implementation block 147 | @property (assign,nonatomic) long long backgroundStyle; //@synthesize backgroundStyle=_backgroundStyle - In the implementation block 148 | @property (nonatomic,copy,readonly) NSString * publisherMatchID; 149 | 150 | @end 151 | 152 | @interface BBServer : NSObject 153 | -(id)_sectionInfoForSectionID:(NSString *)arg1 effective:(BOOL)arg2 ; 154 | -(void)publishBulletin:(BBBulletin *)arg1 destinations:(NSUInteger)arg2 alwaysToLockScreen:(BOOL)arg3 ; 155 | -(void)publishBulletin:(id)arg1 destinations:(unsigned long long)arg2 ; 156 | -(id)initWithQueue:(id)arg1 ; 157 | -(id)initWithQueue:(id)arg1 dataProviderManager:(id)arg2 syncService:(id)arg3 dismissalSyncCache:(id)arg4 observerListener:(id)arg5 utilitiesListener:(id)arg6 conduitListener:(id)arg7 systemStateListener:(id)arg8 settingsListener:(id)arg9 ; 158 | 159 | @end -------------------------------------------------------------------------------- /layout/DEBIAN/postinst: -------------------------------------------------------------------------------- 1 | chmod 777 /Library/BawAppie/ABypass -------------------------------------------------------------------------------- /layout/Library/BawAppie/ABypass/Dependency.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/layout/Library/BawAppie/ABypass/Dependency.dylib -------------------------------------------------------------------------------- /layout/Library/BawAppie/ABypass/NoPerm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/layout/Library/BawAppie/ABypass/NoPerm -------------------------------------------------------------------------------- /layout/var/mobile/Library/Preferences/ABPattern: -------------------------------------------------------------------------------- 1 | { "data": [ "/var/lib", "/bin", "/Applications", "/Library/dpkg", "/etc/alternatives", "/etc/dpkg", "/etc/profile", "/etc/apt", "/etc/ssh", "/var/log", "/usr/include", "/usr/lib", "/usr/sbin", "/etc/pam", "/boot", "/jb", "/var/mobileLibrary", "/tmp/cydia", "/var/cache/apt", "/var/stash", "//", "/test", "/Library/TweakInject", "/User/Documents/Flex", "./Applications", "/Library/Frameworks/CydiaSubstrate.framework", "/tmp/Contain", "/.", "/System/Library/PreferenceBundles/AppList.bundle", "/Library/MobileSubstrate", "/usr/bin/cycript", "/usr/bin/sshd", "/usr/bin/class-dump", "/usr/bin/gdb", "/var/mobile/Library/SBSettings", "/Library/Themes", "/Library/PreferenceBundles", "/Library/LaunchDaemons/", "/tmp/slide.txt", "/(null)/Cydia.app", "/etc/master.passwd", "/usr/bin/killall", "/usr/bin/passwd", "/usr/bin/diff", "/usr/bin/tar", "/usr/bin/hostinfo", "/usr/bin/which", "/usr/share/terminfo", "/var/mobile/Library/Caches/com.saurik.Cydia", "/var/mobile/Library/Cydia", "/var/root/media/cydia", "/var/log/syslog", "/etc/rc.d/substrate", "/var/db/stash", "/usr/bin/ssh", "/pangueaxe", "/Library/Ringtones", "/Library/Wallpaper", "/usr/arm-apple-darwin9", "/var/tmp/cydia.log", "/var/mobile/Library/Logs", "/var/mobile/Library/Flex3", "/var/containers/Bundle/tweaksupport", "/var/containers/Bundle/iosbinpack64", "/var/binpack", "/var/libexec", "/var/mobile/Library/Caches/Snapshots/org.coolstar.SileoStore", "/var/mobile/Library/Preferences/org.coolstar.SileoStore.plist", "/var/mobile/Library/Preferences/xyz.willy.Zebra.plist", "/var/checkra1n", "/Library/Application Support/Flex", "/var/mobile/Library/Preferences/com.johncoates.Flex.plist", "/var/mobile/Library/Preferences/com.saurik.Cydia.plist", "/var/mobile/Documents/Flex", "/var/mobile/Library/Application Support/Flex3", "/var/mobile/Library/ConfigurationProfiles/PublicInfo/Flex3Patches.plist", "/usr/share/bigboss", "/System/Library/LaunchDaemons", "/var/mobile/Library/Preferences/jp.akusio.kernbypass.plist", "/sbin/launchd", "/chimera", "/dev/null", "/Library/SnowBoard/Extensions", "/User/Applications/", "/var/mobile/Applications", "/var/mobile/Library/UserConfigurationProfiles/PublicInfo/Flex3Patches.plist", "/var/mobile/Library/Preferences/kr.xsf1re.flyjb.plist", "/var/mobile/Library/Caches/com.apple.mobile.installation.plist", "/electra" ], "disableIdentifiers": ["com.lguplus.auth.ios", "com.kbcard.kat.liivmate", "com.kbstar.liivbank", "com.jawebs.baedal"], "subloader": [], "vnodeBypassIdentifiers": ["com.percent.royaldice", "kr.co.coinone.officialapp", "co.whatssub.application", "com.teamblind.blind", "finance.chai.app", "com.nianticlabs.pokemongo"], "vnodeHidePath": ["/.bootstrapped_electra","/Applications/Anemone.app","/Applications/Cydia.app","/Applications/SafeMode.app","/Applications/Sileo.app","/Applications/Zebra.app","/bin","/binpack","/bootstrap","/chimera","/electra","/etc/apt","/etc/profile","/jb","/Library/dpkg/info","/Library/Frameworks/CydiaSubstrate.framework","/Library/MobileSubstrate/MobileSubstrate.dylib","/Library/PreferenceLoader/Preferences/LaunchInSafeMode.plist","/Library/Themes","/var/binpack","/var/checkra1n.dmg","/var/lib/apt","/usr/bin/diff","/usr/bin/hostinfo","/usr/bin/killall","/usr/bin/passwd","/usr/bin/recache","/usr/bin/tar","/usr/bin/which","/usr/bin/xargs","/usr/bin/ssh","/usr/lib/libjailbreak.dylib","/usr/lib/libsubstitute.0.dylib","/usr/lib/libsubstitute.dylib","/usr/lib/libsubstrate.dylib","/usr/lib/substitute-loader.dylib","/usr/lib/SBInject","/usr/lib/SBInject.dylib","/usr/lib/TweakInject","/usr/lib/TweakInject.dylib","/usr/lib/TweakInjectMapsCheck.dylib","/usr/libexec/sftp-server","/usr/sbin/sshd","/usr/share/terminfo","/var/mobile/Library/.sbinjectSafeMode","/var/mobile/fakevar","/var/MobileSoftwareUpdate/mnt1/fakevar","/var/mobile/Library/Preferences/jp.akusio.kernbypass.plist","/var/mobile/Library/Preferences/jp.akusio.kernbypass-unofficial.plist","/var/mobile/Library/Preferences/jp.akusio.kernbypass2.plist","/var/mobile/Library/Preferences/ABPattern","/var/mobile/Library/Preferences/org.coolstar.SileoStore.plist","/var/mobile/Library/Preferences/kr.xsf1re.flyjb.plist","/var/mobile/Library/Preferences/me.jjolano.alertdismiss.plist","/var/mobile/Library/Preferences/kr.xsf1re.flyjb_optimize.plist","/Library/Frameworks/Cephei.framework/Cephei","/Library/MobileSubstrate/DynamicLibraries","/usr/lib/libhooker.dylib","/usr/lib/libblackjack.dylib","/usr/lib/ABSubLoader.dylib","/Library/PreferenceLoader/Preferences/ABypassPrefs.plist","/Library/BawAppie/ABypass","/usr/lib/CepheiUI.framework","/usr/libexec/ssh-keysign","/var/lib/apt","/Library/PreferenceBundles","/etc/ssh/sshd_config","/var/stash","/var/log/syslog","/var/mobile/Applications","/var/lib/cydia","/usr/libexec/cydia","/etc/profile.d/terminal.sh","/etc/pam.d","/usr/bin/cycript","/usr/lib/libcycript-sim.dylib","/usr/lib/libcycript.dylib","/Applications/Flex.app","/var/mobile/Library/Flex3","/usr/lib/log/"], "version": "2.0-20211210" } 2 | -------------------------------------------------------------------------------- /signcert.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Baw-Appie/A-Bypass/97831a597c09083a43f46aeacb134837ca4fce54/signcert.p12 --------------------------------------------------------------------------------