├── .gitignore ├── CMakeLists.txt ├── Docs ├── Doxyfile ├── html │ ├── bc_s.png │ ├── bc_sd.png │ ├── bdwn.png │ ├── closed.png │ ├── dir_050dbe9f83839be7359d3d2e52808557.html │ ├── dir_52bed8acfaac088d5968cb2c84d7645d.html │ ├── dir_965eb9d2edb8cb4296864e8d82ed0861.html │ ├── dir_d69fddb65e10ed1e1aad5b4f2a8c0135.html │ ├── doc.png │ ├── docd.png │ ├── doxygen.css │ ├── doxygen.svg │ ├── dynsections.js │ ├── files.html │ ├── folderclosed.png │ ├── folderopen.png │ ├── globals.html │ ├── globals_func.html │ ├── index.html │ ├── jquery.js │ ├── kernel_8c.html │ ├── kpf_8c.html │ ├── logger_8c.html │ ├── menu.js │ ├── menudata.js │ ├── nav_f.png │ ├── nav_fd.png │ ├── nav_g.png │ ├── nav_h.png │ ├── nav_hd.png │ ├── nvram_8c.html │ ├── offsets_8c.html │ ├── open.png │ ├── osobject_8c.html │ ├── registry_8c.html │ ├── search │ │ ├── all_0.js │ │ ├── all_1.js │ │ ├── all_2.js │ │ ├── all_3.js │ │ ├── all_4.js │ │ ├── all_5.js │ │ ├── all_6.js │ │ ├── all_7.js │ │ ├── all_8.js │ │ ├── all_9.js │ │ ├── all_a.js │ │ ├── all_b.js │ │ ├── all_c.js │ │ ├── all_d.js │ │ ├── all_e.js │ │ ├── close.svg │ │ ├── files_0.js │ │ ├── files_1.js │ │ ├── files_2.js │ │ ├── files_3.js │ │ ├── files_4.js │ │ ├── files_5.js │ │ ├── files_6.js │ │ ├── functions_0.js │ │ ├── functions_1.js │ │ ├── functions_2.js │ │ ├── functions_3.js │ │ ├── functions_4.js │ │ ├── functions_5.js │ │ ├── functions_6.js │ │ ├── functions_7.js │ │ ├── functions_8.js │ │ ├── functions_9.js │ │ ├── functions_a.js │ │ ├── functions_b.js │ │ ├── mag.svg │ │ ├── mag_d.svg │ │ ├── mag_sel.svg │ │ ├── mag_seld.svg │ │ ├── search.css │ │ ├── search.js │ │ └── searchdata.js │ ├── services_8c.html │ ├── slide_8c.html │ ├── splitbar.png │ ├── splitbard.png │ ├── sync_off.png │ ├── sync_on.png │ ├── tab_a.png │ ├── tab_ad.png │ ├── tab_b.png │ ├── tab_bd.png │ ├── tab_h.png │ ├── tab_hd.png │ ├── tab_s.png │ ├── tab_sd.png │ ├── tabs.css │ └── x8_a4_8c.html └── latex │ ├── Makefile │ ├── doxygen.sty │ ├── files.tex │ ├── kernel_8c.tex │ ├── kpf_8c.tex │ ├── logger_8c.tex │ ├── longtable_doxygen.sty │ ├── nvram_8c.tex │ ├── offsets_8c.tex │ ├── osobject_8c.tex │ ├── refman.tex │ ├── registry_8c.tex │ ├── services_8c.tex │ ├── slide_8c.tex │ ├── tabu_doxygen.sty │ └── x8_a4_8c.tex ├── Include ├── XPF │ ├── bad_recovery.h │ ├── common.h │ ├── decompress.h │ ├── non_ppl.h │ ├── ppl.h │ └── xpf.h ├── choma │ ├── Base64.h │ ├── BufferedStream.h │ ├── CSBlob.h │ ├── CachePatching.h │ ├── CodeDirectory.h │ ├── DER.h │ ├── DyldSharedCache.h │ ├── Entitlements.h │ ├── Fat.h │ ├── FileStream.h │ ├── Host.h │ ├── MachO.h │ ├── MachOByteOrder.h │ ├── MachOLoadCommand.h │ ├── MemoryStream.h │ ├── PatchFinder.h │ ├── PatchFinder_arm64.h │ ├── Util.h │ ├── arm64.h │ ├── dyld_cache_format.h │ └── fixup-chains.h ├── launch.h ├── libkrw.h ├── libkrw_plugin.h ├── x8A4 │ ├── Kernel │ │ ├── kernel.h │ │ ├── kpf.h │ │ ├── nvram.h │ │ ├── offsets.h │ │ ├── osobject.h │ │ └── slide.h │ ├── Logger │ │ └── logger.h │ ├── Registry │ │ └── registry.h │ ├── Services │ │ └── services.h │ └── x8A4.h └── xpc │ ├── activity.h │ ├── availability.h │ ├── base.h │ ├── connection.h │ ├── debug.h │ ├── endpoint.h │ ├── module.modulemap │ ├── private.h │ ├── rich_error.h │ ├── session.h │ └── xpc.h ├── Kernel ├── kernel.c ├── kpf.c ├── nvram.c ├── offsets.c ├── osobject.c └── slide.c ├── LICENSE.md ├── Lib ├── libchoma.a ├── libkrw.tbd └── libxpf.a ├── Logger └── logger.c ├── README.md ├── Registry └── registry.c ├── Resources ├── x8A4_1.png ├── x8A4_2.png └── x8A4_3.png ├── Services └── services.c ├── tfp0.plist ├── x8A4.c └── x8A4_CLI.c /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | *.tar 3 | *.dylib 4 | *.bin 5 | cmake-build-*/ 6 | .DS_Store -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.27) 2 | project(x8A4 C) 3 | 4 | set(CMAKE_C_STANDARD 17) 5 | string(COMPARE EQUAL "${CMAKE_OSX_ARCHITECTURES}" "" arch_not_set) 6 | if(NOT DEFINED CMAKE_OSX_ARCHITECTURES OR arch_not_set) 7 | set(CMAKE_OSX_ARCHITECTURES arm64 arm64e) 8 | endif() 9 | set(CMAKE_OSX_DEPLOYMENT_TARGET "") 10 | 11 | find_program(LDID ldid2) 12 | if(NOT LDID) 13 | find_program(LDID ldid) 14 | if(NOT LDID) 15 | message(FATAL_ERROR "Please install Procursus ldid before building! (https://github.com/ProcursusTeam/ldid)") 16 | endif() 17 | endif() 18 | 19 | find_program(XCRUN xcrun) 20 | if(XCRUN) 21 | execute_process(COMMAND ${XCRUN} --sdk iphoneos --show-sdk-path 22 | OUTPUT_VARIABLE CMAKE_OSX_SYSROOT 23 | ERROR_QUIET 24 | OUTPUT_STRIP_TRAILING_WHITESPACE) 25 | endif() 26 | 27 | find_program(GIT git) 28 | if(GIT) 29 | if(NOT DEFINED VERSION_COMMIT_COUNT) 30 | execute_process(COMMAND ${GIT} rev-list --count HEAD WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" OUTPUT_VARIABLE VERSION_COMMIT_COUNT ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE) 31 | endif() 32 | if(NOT DEFINED VERSION_COMMIT_SHA) 33 | execute_process(COMMAND ${GIT} rev-parse HEAD WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" OUTPUT_VARIABLE VERSION_COMMIT_SHA ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE) 34 | endif() 35 | else() 36 | set(VERSION_COMMIT_COUNT "0") 37 | set(VERSION_COMMIT_SHA "unknown") 38 | endif() 39 | 40 | add_library(x8A4 STATIC SHARED x8A4.c 41 | Logger/logger.c 42 | Include/x8A4/Logger/logger.h 43 | Kernel/slide.c 44 | Include/x8A4/Kernel/slide.h 45 | Services/services.c 46 | Include/x8A4/Services/services.h 47 | Registry/registry.c 48 | Include/x8A4/Registry/registry.h 49 | Kernel/kernel.c 50 | Include/x8A4/Kernel/kernel.h 51 | Kernel/offsets.c 52 | Include/x8A4/Kernel/offsets.h 53 | Kernel/kpf.c 54 | Include/x8A4/Kernel/kpf.h 55 | Kernel/osobject.c 56 | Include/x8A4/Kernel/osobject.h 57 | Kernel/nvram.c 58 | Include/x8A4/Kernel/nvram.h) 59 | 60 | target_include_directories(x8A4 PRIVATE 61 | "${CMAKE_SOURCE_DIR}/Include/choma" 62 | "${CMAKE_SOURCE_DIR}/Include") 63 | 64 | set(RPATH "/var/jb/usr/lib") 65 | set(RPATH2 "/usr/lib") 66 | set_target_properties(x8A4 67 | PROPERTIES 68 | # LINK_FLAGS "-Wl,-rpath,${RPATH} -Wl,-rpath,${RPATH2} -L/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin/ -lclang_rt.asan_abi_ios -lclang_rt.asan_ios_dynamic") 69 | LINK_FLAGS "-Wl,-rpath,${RPATH} -Wl,-rpath,${RPATH2} ") 70 | set_target_properties(x8A4 71 | PROPERTIES 72 | # COMPILE_FLAGS "-Wall -Werror -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 73 | COMPILE_FLAGS "-Wall -Werror") 74 | 75 | set(SOVERSION 1) 76 | set_target_properties(x8A4 PROPERTIES SOVERSION ${SOVERSION}) 77 | 78 | 79 | target_link_directories(x8A4 PRIVATE 80 | "${CMAKE_SOURCE_DIR}/Lib") 81 | 82 | target_link_libraries(x8A4 83 | "-framework CoreFoundation" 84 | "-framework IOKit" 85 | krw 86 | compression 87 | choma 88 | XPF) 89 | 90 | add_executable(x8A4_CLI x8A4_CLI.c) 91 | 92 | add_definitions( 93 | -DVERSION_COMMIT_COUNT="${VERSION_COMMIT_COUNT}" 94 | -DVERSION_COMMIT_SHA="${VERSION_COMMIT_SHA}" 95 | -DSOVERSION=${SOVERSION} 96 | ) 97 | if(DEFINED RELEASE) 98 | add_definitions(-DRELEASE="1") 99 | endif() 100 | 101 | target_include_directories(x8A4_CLI PRIVATE "${CMAKE_SOURCE_DIR}/Include") 102 | 103 | set(RPATH "/var/jb/usr/lib") 104 | set(RPATH2 "/usr/lib") 105 | set_target_properties(x8A4_CLI 106 | PROPERTIES 107 | # LINK_FLAGS "-Wl,-rpath,${RPATH} -Wl,-rpath,${RPATH2} -L/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/15.0.0/lib/darwin -lclang_rt.asan_abi_ios -lclang_rt.asan_ios_dynamic") 108 | LINK_FLAGS "-Wl,-rpath,${RPATH} -Wl,-rpath,${RPATH2}") 109 | set_target_properties(x8A4_CLI 110 | PROPERTIES 111 | # COMPILE_FLAGS "-Wall -Werror -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 112 | COMPILE_FLAGS "-Wall -Werror") 113 | 114 | 115 | target_link_directories(x8A4_CLI PRIVATE 116 | "${CMAKE_SOURCE_DIR}/Lib") 117 | 118 | target_link_libraries(x8A4_CLI 119 | "x8A4") 120 | 121 | add_custom_command(TARGET x8A4 POST_BUILD 122 | COMMAND ${LDID} -S -Hsha256 -Cadhoc ${CMAKE_CURRENT_BINARY_DIR}/libx8A4.${SOVERSION}.dylib 123 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 124 | COMMENT "Signing libx8A4.${SOVERSION}.dylib..." 125 | ) 126 | 127 | add_custom_command(TARGET x8A4_CLI POST_BUILD 128 | COMMAND ${LDID} -Stfp0.plist -Hsha256 -Cadhoc ${CMAKE_CURRENT_BINARY_DIR}/x8A4_CLI 129 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 130 | COMMENT "Signing x8A4_CLI" 131 | ) 132 | # 133 | #SET(CMAKE_EXPORT_COMPILE_COMMANDS 1) 134 | #get_cmake_property(_variableNames VARIABLES) 135 | #list (SORT _variableNames) 136 | #foreach (_variableName ${_variableNames}) 137 | # message(STATUS "${_variableName}=${${_variableName}}") 138 | #endforeach() -------------------------------------------------------------------------------- /Docs/html/bc_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/bc_s.png -------------------------------------------------------------------------------- /Docs/html/bc_sd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/bc_sd.png -------------------------------------------------------------------------------- /Docs/html/bdwn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/bdwn.png -------------------------------------------------------------------------------- /Docs/html/closed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/closed.png -------------------------------------------------------------------------------- /Docs/html/dir_050dbe9f83839be7359d3d2e52808557.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: /Users/cryptic/source/x8A4/Registry Directory Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 | 23 | 27 | 28 | 29 |
24 |
Project x8A4 v1.0.2 25 |
26 |
30 |
31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 | 50 |
54 |
55 | 56 | 57 |
58 |
59 |
60 |
61 |
62 |
Loading...
63 |
Searching...
64 |
No Matches
65 |
66 |
67 |
68 |
69 | 70 | 74 |
75 |
76 |
Registry Directory Reference
77 |
78 |
79 | 80 | 82 | 83 | 84 | 85 |

81 | Files

file  registry.c
 This file is for all registry related code.
 
86 |
87 | 88 |
89 | Generated by doxygen 1.9.5 90 |
91 | 92 | 93 | -------------------------------------------------------------------------------- /Docs/html/dir_52bed8acfaac088d5968cb2c84d7645d.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: /Users/cryptic/source/x8A4/Kernel Directory Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 | 23 | 27 | 28 | 29 |
24 |
Project x8A4 v1.0.2 25 |
26 |
30 |
31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 | 50 |
54 |
55 | 56 | 57 |
58 |
59 |
60 |
61 |
62 |
Loading...
63 |
Searching...
64 |
No Matches
65 |
66 |
67 |
68 |
69 | 70 | 74 |
75 |
76 |
Kernel Directory Reference
77 |
78 |
79 | 80 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 |

81 | Files

file  kernel.c
 This file is for all kernel related code.
 
file  kpf.c
 This file is for all kernel kpf related code.
 
file  nvram.c
 This file is for all kernel nvram related code.
 
file  offsets.c
 This file is for all kernel offset related code.
 
file  osobject.c
 This file is for all kernel osobject related code.
 
file  slide.c
 This file is for all kernel slide related code.
 
101 |
102 | 103 |
104 | Generated by doxygen 1.9.5 105 |
106 | 107 | 108 | -------------------------------------------------------------------------------- /Docs/html/dir_965eb9d2edb8cb4296864e8d82ed0861.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: /Users/cryptic/source/x8A4/Logger Directory Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 | 23 | 27 | 28 | 29 |
24 |
Project x8A4 v1.0.2 25 |
26 |
30 |
31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 | 50 |
54 |
55 | 56 | 57 |
58 |
59 |
60 |
61 |
62 |
Loading...
63 |
Searching...
64 |
No Matches
65 |
66 |
67 |
68 |
69 | 70 | 74 |
75 |
76 |
Logger Directory Reference
77 |
78 |
79 | 80 | 82 | 83 | 84 | 85 |

81 | Files

file  logger.c
 This file is for all logger related code.
 
86 |
87 | 88 |
89 | Generated by doxygen 1.9.5 90 |
91 | 92 | 93 | -------------------------------------------------------------------------------- /Docs/html/dir_d69fddb65e10ed1e1aad5b4f2a8c0135.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: /Users/cryptic/source/x8A4/Services Directory Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 | 23 | 27 | 28 | 29 |
24 |
Project x8A4 v1.0.2 25 |
26 |
30 |
31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 | 50 |
54 |
55 | 56 | 57 |
58 |
59 |
60 |
61 |
62 |
Loading...
63 |
Searching...
64 |
No Matches
65 |
66 |
67 |
68 |
69 | 70 | 74 |
75 |
76 |
Services Directory Reference
77 |
78 |
79 | 80 | 82 | 83 | 84 | 85 |

81 | Files

file  services.c
 This file is for all ioservice related code.
 
86 |
87 | 88 |
89 | Generated by doxygen 1.9.5 90 |
91 | 92 | 93 | -------------------------------------------------------------------------------- /Docs/html/doc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/doc.png -------------------------------------------------------------------------------- /Docs/html/docd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/docd.png -------------------------------------------------------------------------------- /Docs/html/dynsections.js: -------------------------------------------------------------------------------- 1 | /* 2 | @licstart The following is the entire license notice for the JavaScript code in this file. 3 | 4 | The MIT License (MIT) 5 | 6 | Copyright (C) 1997-2020 by Dimitri van Heesch 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software 9 | and associated documentation files (the "Software"), to deal in the Software without restriction, 10 | including without limitation the rights to use, copy, modify, merge, publish, distribute, 11 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all copies or 15 | substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING 18 | BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 20 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | 23 | @licend The above is the entire license notice for the JavaScript code in this file 24 | */ 25 | function toggleVisibility(linkObj) 26 | { 27 | var base = $(linkObj).attr('id'); 28 | var summary = $('#'+base+'-summary'); 29 | var content = $('#'+base+'-content'); 30 | var trigger = $('#'+base+'-trigger'); 31 | var src=$(trigger).attr('src'); 32 | if (content.is(':visible')===true) { 33 | content.hide(); 34 | summary.show(); 35 | $(linkObj).addClass('closed').removeClass('opened'); 36 | $(trigger).attr('src',src.substring(0,src.length-8)+'closed.png'); 37 | } else { 38 | content.show(); 39 | summary.hide(); 40 | $(linkObj).removeClass('closed').addClass('opened'); 41 | $(trigger).attr('src',src.substring(0,src.length-10)+'open.png'); 42 | } 43 | return false; 44 | } 45 | 46 | function updateStripes() 47 | { 48 | $('table.directory tr'). 49 | removeClass('even').filter(':visible:even').addClass('even'); 50 | $('table.directory tr'). 51 | removeClass('odd').filter(':visible:odd').addClass('odd'); 52 | } 53 | 54 | function toggleLevel(level) 55 | { 56 | $('table.directory tr').each(function() { 57 | var l = this.id.split('_').length-1; 58 | var i = $('#img'+this.id.substring(3)); 59 | var a = $('#arr'+this.id.substring(3)); 60 | if (l 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: Main Page 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 | 21 | 22 | 23 | 27 | 28 | 29 |
24 |
Project x8A4 v1.0.2 25 |
26 |
30 |
31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 |
50 | 51 |
55 |
56 | 57 | 58 |
59 |
60 |
61 |
62 |
63 |
Loading...
64 |
Searching...
65 |
No Matches
66 |
67 |
68 |
69 |
70 | 71 |
72 |
Project x8A4 Documentation
73 |
74 |
75 |
76 | 77 |
78 | Generated by doxygen 1.9.5 79 |
80 | 81 | 82 | -------------------------------------------------------------------------------- /Docs/html/menu.js: -------------------------------------------------------------------------------- 1 | /* 2 | @licstart The following is the entire license notice for the JavaScript code in this file. 3 | 4 | The MIT License (MIT) 5 | 6 | Copyright (C) 1997-2020 by Dimitri van Heesch 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software 9 | and associated documentation files (the "Software"), to deal in the Software without restriction, 10 | including without limitation the rights to use, copy, modify, merge, publish, distribute, 11 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all copies or 15 | substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING 18 | BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 20 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | 23 | @licend The above is the entire license notice for the JavaScript code in this file 24 | */ 25 | function initMenu(relPath,searchEnabled,serverSide,searchPage,search) { 26 | function makeTree(data,relPath) { 27 | var result=''; 28 | if ('children' in data) { 29 | result+=''; 44 | } 45 | return result; 46 | } 47 | var searchBoxHtml; 48 | if (searchEnabled) { 49 | if (serverSide) { 50 | searchBoxHtml='
'+ 51 | '
'+ 52 | '
 '+ 54 | ''+ 57 | '
'+ 58 | '
'+ 59 | '
'+ 60 | '
'; 61 | } else { 62 | searchBoxHtml='
'+ 63 | ''+ 64 | ' '+ 66 | ''+ 70 | ''+ 71 | ''+ 73 | ''+ 75 | ''+ 76 | '
'; 77 | } 78 | } 79 | 80 | $('#main-nav').before('
'+ 81 | ''+ 84 | ''+ 85 | '
'); 86 | $('#main-nav').append(makeTree(menudata,relPath)); 87 | $('#main-nav').children(':first').addClass('sm sm-dox').attr('id','main-menu'); 88 | if (searchBoxHtml) { 89 | $('#main-menu').append('
  • '); 90 | } 91 | var $mainMenuState = $('#main-menu-state'); 92 | var prevWidth = 0; 93 | if ($mainMenuState.length) { 94 | function initResizableIfExists() { 95 | if (typeof initResizable==='function') initResizable(); 96 | } 97 | // animate mobile menu 98 | $mainMenuState.change(function(e) { 99 | var $menu = $('#main-menu'); 100 | var options = { duration: 250, step: initResizableIfExists }; 101 | if (this.checked) { 102 | options['complete'] = function() { $menu.css('display', 'block') }; 103 | $menu.hide().slideDown(options); 104 | } else { 105 | options['complete'] = function() { $menu.css('display', 'none') }; 106 | $menu.show().slideUp(options); 107 | } 108 | }); 109 | // set default menu visibility 110 | function resetState() { 111 | var $menu = $('#main-menu'); 112 | var $mainMenuState = $('#main-menu-state'); 113 | var newWidth = $(window).outerWidth(); 114 | if (newWidth!=prevWidth) { 115 | if ($(window).outerWidth()<768) { 116 | $mainMenuState.prop('checked',false); $menu.hide(); 117 | $('#searchBoxPos1').html(searchBoxHtml); 118 | $('#searchBoxPos2').hide(); 119 | } else { 120 | $menu.show(); 121 | $('#searchBoxPos1').empty(); 122 | $('#searchBoxPos2').html(searchBoxHtml); 123 | $('#searchBoxPos2').show(); 124 | } 125 | if (typeof searchBox!=='undefined') { 126 | searchBox.CloseResultsWindow(); 127 | } 128 | prevWidth = newWidth; 129 | } 130 | } 131 | $(window).ready(function() { resetState(); initResizableIfExists(); }); 132 | $(window).resize(resetState); 133 | } 134 | $('#main-menu').smartmenus(); 135 | } 136 | /* @license-end */ 137 | -------------------------------------------------------------------------------- /Docs/html/menudata.js: -------------------------------------------------------------------------------- 1 | /* 2 | @licstart The following is the entire license notice for the JavaScript code in this file. 3 | 4 | The MIT License (MIT) 5 | 6 | Copyright (C) 1997-2020 by Dimitri van Heesch 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software 9 | and associated documentation files (the "Software"), to deal in the Software without restriction, 10 | including without limitation the rights to use, copy, modify, merge, publish, distribute, 11 | sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all copies or 15 | substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING 18 | BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 20 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | 23 | @licend The above is the entire license notice for the JavaScript code in this file 24 | */ 25 | var menudata={children:[ 26 | {text:"Main Page",url:"index.html"}, 27 | {text:"Files",url:"files.html",children:[ 28 | {text:"File List",url:"files.html"}, 29 | {text:"Globals",url:"globals.html",children:[ 30 | {text:"All",url:"globals.html",children:[ 31 | {text:"_",url:"globals.html#index__5F"}, 32 | {text:"e",url:"globals.html#index_e"}, 33 | {text:"f",url:"globals.html#index_f"}, 34 | {text:"g",url:"globals.html#index_g"}, 35 | {text:"i",url:"globals.html#index_i"}, 36 | {text:"k",url:"globals.html#index_k"}, 37 | {text:"o",url:"globals.html#index_o"}, 38 | {text:"p",url:"globals.html#index_p"}, 39 | {text:"s",url:"globals.html#index_s"}, 40 | {text:"t",url:"globals.html#index_t"}, 41 | {text:"u",url:"globals.html#index_u"}, 42 | {text:"x",url:"globals.html#index_x"}]}, 43 | {text:"Functions",url:"globals_func.html",children:[ 44 | {text:"_",url:"globals_func.html#index__5F"}, 45 | {text:"e",url:"globals_func.html#index_e"}, 46 | {text:"f",url:"globals_func.html#index_f"}, 47 | {text:"g",url:"globals_func.html#index_g"}, 48 | {text:"i",url:"globals_func.html#index_i"}, 49 | {text:"k",url:"globals_func.html#index_k"}, 50 | {text:"o",url:"globals_func.html#index_o"}, 51 | {text:"p",url:"globals_func.html#index_p"}, 52 | {text:"s",url:"globals_func.html#index_s"}, 53 | {text:"t",url:"globals_func.html#index_t"}, 54 | {text:"u",url:"globals_func.html#index_u"}, 55 | {text:"x",url:"globals_func.html#index_x"}]}]}]}]} 56 | -------------------------------------------------------------------------------- /Docs/html/nav_f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/nav_f.png -------------------------------------------------------------------------------- /Docs/html/nav_fd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/nav_fd.png -------------------------------------------------------------------------------- /Docs/html/nav_g.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/nav_g.png -------------------------------------------------------------------------------- /Docs/html/nav_h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/nav_h.png -------------------------------------------------------------------------------- /Docs/html/nav_hd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/nav_hd.png -------------------------------------------------------------------------------- /Docs/html/offsets_8c.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Project x8A4: /Users/cryptic/source/x8A4/Kernel/offsets.c File Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
    19 |
    20 | 21 | 22 | 23 | 27 | 28 | 29 |
    24 |
    Project x8A4 v1.0.2 25 |
    26 |
    30 |
    31 | 32 | 33 | 38 | 39 | 40 | 48 | 49 | 50 |
    54 |
    55 | 56 | 57 |
    58 |
    59 |
    60 |
    61 |
    62 |
    Loading...
    63 |
    Searching...
    64 |
    No Matches
    65 |
    66 |
    67 |
    68 |
    69 | 70 | 74 |
    75 |
    76 |
    77 | Functions | 78 | Variables
    79 |
    offsets.c File Reference
    80 |
    81 |
    82 | 83 |

    This file is for all kernel offset related code. 84 | More...

    85 |
    #include <x8A4/Kernel/offsets.h>
    86 | #include <x8A4/Kernel/osobject.h>
    87 | #include <x8A4/Logger/logger.h>
    88 | #include <x8A4/x8A4.h>
    89 |
    90 | 92 | 93 | 94 | 95 |

    91 | Functions

    int offsets_init (void)
     Init kernel offsets. More...
     
    96 | 98 | 100 | 101 |

    97 | Variables

    99 | struct kernel_offsets * koffsets_cached
     
    102 |

    Detailed Description

    103 |

    This file is for all kernel offset related code.

    104 |
    Author
    Cryptiiiic
    105 |
    Version
    1.0.1
    106 |
    Date
    2024-04-19
    107 |
    Copyright
    Copyright (c) 2024
    108 |

    Function Documentation

    109 | 110 |

    ◆ offsets_init()

    111 | 112 |
    113 |
    114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 |
    int offsets_init (void )
    123 |
    124 | 125 |

    Init kernel offsets.

    126 |
    Returns
    Zero on init success
    127 | 128 |
    129 |
    130 |
    131 | 132 |
    133 | Generated by doxygen 1.9.5 134 |
    135 | 136 | 137 | -------------------------------------------------------------------------------- /Docs/html/open.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/open.png -------------------------------------------------------------------------------- /Docs/html/search/all_0.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['_5f_5fattribute_5f_5f_0',['__attribute__',['../x8_a4_8c.html#a49198efbc08c4e0aaee1c1fdb95562d5',1,'__attribute__((constructor, used)): x8A4.c'],['../x8_a4_8c.html#a02a9abb85458352c617b455c770f5ead',1,'__attribute__((destructor, used)): x8A4.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_1.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['extract_5fos_5fsize_0',['extract_os_size',['../osobject_8c.html#a5214f9d46423879985a07a74a4a19121',1,'osobject.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_2.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['find_5fnvram_5fkey_0',['find_nvram_key',['../nvram_8c.html#a35cfc5335ac39c645e70a2cedd30983a',1,'nvram.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_3.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['get_5fapple_5fmobile_5fap_5fnonce_5fservice_0',['get_apple_mobile_ap_nonce_service',['../services_8c.html#a8b5c46decb51da661b04a48a2ef98278',1,'services.c']]], 4 | ['get_5fboot_5fmanifest_5fhash_5flen_1',['get_boot_manifest_hash_len',['../registry_8c.html#ac1f9059107c0402ff673984628a6236c',1,'registry.c']]], 5 | ['get_5fboot_5fmanifest_5fhash_5fref_2',['get_boot_manifest_hash_ref',['../registry_8c.html#a2bebb0af258bbf08529a42d067c3931a',1,'registry.c']]], 6 | ['get_5fboot_5fmanifest_5fhash_5fregistry_3',['get_boot_manifest_hash_registry',['../registry_8c.html#adbc9dc3b9734c21bb6e33cda755f032d',1,'registry.c']]], 7 | ['get_5fboot_5fnonce_5flen_4',['get_boot_nonce_len',['../registry_8c.html#a486193f5a17373df8166c65cc6a9f635',1,'registry.c']]], 8 | ['get_5fboot_5fnonce_5fref_5',['get_boot_nonce_ref',['../registry_8c.html#a1ea26f7d52652ab781409a9b3b272758',1,'registry.c']]], 9 | ['get_5fboot_5fnonce_5fregistry_6',['get_boot_nonce_registry',['../registry_8c.html#afe19943c9acbf3033165aff67eb5b81e',1,'registry.c']]], 10 | ['get_5fdtre_5fchosen_7',['get_dtre_chosen',['../registry_8c.html#a371321697e810b2fdef6511b73d8b916',1,'registry.c']]], 11 | ['get_5fdtre_5foptions_8',['get_dtre_options',['../registry_8c.html#a503529cca275868f6d02ac35e544d701',1,'registry.c']]], 12 | ['get_5fentry_5ffrom_5fos_5fdict_9',['get_entry_from_os_dict',['../osobject_8c.html#ad01e71744a24d3cc64119d857769b2c7',1,'osobject.c']]], 13 | ['get_5fhash_5flen_10',['get_hash_len',['../registry_8c.html#ac548b508ed7994fc9712815ec102720e',1,'registry.c']]], 14 | ['get_5fhash_5fmethod_5flen_11',['get_hash_method_len',['../registry_8c.html#a5165072f9f7d4c618184716c5781ecd1',1,'registry.c']]], 15 | ['get_5fhash_5fmethod_5fref_12',['get_hash_method_ref',['../registry_8c.html#a66ea627877a4194ad1b082365771c7aa',1,'registry.c']]], 16 | ['get_5fhash_5fmethod_5fregistry_13',['get_hash_method_registry',['../registry_8c.html#a7cdcc24f5b2b3b82a27890e68f985927',1,'registry.c']]], 17 | ['get_5fio_5faes_5faccel_5fservice_14',['get_io_aes_accel_service',['../services_8c.html#a6c54f50d93c0da85535b1360ecaba0dc',1,'services.c']]], 18 | ['get_5fipc_5fkobject_15',['get_ipc_kobject',['../kernel_8c.html#aea0985217b709bcc6f35c64fbfda7449',1,'kernel.c']]], 19 | ['get_5fipc_5fkobject_5ffrom_5fiomachport_16',['get_ipc_kobject_from_iomachport',['../kernel_8c.html#ae40bbc1fd445234966d18e78aa237ec3',1,'kernel.c']]], 20 | ['get_5fipc_5fport_17',['get_ipc_port',['../kernel_8c.html#aa444c95590f146778bfbe8c94d41ee07',1,'kernel.c']]], 21 | ['get_5fkernel_5fpath_18',['get_kernel_path',['../kernel_8c.html#af4bb7d4b160afc55e3cb750ea5a0831b',1,'kernel.c']]], 22 | ['get_5fnonce_5fseeds_5flen_19',['get_nonce_seeds_len',['../registry_8c.html#a7d033966bf2d08b52bc6e0537d2b67e8',1,'registry.c']]], 23 | ['get_5fnonce_5fseeds_5fref_20',['get_nonce_seeds_ref',['../registry_8c.html#ae951934b125e4a64ddb82ba28fe66c73',1,'registry.c']]], 24 | ['get_5fnonce_5fseeds_5fregistry_21',['get_nonce_seeds_registry',['../registry_8c.html#a9030ded42806ea816ca2f971939e6419',1,'registry.c']]], 25 | ['get_5fnvram_5fentry_5fbytes_22',['get_nvram_entry_bytes',['../nvram_8c.html#abfd5c0df080059298c1af7f6f973b93f',1,'nvram.c']]], 26 | ['get_5fnvram_5fkey_23',['get_nvram_key',['../nvram_8c.html#aeea0d8e8e076ae506dbcee00983e2e73',1,'nvram.c']]], 27 | ['get_5fos_5fdict_5ffrom_5fos_5fobject_24',['get_os_dict_from_os_object',['../osobject_8c.html#a355c75311b8db780134c463b836b4c34',1,'osobject.c']]], 28 | ['get_5fos_5fdict_5fsize_25',['get_os_dict_size',['../osobject_8c.html#a4cb753c77f1d0dc523458f2dabd88254',1,'osobject.c']]], 29 | ['get_5fos_5fmetabase_5fsize_26',['get_os_metabase_size',['../osobject_8c.html#a7087f0ddd58632bd7d4a7cdc28ceca99',1,'osobject.c']]], 30 | ['get_5four_5fproc_27',['get_our_proc',['../kernel_8c.html#a2220bb95b5be2eedfea3b5218733d30d',1,'kernel.c']]], 31 | ['get_5four_5ftask_28',['get_our_task',['../kernel_8c.html#a7c2c27af795dcbaf26d3aef4410b4cac',1,'kernel.c']]], 32 | ['get_5fservice_5fnvram_5fdict_29',['get_service_nvram_dict',['../nvram_8c.html#a8b67c63da94f0ca7b608b6329f547d13',1,'nvram.c']]], 33 | ['get_5fslide_30',['get_slide',['../slide_8c.html#adc25a93a1b36b9f3d139c37fc110a758',1,'slide.c']]] 34 | ]; 35 | -------------------------------------------------------------------------------- /Docs/html/search/all_4.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['io_5fclear_5fapnonce_0',['io_clear_apnonce',['../kernel_8c.html#a2105bcd7090bc2d267d8d39bdcdb51b3',1,'kernel.c']]], 4 | ['io_5fgenerate_5fapnonce_1',['io_generate_apnonce',['../kernel_8c.html#ac84c7c07eb5b6136f22f05bbc341683b',1,'kernel.c']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/all_5.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['kernel_2ec_0',['kernel.c',['../kernel_8c.html',1,'']]], 4 | ['kpf_2ec_1',['kpf.c',['../kpf_8c.html',1,'']]], 5 | ['kread_5fsmr_2',['kread_smr',['../kernel_8c.html#a6b7b15fd57888666a9d47c1ce0c774c8',1,'kernel.c']]], 6 | ['krw_5fget_5fkbase_3',['krw_get_kbase',['../kernel_8c.html#af6f3ef808f94bca0e2255ac4d159ab38',1,'kernel.c']]] 7 | ]; 8 | -------------------------------------------------------------------------------- /Docs/html/search/all_6.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['logger_2ec_0',['logger.c',['../logger_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_7.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['nvram_2ec_0',['nvram.c',['../nvram_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_8.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['offsets_2ec_0',['offsets.c',['../offsets_8c.html',1,'']]], 4 | ['offsets_5finit_1',['offsets_init',['../offsets_8c.html#a0c838cc243a086a6b9b2bdf60501ff7b',1,'offsets.c']]], 5 | ['os_5fobject_5fcast_2',['os_object_cast',['../osobject_8c.html#aa111c36304275a1cf558d7fb25b1c2e9',1,'osobject.c']]], 6 | ['osobject_2ec_3',['osobject.c',['../osobject_8c.html',1,'']]] 7 | ]; 8 | -------------------------------------------------------------------------------- /Docs/html/search/all_9.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['palera1n_5fget_5fslide_0',['palera1n_get_slide',['../slide_8c.html#a109016973ac15afea08f227f7acc2899',1,'slide.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_a.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['registry_2ec_0',['registry.c',['../registry_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_b.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['services_2ec_0',['services.c',['../services_8c.html',1,'']]], 4 | ['set_5fnvram_5fentry_1',['set_nvram_entry',['../registry_8c.html#a01633514271f60f4b0e79438c0a50f4e',1,'registry.c']]], 5 | ['set_5fnvram_5fentry_5fbytes_2',['set_nvram_entry_bytes',['../nvram_8c.html#a2ae64280e90436254ee0d6a4bc01604b',1,'nvram.c']]], 6 | ['slide_2ec_3',['slide.c',['../slide_8c.html',1,'']]] 7 | ]; 8 | -------------------------------------------------------------------------------- /Docs/html/search/all_c.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['tfp0_5finit_0',['tfp0_init',['../kernel_8c.html#a77f7538dd74676922293765df0747d82',1,'kernel.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/all_d.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['unsign_5fptr_0',['unsign_ptr',['../kernel_8c.html#a761a29721402b2e506c4fe8843194d78',1,'kernel.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/close.svg: -------------------------------------------------------------------------------- 1 | 2 | 13 | 15 | 16 | 18 | image/svg+xml 19 | 21 | 22 | 23 | 24 | 25 | 27 | 31 | 32 | -------------------------------------------------------------------------------- /Docs/html/search/files_0.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['kernel_2ec_0',['kernel.c',['../kernel_8c.html',1,'']]], 4 | ['kpf_2ec_1',['kpf.c',['../kpf_8c.html',1,'']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/files_1.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['logger_2ec_0',['logger.c',['../logger_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/files_2.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['nvram_2ec_0',['nvram.c',['../nvram_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/files_3.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['offsets_2ec_0',['offsets.c',['../offsets_8c.html',1,'']]], 4 | ['osobject_2ec_1',['osobject.c',['../osobject_8c.html',1,'']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/files_4.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['registry_2ec_0',['registry.c',['../registry_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/files_5.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['services_2ec_0',['services.c',['../services_8c.html',1,'']]], 4 | ['slide_2ec_1',['slide.c',['../slide_8c.html',1,'']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/files_6.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['x8a4_2ec_0',['x8A4.c',['../x8_a4_8c.html',1,'']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_0.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['_5f_5fattribute_5f_5f_0',['__attribute__',['../x8_a4_8c.html#a49198efbc08c4e0aaee1c1fdb95562d5',1,'__attribute__((constructor, used)): x8A4.c'],['../x8_a4_8c.html#a02a9abb85458352c617b455c770f5ead',1,'__attribute__((destructor, used)): x8A4.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_1.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['extract_5fos_5fsize_0',['extract_os_size',['../osobject_8c.html#a5214f9d46423879985a07a74a4a19121',1,'osobject.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_2.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['find_5fnvram_5fkey_0',['find_nvram_key',['../nvram_8c.html#a35cfc5335ac39c645e70a2cedd30983a',1,'nvram.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_3.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['get_5fapple_5fmobile_5fap_5fnonce_5fservice_0',['get_apple_mobile_ap_nonce_service',['../services_8c.html#a8b5c46decb51da661b04a48a2ef98278',1,'services.c']]], 4 | ['get_5fboot_5fmanifest_5fhash_5flen_1',['get_boot_manifest_hash_len',['../registry_8c.html#ac1f9059107c0402ff673984628a6236c',1,'registry.c']]], 5 | ['get_5fboot_5fmanifest_5fhash_5fref_2',['get_boot_manifest_hash_ref',['../registry_8c.html#a2bebb0af258bbf08529a42d067c3931a',1,'registry.c']]], 6 | ['get_5fboot_5fmanifest_5fhash_5fregistry_3',['get_boot_manifest_hash_registry',['../registry_8c.html#adbc9dc3b9734c21bb6e33cda755f032d',1,'registry.c']]], 7 | ['get_5fboot_5fnonce_5flen_4',['get_boot_nonce_len',['../registry_8c.html#a486193f5a17373df8166c65cc6a9f635',1,'registry.c']]], 8 | ['get_5fboot_5fnonce_5fref_5',['get_boot_nonce_ref',['../registry_8c.html#a1ea26f7d52652ab781409a9b3b272758',1,'registry.c']]], 9 | ['get_5fboot_5fnonce_5fregistry_6',['get_boot_nonce_registry',['../registry_8c.html#afe19943c9acbf3033165aff67eb5b81e',1,'registry.c']]], 10 | ['get_5fdtre_5fchosen_7',['get_dtre_chosen',['../registry_8c.html#a371321697e810b2fdef6511b73d8b916',1,'registry.c']]], 11 | ['get_5fdtre_5foptions_8',['get_dtre_options',['../registry_8c.html#a503529cca275868f6d02ac35e544d701',1,'registry.c']]], 12 | ['get_5fentry_5ffrom_5fos_5fdict_9',['get_entry_from_os_dict',['../osobject_8c.html#ad01e71744a24d3cc64119d857769b2c7',1,'osobject.c']]], 13 | ['get_5fhash_5flen_10',['get_hash_len',['../registry_8c.html#ac548b508ed7994fc9712815ec102720e',1,'registry.c']]], 14 | ['get_5fhash_5fmethod_5flen_11',['get_hash_method_len',['../registry_8c.html#a5165072f9f7d4c618184716c5781ecd1',1,'registry.c']]], 15 | ['get_5fhash_5fmethod_5fref_12',['get_hash_method_ref',['../registry_8c.html#a66ea627877a4194ad1b082365771c7aa',1,'registry.c']]], 16 | ['get_5fhash_5fmethod_5fregistry_13',['get_hash_method_registry',['../registry_8c.html#a7cdcc24f5b2b3b82a27890e68f985927',1,'registry.c']]], 17 | ['get_5fio_5faes_5faccel_5fservice_14',['get_io_aes_accel_service',['../services_8c.html#a6c54f50d93c0da85535b1360ecaba0dc',1,'services.c']]], 18 | ['get_5fipc_5fkobject_15',['get_ipc_kobject',['../kernel_8c.html#aea0985217b709bcc6f35c64fbfda7449',1,'kernel.c']]], 19 | ['get_5fipc_5fkobject_5ffrom_5fiomachport_16',['get_ipc_kobject_from_iomachport',['../kernel_8c.html#ae40bbc1fd445234966d18e78aa237ec3',1,'kernel.c']]], 20 | ['get_5fipc_5fport_17',['get_ipc_port',['../kernel_8c.html#aa444c95590f146778bfbe8c94d41ee07',1,'kernel.c']]], 21 | ['get_5fkernel_5fpath_18',['get_kernel_path',['../kernel_8c.html#af4bb7d4b160afc55e3cb750ea5a0831b',1,'kernel.c']]], 22 | ['get_5fnonce_5fseeds_5flen_19',['get_nonce_seeds_len',['../registry_8c.html#a7d033966bf2d08b52bc6e0537d2b67e8',1,'registry.c']]], 23 | ['get_5fnonce_5fseeds_5fref_20',['get_nonce_seeds_ref',['../registry_8c.html#ae951934b125e4a64ddb82ba28fe66c73',1,'registry.c']]], 24 | ['get_5fnonce_5fseeds_5fregistry_21',['get_nonce_seeds_registry',['../registry_8c.html#a9030ded42806ea816ca2f971939e6419',1,'registry.c']]], 25 | ['get_5fnvram_5fentry_5fbytes_22',['get_nvram_entry_bytes',['../nvram_8c.html#abfd5c0df080059298c1af7f6f973b93f',1,'nvram.c']]], 26 | ['get_5fnvram_5fkey_23',['get_nvram_key',['../nvram_8c.html#aeea0d8e8e076ae506dbcee00983e2e73',1,'nvram.c']]], 27 | ['get_5fos_5fdict_5ffrom_5fos_5fobject_24',['get_os_dict_from_os_object',['../osobject_8c.html#a355c75311b8db780134c463b836b4c34',1,'osobject.c']]], 28 | ['get_5fos_5fdict_5fsize_25',['get_os_dict_size',['../osobject_8c.html#a4cb753c77f1d0dc523458f2dabd88254',1,'osobject.c']]], 29 | ['get_5fos_5fmetabase_5fsize_26',['get_os_metabase_size',['../osobject_8c.html#a7087f0ddd58632bd7d4a7cdc28ceca99',1,'osobject.c']]], 30 | ['get_5four_5fproc_27',['get_our_proc',['../kernel_8c.html#a2220bb95b5be2eedfea3b5218733d30d',1,'kernel.c']]], 31 | ['get_5four_5ftask_28',['get_our_task',['../kernel_8c.html#a7c2c27af795dcbaf26d3aef4410b4cac',1,'kernel.c']]], 32 | ['get_5fservice_5fnvram_5fdict_29',['get_service_nvram_dict',['../nvram_8c.html#a8b67c63da94f0ca7b608b6329f547d13',1,'nvram.c']]], 33 | ['get_5fslide_30',['get_slide',['../slide_8c.html#adc25a93a1b36b9f3d139c37fc110a758',1,'slide.c']]] 34 | ]; 35 | -------------------------------------------------------------------------------- /Docs/html/search/functions_4.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['io_5fclear_5fapnonce_0',['io_clear_apnonce',['../kernel_8c.html#a2105bcd7090bc2d267d8d39bdcdb51b3',1,'kernel.c']]], 4 | ['io_5fgenerate_5fapnonce_1',['io_generate_apnonce',['../kernel_8c.html#ac84c7c07eb5b6136f22f05bbc341683b',1,'kernel.c']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/functions_5.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['kread_5fsmr_0',['kread_smr',['../kernel_8c.html#a6b7b15fd57888666a9d47c1ce0c774c8',1,'kernel.c']]], 4 | ['krw_5fget_5fkbase_1',['krw_get_kbase',['../kernel_8c.html#af6f3ef808f94bca0e2255ac4d159ab38',1,'kernel.c']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/functions_6.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['offsets_5finit_0',['offsets_init',['../offsets_8c.html#a0c838cc243a086a6b9b2bdf60501ff7b',1,'offsets.c']]], 4 | ['os_5fobject_5fcast_1',['os_object_cast',['../osobject_8c.html#aa111c36304275a1cf558d7fb25b1c2e9',1,'osobject.c']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/functions_7.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['palera1n_5fget_5fslide_0',['palera1n_get_slide',['../slide_8c.html#a109016973ac15afea08f227f7acc2899',1,'slide.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_8.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['set_5fnvram_5fentry_0',['set_nvram_entry',['../registry_8c.html#a01633514271f60f4b0e79438c0a50f4e',1,'registry.c']]], 4 | ['set_5fnvram_5fentry_5fbytes_1',['set_nvram_entry_bytes',['../nvram_8c.html#a2ae64280e90436254ee0d6a4bc01604b',1,'nvram.c']]] 5 | ]; 6 | -------------------------------------------------------------------------------- /Docs/html/search/functions_9.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['tfp0_5finit_0',['tfp0_init',['../kernel_8c.html#a77f7538dd74676922293765df0747d82',1,'kernel.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/functions_a.js: -------------------------------------------------------------------------------- 1 | var searchData= 2 | [ 3 | ['unsign_5fptr_0',['unsign_ptr',['../kernel_8c.html#a761a29721402b2e506c4fe8843194d78',1,'kernel.c']]] 4 | ]; 5 | -------------------------------------------------------------------------------- /Docs/html/search/mag.svg: -------------------------------------------------------------------------------- 1 | 2 | 13 | 15 | 16 | 18 | image/svg+xml 19 | 21 | 22 | 23 | 24 | 25 | 27 | 33 | 37 | 38 | -------------------------------------------------------------------------------- /Docs/html/search/mag_d.svg: -------------------------------------------------------------------------------- 1 | 2 | 13 | 15 | 16 | 18 | image/svg+xml 19 | 21 | 22 | 23 | 24 | 25 | 27 | 33 | 37 | 38 | -------------------------------------------------------------------------------- /Docs/html/search/mag_sel.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 22 | 24 | image/svg+xml 25 | 27 | 28 | 29 | 30 | 31 | 33 | 57 | 63 | 69 | 74 | 75 | -------------------------------------------------------------------------------- /Docs/html/search/mag_seld.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 22 | 24 | image/svg+xml 25 | 27 | 28 | 29 | 30 | 31 | 33 | 57 | 63 | 69 | 74 | 75 | -------------------------------------------------------------------------------- /Docs/html/search/search.css: -------------------------------------------------------------------------------- 1 | /*---------------- Search Box positioning */ 2 | 3 | #main-menu > li:last-child { 4 | /* This
  • object is the parent of the search bar */ 5 | display: flex; 6 | justify-content: center; 7 | align-items: center; 8 | height: 36px; 9 | margin-right: 1em; 10 | } 11 | 12 | /*---------------- Search box styling */ 13 | 14 | .SRPage * { 15 | font-weight: normal; 16 | line-height: normal; 17 | } 18 | 19 | dark-mode-toggle { 20 | margin-left: 5px; 21 | display: flex; 22 | float: right; 23 | } 24 | 25 | #MSearchBox { 26 | display: inline-block; 27 | white-space : nowrap; 28 | background: var(--search-background-color); 29 | border-radius: 0.65em; 30 | box-shadow: var(--search-box-shadow); 31 | z-index: 102; 32 | } 33 | 34 | #MSearchBox .left { 35 | display: inline-block; 36 | vertical-align: middle; 37 | height: 1.4em; 38 | } 39 | 40 | #MSearchSelect { 41 | display: inline-block; 42 | vertical-align: middle; 43 | width: 20px; 44 | height: 19px; 45 | background-image: var(--search-magnification-select-image); 46 | margin: 0 0 0 0.3em; 47 | padding: 0; 48 | } 49 | 50 | #MSearchSelectExt { 51 | display: inline-block; 52 | vertical-align: middle; 53 | width: 10px; 54 | height: 19px; 55 | background-image: var(--search-magnification-image); 56 | margin: 0 0 0 0.5em; 57 | padding: 0; 58 | } 59 | 60 | 61 | #MSearchField { 62 | display: inline-block; 63 | vertical-align: middle; 64 | width: 7.5em; 65 | height: 19px; 66 | margin: 0 0.15em; 67 | padding: 0; 68 | line-height: 1em; 69 | border:none; 70 | color: var(--search-foreground-color); 71 | outline: none; 72 | font-family: var(--font-family-search); 73 | -webkit-border-radius: 0px; 74 | border-radius: 0px; 75 | background: none; 76 | } 77 | 78 | @media(hover: none) { 79 | /* to avoid zooming on iOS */ 80 | #MSearchField { 81 | font-size: 16px; 82 | } 83 | } 84 | 85 | #MSearchBox .right { 86 | display: inline-block; 87 | vertical-align: middle; 88 | width: 1.4em; 89 | height: 1.4em; 90 | } 91 | 92 | #MSearchClose { 93 | display: none; 94 | font-size: inherit; 95 | background : none; 96 | border: none; 97 | margin: 0; 98 | padding: 0; 99 | outline: none; 100 | 101 | } 102 | 103 | #MSearchCloseImg { 104 | padding: 0.3em; 105 | margin: 0; 106 | } 107 | 108 | .MSearchBoxActive #MSearchField { 109 | color: var(--search-active-color); 110 | } 111 | 112 | 113 | 114 | /*---------------- Search filter selection */ 115 | 116 | #MSearchSelectWindow { 117 | display: none; 118 | position: absolute; 119 | left: 0; top: 0; 120 | border: 1px solid var(--search-filter-border-color); 121 | background-color: var(--search-filter-background-color); 122 | z-index: 10001; 123 | padding-top: 4px; 124 | padding-bottom: 4px; 125 | -moz-border-radius: 4px; 126 | -webkit-border-top-left-radius: 4px; 127 | -webkit-border-top-right-radius: 4px; 128 | -webkit-border-bottom-left-radius: 4px; 129 | -webkit-border-bottom-right-radius: 4px; 130 | -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); 131 | } 132 | 133 | .SelectItem { 134 | font: 8pt var(--font-family-search); 135 | padding-left: 2px; 136 | padding-right: 12px; 137 | border: 0px; 138 | } 139 | 140 | span.SelectionMark { 141 | margin-right: 4px; 142 | font-family: var(--font-family-monospace); 143 | outline-style: none; 144 | text-decoration: none; 145 | } 146 | 147 | a.SelectItem { 148 | display: block; 149 | outline-style: none; 150 | color: var(--search-filter-foreground-color); 151 | text-decoration: none; 152 | padding-left: 6px; 153 | padding-right: 12px; 154 | } 155 | 156 | a.SelectItem:focus, 157 | a.SelectItem:active { 158 | color: var(--search-filter-foreground-color); 159 | outline-style: none; 160 | text-decoration: none; 161 | } 162 | 163 | a.SelectItem:hover { 164 | color: var(--search-filter-highlight-text-color); 165 | background-color: var(--search-filter-highlight-bg-color); 166 | outline-style: none; 167 | text-decoration: none; 168 | cursor: pointer; 169 | display: block; 170 | } 171 | 172 | /*---------------- Search results window */ 173 | 174 | iframe#MSearchResults { 175 | /*width: 60ex;*/ 176 | height: 15em; 177 | } 178 | 179 | #MSearchResultsWindow { 180 | display: none; 181 | position: absolute; 182 | left: 0; top: 0; 183 | border: 1px solid var(--search-results-border-color); 184 | background-color: var(--search-results-background-color); 185 | z-index:10000; 186 | width: 300px; 187 | height: 400px; 188 | overflow: auto; 189 | } 190 | 191 | /* ----------------------------------- */ 192 | 193 | 194 | #SRIndex { 195 | clear:both; 196 | } 197 | 198 | .SREntry { 199 | font-size: 10pt; 200 | padding-left: 1ex; 201 | } 202 | 203 | .SRPage .SREntry { 204 | font-size: 8pt; 205 | padding: 1px 5px; 206 | } 207 | 208 | div.SRPage { 209 | margin: 5px 2px; 210 | background-color: var(--search-results-background-color); 211 | } 212 | 213 | .SRChildren { 214 | padding-left: 3ex; padding-bottom: .5em 215 | } 216 | 217 | .SRPage .SRChildren { 218 | display: none; 219 | } 220 | 221 | .SRSymbol { 222 | font-weight: bold; 223 | color: var(--search-results-foreground-color); 224 | font-family: var(--font-family-search); 225 | text-decoration: none; 226 | outline: none; 227 | } 228 | 229 | a.SRScope { 230 | display: block; 231 | color: var(--search-results-foreground-color); 232 | font-family: var(--font-family-search); 233 | font-size: 8pt; 234 | text-decoration: none; 235 | outline: none; 236 | } 237 | 238 | a.SRSymbol:focus, a.SRSymbol:active, 239 | a.SRScope:focus, a.SRScope:active { 240 | text-decoration: underline; 241 | } 242 | 243 | span.SRScope { 244 | padding-left: 4px; 245 | font-family: var(--font-family-search); 246 | } 247 | 248 | .SRPage .SRStatus { 249 | padding: 2px 5px; 250 | font-size: 8pt; 251 | font-style: italic; 252 | font-family: var(--font-family-search); 253 | } 254 | 255 | .SRResult { 256 | display: none; 257 | } 258 | 259 | div.searchresults { 260 | margin-left: 10px; 261 | margin-right: 10px; 262 | } 263 | 264 | /*---------------- External search page results */ 265 | 266 | .pages b { 267 | color: white; 268 | padding: 5px 5px 3px 5px; 269 | background-image: var(--nav-gradient-active-image-parent); 270 | background-repeat: repeat-x; 271 | text-shadow: 0 1px 1px #000000; 272 | } 273 | 274 | .pages { 275 | line-height: 17px; 276 | margin-left: 4px; 277 | text-decoration: none; 278 | } 279 | 280 | .hl { 281 | font-weight: bold; 282 | } 283 | 284 | #searchresults { 285 | margin-bottom: 20px; 286 | } 287 | 288 | .searchpages { 289 | margin-top: 10px; 290 | } 291 | 292 | -------------------------------------------------------------------------------- /Docs/html/search/searchdata.js: -------------------------------------------------------------------------------- 1 | var indexSectionsWithContent = 2 | { 3 | 0: "_efgiklnoprstux", 4 | 1: "klnorsx", 5 | 2: "_efgikopstux" 6 | }; 7 | 8 | var indexSectionNames = 9 | { 10 | 0: "all", 11 | 1: "files", 12 | 2: "functions" 13 | }; 14 | 15 | var indexSectionLabels = 16 | { 17 | 0: "All", 18 | 1: "Files", 19 | 2: "Functions" 20 | }; 21 | 22 | -------------------------------------------------------------------------------- /Docs/html/splitbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/splitbar.png -------------------------------------------------------------------------------- /Docs/html/splitbard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/splitbard.png -------------------------------------------------------------------------------- /Docs/html/sync_off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/sync_off.png -------------------------------------------------------------------------------- /Docs/html/sync_on.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/sync_on.png -------------------------------------------------------------------------------- /Docs/html/tab_a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_a.png -------------------------------------------------------------------------------- /Docs/html/tab_ad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_ad.png -------------------------------------------------------------------------------- /Docs/html/tab_b.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_b.png -------------------------------------------------------------------------------- /Docs/html/tab_bd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_bd.png -------------------------------------------------------------------------------- /Docs/html/tab_h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_h.png -------------------------------------------------------------------------------- /Docs/html/tab_hd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_hd.png -------------------------------------------------------------------------------- /Docs/html/tab_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_s.png -------------------------------------------------------------------------------- /Docs/html/tab_sd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Docs/html/tab_sd.png -------------------------------------------------------------------------------- /Docs/latex/Makefile: -------------------------------------------------------------------------------- 1 | LATEX_CMD?=pdflatex 2 | MKIDX_CMD?=makeindex 3 | BIBTEX_CMD?=bibtex 4 | LATEX_COUNT?=8 5 | MANUAL_FILE?=refman 6 | 7 | all: $(MANUAL_FILE).pdf 8 | 9 | pdf: $(MANUAL_FILE).pdf 10 | 11 | $(MANUAL_FILE).pdf: clean $(MANUAL_FILE).tex 12 | $(LATEX_CMD) $(MANUAL_FILE) 13 | $(MKIDX_CMD) $(MANUAL_FILE).idx 14 | $(LATEX_CMD) $(MANUAL_FILE) 15 | latex_count=$(LATEX_COUNT) ; \ 16 | while egrep -s 'Rerun (LaTeX|to get cross-references right|to get bibliographical references right)' $(MANUAL_FILE).log && [ $$latex_count -gt 0 ] ;\ 17 | do \ 18 | echo "Rerunning latex...." ;\ 19 | $(LATEX_CMD) $(MANUAL_FILE) ;\ 20 | latex_count=`expr $$latex_count - 1` ;\ 21 | done 22 | $(MKIDX_CMD) $(MANUAL_FILE).idx 23 | $(LATEX_CMD) $(MANUAL_FILE) 24 | 25 | 26 | clean: 27 | rm -f *.ps *.dvi *.aux *.toc *.idx *.ind *.ilg *.log *.out *.brf *.blg *.bbl $(MANUAL_FILE).pdf 28 | -------------------------------------------------------------------------------- /Docs/latex/files.tex: -------------------------------------------------------------------------------- 1 | \doxysection{File List} 2 | Here is a list of all documented files with brief descriptions\+:\begin{DoxyCompactList} 3 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\mbox{\hyperlink{x8_a4_8c}{x8\+A4.\+c}} \\*This file is for all x8\+A4 library related code }{\pageref{x8_a4_8c}}{} 4 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{kernel_8c}{kernel.\+c}} \\*This file is for all kernel related code }{\pageref{kernel_8c}}{} 5 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{kpf_8c}{kpf.\+c}} \\*This file is for all kernel kpf related code }{\pageref{kpf_8c}}{} 6 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{nvram_8c}{nvram.\+c}} \\*This file is for all kernel nvram related code }{\pageref{nvram_8c}}{} 7 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{offsets_8c}{offsets.\+c}} \\*This file is for all kernel offset related code }{\pageref{offsets_8c}}{} 8 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{osobject_8c}{osobject.\+c}} \\*This file is for all kernel osobject related code }{\pageref{osobject_8c}}{} 9 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Kernel/\mbox{\hyperlink{slide_8c}{slide.\+c}} \\*This file is for all kernel slide related code }{\pageref{slide_8c}}{} 10 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Logger/\mbox{\hyperlink{logger_8c}{logger.\+c}} \\*This file is for all logger related code }{\pageref{logger_8c}}{} 11 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Registry/\mbox{\hyperlink{registry_8c}{registry.\+c}} \\*This file is for all registry related code }{\pageref{registry_8c}}{} 12 | \item\contentsline{section}{/\+Users/cryptic/source/x8\+A4/\+Services/\mbox{\hyperlink{services_8c}{services.\+c}} \\*This file is for all ioservice related code }{\pageref{services_8c}}{} 13 | \end{DoxyCompactList} 14 | -------------------------------------------------------------------------------- /Docs/latex/logger_8c.tex: -------------------------------------------------------------------------------- 1 | \hypertarget{logger_8c}{}\doxysection{/\+Users/cryptic/source/x8\+A4/\+Logger/logger.c File Reference} 2 | \label{logger_8c}\index{/Users/cryptic/source/x8A4/Logger/logger.c@{/Users/cryptic/source/x8A4/Logger/logger.c}} 3 | 4 | 5 | This file is for all logger related code. 6 | 7 | 8 | {\ttfamily \#include $<$stdarg.\+h$>$}\newline 9 | {\ttfamily \#include $<$x8\+A4/\+Logger/logger.\+h$>$}\newline 10 | {\ttfamily \#include $<$x8\+A4/x8\+A4.\+h$>$}\newline 11 | \doxysubsection*{Functions} 12 | \begin{DoxyCompactItemize} 13 | \item 14 | void \mbox{\hyperlink{logger_8c_a842eb12f45ab727225d24365bd2b1ab1}{x8\+A4\+\_\+log\+\_\+print}} (FILE $\ast$stream, const char $\ast$format,...) 15 | \begin{DoxyCompactList}\small\item\em Print format string to a specified file stream. \end{DoxyCompactList}\item 16 | void \mbox{\hyperlink{logger_8c_a968b1e30cea7598e4508751ab505af69}{x8\+A4\+\_\+log\+\_\+print\+\_\+va}} (FILE $\ast$stream, const char $\ast$format, va\+\_\+list args) 17 | \begin{DoxyCompactList}\small\item\em Print format string with a va\+\_\+list to a specified file stream. \end{DoxyCompactList}\item 18 | void \mbox{\hyperlink{logger_8c_a143aa633919c0ca3a0357674f5464067}{x8\+A4\+\_\+log\+\_\+function}} (FILE $\ast$stream, const char $\ast$func, const char $\ast$format, va\+\_\+list args) 19 | \begin{DoxyCompactList}\small\item\em Print format string with a va\+\_\+list to a specified file stream, include function name. \end{DoxyCompactList}\item 20 | void \mbox{\hyperlink{logger_8c_a1bb10e3d78a21dcb91386807c38cbe76}{x8\+A4\+\_\+logger}} (enum LOG\+\_\+\+LEVEL level, const char $\ast$func, const char $\ast$format,...) 21 | \begin{DoxyCompactList}\small\item\em Call the correct logger print based on log level. \end{DoxyCompactList}\end{DoxyCompactItemize} 22 | 23 | 24 | \doxysubsection{Detailed Description} 25 | This file is for all logger related code. 26 | 27 | \begin{DoxyAuthor}{Author} 28 | Cryptiiiic 29 | \end{DoxyAuthor} 30 | \begin{DoxyVersion}{Version} 31 | 1.\+0.\+1 32 | \end{DoxyVersion} 33 | \begin{DoxyDate}{Date} 34 | 2024-\/12-\/22 35 | \end{DoxyDate} 36 | \begin{DoxyCopyright}{Copyright} 37 | Copyright (c) 2024 38 | \end{DoxyCopyright} 39 | 40 | 41 | \doxysubsection{Function Documentation} 42 | \mbox{\Hypertarget{logger_8c_a143aa633919c0ca3a0357674f5464067}\label{logger_8c_a143aa633919c0ca3a0357674f5464067}} 43 | \index{logger.c@{logger.c}!x8A4\_log\_function@{x8A4\_log\_function}} 44 | \index{x8A4\_log\_function@{x8A4\_log\_function}!logger.c@{logger.c}} 45 | \doxysubsubsection{\texorpdfstring{x8A4\_log\_function()}{x8A4\_log\_function()}} 46 | {\footnotesize\ttfamily void x8\+A4\+\_\+log\+\_\+function (\begin{DoxyParamCaption}\item[{FILE $\ast$}]{stream, }\item[{const char $\ast$}]{func, }\item[{const char $\ast$}]{format, }\item[{va\+\_\+list}]{args }\end{DoxyParamCaption})} 47 | 48 | 49 | 50 | Print format string with a va\+\_\+list to a specified file stream, include function name. 51 | 52 | 53 | \begin{DoxyParams}[1]{Parameters} 54 | \mbox{\texttt{ in}} & {\em stream} & \\ 55 | \hline 56 | \mbox{\texttt{ in}} & {\em func} & \\ 57 | \hline 58 | \mbox{\texttt{ in}} & {\em format} & \\ 59 | \hline 60 | \mbox{\texttt{ in}} & {\em args} & \\ 61 | \hline 62 | \end{DoxyParams} 63 | \mbox{\Hypertarget{logger_8c_a842eb12f45ab727225d24365bd2b1ab1}\label{logger_8c_a842eb12f45ab727225d24365bd2b1ab1}} 64 | \index{logger.c@{logger.c}!x8A4\_log\_print@{x8A4\_log\_print}} 65 | \index{x8A4\_log\_print@{x8A4\_log\_print}!logger.c@{logger.c}} 66 | \doxysubsubsection{\texorpdfstring{x8A4\_log\_print()}{x8A4\_log\_print()}} 67 | {\footnotesize\ttfamily void x8\+A4\+\_\+log\+\_\+print (\begin{DoxyParamCaption}\item[{FILE $\ast$}]{stream, }\item[{const char $\ast$}]{format, }\item[{}]{... }\end{DoxyParamCaption})} 68 | 69 | 70 | 71 | Print format string to a specified file stream. 72 | 73 | 74 | \begin{DoxyParams}[1]{Parameters} 75 | \mbox{\texttt{ in}} & {\em stream} & \\ 76 | \hline 77 | \mbox{\texttt{ in}} & {\em format} & \\ 78 | \hline 79 | \mbox{\texttt{ in}} & {\em \+\_\+\+\_\+\+VA\+\_\+\+ARGS\+\_\+\+\_\+} & \\ 80 | \hline 81 | \end{DoxyParams} 82 | \mbox{\Hypertarget{logger_8c_a968b1e30cea7598e4508751ab505af69}\label{logger_8c_a968b1e30cea7598e4508751ab505af69}} 83 | \index{logger.c@{logger.c}!x8A4\_log\_print\_va@{x8A4\_log\_print\_va}} 84 | \index{x8A4\_log\_print\_va@{x8A4\_log\_print\_va}!logger.c@{logger.c}} 85 | \doxysubsubsection{\texorpdfstring{x8A4\_log\_print\_va()}{x8A4\_log\_print\_va()}} 86 | {\footnotesize\ttfamily void x8\+A4\+\_\+log\+\_\+print\+\_\+va (\begin{DoxyParamCaption}\item[{FILE $\ast$}]{stream, }\item[{const char $\ast$}]{format, }\item[{va\+\_\+list}]{args }\end{DoxyParamCaption})} 87 | 88 | 89 | 90 | Print format string with a va\+\_\+list to a specified file stream. 91 | 92 | 93 | \begin{DoxyParams}[1]{Parameters} 94 | \mbox{\texttt{ in}} & {\em stream} & \\ 95 | \hline 96 | \mbox{\texttt{ in}} & {\em format} & \\ 97 | \hline 98 | \mbox{\texttt{ in}} & {\em args} & \\ 99 | \hline 100 | \end{DoxyParams} 101 | \mbox{\Hypertarget{logger_8c_a1bb10e3d78a21dcb91386807c38cbe76}\label{logger_8c_a1bb10e3d78a21dcb91386807c38cbe76}} 102 | \index{logger.c@{logger.c}!x8A4\_logger@{x8A4\_logger}} 103 | \index{x8A4\_logger@{x8A4\_logger}!logger.c@{logger.c}} 104 | \doxysubsubsection{\texorpdfstring{x8A4\_logger()}{x8A4\_logger()}} 105 | {\footnotesize\ttfamily void x8\+A4\+\_\+logger (\begin{DoxyParamCaption}\item[{enum LOG\+\_\+\+LEVEL}]{level, }\item[{const char $\ast$}]{func, }\item[{const char $\ast$}]{format, }\item[{}]{... }\end{DoxyParamCaption})} 106 | 107 | 108 | 109 | Call the correct logger print based on log level. 110 | 111 | 112 | \begin{DoxyParams}[1]{Parameters} 113 | \mbox{\texttt{ in}} & {\em level} & \\ 114 | \hline 115 | \mbox{\texttt{ in}} & {\em func} & \\ 116 | \hline 117 | \mbox{\texttt{ in}} & {\em format} & \\ 118 | \hline 119 | \mbox{\texttt{ in}} & {\em \+\_\+\+\_\+\+VA\+\_\+\+ARGS\+\_\+\+\_\+} & \\ 120 | \hline 121 | \end{DoxyParams} 122 | -------------------------------------------------------------------------------- /Docs/latex/offsets_8c.tex: -------------------------------------------------------------------------------- 1 | \hypertarget{offsets_8c}{}\doxysection{/\+Users/cryptic/source/x8\+A4/\+Kernel/offsets.c File Reference} 2 | \label{offsets_8c}\index{/Users/cryptic/source/x8A4/Kernel/offsets.c@{/Users/cryptic/source/x8A4/Kernel/offsets.c}} 3 | 4 | 5 | This file is for all kernel offset related code. 6 | 7 | 8 | {\ttfamily \#include $<$x8\+A4/\+Kernel/offsets.\+h$>$}\newline 9 | {\ttfamily \#include $<$x8\+A4/\+Kernel/osobject.\+h$>$}\newline 10 | {\ttfamily \#include $<$x8\+A4/\+Logger/logger.\+h$>$}\newline 11 | {\ttfamily \#include $<$x8\+A4/x8\+A4.\+h$>$}\newline 12 | \doxysubsection*{Functions} 13 | \begin{DoxyCompactItemize} 14 | \item 15 | int \mbox{\hyperlink{offsets_8c_a0c838cc243a086a6b9b2bdf60501ff7b}{offsets\+\_\+init}} (void) 16 | \begin{DoxyCompactList}\small\item\em Init kernel offsets. \end{DoxyCompactList}\end{DoxyCompactItemize} 17 | \doxysubsection*{Variables} 18 | \begin{DoxyCompactItemize} 19 | \item 20 | \mbox{\Hypertarget{offsets_8c_a6b069451a5b24343d7eaaac4238ae5f7}\label{offsets_8c_a6b069451a5b24343d7eaaac4238ae5f7}} 21 | struct kernel\+\_\+offsets $\ast$ {\bfseries koffsets\+\_\+cached} 22 | \end{DoxyCompactItemize} 23 | 24 | 25 | \doxysubsection{Detailed Description} 26 | This file is for all kernel offset related code. 27 | 28 | \begin{DoxyAuthor}{Author} 29 | Cryptiiiic 30 | \end{DoxyAuthor} 31 | \begin{DoxyVersion}{Version} 32 | 1.\+0.\+1 33 | \end{DoxyVersion} 34 | \begin{DoxyDate}{Date} 35 | 2024-\/04-\/19 36 | \end{DoxyDate} 37 | \begin{DoxyCopyright}{Copyright} 38 | Copyright (c) 2024 39 | \end{DoxyCopyright} 40 | 41 | 42 | \doxysubsection{Function Documentation} 43 | \mbox{\Hypertarget{offsets_8c_a0c838cc243a086a6b9b2bdf60501ff7b}\label{offsets_8c_a0c838cc243a086a6b9b2bdf60501ff7b}} 44 | \index{offsets.c@{offsets.c}!offsets\_init@{offsets\_init}} 45 | \index{offsets\_init@{offsets\_init}!offsets.c@{offsets.c}} 46 | \doxysubsubsection{\texorpdfstring{offsets\_init()}{offsets\_init()}} 47 | {\footnotesize\ttfamily int offsets\+\_\+init (\begin{DoxyParamCaption}\item[{void}]{ }\end{DoxyParamCaption})} 48 | 49 | 50 | 51 | Init kernel offsets. 52 | 53 | \begin{DoxyReturn}{Returns} 54 | Zero on init success 55 | \end{DoxyReturn} 56 | -------------------------------------------------------------------------------- /Docs/latex/refman.tex: -------------------------------------------------------------------------------- 1 | % Handle batch mode 2 | % to overcome problems with too many open files 3 | \let\mypdfximage\pdfximage\def\pdfximage{\immediate\mypdfximage} 4 | % Set document class depending on configuration 5 | \documentclass[twoside]{book} 6 | %% moved from doxygen.sty due to workaround for LaTex 2019 version and unmaintained tabu package 7 | \usepackage{ifthen} 8 | \ifx\requestedLaTeXdate\undefined 9 | \usepackage{array} 10 | \else 11 | \usepackage{array}[=2016-10-06] 12 | \fi 13 | %% 14 | % Packages required by doxygen 15 | \usepackage{fixltx2e} % for \textsubscript 16 | \usepackage{doxygen} 17 | \usepackage{graphicx} 18 | \usepackage[utf8]{inputenc} 19 | \usepackage{makeidx} 20 | \PassOptionsToPackage{warn}{textcomp} 21 | \usepackage{textcomp} 22 | \usepackage[nointegrals]{wasysym} 23 | \usepackage{ifxetex} 24 | % NLS support packages 25 | % Define default fonts 26 | % Font selection 27 | \usepackage[T1]{fontenc} 28 | % set main and monospaced font 29 | \usepackage[scaled=.90]{helvet} 30 | \usepackage{courier} 31 | \renewcommand{\familydefault}{\sfdefault} 32 | \usepackage{sectsty} 33 | \allsectionsfont{% 34 | \fontseries{bc}\selectfont% 35 | \color{darkgray}% 36 | } 37 | \renewcommand{\DoxyLabelFont}{% 38 | \fontseries{bc}\selectfont% 39 | \color{darkgray}% 40 | } 41 | \newcommand{\+}{\discretionary{\mbox{\scriptsize$\hookleftarrow$}}{}{}} 42 | % Arguments of doxygenemoji: 43 | % 1) '::' form of the emoji, already LaTeX-escaped 44 | % 2) file with the name of the emoji without the .png extension 45 | % in case image exist use this otherwise use the '::' form 46 | \newcommand{\doxygenemoji}[2]{% 47 | \IfFileExists{./#2.png}{\raisebox{-0.1em}{\includegraphics[height=0.9em]{./#2.png}}}{#1}% 48 | } 49 | % Page & text layout 50 | \usepackage{geometry} 51 | \geometry{% 52 | a4paper,% 53 | top=2.5cm,% 54 | bottom=2.5cm,% 55 | left=2.5cm,% 56 | right=2.5cm% 57 | } 58 | % Allow a bit of overflow to go unnoticed by other means 59 | \tolerance=750 60 | \hfuzz=15pt 61 | \hbadness=750 62 | \setlength{\emergencystretch}{15pt} 63 | \setlength{\parindent}{0cm} 64 | \newcommand{\doxynormalparskip}{\setlength{\parskip}{3ex plus 2ex minus 2ex}} 65 | \newcommand{\doxytocparskip}{\setlength{\parskip}{1ex plus 0ex minus 0ex}} 66 | \doxynormalparskip 67 | % Redefine paragraph/subparagraph environments, using sectsty fonts 68 | \makeatletter 69 | \renewcommand{\paragraph}{% 70 | \@startsection{paragraph}{4}{0ex}{-1.0ex}{1.0ex}{% 71 | \normalfont\normalsize\bfseries\SS@parafont% 72 | }% 73 | } 74 | \renewcommand{\subparagraph}{% 75 | \@startsection{subparagraph}{5}{0ex}{-1.0ex}{1.0ex}{% 76 | \normalfont\normalsize\bfseries\SS@subparafont% 77 | }% 78 | } 79 | \makeatother 80 | \makeatletter 81 | \newcommand\hrulefilll{\leavevmode\leaders\hrule\hskip 0pt plus 1filll\kern\z@} 82 | \makeatother 83 | % Headers & footers 84 | \usepackage{fancyhdr} 85 | \pagestyle{fancyplain} 86 | \renewcommand{\footrulewidth}{0.4pt} 87 | \fancypagestyle{fancyplain}{ 88 | \fancyhf{} 89 | \fancyhead[LE, RO]{\bfseries\thepage} 90 | \fancyhead[LO]{\bfseries\rightmark} 91 | \fancyhead[RE]{\bfseries\leftmark} 92 | \fancyfoot[LO, RE]{\bfseries\scriptsize Generated by Doxygen } 93 | } 94 | \fancypagestyle{plain}{ 95 | \fancyhf{} 96 | \fancyfoot[LO, RE]{\bfseries\scriptsize Generated by Doxygen } 97 | \renewcommand{\headrulewidth}{0pt} 98 | } 99 | \pagestyle{fancyplain} 100 | \renewcommand{\chaptermark}[1]{% 101 | \markboth{#1}{}% 102 | } 103 | \renewcommand{\sectionmark}[1]{% 104 | \markright{\thesection\ #1}% 105 | } 106 | % ToC, LoF, LoT, bibliography, and index 107 | % Indices & bibliography 108 | \usepackage{natbib} 109 | \usepackage[titles]{tocloft} 110 | \setcounter{tocdepth}{3} 111 | \setcounter{secnumdepth}{5} 112 | % creating indexes 113 | \makeindex 114 | \usepackage{newunicodechar} 115 | \newunicodechar{⁻}{${}^{-}$}% Superscript minus 116 | \newunicodechar{²}{${}^{2}$}% Superscript two 117 | \newunicodechar{³}{${}^{3}$}% Superscript three 118 | % Hyperlinks 119 | % Hyperlinks (required, but should be loaded last) 120 | \ifpdf 121 | \usepackage[pdftex,pagebackref=true]{hyperref} 122 | \else 123 | \ifxetex 124 | \usepackage[pagebackref=true]{hyperref} 125 | \else 126 | \usepackage[ps2pdf,pagebackref=true]{hyperref} 127 | \fi 128 | \fi 129 | \hypersetup{% 130 | colorlinks=true,% 131 | linkcolor=blue,% 132 | citecolor=blue,% 133 | unicode,% 134 | pdftitle={Project x8\+A4},% 135 | pdfsubject={}% 136 | } 137 | % Custom commands used by the header 138 | % Custom commands 139 | \newcommand{\clearemptydoublepage}{% 140 | \newpage{\pagestyle{empty}\cleardoublepage}% 141 | } 142 | % caption style definition 143 | \usepackage{caption} 144 | \captionsetup{labelsep=space,justification=centering,font={bf},singlelinecheck=off,skip=4pt,position=top} 145 | % in page table of contents 146 | \usepackage{etoc} 147 | \etocsettocstyle{\doxytocparskip}{\doxynormalparskip} 148 | % prevent numbers overlap the titles in toc 149 | \renewcommand{\numberline}[1]{#1~} 150 | % End of preamble, now comes the document contents 151 | %===== C O N T E N T S ===== 152 | \begin{document} 153 | \raggedbottom 154 | % Titlepage & ToC 155 | % To avoid duplicate page anchors due to reuse of same numbers for 156 | % the index (be it as roman numbers) 157 | \hypersetup{pageanchor=false, 158 | bookmarksnumbered=true, 159 | pdfencoding=unicode 160 | } 161 | \pagenumbering{alph} 162 | \begin{titlepage} 163 | \vspace*{7cm} 164 | \begin{center}% 165 | {\Large Project x8\+A4}\\ 166 | [1ex]\large v1.\+0.\+1 \\ 167 | \vspace*{1cm} 168 | {\large Generated by Doxygen 1.9.5}\\ 169 | \end{center} 170 | \end{titlepage} 171 | \clearemptydoublepage 172 | \pagenumbering{roman} 173 | \tableofcontents 174 | \clearemptydoublepage 175 | \pagenumbering{arabic} 176 | % re-enable anchors again 177 | \hypersetup{pageanchor=true} 178 | %--- Begin generated contents --- 179 | \chapter{File Index} 180 | \input{files} 181 | \chapter{File Documentation} 182 | \input{kernel_8c} 183 | \input{kpf_8c} 184 | \input{nvram_8c} 185 | \input{offsets_8c} 186 | \input{osobject_8c} 187 | \input{slide_8c} 188 | \input{logger_8c} 189 | \input{registry_8c} 190 | \input{services_8c} 191 | \input{x8_a4_8c} 192 | %--- End generated contents --- 193 | % Index 194 | \backmatter 195 | \newpage 196 | \phantomsection 197 | \clearemptydoublepage 198 | \addcontentsline{toc}{chapter}{\indexname} 199 | \printindex 200 | % Required for some languages (in combination with latexdocumentpre from the header) 201 | \end{document} 202 | -------------------------------------------------------------------------------- /Docs/latex/services_8c.tex: -------------------------------------------------------------------------------- 1 | \hypertarget{services_8c}{}\doxysection{/\+Users/cryptic/source/x8\+A4/\+Services/services.c File Reference} 2 | \label{services_8c}\index{/Users/cryptic/source/x8A4/Services/services.c@{/Users/cryptic/source/x8A4/Services/services.c}} 3 | 4 | 5 | This file is for all ioservice related code. 6 | 7 | 8 | {\ttfamily \#include $<$stdio.\+h$>$}\newline 9 | {\ttfamily \#include $<$x8\+A4/\+Registry/registry.\+h$>$}\newline 10 | {\ttfamily \#include $<$x8\+A4/\+Services/services.\+h$>$}\newline 11 | \doxysubsection*{Functions} 12 | \begin{DoxyCompactItemize} 13 | \item 14 | io\+\_\+service\+\_\+t \mbox{\hyperlink{services_8c_a6c54f50d93c0da85535b1360ecaba0dc}{get\+\_\+io\+\_\+aes\+\_\+accel\+\_\+service}} (void) 15 | \begin{DoxyCompactList}\small\item\em Gets the IOAESAccelerator ioservice. \end{DoxyCompactList}\item 16 | io\+\_\+connect\+\_\+t \mbox{\hyperlink{services_8c_a8b5c46decb51da661b04a48a2ef98278}{get\+\_\+apple\+\_\+mobile\+\_\+ap\+\_\+nonce\+\_\+service}} (void) 17 | \begin{DoxyCompactList}\small\item\em Gets the Apple\+Mobile\+Ap\+Nonce ioservice. \end{DoxyCompactList}\end{DoxyCompactItemize} 18 | \doxysubsection*{Variables} 19 | \begin{DoxyCompactItemize} 20 | \item 21 | \mbox{\Hypertarget{services_8c_ab7d5ffb78c296223472eab26782a6e1f}\label{services_8c_ab7d5ffb78c296223472eab26782a6e1f}} 22 | io\+\_\+service\+\_\+t {\bfseries io\+\_\+aes\+\_\+accel\+\_\+service\+\_\+cached} = IO\+\_\+\+OBJECT\+\_\+\+NULL 23 | \item 24 | \mbox{\Hypertarget{services_8c_a1ce5d91761ee0fd96e0cc1e927337693}\label{services_8c_a1ce5d91761ee0fd96e0cc1e927337693}} 25 | io\+\_\+service\+\_\+t {\bfseries apple\+\_\+mobile\+\_\+ap\+\_\+nonce\+\_\+service\+\_\+cached} = IO\+\_\+\+OBJECT\+\_\+\+NULL 26 | \item 27 | \mbox{\Hypertarget{services_8c_ac6438b95a7b65339977100be4528de52}\label{services_8c_ac6438b95a7b65339977100be4528de52}} 28 | io\+\_\+service\+\_\+t {\bfseries apple\+\_\+mobile\+\_\+ap\+\_\+nonce\+\_\+service2\+\_\+cached} = IO\+\_\+\+OBJECT\+\_\+\+NULL 29 | \end{DoxyCompactItemize} 30 | 31 | 32 | \doxysubsection{Detailed Description} 33 | This file is for all ioservice related code. 34 | 35 | \begin{DoxyAuthor}{Author} 36 | Cryptiiiic 37 | \end{DoxyAuthor} 38 | \begin{DoxyVersion}{Version} 39 | 1.\+0.\+1 40 | \end{DoxyVersion} 41 | \begin{DoxyDate}{Date} 42 | 2024-\/04-\/14 43 | \end{DoxyDate} 44 | \begin{DoxyCopyright}{Copyright} 45 | Copyright (c) 2024 46 | \end{DoxyCopyright} 47 | 48 | 49 | \doxysubsection{Function Documentation} 50 | \mbox{\Hypertarget{services_8c_a8b5c46decb51da661b04a48a2ef98278}\label{services_8c_a8b5c46decb51da661b04a48a2ef98278}} 51 | \index{services.c@{services.c}!get\_apple\_mobile\_ap\_nonce\_service@{get\_apple\_mobile\_ap\_nonce\_service}} 52 | \index{get\_apple\_mobile\_ap\_nonce\_service@{get\_apple\_mobile\_ap\_nonce\_service}!services.c@{services.c}} 53 | \doxysubsubsection{\texorpdfstring{get\_apple\_mobile\_ap\_nonce\_service()}{get\_apple\_mobile\_ap\_nonce\_service()}} 54 | {\footnotesize\ttfamily io\+\_\+connect\+\_\+t get\+\_\+apple\+\_\+mobile\+\_\+ap\+\_\+nonce\+\_\+service (\begin{DoxyParamCaption}\item[{void}]{ }\end{DoxyParamCaption})} 55 | 56 | 57 | 58 | Gets the Apple\+Mobile\+Ap\+Nonce ioservice. 59 | 60 | \begin{DoxyReturn}{Returns} 61 | Apple\+Mobile\+Ap\+Nonce ioservice 62 | \end{DoxyReturn} 63 | \mbox{\Hypertarget{services_8c_a6c54f50d93c0da85535b1360ecaba0dc}\label{services_8c_a6c54f50d93c0da85535b1360ecaba0dc}} 64 | \index{services.c@{services.c}!get\_io\_aes\_accel\_service@{get\_io\_aes\_accel\_service}} 65 | \index{get\_io\_aes\_accel\_service@{get\_io\_aes\_accel\_service}!services.c@{services.c}} 66 | \doxysubsubsection{\texorpdfstring{get\_io\_aes\_accel\_service()}{get\_io\_aes\_accel\_service()}} 67 | {\footnotesize\ttfamily io\+\_\+service\+\_\+t get\+\_\+io\+\_\+aes\+\_\+accel\+\_\+service (\begin{DoxyParamCaption}\item[{void}]{ }\end{DoxyParamCaption})} 68 | 69 | 70 | 71 | Gets the IOAESAccelerator ioservice. 72 | 73 | \begin{DoxyReturn}{Returns} 74 | IOAESAccelerator ioservice 75 | \end{DoxyReturn} 76 | -------------------------------------------------------------------------------- /Docs/latex/slide_8c.tex: -------------------------------------------------------------------------------- 1 | \hypertarget{slide_8c}{}\doxysection{/\+Users/cryptic/source/x8\+A4/\+Kernel/slide.c File Reference} 2 | \label{slide_8c}\index{/Users/cryptic/source/x8A4/Kernel/slide.c@{/Users/cryptic/source/x8A4/Kernel/slide.c}} 3 | 4 | 5 | This file is for all kernel slide related code. 6 | 7 | 8 | {\ttfamily \#include $<$stdint.\+h$>$}\newline 9 | {\ttfamily \#include $<$x8\+A4/\+Kernel/slide.\+h$>$}\newline 10 | {\ttfamily \#include $<$x8\+A4/\+Kernel/kernel.\+h$>$}\newline 11 | {\ttfamily \#include $<$x8\+A4/\+Kernel/kpf.\+h$>$}\newline 12 | {\ttfamily \#include $<$x8\+A4/\+Logger/logger.\+h$>$}\newline 13 | {\ttfamily \#include $<$x8\+A4/x8\+A4.\+h$>$}\newline 14 | \doxysubsection*{Functions} 15 | \begin{DoxyCompactItemize} 16 | \item 17 | uint64\+\_\+t \mbox{\hyperlink{slide_8c_adc25a93a1b36b9f3d139c37fc110a758}{get\+\_\+slide}} (void) 18 | \begin{DoxyCompactList}\small\item\em Get kaslr slide. \end{DoxyCompactList}\item 19 | uint64\+\_\+t \mbox{\hyperlink{slide_8c_a109016973ac15afea08f227f7acc2899}{palera1n\+\_\+get\+\_\+slide}} (void) 20 | \begin{DoxyCompactList}\small\item\em Get kaslr slide from palera1n ramdisk. \end{DoxyCompactList}\end{DoxyCompactItemize} 21 | \doxysubsection*{Variables} 22 | \begin{DoxyCompactItemize} 23 | \item 24 | \mbox{\Hypertarget{slide_8c_a288411b1bdd5dacfdbf96854d76e2fcb}\label{slide_8c_a288411b1bdd5dacfdbf96854d76e2fcb}} 25 | uint64\+\_\+t {\bfseries slide\+\_\+cached} = 0 26 | \end{DoxyCompactItemize} 27 | 28 | 29 | \doxysubsection{Detailed Description} 30 | This file is for all kernel slide related code. 31 | 32 | \begin{DoxyAuthor}{Author} 33 | Cryptiiiic 34 | \end{DoxyAuthor} 35 | \begin{DoxyVersion}{Version} 36 | 1.\+0.\+1 37 | \end{DoxyVersion} 38 | \begin{DoxyDate}{Date} 39 | 2024-\/04-\/14 40 | \end{DoxyDate} 41 | \begin{DoxyCopyright}{Copyright} 42 | Copyright (c) 2024 43 | \end{DoxyCopyright} 44 | 45 | 46 | \doxysubsection{Function Documentation} 47 | \mbox{\Hypertarget{slide_8c_adc25a93a1b36b9f3d139c37fc110a758}\label{slide_8c_adc25a93a1b36b9f3d139c37fc110a758}} 48 | \index{slide.c@{slide.c}!get\_slide@{get\_slide}} 49 | \index{get\_slide@{get\_slide}!slide.c@{slide.c}} 50 | \doxysubsubsection{\texorpdfstring{get\_slide()}{get\_slide()}} 51 | {\footnotesize\ttfamily uint64\+\_\+t get\+\_\+slide (\begin{DoxyParamCaption}\item[{void}]{ }\end{DoxyParamCaption})} 52 | 53 | 54 | 55 | Get kaslr slide. 56 | 57 | \begin{DoxyReturn}{Returns} 58 | Kaslr slide 59 | \end{DoxyReturn} 60 | \mbox{\Hypertarget{slide_8c_a109016973ac15afea08f227f7acc2899}\label{slide_8c_a109016973ac15afea08f227f7acc2899}} 61 | \index{slide.c@{slide.c}!palera1n\_get\_slide@{palera1n\_get\_slide}} 62 | \index{palera1n\_get\_slide@{palera1n\_get\_slide}!slide.c@{slide.c}} 63 | \doxysubsubsection{\texorpdfstring{palera1n\_get\_slide()}{palera1n\_get\_slide()}} 64 | {\footnotesize\ttfamily uint64\+\_\+t palera1n\+\_\+get\+\_\+slide (\begin{DoxyParamCaption}\item[{void}]{ }\end{DoxyParamCaption})} 65 | 66 | 67 | 68 | Get kaslr slide from palera1n ramdisk. 69 | 70 | \begin{DoxyReturn}{Returns} 71 | Kaslr slide 72 | \end{DoxyReturn} 73 | -------------------------------------------------------------------------------- /Include/XPF/bad_recovery.h: -------------------------------------------------------------------------------- 1 | void xpf_bad_recovery_init(void); 2 | bool xpf_bad_recovery_supported(void); -------------------------------------------------------------------------------- /Include/XPF/common.h: -------------------------------------------------------------------------------- 1 | void xpf_common_init(void); -------------------------------------------------------------------------------- /Include/XPF/decompress.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | void *kdecompress(const void *src, size_t src_len, size_t *dst_len); -------------------------------------------------------------------------------- /Include/XPF/non_ppl.h: -------------------------------------------------------------------------------- 1 | void xpf_non_ppl_init(void); -------------------------------------------------------------------------------- /Include/XPF/ppl.h: -------------------------------------------------------------------------------- 1 | void xpf_ppl_init(void); -------------------------------------------------------------------------------- /Include/XPF/xpf.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | typedef struct s_XPFItem { 11 | struct s_XPFItem *nextItem; 12 | const char *name; 13 | uint64_t (*finder)(void *); 14 | void *ctx; 15 | bool cached; 16 | uint64_t cache; 17 | } XPFItem; 18 | 19 | typedef struct s_XPFSet { 20 | const char *name; 21 | bool (*supported)(void); 22 | const char *metrics[]; 23 | } XPFSet; 24 | 25 | int xpf_start_with_kernel_path(const char *kernelPath); 26 | void xpf_item_register(const char *name, void *finder, void *ctx); 27 | uint64_t xpf_item_resolve(const char *name); 28 | uint64_t xpfsec_decode_pointer(PFSection *section, uint64_t vmaddr, uint64_t value); 29 | bool xpf_set_is_supported(const char *name); 30 | int xpf_offset_dictionary_add_set(xpc_object_t xdict, XPFSet *set); 31 | xpc_object_t xpf_construct_offset_dictionary(const char *sets[]); 32 | void xpf_set_error(const char *error, ...); 33 | const char *xpf_get_error(void); 34 | void xpf_print_all_items(void); 35 | void xpf_stop(void); 36 | 37 | typedef struct s_XPF { 38 | int kernelFd; 39 | void *mappedKernel; 40 | size_t kernelSize; 41 | void *decompressedKernel; 42 | size_t decompressedKernelSize; 43 | 44 | Fat *kernelContainer; 45 | MachO *kernel; 46 | bool kernelIsFileset; 47 | bool kernelIsArm64e; 48 | bool kernelIsSptm; 49 | char *kernelVersionString; 50 | char *kernelInfoPlist; 51 | char *darwinVersion; 52 | char *xnuBuild; 53 | char *xnuPlatform; 54 | char *osVersion; 55 | 56 | uint64_t kernelBase; 57 | uint64_t kernelEntry; 58 | 59 | PFSection *kernelTextSection; 60 | PFSection *kernelPPLTextSection; 61 | PFSection *kernelStringSection; 62 | PFSection *kernelConstSection; 63 | PFSection *kernelDataConstSection; 64 | PFSection *kernelDataSection; 65 | PFSection *kernelOSLogSection; 66 | PFSection *kernelPrelinkTextSection; 67 | PFSection *kernelPLKTextSection; 68 | PFSection *kernelPLKDataConstSection; 69 | PFSection *kernelBootdataInit; 70 | PFSection *kernelBootCodeTextSection; 71 | PFSection *kernelAMFITextSection; 72 | PFSection *kernelAMFIStringSection; 73 | PFSection *kernelSandboxTextSection; 74 | PFSection *kernelSandboxStringSection; 75 | PFSection *kernelInfoPlistSection; 76 | 77 | XPFItem *firstItem; 78 | } XPF; 79 | extern XPF gXPF; 80 | -------------------------------------------------------------------------------- /Include/choma/Base64.h: -------------------------------------------------------------------------------- 1 | #ifndef BASE64_H 2 | #define BASE64_H 3 | 4 | #include 5 | #include 6 | 7 | char *base64_encode(const unsigned char *data, 8 | size_t input_length, 9 | size_t *output_length); 10 | 11 | #endif // BASE64_H -------------------------------------------------------------------------------- /Include/choma/BufferedStream.h: -------------------------------------------------------------------------------- 1 | #ifndef BUFFERED_STREAM_H 2 | #define BUFFERED_STREAM_H 3 | 4 | #include "MemoryStream.h" 5 | #include 6 | 7 | #define BUFFERED_STREAM_FLAG_AUTO_EXPAND (1 << 0) 8 | 9 | typedef struct BufferedStreamContext { 10 | uint8_t *buffer; 11 | size_t bufferSize; 12 | uint32_t subBufferStart; 13 | size_t subBufferSize; 14 | } BufferedStreamContext; 15 | 16 | MemoryStream *buffered_stream_init_from_buffer_nocopy(void *buffer, size_t bufferSize, uint32_t flags); 17 | MemoryStream *buffered_stream_init_from_buffer(void *buffer, size_t bufferSize, uint32_t flags); 18 | 19 | #endif // BUFFERED_STREAM_H -------------------------------------------------------------------------------- /Include/choma/CSBlob.h: -------------------------------------------------------------------------------- 1 | #ifndef CS_BLOB_H 2 | #define CS_BLOB_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "Fat.h" 10 | #include "MachO.h" 11 | #include "MemoryStream.h" 12 | 13 | // Blob index 14 | typedef struct __BlobIndex { 15 | uint32_t type; 16 | uint32_t offset; 17 | } CS_BlobIndex; 18 | 19 | // CMS superblob 20 | typedef struct __SuperBlob { 21 | uint32_t magic; 22 | uint32_t length; 23 | uint32_t count; 24 | CS_BlobIndex index[]; 25 | } CS_SuperBlob; 26 | 27 | typedef struct __GenericBlob { 28 | uint32_t magic; /* magic number */ 29 | uint32_t length; /* total length of blob */ 30 | char data[]; 31 | } CS_GenericBlob; 32 | 33 | // CMS blob magic types 34 | typedef enum { 35 | CSMAGIC_REQUIREMENT = 0xfade0c00, 36 | CSMAGIC_REQUIREMENTS = 0xfade0c01, 37 | CSMAGIC_CODEDIRECTORY = 0xfade0c02, 38 | CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, 39 | CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, 40 | CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, 41 | CSMAGIC_EMBEDDED_DER_ENTITLEMENTS = 0xfade7172, 42 | CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, 43 | CSMAGIC_BLOBWRAPPER = 0xfade0b01, 44 | CSMAGIC_EMBEDDED_LAUNCH_CONSTRAINT = 0xfade8181, 45 | } CS_BlobMagic; 46 | 47 | typedef enum { 48 | CSSLOT_CODEDIRECTORY = 0, 49 | CSSLOT_INFOSLOT = 1, 50 | CSSLOT_REQUIREMENTS = 2, 51 | CSSLOT_RESOURCEDIR = 3, 52 | CSSLOT_APPLICATION = 4, 53 | CSSLOT_ENTITLEMENTS = 5, 54 | CSSLOT_DER_ENTITLEMENTS = 7, 55 | CSSLOT_LAUNCH_CONSTRAINT_SELF = 8, 56 | CSSLOT_LAUNCH_CONSTRAINT_PARENT = 9, 57 | CSSLOT_LAUNCH_CONSTRAINT_RESPONSIBLE = 10, 58 | CSSLOT_LIBRARY_CONSTRAINT = 11, 59 | 60 | CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000, /* first alternate CodeDirectory, if any */ 61 | CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5, /* max number of alternate CD slots */ 62 | CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX, /* one past the last */ 63 | 64 | CSSLOT_SIGNATURESLOT = 0x10000, 65 | CSSLOT_IDENTIFICATIONSLOT = 0x10001, 66 | CSSLOT_TICKETSLOT = 0x10002, 67 | } CS_SlotType; 68 | 69 | typedef struct s_CS_DecodedBlob { 70 | struct s_CS_DecodedBlob *next; 71 | uint32_t type; 72 | MemoryStream *stream; 73 | } CS_DecodedBlob; 74 | 75 | typedef struct s_CS_DecodedSuperBlob { 76 | uint32_t magic; 77 | struct s_CS_DecodedBlob *firstBlob; 78 | } CS_DecodedSuperBlob; 79 | 80 | // Convert blob magic to readable blob type string 81 | const char *cs_blob_magic_to_string(uint32_t magic); 82 | const char *cs_slot_type_to_string(uint32_t slotType); 83 | 84 | // Extract Code Signature to file 85 | int macho_extract_cs_to_file(MachO *macho, CS_SuperBlob *superblob); 86 | 87 | int macho_find_code_signature_bounds(MachO *macho, uint32_t *offsetOut, uint32_t *sizeOut); 88 | 89 | CS_SuperBlob *macho_read_code_signature(MachO *macho); 90 | 91 | int macho_replace_code_signature(MachO *macho, CS_SuperBlob *superblob); 92 | 93 | CS_DecodedBlob *csd_blob_init(uint32_t type, CS_GenericBlob *blobData); 94 | int csd_blob_read(CS_DecodedBlob *blob, uint64_t offset, size_t size, void *outBuf); 95 | int csd_blob_write(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf); 96 | int csd_blob_insert(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf); 97 | int csd_blob_delete(CS_DecodedBlob *blob, uint64_t offset, size_t size); 98 | int csd_blob_read_string(CS_DecodedBlob *blob, uint64_t offset, char **outString); 99 | int csd_blob_write_string(CS_DecodedBlob *blob, uint64_t offset, const char *string); 100 | size_t csd_blob_get_size(CS_DecodedBlob *blob); 101 | uint32_t csd_blob_get_type(CS_DecodedBlob *blob); 102 | void csd_blob_set_type(CS_DecodedBlob *blob, uint32_t type); 103 | void csd_blob_free(CS_DecodedBlob *blob); 104 | 105 | CS_DecodedSuperBlob *csd_superblob_init(void); 106 | CS_DecodedSuperBlob *csd_superblob_decode(CS_SuperBlob *superblob); 107 | CS_SuperBlob *csd_superblob_encode(CS_DecodedSuperBlob *decodedSuperblob); 108 | CS_DecodedBlob *csd_superblob_find_blob(CS_DecodedSuperBlob *superblob, uint32_t type, uint32_t *indexOut); 109 | CS_DecodedBlob *csd_superblob_find_blob_by_magic(CS_DecodedSuperBlob *superblob, uint32_t magic, uint32_t *indexOut); 110 | int csd_superblob_insert_blob_after_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, CS_DecodedBlob *afterBlob); 111 | int csd_superblob_insert_blob_at_index(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, uint32_t atIndex); 112 | int csd_superblob_append_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToAppend); 113 | int csd_superblob_replace_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *newBlob); 114 | int csd_superblob_remove_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToRemove); // <- Important: When calling this, caller is responsible for freeing blobToRemove 115 | int csd_superblob_remove_blob_at_index(CS_DecodedSuperBlob *superblob, uint32_t atIndex); 116 | int csd_superblob_calculate_best_cdhash(CS_DecodedSuperBlob *decodedSuperblob, void *cdhashOut, int *cdhashType); 117 | int csd_superblob_print_content(CS_DecodedSuperBlob *decodedSuperblob, MachO *macho, bool printAllSlots, bool verifySlots); 118 | void csd_superblob_free(CS_DecodedSuperBlob *decodedSuperblob); 119 | 120 | #endif // CS_BLOB_H -------------------------------------------------------------------------------- /Include/choma/CodeDirectory.h: -------------------------------------------------------------------------------- 1 | #ifndef CODE_DIRECTORY_H 2 | #define CODE_DIRECTORY_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include "MachO.h" 9 | #include "CSBlob.h" 10 | #include "Fat.h" 11 | #include "MachOByteOrder.h" 12 | #include "MachOLoadCommand.h" 13 | #include "MemoryStream.h" 14 | 15 | // Code directory blob header 16 | typedef struct __CodeDirectory { 17 | uint32_t magic; 18 | uint32_t length; 19 | uint32_t version; 20 | uint32_t flags; 21 | uint32_t hashOffset; 22 | uint32_t identOffset; 23 | uint32_t nSpecialSlots; 24 | uint32_t nCodeSlots; 25 | uint32_t codeLimit; 26 | uint8_t hashSize; 27 | uint8_t hashType; 28 | uint8_t platform; 29 | uint8_t pageSize; 30 | uint32_t spare2; 31 | 32 | /* Version 0x20100 */ 33 | uint32_t scatterOffset; 34 | 35 | /* Version 0x20200 */ 36 | uint32_t teamOffset; 37 | } CS_CodeDirectory 38 | __attribute__ ((aligned(1))); 39 | 40 | #define CS_CDHASH_LEN 20 41 | typedef uint8_t cdhash_t[CS_CDHASH_LEN]; 42 | void print_cdhash(cdhash_t cdhash); 43 | 44 | enum CS_HashType { 45 | CS_HASHTYPE_SHA160_160 = 1, 46 | CS_HASHTYPE_SHA256_256 = 2, 47 | CS_HASHTYPE_SHA256_160 = 3, 48 | CS_HASHTYPE_SHA384_384 = 4, 49 | }; 50 | 51 | char *csd_code_directory_copy_identifier(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut); 52 | char *csd_code_directory_copy_team_id(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut); 53 | int csd_code_directory_set_team_id(CS_DecodedBlob *codeDirBlob, char *newTeamID); 54 | int csd_code_directory_set_identifier(CS_DecodedBlob *codeDirBlob, char *newIdentifier); 55 | uint32_t csd_code_directory_get_flags(CS_DecodedBlob *codeDirBlob); 56 | void csd_code_directory_set_flags(CS_DecodedBlob *codeDirBlob, uint32_t flags); 57 | uint8_t csd_code_directory_get_hash_type(CS_DecodedBlob *codeDirBlob); 58 | void csd_code_directory_set_hash_type(CS_DecodedBlob *codeDirBlob, uint8_t hashType); 59 | unsigned csd_code_directory_calculate_rank(CS_DecodedBlob *codeDirBlob); 60 | int csd_code_directory_calculate_hash(CS_DecodedBlob *codeDirBlob, void *cdhashOut); 61 | int csd_code_directory_print_content(CS_DecodedBlob *codeDirBlob, MachO *macho, bool printSlots, bool verifySlots); 62 | void csd_code_directory_update_special_slots(CS_DecodedBlob *codeDirBlob, CS_DecodedBlob *xmlEntitlements, CS_DecodedBlob *derEntitlements, CS_DecodedBlob *requirements); 63 | void csd_code_directory_update(CS_DecodedBlob *codeDirBlob, MachO *macho); 64 | CS_DecodedBlob *csd_code_directory_init(MachO *macho, int hashType, bool alternate); 65 | 66 | #endif // CODE_DIRECTORY_H -------------------------------------------------------------------------------- /Include/choma/DER.h: -------------------------------------------------------------------------------- 1 | #ifndef DER_H 2 | #define DER_H 3 | 4 | #include 5 | 6 | typedef struct { 7 | uint8_t tag; 8 | uint32_t length; 9 | uint8_t *data; 10 | } DERItem; 11 | 12 | typedef struct { 13 | uint8_t *data; 14 | uint32_t length; 15 | } DEREncodedItem; 16 | 17 | void der_free_encoded_item(DEREncodedItem *item); 18 | DEREncodedItem *der_encode_boolean(bool value); 19 | DEREncodedItem *der_encode_integer(uint32_t value); 20 | DEREncodedItem *der_encode_utf8_string(const char *string); 21 | DEREncodedItem *der_encode_sequence(DEREncodedItem *items[], uint32_t nItems); 22 | DEREncodedItem *der_encode_set(DEREncodedItem *items[], uint32_t nItems); 23 | 24 | #endif // DER_H -------------------------------------------------------------------------------- /Include/choma/DyldSharedCache.h: -------------------------------------------------------------------------------- 1 | #ifndef DYLD_SHARED_CACHE_H 2 | #define DYLD_SHARED_CACHE_H 3 | 4 | #include "dyld_cache_format.h" 5 | #include "CachePatching.h" 6 | #include 7 | #include 8 | typedef struct MachO MachO; 9 | typedef struct Fat Fat; 10 | 11 | #define UUID_NULL (uuid_t){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0} 12 | 13 | typedef struct DyldSharedCacheFile { 14 | char *filepath; 15 | size_t filesize; 16 | int fd; 17 | struct dyld_cache_header header; 18 | } DyldSharedCacheFile; 19 | 20 | typedef struct DyldSharedCacheMapping { 21 | uint64_t vmaddr; 22 | uint64_t fileoff; 23 | void *ptr; 24 | uint64_t size; 25 | uint32_t maxProt; 26 | uint32_t initProt; 27 | uint64_t flags; 28 | // ABI stable until here 29 | void *slideInfoPtr; 30 | uint64_t slideInfoSize; 31 | struct DyldSharedCacheFile *file; 32 | } DyldSharedCacheMapping; 33 | 34 | typedef struct DyldSharedCacheImage { 35 | uint64_t address; 36 | uint64_t size; 37 | uint64_t index; 38 | uuid_t uuid; 39 | char *path; 40 | uint32_t nlistStartIndex; 41 | uint32_t nlistCount; 42 | Fat *fat; 43 | } DyldSharedCacheImage; 44 | 45 | typedef struct DyldSharedCache { 46 | unsigned fileCount; 47 | DyldSharedCacheFile **files; 48 | 49 | struct { 50 | bool loaded; 51 | unsigned index; 52 | void *nlist; 53 | uint32_t nlistCount; 54 | char *strings; 55 | uint32_t stringsSize; 56 | } symbolFile; 57 | 58 | unsigned mappingCount; 59 | DyldSharedCacheMapping *mappings; 60 | uint64_t baseAddress; 61 | uint32_t premapSlide; 62 | bool is32Bit; 63 | 64 | uint64_t containedImageCount; 65 | DyldSharedCacheImage *containedImages; 66 | } DyldSharedCache; 67 | 68 | typedef struct DyldSharedCachePointer { 69 | uint64_t location; 70 | uint64_t target; 71 | 72 | bool authenticated; 73 | uint8_t key; 74 | uint16_t diversifier; 75 | bool hasAddressDiversity; 76 | } DyldSharedCachePointer; 77 | 78 | enum PAC_KEY { 79 | PAC_KEY_IA = 0, 80 | PAC_KEY_IB = 1, 81 | PAC_KEY_DA = 2, 82 | PAC_KEY_DB = 3, 83 | }; 84 | 85 | DyldSharedCache *dsc_init_from_path_premapped(const char *path, uint32_t premapSlide); 86 | DyldSharedCache *dsc_init_from_path(const char *path); 87 | void dsc_enumerate_files(DyldSharedCache *sharedCache, void (^enumeratorBlock)(const char *filepath, size_t filesize, struct dyld_cache_header *header)); 88 | 89 | void dsc_enumerate_mappings(DyldSharedCache *sharedCache, void (^enumeratorBlock)(DyldSharedCacheMapping *mapping, DyldSharedCacheFile *sourceFile, bool *stop)); 90 | DyldSharedCacheMapping *dsc_lookup_mapping(DyldSharedCache *sharedCache, uint64_t vmaddr, uint64_t size); 91 | void *dsc_find_buffer(DyldSharedCache *sharedCache, uint64_t vmaddr, uint64_t size); 92 | 93 | int dsc_read_from_vmaddr(DyldSharedCache *sharedCache, uint64_t vmaddr, size_t size, void *outBuf); 94 | int dsc_read_string_from_vmaddr(DyldSharedCache *sharedCache, uint64_t vmaddr, char **outString); 95 | uint64_t dsc_fileoff_to_vmaddr(DyldSharedCache *sharedCache, DyldSharedCacheFile *file, uint64_t fileoff); 96 | uint64_t dsc_vmaddr_to_fileoff(DyldSharedCache *sharedCache, uint64_t vmaddr, DyldSharedCacheFile **fileOut); 97 | 98 | void dsc_enumerate_images(DyldSharedCache *sharedCache, void (^enumeratorBlock)(const char *path, DyldSharedCacheImage *imageHandle, MachO *imageMachO, bool *stop)); 99 | DyldSharedCacheImage *dsc_find_image_for_section_address(DyldSharedCache *sharedCache, uint64_t address); 100 | MachO *dsc_image_get_macho(DyldSharedCacheImage *image); 101 | DyldSharedCacheImage *dsc_lookup_image_by_address(DyldSharedCache *sharedCache, uint64_t address); 102 | MachO *dsc_lookup_macho_by_address(DyldSharedCache *sharedCache, uint64_t address, DyldSharedCacheImage **imageHandleOut); 103 | DyldSharedCacheImage *dsc_lookup_image_by_path(DyldSharedCache *sharedCache, const char *path); 104 | MachO *dsc_lookup_macho_by_path(DyldSharedCache *sharedCache, const char *path, DyldSharedCacheImage **imageHandleOut); 105 | int dsc_enumerate_chained_fixups(DyldSharedCache *sharedCache, void (^enumeratorBlock)(DyldSharedCachePointer *pointer, bool *stop)); 106 | 107 | int dsc_image_enumerate_symbols(DyldSharedCache *sharedCache, DyldSharedCacheImage *image, void (^enumeratorBlock)(const char *name, uint8_t type, uint64_t vmaddr, bool *stop)); 108 | int dsc_image_enumerate_patches(DyldSharedCache *sharedCache, DyldSharedCacheImage *image, void (^enumeratorBlock)(unsigned v, void *patchable_location, bool *stop)); 109 | int dsc_image_enumerate_chained_fixups(DyldSharedCache *sharedCache, DyldSharedCacheImage *image, void (^enumeratorBlock)(DyldSharedCachePointer *pointer, bool *stop)); 110 | 111 | uint64_t dsc_get_base_address(DyldSharedCache *sharedCache); 112 | 113 | void dsc_free(DyldSharedCache *sharedCache); 114 | 115 | #endif 116 | -------------------------------------------------------------------------------- /Include/choma/Entitlements.h: -------------------------------------------------------------------------------- 1 | #ifndef ENTITLEMENTS_H 2 | #define ENTITLEMENTS_H 3 | 4 | #include "CSBlob.h" 5 | #include "DER.h" 6 | CS_DecodedBlob *create_xml_entitlements_blob(const char *entitlementsFile); 7 | CS_DecodedBlob *create_der_entitlements_blob(const char *entitlementsFile); 8 | 9 | #endif // ENTITLEMENTS_H -------------------------------------------------------------------------------- /Include/choma/Fat.h: -------------------------------------------------------------------------------- 1 | #ifndef MACHO_H 2 | #define MACHO_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "MemoryStream.h" 12 | typedef struct MachO MachO; 13 | typedef struct DyldSharedCache DyldSharedCache; 14 | typedef struct DyldSharedCacheImage DyldSharedCacheImage; 15 | 16 | // A Fat structure can either represent a fat file with multiple slices, in which the slices will be loaded into the slices attribute 17 | // Or a single slice MachO, in which case it serves as a compatibility layer and the single slice will also be loaded into the slices attribute 18 | typedef struct Fat 19 | { 20 | MemoryStream *stream; 21 | MachO **slices; 22 | uint32_t slicesCount; 23 | int fileDescriptor; 24 | } Fat; 25 | 26 | int fat_read_at_offset(Fat *fat, uint64_t offset, size_t size, void *outBuf); 27 | 28 | MemoryStream *fat_get_stream(Fat *fat); 29 | 30 | // Initialise a Fat structure from a memory stream 31 | Fat *fat_init_from_memory_stream(MemoryStream *stream); 32 | 33 | // Initialise a FAT structure from a memory stream of something that is inside a dyld shared cache 34 | Fat *fat_dsc_init_from_memory_stream(MemoryStream *stream, DyldSharedCache *containingCache, DyldSharedCacheImage *cacheImage); 35 | 36 | // Initialise a FAT structure using the path to the file 37 | Fat *fat_init_from_path(const char *filePath); 38 | 39 | // Find macho with cputype and cpusubtype in Fat, returns NULL if not found 40 | MachO *fat_find_slice(Fat *fat, cpu_type_t cputype, cpu_subtype_t cpusubtype); 41 | 42 | // If Fat only has a single slice, return it 43 | MachO *fat_get_single_slice(Fat *fat); 44 | 45 | // Create a Fat structure from an array of MachO structures 46 | Fat *fat_create_for_macho_array(char *firstInputPath, MachO **machoArray, int machoArrayCount); 47 | 48 | // Add a MachO to the Fat structure 49 | int fat_add_macho(Fat *fat, MachO *macho); 50 | 51 | // Free all elements of the Fat structure 52 | void fat_free(Fat *fat); 53 | 54 | #endif // MACHO_H -------------------------------------------------------------------------------- /Include/choma/FileStream.h: -------------------------------------------------------------------------------- 1 | #ifndef FILE_STREAM_H 2 | #define FILE_STREAM_H 3 | 4 | #include "MemoryStream.h" 5 | 6 | #define FILE_STREAM_SIZE_AUTO 0 7 | #define FILE_STREAM_FLAG_WRITABLE (1 << 0) 8 | #define FILE_STREAM_FLAG_AUTO_EXPAND (1 << 1) 9 | 10 | typedef struct FileStreamContext { 11 | int fd; 12 | size_t fileSize; 13 | uint32_t bufferStart; 14 | size_t bufferSize; 15 | } FileStreamContext; 16 | 17 | MemoryStream *file_stream_init_from_file_descriptor_nodup(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags); 18 | MemoryStream *file_stream_init_from_file_descriptor(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags); 19 | MemoryStream *file_stream_init_from_path(const char *path, uint32_t bufferStart, size_t bufferSize, uint32_t flags); 20 | 21 | #endif // FILE_STREAM_H -------------------------------------------------------------------------------- /Include/choma/Host.h: -------------------------------------------------------------------------------- 1 | #ifndef HOST_H 2 | #define HOST_H 3 | 4 | #include "Fat.h" 5 | 6 | #define CPU_SUBTYPE_ARM64E_ABI_V2 0x80000000 7 | 8 | int host_get_cpu_information(cpu_type_t *cputype, cpu_subtype_t *cpusubtype); 9 | 10 | // Retrieve the preferred MachO slice from a Fat 11 | // Preferred slice as in the slice that the kernel would use when loading the file 12 | MachO *fat_find_preferred_slice(Fat *fat); 13 | 14 | #endif // HOST_H -------------------------------------------------------------------------------- /Include/choma/MachO.h: -------------------------------------------------------------------------------- 1 | #ifndef MACHO_SLICE_H 2 | #define MACHO_SLICE_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include "MemoryStream.h" 8 | #include "Fat.h" 9 | #include "DyldSharedCache.h" 10 | 11 | typedef struct MachOSegment 12 | { 13 | struct segment_command_64 command; 14 | struct section_64 sections[]; 15 | } __attribute__((__packed__)) MachOSegment; 16 | 17 | typedef struct FilesetMachO { 18 | char *entry_id; 19 | uint64_t vmaddr; 20 | uint64_t fileoff; 21 | Fat *underlyingMachO; 22 | } FilesetMachO; 23 | 24 | typedef struct MachO { 25 | MemoryStream *stream; 26 | bool is32Bit; 27 | struct mach_header machHeader; 28 | struct fat_arch_64 archDescriptor; 29 | uint64_t cachedBase; 30 | 31 | uint32_t filesetCount; 32 | FilesetMachO *filesetMachos; 33 | 34 | uint32_t segmentCount; 35 | MachOSegment **segments; 36 | 37 | DyldSharedCache *containingCache; 38 | DyldSharedCacheImage *cacheImage; 39 | } MachO; 40 | 41 | // Read data from a MachO at a specified offset 42 | int macho_read_at_offset(MachO *macho, uint64_t offset, size_t size, void *outBuf); 43 | 44 | // Write data from a MachO at a specified offset, auto expands, only works if opened via macho_init_for_writing 45 | int macho_write_at_offset(MachO *macho, uint64_t offset, size_t size, const void *inBuf); 46 | 47 | int macho_read_string_at_offset(MachO *macho, uint64_t offset, char **string); 48 | 49 | MemoryStream *macho_get_stream(MachO *macho); 50 | uint32_t macho_get_filetype(MachO *macho); 51 | size_t macho_get_mach_header_size(MachO *macho); 52 | DyldSharedCache *macho_get_containing_cache(MachO *macho); 53 | 54 | // Perform translation between file offsets and virtual addresses 55 | int macho_translate_fileoff_to_vmaddr(MachO *macho, uint64_t fileoff, uint64_t *vmaddrOut, MachOSegment **segmentOut); 56 | int macho_translate_vmaddr_to_fileoff(MachO *macho, uint64_t vmaddr, uint64_t *fileoffOut, MachOSegment **segmentOut); 57 | 58 | // Wrappers to deal with virtual addresses 59 | int macho_read_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, void *outBuf); 60 | int macho_write_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, const void *inBuf); 61 | int macho_read_string_at_vmaddr(MachO *macho, uint64_t vmaddr, char **outString); 62 | uint64_t macho_get_base_address(MachO *macho); 63 | 64 | int macho_enumerate_load_commands(MachO *macho, void (^enumeratorBlock)(struct load_command loadCommand, uint64_t offset, void *cmd, bool *stop)); 65 | int macho_enumerate_segments(MachO *macho, void (^enumeratorBlock)(struct segment_command_64 *segment, bool *stop)); 66 | int macho_enumerate_sections(MachO *macho, void (^enumeratorBlock)(struct section_64 *section, struct segment_command_64 *segment, bool *stop)); 67 | int macho_enumerate_symbols(MachO *macho, void (^enumeratorBlock)(const char *name, uint8_t type, uint64_t vmaddr, bool *stop)); 68 | int macho_enumerate_dependencies(MachO *macho, void (^enumeratorBlock)(const char *dylibPath, uint32_t cmd, struct dylib* dylib, bool *stop)); 69 | int macho_enumerate_rpaths(MachO *macho, void (^enumeratorBlock)(const char *rpath, bool *stop)); 70 | int macho_enumerate_function_starts(MachO *macho, void (^enumeratorBlock)(uint64_t funcAddr, bool *stop)); 71 | 72 | // Initialise a MachO object from a MemoryStream and it's corresponding Fat arch descriptor 73 | MachO *macho_init(MemoryStream *stream, struct fat_arch_64 archDescriptor); 74 | 75 | // Initialize a single slice macho for writing to it 76 | MachO *macho_init_for_writing(const char *filePath); 77 | 78 | // Create an array of MachO objects from an array of paths 79 | MachO **macho_array_create_for_paths(char **inputPaths, int inputPathsCount); 80 | 81 | // Check if a MachO is encrypted 82 | bool macho_is_encrypted(MachO *macho); 83 | 84 | void macho_free(MachO *macho); 85 | 86 | #endif // MACHO_SLICE_H 87 | -------------------------------------------------------------------------------- /Include/choma/MachOLoadCommand.h: -------------------------------------------------------------------------------- 1 | #ifndef MACHO_LOAD_COMMAND_H 2 | #define MACHO_LOAD_COMMAND_H 3 | 4 | #include 5 | 6 | #ifndef LC_FILESET_ENTRY 7 | 8 | #define MH_FILESET 0xc 9 | #define LC_FILESET_ENTRY 0x80000035 10 | 11 | struct fileset_entry_command { 12 | uint32_t cmd; /* LC_FILESET_ENTRY */ 13 | uint32_t cmdsize; /* includes entry_id string */ 14 | uint64_t vmaddr; /* memory address of the entry */ 15 | uint64_t fileoff; /* file offset of the entry */ 16 | union lc_str entry_id; /* contained entry id */ 17 | uint32_t reserved; /* reserved */ 18 | }; 19 | 20 | #endif 21 | 22 | #include "MachO.h" 23 | #include "FileStream.h" 24 | #include "MachOByteOrder.h" 25 | #include "CSBlob.h" 26 | 27 | // Convert load command to load command name 28 | char *load_command_to_string(int loadCommand); 29 | void update_segment_command_64(MachO *macho, const char *segmentName, uint64_t vmaddr, uint64_t vmsize, uint64_t fileoff, uint64_t filesize); 30 | void update_lc_code_signature(MachO *macho, uint64_t size); 31 | int update_load_commands_for_coretrust_bypass(MachO *macho, CS_SuperBlob *superblob, uint64_t originalCodeSignatureSize); 32 | 33 | #endif // MACHO_LOAD_COMMAND_H -------------------------------------------------------------------------------- /Include/choma/MemoryStream.h: -------------------------------------------------------------------------------- 1 | #ifndef MEMORY_STREAM_H 2 | #define MEMORY_STREAM_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #define MEMORY_STREAM_FLAG_OWNS_DATA (1 << 0) 13 | #define MEMORY_STREAM_FLAG_MUTABLE (1 << 1) 14 | #define MEMORY_STREAM_FLAG_AUTO_EXPAND (1 << 2) 15 | 16 | #define MEMORY_STREAM_SIZE_INVALID (size_t)-1 17 | 18 | // A generic memory IO interface that is used throughout this project 19 | // Can be backed by anything, just the functions have to be implemented 20 | typedef struct s_MemoryStream { 21 | void *context; 22 | uint32_t flags; 23 | 24 | int (*read)(struct s_MemoryStream *stream, uint64_t offset, size_t size, void *outBuf); 25 | int (*write)(struct s_MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); 26 | int (*getSize)(struct s_MemoryStream *stream, size_t *sizeOut); 27 | uint8_t *(*getRawPtr)(struct s_MemoryStream *stream); 28 | 29 | int (*trim)(struct s_MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd); 30 | int (*expand)(struct s_MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd); 31 | 32 | struct s_MemoryStream *(*hardclone)(struct s_MemoryStream *stream); 33 | struct s_MemoryStream *(*softclone)(struct s_MemoryStream *stream); 34 | void (*free)(struct s_MemoryStream *stream); 35 | } MemoryStream; 36 | 37 | int memory_stream_read(MemoryStream *stream, uint64_t offset, size_t size, void *outBuf); 38 | int memory_stream_write(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); 39 | 40 | int memory_stream_insert(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); 41 | int memory_stream_delete(MemoryStream *stream, uint64_t offset, size_t size); 42 | 43 | int memory_stream_read_string(MemoryStream *stream, uint64_t offset, char **outString); 44 | int memory_stream_write_string(MemoryStream *stream, uint64_t offset, const char *string); 45 | 46 | size_t memory_stream_get_size(MemoryStream *stream); 47 | uint8_t *memory_stream_get_raw_pointer(MemoryStream *stream); 48 | uint32_t memory_stream_get_flags(MemoryStream *stream); 49 | 50 | MemoryStream *memory_stream_softclone(MemoryStream *stream); 51 | MemoryStream *memory_stream_hardclone(MemoryStream *stream); 52 | int memory_stream_trim(MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd); 53 | int memory_stream_expand(MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd); 54 | 55 | void memory_stream_free(MemoryStream *stream); 56 | 57 | int memory_stream_copy_data(MemoryStream *originStream, uint64_t originOffset, MemoryStream *targetStream, uint64_t targetOffset, size_t size); 58 | int memory_stream_find_memory(MemoryStream *stream, uint64_t searchStartOffset, uint64_t searchEndOffset, void *bytes, void *mask, size_t nbytes, uint16_t alignment, uint64_t *foundOffsetOut); 59 | 60 | #endif // MEMORY_STREAM_H -------------------------------------------------------------------------------- /Include/choma/PatchFinder.h: -------------------------------------------------------------------------------- 1 | #ifndef PATCHFINDER_H 2 | #define PATCHFINDER_H 3 | 4 | #include 5 | #include "MachO.h" 6 | 7 | enum { 8 | PF_METRIC_TYPE_PATTERN, 9 | PF_METRIC_TYPE_STRING, 10 | PF_METRIC_TYPE_XREF, 11 | }; 12 | 13 | typedef struct s_PFSection { 14 | MachO *macho; 15 | char sectname[16]; 16 | char segname[16]; 17 | uint64_t fileoff; 18 | uint64_t vmaddr; 19 | uint64_t size; 20 | uint32_t initprot; 21 | uint32_t maxprot; 22 | uint8_t *cache; 23 | uint64_t (*pointerDecoder)(struct s_PFSection *section, uint64_t vmaddr, uint64_t value); 24 | } PFSection; 25 | 26 | PFSection *pfsec_init_from_macho(MachO *macho, const char *filesetEntryId, const char *segName, const char *sectName); 27 | MachO *pfsec_get_macho(PFSection *section); 28 | void pfsec_set_pointer_decoder(PFSection *section, uint64_t (*pointerDecoder)(struct s_PFSection *section, uint64_t vmaddr, uint64_t value)); 29 | int pfsec_read_reloff(PFSection *section, uint64_t rel, size_t size, void *outBuf); 30 | uint32_t pfsec_read32_reloff(PFSection *section, uint64_t rel); 31 | int pfsec_read_at_address(PFSection *section, uint64_t vmaddr, void *outBuf, size_t size); 32 | uint32_t pfsec_read32(PFSection *section, uint64_t vmaddr); 33 | uint64_t pfsec_read64(PFSection *section, uint64_t vmaddr); 34 | uint64_t pfsec_read_pointer(PFSection *section, uint64_t vmaddr); 35 | int pfsec_read_string(PFSection *section, uint64_t vmaddr, char **outString); 36 | int pfsec_set_cached(PFSection *section, bool cached); 37 | uint64_t pfsec_find_prev_inst(PFSection *section, uint64_t startAddr, uint32_t searchCount, uint32_t inst, uint32_t mask); 38 | uint64_t pfsec_find_next_inst(PFSection *section, uint64_t startAddr, uint32_t searchCount, uint32_t inst, uint32_t mask); 39 | uint64_t pfsec_find_function_start(PFSection *section, uint64_t midAddr); 40 | bool pfsec_contains_vmaddr(PFSection *section, uint64_t addr); 41 | void pfsec_free(PFSection *section); 42 | 43 | 44 | typedef struct s_MetricShared { 45 | uint32_t type; 46 | } MetricShared; 47 | 48 | typedef struct s_PFPatternMetric { 49 | MetricShared shared; 50 | 51 | void *bytes; 52 | void *mask; 53 | size_t nbytes; 54 | uint16_t alignment; 55 | } PFPatternMetric; 56 | 57 | typedef struct s_PFStringMetric { 58 | MetricShared shared; 59 | 60 | char *string; 61 | } PFStringMetric; 62 | 63 | typedef enum { 64 | XREF_TYPE_MASK_CALL = (1 << 0), 65 | XREF_TYPE_MASK_JUMP = (1 << 1), 66 | XREF_TYPE_MASK_REFERENCE = (1 << 2), 67 | XREF_TYPE_MASK_POINTER = (1 << 3), 68 | XREF_TYPE_MASK_ALL = (XREF_TYPE_MASK_CALL | XREF_TYPE_MASK_REFERENCE | XREF_TYPE_MASK_POINTER), 69 | } PFXrefTypeMask; 70 | 71 | typedef struct s_PFXrefMetric { 72 | MetricShared shared; 73 | 74 | uint64_t address; 75 | PFXrefTypeMask typeMask; 76 | } PFXrefMetric; 77 | 78 | PFPatternMetric *pfmetric_pattern_init(void *bytes, void *mask, size_t nbytes, uint16_t alignment); 79 | PFStringMetric *pfmetric_string_init(const char *string); 80 | PFXrefMetric *pfmetric_xref_init(uint64_t address, PFXrefTypeMask types); 81 | void pfmetric_free(void *metric); 82 | 83 | void pfmetric_run_in_range(PFSection *section, uint64_t startAddr, uint64_t endAddr, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop)); 84 | void pfmetric_run(PFSection *section, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop)); 85 | #endif -------------------------------------------------------------------------------- /Include/choma/PatchFinder_arm64.h: -------------------------------------------------------------------------------- 1 | #ifndef PATCHFINDER_ARM64_H 2 | #define PATCHFINDER_ARM64_H 3 | 4 | #include "PatchFinder.h" 5 | #include "arm64.h" 6 | 7 | typedef enum { 8 | ARM64_XREF_TYPE_BL = 0, 9 | ARM64_XREF_TYPE_B, 10 | ARM64_XREF_TYPE_B_COND, 11 | ARM64_XREF_TYPE_BC_COND, 12 | ARM64_XREF_TYPE_CBZ, 13 | ARM64_XREF_TYPE_CBNZ, 14 | ARM64_XREF_TYPE_TBZ, 15 | ARM64_XREF_TYPE_TBNZ, 16 | ARM64_XREF_TYPE_ADR, 17 | ARM64_XREF_TYPE_ADRP_ADD, 18 | ARM64_XREF_TYPE_ADRP_LDR, 19 | ARM64_XREF_TYPE_ADRP_STR, 20 | ARM64_XREF_TYPE_POINTER, 21 | } Arm64XrefType; 22 | 23 | typedef enum { 24 | ARM64_XREF_TYPE_MASK_BL = (1 << ARM64_XREF_TYPE_BL), 25 | ARM64_XREF_TYPE_MASK_CALL = (ARM64_XREF_TYPE_MASK_BL), 26 | 27 | ARM64_XREF_TYPE_MASK_B = (1 << ARM64_XREF_TYPE_B), 28 | ARM64_XREF_TYPE_MASK_B_COND = (1 << ARM64_XREF_TYPE_B_COND), 29 | ARM64_XREF_TYPE_MASK_BC_COND = (1 << ARM64_XREF_TYPE_BC_COND), 30 | ARM64_XREF_TYPE_MASK_CBZ = (1 << ARM64_XREF_TYPE_CBZ), 31 | ARM64_XREF_TYPE_MASK_CBNZ = (1 << ARM64_XREF_TYPE_CBNZ), 32 | ARM64_XREF_TYPE_MASK_TBZ = (1 << ARM64_XREF_TYPE_TBZ), 33 | ARM64_XREF_TYPE_MASK_TBNZ = (1 << ARM64_XREF_TYPE_TBNZ), 34 | ARM64_XREF_TYPE_MASK_JUMP = (ARM64_XREF_TYPE_B | ARM64_XREF_TYPE_MASK_B_COND | ARM64_XREF_TYPE_MASK_BC_COND | ARM64_XREF_TYPE_MASK_CBZ | ARM64_XREF_TYPE_MASK_CBNZ | ARM64_XREF_TYPE_MASK_TBZ | ARM64_XREF_TYPE_MASK_TBNZ), 35 | 36 | ARM64_XREF_TYPE_MASK_ADR = (1 << ARM64_XREF_TYPE_ADR), 37 | ARM64_XREF_TYPE_MASK_ADRP_ADD = (1 << ARM64_XREF_TYPE_ADRP_ADD), 38 | ARM64_XREF_TYPE_MASK_ADRP_LDR = (1 << ARM64_XREF_TYPE_ADRP_LDR), 39 | ARM64_XREF_TYPE_MASK_ADRP_STR = (1 << ARM64_XREF_TYPE_ADRP_STR), 40 | ARM64_XREF_TYPE_MASK_REFERENCE = (ARM64_XREF_TYPE_MASK_ADR | ARM64_XREF_TYPE_MASK_ADRP_ADD | ARM64_XREF_TYPE_MASK_ADRP_LDR | ARM64_XREF_TYPE_MASK_ADRP_STR), 41 | 42 | ARM64_XREF_TYPE_MASK_POINTER = (1 << ARM64_XREF_TYPE_POINTER), 43 | 44 | ARM64_XREF_TYPE_ALL = (ARM64_XREF_TYPE_MASK_CALL | ARM64_XREF_TYPE_MASK_JUMP | ARM64_XREF_TYPE_MASK_REFERENCE | ARM64_XREF_TYPE_MASK_POINTER), 45 | } Arm64XrefTypeMask; 46 | 47 | bool pfsec_arm64_scan_register_write(PFSection *section, arm64_register reg, uint64_t endAddr, uint64_t startAddr); 48 | uint64_t pfsec_arm64_resolve_adrp_ldr_str_add_reference(PFSection *section, uint64_t adrpAddr, uint64_t ldrStrAddAddr); 49 | uint64_t pfsec_arm64_resolve_adrp_ldr_str_add_reference_auto(PFSection *section, uint64_t ldrStrAddAddr); 50 | uint64_t pfsec_arm64_resolve_stub(PFSection *section, uint64_t stubAddr); 51 | void pfsec_arm64_enumerate_xrefs(PFSection *section, Arm64XrefTypeMask types, void (^xrefBlock)(Arm64XrefType type, uint64_t source, uint64_t target, bool *stop)); 52 | #endif -------------------------------------------------------------------------------- /Include/choma/Util.h: -------------------------------------------------------------------------------- 1 | #ifndef UTIL_H 2 | #define UTIL_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | typedef struct s_optional_uint64 { 9 | bool isSet; 10 | uint64_t value; 11 | } optional_uint64_t; 12 | #define OPT_UINT64_IS_SET(x) (x.isSet) 13 | #define OPT_UINT64_GET_VAL(x) (x.value) 14 | #define OPT_UINT64_NONE (optional_uint64_t){.isSet = false, .value = 0} 15 | #define OPT_UINT64(x) (optional_uint64_t){.isSet = true, .value = x} 16 | 17 | 18 | typedef struct s_optional_bool { 19 | bool isSet; 20 | bool value; 21 | } optional_bool; 22 | #define OPT_BOOL_IS_SET(x) (x.isSet) 23 | #define OPT_BOOL_GET_VAL(x) (x.value) 24 | #define OPT_BOOL_NONE (optional_bool){.isSet = false, .value = false} 25 | #define OPT_BOOL(x) (optional_bool){.isSet = true, .value = x} 26 | 27 | int64_t sxt64(int64_t value, uint8_t bits); 28 | int memcmp_masked(const void *str1, const void *str2, unsigned char* mask, size_t n); 29 | uint64_t align_to_size(int size, int alignment); 30 | void print_hash(uint8_t *hash, size_t size); 31 | void enumerate_range(uint64_t start, uint64_t end, uint16_t alignment, size_t nbytes, bool (^enumerator)(uint64_t cur)); 32 | int read_string(int fd, char **strOut); 33 | bool string_has_prefix(const char *str, const char *prefix); 34 | bool string_has_suffix(const char *str, const char *suffix); 35 | #endif 36 | -------------------------------------------------------------------------------- /Include/choma/arm64.h: -------------------------------------------------------------------------------- 1 | #ifndef ARM64_H 2 | #define ARM64_H 3 | 4 | #include "Util.h" 5 | 6 | typedef enum { 7 | // registers 8 | ARM64_REG_TYPE_X, 9 | ARM64_REG_TYPE_W, 10 | 11 | // vector shit 12 | ARM64_REG_TYPE_Q, 13 | ARM64_REG_TYPE_D, 14 | ARM64_REG_TYPE_S, 15 | ARM64_REG_TYPE_H, 16 | ARM64_REG_TYPE_B, 17 | } arm64_register_type; 18 | 19 | enum { 20 | ARM64_REG_MASK_ANY_FLAG = (1 << 0), 21 | ARM64_REG_MASK_X_W = (1 << 1), 22 | ARM64_REG_MASK_VECTOR = (1 << 2), 23 | ARM64_REG_MASK_ALL = (ARM64_REG_MASK_X_W | ARM64_REG_MASK_VECTOR), 24 | 25 | ARM64_REG_MASK_ANY_X_W = (ARM64_REG_MASK_X_W | ARM64_REG_MASK_ANY_FLAG), 26 | ARM64_REG_MASK_ANY_VECTOR = (ARM64_REG_MASK_VECTOR | ARM64_REG_MASK_ANY_FLAG), 27 | ARM64_REG_MASK_ANY_ALL = (ARM64_REG_MASK_ALL | ARM64_REG_MASK_ANY_FLAG), 28 | }; 29 | 30 | typedef enum { 31 | LDR_STR_TYPE_ANY, // NOTE: "ANY" will inevitably also match STUR and LDUR instructions 32 | LDR_STR_TYPE_POST_INDEX, 33 | LDR_STR_TYPE_PRE_INDEX, 34 | LDR_STR_TYPE_UNSIGNED, 35 | } arm64_ldr_str_type; 36 | 37 | typedef enum { 38 | ARM64_LDP_STP_TYPE_ANY, 39 | ARM64_LDP_STP_TYPE_POST_INDEX, 40 | ARM64_LDP_STP_TYPE_PRE_INDEX, 41 | ARM64_LDP_STP_TYPE_SIGNED, 42 | } arm64_ldp_stp_type; 43 | 44 | typedef struct s_arm64_register { 45 | uint8_t mask; 46 | arm64_register_type type; 47 | uint8_t num; 48 | } arm64_register; 49 | 50 | #define ARM64_REG(type_, num_) (arm64_register){.mask = ARM64_REG_MASK_ALL, .type = type_, .num = num_} 51 | #define ARM64_REG_X(x) ARM64_REG(ARM64_REG_TYPE_X, x) 52 | #define ARM64_REG_W(x) ARM64_REG(ARM64_REG_TYPE_W, x) 53 | #define ARM64_REG_Q(x) ARM64_REG(ARM64_REG_TYPE_Q, x) 54 | #define ARM64_REG_S(x) ARM64_REG(ARM64_REG_TYPE_S, x) 55 | #define ARM64_REG_H(x) ARM64_REG(ARM64_REG_TYPE_H, x) 56 | #define ARM64_REG_B(x) ARM64_REG(ARM64_REG_TYPE_B, x) 57 | #define ARM64_REG_ANY (arm64_register){.mask = ARM64_REG_MASK_ANY_ALL, .type = 0, .num = 0} 58 | #define ARM64_REG_ANY_X_W (arm64_register){.mask = ARM64_REG_MASK_ANY_X_W, .type = 0, .num = 0} 59 | #define ARM64_REG_ANY_VECTOR (arm64_register){.mask = ARM64_REG_MASK_ANY_VECTOR, .type = 0, .num = 0} 60 | #define ARM64_REG_GET_TYPE(x) (x.type) 61 | #define ARM64_REG_IS_X(x) (x.type == ARM64_REG_TYPE_X) 62 | #define ARM64_REG_IS_W(x) (x.type == ARM64_REG_TYPE_W) 63 | #define ARM64_REG_IS_VECTOR(x) (x.type == ARM64_REG_TYPE_Q || x.type == ARM64_REG_TYPE_D || x.type == ARM64_REG_TYPE_S || x.type == ARM64_REG_TYPE_H || x.type == ARM64_REG_TYPE_B) 64 | #define ARM64_REG_GET_NUM(x) (x.num & 0x1f) 65 | #define ARM64_REG_IS_ANY(x) (x.mask == ARM64_REG_MASK_ANY_ALL) 66 | #define ARM64_REG_IS_ANY_X_W(x) (x.mask == ARM64_REG_MASK_ANY_X_W) 67 | #define ARM64_REG_IS_ANY_VECTOR(x) (x.mask == ARM64_REG_MASK_ANY_VECTOR) 68 | uint8_t arm64_reg_type_get_width(arm64_register_type type); 69 | const char *arm64_reg_type_get_string(arm64_register_type type); 70 | const char *arm64_reg_get_type_string(arm64_register reg); 71 | 72 | #define ARM64_REG_NUM_SP 31 73 | 74 | typedef struct s_arm64_cond { 75 | bool isSet; 76 | uint8_t value; 77 | } arm64_cond; 78 | #define ARM64_COND(x) (arm64_cond){.isSet = true, .value = x} 79 | #define ARM64_COND_ANY (arm64_cond){.isSet = false, .value = 0} 80 | #define ARM64_COND_GET_VAL(x) (x.value & 0xf) 81 | #define ARM64_COND_IS_SET(x) x.isSet 82 | 83 | int arm64_gen_b_l(optional_bool optIsBl, optional_uint64_t optOrigin, optional_uint64_t optTarget, uint32_t *bytesOut, uint32_t *maskOut); 84 | int arm64_dec_b_l(uint32_t inst, uint64_t origin, uint64_t *targetOut, bool *isBlOut); 85 | int arm64_gen_b_c_cond(optional_bool optIsBc, optional_uint64_t optOrigin, optional_uint64_t optTarget, arm64_cond optCond, uint32_t *bytesOut, uint32_t *maskOut); 86 | int arm64_dec_b_c_cond(uint32_t inst, uint64_t origin, uint64_t *targetOut, arm64_cond *condOut, bool *isBcOut); 87 | int arm64_gen_adr_p(optional_bool optIsAdrp, optional_uint64_t optOrigin, optional_uint64_t optTarget, arm64_register reg, uint32_t *bytesOut, uint32_t *maskOut); 88 | int arm64_dec_adr_p(uint32_t inst, uint64_t origin, uint64_t *targetOut, arm64_register *registerOut, bool *isAdrpOut); 89 | int arm64_gen_mov_imm(char type, arm64_register destinationReg, optional_uint64_t optImm, optional_uint64_t optShift, uint32_t *bytesOut, uint32_t *maskOut); 90 | int arm64_dec_mov_imm(uint32_t inst, arm64_register *destinationRegOut, uint64_t *immOut, uint64_t *shiftOut, char *typeOut); 91 | int arm64_gen_mov_reg(arm64_register destinationReg, arm64_register sourceReg, uint32_t *bytesOut, uint32_t *maskOut); 92 | int arm64_dec_mov_reg(uint32_t inst, arm64_register *destinationRegOut, arm64_register *sourceRegOut); 93 | int arm64_gen_add_imm(arm64_register destinationReg, arm64_register sourceReg, optional_uint64_t optImm, uint32_t *bytesOut, uint32_t *maskOut); 94 | int arm64_dec_add_imm(uint32_t inst, arm64_register *destinationRegOut, arm64_register *sourceRegOut, uint16_t *immOut); 95 | int arm64_gen_sub_imm(arm64_register destinationReg, arm64_register sourceReg, optional_uint64_t optImm, optional_bool optS, uint32_t *bytesOut, uint32_t *maskOut); 96 | int arm64_dec_sub_imm(uint32_t inst, arm64_register *destinationRegOut, arm64_register *sourceRegOut, uint16_t *immOut, bool *sOut); 97 | int arm64_gen_ldr_imm(char type, arm64_ldr_str_type instType, arm64_register destinationReg, arm64_register addrReg, optional_uint64_t optImm, uint32_t *bytesOut, uint32_t *maskOut); 98 | int arm64_dec_ldr_imm(uint32_t inst, arm64_register *destinationReg, arm64_register *addrReg, uint64_t *immOut, char *typeOut, arm64_ldr_str_type *instTypeOut); 99 | int arm64_gen_ldrs_imm(char type, arm64_ldr_str_type instType, arm64_register destinationReg, arm64_register addrReg, optional_uint64_t optImm, uint32_t *bytesOut, uint32_t *maskOut); 100 | int arm64_dec_ldrs_imm(uint32_t inst, arm64_register *destinationRegOut, arm64_register *addrRegOut, uint64_t *immOut, char *typeOut, arm64_ldr_str_type *instTypeOut); 101 | int arm64_gen_str_imm(char type, arm64_ldr_str_type instType, arm64_register sourceReg, arm64_register addrReg, optional_uint64_t optImm, uint32_t *bytesOut, uint32_t *maskOut); 102 | int arm64_dec_str_imm(uint32_t inst, arm64_register *sourceRegOut, arm64_register *addrRegOut, uint64_t *immOut, char *typeOut, arm64_ldr_str_type *instTypeOut); 103 | int arm64_gen_ldr_lit(arm64_register destinationReg, optional_uint64_t optOrigin, optional_uint64_t optTarget, uint32_t *bytesOut, uint32_t *maskOut); 104 | int arm64_dec_ldr_lit(uint32_t inst, uint64_t origin, uint64_t *targetOut, arm64_register *destinationReg); 105 | int arm64_gen_ldp(arm64_ldp_stp_type instType, arm64_register destinationReg1, arm64_register destinationReg2, arm64_register addrReg, optional_uint64_t optImm, uint32_t *bytesOut, uint32_t *maskOut); 106 | int arm64_gen_cb_n_z(optional_bool isCbnz, arm64_register reg, optional_uint64_t optTarget, uint32_t *bytesOut, uint32_t *maskOut); 107 | int arm64_dec_cb_n_z(uint32_t inst, uint64_t origin, bool *isCbnzOut, arm64_register *regOut, uint64_t *targetOut); 108 | int arm64_gen_tb_n_z(optional_bool isTbnz, arm64_register reg, optional_uint64_t optTarget, optional_uint64_t optBit, uint32_t *bytesOut, uint32_t *maskOut); 109 | int arm64_dec_tb_n_z(uint32_t inst, uint64_t origin, bool *isTbnzOut, arm64_register *regOut, uint64_t *targetOut, uint64_t *bitOut); 110 | #endif -------------------------------------------------------------------------------- /Include/libkrw.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBKRW_H 2 | #define LIBKRW_H 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #include 9 | #include 10 | 11 | /** 12 | * libkrw - Library for kernel read/write 13 | * 14 | * The purpose of this library is to provide a standard interface for common 15 | * kernel memory operations. Subsets of those have historically been exported 16 | * by most jailbreaks, but the provided interfaces are increasingly shifting, 17 | * thus calling for a standard interface. 18 | * 19 | * It is understood that hardly any jailbreak provides the necessary primitives 20 | * to implement ALL of the below functions. Thus, an implementer of this API 21 | * is free to implement any subset of their choosing, even an empty one, and 22 | * simply "stub" the remaining functions to return `ENOTSUP` unconditionally. 23 | * 24 | * All functions exported by this library return an `int` status code, where: 25 | * - The value `0` indicates success. 26 | * - The values `1` through `255` indicate failure and correspond to their 27 | * definitions in (or are reserved, if no such definition exists). 28 | * - All other return values are implementation-defined, but indicate failure. 29 | * 30 | * Notable conditions where values from should be used include: 31 | * - `EPERM` The requested operation requires root, an entitlement, or some 32 | * other form of elevated privileges. 33 | * - `EINVAL` An invalid argument was provided to the function. 34 | * - `EDEVERR` The requested operation is supported in this implementation, but 35 | * could not be completed for some reason. 36 | * - `ENOTSUP` The requested operation is not supported in this implementation. 37 | * 38 | * Further shall be noted that due to the inherently unsafe nature of direct 39 | * kernel memory accesses, functions that take kernel addresses as arguments 40 | * from the caller may panic the kernel, and implementers of this interface may 41 | * choose to defend against that, but are not expected to do so. They ARE 42 | * however expected to defend against causing kernel panics in functions that do 43 | * NOT take kernel addresses as arguments. 44 | **/ 45 | 46 | 47 | /** 48 | * kbase - Kernel base 49 | * 50 | * Stores the kernel base in `*addr`. The kernel base is the location of the XNU 51 | * Mach-O header, and corresponds to a file offset of 0 in the kernel Mach-O. 52 | * On failure, `*addr` is left unchanged. 53 | **/ 54 | int kbase(uint64_t *addr); 55 | 56 | /** 57 | * kread - Read kernel memory 58 | * 59 | * Reads `len` bytes from the kernel address provided in `from`, and writes them 60 | * to the buffer provided in `to`. Both provided ranges must not overflow their 61 | * respective types. 62 | * On failure, no guarantee is made about the amout of bytes read. 63 | **/ 64 | int kread(uint64_t from, void *to, size_t len); 65 | 66 | /** 67 | * kwrite - Write kernel memory 68 | * 69 | * Reads `len` bytes from the buffer provided in `from`, and writes them to the 70 | * kernel address provided in `to`. Both provided ranges must not overflow their 71 | * respective types. 72 | * On failure, no guarantee is made about the amout of bytes written. 73 | **/ 74 | int kwrite(void *from, uint64_t to, size_t len); 75 | 76 | /** 77 | * kmalloc - Allocate kernel memory 78 | * 79 | * Allocates a region in kernel memory that is large enough to hold at least 80 | * `size` bytes, and writes the address of that allocation to `*addr`. The 81 | * allocated memory is guaranteed to be readable and writeable, as well as 82 | * aligned to at least 8 bytes. No guarantee is made about where it is allocated 83 | * from, only that it is valid in the kernel's virtual address space and will 84 | * remain valid until explicitly deallocated with `kdealloc`. 85 | * On failure, `*addr` is left unchanged. 86 | **/ 87 | int kmalloc(uint64_t *addr, size_t size); 88 | 89 | /** 90 | * kdealloc - Deallocate kernel memory 91 | * 92 | * Deallocates a region of kernel memory that was allocated with `kmalloc`. The 93 | * provided `size` must be the same that was passed to `kmalloc`. 94 | **/ 95 | int kdealloc(uint64_t addr, size_t size); 96 | 97 | /** 98 | * kcall - Call kernel code 99 | * 100 | * Invokes the kernel code at address `func` with a variable number of arguments 101 | * from `argv` and stores the return value in `*ret`. 102 | * On failure, `*ret` is left unchanged. 103 | **/ 104 | int kcall(uint64_t func, size_t argc, const uint64_t *argv, uint64_t *ret); 105 | 106 | /** 107 | * physread 108 | * 109 | * Same as `kread`, but with a physical address in `from`. All reads happen with 110 | * the same unit size, which is the amount of bytes given in `granule`. An error 111 | * must be returned if the requested granule is not supported. 112 | **/ 113 | int physread(uint64_t from, void *to, size_t len, uint8_t granule); 114 | 115 | /** 116 | * physwrite 117 | * 118 | * Same as `kwrite`, but with a physical address in `to`. All writes happen with 119 | * the same unit size, which is the amount of bytes given in `granule`. An error 120 | * must be returned if the requested granule is not supported. 121 | **/ 122 | int physwrite(void *from, uint64_t to, size_t len, uint8_t granule); 123 | 124 | #ifdef __cplusplus 125 | } 126 | #endif 127 | 128 | #endif 129 | -------------------------------------------------------------------------------- /Include/libkrw_plugin.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBKRW_PLUGIN_H 2 | #define LIBKRW_PLUGIN_H 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #include 9 | #include 10 | 11 | /** 12 | * libkrw - Library for kernel read/write 13 | * 14 | * The purpose of this library is to provide a standard interface for common 15 | * kernel memory operations. Subsets of those have historically been exported 16 | * by most jailbreaks, but the provided interfaces are increasingly shifting, 17 | * thus calling for a standard interface. 18 | * 19 | * It is understood that hardly any jailbreak provides the necessary primitives 20 | * to implement ALL of the below functions. Thus, an implementer of this API 21 | * is free to implement any subset of their choosing, even an empty one, and 22 | * simply "stub" the remaining functions to return `ENOTSUP` unconditionally. 23 | * 24 | * All functions imported by this library are expected to return an `int` status 25 | * code, where: 26 | * - The value `0` indicates success. 27 | * - The values `1` through `255` indicate failure and correspond to their 28 | * definitions in (or are reserved, if no such definition exists). 29 | * - All other return values are implementation-defined, but indicate failure. 30 | * 31 | * Notable conditions where values from should be used include: 32 | * - `EPERM` The requested operation requires root, an entitlement, or some 33 | * other form of elevated privileges. 34 | * - `EINVAL` An invalid argument was provided to the function. 35 | * - `EDEVERR` The requested operation is supported in this implementation, but 36 | * could not be completed for some reason. 37 | * - `ENOTSUP` The requested operation is not supported in this implementation. 38 | * 39 | * Further shall be noted that due to the inherently unsafe nature of direct 40 | * kernel memory accesses, functions that take kernel addresses as arguments 41 | * from the caller may panic the kernel, and implementers of this interface may 42 | * choose to defend against that, but are not expected to do so. They ARE 43 | * however expected to defend against causing kernel panics in functions that do 44 | * NOT take kernel addresses as arguments. 45 | **/ 46 | 47 | typedef int (*krw_kbase_func_t)(uint64_t *addr); 48 | typedef int (*krw_kread_func_t)(uint64_t from, void *to, size_t len); 49 | typedef int (*krw_kwrite_func_t)(void *from, uint64_t to, size_t len); 50 | typedef int (*krw_kmalloc_func_t)(uint64_t *addr, size_t size); 51 | typedef int (*krw_kdealloc_func_t)(uint64_t addr, size_t size); 52 | typedef int (*krw_kcall_func_t)(uint64_t func, size_t argc, const uint64_t *argv, uint64_t *ret); 53 | typedef int (*krw_physread_func_t)(uint64_t from, void *to, size_t len, uint8_t granule); 54 | typedef int (*krw_physwrite_func_t)(void *from, uint64_t to, size_t len, uint8_t granule); 55 | 56 | // This struct must only be extended so that old plugins can still load 57 | #define LIBKRW_HANDLERS_VERSION 0 58 | struct krw_handlers_s { 59 | uint64_t version; 60 | krw_kbase_func_t kbase; 61 | krw_kread_func_t kread; 62 | krw_kwrite_func_t kwrite; 63 | krw_kmalloc_func_t kmalloc; 64 | krw_kdealloc_func_t kdealloc; 65 | krw_kcall_func_t kcall; 66 | krw_physread_func_t physread; 67 | krw_physwrite_func_t physwrite; 68 | }; 69 | 70 | typedef struct krw_handlers_s* krw_handlers_t; 71 | 72 | /** 73 | * krw_initializer_t - plugin initialization prototype 74 | * 75 | * Called krw_initializer_t krw_initializer is called when a plugin is opened to 76 | * determine if read/write primitives are available 77 | * 78 | * krw_initializer should set as many of handlers->kread, handlers->kwrite, handlers->kbase, 79 | * handlers->kmalloc, and handlers->kdealloc as possible on success - any not set will 80 | * return unsupported. 81 | * 82 | * Called krw_initializer_t kcall_initializer is called when a plugin is opened to 83 | * determine if read/write primitives are available. It is passed a structure containing 84 | * populated kread/kwrite functions 85 | * 86 | * kcall_initializer should set as many of handlers->kcall, handlers->physread, and 87 | * handlers->physwrite as possible on success. any not set will return unsupported. 88 | * 89 | * Retuns 0 if read/write are supported by this plugin 90 | **/ 91 | typedef int (*krw_plugin_initializer_t)(krw_handlers_t handlers); 92 | 93 | #ifdef __cplusplus 94 | } 95 | #endif 96 | 97 | #endif 98 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/kernel.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file kernel.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for kernel.c 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_KERNEL_H 16 | #define X8A4_KERNEL_H 17 | 18 | /* Include headers */ 19 | #include 20 | 21 | /* External prototypes */ 22 | extern kern_return_t IOConnectCallStructMethod(io_connect_t service, uint32_t external_selector, const void *args1, size_t arg1_size, void *args2, size_t *args2_size); 23 | 24 | /* Prototypes */ 25 | uint64_t krw_get_kbase(void); 26 | int tfp0_init(void); 27 | int xpf_init(void); 28 | const char *get_kernel_path(void); 29 | #if 0 30 | const char *get_kernel_path_legacy2(void); 31 | const char *get_kernel_path_legacy(void); 32 | #endif 33 | int kread_smr(uint64_t addr, uint64_t *value, size_t sz); 34 | uint64_t unsign_ptr(uint64_t *addr); 35 | uint64_t get_our_proc(void); 36 | uint64_t get_our_task(void); 37 | uint64_t get_ipc_port(mach_port_name_t port_name); 38 | uint64_t get_ipc_kobject(io_service_t service); 39 | int io_generate_apnonce(void); 40 | int io_clear_apnonce(void); 41 | 42 | /* Cached Variables */ 43 | extern char *kernel_path_cached; 44 | extern uint64_t our_proc_cached; 45 | extern uint64_t our_task_cached; 46 | 47 | #endif // X8A4_KERNEL_H 48 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/kpf.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/27/24. 3 | // 4 | 5 | /** 6 | * @file kpf.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for kpf.c 9 | * @version 1.0.1 10 | * @date 2024-04-27 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_KPF_H 16 | #define X8A4_KPF_H 17 | 18 | /* Include Headers */ 19 | #include 20 | #include 21 | 22 | /* External prototypes */ 23 | extern PFSection *xpf_pfsec_init(const char *filesetEntryId, const char *segName, const char *sectName); 24 | 25 | /* Prototypes */ 26 | int xpf_setup_fileset_sections(void); 27 | void xpf_free_fileset_sections(void); 28 | uint64_t xpf_find_nonce_slots_array(void); 29 | uint64_t xpf_find_nonce_domains_array(void); 30 | int xpf_find_nonce_slots_array_length(void); 31 | int xpf_find_nonce_domains_array_length(uint64_t nonce_domains_array_addr); 32 | int xpf_find_cryptex_boot_domain_index(uint64_t nonce_domains_array_addr, int nonce_domains_array_length); 33 | 34 | /* Extern Variables */ 35 | extern PFSection *apple_image4_fileset_sections[3]; 36 | 37 | /* Cached Variables */ 38 | extern uint64_t kpf_nonce_domains_cached; 39 | extern int kpf_nonce_domains_length_cached; 40 | 41 | #endif // X8A4_KPF_H 42 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/nvram.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 12/19/24. 3 | // 4 | 5 | /** 6 | * @file nvram.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for nvram.c 9 | * @version 1.0.1 10 | * @date 2024-12-19 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_NVRAM_H 16 | #define X8A4_NVRAM_H 17 | 18 | #include 19 | #include 20 | 21 | /* Enum Variables */ 22 | enum nvram_key_type { 23 | KEY_NORMAL = 0, 24 | KEY_SYSTEM, 25 | KEY_NVRAM, 26 | }; 27 | 28 | /* Structure Variables */ 29 | struct nvram_key { 30 | enum nvram_key_type type; 31 | char *key_original; 32 | char *key; 33 | }; 34 | 35 | /* Defines */ 36 | #define NVRAM_KEY_LIMIT 100 37 | #define kAppleSystemVarGUID "40A0DDD2-77F8-4392-B4A3-1E7304206516:" 38 | #define kAppleNVRAMGUID "7C436110-AB2A-4BBB-A880-FE41995C9F82:" 39 | #define kNonceSeedsPropertyKey "nonce-seeds" 40 | #define kKRNC1BTPropertyKey "krn.c1bt" 41 | #define kBootNoncePropertyKey "com.apple.System.boot-nonce" 42 | 43 | /* Prototypes */ 44 | uint64_t get_service_nvram_dict(io_service_t service); 45 | uint8_t *get_nvram_entry_bytes(uint64_t nvram_dict, const char *key, enum os_type type, uint32_t *out_size); 46 | int set_nvram_entry_bytes(uint64_t nvram_dict, const char *key, uint8_t *entry_bytes, uint32_t size, enum os_type type); 47 | 48 | /* Cached Variables */ 49 | extern struct nvram_key *nvram_keys_cached; 50 | extern int nvram_keys_count_cached; 51 | 52 | #endif // X8A4_NVRAM_H 53 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/offsets.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/19/24. 3 | // 4 | 5 | /** 6 | * @file offsets.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for offsets.c 9 | * @version 1.0.1 10 | * @date 2024-04-19 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_OFFSETS_H 16 | #define X8A4_OFFSETS_H 17 | 18 | /* Include headers */ 19 | #include 20 | 21 | /* Enum Variables */ 22 | enum apple_mobile_apnonce_external_selectors { 23 | APPLE_MOBILE_AP_NONCE_GENERATE_NONCE_SEL = 0xC8, 24 | APPLE_MOBILE_AP_NONCE_CLEAR_NONCE_SEL = 0xC9, 25 | APPLE_MOBILE_AP_NONCE_RETRIEVE_NONCE_SEL = 0xCA, 26 | }; 27 | 28 | /* Structure Variables */ 29 | struct kernel_offsets { 30 | uint64_t proc_pid; 31 | uint64_t proc_task; 32 | uint64_t proc_list_next; 33 | uint64_t proc_struct_size; 34 | uint64_t all_proc; 35 | uint64_t itk_space; 36 | uint64_t task_itk_space_table; 37 | uint64_t table_smr; 38 | uint64_t smr; 39 | uint64_t ipc_entry_object; 40 | uint64_t ipc_entry_size; 41 | uint64_t ipc_port_kobject; 42 | uint64_t ipc_port_kobject_is_iomachport; 43 | uint64_t iomachport_object; 44 | uint64_t t1sz_boot; 45 | uint64_t io_dt_nvram; 46 | uint64_t os_dict; 47 | uint64_t os_dict_size; 48 | uint64_t os_string; 49 | uint64_t os_metabase_size; 50 | uint64_t os_data; 51 | uint64_t os_list[2]; 52 | uint64_t io_aes_accel_special_keys; 53 | uint64_t io_aes_accel_special_keys_size; 54 | }; 55 | 56 | /* Prototypes */ 57 | int offsets_init(void); 58 | 59 | /* External Variables */ 60 | extern struct kernel_offsets *koffsets_cached; 61 | 62 | #endif // X8A4_OFFSETS_H 63 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/osobject.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 12/19/24. 3 | // 4 | 5 | /** 6 | * @file osobject.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for osobject.c 9 | * @version 1.0.1 10 | * @date 2024-12-19 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_OSOBJECT_H 16 | #define X8A4_OSOBJECT_H 17 | 18 | /* Include headers */ 19 | #include 20 | 21 | /* Enum Variables */ 22 | enum os_type { 23 | OS_DATA, 24 | OS_STRING, 25 | }; 26 | 27 | /* Structure Variables */ 28 | struct os_dict_entry { 29 | uint64_t key; 30 | uint64_t val; 31 | }; 32 | 33 | /* Prototypes */ 34 | uint64_t os_object_cast(uint64_t object, enum os_type type); 35 | uint32_t get_os_metabase_size(uint64_t object); 36 | uint64_t get_os_dict_from_os_object(uint64_t os_object); 37 | uint32_t get_os_dict_size(uint64_t dict); 38 | uint32_t extract_os_size(uint32_t *size); 39 | uint64_t get_entry_from_os_dict(uint64_t dict, enum os_type entry_type, const char *entry_key, uint32_t *out_size); 40 | 41 | #endif // X8A4_OSOBJECT_H 42 | -------------------------------------------------------------------------------- /Include/x8A4/Kernel/slide.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file slide.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for slide.c 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | #ifndef X8A4_SLIDE_H 15 | #define X8A4_SLIDE_H 16 | 17 | /* Include headers */ 18 | #include 19 | 20 | /* Prototypes */ 21 | uint64_t get_slide(void); 22 | uint64_t palera1n_get_slide(void); 23 | 24 | /* Cached Variables */ 25 | extern uint64_t slide_cached; 26 | 27 | #endif//X8A4_SLIDE_H 28 | -------------------------------------------------------------------------------- /Include/x8A4/Logger/logger.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 12/22/24. 3 | // 4 | 5 | /** 6 | * @file logger.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for logger.c 9 | * @version 1.0.1 10 | * @date 2024-12-22 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_LOGGER_H 16 | #define X8A4_LOGGER_H 17 | 18 | /* Include headers */ 19 | #include 20 | 21 | /* Enum Variables */ 22 | enum LOG_LEVEL { 23 | LOG_INFO = 0, 24 | LOG_ERROR, 25 | LOG_DEBUG, 26 | LOG_DEBUG_ERROR, 27 | }; 28 | 29 | /* Defines */ 30 | #define x8A4_log(format, ...) x8A4_logger(LOG_INFO, NULL, format, __VA_ARGS__) 31 | #define x8A4_log_debug(format, ...) x8A4_logger(LOG_DEBUG, __FUNCTION__, format, __VA_ARGS__) 32 | #define x8A4_log_error(format, ...) x8A4_logger(LOG_ERROR, __FUNCTION__, format, __VA_ARGS__) 33 | #define x8A4_log_debug_error(format, ...) x8A4_logger(LOG_DEBUG_ERROR, __FUNCTION__, format, __VA_ARGS__) 34 | 35 | /* Prototypes */ 36 | void x8A4_log_print(FILE *stream, const char *format, ...); 37 | void x8A4_log_function(FILE *stream, const char *func, const char *format, va_list args); 38 | void x8A4_logger(enum LOG_LEVEL level, const char *func, const char *format, ...); 39 | 40 | #endif // X8A4_LOGGER_H -------------------------------------------------------------------------------- /Include/x8A4/Registry/registry.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file registry.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for registry.c 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_REGISTRY_H 16 | #define X8A4_REGISTRY_H 17 | 18 | /* Include headers */ 19 | #include 20 | #include 21 | #include 22 | 23 | /* External Variables */ 24 | extern const mach_port_t kIOMasterPortDefault; 25 | 26 | /* Typedefs */ 27 | typedef mach_port_t io_object_t; 28 | typedef io_object_t io_registry_entry_t; 29 | typedef char io_string_t[512]; 30 | typedef uint32_t IOOptionBits; 31 | 32 | /* External prototypes */ 33 | io_registry_entry_t IORegistryEntryFromPath(mach_port_t, const io_string_t); 34 | extern CFTypeRef IORegistryEntryCreateCFProperty(io_registry_entry_t, CFStringRef, CFAllocatorRef, IOOptionBits); 35 | extern kern_return_t IORegistryEntrySetCFProperty(io_registry_entry_t, CFStringRef, CFTypeRef); 36 | extern kern_return_t IOObjectRelease(io_object_t kobject); 37 | 38 | /* Defines */ 39 | #define kIODeviceTreePlane "IODeviceTree" 40 | #define IO_OBJECT_NULL ((io_object_t)0) 41 | #define kIONVRAMDeletePropertyKey "IONVRAM-DELETE-PROPERTY" 42 | #define kIONVRAMSyncNowPropertyKey "IONVRAM-SYNCNOW-PROPERTY" 43 | #define kIONVRAMForceSyncNowPropertyKey "IONVRAM-FORCESYNCNOW-PROPERTY" 44 | 45 | /* Prototypes */ 46 | io_registry_entry_t get_dtre_chosen(void); 47 | io_registry_entry_t get_dtre_options(void); 48 | CFDataRef get_hash_method_ref(void); 49 | CFDataRef get_boot_manifest_hash_ref(void); 50 | CFDataRef get_nonce_seeds_ref(void); 51 | CFDataRef get_boot_nonce_ref(void); 52 | uint32_t get_hash_method_len(void); 53 | uint32_t get_boot_manifest_hash_len(void); 54 | uint32_t get_nonce_seeds_len(void); 55 | uint32_t get_boot_nonce_len(void); 56 | const char *get_hash_method_registry(void); 57 | const uint8_t *get_boot_manifest_hash_registry(void); 58 | const uint8_t *get_nonce_seeds_registry(void); 59 | const uint8_t *get_boot_nonce_registry(void); 60 | uint32_t get_hash_len(void); 61 | int set_nvram_entry(io_registry_entry_t nvram_entry, const char *key, const char *value); 62 | 63 | /* Cached Variables */ 64 | extern io_registry_entry_t chosen_cached; 65 | extern io_registry_entry_t options_cached; 66 | extern CFDataRef hash_method_ref_cached; 67 | extern size_t hash_method_len_cached; 68 | extern const char *hash_method_cached; 69 | extern size_t hash_len_cached; 70 | 71 | #endif // X8A4_REGISTRY_H 72 | -------------------------------------------------------------------------------- /Include/x8A4/Services/services.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file services.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for services.c 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_SERVICES_H 16 | #define X8A4_SERVICES_H 17 | 18 | /* Include headers */ 19 | #include 20 | #include 21 | #include 22 | 23 | /* Typedefs */ 24 | typedef io_object_t io_service_t; 25 | typedef io_object_t io_connect_t; 26 | 27 | /* External prototypes */ 28 | io_service_t IOServiceGetMatchingService(mach_port_t, CFDictionaryRef); 29 | CFMutableDictionaryRef IOServiceMatching(const char *); 30 | extern kern_return_t IOServiceOpen(io_service_t service, task_port_t task_port, uint32_t arg3, io_connect_t *service_out); 31 | extern kern_return_t IOServiceClose(io_connect_t service); 32 | 33 | /* Prototypes */ 34 | io_service_t get_io_aes_accel_service(void); 35 | io_connect_t get_apple_mobile_ap_nonce_service(void); 36 | 37 | /* Cached Variables */ 38 | extern io_service_t io_aes_accel_service_cached; 39 | extern io_connect_t apple_mobile_ap_nonce_service_cached; 40 | extern io_connect_t apple_mobile_ap_nonce_service2_cached; 41 | 42 | #endif//X8A4_SERVICES_H 43 | -------------------------------------------------------------------------------- /Include/x8A4/x8A4.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file x8A4.h 7 | * @author Cryptiiiic 8 | * @brief This file is the header file for x8A4.c 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | #ifndef X8A4_X8A4_H 16 | #define X8A4_X8A4_H 17 | 18 | /* Include headers */ 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | /* Structure Variables */ 30 | struct x8A4_accel_key { 31 | uint32_t generated; 32 | uint32_t key_id; 33 | uint32_t key_sz; 34 | uint32_t key[4]; 35 | uint32_t iv[4]; 36 | uint32_t zero; 37 | uint32_t pad; 38 | } __attribute__((packed, aligned(1))); 39 | 40 | struct x8A4_nonce_domain { 41 | char *description; 42 | char *entitlement; 43 | uint64_t unknown_num; 44 | uint32_t *hash_length_function; 45 | uint32_t *domain_accessible_apshadow_function; 46 | uint64_t domain_index; 47 | uint64_t generate_flag; 48 | uint64_t io_aes_accel_key; 49 | } __attribute__((packed, aligned(1))); 50 | 51 | struct x8A4_nonce_descriptor { 52 | char *description; 53 | char unique_string[9]; 54 | uint8_t pad[0x27]; 55 | char *entitlement; 56 | uint64_t domain_index; 57 | uint64_t unknown_num1; 58 | uint64_t unknown_num2; 59 | uint64_t *nonce_domain_boot_select_chip_default_function; 60 | uint64_t *nonce_domain_boot_nonce_accessible_function; 61 | } __attribute__((packed, aligned(1))); 62 | 63 | struct x8A4_nonce_slot { 64 | struct x8A4_nonce_descriptor *nonce_slot_domain_descriptor; 65 | uint64_t *nonce_slot_init_function; 66 | uint64_t *nonce_slot_lock_function; 67 | uint64_t *nonce_slot_unlock_function; 68 | uint64_t *nonce_slot_data; 69 | } __attribute__((packed, aligned(1))); 70 | 71 | struct x8A4_nonce_seeds_header { 72 | uint32_t blob_version; 73 | uint8_t pad[6]; 74 | uint64_t hash_size; 75 | uint8_t boot_manifest_hash[48]; 76 | uint8_t end_data[9]; 77 | } __attribute__((packed, aligned(1))); 78 | 79 | struct x8A4_nonce_seed { 80 | uint8_t unused_pad[8]; 81 | uint8_t seed[16]; 82 | uint8_t unused_end_pad[16]; 83 | } __attribute__((packed, aligned(1))); 84 | 85 | struct x8A4_nonce_seeds { 86 | struct x8A4_nonce_seeds_header header; 87 | struct x8A4_nonce_seed seeds[]; 88 | } __attribute__((packed, aligned(1))); 89 | 90 | struct x8A4_nonce_seeds_slot_header { 91 | uint8_t pad[4]; 92 | uint8_t unknown_val; 93 | } __attribute__((packed, aligned(1))); 94 | 95 | struct x8A4_nonce_seeds_slot_seed { 96 | uint8_t seed[16]; 97 | uint8_t pad[16]; 98 | } __attribute__((packed, aligned(1))); 99 | 100 | struct x8A4_nonce_seeds_slot { 101 | struct x8A4_nonce_seeds_slot_header header; 102 | struct x8A4_nonce_seeds_slot_seed seed; 103 | } __attribute__((packed, aligned(1))); 104 | 105 | /* Defines */ 106 | #define X8A4_API_VERSION "1.0.1" 107 | #define X8A4_ABI_VERSION SOVERSION 108 | 109 | /* Prototypes */ 110 | __attribute__((used)) void x8A4_constructor(void); 111 | __attribute__((used)) void x8A4_destructor(void); 112 | int x8A4_init(void); 113 | void x8A4_free(void); 114 | const char *x8A4_version(void); 115 | uint8_t *x8A4_get_nonce_slots_os_dict(uint32_t *seeds_size, int slot_index); 116 | uint8_t *x8A4_get_nonce_seeds_os_dict(uint32_t *seeds_size); 117 | uint8_t *x8A4_get_nonce_seeds_registry(uint32_t *seeds_size); 118 | void x8A4_set_nonce_format(void); 119 | uint8_t *x8A4_get_slot_seed(uint8_t **nonce_seeds, uint32_t *seeds_size, int slot_index); 120 | uint8_t *x8A4_get_domain_seed(uint8_t **nonce_seeds, uint32_t *seeds_size, int domain_index); 121 | struct x8A4_nonce_slot *x8A4_get_nonce_slots_list(void); 122 | struct x8A4_nonce_domain *x8A4_get_nonce_seeds_domain_list(void); 123 | int x8A4_get_domain_count(void); 124 | int x8A4_get_domain_domains_index(const char *entitlement); 125 | int x8A4_get_cryptex_boot_domain_domains_index(void); 126 | int x8A4_get_cryptex_boot_slot_index(void); 127 | int x8A4_get_cryptex_boot_domain_index(void); 128 | uint8_t *x8A4_get_nonce_seeds(uint32_t *seeds_size); 129 | uint8_t *x8A4_get_cryptex_seed(uint8_t **nonce_seeds, uint32_t *seeds_size); 130 | uint8_t *x8A4_get_cryptex_nonce(uint32_t *nonce_size); 131 | int x8A4_sync_nvram(void); 132 | uint8_t *x8A4_get_boot_nonce_os_dict(uint32_t *generator_size); 133 | int x8A4_set_boot_nonce_os_dict(uint8_t *generator, uint32_t generator_size); 134 | int x8A4_set_nonce_seeds_os_dict(uint8_t *seed, int domain_index); 135 | uint8_t *x8A4_get_boot_nonce_registry(uint32_t *generator_size); 136 | int x8A4_set_boot_nonce_registry(uint8_t *generator); 137 | uint8_t *x8A4_get_apnonce_generator(uint32_t *generator_size); 138 | uint8_t *x8A4_get_apnonce(uint32_t *apnonce_size); 139 | uint8_t *x8A4_set_apnonce_generator(uint8_t *generator, uint32_t *generator_size); 140 | int x8A4_clear_apnonce_generator(void); 141 | struct x8A4_accel_key *x8A4_get_ioaesaccelkeys(uint32_t *keys_count); 142 | void x8A4(void); 143 | void x8A4_cli_set_verbose(void); 144 | void x8A4_cli_get_cryptex_seed(void); 145 | void x8A4_cli_get_cryptex_nonce(void); 146 | void x8A4_cli_get_apnonce_generator(void); 147 | void x8A4_cli_get_apnonce(void); 148 | void x8A4_cli_set_apnonce_generator(const char *new_generator); 149 | void x8A4_cli_clear_apnonce_generator(void); 150 | void x8A4_cli_get_accel_keys(uint32_t chosen_key); 151 | void x8A4_cli_get_nonce_seeds(void); 152 | void x8A4_cli_set_cryptex_seed(const char *new_seed); 153 | 154 | /* Cached Variables */ 155 | extern int init_done; 156 | extern struct x8A4_nonce_domain *domains_cached; 157 | extern struct x8A4_nonce_slot *slots_cached; 158 | extern int nonce_slot_format_cached; 159 | extern int domains_count_cached; 160 | extern int cryptex_domains_index_cached; 161 | extern int cryptex_index_cached; 162 | extern int verbose_cached; 163 | extern uint64_t *gc_cached; 164 | extern int gc_count_cached; 165 | extern uint64_t *gc_d_cached; 166 | extern int gc_d_count_cached; 167 | 168 | #endif//X8A4_X8A4_H 169 | -------------------------------------------------------------------------------- /Include/xpc/availability.h: -------------------------------------------------------------------------------- 1 | #ifndef __XPC_AVAILABILITY_H__ 2 | #define __XPC_AVAILABILITY_H__ 3 | 4 | #include 5 | 6 | // Certain parts of the project use all the project's headers but have to build 7 | // against newer OSX SDKs than ebuild uses -- liblaunch_host being the example. 8 | // So we need to define these. 9 | #ifndef __MAC_10_16 10 | #define __MAC_10_16 101600 11 | #endif // __MAC_10_16 12 | 13 | #ifndef __MAC_10_15 14 | #define __MAC_10_15 101500 15 | #define __AVAILABILITY_INTERNAL__MAC_10_15 \ 16 | __attribute__((availability(macosx, introduced=10.15))) 17 | #endif // __MAC_10_15 18 | 19 | #ifndef __MAC_10_14 20 | #define __MAC_10_14 101400 21 | #define __AVAILABILITY_INTERNAL__MAC_10_14 \ 22 | __attribute__((availability(macosx, introduced=10.14))) 23 | #endif // __MAC_10_14 24 | 25 | #ifndef __MAC_10_13 26 | #define __MAC_10_13 101300 27 | #define __AVAILABILITY_INTERNAL__MAC_10_13 \ 28 | __attribute__((availability(macosx, introduced=10.13))) 29 | #endif // __MAC_10_13 30 | 31 | #ifndef __MAC_10_12 32 | #define __MAC_10_12 101200 33 | #define __AVAILABILITY_INTERNAL__MAC_10_12 \ 34 | __attribute__((availability(macosx, introduced=10.12))) 35 | #endif // __MAC_10_12 36 | 37 | #ifndef __MAC_10_11 38 | #define __MAC_10_11 101100 39 | #define __AVAILABILITY_INTERNAL__MAC_10_11 \ 40 | __attribute__((availability(macosx, introduced=10.11))) 41 | #endif // __MAC_10_11 42 | 43 | #ifndef __MAC_12_0 44 | #define __MAC_12_0 120000 45 | #define __AVAILABILITY_INTERNAL__MAC_12_0 \ 46 | __attribute__((availability(macosx, introduced=12.0))) 47 | #endif // __MAC_12_0 48 | 49 | #ifndef __MAC_13_3 50 | #define __MAC_13_3 130300 51 | #endif // __MAC_13_3 52 | 53 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 54 | #define __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 55 | #endif // __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 56 | 57 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 58 | #define __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 59 | #endif // __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 60 | 61 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 62 | #define __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 63 | #endif // __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 64 | 65 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 66 | #define __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 67 | #endif // __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 68 | 69 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 70 | #define __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 71 | #endif // __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 72 | 73 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 74 | #define __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 75 | #endif // __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 76 | 77 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 78 | #define __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 79 | #endif // __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 80 | 81 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 82 | #define __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 83 | #endif // __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 84 | 85 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 86 | #define __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 87 | #endif // __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 88 | 89 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 90 | #define __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 91 | #endif // __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 92 | 93 | #ifndef __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 94 | #define __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 95 | #endif // __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 96 | 97 | #if __has_include() 98 | #include 99 | #else // __has_include() 100 | #ifndef IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED 101 | #define IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED 999999 102 | #endif // IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED 103 | #endif // __has_include() 104 | 105 | #ifndef __WATCHOS_UNAVAILABLE 106 | #define __WATCHOS_UNAVAILABLE 107 | #endif 108 | 109 | #ifndef __TVOS_UNAVAILABLE 110 | #define __TVOS_UNAVAILABLE 111 | #endif 112 | 113 | // simulator host-side bits build against SDKs not having __*_AVAILABLE() yet 114 | #ifndef __OSX_AVAILABLE 115 | #define __OSX_AVAILABLE(...) 116 | #endif 117 | 118 | #ifndef __IOS_AVAILABLE 119 | #define __IOS_AVAILABLE(...) 120 | #endif 121 | 122 | #ifndef __TVOS_AVAILABLE 123 | #define __TVOS_AVAILABLE(...) 124 | #endif 125 | 126 | #ifndef __WATCHOS_AVAILABLE 127 | #define __WATCHOS_AVAILABLE(...) 128 | #endif 129 | 130 | #ifndef __API_AVAILABLE 131 | #define __API_AVAILABLE(...) 132 | #endif 133 | 134 | #endif // __XPC_AVAILABILITY_H__ 135 | -------------------------------------------------------------------------------- /Include/xpc/debug.h: -------------------------------------------------------------------------------- 1 | #ifndef __XPC_DEBUG_H__ 2 | #define __XPC_DEBUG_H__ 3 | 4 | /*! 5 | * @function xpc_debugger_api_misuse_info 6 | * Returns a pointer to a string describing the reason XPC aborted the calling 7 | * process. On OS X, this will be the same string present in the "Application 8 | * Specific Information" section of the crash report. 9 | * 10 | * @result 11 | * A pointer to the human-readable string describing the reason the caller was 12 | * aborted. If XPC was not responsible for the program's termination, NULL will 13 | * be returned. 14 | * 15 | * @discussion 16 | * This function is only callable from within a debugger. It is not meant to be 17 | * called by the program directly. 18 | */ 19 | XPC_DEBUGGER_EXCL 20 | const char * 21 | xpc_debugger_api_misuse_info(void); 22 | 23 | #endif // __XPC_DEBUG_H__ 24 | -------------------------------------------------------------------------------- /Include/xpc/endpoint.h: -------------------------------------------------------------------------------- 1 | #ifndef __XPC_ENDPOINT_H__ 2 | #define __XPC_ENDPOINT_H__ 3 | 4 | /*! 5 | * @function xpc_endpoint_create 6 | * Creates a new endpoint from a connection that is suitable for embedding into 7 | * messages. 8 | * 9 | * @param connection 10 | * Only connections obtained through calls to xpc_connection_create*() may be 11 | * given to this API. Passing any other type of connection is not supported and 12 | * will result in undefined behavior. 13 | * 14 | * @result 15 | * A new endpoint object. 16 | */ 17 | __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) 18 | XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 19 | xpc_endpoint_t _Nonnull 20 | xpc_endpoint_create(xpc_connection_t _Nonnull connection); 21 | 22 | #endif // __XPC_ENDPOINT_H__ 23 | -------------------------------------------------------------------------------- /Include/xpc/module.modulemap: -------------------------------------------------------------------------------- 1 | module XPC [system] [extern_c] { 2 | header "xpc.h" 3 | header "availability.h" 4 | header "base.h" 5 | header "activity.h" 6 | header "connection.h" 7 | header "debug.h" 8 | header "endpoint.h" 9 | export * 10 | } 11 | -------------------------------------------------------------------------------- /Include/xpc/private.h: -------------------------------------------------------------------------------- 1 | void xpc_dictionary_get_audit_token(xpc_object_t xdict, audit_token_t *token); 2 | char *xpc_strerror (int); 3 | 4 | extern XPC_RETURNS_RETAINED xpc_object_t xpc_pipe_create_from_port(mach_port_t port, uint32_t flags); 5 | extern int xpc_pipe_simpleroutine(xpc_object_t pipe, xpc_object_t message); 6 | extern int xpc_pipe_routine(xpc_object_t pipe, xpc_object_t message, XPC_GIVES_REFERENCE xpc_object_t *reply); 7 | extern int xpc_pipe_routine_with_flags(xpc_object_t xpc_pipe, xpc_object_t inDict, XPC_GIVES_REFERENCE xpc_object_t *reply, uint32_t flags); 8 | extern int xpc_pipe_routine_reply(xpc_object_t reply); 9 | extern int xpc_pipe_receive(mach_port_t port, XPC_GIVES_REFERENCE xpc_object_t *message); 10 | 11 | extern XPC_RETURNS_RETAINED xpc_object_t xpc_copy_entitlement_for_token(const char *, audit_token_t *); -------------------------------------------------------------------------------- /Include/xpc/rich_error.h: -------------------------------------------------------------------------------- 1 | #ifndef __XPC_RICH_ERROR_H__ 2 | #define __XPC_RICH_ERROR_H__ 3 | 4 | #ifndef __XPC_INDIRECT__ 5 | #error "Please #include instead of this file directly." 6 | // For HeaderDoc. 7 | #include 8 | #endif // __XPC_INDIRECT__ 9 | 10 | #ifndef __BLOCKS__ 11 | #error "XPC Rich Errors require Blocks support." 12 | #endif // __BLOCKS__ 13 | 14 | XPC_ASSUME_NONNULL_BEGIN 15 | __BEGIN_DECLS 16 | 17 | #pragma mark Properties 18 | /*! 19 | * @function xpc_rich_error_copy_description 20 | * Copy the string description of an error. 21 | * 22 | * @param error 23 | * The error to be examined. 24 | * 25 | * @result 26 | * The underlying C string for the provided error. This string should be 27 | * disposed of with free(3) when done. 28 | * 29 | * This will return NULL if a string description could not be generated. 30 | */ 31 | XPC_EXPORT XPC_WARN_RESULT 32 | char * _Nullable 33 | xpc_rich_error_copy_description(xpc_rich_error_t error); 34 | 35 | /*! 36 | * @function xpc_rich_error_can_retry 37 | * Whether the operation the error originated from can be retried. 38 | * 39 | * @param error 40 | * The error to be inspected. 41 | * 42 | * @result 43 | * Whether the operation the error originated from can be retried. 44 | */ 45 | XPC_EXPORT XPC_WARN_RESULT 46 | bool 47 | xpc_rich_error_can_retry(xpc_rich_error_t error); 48 | 49 | __END_DECLS 50 | XPC_ASSUME_NONNULL_END 51 | 52 | #endif // __XPC_RICH_ERROR_H__ 53 | -------------------------------------------------------------------------------- /Kernel/osobject.c: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 12/19/24. 3 | // 4 | 5 | /** 6 | * @file osobject.c 7 | * @author Cryptiiiic 8 | * @brief This file is for all kernel osobject related code. 9 | * @version 1.0.1 10 | * @date 2024-12-19 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | /* Include headers */ 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | /** 23 | * @brief Cast an OSObject to a new type 24 | * @param[in] object 25 | * @param[in] type 26 | * @return OS object 27 | */ 28 | uint64_t os_object_cast(uint64_t object, enum os_type type) { 29 | uint64_t out = 0; 30 | int ret = kread(object + koffsets_cached->os_list[type], &out, 8); 31 | if (ret || !out) { 32 | return 0; 33 | } 34 | return unsign_ptr(&out); 35 | } 36 | 37 | /** 38 | * @brief Get an OSObject's OS metabase size 39 | * @param[in] object 40 | * @return OS metabase size 41 | */ 42 | uint32_t get_os_metabase_size(uint64_t object) { 43 | uint32_t object_len = 0; 44 | int ret = kread(object + koffsets_cached->os_metabase_size, &object_len, 4); 45 | if (ret || !object_len) { 46 | return 0; 47 | } 48 | return object_len; 49 | } 50 | 51 | /** 52 | * @brief Get the OS dict address from an OSObject 53 | * @param[in] os_object 54 | * @return OS dict address 55 | */ 56 | uint64_t get_os_dict_from_os_object(uint64_t os_object) { 57 | if (!os_object) { 58 | return 0; 59 | } 60 | uint64_t dict_entry = 0; 61 | int ret = kread(os_object + koffsets_cached->os_dict, &dict_entry, 8); 62 | if (ret || !dict_entry) { 63 | x8A4_log_error("Failed to read kernel os dict from nvram dict! (%d:0x%016llX)\n", ret, dict_entry); 64 | return 0; 65 | } 66 | return unsign_ptr(&dict_entry); 67 | } 68 | 69 | /** 70 | * @brief Get the size of the OS dict 71 | * @param[in] dict 72 | * @return OS dict size 73 | */ 74 | uint32_t get_os_dict_size(uint64_t dict) { 75 | if (!dict) { 76 | return 0; 77 | } 78 | uint32_t dict_size = 0; 79 | int ret = kread(dict + koffsets_cached->os_dict_size, &dict_size, 8); 80 | if (ret || !dict_size) { 81 | x8A4_log_error("Failed to read kernel os dict size from os dict! (%d:0x%08X)\n", ret, dict_size); 82 | return 0; 83 | } 84 | return dict_size; 85 | } 86 | 87 | /** 88 | * @brief Extract an OSObject's size 89 | * @return Extracted size 90 | */ 91 | uint32_t extract_os_size(uint32_t *size) { 92 | if (!size) { 93 | return 0; 94 | } 95 | if (!*size) { 96 | return 0; 97 | } 98 | *size = (*size >> 14) & (~0U >> (32U - 18)); 99 | return *size; 100 | } 101 | 102 | 103 | /** 104 | * @brief Get the matching key entry from an OS dict 105 | * @param[in] dict 106 | * @param[in] entry_type 107 | * @param[in] entry_key 108 | * @param[out] out_size 109 | * @return Address of the entry 110 | */ 111 | uint64_t get_entry_from_os_dict(uint64_t dict, enum os_type entry_type, 112 | const char *entry_key, uint32_t *out_size) { 113 | if (!dict) { 114 | x8A4_log_error("Failed to get entry from os dict, dict is NULL!\n", ""); 115 | return 0; 116 | } 117 | if (!entry_key) { 118 | x8A4_log_error("Failed to get entry from os dict, entry key is NULL!\n", ""); 119 | return 0; 120 | } 121 | size_t entry_key_len = strlen(entry_key) + 1; 122 | if (!entry_key_len) { 123 | x8A4_log_error("Failed to get entry from os dict, entry key is empty!\n", ""); 124 | return 0; 125 | } 126 | uint64_t os_dict_entry = get_os_dict_from_os_object(dict); 127 | if (!os_dict_entry) { 128 | x8A4_log_error("Failed to get entry from os dict, os dict entry is zero!\n", ""); 129 | return 0; 130 | } 131 | uint64_t os_dict_size = get_os_dict_size(dict); 132 | if (!os_dict_size) { 133 | x8A4_log_error("Failed to get entry from os dict, os dict size is zero!\n", ""); 134 | return 0; 135 | } 136 | int ret; 137 | uint64_t data = 0; 138 | struct os_dict_entry current_entry = {0}; 139 | for (int i = 0; i < os_dict_size + 1; i++) { 140 | ret = kread(os_dict_entry + (i * sizeof(struct os_dict_entry)), 141 | ¤t_entry, sizeof(struct os_dict_entry)); 142 | if (ret || !current_entry.key) { 143 | x8A4_log_debug_error("Failed to read kernel entry from os dict! (%d)\n", ret); 144 | continue; 145 | } 146 | uint32_t key_len = get_os_metabase_size(current_entry.key); 147 | extract_os_size(&key_len); 148 | if (!key_len) { 149 | continue; 150 | } 151 | uint64_t key = os_object_cast(current_entry.key, OS_STRING); 152 | if (!key) { 153 | continue; 154 | } 155 | char key_string[PATH_MAX]; 156 | ret = kread(key, key_string, key_len); 157 | if (ret || key_string[0] == '\0') { 158 | continue; 159 | } 160 | if (strcmp(key_string, entry_key) == 0) { 161 | data = os_object_cast(current_entry.val, entry_type); 162 | if (!data) { 163 | continue; 164 | } 165 | unsign_ptr(&data); 166 | if (out_size) { 167 | *out_size = get_os_metabase_size(current_entry.val); 168 | if(entry_type == OS_STRING) { 169 | extract_os_size(out_size); 170 | } 171 | } 172 | return data; 173 | } 174 | } 175 | x8A4_log_debug_error("Failed to to find entry %s in os dict!\n", entry_key); 176 | return 0; 177 | } 178 | -------------------------------------------------------------------------------- /Kernel/slide.c: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file slide.c 7 | * @author Cryptiiiic 8 | * @brief This file is for all kernel slide related code. 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | /* Include headers */ 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | /* Cached Variables */ 24 | uint64_t slide_cached = 0; 25 | 26 | /* Functions */ 27 | /** 28 | * @brief Get kaslr slide 29 | * @return Kaslr slide 30 | */ 31 | uint64_t get_slide(void) { 32 | uint64_t slide = slide_cached; 33 | if (slide) { 34 | return slide; 35 | } 36 | if (!gXPF.kernelIsArm64e) { 37 | slide = palera1n_get_slide(); 38 | if (slide) { 39 | slide_cached = slide; 40 | return slide; 41 | } 42 | } 43 | slide = krw_get_kbase(); 44 | if (slide) { 45 | slide -= gXPF.kernelBase; 46 | slide_cached = slide; 47 | return slide; 48 | } 49 | x8A4_log_error("Kernel slide is zero!\n", ""); 50 | return 0; 51 | } 52 | 53 | /** 54 | * @brief Get kaslr slide from palera1n ramdisk 55 | * @return Kaslr slide 56 | */ 57 | uint64_t palera1n_get_slide(void) { 58 | uint64_t slide = 0; 59 | int rmd0 = open("/dev/rmd0", O_RDONLY, 0); 60 | if (rmd0 < 0) { 61 | x8A4_log_error("Could not get paleinfo! (%d:%s:%d:%s)\n", rmd0, strerror(rmd0), errno, strerror(errno)); 62 | return 0; 63 | } 64 | uint64_t off = lseek(rmd0, 0, SEEK_SET); 65 | if (off == -1) { 66 | x8A4_log_error("Failed to lseek ramdisk to 0\n", ""); 67 | close(rmd0); 68 | return 0; 69 | } 70 | uint32_t pinfo_off; 71 | ssize_t didRead = read(rmd0, &pinfo_off, sizeof(uint32_t)); 72 | if (didRead != (ssize_t)sizeof(uint32_t)) { 73 | x8A4_log_error("Read %ld bytes does not match expected %lu bytes\n", didRead, sizeof(uint32_t)); 74 | close(rmd0); 75 | return 0; 76 | } 77 | off = lseek(rmd0, pinfo_off, SEEK_SET); 78 | if (off != pinfo_off) { 79 | x8A4_log_error("Failed to lseek ramdisk to %u\n", pinfo_off); 80 | close(rmd0); 81 | return 0; 82 | } 83 | struct paleinfo { 84 | uint32_t magic; /* 'PLSH' */ 85 | uint32_t version; /* 2 */ 86 | uint64_t kbase; /* kernel base */ 87 | uint64_t kslide; /* kernel slide */ 88 | uint64_t flags; /* unified palera1n flags */ 89 | char rootdev[0x10]; /* ex. disk0s1s8 */ 90 | /* int8_t loglevel; */ 91 | } __attribute__((packed)); 92 | struct paleinfo_legacy { 93 | uint32_t magic; // 'PLSH' / 0x504c5348 94 | uint32_t version; // 1 95 | uint32_t flags; 96 | char rootdev[0x10]; 97 | }; 98 | struct paleinfo *pinfo_p = (struct paleinfo *)calloc(1, sizeof(struct paleinfo)); 99 | struct paleinfo_legacy *pinfo_legacy_p = NULL; 100 | didRead = read(rmd0, pinfo_p, sizeof(struct paleinfo)); 101 | if (didRead != (ssize_t)sizeof(struct paleinfo)) { 102 | x8A4_log_error("Read %ld bytes does not match expected %lu bytes\n", didRead, sizeof(struct paleinfo)); 103 | close(rmd0); 104 | free(pinfo_p); 105 | return 0; 106 | } 107 | if (pinfo_p->magic != 'PLSH') { 108 | close(rmd0); 109 | pinfo_off += 0x1000; 110 | pinfo_legacy_p = (struct paleinfo_legacy *)calloc(1, sizeof(struct paleinfo_legacy)); 111 | didRead = read(rmd0, pinfo_legacy_p, sizeof(struct paleinfo_legacy)); 112 | if (didRead != (ssize_t)sizeof(struct paleinfo_legacy)) { 113 | x8A4_log_error("Read %ld bytes does not match expected %lu bytes\n", didRead, sizeof(struct paleinfo_legacy)); 114 | close(rmd0); 115 | free(pinfo_p); 116 | free(pinfo_legacy_p); 117 | return 0; 118 | } 119 | if(verbose_cached) { 120 | x8A4_log_debug("pinfo_legacy_p->magic: %s\n", (char *)&pinfo_legacy_p->magic); 121 | x8A4_log_debug("pinfo_legacy_p->magic: 0x%X\n", pinfo_legacy_p->magic); 122 | x8A4_log_debug("pinfo_legacy_p->version: 0x%Xd\n", pinfo_legacy_p->version); 123 | x8A4_log_debug("pinfo_legacy_p->flags: 0x%X\n", pinfo_legacy_p->flags); 124 | x8A4_log_debug("pinfo_legacy_p->rootdev: %s\n", pinfo_legacy_p->rootdev); 125 | } 126 | if (pinfo_legacy_p->magic != 'PLSH') { 127 | x8A4_log_error("Detected corrupted paleinfo!\n", ""); 128 | close(rmd0); 129 | free(pinfo_p); 130 | free(pinfo_legacy_p); 131 | return 0; 132 | } 133 | if (pinfo_legacy_p->version != 1U) { 134 | x8A4_log_error("Unexpected paleinfo version: %u, expected %u\n", pinfo_legacy_p->version, 1U); 135 | close(rmd0); 136 | free(pinfo_p); 137 | free(pinfo_legacy_p); 138 | return 0; 139 | } 140 | lseek(rmd0, pinfo_off - 0x1000, SEEK_SET); 141 | struct kerninfo { 142 | uint64_t size; 143 | uint64_t base; 144 | uint64_t slide; 145 | uint32_t flags; 146 | }; 147 | struct kerninfo *kerninfo_p = malloc(sizeof(struct kerninfo)); 148 | read(rmd0, kerninfo_p, sizeof(struct kerninfo)); 149 | close(rmd0); 150 | slide = kerninfo_p->slide; 151 | free(kerninfo_p); 152 | } else { 153 | if(verbose_cached) { 154 | x8A4_log_debug("pinfo_p->magic: %s\n", (const char *)&pinfo_p->magic); 155 | x8A4_log_debug("pinfo_p->magic: 0x%X\n", pinfo_p->magic); 156 | x8A4_log_debug("pinfo_p->version: 0x%Xd\n", pinfo_p->version); 157 | x8A4_log_debug("pinfo_p->kbase: 0x%llX\n", pinfo_p->kbase); 158 | x8A4_log_debug("pinfo_p->kslide: 0x%llX\n", pinfo_p->kslide); 159 | x8A4_log_debug("pinfo_p->flags: 0x%llX\n", pinfo_p->flags); 160 | x8A4_log_debug("pinfo_p->rootdev: %s\n", pinfo_p->rootdev); 161 | slide = pinfo_p->kslide; 162 | } 163 | } 164 | free(pinfo_p); 165 | free(pinfo_legacy_p); 166 | return slide; 167 | } 168 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Cryptiiiic 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Lib/libchoma.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Lib/libchoma.a -------------------------------------------------------------------------------- /Lib/libkrw.tbd: -------------------------------------------------------------------------------- 1 | --- !tapi-tbd-v2 2 | archs: [ arm64, arm64e ] 3 | platform: ios 4 | flags: [ not_app_extension_safe ] 5 | install-name: '@rpath/libkrw.0.dylib' 6 | current-version: 1.1.2 7 | exports: 8 | - archs: [ arm64, arm64e ] 9 | symbols: [ _kbase, _kcall, _kdealloc, _kmalloc, _kread, _kwrite, _physread, 10 | _physwrite ] 11 | ... 12 | -------------------------------------------------------------------------------- /Lib/libxpf.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Lib/libxpf.a -------------------------------------------------------------------------------- /Logger/logger.c: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 12/22/24. 3 | // 4 | 5 | /** 6 | * @file logger.c 7 | * @author Cryptiiiic 8 | * @brief This file is for all logger related code. 9 | * @version 1.0.1 10 | * @date 2024-12-22 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | /* Include headers */ 16 | #include 17 | #include 18 | #include 19 | 20 | /* Functions */ 21 | /** 22 | * @brief Print format string to a specified file stream 23 | * @param[in] stream 24 | * @param[in] format 25 | * @param[in] __VA_ARGS__ 26 | */ 27 | void x8A4_log_print(FILE *stream, const char *format, ...) { 28 | va_list args; 29 | va_start(args, format); 30 | vfprintf(stream, format, args); 31 | va_end(args); 32 | } 33 | 34 | /** 35 | * @brief Print format string with a va_list to a specified file stream 36 | * @param[in] stream 37 | * @param[in] format 38 | * @param[in] args 39 | */ 40 | void x8A4_log_print_va(FILE *stream, const char *format, va_list args) { 41 | vfprintf(stream, format, args); 42 | } 43 | 44 | /** 45 | * @brief Print format string with a va_list to a specified file stream, include function name 46 | * @param[in] stream 47 | * @param[in] func 48 | * @param[in] format 49 | * @param[in] args 50 | */ 51 | void x8A4_log_function(FILE *stream, const char *func, const char *format, va_list args) { 52 | char format_out[PATH_MAX]; 53 | char new_format[PATH_MAX]; 54 | vsnprintf(format_out, PATH_MAX, format, args); 55 | strncpy(new_format, "[+]: %s: %s", 13); 56 | if(stream == stderr) { 57 | new_format[1] = '-'; 58 | } 59 | x8A4_log_print(stream, new_format, func, format_out); 60 | } 61 | 62 | /** 63 | * @brief Call the correct logger print based on log level 64 | * @param[in] level 65 | * @param[in] func 66 | * @param[in] format 67 | * @param[in] __VA_ARGS__ 68 | */ 69 | void x8A4_logger(enum LOG_LEVEL level, const char *func, const char *format, ...) { 70 | FILE *stream = stdout; 71 | if(level == LOG_ERROR || level == LOG_DEBUG_ERROR) { 72 | stream = stderr; 73 | } 74 | va_list args; 75 | va_start(args, format); 76 | if(verbose_cached) { 77 | if(level == LOG_DEBUG || level == LOG_DEBUG_ERROR || level == LOG_ERROR) { 78 | x8A4_log_function(stream, func, format, args); 79 | } 80 | } else { 81 | if(level == LOG_ERROR) { 82 | x8A4_log_function(stream, func, format, args); 83 | } 84 | } 85 | if(level == LOG_INFO) { 86 | x8A4_log_print_va(stream, format, args); 87 | } 88 | va_end(args); 89 | } 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # x8A4 2 | 3 | --- 4 | ## About 5 | An all-in-one tool for firmware nonces, seeds, and downgrade support 6 |
    7 | Get apnonce and generator, cryptex seed and cryptex nonce, dump nonce entanglement keys, set nonces and seeds for the purpose of restoring with saved blobs. 8 | 9 | --- 10 | ## Supported devices 11 | * **Full jailbreak REQUIRED!** 12 | * - x8A4 depends on full kernel read/write which is provided 13 | to the libkrw library by the jailbreak as a plugin 14 | * **iOS/iPadOS 15.0-18.4** 15 | * **RUN AS ROOT!** 16 | 17 | --- 18 | ## Credits 19 | | User | Repo | Description | 20 | |----------|----------------------|----------------------------------------------------------------------------------| 21 | | [0x7FF] | [dimentio] | Thanks 0x7FF for making the original project x8A4 is based off of | 22 | | [stek29] | [nvram] | Thanks to stek29 for figuring out the modern nvram unlock method | 23 | | [stek29] | [nonce entanglement] | Thanks to stek29 for figuring out how apnonce works on a12+ (nonce entanglement) | 24 | --- 25 | 26 | ## Demo 27 | 28 |
    x8A4_1x8A4_3
    29 |
    x8A4_3
    30 | 31 | --- 32 | ## Research 33 | [Original research](https://gist.github.com/Cryptiiiic/bd01fac6e8b8ee0c33f71c92cf91ce3d) 34 |
    35 | [iOS 16 Downgrading](https://gist.github.com/Cryptiiiic/b82133ac290070939189e1377dc3ac85) 36 | 37 | --- 38 | ## Usage 39 | 40 | | option (short) | option (long) | description | 41 | |------------------|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------| 42 | | Options: | 43 | | ` -h ` | ` --help ` | Shows this help message | 44 | | ` -v ` | ` --verbose ` | Enables this tool's verbose mode | 45 | | ` -v ` | ` --verbose ` | Enables this tool's verbose mode | 46 | | ` -a ` | ` --print-all ` | Dumps and prints everything :) | 47 | | Cryptex Options: | 48 | | ` -x ` | ` --get-cryptex-seed ` | Gets the current Cryptex1 boot seed from nvram | 49 | | ` -t ` | ` --get-cryptex-nonce ` | Calculates the current Cryptex1 boot nonce | 50 | | APNonce Options: | 51 | | ` -g ` | ` --get-apnonce-generator ` | Gets the current APNonce generator from nvram | 52 | | ` -n ` | ` --get-apnonce ` | Calculates the current APNonce | 53 | | ` -s ` | ` --set-apnonce-generator ` | Set a specified APNonce generator in nvram | 54 | | ` -c ` | ` --clear-apnonce-generator ` | Clears the current APNonce generator from nvram | 55 | | Encryption Key Options: | 56 | | ` -k ` | ` --get-accel-key ` | Gets a specified IOAESAccelerator encryption key from kernel via its ID | 57 | | ` -l ` | ` --get-accel-keys ` | Dumps all of the IOAESAccelerator encryption keys from kernel | 58 | | Seed Options: | 59 | | ` -d ` | ` --get-nonce-seeds ` | Dumps all of the nonce seeds domains/nonce slots from nvram | 60 | | Secret Menu Options: | 61 | | ` -z ` | ` --set-cryptex-nonce ` | Sets a specified Cryptex1 boot seed in nvram(DANGEROUS: BOOTLOOP!) | 62 | --- 63 | 64 | [0x7FF]: https://github.com/0x7FF 65 | [stek29]: https://github.com/stek29 66 | [dimentio]: https://github.com/0x7FF/dimentio 67 | [nvram]: https://stek29.rocks/2018/06/26/nvram.html 68 | [nonce entanglement]: https://x.com/stek29/status/1093252326587072513 -------------------------------------------------------------------------------- /Resources/x8A4_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Resources/x8A4_1.png -------------------------------------------------------------------------------- /Resources/x8A4_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Resources/x8A4_2.png -------------------------------------------------------------------------------- /Resources/x8A4_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cryptiiiic/x8A4/99a79f70bc7c90b7bbfcd87b469481581ca43162/Resources/x8A4_3.png -------------------------------------------------------------------------------- /Services/services.c: -------------------------------------------------------------------------------- 1 | // 2 | // Created by cryptic on 4/14/24. 3 | // 4 | 5 | /** 6 | * @file services.c 7 | * @author Cryptiiiic 8 | * @brief This file is for all ioservice related code. 9 | * @version 1.0.1 10 | * @date 2024-04-14 11 | * 12 | * @copyright Copyright (c) 2024 13 | */ 14 | 15 | /* Include headers */ 16 | #include 17 | #include 18 | #include 19 | 20 | /* Cached Variables */ 21 | io_service_t io_aes_accel_service_cached = IO_OBJECT_NULL; 22 | io_service_t apple_mobile_ap_nonce_service_cached = IO_OBJECT_NULL; 23 | io_service_t apple_mobile_ap_nonce_service2_cached = IO_OBJECT_NULL; 24 | 25 | /* Functions */ 26 | /** 27 | * @brief Gets the IOAESAccelerator ioservice 28 | * @return IOAESAccelerator ioservice 29 | */ 30 | io_service_t get_io_aes_accel_service(void) { 31 | if (io_aes_accel_service_cached != IO_OBJECT_NULL) { 32 | return io_aes_accel_service_cached; 33 | } 34 | io_service_t io_aes_accel_service = IOServiceGetMatchingService( 35 | kIOMasterPortDefault, IOServiceMatching("IOAESAccelerator")); 36 | if (io_aes_accel_service == IO_OBJECT_NULL) { 37 | fprintf(stderr, "[-]: %s: Failed to find ioservice IOAESAccelerator!\n", 38 | __FUNCTION__); 39 | } 40 | io_aes_accel_service_cached = io_aes_accel_service; 41 | return io_aes_accel_service; 42 | } 43 | 44 | /** 45 | * @brief Gets the AppleMobileApNonce ioservice 46 | * @return AppleMobileApNonce ioservice 47 | */ 48 | io_connect_t get_apple_mobile_ap_nonce_service(void) { 49 | if (apple_mobile_ap_nonce_service2_cached != IO_OBJECT_NULL) { 50 | return apple_mobile_ap_nonce_service2_cached; 51 | } 52 | io_service_t apple_mobile_ap_nonce_service = IOServiceGetMatchingService( 53 | kIOMasterPortDefault, IOServiceMatching("AppleMobileApNonce")); 54 | if (apple_mobile_ap_nonce_service == IO_OBJECT_NULL) { 55 | fprintf(stderr, "[-]: %s: Failed to find ioservice AppleMobileApNonce!\n", 56 | __FUNCTION__); 57 | } else { 58 | apple_mobile_ap_nonce_service_cached = apple_mobile_ap_nonce_service; 59 | } 60 | io_connect_t apple_mobile_ap_nonce_service2 = IO_OBJECT_NULL; 61 | kern_return_t ret = IOServiceOpen(apple_mobile_ap_nonce_service, mach_task_self(), 0, &apple_mobile_ap_nonce_service2); 62 | if(ret == KERN_SUCCESS) { 63 | apple_mobile_ap_nonce_service2_cached = apple_mobile_ap_nonce_service2; 64 | } else { 65 | fprintf(stderr, "[-]: %s: Failed to open ioservice AppleMobileApNonce! (0x%X:%s)\n", 66 | __FUNCTION__, ret, mach_error_string(ret)); 67 | } 68 | return apple_mobile_ap_nonce_service2; 69 | } 70 | -------------------------------------------------------------------------------- /tfp0.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | get-task-allow 6 | 7 | task_for_pid-allow 8 | 9 | platform-application 10 | 11 | com.apple.private.kernel.get-kext-info 12 | 13 | com.apple.private.security.no-container 14 | 15 | com.apple.security.iokit-user-client-class 16 | AppleMobileApNonceUserClient 17 | com.apple.security.exception.iokit-user-client-class 18 | IOSurfaceRootUserClient 19 | 20 | 21 | --------------------------------------------------------------------------------