├── .DS_Store
├── .gitignore
├── LatestBuild
├── Packages
├── com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.deb
├── com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.zip
├── com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.deb
└── com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.zip
├── README.md
├── assets
├── jbdetect_after_dyld_0.png
├── jbdetect_after_stat_0.png
├── jbdetect_before_dyld_5.png
└── jbdetect_before_stat_43.png
├── iOSBypassJailbreak.xcodeproj
├── project.pbxproj
├── project.xcworkspace
│ ├── contents.xcworkspacedata
│ ├── xcshareddata
│ │ └── IDEWorkspaceChecks.plist
│ └── xcuserdata
│ │ └── crifan.xcuserdatad
│ │ └── UserInterfaceState.xcuserstate
└── xcuserdata
│ └── crifan.xcuserdatad
│ └── xcschemes
│ └── xcschememanagement.plist
└── iOSBypassJailbreak
├── CommonConfig.h
├── Package
├── DEBIAN
│ └── control
└── Library
│ └── MobileSubstrate
│ └── DynamicLibraries
│ ├── iOSBypassJailbreak.dylib
│ └── iOSBypassJailbreak.plist
├── PackageVersion.plist
├── hook_dyld.mm
├── hook_dyld.xm
├── hook_dylib.mm
├── hook_dylib.xm
├── hook_init.mm
├── hook_init.xm
├── hook_machO.mm
├── hook_machO.xm
├── hook_misc.mm
├── hook_misc.xm
├── hook_openFile_C.mm
├── hook_openFile_C.xm
├── hook_openFile_iOS.mm
├── hook_openFile_iOS.xm
├── hook_syscall.mm
├── hook_syscall.xm
├── hook_sysctl.mm
├── hook_sysctl.xm
├── hook_writeFile_iOS.mm
├── hook_writeFile_iOS.xm
├── iOSBypassJailbreak-Prefix.pch
└── libs
├── c
├── CrifanLib.c
├── CrifanLib.h
├── CrifanLibDemo.c
├── CrifanLibDemo.h
├── JailbreakPathList.c
└── JailbreakPathList.h
└── iOS
├── CrifanLibiOS.h
├── CrifanLibiOS.m
├── JailbreakiOS.h
└── JailbreakiOS.m
/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/.DS_Store
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | .DS_Store
3 |
--------------------------------------------------------------------------------
/LatestBuild:
--------------------------------------------------------------------------------
1 | /Users/crifan/Library/Developer/Xcode/DerivedData/iOSBypassJailbreak-bfqgivvncccwmeaykhtbtvgylkkq/Build/Products/Release-iphoneos
--------------------------------------------------------------------------------
/Packages/com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.deb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/Packages/com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.deb
--------------------------------------------------------------------------------
/Packages/com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/Packages/com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.zip
--------------------------------------------------------------------------------
/Packages/com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.deb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/Packages/com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.deb
--------------------------------------------------------------------------------
/Packages/com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/Packages/com.crifan.iOSBypassJailbreak_2022.11.15_iphoneos-arm.zip
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # iOSBypassJailbreak = iOS反越狱检测
2 |
3 | 最后更新:`20221104`
4 |
5 | ## 声明
6 |
7 | 此项目代码仅做技术学习分享之用,**请勿用于其他非法用途**。如有任何非法用途,均与本人无关。
8 |
9 | ## 项目源码
10 |
11 | https://github.com/crifan/iOSBypassJailbreak
12 |
13 | ```bash
14 | git clone https://github.com/crifan/iOSBypassJailbreak.git
15 | ```
16 |
17 | ## 项目功能
18 |
19 | `iOSBypassJailbreak`是一个用[iOSOpenDev](https://github.com/kokoabim/iOSOpenDev)+`Xcode`开发的iOS越狱插件的项目源码,用于实现`反越狱检测`。
20 |
21 | ## 如何编译出越狱插件tweak
22 |
23 | * 初始化配置
24 | * 确保`Mac`中`Xcode`中的`iOSOpenDev`正常
25 | * 下载代码:`git clone https://github.com/crifan/iOSBypassJailbreak.git`
26 | * 用`Xcode`打开`iOSBypassJailbreak.xcodeproj`
27 | * 更新配置:`Targets`->`iOSBypassJailbreak`->`Build Settings`->`User-Defined`,把`iOSOpenDevDevice`的值`192.168.1.27`改为你的`iPhone`的`IP`地址
28 | * 确保`Mac`中可以正常`ssh`免密登录你的的越狱`iPhone`
29 | * -> 用于确保编译后自动通过ssh安装插件到`iPhone`中
30 | * 每次改动后编译
31 | * `Xcode`->`Build For`->`Profiling`
32 | * 会自动编译出插件`com.crifan.iOSBypassJailbreak_1.0-1_iphoneos-arm.deb`,自动通过`ssh`安装到`iPhone`中,自动`重启桌面`(`respring`)
33 | * 可以去`iPhone`中`Cydia`中看到对应新安装的插件
34 |
35 | ## 如何使用编译后的越狱插件tweak
36 |
37 | * 把你要反越狱的app的包名加到:`Package/Library/MobileSubstrate/DynamicLibraries/iOSBypassJailbreak.plist`中
38 | * `Root`->`Filter`->`Bundles`,新增一个`item`,填入`包名`
39 | * 重新编译`Xcode`->`Build For`->`Profiling`,会自动把生成的插件安装到iPhone中
40 | * [可选]更新插件配置,比如更新版本号:改动文件 `Package/DEBIAN/control`中的值
41 | * 比如把版本号改为从`1.0-1`改为`1.0-2`
42 | * [可选]去Cydia中确认你的插件是刚安装的新版
43 | * 打开被测试的app,测试反越狱是否生效
44 |
45 | ### 反越狱效果测试
46 |
47 | 用之前的越狱测试app:[iOSJailbreakDetection](https://github.com/crifan/iOSJailbreakDetection),测试出的效果:
48 |
49 | * 此反越狱插件没开启 = 反越狱之前
50 | * `stat`: `43`
51 | * 
52 | * `_dyld_image_count() + _dyld_get_image_name()`: `5`
53 | * 
54 | * 此反越狱插件开启后 = 反越狱之后
55 | * `stat`: `0`
56 | * 
57 | * `_dyld_image_count() + _dyld_get_image_name()`: `0`
58 | * 
59 |
60 | 更多测试效果,详见:[iOSJailbreakDetection](https://github.com/crifan/iOSJailbreakDetection)
61 |
--------------------------------------------------------------------------------
/assets/jbdetect_after_dyld_0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/assets/jbdetect_after_dyld_0.png
--------------------------------------------------------------------------------
/assets/jbdetect_after_stat_0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/assets/jbdetect_after_stat_0.png
--------------------------------------------------------------------------------
/assets/jbdetect_before_dyld_5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/assets/jbdetect_before_dyld_5.png
--------------------------------------------------------------------------------
/assets/jbdetect_before_stat_43.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/assets/jbdetect_before_stat_43.png
--------------------------------------------------------------------------------
/iOSBypassJailbreak.xcodeproj/project.xcworkspace/contents.xcworkspacedata:
--------------------------------------------------------------------------------
1 |
2 |
4 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | IDEDidComputeMac32BitWarning
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak.xcodeproj/project.xcworkspace/xcuserdata/crifan.xcuserdatad/UserInterfaceState.xcuserstate:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/iOSBypassJailbreak.xcodeproj/project.xcworkspace/xcuserdata/crifan.xcuserdatad/UserInterfaceState.xcuserstate
--------------------------------------------------------------------------------
/iOSBypassJailbreak.xcodeproj/xcuserdata/crifan.xcuserdatad/xcschemes/xcschememanagement.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | SchemeUserState
6 |
7 | iOSBypassJailbreak.xcscheme_^#shared#^_
8 |
9 | orderHint
10 | 0
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/CommonConfig.h:
--------------------------------------------------------------------------------
1 | //
2 | // CommonConfig.h
3 | // iOSBypassJailbreak
4 | //
5 | // Created by crifan on 2022/11/04.
6 | //
7 |
8 | #ifndef CommonConfig_h
9 | #define CommonConfig_h
10 |
11 | /*==============================================================================
12 | Global Config
13 | ==============================================================================*/
14 |
15 | // TODO: NOTE: when release == NOT use XCode debug, should disable this macro !!!
16 | // UPDATE: 20220328 when debug Aweme NOT crash, seem not need this macro !
17 | // when XCode+MonkeyDev debugging Aweme, some hook will crash, so need disable these hook
18 | //#define XCODE_DEBUG
19 |
20 | // release to other for test
21 | // when release to other: disable all log, (tmp) disable all dylib function
22 | //#define FOR_RELEASE
23 |
24 | /*==============================================================================
25 | Define
26 | ==============================================================================*/
27 |
28 | #ifdef FOR_RELEASE
29 | #define EXPIRED_TIME_STR "2022-11-04 12:00:00"
30 |
31 | #define DISABLE_ALL_IOS_LOG 1
32 |
33 | #endif
34 |
35 | /*==============================================================================
36 | Exported Gobal Variable
37 | ==============================================================================*/
38 |
39 | // Note: all following variable are init inside hook_init.xm
40 |
41 | // global
42 | extern bool cfgHookEnable;
43 |
44 | /* ---------- Bypass Jailbreak Detection related ---------- */
45 |
46 | // modules
47 | extern bool cfgHookEnable_aweme;
48 | extern bool cfgHookEnable_dyld;
49 | extern bool cfgHookEnable_dylib;
50 | extern bool cfgHookEnable_misc;
51 | extern bool cfgHookEnable_macho;
52 | extern bool cfgHookEnable_openFileC;
53 | extern bool cfgHookEnable_openFileiOS;
54 | extern bool cfgHookEnable_syscall;
55 | extern bool cfgHookEnable_writeFileiOS;
56 |
57 | // dylib sub functions
58 | extern bool cfgHookEnable_dylib_dladdr;
59 |
60 | // openFileC sub functions
61 | extern bool cfgHookEnable_openFileC_open;
62 | extern bool cfgHookEnable_openFileC_fopen;
63 | extern bool cfgHookEnable_openFileC_faccessat;
64 | extern bool cfgHookEnable_openFileC___opendir2;
65 |
66 | /* ---------- Common Part related ---------- */
67 |
68 | extern bool cfgHookEnable_sysctl;
69 |
70 | // sysctl sub functions
71 | extern bool cfgHookEnable_sysctl_sysctl;
72 |
73 | /*=======================================
74 | hook_dyld.xm
75 | =======================================
76 |
77 | ==============================================================================*/
78 |
79 | // use simple hook
80 | //const bool cfgDyldUseSimpleHook = false;
81 | //const bool cfgDyldUseSimpleHook = true;
82 |
83 | enum DyldHookType {
84 | DYLD_HOOK_COMPLEX,
85 | DYLD_HOOK_SIMPLE_NULL, // return NULL
86 | DYLD_HOOK_SIMPLE_FIRST, // return first one, normally is app self
87 | DYLD_HOOK_SIMPLE_RANDOM_NAME, // return randome dylib name
88 | };
89 |
90 | //const enum DyldHookType cfgCurDyldHookType = DYLD_HOOK_SIMPLE_FIRST;
91 | //const enum DyldHookType cfgCurDyldHookType = DYLD_HOOK_SIMPLE_RANDOM_NAME;
92 | const enum DyldHookType cfgCurDyldHookType = DYLD_HOOK_COMPLEX;
93 |
94 | // for normal iPhone, valid image index should be around 100~300, so here 1000 is enought
95 | const int IMAGE_INDEX_MAX_VALID_NUMBER = 1000;
96 | // just a little large is ok
97 | //const int IMAGE_INDEX_FAKE_START = 10000;
98 | // just change to another large value -> not be easy gussed out
99 | // const int IMAGE_INDEX_FAKE_START = 20000;
100 | // such as < 32768, use 30000, or more trick one: 29000
101 | // const int IMAGE_INDEX_FAKE_START = 30000;
102 | const int IMAGE_INDEX_FAKE_START = 28000;
103 |
104 | // const int IMAGE_INDEX_MAX_JAILBREAK = 100;
105 | const int IMAGE_INDEX_MAX_JAILBREAK = 50;
106 |
107 | #endif /* CommonConfig_h */
108 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/Package/DEBIAN/control:
--------------------------------------------------------------------------------
1 | Package: com.crifan.iOSBypassJailbreak
2 | Name: iOSBypassJailbreak
3 | Version: 2023.12.21
4 | Description: Common tweak for bypass jailbreak detection == anti-jailbreak. developed using iOSOpenDev.
5 | Section: System
6 | Depends: firmware (>= 5.0), mobilesubstrate
7 | Conflicts:
8 | Replaces:
9 | Priority: optional
10 | Architecture: iphoneos-arm
11 | Author: licrifan
12 | dev:
13 | Homepage: https://github.com/crifan/iOSBypassJailbreak
14 | Depiction: https://www.crifan.org/about/
15 | Maintainer:
16 | Icon:
17 |
18 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/Package/Library/MobileSubstrate/DynamicLibraries/iOSBypassJailbreak.dylib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/iOSBypassJailbreak/228edde335d38c0db30e52a4339cf57d87c5ba4a/iOSBypassJailbreak/Package/Library/MobileSubstrate/DynamicLibraries/iOSBypassJailbreak.dylib
--------------------------------------------------------------------------------
/iOSBypassJailbreak/Package/Library/MobileSubstrate/DynamicLibraries/iOSBypassJailbreak.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Filter
6 |
7 | Bundles
8 |
9 | com.crifan.ShowSystemInfo
10 | com.crifan.iOSJailbreakDetection
11 | com.linegames.udg
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/PackageVersion.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | BugFix
6 |
7 | Major
8 | 1
9 | Minor
10 | 0
11 | PackageRevision
12 | 1
13 | Stage
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_dylib.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_dylib.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import
9 | #import
10 | #import
11 | #import
12 |
13 | #import "CommonConfig.h"
14 | #import "CrifanLibiOS.h"
15 | #import "CrifanLib.h"
16 | #import "JailbreakPathList.h"
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 | void* generateHookedDladdrAddress(void *origAddr);
29 |
30 | const long DLADDR_HOOKED_ADDRESS_BASE = 0xF00000000000;
31 |
32 |
33 | void* generateHookedDladdrAddress(void *origAddr) {
34 |
35 | void* hookedAddr = origAddr;
36 | if ((long)origAddr > (long)DLADDR_HOOKED_ADDRESS_BASE) {
37 | hookedAddr = origAddr;
38 | } else {
39 | hookedAddr = (void*)((long)origAddr + DLADDR_HOOKED_ADDRESS_BASE);
40 | }
41 | return hookedAddr;
42 | }
43 |
44 | static bool isHookedDladdrAddress(const void *addr){
45 | bool isHookedAddr = false;
46 | long addrLong = (long) addr;
47 |
48 | if (addrLong > DLADDR_HOOKED_ADDRESS_BASE) {
49 | isHookedAddr = true;
50 | }
51 |
52 | return isHookedAddr;
53 | }
54 |
55 | static void* hookedToOrigDladdrAddr(const void *hookedAddr){
56 | return (void*) ( (long)hookedAddr - DLADDR_HOOKED_ADDRESS_BASE );
57 | }
58 |
59 | int dladdr(const void *, Dl_info *);
60 |
61 |
62 |
63 |
64 |
65 | #include
66 | #if defined(__clang__)
67 | #if __has_feature(objc_arc)
68 | #define _LOGOS_SELF_TYPE_NORMAL __unsafe_unretained
69 | #define _LOGOS_SELF_TYPE_INIT __attribute__((ns_consumed))
70 | #define _LOGOS_SELF_CONST const
71 | #define _LOGOS_RETURN_RETAINED __attribute__((ns_returns_retained))
72 | #else
73 | #define _LOGOS_SELF_TYPE_NORMAL
74 | #define _LOGOS_SELF_TYPE_INIT
75 | #define _LOGOS_SELF_CONST
76 | #define _LOGOS_RETURN_RETAINED
77 | #endif
78 | #else
79 | #define _LOGOS_SELF_TYPE_NORMAL
80 | #define _LOGOS_SELF_TYPE_INIT
81 | #define _LOGOS_SELF_CONST
82 | #define _LOGOS_RETURN_RETAINED
83 | #endif
84 |
85 |
86 |
87 |
88 | #line 63 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_dylib.xm"
89 | __unused static int (*_logos_orig$_ungrouped$dladdr)(const void *addr, Dl_info *info); __unused static int _logos_function$_ungrouped$dladdr(const void *addr, Dl_info *info){
90 | iosLogDebug("addr=%p,info=%p", addr, info);
91 | int finalRet = DLADDR_FAILED;
92 |
93 | if (NULL == addr) {
94 | iosLogInfo("addr is %s", "NULL");
95 | } else {
96 | void* origAddr = (void*)addr;
97 |
98 | bool isHookedAddr = isHookedDladdrAddress(addr);
99 | if (isHookedAddr) {
100 | origAddr = hookedToOrigDladdrAddr(addr);
101 |
102 | iosLogDebug("addr=%p -> isHookedAddr=%s -> origAddr=%p", addr, boolToStr(isHookedAddr), origAddr);
103 |
104 | if (NULL == origAddr) {
105 | iosLogInfo("addr=%p -> isHookedAddr=%s -> origAddr=%p", addr, boolToStr(isHookedAddr), origAddr);
106 | }
107 | }
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 | int origRet = _logos_orig$_ungrouped$dladdr(origAddr, info);
119 | finalRet = origRet;
120 |
121 | bool isNotHookedAddr = !isHookedAddr;
122 | bool isNeedHook = cfgHookEnable_dylib_dladdr && isNotHookedAddr;
123 | if (isNeedHook) {
124 |
125 | if (DLADDR_FAILED != origRet) {
126 | if (NULL != info) {
127 | const char* curImageName = info->dli_fname;
128 | bool isJbDyib = isJailbreakDylib(curImageName);
129 | if (isJbDyib) {
130 | finalRet = DLADDR_FAILED;
131 |
132 | iosLogInfo("addr=%p -> origRet=%d -> dli_fname=%{public}s, dli_fbase=%p, dli_sname=%{public}s, dli_saddr=%p -> isJbDyib=%s -> finalRet=%d", addr, origRet, info->dli_fname, info->dli_fbase, info->dli_sname, info->dli_saddr, boolToStr(isJbDyib), finalRet);
133 |
134 |
135 |
136 |
137 |
138 | size_t dlInfoSize = sizeof(Dl_info);
139 | memset(info, 0, dlInfoSize);
140 | }
141 | }
142 | }
143 | }
144 | }
145 |
146 | return finalRet;
147 | }
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 | void* dlsym(void* handle, const char* symbol);
163 |
164 | __unused static void* (*_logos_orig$_ungrouped$dlsym)(void* handle, const char* symbol); __unused static void* _logos_function$_ungrouped$dlsym(void* handle, const char* symbol) {
165 | iosLogDebug("handle=%p, symbol=%{public}s", handle, symbol);
166 | void* dlsymRetPtr = NULL;
167 |
168 | if (cfgHookEnable_dylib) {
169 | bool shouldHook = false;
170 | bool isJbFuncName = isJailbreakDylibFunctionName(symbol);
171 | bool isPtrace = 0 == strcmp(symbol, "ptrace");
172 | shouldHook = isJbFuncName || isPtrace;
173 | iosLogDebug("isPtrace=%s, shouldHook=%s", boolToStr(isPtrace), boolToStr(shouldHook));
174 |
175 | if (shouldHook) {
176 | dlsymRetPtr = NULL;
177 | } else {
178 |
179 | dlsymRetPtr = _logos_orig$_ungrouped$dlsym(handle, symbol);
180 | }
181 |
182 |
183 | if (shouldHook) {
184 |
185 | iosLogInfo("handle=%p, symbol=%{public}s -> isJbFuncName=%s, isPtrace=%s -> shouldHook=%s -> dlsymRetPtr=%p", handle, symbol, boolToStr(isJbFuncName), boolToStr(isPtrace), boolToStr(shouldHook), dlsymRetPtr);
186 | }
187 | } else {
188 |
189 | dlsymRetPtr = _logos_orig$_ungrouped$dlsym(handle, symbol);
190 | }
191 |
192 | return dlsymRetPtr;
193 | }
194 |
195 |
196 |
197 |
198 |
199 | void* dlopen(const char* path, int mode);
200 |
201 | __unused static void* (*_logos_orig$_ungrouped$dlopen)(const char* path, int mode); __unused static void* _logos_function$_ungrouped$dlopen(const char* path, int mode){
202 | iosLogDebug("path=%{public}s, mode=0x%x", path, mode);
203 | void* dlopenRetPtr = NULL;
204 |
205 | if (cfgHookEnable_dylib) {
206 | bool isJbDylib = isJailbreakDylib(path);
207 | if (isJbDylib) {
208 | dlopenRetPtr = NULL;
209 | } else {
210 |
211 | dlopenRetPtr = _logos_orig$_ungrouped$dlopen(path, mode);
212 | }
213 |
214 | if (isJbDylib) {
215 | iosLogInfo("path=%{public}s, mode=0x%x -> isJbDylib=%s -> dlopenRetPtr=%p", path, mode, boolToStr(isJbDylib), dlopenRetPtr);
216 | }
217 | } else {
218 |
219 | dlopenRetPtr = _logos_orig$_ungrouped$dlopen(path, mode);
220 | }
221 |
222 | return dlopenRetPtr;
223 | }
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 | bool dlopen_preflight(const char* path);
242 |
243 | __unused static bool (*_logos_orig$_ungrouped$dlopen_preflight)(const char* path); __unused static bool _logos_function$_ungrouped$dlopen_preflight(const char* path){
244 | bool isPreLoadOk = _logos_orig$_ungrouped$dlopen_preflight(path);
245 | iosLogInfo("path=%{public}s -> isPreLoadOk=%s", path, boolToStr(isPreLoadOk));
246 | return isPreLoadOk;
247 | }
248 |
249 |
250 |
251 |
252 |
253 | int dlclose(void* handle);
254 |
255 | __unused static int (*_logos_orig$_ungrouped$dlclose)(void* handle); __unused static int _logos_function$_ungrouped$dlclose(void* handle){
256 | bool isJbLib = false;
257 |
258 | Dl_info info;
259 | size_t dlInfoSize = sizeof(Dl_info);
260 | memset(&info, 0, dlInfoSize);
261 |
262 |
263 | void* hookedAddr = generateHookedDladdrAddress(handle);
264 | dladdr(hookedAddr, &info);
265 |
266 | const char* curImgName = info.dli_fname;
267 | if(curImgName != NULL) {
268 | isJbLib = isJailbreakDylib(curImgName);
269 | }
270 |
271 | if (isJbLib) {
272 | iosLogInfo("handle=%p -> is jb lib: %s", handle, curImgName);
273 | }
274 |
275 | int closeRet = _logos_orig$_ungrouped$dlclose(handle);
276 | iosLogInfo("handle=%p -> closeRet=%d", handle, closeRet);
277 | return closeRet;
278 | }
279 |
280 |
281 |
282 |
283 |
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 |
293 |
294 |
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
307 |
308 |
309 |
310 |
311 |
312 |
313 |
314 |
315 |
316 |
317 |
318 |
319 |
320 |
321 |
322 |
323 |
324 |
325 |
326 |
327 |
328 |
329 |
330 |
331 |
332 |
333 |
334 |
335 |
336 |
337 |
338 |
339 |
340 |
341 |
342 |
343 |
344 |
345 | static __attribute__((constructor)) void _logosLocalCtor_432aca3a(int __unused argc, char __unused **argv, char __unused **envp)
346 | {
347 | @autoreleasepool
348 | {
349 | iosLogInfo("%s, cfgHookEnable_dylib=%s, cfgHookEnable_dylib_dladdr=%s", "dylib ctor", boolToStr(cfgHookEnable_dylib), boolToStr(cfgHookEnable_dylib_dladdr));
350 |
351 |
352 |
353 |
354 |
355 |
356 |
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 |
365 |
366 |
367 | }
368 | }
369 | static __attribute__((constructor)) void _logosLocalInit() {
370 | {void * _logos_symbol$_ungrouped$dladdr = (void *)dladdr; MSHookFunction((void *)_logos_symbol$_ungrouped$dladdr, (void *)&_logos_function$_ungrouped$dladdr, (void **)&_logos_orig$_ungrouped$dladdr);void * _logos_symbol$_ungrouped$dlsym = (void *)dlsym; MSHookFunction((void *)_logos_symbol$_ungrouped$dlsym, (void *)&_logos_function$_ungrouped$dlsym, (void **)&_logos_orig$_ungrouped$dlsym);void * _logos_symbol$_ungrouped$dlopen = (void *)dlopen; MSHookFunction((void *)_logos_symbol$_ungrouped$dlopen, (void *)&_logos_function$_ungrouped$dlopen, (void **)&_logos_orig$_ungrouped$dlopen);void * _logos_symbol$_ungrouped$dlopen_preflight = (void *)dlopen_preflight; MSHookFunction((void *)_logos_symbol$_ungrouped$dlopen_preflight, (void *)&_logos_function$_ungrouped$dlopen_preflight, (void **)&_logos_orig$_ungrouped$dlopen_preflight);void * _logos_symbol$_ungrouped$dlclose = (void *)dlclose; MSHookFunction((void *)_logos_symbol$_ungrouped$dlclose, (void *)&_logos_function$_ungrouped$dlclose, (void **)&_logos_orig$_ungrouped$dlclose);} }
371 | #line 343 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_dylib.xm"
372 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_dylib.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_dylib.xm
3 | Function: iOS tweak to hook dylib related
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 | #import
9 | #import
10 | #import
11 |
12 | #import "CommonConfig.h"
13 | #import "CrifanLibiOS.h"
14 | #import "CrifanLib.h"
15 | #import "JailbreakPathList.h"
16 |
17 | /*==============================================================================
18 | Hook: dladdr()
19 | ==============================================================================*/
20 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dladdr.3.html
21 |
22 |
23 | /*==============================================================================
24 | hook dladdr()
25 | ==============================================================================*/
26 |
27 | void* generateHookedDladdrAddress(void *origAddr);
28 |
29 | const long DLADDR_HOOKED_ADDRESS_BASE = 0xF00000000000;
30 | //const unsigned long DLADDR_HOOKED_ADDRESS_MAX = 0xFFFF000000000000;
31 |
32 | void* generateHookedDladdrAddress(void *origAddr) {
33 | // if ((long)origAddr < (long)DLADDR_HOOKED_ADDRESS_MAX) {
34 | void* hookedAddr = origAddr;
35 | if ((long)origAddr > (long)DLADDR_HOOKED_ADDRESS_BASE) {
36 | hookedAddr = origAddr;
37 | } else {
38 | hookedAddr = (void*)((long)origAddr + DLADDR_HOOKED_ADDRESS_BASE);
39 | }
40 | return hookedAddr;
41 | }
42 |
43 | static bool isHookedDladdrAddress(const void *addr){
44 | bool isHookedAddr = false;
45 | long addrLong = (long) addr;
46 | // if ((addrLong > DLADDR_HOOKED_ADDRESS_BASE) && (addrLong < DLADDR_HOOKED_ADDRESS_MAX)) {
47 | if (addrLong > DLADDR_HOOKED_ADDRESS_BASE) {
48 | isHookedAddr = true;
49 | }
50 |
51 | return isHookedAddr;
52 | }
53 |
54 | static void* hookedToOrigDladdrAddr(const void *hookedAddr){
55 | return (void*) ( (long)hookedAddr - DLADDR_HOOKED_ADDRESS_BASE );
56 | }
57 |
58 | int dladdr(const void *, Dl_info *);
59 | //int dladdr(void *, Dl_info *);
60 | //extern int dladdr(const void *, Dl_info *);
61 |
62 | //%hookf(int, dladdr, void *addr, Dl_info *info){
63 | %hookf(int, dladdr, const void *addr, Dl_info *info){
64 | iosLogDebug("addr=%p,info=%p", addr, info);
65 | int finalRet = DLADDR_FAILED;
66 |
67 | if (NULL == addr) {
68 | iosLogInfo("addr is %s", "NULL");
69 | } else {
70 | void* origAddr = (void*)addr;
71 |
72 | bool isHookedAddr = isHookedDladdrAddress(addr);
73 | if (isHookedAddr) {
74 | origAddr = hookedToOrigDladdrAddr(addr);
75 |
76 | iosLogDebug("addr=%p -> isHookedAddr=%s -> origAddr=%p", addr, boolToStr(isHookedAddr), origAddr);
77 |
78 | if (NULL == origAddr) {
79 | iosLogInfo("addr=%p -> isHookedAddr=%s -> origAddr=%p", addr, boolToStr(isHookedAddr), origAddr);
80 | }
81 | }
82 |
83 | // int origRet = %orig;
84 |
85 | // int origRet = DLADDR_FAILED;
86 | // if (NULL == origAddr) {
87 | // origRet = DLADDR_FAILED;
88 | // } else {
89 | // origRet = %orig(origAddr, info);
90 | // }
91 |
92 | int origRet = %orig(origAddr, info);
93 | finalRet = origRet;
94 |
95 | bool isNotHookedAddr = !isHookedAddr;
96 | bool isNeedHook = cfgHookEnable_dylib_dladdr && isNotHookedAddr;
97 | if (isNeedHook) {
98 | // if (dladdrRetInt > 0) {
99 | if (DLADDR_FAILED != origRet) {
100 | if (NULL != info) {
101 | const char* curImageName = info->dli_fname;
102 | bool isJbDyib = isJailbreakDylib(curImageName);
103 | if (isJbDyib) {
104 | finalRet = DLADDR_FAILED;
105 |
106 | iosLogInfo("addr=%p -> origRet=%d -> dli_fname=%{public}s, dli_fbase=%p, dli_sname=%{public}s, dli_saddr=%p -> isJbDyib=%s -> finalRet=%d", addr, origRet, info->dli_fname, info->dli_fbase, info->dli_sname, info->dli_saddr, boolToStr(isJbDyib), finalRet);
107 | // iosLogInfo("isJbDyib=%s", boolToStr(isJbDyib));
108 | // iosLogInfo("addr=%p -> origRet=%d", addr, origRet);
109 | // iosLogInfo("dli_fname=%{public}s, dli_fbase=%p, dli_sname=%{public}s, dli_saddr=%p", info->dli_fname, info->dli_fbase, info->dli_sname, info->dli_saddr);
110 | // iosLogInfo("finalRet=%d", finalRet);
111 |
112 | size_t dlInfoSize = sizeof(Dl_info);
113 | memset(info, 0, dlInfoSize);
114 | }
115 | }
116 | }
117 | }
118 | }
119 |
120 | return finalRet;
121 | }
122 |
123 | /*
124 | TODO:
125 | https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html
126 | https://man7.org/linux/man-pages/man3/dladdr.3.html
127 | may need support:
128 | int dladdr1(const void *addr, Dl_info *info, void **extra_info, int flags);
129 | */
130 |
131 |
132 | /*==============================================================================
133 | Hook: dlsym()
134 | ==============================================================================*/
135 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dlsym.3.html
136 | void* dlsym(void* handle, const char* symbol);
137 |
138 | %hookf(void*, dlsym, void* handle, const char* symbol) {
139 | iosLogDebug("handle=%p, symbol=%{public}s", handle, symbol);
140 | void* dlsymRetPtr = NULL;
141 |
142 | if (cfgHookEnable_dylib) {
143 | bool shouldHook = false;
144 | bool isJbFuncName = isJailbreakDylibFunctionName(symbol);
145 | bool isPtrace = 0 == strcmp(symbol, "ptrace");
146 | shouldHook = isJbFuncName || isPtrace;
147 | iosLogDebug("isPtrace=%s, shouldHook=%s", boolToStr(isPtrace), boolToStr(shouldHook));
148 | // if (isJbFuncName) {
149 | if (shouldHook) {
150 | dlsymRetPtr = NULL;
151 | } else {
152 | // dlsymRetPtr = %orig(handle, symbol);
153 | dlsymRetPtr = %orig;
154 | }
155 |
156 | // if (isJbFuncName) {
157 | if (shouldHook) {
158 | // iosLogInfo("handle=%p, symbol=%{public}s -> isJbFuncName=%s -> dlsymRetPtr=%p", handle, symbol, boolToStr(isJbFuncName), dlsymRetPtr);
159 | iosLogInfo("handle=%p, symbol=%{public}s -> isJbFuncName=%s, isPtrace=%s -> shouldHook=%s -> dlsymRetPtr=%p", handle, symbol, boolToStr(isJbFuncName), boolToStr(isPtrace), boolToStr(shouldHook), dlsymRetPtr);
160 | }
161 | } else {
162 | // dlsymRetPtr = %orig(handle, symbol);
163 | dlsymRetPtr = %orig;
164 | }
165 |
166 | return dlsymRetPtr;
167 | }
168 |
169 | /*==============================================================================
170 | Hook: dlopen()
171 | ==============================================================================*/
172 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dlopen.3.html
173 | void* dlopen(const char* path, int mode);
174 |
175 | %hookf(void*, dlopen, const char* path, int mode){
176 | iosLogDebug("path=%{public}s, mode=0x%x", path, mode);
177 | void* dlopenRetPtr = NULL;
178 |
179 | if (cfgHookEnable_dylib) {
180 | bool isJbDylib = isJailbreakDylib(path);
181 | if (isJbDylib) {
182 | dlopenRetPtr = NULL;
183 | } else {
184 | // dlopenRetPtr = %orig(path, mode);
185 | dlopenRetPtr = %orig;
186 | }
187 |
188 | if (isJbDylib) {
189 | iosLogInfo("path=%{public}s, mode=0x%x -> isJbDylib=%s -> dlopenRetPtr=%p", path, mode, boolToStr(isJbDylib), dlopenRetPtr);
190 | }
191 | } else {
192 | // dlopenRetPtr = %orig(path, mode);
193 | dlopenRetPtr = %orig;
194 | }
195 |
196 | return dlopenRetPtr;
197 | }
198 |
199 | ////void* _dlopen(const char* path, int mode);
200 | //void* __ZL15dlopen_internalPKciPv(const char* path, int mode);
201 | //
202 | ////%hookf(void*, _dlopen, const char* path, int mode){
203 | //%hookf(void*, __ZL15dlopen_internalPKciPv, const char* path, int mode){
204 | // iosLogInfo("path=%{public}s, mode=0x%x", path, mode);
205 | // return %orig;
206 | //}
207 |
208 |
209 | /*==============================================================================
210 | Hook: dlopen_preflight()
211 | ==============================================================================*/
212 |
213 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dlopen_preflight.3.html#//apple_ref/doc/man/3/dlopen_preflight
214 |
215 | bool dlopen_preflight(const char* path);
216 |
217 | %hookf(bool, dlopen_preflight, const char* path){
218 | bool isPreLoadOk = %orig;
219 | iosLogInfo("path=%{public}s -> isPreLoadOk=%s", path, boolToStr(isPreLoadOk));
220 | return isPreLoadOk;
221 | }
222 |
223 | /*==============================================================================
224 | Hook: dlclose()
225 | ==============================================================================*/
226 |
227 | int dlclose(void* handle);
228 |
229 | %hookf(int, dlclose, void* handle){
230 | bool isJbLib = false;
231 |
232 | Dl_info info;
233 | size_t dlInfoSize = sizeof(Dl_info);
234 | memset(&info, 0, dlInfoSize);
235 |
236 | // dladdr(mhp, &info);
237 | void* hookedAddr = generateHookedDladdrAddress(handle);
238 | dladdr(hookedAddr, &info);
239 |
240 | const char* curImgName = info.dli_fname;
241 | if(curImgName != NULL) {
242 | isJbLib = isJailbreakDylib(curImgName);
243 | }
244 |
245 | if (isJbLib) {
246 | iosLogInfo("handle=%p -> is jb lib: %s", handle, curImgName);
247 | }
248 |
249 | int closeRet = %orig;
250 | iosLogInfo("handle=%p -> closeRet=%d", handle, closeRet);
251 | return closeRet;
252 | }
253 |
254 | /*==============================================================================
255 | ctor
256 | ==============================================================================*/
257 |
258 | //#ifndef kCFCoreFoundationVersionNumber_iOS_11_0
259 | //#define kCFCoreFoundationVersionNumber_iOS_11_0 1443.00
260 | //#endif
261 | //
262 | //#ifndef kCFCoreFoundationVersionNumber_iOS_12_0
263 | //#define kCFCoreFoundationVersionNumber_iOS_12_0 1556.00
264 | //#endif
265 | //
266 | //#ifndef kCFCoreFoundationVersionNumber_iOS_13_0
267 | //#define kCFCoreFoundationVersionNumber_iOS_13_0 1665.15
268 | //#endif
269 | //
270 | //#ifndef kCFCoreFoundationVersionNumber_iOS_14_0
271 | //#define kCFCoreFoundationVersionNumber_iOS_14_0 1740.00
272 | //#endif
273 | //
274 | //#ifndef kCFCoreFoundationVersionNumber_iOS_14_1
275 | //#define kCFCoreFoundationVersionNumber_iOS_14_1 1751.108
276 | //#endif
277 | //
278 | //void* (*dlopen_internal)(const char*, int, void*);
279 | //static void* $dlopen_internal(const char *path, int mode, void* lr) {
280 | // iosLogInfo("path=%{public}s, mode=0x%x, lr=%p", path, mode, lr);
281 | //// @autoreleasepool
282 | //// {
283 | //// if(path != NULL)
284 | //// {
285 | //// NSString* dylibPath = @(path);
286 | ////
287 | //// if(!shouldLoadDylib(dylibPath))
288 | //// {
289 | //// return NULL;
290 | //// }
291 | //// }
292 | //// }
293 | // return dlopen_internal(path, mode, lr);
294 | //}
295 | //
296 | //void* (*dlopen_regular)(const char*, int);
297 | //static void* $dlopen_regular(const char *path, int mode) {
298 | // iosLogInfo("path=%{public}s, mode=0x%x", path, mode);
299 | //// @autoreleasepool
300 | //// {
301 | //// if(path != NULL)
302 | //// {
303 | //// NSString* dylibPath = @(path);
304 | ////
305 | //// if(!shouldLoadDylib(dylibPath))
306 | //// {
307 | //// return NULL;
308 | //// }
309 | //// }
310 | //// }
311 | // return dlopen_regular(path, mode);
312 | //}
313 |
314 |
315 | /*==============================================================================
316 | Ctor
317 | ==============================================================================*/
318 |
319 | %ctor
320 | {
321 | @autoreleasepool
322 | {
323 | iosLogInfo("%s, cfgHookEnable_dylib=%s, cfgHookEnable_dylib_dladdr=%s", "dylib ctor", boolToStr(cfgHookEnable_dylib), boolToStr(cfgHookEnable_dylib_dladdr));
324 |
325 | // TODO: verify whether above %hookf(dlopen) is auto include following _dlopen + __ZL15dlopen_internalPKciPv
326 | // if included, then following hook is not necessary -> can remove
327 |
328 | // // init for dlopen
329 | // MSImageRef libdyldImage = MSGetImageByName("/usr/lib/system/libdyld.dylib");
330 | // iosLogInfo("libdyldImage=%p", libdyldImage);
331 | // if(kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_14_1)
332 | // {
333 | // void* dlopen_internal_ptr = MSFindSymbol(libdyldImage, "__ZL15dlopen_internalPKciPv");
334 | // MSHookFunction(dlopen_internal_ptr, (void*)$dlopen_internal, (void**)&dlopen_internal);
335 | // iosLogInfo("hook __ZL15dlopen_internalPKciPv %p", dlopen_internal_ptr);
336 | // } else {
337 | // void* dlopen_regular_ptr = MSFindSymbol(libdyldImage, "_dlopen");
338 | // MSHookFunction(dlopen_regular_ptr, (void*)$dlopen_regular, (void**)&dlopen_regular);
339 | // iosLogInfo("hook _dlopen %p", dlopen_regular_ptr);
340 | // }
341 | }
342 | }
343 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_init.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_init.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import
9 |
10 | #import "CommonConfig.h"
11 | #import "CrifanLibiOS.h"
12 | #import "CrifanLib.h"
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 | bool cfgHookEnable = true;
24 |
25 |
26 |
27 |
28 | bool cfgHookEnable_aweme = true;
29 |
30 |
31 | bool cfgHookEnable_dyld = true;
32 |
33 |
34 | bool cfgHookEnable_dylib = true;
35 |
36 |
37 | bool cfgHookEnable_dylib_dladdr = true;
38 |
39 |
40 |
41 |
42 | bool cfgHookEnable_misc = true;
43 |
44 |
45 | bool cfgHookEnable_macho = true;
46 |
47 |
48 |
49 |
50 | bool cfgHookEnable_openFileC = true;
51 |
52 |
53 | bool cfgHookEnable_openFileC_open = true;
54 |
55 |
56 |
57 | bool cfgHookEnable_openFileC_fopen = true;
58 | bool cfgHookEnable_openFileC_faccessat = true;
59 | bool cfgHookEnable_openFileC___opendir2 = true;
60 |
61 |
62 | bool cfgHookEnable_openFileiOS = true;
63 |
64 |
65 | bool cfgHookEnable_syscall = true;
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | bool cfgHookEnable_writeFileiOS = false;
76 |
77 |
78 |
79 |
80 | bool cfgHookEnable_sysctl = true;
81 |
82 | bool cfgHookEnable_sysctl_sysctl = true;
83 |
84 |
85 |
86 |
87 |
88 | static __attribute__((constructor)) void _logosLocalCtor_93db85ed(int __unused argc, char __unused **argv, char __unused **envp)
89 | {
90 | @autoreleasepool
91 | {
92 | iosLogInfo("%s", "Init ctor");
93 |
94 | #ifdef FOR_RELEASE
95 | bool isExpired = isTimeExpired(EXPIRED_TIME_STR);
96 | iosLogInfo("EXPIRED_TIME_STR=%s -> isExpired=%s", EXPIRED_TIME_STR, boolToStr(isExpired));
97 | if (isExpired) {
98 | cfgHookEnable = false;
99 | }
100 | #endif
101 | iosLogInfo("cfgHookEnable=%s", boolToStr(cfgHookEnable));
102 |
103 | if (cfgHookEnable) {
104 |
105 | initRandomChar();
106 | iosLogInfo("%s", "inited random char");
107 |
108 |
109 | cfgHookEnable_writeFileiOS = false;
110 | } else {
111 |
112 | cfgHookEnable_aweme = false;
113 | cfgHookEnable_dyld = false;
114 | cfgHookEnable_dylib = false;
115 | cfgHookEnable_misc = false;
116 | cfgHookEnable_macho = false;
117 | cfgHookEnable_openFileC = false;
118 | cfgHookEnable_openFileiOS = false;
119 | cfgHookEnable_syscall = false;
120 |
121 |
122 | cfgHookEnable_writeFileiOS = false;
123 |
124 |
125 | }
126 |
127 | if (false == cfgHookEnable_openFileC) {
128 | cfgHookEnable_openFileC_open = false;
129 | cfgHookEnable_openFileC_fopen = false;
130 | cfgHookEnable_openFileC_faccessat = false;
131 | cfgHookEnable_openFileC___opendir2 = false;
132 | }
133 |
134 | if (false == cfgHookEnable_dylib) {
135 | cfgHookEnable_dylib_dladdr = false;
136 | }
137 |
138 | if (false == cfgHookEnable_sysctl) {
139 | cfgHookEnable_sysctl_sysctl = false;
140 | }
141 |
142 | }
143 | }
144 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_init.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_init.xm
3 | Function: iOS tweak global init
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 |
9 | #import "CommonConfig.h"
10 | #import "CrifanLibiOS.h"
11 | #import "CrifanLib.h"
12 |
13 | /*==============================================================================
14 | Const
15 | ==============================================================================*/
16 |
17 | /*==============================================================================
18 | Gobal Variable
19 | ==============================================================================*/
20 |
21 | // all module
22 | bool cfgHookEnable = true;
23 |
24 | /* ---------- Bypass Jailbreak Detection related ---------- */
25 |
26 | // sub module: aweme
27 | bool cfgHookEnable_aweme = true;
28 |
29 | // sub module: dyld
30 | bool cfgHookEnable_dyld = true;
31 |
32 | // sub module: dylib
33 | bool cfgHookEnable_dylib = true;
34 |
35 | // sub module dylib sub functions
36 | bool cfgHookEnable_dylib_dladdr = true;
37 | //for debug
38 | //bool cfgHookEnable_dylib_dladdr = false;
39 |
40 | // sub module: misc
41 | bool cfgHookEnable_misc = true;
42 |
43 | // sub module: mach-o
44 | bool cfgHookEnable_macho = true;
45 | //// for debug
46 | //bool cfgHookEnable_macho = false;
47 |
48 | // sub module: openFile_C
49 | bool cfgHookEnable_openFileC = true;
50 | // sub module openFile_C sub functions
51 |
52 | bool cfgHookEnable_openFileC_open = true;
53 | //// for debug
54 | //bool cfgHookEnable_openFileC_open = false;
55 |
56 | bool cfgHookEnable_openFileC_fopen = true;
57 | bool cfgHookEnable_openFileC_faccessat = true;
58 | bool cfgHookEnable_openFileC___opendir2 = true;
59 |
60 | // sub module: openFile_iOS
61 | bool cfgHookEnable_openFileiOS = true;
62 |
63 | // sub module: syscall
64 | bool cfgHookEnable_syscall = true;
65 |
66 | // SPECIAL:
67 |
68 | // enable hook module: writeFile_iOS
69 | //bool cfgHookEnable_writeFileiOS = true;
70 |
71 | // Note: actually jailbreak and non-jailbreak iOS, both can NOT write, so no need hook here
72 | // is enbable hook, should: add return related (like 513) error NSError
73 | // otherwise jailbreak check returned error, will find iOS is jailbreaked
74 | bool cfgHookEnable_writeFileiOS = false;
75 |
76 | /* ---------- Common Part related ---------- */
77 |
78 | // sub module: sysctl
79 | bool cfgHookEnable_sysctl = true;
80 | // sub module sysctl sub functions
81 | bool cfgHookEnable_sysctl_sysctl = true;
82 |
83 | /*==============================================================================
84 | Ctor
85 | ==============================================================================*/
86 |
87 | %ctor
88 | {
89 | @autoreleasepool
90 | {
91 | iosLogInfo("%s", "Init ctor");
92 |
93 | #ifdef FOR_RELEASE
94 | bool isExpired = isTimeExpired(EXPIRED_TIME_STR);
95 | iosLogInfo("EXPIRED_TIME_STR=%s -> isExpired=%s", EXPIRED_TIME_STR, boolToStr(isExpired)); // isExpired=True
96 | if (isExpired) {
97 | cfgHookEnable = false;
98 | }
99 | #endif
100 | iosLogInfo("cfgHookEnable=%s", boolToStr(cfgHookEnable));
101 |
102 | if (cfgHookEnable) {
103 | // init random for later call randomStr
104 | initRandomChar();
105 | iosLogInfo("%s", "inited random char");
106 |
107 | // SPECIAL
108 | cfgHookEnable_writeFileiOS = false;
109 | } else {
110 | // Bypass Jailbreak Detection related
111 | cfgHookEnable_aweme = false;
112 | cfgHookEnable_dyld = false;
113 | cfgHookEnable_dylib = false;
114 | cfgHookEnable_misc = false;
115 | cfgHookEnable_macho = false;
116 | cfgHookEnable_openFileC = false;
117 | cfgHookEnable_openFileiOS = false;
118 | cfgHookEnable_syscall = false;
119 |
120 | // SPECIAL
121 | cfgHookEnable_writeFileiOS = false;
122 |
123 | // Common Part related
124 | }
125 |
126 | if (false == cfgHookEnable_openFileC) {
127 | cfgHookEnable_openFileC_open = false;
128 | cfgHookEnable_openFileC_fopen = false;
129 | cfgHookEnable_openFileC_faccessat = false;
130 | cfgHookEnable_openFileC___opendir2 = false;
131 | }
132 |
133 | if (false == cfgHookEnable_dylib) {
134 | cfgHookEnable_dylib_dladdr = false;
135 | }
136 |
137 | if (false == cfgHookEnable_sysctl) {
138 | cfgHookEnable_sysctl_sysctl = false;
139 | }
140 |
141 | }
142 | }
143 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_machO.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_machO.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import "mach-o/getsect.h"
9 | #import
10 | #import
11 |
12 | #import "objc/runtime.h"
13 |
14 | #import "CommonConfig.h"
15 | #import "CrifanLibiOS.h"
16 | #import "CrifanLib.h"
17 | #import "JailbreakPathList.h"
18 |
19 | extern void* generateHookedDladdrAddress(void *origAddr);
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 | uint8_t* getsegmentdata(const struct mach_header_64 *mhp, const char *segname, unsigned long *size);
30 |
31 |
32 | #include
33 | #if defined(__clang__)
34 | #if __has_feature(objc_arc)
35 | #define _LOGOS_SELF_TYPE_NORMAL __unsafe_unretained
36 | #define _LOGOS_SELF_TYPE_INIT __attribute__((ns_consumed))
37 | #define _LOGOS_SELF_CONST const
38 | #define _LOGOS_RETURN_RETAINED __attribute__((ns_returns_retained))
39 | #else
40 | #define _LOGOS_SELF_TYPE_NORMAL
41 | #define _LOGOS_SELF_TYPE_INIT
42 | #define _LOGOS_SELF_CONST
43 | #define _LOGOS_RETURN_RETAINED
44 | #endif
45 | #else
46 | #define _LOGOS_SELF_TYPE_NORMAL
47 | #define _LOGOS_SELF_TYPE_INIT
48 | #define _LOGOS_SELF_CONST
49 | #define _LOGOS_RETURN_RETAINED
50 | #endif
51 |
52 |
53 |
54 |
55 | #line 30 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_machO.xm"
56 | __unused static uint8_t* (*_logos_orig$_ungrouped$getsegmentdata)(const struct mach_header_64 *mhp, const char *segname, unsigned long *size); __unused static uint8_t* _logos_function$_ungrouped$getsegmentdata(const struct mach_header_64 *mhp, const char *segname, unsigned long *size){
57 |
58 | uint8_t* retSegData = _logos_orig$_ungrouped$getsegmentdata(mhp, segname, size);
59 |
60 | return retSegData;
61 | }
62 |
63 |
64 |
65 |
66 |
67 | const struct section_64* getsectbyname(const char *segname, const char *sectname);
68 |
69 | __unused static const struct section_64* (*_logos_orig$_ungrouped$getsectbyname)(const char *segname, const char *sectname); __unused static const struct section_64* _logos_function$_ungrouped$getsectbyname(const char *segname, const char *sectname){
70 | const struct section_64* retSection = _logos_orig$_ungrouped$getsectbyname(segname, sectname);
71 | iosLogInfo("segname=%{public}s,sectname=%{public}s -> retSection=%p", segname, sectname, retSection);
72 | return retSection;
73 | }
74 |
75 |
76 |
77 |
78 |
79 | const struct segment_command_64* getsegbyname(const char *segname);
80 |
81 | __unused static const struct segment_command_64* (*_logos_orig$_ungrouped$getsegbyname)(const char *segname); __unused static const struct segment_command_64* _logos_function$_ungrouped$getsegbyname(const char *segname){
82 | const struct segment_command_64* retSegCmd = _logos_orig$_ungrouped$getsegbyname(segname);
83 | iosLogInfo("segname=%{public}s -> retSegCmd=%p", segname, retSegCmd);
84 | return retSegCmd;
85 | }
86 |
87 |
88 |
89 |
90 |
91 | const struct section* getsectbynamefromheaderwithswap_64(struct mach_header_64 *mhp, const char *segname, const char *sectname, int fSwap);
92 |
93 | __unused static const struct section* (*_logos_orig$_ungrouped$getsectbynamefromheaderwithswap_64)(struct mach_header_64 *mhp, const char *segname, const char *sectname, int fSwap); __unused static const struct section* _logos_function$_ungrouped$getsectbynamefromheaderwithswap_64(struct mach_header_64 *mhp, const char *segname, const char *sectname, int fSwap){
94 | const struct section* retSection = _logos_orig$_ungrouped$getsectbynamefromheaderwithswap_64(mhp, segname, sectname, fSwap);
95 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,fSwap=%d -> retSection=%p", mhp, segname, sectname, fSwap, retSection);
96 | return retSection;
97 | }
98 |
99 |
100 |
101 |
102 |
103 | extern char* getsectdata(const char *segname, const char *sectname, unsigned long *size);
104 |
105 | __unused static char* (*_logos_orig$_ungrouped$getsectdata)(const char *segname, const char *sectname, unsigned long *size); __unused static char* _logos_function$_ungrouped$getsectdata(const char *segname, const char *sectname, unsigned long *size){
106 | char* sectDataStr = _logos_orig$_ungrouped$getsectdata(segname, sectname, size);
107 | iosLogInfo("segname=%{public}s,sectname=%{public}s,*size=%lu -> sectDataStr=%s", segname, sectname, *size, sectDataStr);
108 | return sectDataStr;
109 | }
110 |
111 |
112 |
113 |
114 |
115 | char* getsectdatafromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname, uint64_t *size);
116 |
117 | __unused static char* (*_logos_orig$_ungrouped$getsectdatafromheader_64)(const struct mach_header_64 *mhp, const char *segname, const char *sectname, uint64_t *size); __unused static char* _logos_function$_ungrouped$getsectdatafromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname, uint64_t *size){
118 | char* retSectDataStr = _logos_orig$_ungrouped$getsectdatafromheader_64(mhp, segname, sectname, size);
119 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,*size=%llu -> retSectData=%{public}s", mhp, segname, sectname, *size, retSectDataStr);
120 | return retSectDataStr;
121 | }
122 |
123 |
124 |
125 |
126 |
127 | char* getsectdatafromFramework(const char *FrameworkName, const char *segname, const char *sectname, unsigned long *size);
128 |
129 | __unused static char * (*_logos_orig$_ungrouped$getsectdatafromFramework)(const char *FrameworkName, const char *segname, const char *sectname, unsigned long *size); __unused static char * _logos_function$_ungrouped$getsectdatafromFramework(const char *FrameworkName, const char *segname, const char *sectname, unsigned long *size){
130 | char* sectDataFrameworkStr = _logos_orig$_ungrouped$getsectdatafromFramework(FrameworkName, segname, sectname, size);
131 | iosLogInfo("FrameworkName=%{public}s,segname=%{public}s,sectname=%{public}s,*size=%lu -> sectDataFrameworkStr=%s", FrameworkName, segname, sectname, *size, sectDataFrameworkStr);
132 | return sectDataFrameworkStr;
133 | }
134 |
135 |
136 |
137 |
138 |
139 |
140 | const struct section* getsectbynamefromheader(const struct mach_header *mhp, const char *segname, const char *sectname);
141 |
142 | __unused static const struct section* (*_logos_orig$_ungrouped$getsectbynamefromheader)(const struct mach_header *mhp, const char *segname, const char *sectname); __unused static const struct section* _logos_function$_ungrouped$getsectbynamefromheader(const struct mach_header *mhp, const char *segname, const char *sectname){
143 | const struct section* retSection = _logos_orig$_ungrouped$getsectbynamefromheader(mhp, segname, sectname);
144 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection=%p", mhp, segname, sectname, retSection);
145 | return retSection;
146 | }
147 |
148 | const struct section_64* getsectbynamefromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname);
149 |
150 | __unused static const struct section_64 * (*_logos_orig$_ungrouped$getsectbynamefromheader_64)(const struct mach_header_64 *mhp, const char *segname, const char *sectname); __unused static const struct section_64 * _logos_function$_ungrouped$getsectbynamefromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname){
151 | const struct section_64* retSection64 = _logos_orig$_ungrouped$getsectbynamefromheader_64(mhp, segname, sectname);
152 |
153 | bool isJbLib = false;
154 |
155 | Dl_info info;
156 | size_t dlInfoSize = sizeof(Dl_info);
157 | memset(&info, 0, dlInfoSize);
158 |
159 |
160 | void* hookedAddr = generateHookedDladdrAddress((void*)mhp);
161 | dladdr(hookedAddr, &info);
162 |
163 | const char* curImgName = info.dli_fname;
164 | if(curImgName != NULL) {
165 | isJbLib = isJailbreakDylib(curImgName);
166 | }
167 |
168 | if (isJbLib) {
169 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection64=%p -> isJbLib=%s", mhp, segname, sectname, retSection64, boolToStr(isJbLib));
170 | retSection64 = NULL;
171 | } else {
172 | iosLogDebug("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection64=%p", mhp, segname, sectname, retSection64);
173 | }
174 |
175 | return retSection64;
176 | }
177 |
178 |
179 |
180 |
181 |
182 | extern uint8_t *getsectiondata(
183 | const struct mach_header_64 *mhp,
184 | const char *segname,
185 | const char *sectname,
186 | unsigned long *size);
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 | __unused static uint8_t* (*_logos_orig$_ungrouped$getsectiondata)(const struct mach_header_64 *mhp, const char *segname, const char *sectname, unsigned long *size); __unused static uint8_t* _logos_function$_ungrouped$getsectiondata(const struct mach_header_64 *mhp, const char *segname, const char *sectname, unsigned long *size){
195 | iosLogDebug("mhp=%p,segname=%{public}s,sectname=%{public}s,size=%p", mhp, segname, sectname, size);
196 |
197 | uint8_t* origRetIntP = _logos_orig$_ungrouped$getsectiondata(mhp, segname, sectname, size);
198 |
199 | if (cfgHookEnable_macho) {
200 | bool isJbLib = false;
201 | bool isShowLog = false;
202 |
203 | Dl_info info;
204 | size_t dlInfoSize = sizeof(Dl_info);
205 | memset(&info, 0, dlInfoSize);
206 |
207 |
208 | void* hookedAddr = generateHookedDladdrAddress((void*)mhp);
209 | dladdr(hookedAddr, &info);
210 |
211 | const char* curImgName = info.dli_fname;
212 | if(curImgName != NULL) {
213 | isJbLib = isJailbreakDylib(curImgName);
214 | }
215 |
216 | if (isJbLib) {
217 |
218 | if( size && (*size > 0) ) {
219 | isShowLog = true;
220 |
221 |
222 |
223 |
224 |
225 | if (
226 | strstr(curImgName, "AppSyncUnified") && \
227 | (0==strcmp(segname, "__TEXT"))
228 |
229 | ) {
230 | isShowLog = false;
231 | }
232 |
233 |
234 | if (strstr(curImgName, "Choicy")) {
235 | isShowLog = false;
236 | }
237 |
238 |
239 | if (strstr(curImgName, "librocketbootstrap")) {
240 | isShowLog = false;
241 | }
242 |
243 |
244 | if (isShowLog) {
245 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,size=%p ===> *size=%lu, curImgName=%{public}s, isJbLib=%s", mhp, segname, sectname, size, size ? *size : 0, curImgName, boolToStr(isJbLib));
246 | }
247 | }
248 | }
249 |
250 | if (isJbLib) {
251 | origRetIntP = NULL;
252 | if (NULL != size) {
253 | *size = 0;
254 | }
255 | }
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 |
264 |
265 |
266 | }
267 |
268 |
269 |
270 |
271 |
272 |
273 | return origRetIntP;
274 | }
275 |
276 |
277 |
278 |
279 |
280 | static __attribute__((constructor)) void _logosLocalCtor_c24cd76e(int __unused argc, char __unused **argv, char __unused **envp)
281 | {
282 | @autoreleasepool
283 | {
284 | iosLogInfo("%s, cfgHookEnable_macho=%s", "Mach-O ctor", boolToStr(cfgHookEnable_macho));
285 | }
286 | }
287 | static __attribute__((constructor)) void _logosLocalInit() {
288 | {void * _logos_symbol$_ungrouped$getsegmentdata = (void *)getsegmentdata; MSHookFunction((void *)_logos_symbol$_ungrouped$getsegmentdata, (void *)&_logos_function$_ungrouped$getsegmentdata, (void **)&_logos_orig$_ungrouped$getsegmentdata);void * _logos_symbol$_ungrouped$getsectbyname = (void *)getsectbyname; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectbyname, (void *)&_logos_function$_ungrouped$getsectbyname, (void **)&_logos_orig$_ungrouped$getsectbyname);void * _logos_symbol$_ungrouped$getsegbyname = (void *)getsegbyname; MSHookFunction((void *)_logos_symbol$_ungrouped$getsegbyname, (void *)&_logos_function$_ungrouped$getsegbyname, (void **)&_logos_orig$_ungrouped$getsegbyname);void * _logos_symbol$_ungrouped$getsectbynamefromheaderwithswap_64 = (void *)getsectbynamefromheaderwithswap_64; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectbynamefromheaderwithswap_64, (void *)&_logos_function$_ungrouped$getsectbynamefromheaderwithswap_64, (void **)&_logos_orig$_ungrouped$getsectbynamefromheaderwithswap_64);void * _logos_symbol$_ungrouped$getsectdata = (void *)getsectdata; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectdata, (void *)&_logos_function$_ungrouped$getsectdata, (void **)&_logos_orig$_ungrouped$getsectdata);void * _logos_symbol$_ungrouped$getsectdatafromheader_64 = (void *)getsectdatafromheader_64; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectdatafromheader_64, (void *)&_logos_function$_ungrouped$getsectdatafromheader_64, (void **)&_logos_orig$_ungrouped$getsectdatafromheader_64);void * _logos_symbol$_ungrouped$getsectdatafromFramework = (void *)getsectdatafromFramework; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectdatafromFramework, (void *)&_logos_function$_ungrouped$getsectdatafromFramework, (void **)&_logos_orig$_ungrouped$getsectdatafromFramework);void * _logos_symbol$_ungrouped$getsectbynamefromheader = (void *)getsectbynamefromheader; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectbynamefromheader, (void *)&_logos_function$_ungrouped$getsectbynamefromheader, (void **)&_logos_orig$_ungrouped$getsectbynamefromheader);void * _logos_symbol$_ungrouped$getsectbynamefromheader_64 = (void *)getsectbynamefromheader_64; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectbynamefromheader_64, (void *)&_logos_function$_ungrouped$getsectbynamefromheader_64, (void **)&_logos_orig$_ungrouped$getsectbynamefromheader_64);void * _logos_symbol$_ungrouped$getsectiondata = (void *)getsectiondata; MSHookFunction((void *)_logos_symbol$_ungrouped$getsectiondata, (void *)&_logos_function$_ungrouped$getsectiondata, (void **)&_logos_orig$_ungrouped$getsectiondata);} }
289 | #line 261 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_machO.xm"
290 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_machO.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_machO.xm
3 | Function: iOS tweak to hook Mach-O items
4 | Author: Crifan Li
5 | */
6 |
7 | #import "mach-o/getsect.h"
8 | #import
9 | #import
10 |
11 | #import "objc/runtime.h"
12 |
13 | #import "CommonConfig.h"
14 | #import "CrifanLibiOS.h"
15 | #import "CrifanLib.h"
16 | #import "JailbreakPathList.h"
17 |
18 | extern void* generateHookedDladdrAddress(void *origAddr);
19 |
20 | // https://opensource.apple.com/source/cctools/cctools-895/include/mach-o/getsect.h.auto.html
21 |
22 | /*==============================================================================
23 | Hook: getsegbyname
24 | ==============================================================================*/
25 |
26 | // Note: if add log, Aweme will crash
27 |
28 | uint8_t* getsegmentdata(const struct mach_header_64 *mhp, const char *segname, unsigned long *size);
29 |
30 | %hookf(uint8_t*, getsegmentdata, const struct mach_header_64 *mhp, const char *segname, unsigned long *size){
31 | // iosLogInfo("mhp=%p,segname=%{public}s,size=%p", mhp, segname, size);
32 | uint8_t* retSegData = %orig;
33 | // iosLogInfo("mhp=%p,segname=%{public}s,*size=%lu -> retSegCmd=%p", mhp, segname, *size, retSegData);
34 | return retSegData;
35 | }
36 |
37 | /*==============================================================================
38 | Hook: getsectdatafromFramework
39 | ==============================================================================*/
40 |
41 | const struct section_64* getsectbyname(const char *segname, const char *sectname);
42 |
43 | %hookf(const struct section_64*, getsectbyname, const char *segname, const char *sectname){
44 | const struct section_64* retSection = %orig;
45 | iosLogInfo("segname=%{public}s,sectname=%{public}s -> retSection=%p", segname, sectname, retSection);
46 | return retSection;
47 | }
48 |
49 | /*==============================================================================
50 | Hook: getsegbyname
51 | ==============================================================================*/
52 |
53 | const struct segment_command_64* getsegbyname(const char *segname);
54 |
55 | %hookf(const struct segment_command_64*, getsegbyname, const char *segname){
56 | const struct segment_command_64* retSegCmd = %orig;
57 | iosLogInfo("segname=%{public}s -> retSegCmd=%p", segname, retSegCmd);
58 | return retSegCmd;
59 | }
60 |
61 | /*==============================================================================
62 | Hook: getsectbynamefromheaderwithswap_64
63 | ==============================================================================*/
64 |
65 | const struct section* getsectbynamefromheaderwithswap_64(struct mach_header_64 *mhp, const char *segname, const char *sectname, int fSwap);
66 |
67 | %hookf(const struct section*, getsectbynamefromheaderwithswap_64, struct mach_header_64 *mhp, const char *segname, const char *sectname, int fSwap){
68 | const struct section* retSection = %orig;
69 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,fSwap=%d -> retSection=%p", mhp, segname, sectname, fSwap, retSection);
70 | return retSection;
71 | }
72 |
73 | /*==============================================================================
74 | Hook: getsectdata
75 | ==============================================================================*/
76 |
77 | extern char* getsectdata(const char *segname, const char *sectname, unsigned long *size);
78 |
79 | %hookf(char*, getsectdata, const char *segname, const char *sectname, unsigned long *size){
80 | char* sectDataStr = %orig;
81 | iosLogInfo("segname=%{public}s,sectname=%{public}s,*size=%lu -> sectDataStr=%s", segname, sectname, *size, sectDataStr);
82 | return sectDataStr;
83 | }
84 |
85 | /*==============================================================================
86 | Hook: getsectdatafromheader_64
87 | ==============================================================================*/
88 |
89 | char* getsectdatafromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname, uint64_t *size);
90 |
91 | %hookf(char*, getsectdatafromheader_64, const struct mach_header_64 *mhp, const char *segname, const char *sectname, uint64_t *size){
92 | char* retSectDataStr = %orig;
93 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,*size=%llu -> retSectData=%{public}s", mhp, segname, sectname, *size, retSectDataStr);
94 | return retSectDataStr;
95 | }
96 |
97 | /*==============================================================================
98 | Hook: getsectdatafromFramework
99 | ==============================================================================*/
100 |
101 | char* getsectdatafromFramework(const char *FrameworkName, const char *segname, const char *sectname, unsigned long *size);
102 |
103 | %hookf(char *, getsectdatafromFramework, const char *FrameworkName, const char *segname, const char *sectname, unsigned long *size){
104 | char* sectDataFrameworkStr = %orig;
105 | iosLogInfo("FrameworkName=%{public}s,segname=%{public}s,sectname=%{public}s,*size=%lu -> sectDataFrameworkStr=%s", FrameworkName, segname, sectname, *size, sectDataFrameworkStr);
106 | return sectDataFrameworkStr;
107 | }
108 |
109 | /*==============================================================================
110 | Hook: getsectbynamefromheader getsectbynamefromheader_64
111 | ==============================================================================*/
112 |
113 | // Not found: Aweme call getsectbynamefromheader
114 | const struct section* getsectbynamefromheader(const struct mach_header *mhp, const char *segname, const char *sectname);
115 |
116 | %hookf(const struct section*, getsectbynamefromheader, const struct mach_header *mhp, const char *segname, const char *sectname){
117 | const struct section* retSection = %orig;
118 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection=%p", mhp, segname, sectname, retSection);
119 | return retSection;
120 | }
121 |
122 | const struct section_64* getsectbynamefromheader_64(const struct mach_header_64 *mhp, const char *segname, const char *sectname);
123 |
124 | %hookf(const struct section_64 *, getsectbynamefromheader_64, const struct mach_header_64 *mhp, const char *segname, const char *sectname){
125 | const struct section_64* retSection64 = %orig;
126 |
127 | bool isJbLib = false;
128 |
129 | Dl_info info;
130 | size_t dlInfoSize = sizeof(Dl_info);
131 | memset(&info, 0, dlInfoSize);
132 |
133 | // dladdr(mhp, &info);
134 | void* hookedAddr = generateHookedDladdrAddress((void*)mhp);
135 | dladdr(hookedAddr, &info);
136 |
137 | const char* curImgName = info.dli_fname;
138 | if(curImgName != NULL) {
139 | isJbLib = isJailbreakDylib(curImgName);
140 | }
141 |
142 | if (isJbLib) {
143 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection64=%p -> isJbLib=%s", mhp, segname, sectname, retSection64, boolToStr(isJbLib));
144 | retSection64 = NULL;
145 | } else {
146 | iosLogDebug("mhp=%p,segname=%{public}s,sectname=%{public}s -> retSection64=%p", mhp, segname, sectname, retSection64);
147 | }
148 |
149 | return retSection64;
150 | }
151 |
152 | /*==============================================================================
153 | Hook: getsectiondata
154 | ==============================================================================*/
155 |
156 | extern uint8_t *getsectiondata(
157 | const struct mach_header_64 *mhp,
158 | const char *segname,
159 | const char *sectname,
160 | unsigned long *size);
161 |
162 | //extern uint8_t *getsectiondata(
163 | // const struct mach_header *mhp,
164 | // const char *segname,
165 | // const char *sectname,
166 | // unsigned long *size);
167 |
168 | %hookf(uint8_t*, getsectiondata, const struct mach_header_64 *mhp, const char *segname, const char *sectname, unsigned long *size){
169 | iosLogDebug("mhp=%p,segname=%{public}s,sectname=%{public}s,size=%p", mhp, segname, sectname, size);
170 |
171 | uint8_t* origRetIntP = %orig;
172 |
173 | if (cfgHookEnable_macho) {
174 | bool isJbLib = false;
175 | bool isShowLog = false;
176 |
177 | Dl_info info;
178 | size_t dlInfoSize = sizeof(Dl_info);
179 | memset(&info, 0, dlInfoSize);
180 |
181 | // dladdr(mhp, &info);
182 | void* hookedAddr = generateHookedDladdrAddress((void*)mhp);
183 | dladdr(hookedAddr, &info);
184 |
185 | const char* curImgName = info.dli_fname;
186 | if(curImgName != NULL) {
187 | isJbLib = isJailbreakDylib(curImgName);
188 | }
189 |
190 | if (isJbLib) {
191 | // isShowLog = true;
192 | if( size && (*size > 0) ) {
193 | isShowLog = true;
194 |
195 | //#ifdef XCODE_DEBUG
196 | // Note: MUST filter out following log, otherwise Aweme will crash
197 |
198 | // // getsectiondata: mhp=0x114af0000,segname=__TEXT,sectname=__swift5_replace,size=0x16fbf7df8 ===> *size=6169788088, curImgName=/Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib, isJbLib=True
199 | if (
200 | strstr(curImgName, "AppSyncUnified") && \
201 | (0==strcmp(segname, "__TEXT"))
202 | // ( (0==strcmp(sectname, "__swift5_replace")) || (0==strcmp(sectname, "__swift5_types")) ) \
203 | ) {
204 | isShowLog = false;
205 | }
206 |
207 | // "/Library/MobileSubstrate/DynamicLibraries/ Choicy.dylib"
208 | if (strstr(curImgName, "Choicy")) {
209 | isShowLog = false;
210 | }
211 |
212 | // /usr/lib/librocketbootstrap.dylib
213 | if (strstr(curImgName, "librocketbootstrap")) {
214 | isShowLog = false;
215 | }
216 | //#endif
217 |
218 | if (isShowLog) {
219 | iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,size=%p ===> *size=%lu, curImgName=%{public}s, isJbLib=%s", mhp, segname, sectname, size, size ? *size : 0, curImgName, boolToStr(isJbLib));
220 | }
221 | }
222 | }
223 |
224 | if (isJbLib) {
225 | origRetIntP = NULL;
226 | if (NULL != size) {
227 | *size = 0;
228 | }
229 | }
230 |
231 | // if (NULL != size) {
232 | // if (*size > 0) {
233 | // isShowLog = true;
234 | // }
235 | // }
236 |
237 | // if (isShowLog) {
238 | // iosLogInfo("mhp=%p,segname=%{public}s,sectname=%{public}s,size=%p ===> *size=%lu, curImgName=%{public}s, isJbLib=%s", mhp, segname, sectname, size, size ? *size : 0, curImgName, boolToStr(isJbLib));
239 | // }
240 | }
241 |
242 | // // for debug
243 | // if (origRetIntP != NULL) {
244 | // printf("origRetIntP=%p", origRetIntP);
245 | // }
246 |
247 | return origRetIntP;
248 | }
249 |
250 | /*==============================================================================
251 | Ctor
252 | ==============================================================================*/
253 |
254 | %ctor
255 | {
256 | @autoreleasepool
257 | {
258 | iosLogInfo("%s, cfgHookEnable_macho=%s", "Mach-O ctor", boolToStr(cfgHookEnable_macho));
259 | }
260 | }
261 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_misc.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_misc.xm
3 | Function: iOS tweak to hook miscellaneous items
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 |
9 | #import
10 |
11 | #import "CommonConfig.h"
12 | #import "CrifanLibiOS.h"
13 | #import "CrifanLib.h"
14 | #import "JailbreakPathList.h"
15 |
16 | /*==============================================================================
17 | Hook: UIApplication canOpenURL:
18 | ==============================================================================*/
19 |
20 | /*
21 | hook url scheme, eg: cydia://
22 | */
23 |
24 | %hook UIApplication
25 |
26 | const char* CydiaPrefix = "cydia://";
27 |
28 | - (BOOL)canOpenURL:(NSURL *)url
29 | {
30 | iosLogDebug("url=%{public}@", url);
31 | bool couldOpen = false;
32 | bool isCydia = false;
33 |
34 | if (cfgHookEnable_misc) {
35 | NSString *urlNSStr = [url absoluteString];
36 | const char* urlStr = [urlNSStr UTF8String];
37 | char* urlStrLower = strToLowercase(urlStr);
38 | iosLogDebug("urlStrLower=%s", urlStrLower);
39 | isCydia = strStartsWith(urlStrLower, CydiaPrefix);
40 | free(urlStrLower);
41 | iosLogDebug("isCydia=%{public}s", boolToStr(isCydia));
42 |
43 | if(isCydia){
44 | couldOpen = false;
45 | } else{
46 | // couldOpen = %orig(url);
47 | couldOpen = %orig;
48 | }
49 | } else {
50 | couldOpen = %orig;
51 | }
52 |
53 | // for debug
54 | // if (isCydia) {
55 | iosLogInfo("url=%{public}@ -> isCydia=%{public}s -> couldOpen=%{public}s", url, boolToStr(isCydia), boolToStr(couldOpen));
56 | // }
57 | return couldOpen;
58 | }
59 |
60 | %end
61 |
62 |
63 | ///*==============================================================================
64 | // Hook: system(NULL)
65 | //==============================================================================*/
66 | //
67 | ////int system(const char *command);
68 | //
69 | //%hookf(int, system, const char *command){
70 | // iosLogDebug("command=%s", command);
71 | // return %orig;
72 | //}
73 |
74 |
75 |
76 | /*==============================================================================
77 | Hook: getenv(DYLD_INSERT_LIBRARIES)
78 | ==============================================================================*/
79 |
80 | char * getenv(const char* name);
81 | const char* DYLD_INSERT_LIBRARIES = "DYLD_INSERT_LIBRARIES";
82 |
83 | %hookf(char *, getenv, const char* name){
84 | // char* getenvRetStr = %orig(name);
85 | char* getenvRetStr = %orig;
86 |
87 | if (cfgHookEnable_misc) {
88 | // iosLogDebug("name=%s", name);
89 | // NSLog(@"getenv name");
90 |
91 | // "_CFXNOTIFICATIONREGISTAR2_ENABLED" will cause crash
92 | if (strStartsWith(name, "DYLD_")){
93 | // if (!strStartsWith(name, "_")){
94 | // iosLogInfo("not start with '_', name=%s", name);
95 | iosLogInfo("DYLD_ name=%s", name);
96 | }
97 |
98 | if(0 == strcmp(name, DYLD_INSERT_LIBRARIES)){
99 | iosLogInfo("name=%s -> getenvRetStr=%{public}s", name, getenvRetStr);
100 | getenvRetStr = NULL;
101 | } else {
102 | if (strStartsWith(name, "DYLD_")){
103 | iosLogInfo("name=%s -> getenvRetStr=%{public}s", name, getenvRetStr);
104 | }
105 | }
106 | }
107 |
108 | return getenvRetStr;
109 | }
110 |
111 |
112 | /*==============================================================================
113 | Hook: fork()
114 | ==============================================================================*/
115 |
116 | pid_t fork(void);
117 |
118 | %hookf(int, fork, void){
119 | int retForkValue = FORK_FAILED;
120 | if (cfgHookEnable_misc) {
121 | retForkValue = FORK_FAILED;
122 | } else {
123 | retForkValue = %orig;
124 | }
125 | iosLogInfo("retForkValue=%d", retForkValue);
126 | return retForkValue;
127 | }
128 |
129 |
130 | /*==============================================================================
131 | Anti-Debug: ptrace
132 | ==============================================================================*/
133 |
134 | //#if !defined(PT_DENY_ATTACH)
135 | //#define PT_DENY_ATTACH 31
136 | //#endif // !defined(PT_DENY_ATTACH)
137 | //
138 | //// https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/ptrace.2.html
139 | ////int ptrace(int request, pid_t pid, caddr_t addr, int data);
140 | //
141 | ////%hookf(int, ptrace, int request, pid_t pid, caddr_t addr, int data){
142 | //%hookf(int, _ptrace, int request, pid_t pid, caddr_t addr, int data){
143 | // int ptraceRetValue = PTRACE_FAILED;
144 | // iosLogInfo("request=%d, pid=%d, addr=%p, data=%d", request, pid, addr, data);
145 | // if (PT_DENY_ATTACH == request) {
146 | // ptraceRetValue = PTRACE_OK;
147 | // } else {
148 | // ptraceRetValue = %orig(request, pid, addr, data);
149 | // }
150 | // iosLogInfo("ptraceRetValue=%d", ptraceRetValue);
151 | // return ptraceRetValue;
152 | //}
153 |
154 | /*==============================================================================
155 | Hook: NSClassFromString
156 | ==============================================================================*/
157 |
158 | Class NSClassFromString(NSString *aClassName);
159 |
160 | %hookf(Class, NSClassFromString, NSString *aClassName){
161 | if (NULL == aClassName) {
162 | iosLogInfo("%s", "aClassName is NULL");
163 | }
164 |
165 | id origRet = %orig;
166 |
167 | if (cfgHookEnable_misc) {
168 | // for debug
169 | bool isKnown = false;
170 |
171 | const char* classNameStr = [aClassName UTF8String];
172 | const char* startWithList[] = {
173 | "__NS",
174 | "_NS",
175 | "_UI",
176 | "AC",
177 | "AF",
178 | "AWE",
179 | "AT",
180 | "BD",
181 | "BK",
182 | "BS",
183 | "CJ",
184 | "CM",
185 | "DH",
186 | "FB",
187 | "HM",
188 | "HG",
189 | "HT",
190 | "IE",
191 | "IN", // INCodableAttributeRelationship
192 | "NS",
193 | "PT", // PTYFeatureCore
194 | "QQ",
195 | "RB",
196 | "RT",
197 | "TI", // TIMConversationManager
198 | "TK",
199 | "TT",
200 | "UI",
201 | "VE",
202 | "YY",
203 | };
204 | const int startWithListLen = sizeof(startWithList) / StrPointerSize;
205 | for(int curStrIdx = 0; curStrIdx < startWithListLen; curStrIdx++){
206 | const char* curStartWithStr = startWithList[curStrIdx];
207 | if (strStartsWith(classNameStr, curStartWithStr)) {
208 | isKnown = true;
209 | break;
210 | }
211 | }
212 |
213 | if (!isKnown) {
214 | iosLogInfo("aClassName=%{public}@ -> origRet=%@", aClassName, origRet);
215 | }
216 | }
217 |
218 | return origRet;
219 | }
220 |
221 |
222 | /*==============================================================================
223 | Hook: NSSelectorFromString
224 | ==============================================================================*/
225 |
226 | SEL NSSelectorFromString(NSString *aSelectorName);
227 |
228 | %hookf(SEL, NSSelectorFromString, NSString *aSelectorName){
229 | SEL retSel = NULL;
230 |
231 | if (NULL == aSelectorName) {
232 | iosLogInfo("%s", "aSelectorName is NULL");
233 | } else {
234 | retSel = %orig;
235 | // iosLogInfo("aSelectorName=%{public}@ -> retSel=%@", aSelectorName, retSel); // will error
236 | // iosLogInfo("aSelectorName=%{public}@", aSelectorName); // output too many 3000+ log
237 | }
238 | return retSel;
239 | }
240 |
241 |
242 | /*==============================================================================
243 | Hook: objc_getClass
244 | ==============================================================================*/
245 |
246 | //Class objc_getClass ( const char *name );
247 | // // Note: will cause SUBSTITUTE_ERR_FUNC_BAD_INSN_AT_START and other iOS app run failed
248 | //%hookf(Class, objc_getClass, const char *name){
249 | // id origRetClass = %orig;
250 | // iosLogInfo("name=%s -> origRetClass=%@", name, origRetClass);
251 | // return origRetClass;
252 | //}
253 |
254 | /*==============================================================================
255 | Hook: objc_getProtocol
256 | ==============================================================================*/
257 |
258 | Protocol* objc_getProtocol(const char *name);
259 |
260 | %hookf(Protocol *, objc_getProtocol, const char *name){
261 | Protocol* origRetProtocol = %orig;
262 | iosLogInfo("name=%{public}s -> origRetProtocol=%{public}@", name, origRetProtocol);
263 | return origRetProtocol;
264 | }
265 |
266 | /*==============================================================================
267 | Hook: NSProtocolFromString
268 | ==============================================================================*/
269 |
270 | Protocol * NSProtocolFromString(NSString *namestr);
271 |
272 | %hookf(Protocol *, NSProtocolFromString, NSString *namestr){
273 | Protocol* origRetProtocol = %orig;
274 | iosLogInfo("namestr=%{public}@ -> origRetProtocol=%{public}@", namestr, origRetProtocol);
275 | return origRetProtocol;
276 | }
277 |
278 | /*==============================================================================
279 | Hook: objc_copyImageNames
280 | ==============================================================================*/
281 |
282 | //const char * _Nonnull * objc_copyImageNames(unsigned int *outCount);
283 | const char ** objc_copyImageNames(unsigned int *outCount);
284 |
285 | %hookf(const char **, objc_copyImageNames, unsigned int *outCount){
286 | iosLogInfo("outCount=%p", outCount);
287 | const char** imageList = %orig(outCount);
288 | iosLogInfo("*outCount=%d, imageList=%p", *outCount, imageList);
289 | if (cfgHookEnable_aweme) {
290 | // TODO: add support
291 |
292 | if ((*outCount > 0) && (imageList != NULL)) {
293 | for (int i = 0; i < *outCount; i++) {
294 | const char* curImagePath = imageList[i];
295 | bool isJbPath = isJailbreakPath(curImagePath);
296 | if (isJbPath) {
297 | iosLogInfo("[%d] %s -> isJbPath=%s", i, curImagePath, boolToStr(isJbPath));
298 | }
299 | }
300 | }
301 | }
302 | return imageList;
303 | }
304 |
305 | /*==============================================================================
306 | Hook: debugging embedded.mobileprovision
307 | ==============================================================================*/
308 |
309 | // NSString *embeddedPath = [[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"];
310 | %hook NSBundle
311 |
312 | - (NSString *)pathForResource:(NSString *)name ofType:(NSString *)ext {
313 | NSString* resPath = %orig(name, ext);
314 |
315 | if (cfgHookEnable_aweme) {
316 | if ([ext isEqualToString: @"mobileprovision"]){
317 | iosLogInfo("name=%{public}@, ext=%{public}@ -> resPath=%{public}@", name, ext, resPath);
318 | if ([name isEqualToString: @"embedded"]){
319 | resPath = NULL;
320 | }
321 | }
322 | }
323 |
324 | return resPath;
325 | }
326 |
327 | // https://developer.apple.com/documentation/foundation/nsbundle/1407973-bundlepath
328 | // @property(readonly, copy) NSString *bundlePath;
329 |
330 | - (NSString *)bundlePath {
331 | NSString* origBundlePath = %orig;
332 | BOOL shouldOmit = [origBundlePath containsString: @"Aweme"] || [origBundlePath containsString: @"/System/Library"];
333 | if (!shouldOmit){
334 | iosLogInfo("origBundlePath=%{public}@", origBundlePath);
335 | }
336 | return origBundlePath;
337 | }
338 |
339 | %end
340 |
341 | ///*==============================================================================
342 | // Hook: strcmp
343 | //==============================================================================*/
344 | //
345 | //int strcmp(const char *s1, const char *s2);
346 | //
347 | //// NOTE: !!! will cause app (libsubstitute.dylib`SubHookFunction) crash
348 | //%hookf(int, strcmp, const char *s1, const char *s2){
349 | //// bool isJbLib1 = isJailbreakDylib(s1);
350 | //// if (isJbLib1) {
351 | //// iosLogInfo("isJbPath for s1=%{public}s", s1);
352 | //// }
353 | ////
354 | //// bool isJbLib2 = isJailbreakDylib(s2);
355 | //// if (isJbLib2) {
356 | //// iosLogInfo("isJbPath for s2=%{public}s", s2);
357 | //// }
358 | // int cmpRet = %orig;
359 | // iosLogInfo("s1=%{public}s,s2=%{public}s -> cmpRet=%d", s1, s2, cmpRet);
360 | // return cmpRet;
361 | //}
362 |
363 |
364 | ///*==============================================================================
365 | // objc_getClass
366 | //==============================================================================*/
367 | //
368 | ////Class LSApplicationWorkspace_class = objc_getClass("LSApplicationWorkspace");
369 | //// https://developer.apple.com/documentation/objectivec/1418952-objc_getclass?language=objc
370 | ////id objc_getClass(const char *name);
371 | ///// Xcode Error: Functions that differ only in their return type cannot be overloaded
372 | ///// Run Error: SubstituteLog: SubHookFunction: substitute_hook_functions returned SUBSTITUTE_ERR_FUNC_BAD_INSN_AT_START (0x1921defe0)
373 | //
374 | //%hookf(id, objc_getClass, const char *name){
375 | // id origClass = %orig;
376 | // iosLogInfo("name=%s -> origClass=%{public}@", name, origClass);
377 | // return origClass;
378 | //}
379 |
380 | /*==============================================================================
381 | LSApplicationProxy
382 | ==============================================================================*/
383 |
384 | %hook LSApplicationProxy
385 |
386 | -(NSString *)itemName {
387 | NSString* origItemName = %orig;
388 | iosLogInfo("origItemName=%{public}@", origItemName);
389 | return origItemName;
390 | }
391 |
392 | -(NSString *)vendorName {
393 | NSString* origVendorName = %orig;
394 | iosLogInfo("origVendorName=%{public}@", origVendorName);
395 | return origVendorName;
396 | }
397 |
398 | -(NSString *)localizedName {
399 | NSString* origLocalizedName = %orig;
400 | iosLogInfo("origLocalizedName=%{public}@", origLocalizedName);
401 | return origLocalizedName;
402 | }
403 |
404 | -(NSString *)localizedShortName {
405 | NSString* origLocalizedShortName = %orig;
406 | iosLogInfo("origLocalizedShortName=%{public}@", origLocalizedShortName);
407 | return origLocalizedShortName;
408 | }
409 |
410 | -(id)localizedNameForContext:(id)arg1 {
411 | id origNameForContext = %orig;
412 | iosLogInfo("arg1=%@ -> origNameForContext=%@", arg1, origNameForContext);
413 | return origNameForContext;
414 | }
415 |
416 | -(id)localizedNameForContext:(id)arg1 preferredLocalizations:(id)arg2{
417 | id origNameForContext = %orig;
418 | iosLogInfo("arg1=%@,arg2=%@ -> origNameForContext=%@", arg1, arg2, origNameForContext);
419 | return origNameForContext;
420 | }
421 |
422 | -(id)localizedNameForContext:(id)arg1 preferredLocalizations:(id)arg2 useShortNameOnly:(BOOL)arg3 {
423 | id origNameForContext = %orig;
424 | iosLogInfo("arg1=%@,arg2=%@,arg3=%s -> origNameForContext=%@", arg1, arg2, boolToStr(arg3), origNameForContext);
425 | return origNameForContext;
426 | }
427 |
428 | %end
429 |
430 | /*==============================================================================
431 | LSApplicationWorkspace
432 | ==============================================================================*/
433 |
434 | %hook LSApplicationWorkspace
435 |
436 | +(instancetype)defaultWorkspace {
437 | id defWorkspace = %orig;
438 | iosLogInfo("defWorkspace=%{public}@", defWorkspace);
439 | return defWorkspace;
440 | }
441 |
442 | -(NSArray *)allApplications{
443 | NSArray * allAppList = %orig;
444 | iosLogInfo("allAppList=%{public}@", allAppList);
445 | return allAppList;
446 | }
447 |
448 | -(NSArray *)allInstalledApplications{
449 | NSArray * allInstalledAppList = %orig;
450 | iosLogInfo("allInstalledAppList=%{public}@", allInstalledAppList);
451 | return allInstalledAppList;
452 | }
453 |
454 | -(NSArray *)directionsApplications{
455 | NSArray * directionsAppList = %orig;
456 | iosLogInfo("directionsAppList=%{public}@", directionsAppList);
457 | return directionsAppList;
458 | }
459 |
460 | -(NSArray *)unrestrictedApplications{
461 | NSArray * unrestrictedAppList = %orig;
462 | iosLogInfo("unrestrictedAppList=%{public}@", unrestrictedAppList);
463 | return unrestrictedAppList;
464 | }
465 |
466 |
467 | - (NSArray *)installedApplications{
468 | NSArray * allAppStrList = %orig;
469 | iosLogInfo("allAppStrList=%{public}@", allAppStrList);
470 | return allAppStrList;
471 | }
472 |
473 | %end
474 |
475 | /*==============================================================================
476 | FBApplicationInfo
477 | ==============================================================================*/
478 |
479 | %hook FBApplicationInfo
480 |
481 | -(NSDictionary *)environmentVariables{
482 | NSDictionary* allEnvVarList = %orig;
483 | iosLogInfo("allEnvVarList=%{public}@", allEnvVarList);
484 | return allEnvVarList;
485 | }
486 |
487 | %end
488 |
489 | /*==============================================================================
490 | NSDictionary
491 | ==============================================================================*/
492 |
493 | %hook NSDictionary
494 |
495 | //+ (NSDictionary *)dictionaryWithContentsOfURL:(NSURL *)url error:(NSError * _Nullable *)error{
496 | // NSDictionary* origDict = %orig;
497 | + (NSDictionary *)dictionaryWithContentsOfURL:(NSURL *)url error:(NSError * _Nullable *)error{
498 | NSDictionary* origDict = %orig;
499 | iosLogInfo("url=%{public}@ -> origDict=%{public}@", url, origDict);
500 | return origDict;
501 | }
502 |
503 | %end
504 |
505 |
506 | /*==============================================================================
507 | posix_spawn
508 | ==============================================================================*/
509 |
510 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/posix_spawn.2.html
511 | //int posix_spawn(pid_t *restrict pid, const char *restrict path,
512 | // const posix_spawn_file_actions_t *file_actions,
513 | // const posix_spawnattr_t *restrict attrp, char *const argv[restrict],
514 | // char *const envp[restrict]);
515 | //
516 | //%hookf(int, posix_spawn, pid_t *restrict pid, const char *restrict path,
517 | // const posix_spawn_file_actions_t *file_actions,
518 | // const posix_spawnattr_t *restrict attrp, char *const argv[restrict],
519 | // char *const envp[restrict]){
520 | int posix_spawn(pid_t* pid, const char* path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t* attrp, char *const argv[], char *const envp[]);
521 |
522 | %hookf(int, posix_spawn, pid_t* pid, const char* path, const posix_spawn_file_actions_t* file_actions, const posix_spawnattr_t* attrp, char *const argv[], char *const envp[]){
523 | int spawnRet = %orig;
524 | iosLogInfo("pid=%p,path=%{public}s,file_actions=%p,attrp=%p,argv=%p,envp=%p -> spawnRet=%d", pid, path, file_actions, attrp, argv, envp, spawnRet);
525 | return spawnRet;
526 | }
527 |
528 |
529 | /*==============================================================================
530 | Ctor
531 | ==============================================================================*/
532 |
533 | %ctor
534 | {
535 | @autoreleasepool
536 | {
537 | iosLogInfo("%s, cfgHookEnable_misc=%s", "misc ctor", boolToStr(cfgHookEnable_misc));
538 | }
539 | }
540 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_openFile_iOS.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_openFile_iOS.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import
9 |
10 | #import "CommonConfig.h"
11 | #import "CrifanLibiOS.h"
12 | #import "JailbreakiOS.h"
13 | #import "CrifanLib.h"
14 | #import "JailbreakPathList.h"
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 | #include
26 | #if defined(__clang__)
27 | #if __has_feature(objc_arc)
28 | #define _LOGOS_SELF_TYPE_NORMAL __unsafe_unretained
29 | #define _LOGOS_SELF_TYPE_INIT __attribute__((ns_consumed))
30 | #define _LOGOS_SELF_CONST const
31 | #define _LOGOS_RETURN_RETAINED __attribute__((ns_returns_retained))
32 | #else
33 | #define _LOGOS_SELF_TYPE_NORMAL
34 | #define _LOGOS_SELF_TYPE_INIT
35 | #define _LOGOS_SELF_CONST
36 | #define _LOGOS_RETURN_RETAINED
37 | #endif
38 | #else
39 | #define _LOGOS_SELF_TYPE_NORMAL
40 | #define _LOGOS_SELF_TYPE_INIT
41 | #define _LOGOS_SELF_CONST
42 | #define _LOGOS_RETURN_RETAINED
43 | #endif
44 |
45 | @class NSFileManager; @class NSURL;
46 | static NSArray * (*_logos_orig$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$)(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *, NSError * _Nullable *); static NSArray * _logos_method$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *, NSError * _Nullable *); static BOOL (*_logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$)(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *); static BOOL _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *); static BOOL (*_logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$)(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *, BOOL *); static BOOL _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST, SEL, NSString *, BOOL *); static BOOL (*_logos_orig$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$)(_LOGOS_SELF_TYPE_NORMAL NSURL* _LOGOS_SELF_CONST, SEL, NSError * _Nullable *); static BOOL _logos_method$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$(_LOGOS_SELF_TYPE_NORMAL NSURL* _LOGOS_SELF_CONST, SEL, NSError * _Nullable *);
47 |
48 | #line 23 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_openFile_iOS.xm"
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 | static NSArray * _logos_method$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST __unused self, SEL __unused _cmd, NSString * path, NSError * _Nullable * error) {
81 | iosLogDebug("path=%{public}@, *error=%@", path, ERROR_STR(error));
82 | NSArray * retContentList = NULL;
83 | BOOL isJbPath = FALSE;
84 |
85 | if (cfgHookEnable_openFileiOS) {
86 | if (NULL != path) {
87 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
88 | if (isJbPath){
89 | retContentList = NULL;
90 | } else {
91 |
92 | retContentList = _logos_orig$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$(self, _cmd, path, error);
93 | }
94 | }
95 | } else {
96 | retContentList = _logos_orig$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$(self, _cmd, path, error);
97 | }
98 |
99 |
100 | if (isJbPath){
101 | iosLogInfo("path=%{public}@, *error=%@ -> isJbPath=%{bool}d -> retContentList=%p", path, ERROR_STR(error), isJbPath, retContentList);
102 | }
103 | return retContentList;
104 | }
105 |
106 |
107 | static BOOL _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST __unused self, SEL __unused _cmd, NSString * path) {
108 | iosLogDebug("path=%{public}@", path);
109 | bool isExists = FALSE;
110 | BOOL isJbPath = FALSE;
111 |
112 | if (cfgHookEnable_openFileiOS) {
113 | if (NULL != path){
114 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
115 | if(isJbPath){
116 | isExists = FALSE;
117 | } else{
118 |
119 | isExists = _logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$(self, _cmd, path);
120 | }
121 | }
122 | } else {
123 | isExists = _logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$(self, _cmd, path);
124 | }
125 |
126 |
127 | if (isJbPath){
128 | iosLogInfo("path=%{public}@ -> isJbPath=%s -> isExists=%s", path, boolToStr(isJbPath), boolToStr(isExists));
129 | }
130 |
131 | return isExists;
132 | }
133 |
134 |
135 | static BOOL _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$(_LOGOS_SELF_TYPE_NORMAL NSFileManager* _LOGOS_SELF_CONST __unused self, SEL __unused _cmd, NSString * path, BOOL * isDirectory) {
136 | iosLogDebug("path=%{public}@, isDirectory=%p", path, isDirectory);
137 | BOOL isJbPath = FALSE;
138 | BOOL isExists = FALSE;
139 |
140 | if (cfgHookEnable_openFileiOS) {
141 | if (NULL != path) {
142 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
143 | if(isJbPath){
144 | isExists = FALSE;
145 | } else{
146 |
147 | isExists = _logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$(self, _cmd, path, isDirectory);
148 | }
149 | }
150 | } else {
151 | isExists = _logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$(self, _cmd, path, isDirectory);
152 | }
153 |
154 |
155 | if (isJbPath){
156 | iosLogInfo("path=%{public}@, isDirectory=%p -> isJbPath=%s -> isExists=%s", path, isDirectory, boolToStr(isJbPath), boolToStr(isExists));
157 | }
158 |
159 | return isExists;
160 | }
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 | static BOOL _logos_method$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$(_LOGOS_SELF_TYPE_NORMAL NSURL* _LOGOS_SELF_CONST __unused self, SEL __unused _cmd, NSError * _Nullable * error){
171 | NSString* curUrlStr = [self absoluteString];
172 | iosLogDebug("curUrlStr=%{public}@, error=%p", curUrlStr, error);
173 | BOOL isJbPath = FALSE;
174 | BOOL isReachable = FALSE;
175 |
176 | if (cfgHookEnable_openFileiOS) {
177 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: curUrlStr];
178 | if(isJbPath){
179 | isReachable = FALSE;
180 | } else{
181 |
182 | isReachable = _logos_orig$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$(self, _cmd, error);
183 | }
184 | } else {
185 | isReachable = _logos_orig$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$(self, _cmd, error);
186 | }
187 |
188 |
189 | if (isJbPath) {
190 | iosLogInfo("curUrlStr=%{public}@, error=%p -> isJbPath=%s -> isReachable=%s", curUrlStr, error, boolToStr(isJbPath), boolToStr(isReachable));
191 | }
192 | return isReachable;
193 | }
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 | static __attribute__((constructor)) void _logosLocalCtor_bf822969(int __unused argc, char __unused **argv, char __unused **envp)
202 | {
203 | @autoreleasepool
204 | {
205 | iosLogInfo("%s, cfgHookEnable_openFileiOS=%s", "openFile_iOS ctor", boolToStr(cfgHookEnable_openFileiOS));
206 | }
207 | }
208 | static __attribute__((constructor)) void _logosLocalInit() {
209 | {Class _logos_class$_ungrouped$NSFileManager = objc_getClass("NSFileManager"); { MSHookMessageEx(_logos_class$_ungrouped$NSFileManager, @selector(contentsOfDirectoryAtPath:error:), (IMP)&_logos_method$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$, (IMP*)&_logos_orig$_ungrouped$NSFileManager$contentsOfDirectoryAtPath$error$);}{ MSHookMessageEx(_logos_class$_ungrouped$NSFileManager, @selector(fileExistsAtPath:), (IMP)&_logos_method$_ungrouped$NSFileManager$fileExistsAtPath$, (IMP*)&_logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$);}{ MSHookMessageEx(_logos_class$_ungrouped$NSFileManager, @selector(fileExistsAtPath:isDirectory:), (IMP)&_logos_method$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$, (IMP*)&_logos_orig$_ungrouped$NSFileManager$fileExistsAtPath$isDirectory$);}Class _logos_class$_ungrouped$NSURL = objc_getClass("NSURL"); { MSHookMessageEx(_logos_class$_ungrouped$NSURL, @selector(checkResourceIsReachableAndReturnError:), (IMP)&_logos_method$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$, (IMP*)&_logos_orig$_ungrouped$NSURL$checkResourceIsReachableAndReturnError$);}} }
210 | #line 182 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_openFile_iOS.xm"
211 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_openFile_iOS.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_openFile_iOS.xm
3 | Function: iOS tweak to hook open file of iOS level related function
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 |
9 | #import "CommonConfig.h"
10 | #import "CrifanLibiOS.h"
11 | #import "JailbreakiOS.h"
12 | #import "CrifanLib.h"
13 | #import "JailbreakPathList.h"
14 |
15 | /*==============================================================================
16 | Hook: NSFileManager
17 | ==============================================================================*/
18 |
19 | //@interface NSFileManager (TweakMethods)
20 | //+ (BOOL) isJailbreakPath_iOS: (NSString*)curPath;
21 | //@end
22 |
23 | %hook NSFileManager
24 |
25 | ///* Common Util Function */
26 | //
27 | //%new
28 | //+ (BOOL) isJailbreakPath_iOS: (NSString*)curPath{
29 | ////- (BOOL) isJailbreakPath_iOS: (NSString*)curPath{
30 | // BOOL isJbPath = FALSE;
31 | //
32 | // if (NULL != curPath){
33 | // const char* curPathStr = [curPath UTF8String];
34 | //// isJbPath = isJailbreakPath(curPathStr);
35 | // const char* FILE_PREFIX = "file://";
36 | //
37 | //// const char* pathNoFilePrefix = removeHead(curPathStr, FILE_PREFIX);
38 | // char* toFreePtr = NULL;
39 | // const char* pathNoFilePrefix = removeHead(curPathStr, FILE_PREFIX, &toFreePtr);
40 | //
41 | // isJbPath = isJailbreakPath(pathNoFilePrefix);
42 | //
43 | //// free(pathNoFilePrefix);
44 | //// if (NULL != toFreePtr) {
45 | // iosLogDebug("now to free: toFreePtr=%p", toFreePtr);
46 | // free(toFreePtr);
47 | //// }
48 | // }
49 | // iosLogDebug("curPath=%{public}@ -> isJbPath=%s", curPath, boolToStr(isJbPath));
50 | // return isJbPath;
51 | //}
52 |
53 | - (NSArray *)contentsOfDirectoryAtPath:(NSString *)path error:(NSError * _Nullable *)error
54 | {
55 | iosLogDebug("path=%{public}@, *error=%@", path, ERROR_STR(error));
56 | NSArray * retContentList = NULL;
57 | BOOL isJbPath = FALSE;
58 |
59 | if (cfgHookEnable_openFileiOS) {
60 | if (NULL != path) {
61 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
62 | if (isJbPath){
63 | retContentList = NULL;
64 | } else {
65 | // retContentList = %orig(path, error);
66 | retContentList = %orig;
67 | }
68 | }
69 | } else {
70 | retContentList = %orig;
71 | }
72 |
73 | // for debug
74 | if (isJbPath){
75 | iosLogInfo("path=%{public}@, *error=%@ -> isJbPath=%{bool}d -> retContentList=%p", path, ERROR_STR(error), isJbPath, retContentList);
76 | }
77 | return retContentList;
78 | }
79 |
80 | - (BOOL)fileExistsAtPath:(NSString *)path
81 | {
82 | iosLogDebug("path=%{public}@", path);
83 | bool isExists = FALSE;
84 | BOOL isJbPath = FALSE;
85 |
86 | if (cfgHookEnable_openFileiOS) {
87 | if (NULL != path){
88 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
89 | if(isJbPath){
90 | isExists = FALSE;
91 | } else{
92 | // isExists = %orig(path);
93 | isExists = %orig;
94 | }
95 | }
96 | } else {
97 | isExists = %orig;
98 | }
99 |
100 | // for debug
101 | if (isJbPath){
102 | iosLogInfo("path=%{public}@ -> isJbPath=%s -> isExists=%s", path, boolToStr(isJbPath), boolToStr(isExists));
103 | }
104 |
105 | return isExists;
106 | }
107 |
108 | - (BOOL)fileExistsAtPath:(NSString *)path isDirectory:(BOOL *)isDirectory
109 | {
110 | iosLogDebug("path=%{public}@, isDirectory=%p", path, isDirectory);
111 | BOOL isJbPath = FALSE;
112 | BOOL isExists = FALSE;
113 |
114 | if (cfgHookEnable_openFileiOS) {
115 | if (NULL != path) {
116 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: path];
117 | if(isJbPath){
118 | isExists = FALSE;
119 | } else{
120 | // isExists = %orig(path, isDirectory);
121 | isExists = %orig;
122 | }
123 | }
124 | } else {
125 | isExists = %orig;
126 | }
127 |
128 | // for debug
129 | if (isJbPath){
130 | iosLogInfo("path=%{public}@, isDirectory=%p -> isJbPath=%s -> isExists=%s", path, isDirectory, boolToStr(isJbPath), boolToStr(isExists));
131 | }
132 |
133 | return isExists;
134 | }
135 |
136 | %end
137 |
138 | /*==============================================================================
139 | Hook: NSURL
140 | ==============================================================================*/
141 |
142 | %hook NSURL
143 |
144 | - (BOOL)checkResourceIsReachableAndReturnError:(NSError * _Nullable *)error{
145 | NSString* curUrlStr = [self absoluteString];
146 | iosLogDebug("curUrlStr=%{public}@, error=%p", curUrlStr, error);
147 | BOOL isJbPath = FALSE;
148 | BOOL isReachable = FALSE;
149 |
150 | if (cfgHookEnable_openFileiOS) {
151 | isJbPath = [JailbreakiOS isJailbreakPath_iOS: curUrlStr];
152 | if(isJbPath){
153 | isReachable = FALSE;
154 | } else{
155 | // isReachable = %orig(error);
156 | isReachable = %orig;
157 | }
158 | } else {
159 | isReachable = %orig;
160 | }
161 |
162 | // for debug
163 | if (isJbPath) {
164 | iosLogInfo("curUrlStr=%{public}@, error=%p -> isJbPath=%s -> isReachable=%s", curUrlStr, error, boolToStr(isJbPath), boolToStr(isReachable));
165 | }
166 | return isReachable;
167 | }
168 |
169 | %end
170 |
171 | /*==============================================================================
172 | Ctor
173 | ==============================================================================*/
174 |
175 | %ctor
176 | {
177 | @autoreleasepool
178 | {
179 | iosLogInfo("%s, cfgHookEnable_openFileiOS=%s", "openFile_iOS ctor", boolToStr(cfgHookEnable_openFileiOS));
180 | }
181 | }
182 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_syscall.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_syscall.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import
9 |
10 | #import "CommonConfig.h"
11 | #import "CrifanLibiOS.h"
12 | #import "CrifanLib.h"
13 | #import "JailbreakPathList.h"
14 |
15 |
16 |
17 |
18 |
19 | #if !defined(PT_DENY_ATTACH)
20 | #define PT_DENY_ATTACH 31
21 | #endif
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 | int syscall(int, ...);
38 |
39 |
40 |
41 | int MaxSupportArgNum_syscall = 16;
42 |
43 |
44 | #include
45 | #if defined(__clang__)
46 | #if __has_feature(objc_arc)
47 | #define _LOGOS_SELF_TYPE_NORMAL __unsafe_unretained
48 | #define _LOGOS_SELF_TYPE_INIT __attribute__((ns_consumed))
49 | #define _LOGOS_SELF_CONST const
50 | #define _LOGOS_RETURN_RETAINED __attribute__((ns_returns_retained))
51 | #else
52 | #define _LOGOS_SELF_TYPE_NORMAL
53 | #define _LOGOS_SELF_TYPE_INIT
54 | #define _LOGOS_SELF_CONST
55 | #define _LOGOS_RETURN_RETAINED
56 | #endif
57 | #else
58 | #define _LOGOS_SELF_TYPE_NORMAL
59 | #define _LOGOS_SELF_TYPE_INIT
60 | #define _LOGOS_SELF_CONST
61 | #define _LOGOS_RETURN_RETAINED
62 | #endif
63 |
64 |
65 |
66 |
67 | #line 42 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_syscall.xm"
68 | __unused static int (*_logos_orig$_ungrouped$syscall)(int number, ...); __unused static int _logos_function$_ungrouped$syscall(int number, ...){
69 | iosLogDebug("number=%d", number);
70 |
71 | int syscallRetValue = -1;
72 |
73 |
74 | void *paraPtr, *paraList[MaxSupportArgNum_syscall];
75 |
76 | va_list argList;
77 | int curParaNum = 0;
78 |
79 | if (cfgHookEnable_syscall) {
80 |
81 | bool isFork = (SYS_fork == number);
82 | if (isFork){
83 | iosLogInfo("number=%d -> return %d", number, FORK_FAILED);
84 | return FORK_FAILED;
85 | }
86 |
87 |
88 | bool isOpen = (SYS_open == number);
89 | if (isOpen){
90 |
91 |
92 |
93 |
94 |
95 |
96 | va_start(argList, number);
97 | const char * fisrtPath = va_arg(argList, const char *);
98 | int secondFlags = va_arg(argList, int);
99 |
100 | mode_t thirdMode = (mode_t)va_arg(argList, unsigned int);
101 | va_end(argList);
102 | iosLogDebug("fisrtPath=%{public}s, secondFlags=%d, thirdMode=%d", fisrtPath, secondFlags, thirdMode);
103 |
104 | bool isJbPath = isJailbreakPath(fisrtPath);
105 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
106 | if (isJbPath){
107 | errno = ENOENT;
108 | iosLogDebug("set errno=%d", errno);
109 | syscallRetValue = OPEN_FAILED;
110 | } else {
111 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fisrtPath, secondFlags, thirdMode);
112 | }
113 | iosLogInfo("SYS_open: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
114 | return syscallRetValue;
115 | }
116 |
117 |
118 | bool isPtrace = (SYS_ptrace == number);
119 | if (isPtrace){
120 |
121 |
122 | va_start(argList, number);
123 | int request = va_arg(argList, int);
124 | int pid = va_arg(argList, int);
125 | char* addr = va_arg(argList, char*);
126 | int data = va_arg(argList, int);
127 | va_end(argList);
128 |
129 | iosLogInfo("request=%d, pid=%d, addr=%p, data=%d", request, pid, addr, data);
130 |
131 | if (PT_DENY_ATTACH == request){
132 | syscallRetValue = PTRACE_FAILED;
133 | } else {
134 | syscallRetValue = _logos_orig$_ungrouped$syscall(request, pid, addr, data);
135 | }
136 |
137 | iosLogInfo("SYS_ptrace: request=%d, pid=%d, addr=%p, data=%d -> syscallRetValue=%d", request, pid, addr, data, syscallRetValue);
138 | return syscallRetValue;
139 | }
140 |
141 |
142 | bool isAccess = (SYS_access == number);
143 | if (isAccess) {
144 |
145 | va_start(argList, number);
146 | const char* path = va_arg(argList, const char *);
147 | int amode = va_arg(argList, int);
148 | va_end(argList);
149 |
150 | iosLogDebug("isAccess=%{bool}d, path=%{public}s, amode=0x%x", isAccess, path, amode);
151 |
152 | bool isJbPath = isJailbreakPath(path);
153 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
154 | if (isJbPath){
155 | syscallRetValue = ACCESS_FAILED;
156 | } else {
157 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, path, amode);
158 | }
159 | iosLogInfo("SYS_access: number=%d -> path=%{public}s, amode=0x%x -> isJbPath=%{bool}d -> syscallRetValue=%d", number, path, amode, isJbPath, syscallRetValue);
160 | return syscallRetValue;
161 | }
162 |
163 |
164 | bool isStatfs = (SYS_statfs == number);
165 | if (isStatfs) {
166 |
167 | va_start(argList, number);
168 | const char* path = va_arg(argList, const char *);
169 | struct stat* buf = va_arg(argList, struct stat*);
170 | va_end(argList);
171 |
172 | iosLogDebug("isStatfs=%{bool}d, path=%{public}s, buf=%p", isStatfs, path, buf);
173 |
174 | bool isJbPath = isJailbreakPath(path);
175 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
176 | if (isJbPath){
177 | syscallRetValue = STATFS_FAILED;
178 | } else {
179 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, path, buf);
180 | }
181 | iosLogInfo("SYS_statfs: number=%d -> path=%{public}s, buf=%p -> isJbPath=%{bool}d -> syscallRetValue=%d", number, path, buf, isJbPath, syscallRetValue);
182 | return syscallRetValue;
183 | }
184 |
185 |
186 | bool isFstatfs = (SYS_fstatfs == number);
187 | if (isFstatfs) {
188 | bool isGetPathOk = false;
189 | bool isJbPath = false;
190 | char parsedPath[PATH_MAX];
191 | memset(parsedPath, 0, PATH_MAX);
192 |
193 |
194 | va_start(argList, number);
195 | int fd = va_arg(argList, int);
196 | struct stat* buf = va_arg(argList, struct stat*);
197 | va_end(argList);
198 |
199 | iosLogDebug("isFstatfs=%{bool}d, fd=%d, buf=%p", isFstatfs, fd, buf);
200 |
201 | isGetPathOk = getFilePath(fd, parsedPath);
202 | iosLogDebug("isGetPathOk=%s, parsedPath=%s", boolToStr(isGetPathOk), parsedPath);
203 | if (isGetPathOk) {
204 | isJbPath = isJailbreakPath(parsedPath);
205 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
206 |
207 | if (isJbPath){
208 | syscallRetValue = STATFS_FAILED;
209 | } else {
210 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fd, buf);
211 | }
212 | } else {
213 |
214 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fd, buf);
215 | }
216 |
217 | iosLogInfo("SYS_fstatfs: number=%d -> fd=%d, buf=%p -> isJbPath=%{bool}d -> syscallRetValue=%d", number, fd, buf, isJbPath, syscallRetValue);
218 | return syscallRetValue;
219 | }
220 |
221 |
222 |
223 | bool isStat = (SYS_stat == number);
224 | bool isStat64 = (SYS_stat64 == number);
225 | if (isStat || isStat64){
226 |
227 |
228 | va_start(argList, number);
229 | const char * fisrtPath = va_arg(argList, const char *);
230 | void *secondStat = va_arg(argList, void *);
231 | va_end(argList);
232 |
233 | iosLogDebug("isStat=%{bool}d, isStat64=%{BOOL}d, fisrtPath=%{public}s, secondStat=%p", isStat, isStat64, fisrtPath, secondStat);
234 |
235 | bool isJbPath = isJailbreakPath(fisrtPath);
236 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
237 | if (isJbPath){
238 | syscallRetValue = OPEN_FAILED;
239 | } else {
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fisrtPath, secondStat);
248 | }
249 | iosLogInfo("SYS_stat/SYS_stat64: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
250 | return syscallRetValue;
251 | }
252 |
253 |
254 | bool isFstat = (SYS_fstat == number);
255 | if (isFstat) {
256 | bool isGetPathOk = false;
257 | bool isJbPath = false;
258 | char parsedPath[PATH_MAX];
259 | memset(parsedPath, 0, PATH_MAX);
260 |
261 |
262 | va_start(argList, number);
263 | int fd = va_arg(argList, int);
264 | struct stat* buf = (struct stat*)va_arg(argList, void *);
265 | va_end(argList);
266 |
267 | iosLogDebug("isFstat=%{bool}d, fd=%d, buf=%p", isFstat, fd, buf);
268 |
269 | isGetPathOk = getFilePath(fd, parsedPath);
270 | iosLogDebug("isGetPathOk=%{bool}d, parsedPath=%s", isGetPathOk, parsedPath);
271 | if (isGetPathOk) {
272 | isJbPath = isJailbreakPath(parsedPath);
273 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
274 |
275 | if (isJbPath){
276 | syscallRetValue = STAT_FAILED;
277 | } else {
278 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fd, buf);
279 | }
280 | } else {
281 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fd, buf);
282 | }
283 |
284 | iosLogInfo("SYS_fstat: number=%d -> fd=%d -> isGetPathOk=%{bool}d, parsedPath=%{public}s -> isJbPath=%{bool}d -> syscallRetValue=%d", number, fd, isGetPathOk, parsedPath, isJbPath, syscallRetValue);
285 | return syscallRetValue;
286 | }
287 |
288 |
289 | bool isLstat = (SYS_lstat == number);
290 | if (isLstat) {
291 |
292 | va_start(argList, number);
293 | const char* fisrtPath = va_arg(argList, const char *);
294 | struct stat* secondBuf = (struct stat*)va_arg(argList, void *);
295 | va_end(argList);
296 |
297 | iosLogDebug("isLstat=%{bool}d, fisrtPath=%{public}s, secondBuf=%p", isLstat, fisrtPath, secondBuf);
298 |
299 | bool isJbPath = isJailbreakPath(fisrtPath);
300 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
301 | if (isJbPath){
302 | syscallRetValue = STAT_FAILED;
303 | } else {
304 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, fisrtPath, secondBuf);
305 | }
306 | iosLogInfo("SYS_lstat: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
307 | return syscallRetValue;
308 | }
309 |
310 |
311 | bool isFstatat = (SYS_fstatat == number);
312 | if (isFstatat) {
313 | bool isJbPath = false;
314 |
315 |
316 | va_start(argList, number);
317 | int dirfd = va_arg(argList, int);
318 | const char *pathname = (const char *)va_arg(argList, void *);
319 | struct stat *buf = (struct stat*)va_arg(argList, void *);
320 | int flags = va_arg(argList, int);
321 | va_end(argList);
322 |
323 | iosLogDebug("isFstatat=%{bool}d, dirfd=%d, pathname=%{public}s, buf=%p, flags=%d", isFstatat, dirfd, pathname, buf, flags);
324 |
325 | const char* absPath = NULL;
326 | bool isAbsPath = strStartsWith(pathname, "/");
327 | iosLogDebug("isAbsPath=%{bool}d", isAbsPath);
328 | if (isAbsPath) {
329 | absPath = pathname;
330 | } else {
331 |
332 | if (dirfd == AT_FDCWD){
333 | iosLogDebug("dirfd is AT_FDCWD=%d", AT_FDCWD);
334 |
335 |
336 |
337 |
338 |
339 |
340 | } else {
341 |
342 | char filePath[PATH_MAX];
343 | bool isGetPathOk = getFilePath(dirfd, filePath);
344 | iosLogDebug("isGetPathOk=%s", boolToStr(isGetPathOk));
345 | if (isGetPathOk) {
346 | char* fullPath = strPathJoin(filePath, pathname)
347 | iosLogDebug("fullPath=%{public}s", fullPath);
348 | absPath = fullPath;
349 | }
350 | }
351 | }
352 |
353 | if (NULL != absPath){
354 | isJbPath = isJailbreakPath(absPath);
355 | iosLogDebug("absPath=%{public}s -> isJbPath=%{bool}d", absPath, isJbPath);
356 | if (isJbPath) {
357 | iosLogDebug("hook jailbreak path: %s", absPath);
358 | syscallRetValue = STATFS_FAILED;
359 | } else {
360 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, dirfd, pathname, buf, flags);
361 | }
362 | } else {
363 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, dirfd, pathname, buf, flags);
364 | }
365 |
366 | iosLogInfo("SYS_fstatat: number=%d -> dirfd=%d, pathname=%{public}s, buf=%p, flags=0x%x -> isJbPath=%{bool}d -> syscallRetValue=%d", number, dirfd, pathname, buf, flags, isJbPath, syscallRetValue);
367 | return syscallRetValue;
368 | }
369 |
370 | }
371 |
372 | va_start(argList, number);
373 | while ((paraPtr = (void *) va_arg(argList, void *))) {
374 |
375 | paraList[curParaNum] = paraPtr;
376 | curParaNum += 1;
377 | iosLogDebug("[%d] paraPtr=%p", curParaNum, paraPtr);
378 | }
379 | va_end(argList);
380 |
381 |
382 | iosLogDebug("curParaNum=%d", curParaNum);
383 |
384 |
385 |
386 |
387 |
388 |
389 |
390 |
391 |
392 |
393 | int paraNum = curParaNum;
394 |
395 | if (0 == paraNum){
396 | syscallRetValue = _logos_orig$_ungrouped$syscall(number);
397 | } else if (1 == paraNum){
398 | void* para1 = paraList[0];
399 | iosLogDebug("para1=%p", para1);
400 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1);
401 | } else if (2 == paraNum){
402 | void* para1 = paraList[0];
403 | void* para2 = paraList[1];
404 | iosLogDebug("para1=%p,para2=%p", para1, para2);
405 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2);
406 | } else if (3 == paraNum){
407 | void* para1 = paraList[0];
408 | void* para2 = paraList[1];
409 | void* para3 = paraList[2];
410 | iosLogDebug("para1=%p,para2=%p,para3=%p", para1, para2, para3);
411 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3);
412 | } else if (4 == paraNum){
413 | void* para1 = paraList[0];
414 | void* para2 = paraList[1];
415 | void* para3 = paraList[2];
416 | void* para4 = paraList[3];
417 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p", para1, para2, para3, para4);
418 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4);
419 | } else if (5 == paraNum){
420 | void* para1 = paraList[0];
421 | void* para2 = paraList[1];
422 | void* para3 = paraList[2];
423 | void* para4 = paraList[3];
424 | void* para5 = paraList[4];
425 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p", para1, para2, para3, para4, para5);
426 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4, para5);
427 | } else if (6 == paraNum){
428 | void* para1 = paraList[0];
429 | void* para2 = paraList[1];
430 | void* para3 = paraList[2];
431 | void* para4 = paraList[3];
432 | void* para5 = paraList[4];
433 | void* para6 = paraList[5];
434 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p", para1, para2, para3, para4, para5, para6);
435 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4, para5, para6);
436 | } else if (7 == paraNum){
437 | void* para1 = paraList[0];
438 | void* para2 = paraList[1];
439 | void* para3 = paraList[2];
440 | void* para4 = paraList[3];
441 | void* para5 = paraList[4];
442 | void* para6 = paraList[5];
443 | void* para7 = paraList[6];
444 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p", para1, para2, para3, para4, para5, para6, para7);
445 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4, para5, para6, para7);
446 | } else if (8 == paraNum){
447 | void* para1 = paraList[0];
448 | void* para2 = paraList[1];
449 | void* para3 = paraList[2];
450 | void* para4 = paraList[3];
451 | void* para5 = paraList[4];
452 | void* para6 = paraList[5];
453 | void* para7 = paraList[6];
454 | void* para8 = paraList[7];
455 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p,para8=%p", para1, para2, para3, para4, para5, para6, para7, para8);
456 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4, para5, para6, para7, para8);
457 | } else if (9 == paraNum){
458 | void* para1 = paraList[0];
459 | void* para2 = paraList[1];
460 | void* para3 = paraList[2];
461 | void* para4 = paraList[3];
462 | void* para5 = paraList[4];
463 | void* para6 = paraList[5];
464 | void* para7 = paraList[6];
465 | void* para8 = paraList[7];
466 | void* para9 = paraList[8];
467 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p,para8=%p,para9=%p", para1, para2, para3, para4, para5, para6, para7, para8, para9);
468 | syscallRetValue = _logos_orig$_ungrouped$syscall(number, para1, para2, para3, para4, para5, para6, para7, para8, para9);
469 | }
470 |
471 | iosLogInfo("number=%d -> syscallRetValue=%d", number, syscallRetValue);
472 | return syscallRetValue;
473 | }
474 |
475 |
476 |
477 |
478 |
479 | static __attribute__((constructor)) void _logosLocalCtor_9431c87f(int __unused argc, char __unused **argv, char __unused **envp)
480 | {
481 | @autoreleasepool
482 | {
483 | iosLogInfo("%s, cfgHookEnable_syscall=%s", "syscall ctor", boolToStr(cfgHookEnable_syscall));
484 | }
485 | }
486 | static __attribute__((constructor)) void _logosLocalInit() {
487 | {void * _logos_symbol$_ungrouped$syscall = (void *)syscall; MSHookFunction((void *)_logos_symbol$_ungrouped$syscall, (void *)&_logos_function$_ungrouped$syscall, (void **)&_logos_orig$_ungrouped$syscall);} }
488 | #line 460 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_syscall.xm"
489 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_syscall.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_syscall.xm
3 | Function: iOS tweak to hook syscall
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 |
9 | #import "CommonConfig.h"
10 | #import "CrifanLibiOS.h"
11 | #import "CrifanLib.h"
12 | #import "JailbreakPathList.h"
13 |
14 | /*==============================================================================
15 | Define
16 | ==============================================================================*/
17 |
18 | #if !defined(PT_DENY_ATTACH)
19 | #define PT_DENY_ATTACH 31
20 | #endif // !defined(PT_DENY_ATTACH)
21 |
22 | /*==============================================================================
23 | Const
24 | ==============================================================================*/
25 |
26 | /*==============================================================================
27 | Hook: syscall()
28 | ==============================================================================*/
29 |
30 | /*
31 | https://www.theiphonewiki.com/wiki/Kernel_Syscalls
32 | TODO: support syscall(access_extended)
33 | */
34 |
35 |
36 | int syscall(int, ...);
37 |
38 | // normally max number of syscall parameter is not exceed 8
39 | // refer: https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/kern/syscalls.master
40 | int MaxSupportArgNum_syscall = 16;
41 |
42 | %hookf(int, syscall, int number, ...){
43 | iosLogDebug("number=%d", number);
44 |
45 | int syscallRetValue = -1;
46 |
47 | // Setting up some variables to get all the parameters from syscall
48 | void *paraPtr, *paraList[MaxSupportArgNum_syscall];
49 | // char *paraPtr, *paraList[MaxSupportArgNum_syscall];
50 | va_list argList;
51 | int curParaNum = 0;
52 |
53 | if (cfgHookEnable_syscall) {
54 | // #define SYS_fork 2
55 | bool isFork = (SYS_fork == number);
56 | if (isFork){
57 | iosLogInfo("number=%d -> return %d", number, FORK_FAILED);
58 | return FORK_FAILED;
59 | }
60 |
61 | // #define SYS_open 5
62 | bool isOpen = (SYS_open == number);
63 | if (isOpen){
64 | //int open(const char *path, int oflag, ...);
65 | // ->
66 | // int open(const char *pathname, int flags);
67 | // int open(const char *pathname, int flags, mode_t mode);
68 |
69 | //5 AUE_OPEN_RWTC ALL { int open(user_addr_t path, int flags, int mode) NO_SYSCALL_STUB; }
70 | va_start(argList, number);
71 | const char * fisrtPath = va_arg(argList, const char *);
72 | int secondFlags = va_arg(argList, int);
73 | // mode_t thirdMode = va_arg(argList, mode_t);
74 | mode_t thirdMode = (mode_t)va_arg(argList, unsigned int);
75 | va_end(argList);
76 | iosLogDebug("fisrtPath=%{public}s, secondFlags=%d, thirdMode=%d", fisrtPath, secondFlags, thirdMode);
77 |
78 | bool isJbPath = isJailbreakPath(fisrtPath);
79 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
80 | if (isJbPath){
81 | errno = ENOENT;
82 | iosLogDebug("set errno=%d", errno);
83 | syscallRetValue = OPEN_FAILED;
84 | } else {
85 | syscallRetValue = %orig(number, fisrtPath, secondFlags, thirdMode);
86 | }
87 | iosLogInfo("SYS_open: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
88 | return syscallRetValue;
89 | }
90 |
91 | // #define SYS_ptrace 26
92 | bool isPtrace = (SYS_ptrace == number);
93 | if (isPtrace){
94 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/ptrace.2.html
95 | // int ptrace(int request, pid_t pid, caddr_t addr, int data);
96 | va_start(argList, number);
97 | int request = va_arg(argList, int);
98 | int pid = va_arg(argList, int);
99 | char* addr = va_arg(argList, char*);
100 | int data = va_arg(argList, int);
101 | va_end(argList);
102 |
103 | iosLogInfo("request=%d, pid=%d, addr=%p, data=%d", request, pid, addr, data);
104 |
105 | if (PT_DENY_ATTACH == request){
106 | syscallRetValue = PTRACE_FAILED;
107 | } else {
108 | syscallRetValue = %orig(request, pid, addr, data);
109 | }
110 |
111 | iosLogInfo("SYS_ptrace: request=%d, pid=%d, addr=%p, data=%d -> syscallRetValue=%d", request, pid, addr, data, syscallRetValue);
112 | return syscallRetValue;
113 | }
114 |
115 | // #define SYS_access 33
116 | bool isAccess = (SYS_access == number);
117 | if (isAccess) {
118 | // int access(const char *path, int amode);
119 | va_start(argList, number);
120 | const char* path = va_arg(argList, const char *);
121 | int amode = va_arg(argList, int);
122 | va_end(argList);
123 |
124 | iosLogDebug("isAccess=%{bool}d, path=%{public}s, amode=0x%x", isAccess, path, amode);
125 |
126 | bool isJbPath = isJailbreakPath(path);
127 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
128 | if (isJbPath){
129 | syscallRetValue = ACCESS_FAILED;
130 | } else {
131 | syscallRetValue = %orig(number, path, amode);
132 | }
133 | iosLogInfo("SYS_access: number=%d -> path=%{public}s, amode=0x%x -> isJbPath=%{bool}d -> syscallRetValue=%d", number, path, amode, isJbPath, syscallRetValue);
134 | return syscallRetValue;
135 | }
136 |
137 | // #define SYS_statfs 157
138 | bool isStatfs = (SYS_statfs == number);
139 | if (isStatfs) {
140 | // int statfs(const char *path, struct statfs *buf);
141 | va_start(argList, number);
142 | const char* path = va_arg(argList, const char *);
143 | struct stat* buf = va_arg(argList, struct stat*);
144 | va_end(argList);
145 |
146 | iosLogDebug("isStatfs=%{bool}d, path=%{public}s, buf=%p", isStatfs, path, buf);
147 |
148 | bool isJbPath = isJailbreakPath(path);
149 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
150 | if (isJbPath){
151 | syscallRetValue = STATFS_FAILED;
152 | } else {
153 | syscallRetValue = %orig(number, path, buf);
154 | }
155 | iosLogInfo("SYS_statfs: number=%d -> path=%{public}s, buf=%p -> isJbPath=%{bool}d -> syscallRetValue=%d", number, path, buf, isJbPath, syscallRetValue);
156 | return syscallRetValue;
157 | }
158 |
159 | // #define SYS_fstatfs 158
160 | bool isFstatfs = (SYS_fstatfs == number);
161 | if (isFstatfs) {
162 | bool isGetPathOk = false;
163 | bool isJbPath = false;
164 | char parsedPath[PATH_MAX];
165 | memset(parsedPath, 0, PATH_MAX);
166 |
167 | // int fstatfs(int fd, struct statfs *buf);
168 | va_start(argList, number);
169 | int fd = va_arg(argList, int);
170 | struct stat* buf = va_arg(argList, struct stat*);
171 | va_end(argList);
172 |
173 | iosLogDebug("isFstatfs=%{bool}d, fd=%d, buf=%p", isFstatfs, fd, buf);
174 |
175 | isGetPathOk = getFilePath(fd, parsedPath);
176 | iosLogDebug("isGetPathOk=%s, parsedPath=%s", boolToStr(isGetPathOk), parsedPath);
177 | if (isGetPathOk) {
178 | isJbPath = isJailbreakPath(parsedPath);
179 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
180 |
181 | if (isJbPath){
182 | syscallRetValue = STATFS_FAILED;
183 | } else {
184 | syscallRetValue = %orig(number, fd, buf);
185 | }
186 | } else {
187 | // can not get path -> can not check is jailbreak or not -> not hook
188 | syscallRetValue = %orig(number, fd, buf);
189 | }
190 |
191 | iosLogInfo("SYS_fstatfs: number=%d -> fd=%d, buf=%p -> isJbPath=%{bool}d -> syscallRetValue=%d", number, fd, buf, isJbPath, syscallRetValue);
192 | return syscallRetValue;
193 | }
194 |
195 | // #define SYS_stat 188
196 | // #define SYS_stat64 338
197 | bool isStat = (SYS_stat == number);
198 | bool isStat64 = (SYS_stat64 == number);
199 | if (isStat || isStat64){
200 | //int stat(const char *, struct stat *) __DARWIN_INODE64(stat);
201 | //int stat64(const char *, struct stat64 *) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_5, __MAC_10_6, __IPHONE_NA, __IPHONE_NA);
202 | va_start(argList, number);
203 | const char * fisrtPath = va_arg(argList, const char *);
204 | void *secondStat = va_arg(argList, void *);
205 | va_end(argList);
206 |
207 | iosLogDebug("isStat=%{bool}d, isStat64=%{BOOL}d, fisrtPath=%{public}s, secondStat=%p", isStat, isStat64, fisrtPath, secondStat);
208 |
209 | bool isJbPath = isJailbreakPath(fisrtPath);
210 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
211 | if (isJbPath){
212 | syscallRetValue = OPEN_FAILED;
213 | } else {
214 | // if (isStat){
215 | // struct stat *statInfo = (struct stat *)secondStat;
216 | // syscallRetValue = %orig(number, fisrtPath, statInfo);
217 | // } else if(isStat64){
218 | // struct stat64 *stat64Info = (struct stat64 *)secondStat;
219 | // syscallRetValue = %orig(number, fisrtPath, stat64Info);
220 | // }
221 | syscallRetValue = %orig(number, fisrtPath, secondStat);
222 | }
223 | iosLogInfo("SYS_stat/SYS_stat64: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
224 | return syscallRetValue;
225 | }
226 |
227 | // #define SYS_fstat 189
228 | bool isFstat = (SYS_fstat == number);
229 | if (isFstat) {
230 | bool isGetPathOk = false;
231 | bool isJbPath = false;
232 | char parsedPath[PATH_MAX];
233 | memset(parsedPath, 0, PATH_MAX);
234 |
235 | // int fstat(int fd, struct stat *buf);
236 | va_start(argList, number);
237 | int fd = va_arg(argList, int);
238 | struct stat* buf = (struct stat*)va_arg(argList, void *);
239 | va_end(argList);
240 |
241 | iosLogDebug("isFstat=%{bool}d, fd=%d, buf=%p", isFstat, fd, buf);
242 |
243 | isGetPathOk = getFilePath(fd, parsedPath);
244 | iosLogDebug("isGetPathOk=%{bool}d, parsedPath=%s", isGetPathOk, parsedPath);
245 | if (isGetPathOk) {
246 | isJbPath = isJailbreakPath(parsedPath);
247 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
248 |
249 | if (isJbPath){
250 | syscallRetValue = STAT_FAILED;
251 | } else {
252 | syscallRetValue = %orig(number, fd, buf);
253 | }
254 | } else {
255 | syscallRetValue = %orig(number, fd, buf);
256 | }
257 |
258 | iosLogInfo("SYS_fstat: number=%d -> fd=%d -> isGetPathOk=%{bool}d, parsedPath=%{public}s -> isJbPath=%{bool}d -> syscallRetValue=%d", number, fd, isGetPathOk, parsedPath, isJbPath, syscallRetValue);
259 | return syscallRetValue;
260 | }
261 |
262 | // #define SYS_lstat 190
263 | bool isLstat = (SYS_lstat == number);
264 | if (isLstat) {
265 | // int lstat(const char* path, struct stat* buf);
266 | va_start(argList, number);
267 | const char* fisrtPath = va_arg(argList, const char *);
268 | struct stat* secondBuf = (struct stat*)va_arg(argList, void *);
269 | va_end(argList);
270 |
271 | iosLogDebug("isLstat=%{bool}d, fisrtPath=%{public}s, secondBuf=%p", isLstat, fisrtPath, secondBuf);
272 |
273 | bool isJbPath = isJailbreakPath(fisrtPath);
274 | iosLogDebug("isJbPath=%{bool}d", isJbPath);
275 | if (isJbPath){
276 | syscallRetValue = STAT_FAILED;
277 | } else {
278 | syscallRetValue = %orig(number, fisrtPath, secondBuf);
279 | }
280 | iosLogInfo("SYS_lstat: number=%d -> isJbPath=%{bool}d, fisrtPath=%{public}s -> syscallRetValue=%d", number, isJbPath, fisrtPath, syscallRetValue);
281 | return syscallRetValue;
282 | }
283 |
284 | // #define SYS_fstatat 469
285 | bool isFstatat = (SYS_fstatat == number);
286 | if (isFstatat) {
287 | bool isJbPath = false;
288 |
289 | // int fstatat(int dirfd, const char *pathname, struct stat *buf, int flags);
290 | va_start(argList, number);
291 | int dirfd = va_arg(argList, int);
292 | const char *pathname = (const char *)va_arg(argList, void *);
293 | struct stat *buf = (struct stat*)va_arg(argList, void *);
294 | int flags = va_arg(argList, int);
295 | va_end(argList);
296 |
297 | iosLogDebug("isFstatat=%{bool}d, dirfd=%d, pathname=%{public}s, buf=%p, flags=%d", isFstatat, dirfd, pathname, buf, flags);
298 |
299 | const char* absPath = NULL;
300 | bool isAbsPath = strStartsWith(pathname, "/");
301 | iosLogDebug("isAbsPath=%{bool}d", isAbsPath);
302 | if (isAbsPath) {
303 | absPath = pathname;
304 | } else {
305 | // is relative path
306 | if (dirfd == AT_FDCWD){
307 | iosLogDebug("dirfd is AT_FDCWD=%d", AT_FDCWD);
308 |
309 | // pathname is interpreted relative to the current working directory of the calling process (like access())
310 | // TODO: try get current working directory -> avoid caller pass the special path, finnaly is jailbreak path
311 | // eg: current working directory is "/usr/xxx/yyy/", then pass in "../../libexec/cydia/zzz"
312 | // finnal path is "/usr/libexec/cydia/zzz", match jailbreak path: "/usr/libexec/cydia/", is jaibreak path
313 | // but use "../../libexec/cydia/zzz" can not check whether is jailbreak path
314 | } else {
315 | // get file path from dir fd
316 | char filePath[PATH_MAX];
317 | bool isGetPathOk = getFilePath(dirfd, filePath);
318 | iosLogDebug("isGetPathOk=%s", boolToStr(isGetPathOk));
319 | if (isGetPathOk) {
320 | char* fullPath = strPathJoin(filePath, pathname)
321 | iosLogDebug("fullPath=%{public}s", fullPath);
322 | absPath = fullPath;
323 | }
324 | }
325 | }
326 |
327 | if (NULL != absPath){
328 | isJbPath = isJailbreakPath(absPath);
329 | iosLogDebug("absPath=%{public}s -> isJbPath=%{bool}d", absPath, isJbPath);
330 | if (isJbPath) {
331 | iosLogDebug("hook jailbreak path: %s", absPath);
332 | syscallRetValue = STATFS_FAILED;
333 | } else {
334 | syscallRetValue = %orig(number, dirfd, pathname, buf, flags);
335 | }
336 | } else {
337 | syscallRetValue = %orig(number, dirfd, pathname, buf, flags);
338 | }
339 |
340 | iosLogInfo("SYS_fstatat: number=%d -> dirfd=%d, pathname=%{public}s, buf=%p, flags=0x%x -> isJbPath=%{bool}d -> syscallRetValue=%d", number, dirfd, pathname, buf, flags, isJbPath, syscallRetValue);
341 | return syscallRetValue;
342 | }
343 |
344 | }
345 |
346 | va_start(argList, number);
347 | while ((paraPtr = (void *) va_arg(argList, void *))) {
348 | // while ((paraPtr = (char *) va_arg(argList, char *))) {
349 | paraList[curParaNum] = paraPtr;
350 | curParaNum += 1;
351 | iosLogDebug("[%d] paraPtr=%p", curParaNum, paraPtr);
352 | }
353 | va_end(argList);
354 |
355 | // iosLogDebug("argList=%{public}s", argList);
356 | iosLogDebug("curParaNum=%d", curParaNum);
357 |
358 | // return %orig;
359 | // return %orig(number, ...);
360 | // int retValue = %orig();
361 |
362 | // int retValue = callOriginSyscall(number, curParaNum, paraList);
363 | //// int retValue = callOriginSyscall(number, curParaNum, (void *)paraList);
364 | // iosLogDebug("retValue=%d", retValue);
365 | // return retValue;
366 |
367 | int paraNum = curParaNum;
368 |
369 | if (0 == paraNum){
370 | syscallRetValue = %orig(number);
371 | } else if (1 == paraNum){
372 | void* para1 = paraList[0];
373 | iosLogDebug("para1=%p", para1);
374 | syscallRetValue = %orig(number, para1);
375 | } else if (2 == paraNum){
376 | void* para1 = paraList[0];
377 | void* para2 = paraList[1];
378 | iosLogDebug("para1=%p,para2=%p", para1, para2);
379 | syscallRetValue = %orig(number, para1, para2);
380 | } else if (3 == paraNum){
381 | void* para1 = paraList[0];
382 | void* para2 = paraList[1];
383 | void* para3 = paraList[2];
384 | iosLogDebug("para1=%p,para2=%p,para3=%p", para1, para2, para3);
385 | syscallRetValue = %orig(number, para1, para2, para3);
386 | } else if (4 == paraNum){
387 | void* para1 = paraList[0];
388 | void* para2 = paraList[1];
389 | void* para3 = paraList[2];
390 | void* para4 = paraList[3];
391 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p", para1, para2, para3, para4);
392 | syscallRetValue = %orig(number, para1, para2, para3, para4);
393 | } else if (5 == paraNum){
394 | void* para1 = paraList[0];
395 | void* para2 = paraList[1];
396 | void* para3 = paraList[2];
397 | void* para4 = paraList[3];
398 | void* para5 = paraList[4];
399 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p", para1, para2, para3, para4, para5);
400 | syscallRetValue = %orig(number, para1, para2, para3, para4, para5);
401 | } else if (6 == paraNum){
402 | void* para1 = paraList[0];
403 | void* para2 = paraList[1];
404 | void* para3 = paraList[2];
405 | void* para4 = paraList[3];
406 | void* para5 = paraList[4];
407 | void* para6 = paraList[5];
408 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p", para1, para2, para3, para4, para5, para6);
409 | syscallRetValue = %orig(number, para1, para2, para3, para4, para5, para6);
410 | } else if (7 == paraNum){
411 | void* para1 = paraList[0];
412 | void* para2 = paraList[1];
413 | void* para3 = paraList[2];
414 | void* para4 = paraList[3];
415 | void* para5 = paraList[4];
416 | void* para6 = paraList[5];
417 | void* para7 = paraList[6];
418 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p", para1, para2, para3, para4, para5, para6, para7);
419 | syscallRetValue = %orig(number, para1, para2, para3, para4, para5, para6, para7);
420 | } else if (8 == paraNum){
421 | void* para1 = paraList[0];
422 | void* para2 = paraList[1];
423 | void* para3 = paraList[2];
424 | void* para4 = paraList[3];
425 | void* para5 = paraList[4];
426 | void* para6 = paraList[5];
427 | void* para7 = paraList[6];
428 | void* para8 = paraList[7];
429 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p,para8=%p", para1, para2, para3, para4, para5, para6, para7, para8);
430 | syscallRetValue = %orig(number, para1, para2, para3, para4, para5, para6, para7, para8);
431 | } else if (9 == paraNum){
432 | void* para1 = paraList[0];
433 | void* para2 = paraList[1];
434 | void* para3 = paraList[2];
435 | void* para4 = paraList[3];
436 | void* para5 = paraList[4];
437 | void* para6 = paraList[5];
438 | void* para7 = paraList[6];
439 | void* para8 = paraList[7];
440 | void* para9 = paraList[8];
441 | iosLogDebug("para1=%p,para2=%p,para3=%p,para4=%p,para5=%p,para6=%p,para7=%p,para8=%p,para9=%p", para1, para2, para3, para4, para5, para6, para7, para8, para9);
442 | syscallRetValue = %orig(number, para1, para2, para3, para4, para5, para6, para7, para8, para9);
443 | }
444 |
445 | iosLogInfo("number=%d -> syscallRetValue=%d", number, syscallRetValue);
446 | return syscallRetValue;
447 | }
448 |
449 | /*==============================================================================
450 | Ctor
451 | ==============================================================================*/
452 |
453 | %ctor
454 | {
455 | @autoreleasepool
456 | {
457 | iosLogInfo("%s, cfgHookEnable_syscall=%s", "syscall ctor", boolToStr(cfgHookEnable_syscall));
458 | }
459 | }
460 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_sysctl.mm:
--------------------------------------------------------------------------------
1 | #line 1 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_sysctl.xm"
2 |
3 |
4 |
5 |
6 |
7 |
8 | #import
9 | #import
10 | #import
11 |
12 | #import "CommonConfig.h"
13 | #import "CrifanLibiOS.h"
14 | #import "CrifanLib.h"
15 |
16 |
17 |
18 |
19 |
20 | int sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
21 |
22 |
23 | #include
24 | #if defined(__clang__)
25 | #if __has_feature(objc_arc)
26 | #define _LOGOS_SELF_TYPE_NORMAL __unsafe_unretained
27 | #define _LOGOS_SELF_TYPE_INIT __attribute__((ns_consumed))
28 | #define _LOGOS_SELF_CONST const
29 | #define _LOGOS_RETURN_RETAINED __attribute__((ns_returns_retained))
30 | #else
31 | #define _LOGOS_SELF_TYPE_NORMAL
32 | #define _LOGOS_SELF_TYPE_INIT
33 | #define _LOGOS_SELF_CONST
34 | #define _LOGOS_RETURN_RETAINED
35 | #endif
36 | #else
37 | #define _LOGOS_SELF_TYPE_NORMAL
38 | #define _LOGOS_SELF_TYPE_INIT
39 | #define _LOGOS_SELF_CONST
40 | #define _LOGOS_RETURN_RETAINED
41 | #endif
42 |
43 |
44 |
45 |
46 | #line 21 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_sysctl.xm"
47 | __unused static int (*_logos_orig$_ungrouped$sysctl)(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen); __unused static int _logos_function$_ungrouped$sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen){
48 | iosLogDebug("name=%p, namelen=%d, oldp=%p, oldlenp=%p, newp=%p, newlen=%ld", name, namelen, oldp, oldlenp, newp, newlen);
49 |
50 |
51 |
52 | int sysctlRet = _logos_orig$_ungrouped$sysctl(name, namelen, oldp, oldlenp, newp, newlen);
53 |
54 | if (cfgHookEnable_sysctl_sysctl) {
55 |
56 | bool isGetpid = (name[0] == CTL_KERN && name[1] == KERN_PROC && name[2] == KERN_PROC_PID);
57 | if (isGetpid) {
58 | struct kinfo_proc *info = NULL;
59 | info = (struct kinfo_proc *)oldp;
60 | int oldPFlag = info->kp_proc.p_flag;
61 | info->kp_proc.p_flag &= ~(P_TRACED);
62 | int newPFlag = info->kp_proc.p_flag;
63 |
64 | iosLogInfo("name=%p, namelen=%d, oldp=%p, oldlenp=%p, newp=%p, newlen=%ld -> isGetpid=%s -> oldPFlag=0x%x, newPFlag=0x%x -> sysctlRet=%d", name, namelen, oldp, oldlenp, newp, newlen, boolToStr(isGetpid), oldPFlag, newPFlag, sysctlRet);
65 | }
66 | }
67 |
68 | return sysctlRet;
69 | }
70 |
71 |
72 |
73 |
74 |
75 |
76 | int sysctlnametomib(const char *name, int *mibp, size_t *sizep);
77 |
78 | __unused static int (*_logos_orig$_ungrouped$sysctlnametomib)(const char *name, int *mibp, size_t *sizep); __unused static int _logos_function$_ungrouped$sysctlnametomib(const char *name, int *mibp, size_t *sizep){
79 |
80 | int retInt = SYSCTL_FAIL;
81 | retInt = _logos_orig$_ungrouped$sysctlnametomib(name, mibp, sizep);
82 | iosLogInfo("name=%{public}s, mibp=%p, sizep=%p -> retInt=%d", name, mibp, sizep, retInt);
83 | return retInt;
84 | }
85 |
86 |
87 |
88 |
89 |
90 | static __attribute__((constructor)) void _logosLocalCtor_03afdbd6(int __unused argc, char __unused **argv, char __unused **envp)
91 | {
92 | @autoreleasepool
93 | {
94 | iosLogInfo("%s, cfgHookEnable_sysctl=%s, cfgHookEnable_sysctl_sysctl=%s", "sysctl ctor", boolToStr(cfgHookEnable_sysctl), boolToStr(cfgHookEnable_sysctl_sysctl));
95 | }
96 | }
97 | static __attribute__((constructor)) void _logosLocalInit() {
98 | {void * _logos_symbol$_ungrouped$sysctl = (void *)sysctl; MSHookFunction((void *)_logos_symbol$_ungrouped$sysctl, (void *)&_logos_function$_ungrouped$sysctl, (void **)&_logos_orig$_ungrouped$sysctl);void * _logos_symbol$_ungrouped$sysctlnametomib = (void *)sysctlnametomib; MSHookFunction((void *)_logos_symbol$_ungrouped$sysctlnametomib, (void *)&_logos_function$_ungrouped$sysctlnametomib, (void **)&_logos_orig$_ungrouped$sysctlnametomib);} }
99 | #line 71 "/Users/crifan/dev/dev_root/crifan/iOSBypassJailbreak/iOSBypassJailbreak/hook_sysctl.xm"
100 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_sysctl.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_sysctl.xm
3 | Function: iOS tweak to hook sysctl related
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 | #import
9 | #import
10 |
11 | #import "CommonConfig.h"
12 | #import "CrifanLibiOS.h"
13 | #import "CrifanLib.h"
14 |
15 | /*==============================================================================
16 | Hook: sysctl
17 | ==============================================================================*/
18 |
19 | int sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
20 |
21 | %hookf(int, sysctl, int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen){
22 | iosLogDebug("name=%p, namelen=%d, oldp=%p, oldlenp=%p, newp=%p, newlen=%ld", name, namelen, oldp, oldlenp, newp, newlen);
23 |
24 | // int sysctlRet = SYSCTL_FAIL;
25 | // sysctlRet = %orig(name, namelen, oldp, oldlenp, newp, newlen);
26 | int sysctlRet = %orig;
27 |
28 | if (cfgHookEnable_sysctl_sysctl) {
29 | // for Anti-Debug
30 | bool isGetpid = (name[0] == CTL_KERN && name[1] == KERN_PROC && name[2] == KERN_PROC_PID);
31 | if (isGetpid) {
32 | struct kinfo_proc *info = NULL;
33 | info = (struct kinfo_proc *)oldp;
34 | int oldPFlag = info->kp_proc.p_flag;
35 | info->kp_proc.p_flag &= ~(P_TRACED);
36 | int newPFlag = info->kp_proc.p_flag;
37 |
38 | iosLogInfo("name=%p, namelen=%d, oldp=%p, oldlenp=%p, newp=%p, newlen=%ld -> isGetpid=%s -> oldPFlag=0x%x, newPFlag=0x%x -> sysctlRet=%d", name, namelen, oldp, oldlenp, newp, newlen, boolToStr(isGetpid), oldPFlag, newPFlag, sysctlRet);
39 | }
40 | }
41 |
42 | return sysctlRet;
43 | }
44 |
45 | /*==============================================================================
46 | Hook: sysctlnametomib
47 | ==============================================================================*/
48 |
49 | // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/sysctlnametomib.3.html
50 | int sysctlnametomib(const char *name, int *mibp, size_t *sizep);
51 |
52 | %hookf(int, sysctlnametomib, const char *name, int *mibp, size_t *sizep){
53 | // iosLogInfo("name=%p, mibp=%p, sizep=%p", name, mibp, sizep);
54 | int retInt = SYSCTL_FAIL;
55 | retInt = %orig;
56 | iosLogInfo("name=%{public}s, mibp=%p, sizep=%p -> retInt=%d", name, mibp, sizep, retInt);
57 | return retInt;
58 | }
59 |
60 | /*==============================================================================
61 | Ctor
62 | ==============================================================================*/
63 |
64 | %ctor
65 | {
66 | @autoreleasepool
67 | {
68 | iosLogInfo("%s, cfgHookEnable_sysctl=%s, cfgHookEnable_sysctl_sysctl=%s", "sysctl ctor", boolToStr(cfgHookEnable_sysctl), boolToStr(cfgHookEnable_sysctl_sysctl));
69 | }
70 | }
71 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/hook_writeFile_iOS.xm:
--------------------------------------------------------------------------------
1 | /*
2 | File: hook_writeFile_iOS.xm
3 | Function: iOS tweak to hook write file of iOS level related function
4 | Author: Crifan Li
5 | */
6 |
7 | #import
8 |
9 | #import "CommonConfig.h"
10 | #import "CrifanLibiOS.h"
11 | #import "CrifanLib.h"
12 |
13 | bool shouldHookWritePath(const char* path);
14 | bool shouldHookWritePath_NSString(NSString* pathNs);
15 | bool shouldHookWritePath_NSURL(NSURL* url);
16 |
17 | /*==============================================================================
18 | Common Functions
19 | ==============================================================================*/
20 |
21 | // /private/testWriteToFile.txt -> true
22 | // /private/var/mobile/Containers/Data/Application/EEFACEA4-2ADB-4D25-9DB4-B5D643EA8943/Documents/bd.turing/ -> false
23 | bool shouldHookWritePath(const char* path){
24 | const char* Path_Private = "/private/";
25 | const char* Path_FilePrivate = "file:///private/";
26 |
27 | bool shouldHook = false;
28 |
29 | char* purePath = toPurePath(path);
30 | iosLogDebug("path=%{public}s -> purePath=%s", path, purePath);
31 | bool isStartWithPrivate = strStartsWith(purePath, Path_Private);
32 | bool isStartWithFilePrivate = strStartsWith(purePath, Path_FilePrivate);
33 | iosLogDebug("isStartWithPrivate=%s, isStartWithFilePrivate=%s",boolToStr(isStartWithPrivate), boolToStr(isStartWithFilePrivate));
34 |
35 | if (isStartWithPrivate || isStartWithFilePrivate){
36 | // is /private/ path
37 | char* pathNoPrivateHead = NULL;
38 | // int origMallocStrPointerMovePrevLen = 0;
39 | char* toFreeRemoveHeadPathPrivate = NULL;
40 | char* toFreeRemoveHeadPathFilePrivate = NULL;
41 |
42 | if(isStartWithPrivate){
43 | // pathNoPrivateHead = removeHead(purePath, Path_Private);
44 | // origMallocStrPointerMovePrevLen = strlen(Path_Private);
45 | pathNoPrivateHead = removeHead(purePath, Path_Private, &toFreeRemoveHeadPathPrivate);
46 | }
47 |
48 | if(isStartWithFilePrivate){
49 | // pathNoPrivateHead = removeHead(purePath, Path_FilePrivate);
50 | // origMallocStrPointerMovePrevLen = strlen(Path_FilePrivate);
51 | pathNoPrivateHead = removeHead(purePath, Path_FilePrivate, &toFreeRemoveHeadPathFilePrivate);
52 | }
53 | // iosLogDebug("purePath=%s -> pathNoPrivateHead=%s, origMallocStrPointerMovePrevLen=%d", purePath, pathNoPrivateHead, origMallocStrPointerMovePrevLen);
54 | iosLogDebug("purePath=%s -> pathNoPrivateHead=%s, toFreeRemoveHeadPathPrivate=%p, toFreeRemoveHeadPathFilePrivate=%p", purePath, pathNoPrivateHead, toFreeRemoveHeadPathPrivate, toFreeRemoveHeadPathFilePrivate);
55 |
56 | // testWriteToFile.txt
57 | // var/mobile/Containers/Data/Application/EEFACEA4-2ADB-4D25-9DB4-B5D643EA8943/Documents/xxx
58 | if (NULL != pathNoPrivateHead){
59 | char* foundSlash = strstr(pathNoPrivateHead, "/");
60 | iosLogDebug("foundSlash=%s", foundSlash);
61 | if (NULL != foundSlash){
62 | // var/mobile/Containers/Data/Application/EEFACEA4-2ADB-4D25-9DB4-B5D643EA8943/Documents/xxx
63 | shouldHook = false;
64 | } else {
65 | // testWriteToFile.txt
66 | shouldHook = true;
67 | }
68 |
69 | // free(pathNoPrivateHead); // will crash !!!
70 | // char* toFreePtr = pathNoPrivateHead - origMallocStrPointerMovePrevLen;
71 | // iosLogDebug("pathNoPrivateHead=%p, toFreePtr=%p", pathNoPrivateHead, toFreePtr);
72 | // free(toFreePtr);
73 | if (NULL != toFreeRemoveHeadPathPrivate){
74 | free(toFreeRemoveHeadPathPrivate);
75 | iosLogDebug("has free toFreeRemoveHeadPathPrivate=%p", toFreeRemoveHeadPathPrivate);
76 | }
77 |
78 | if (NULL != toFreeRemoveHeadPathFilePrivate){
79 | free(toFreeRemoveHeadPathFilePrivate);
80 | iosLogDebug("has free toFreeRemoveHeadPathFilePrivate=%p", toFreeRemoveHeadPathFilePrivate);
81 | }
82 | } else {
83 | shouldHook = false;
84 | }
85 | } else {
86 | // not /private/ path
87 | shouldHook = false;
88 | }
89 |
90 | free(purePath);
91 |
92 | // for debug
93 | if (shouldHook) {
94 | iosLogInfo("path=%{public}s -> shouldHook=%s", path, boolToStr(shouldHook));
95 | // /private/testWriteToFile.txt
96 | }
97 |
98 | // // for debug
99 | // shouldHook = false;
100 |
101 | return shouldHook;
102 | }
103 |
104 | bool shouldHookWritePath_NSString(NSString* pathNs){
105 | const char* pathStr = [pathNs UTF8String];
106 | BOOL shouldHook = shouldHookWritePath(pathStr);
107 |
108 | // // for debug
109 | // shouldHook = false;
110 |
111 | iosLogDebug("pathNs=%@ -> shouldHook=%s", pathNs, boolToStr(shouldHook));
112 | return shouldHook;
113 | }
114 |
115 | bool shouldHookWritePath_NSURL(NSURL* url){
116 | NSString *urlNSStr = [url absoluteString];
117 | const char* urlStr = [urlNSStr UTF8String];
118 | BOOL shouldHook = shouldHookWritePath(urlStr);
119 |
120 | // // for debug
121 | // shouldHook = false;
122 |
123 | iosLogDebug("url=%@ -> shouldHook=%s", url, boolToStr(shouldHook));
124 | return shouldHook;
125 | }
126 |
127 | /*==============================================================================
128 | Hook: NSString
129 | ==============================================================================*/
130 |
131 | %hook NSString
132 |
133 | - (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile
134 | {
135 | BOOL isWriteOk = FALSE;
136 |
137 | if(cfgHookEnable_writeFileiOS){
138 | if(shouldHookWritePath_NSString(path)){
139 | isWriteOk = FALSE;
140 | iosLogInfo("hooked path=%{public}@ -> isWriteOk=%s", path, boolToStr(isWriteOk));
141 | } else {
142 | // isWriteOk = %orig(path, useAuxiliaryFile);
143 | isWriteOk = %orig;
144 | }
145 | } else {
146 | // isWriteOk = %orig(path, useAuxiliaryFile);
147 | isWriteOk = %orig;
148 | }
149 |
150 | iosLogDebug("%spath=%{public}@, useAuxiliaryFile=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, boolToStr(useAuxiliaryFile), boolToStr(isWriteOk));
151 | return isWriteOk;
152 | }
153 |
154 | - (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile encoding:(NSStringEncoding)enc error:(NSError **)error{
155 | iosLogDebug("path=%@, useAuxiliaryFile=%s, enc=%ld, *error=%@", path, boolToStr(useAuxiliaryFile), enc, ERROR_STR(error));
156 | BOOL isWriteOk = FALSE;
157 |
158 | if (cfgHookEnable_writeFileiOS) {
159 | if(shouldHookWritePath_NSString(path)){
160 | isWriteOk = FALSE;
161 | iosLogInfo("hooked path=%{public}@ -> isWriteOk=%s", path, boolToStr(isWriteOk));
162 | } else {
163 | // isWriteOk = %orig(path, useAuxiliaryFile, enc, error);
164 | isWriteOk = %orig;
165 | }
166 | } else {
167 | // isWriteOk = %orig(path, useAuxiliaryFile, enc, error);
168 | isWriteOk = %orig;
169 | }
170 | iosLogDebug("%spath=%{public}@, useAuxiliaryFile=%s, enc=%lu, *error=%@-> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, boolToStr(useAuxiliaryFile), enc, ERROR_STR(error), boolToStr(isWriteOk));
171 | return isWriteOk;
172 | }
173 |
174 | - (BOOL)writeToURL:(NSURL *)url atomically:(BOOL)atomically{
175 | BOOL isWriteOk = FALSE;
176 |
177 | if (cfgHookEnable_writeFileiOS) {
178 | if(shouldHookWritePath_NSURL(url)){
179 | isWriteOk = FALSE;
180 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
181 | } else {
182 | // isWriteOk = %orig(url, atomically);
183 | isWriteOk = %orig;
184 | }
185 | } else {
186 | // isWriteOk = %orig(url, atomically);
187 | isWriteOk = %orig;
188 | }
189 | iosLogDebug("%surl=%{public}@, atomically=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, boolToStr(atomically), boolToStr(isWriteOk));
190 | return isWriteOk;
191 | }
192 |
193 | - (BOOL)writeToURL:(NSURL *)url atomically:(BOOL)useAuxiliaryFile encoding:(NSStringEncoding)enc error:(NSError **)error{
194 | BOOL isWriteOk = FALSE;
195 |
196 | if (cfgHookEnable_writeFileiOS) {
197 | if(shouldHookWritePath_NSURL(url)){
198 | isWriteOk = FALSE;
199 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
200 | } else {
201 | // isWriteOk = %orig(url, useAuxiliaryFile, enc, error);
202 | isWriteOk = %orig;
203 | }
204 | } else {
205 | // isWriteOk = %orig(url, useAuxiliaryFile, enc, error);
206 | isWriteOk = %orig;
207 | }
208 | iosLogDebug("%surl=%{public}@, useAuxiliaryFile=%s, enc=%lu, *error=%@-> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, boolToStr(useAuxiliaryFile), enc, ERROR_STR(error), boolToStr(isWriteOk));
209 | return isWriteOk;
210 | }
211 |
212 | %end
213 |
214 | /*==============================================================================
215 | Hook: NSData
216 | ==============================================================================*/
217 |
218 | %hook NSData
219 |
220 | - (BOOL)writeToURL:(NSURL *)url atomically:(BOOL)atomically{
221 | BOOL isWriteOk = FALSE;
222 |
223 | if (cfgHookEnable_writeFileiOS) {
224 | if(shouldHookWritePath_NSURL(url)){
225 | isWriteOk = FALSE;
226 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
227 | } else {
228 | // isWriteOk = %orig(url, atomically);
229 | isWriteOk = %orig;
230 | }
231 | } else {
232 | // isWriteOk = %orig(url, atomically);
233 | isWriteOk = %orig;
234 | }
235 | iosLogDebug("%surl=%{public}@, atomically=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, boolToStr(atomically), boolToStr(isWriteOk));
236 | return isWriteOk;
237 | }
238 |
239 | //- (BOOL)writeToFile:(NSString *)path options:(NSDataWritingOptions)writeOptionsMask error:(NSError **)errorPtr{
240 | - (BOOL)writeToFile:(NSString *)path options:(NSDataWritingOptions)writeOptionsMask error:(NSError **)error{
241 | BOOL isWriteOk = FALSE;
242 |
243 | if (cfgHookEnable_writeFileiOS) {
244 | if(shouldHookWritePath_NSString(path)){
245 | isWriteOk = FALSE;
246 | iosLogInfo("hooked path=%{public}@ -> isWriteOk=%s", path, boolToStr(isWriteOk));
247 | } else {
248 | // isWriteOk = %orig(path, writeOptionsMask, error);
249 | isWriteOk = %orig;
250 | }
251 | } else {
252 | // isWriteOk = %orig(path, writeOptionsMask, error);
253 | isWriteOk = %orig;
254 | }
255 | iosLogDebug("%spath=%{public}@, writeOptionsMask=0x%lx, *error=%@-> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, writeOptionsMask, ERROR_STR(error), boolToStr(isWriteOk));
256 | return isWriteOk;
257 | }
258 |
259 | //- (BOOL)writeToURL:(NSURL *)url options:(NSDataWritingOptions)writeOptionsMask error:(NSError **)errorPtr{
260 | - (BOOL)writeToURL:(NSURL *)url options:(NSDataWritingOptions)writeOptionsMask error:(NSError **)error{
261 | BOOL isWriteOk = FALSE;
262 |
263 | if (cfgHookEnable_writeFileiOS) {
264 | if(shouldHookWritePath_NSURL(url)){
265 | isWriteOk = FALSE;
266 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
267 | } else {
268 | // isWriteOk = %orig(url, writeOptionsMask, error);
269 | isWriteOk = %orig;
270 | }
271 | } else {
272 | // isWriteOk = %orig(url, writeOptionsMask, error);
273 | isWriteOk = %orig;
274 | }
275 | iosLogDebug("%surl=%{public}@, writeOptionsMask=0x%lx, *error=%@-> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, writeOptionsMask, ERROR_STR(error), boolToStr(isWriteOk));
276 | return isWriteOk;
277 | }
278 |
279 | %end
280 |
281 | /*==============================================================================
282 | Hook: NSArray
283 | ==============================================================================*/
284 |
285 | %hook NSArray
286 |
287 | - (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile{
288 | BOOL isWriteOk = FALSE;
289 |
290 | if (cfgHookEnable_writeFileiOS) {
291 | if(shouldHookWritePath_NSString(path)){
292 | isWriteOk = FALSE;
293 | iosLogInfo("hooked path=%{public}@ -> isWriteOk=%s", path, boolToStr(isWriteOk));
294 | } else {
295 | // isWriteOk = %orig(path, useAuxiliaryFile);
296 | isWriteOk = %orig;
297 | }
298 | } else {
299 | // isWriteOk = %orig(path, useAuxiliaryFile);
300 | isWriteOk = %orig;
301 | }
302 | iosLogDebug("%spath=%{public}@, useAuxiliaryFile=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, boolToStr(useAuxiliaryFile), boolToStr(isWriteOk));
303 | return isWriteOk;
304 | }
305 |
306 | - (BOOL)writeToURL:(NSURL *)url atomically:(BOOL)atomically{
307 | BOOL isWriteOk = FALSE;
308 |
309 | if (cfgHookEnable_writeFileiOS) {
310 | if(shouldHookWritePath_NSURL(url)){
311 | isWriteOk = FALSE;
312 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
313 | } else {
314 | // isWriteOk = %orig(url, atomically);
315 | isWriteOk = %orig;
316 | }
317 | } else {
318 | // isWriteOk = %orig(url, atomically);
319 | isWriteOk = %orig;
320 | }
321 | iosLogDebug("%surl=%{public}@, atomically=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, boolToStr(atomically), boolToStr(isWriteOk));
322 | return isWriteOk;
323 | }
324 |
325 | - (BOOL)writeToURL:(NSURL *)url error:(NSError **)error{
326 | BOOL isWriteOk = FALSE;
327 |
328 | if (cfgHookEnable_writeFileiOS) {
329 | if(shouldHookWritePath_NSURL(url)){
330 | isWriteOk = FALSE;
331 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
332 | } else {
333 | // isWriteOk = %orig(url, error);
334 | isWriteOk = %orig;
335 | }
336 | } else {
337 | // isWriteOk = %orig(url, error);
338 | isWriteOk = %orig;
339 | }
340 | iosLogDebug("%surl=%{public}@, *error=%@ -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, ERROR_STR(error), boolToStr(isWriteOk));
341 | return isWriteOk;
342 | }
343 |
344 | %end
345 |
346 | /*==============================================================================
347 | Hook: NSDictionary
348 | ==============================================================================*/
349 |
350 | %hook NSDictionary
351 |
352 | - (BOOL)writeToFile:(NSString *)path atomically:(BOOL)useAuxiliaryFile{
353 | BOOL isWriteOk = FALSE;
354 |
355 | if (cfgHookEnable_writeFileiOS) {
356 | if(shouldHookWritePath_NSString(path)){
357 | isWriteOk = FALSE;
358 | iosLogInfo("hooked path=%{public}@ -> isWriteOk=%s", path, boolToStr(isWriteOk));
359 | } else {
360 | // isWriteOk = %orig(path, useAuxiliaryFile);
361 | isWriteOk = %orig;
362 | }
363 | } else {
364 | // isWriteOk = %orig(path, useAuxiliaryFile);
365 | isWriteOk = %orig;
366 | }
367 | iosLogDebug("%spath=%{public}@, useAuxiliaryFile=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, boolToStr(useAuxiliaryFile), boolToStr(isWriteOk));
368 | return isWriteOk;
369 | }
370 |
371 | - (BOOL)writeToURL:(NSURL *)url error:(NSError **)error{
372 | BOOL isWriteOk = FALSE;
373 |
374 | if (cfgHookEnable_writeFileiOS) {
375 | if(shouldHookWritePath_NSURL(url)){
376 | isWriteOk = FALSE;
377 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
378 | } else {
379 | // isWriteOk = %orig(url, error);
380 | isWriteOk = %orig;
381 | }
382 | } else {
383 | // isWriteOk = %orig(url, error);
384 | isWriteOk = %orig;
385 | }
386 | iosLogDebug("%surl=%{public}@, *error=%@ -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, ERROR_STR(error), boolToStr(isWriteOk));
387 | return isWriteOk;
388 | }
389 |
390 | - (BOOL)writeToURL:(NSURL *)url atomically:(BOOL)atomically{
391 | BOOL isWriteOk = FALSE;
392 |
393 | if (cfgHookEnable_writeFileiOS) {
394 | if(shouldHookWritePath_NSURL(url)){
395 | isWriteOk = FALSE;
396 | iosLogInfo("hooked url=%{public}@ -> isWriteOk=%s", url, boolToStr(isWriteOk));
397 | } else {
398 | // isWriteOk = %orig(url, atomically);
399 | isWriteOk = %orig;
400 | }
401 | } else {
402 | // isWriteOk = %orig(url, atomically);
403 | isWriteOk = %orig;
404 | }
405 | iosLogDebug("%surl=%{public}@, atomically=%s -> isWriteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, boolToStr(atomically), boolToStr(isWriteOk));
406 | return isWriteOk;
407 | }
408 |
409 | %end
410 |
411 | /*==============================================================================
412 | Hook: NSFileManager
413 | ==============================================================================*/
414 |
415 | %hook NSFileManager
416 |
417 | - (BOOL)removeItemAtPath:(NSString *)path error:(NSError **)error {
418 | BOOL isDeleteOk = FALSE;
419 |
420 | if (cfgHookEnable_writeFileiOS) {
421 | if(shouldHookWritePath_NSString(path)){
422 | isDeleteOk = FALSE;
423 | iosLogInfo("hooked path=%{public}@ -> isDeleteOk=%s", path, boolToStr(isDeleteOk));
424 | } else {
425 | // isDeleteOk = %orig(path, error);
426 | isDeleteOk = %orig;
427 | }
428 | } else {
429 | // isDeleteOk = %orig(path, error);
430 | isDeleteOk = %orig;
431 | }
432 | iosLogDebug("%spath=%{public}@, *error=%@-> isDeleteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), path, ERROR_STR(error), boolToStr(isDeleteOk));
433 | return isDeleteOk;
434 | }
435 |
436 | //- (BOOL)removeItemAtURL:(NSURL *)URL error:(NSError **)error {
437 | - (BOOL)removeItemAtURL:(NSURL *)url error:(NSError **)error {
438 | BOOL isDeleteOk = FALSE;
439 |
440 | if (cfgHookEnable_writeFileiOS) {
441 | if(shouldHookWritePath_NSURL(url)){
442 | isDeleteOk = FALSE;
443 | iosLogInfo("hooked url=%{public}@ -> isDeleteOk=%s", url, boolToStr(isDeleteOk));
444 | } else {
445 | // isDeleteOk = %orig(url, error);
446 | isDeleteOk = %orig;
447 | }
448 | } else {
449 | // isDeleteOk = %orig(url, error);
450 | isDeleteOk = %orig;
451 | }
452 | iosLogDebug("%surl=%{public}@, *error=%@-> isDeleteOk=%s", HOOK_PREFIX(cfgHookEnable_writeFileiOS), url, ERROR_STR(error), boolToStr(isDeleteOk));
453 | return isDeleteOk;
454 | }
455 |
456 | %end
457 |
458 | /*==============================================================================
459 | Ctor
460 | ==============================================================================*/
461 |
462 | %ctor
463 | {
464 | @autoreleasepool
465 | {
466 | iosLogInfo("%s, cfgHookEnable_writeFileiOS=%s", "writeFile_iOS ctor", boolToStr(cfgHookEnable_writeFileiOS));
467 | }
468 | }
469 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/iOSBypassJailbreak-Prefix.pch:
--------------------------------------------------------------------------------
1 | //
2 | // Prefix header for all source files of the 'iOSBypassJailbreak' target in the 'iOSBypassJailbreak' project
3 | //
4 |
5 | #ifdef __OBJC__
6 | #import
7 | #endif
8 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/c/CrifanLib.h:
--------------------------------------------------------------------------------
1 | /*
2 | File: CrifanLib.h
3 | Function: crifan's common C libs header file
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/c/CrifanLib.h
6 | Updated: 20220315_1114
7 | */
8 |
9 | // This will not work with all C++ compilers, but it works with clang and gcc
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | #ifndef CrifanLib_h
15 | #define CrifanLib_h
16 |
17 | //#import
18 | #include
19 | #include
20 | #include
21 | #include
22 | #include
23 | //#include
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include /* PATH_MAX */
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 |
36 | // integer
37 | bool isIntInList(int valueToCheck, int* intList, int intListLen);
38 |
39 | // Date Time
40 | //char* getCompileDateTimeStr(void);
41 | char* parseTimeInfo(char* dateTimeStr, struct tm* outTimeInfo);
42 | bool isTimeExpired(const char* expiredTimeStr);
43 |
44 | // char
45 | void initRandomChar(void);
46 | char randomChar(const char* choiceStr);
47 |
48 | // string
49 | char* randomStr(int strLen, const char* choiceStr);
50 | char* boolToStr(bool curBool);
51 | char* strToLowercase(const char* origStr);
52 | bool strStartsWith(const char *fullStr, const char *prefixStr);
53 | bool strEndsWith(const char* fullStr, const char* endStr);
54 | //char* removeHead(const char* fullStr, const char* headStr);
55 | char* removeHead(const char* fullStr, const char* headStr, char** toFreePtr);
56 | char* removeTail(const char* fullStr, const char* tailStr);
57 | char* removeEndSlash(const char* origPath);
58 | char* strReplace(const char *fullStr, const char *replaceFromStr, const char *replaceToStr);
59 | void strSplit(const char* fullStr, const char* delim, char*** resultSubStrListPtr, int* resultListLenPtr);
60 |
61 | // file size
62 | long calulateFilesize_fgetc(char* inputFilename);
63 | long calulateFilesize_ftell(char* inputFilename);
64 | long calulateFilesize_fstat(char* inputFilename);
65 |
66 | // file mode
67 | char* fileSizeToStr(off_t fileStSize);
68 | void fileModeToStr(mode_t mode, char * modeStrBuf);
69 | char* fileTypeToChar(mode_t mode);
70 | char* statToStr(struct stat* statInfo);
71 |
72 | // file path
73 | char* removeTwoDotPart(const char* origPath);
74 | bool isPathEaqual(const char* path1, const char* path2);
75 | char* toPurePath(const char* origPath);
76 | bool parseRealPath(const char* curPath, char* gotRealPath);
77 |
78 | #define strPathJoin(...) _strPathJoin(__VA_ARGS__, NULL);
79 | char* _strPathJoin(const char* firstPath, ...);
80 |
81 | bool getFilePath(int fd, char* outFilePath);
82 |
83 | // iOS
84 | int iOS_system(const char* command);
85 | void iOS_antiDebug_ptrace(void);
86 | void iOS_antiDebug_syscall(void);
87 | void iOS_antiDebug_svc0x80_syscall(void);
88 |
89 | #endif /* CrifanLib_h */
90 |
91 | #ifdef __cplusplus
92 | }
93 | #endif
94 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/c/CrifanLibDemo.c:
--------------------------------------------------------------------------------
1 | /*
2 | File: CrifanLibDemo.c
3 | Function: crifan's common C lib function demo implementation
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/c/CrifanLibDemo.c
6 | Updated: 20220124_1552
7 | */
8 |
9 | //#include
10 | #include
11 | #include "CrifanLibDemo.h"
12 | #include "CrifanLib.h"
13 | #include "JailbreakPathList.h"
14 |
15 | /**************************************************************************************************
16 | Test other's custom strstr
17 | ****************************************************************************************************/
18 | //
19 | //// Preventing libobjc hooked, strstr implementation
20 | //const char* tuyul(const char* X, const char* Y)
21 | //{
22 | // if (*Y == '\0')
23 | // return X;
24 | //
25 | // for (int i = 0; i < strlen(X); i++)
26 | // {
27 | //// printf("X+i=%p, Y=%p, *(X+i)=%s, *Y=%s", X + i, Y, *(X+i), *Y);
28 | // printf("X+i=%p, Y=%p, *(X+i)=%c, *Y=%c\n", X + i, Y, *(X+i), *Y);
29 | //// printf("X+i=%p, Y=%p\n", X + i, Y);
30 | //// printf("*(X+i)=%s, *Y=%s", *(X+i), *Y);
31 | //// printf("*(X+i)=%s", *(X+i));
32 | //// printf("*Y=%s", *Y);
33 | // if (*(X + i) == *Y)
34 | // {
35 | // printf("----------\n");
36 | // char* ptr = tuyul(X + i + 1, Y + 1);
37 | // return (ptr) ? ptr - 1 : NULL;
38 | // }
39 | // }
40 | //
41 | // return NULL;
42 | //}
43 | //
44 | //
45 | //void testCustomStrstr(void){
46 | // char* curDylibName = "/Library/MobileSubstrate/DynamicLibraries/ Choicy.dylib";
47 | // char* mobilesubstratedylib = "MobileSubstrate.dylib";
48 | // bool isFound = tuyul(curDylibName, mobilesubstratedylib) != NULL;
49 | // printf("testCustomStrstr: isFound=%s", isFound);
50 | //}
51 |
52 |
53 | /**************************************************************************************************
54 | Test const
55 | ****************************************************************************************************/
56 |
57 | void testConst(void){
58 | // const int constIntValue = 3 + 4;
59 | // constIntValue = 10;
60 | // Compile time: Cannot assign to variable 'constIntValue' with const-qualified type 'const int'
61 |
62 | // const char* constStrPtr = malloc(10);
63 | const char* constStrPtr = randomStr(20, NULL);
64 | printf("before constStrPtr: %p -> %s\n", constStrPtr, constStrPtr);
65 | constStrPtr = "normal string";
66 | printf("after constStrPtr: %p -> %s\n", constStrPtr, constStrPtr);
67 | }
68 |
69 | /**************************************************************************************************
70 | Test random str
71 | ****************************************************************************************************/
72 |
73 | void testRandomStr(void){
74 | char* randomedStr = randomStr(5, NULL);
75 | printf("randomedStr=%s\n", randomedStr);
76 | }
77 |
78 | /**************************************************************************************************
79 | Test isIntInList
80 | ****************************************************************************************************/
81 | void testIsIntInList(void){
82 | int testIntValue = 2;
83 | int intList[] = {1, 2, 3, 4};
84 | bool isInList = isIntInList(testIntValue, intList, 4);
85 | printf("isInList=%d", isInList);
86 | }
87 |
88 | /**************************************************************************************************
89 | to pure path
90 | ****************************************************************************************************/
91 | //for debug: to pure path
92 | void testParsePurePath(void){
93 | // for debug: parse to pure path via pure C
94 | const char* specialPathList[] = {
95 | "./relative/path",
96 | "/Library/dpkg/./",
97 | "/Library/dpkg/",
98 | "/Library/dpkg/.",
99 | "/./Library/../Library/./dpkg/.",
100 | "/Applications/Cydia.app/../Cydia.app",
101 | "/bin/bash",
102 | "/./usr/././../usr/bin/./ssh-keyscan",
103 | "/bin/bash/..",
104 | "../bin/./bash/././..",
105 | "../bin/bash/..",
106 | "usr/local/bin/..",
107 | "/./bin/../bin/./bash",
108 | "/private/./etc/ssh/../ssh/sshd_config",
109 | };
110 | int specialPathListLen = sizeof(specialPathList)/sizeof(const char *);
111 | for (int i=0; i < specialPathListLen; i++) {
112 | const char* curSpeicalPath = specialPathList[i];
113 | char* curRealPath = toPurePath(curSpeicalPath);
114 | printf("orig: %s -> real: %s\n", curSpeicalPath, curRealPath);
115 | }
116 | }
117 |
118 | /**************************************************************************************************
119 | path equal
120 | ****************************************************************************************************/
121 |
122 | //for debug
123 | void testPathCompare(void){
124 | char* path1 = "/Library/dpkg";
125 | char* path2 = "/Library/dpkg/";
126 | bool isEqual = isPathEaqual(path1, path2);
127 | printf("isEqual=%s\n", boolToStr(isEqual));
128 |
129 | char* path3 = "/./Library/./../Library/./dpkg";
130 | // char* path3 = ".././Library/./../Library/./dpkg";
131 | char* path4 = "/Library/dpkg/";
132 | bool isEqual2 = isPathEaqual(path3, path4);
133 | printf("isEqual2=%s\n", boolToStr(isEqual2));
134 | }
135 |
136 | /**************************************************************************************************
137 | path join
138 | ****************************************************************************************************/
139 | void testPathJoin(void){
140 | const char* path1 = NULL;
141 | const char* path2 = NULL;
142 | const char* path3 = NULL;
143 |
144 | path1 = "/first";
145 | path2 = "second";
146 | char* joinedPath1 = strPathJoin(path1, path2);
147 | printf("joinedPath1=%s", joinedPath1);
148 |
149 | path1 = "/first/";
150 | path2 = "second/";
151 | char* joinedPath2 = strPathJoin(path1, path2);
152 | printf("joinedPath2=%s", joinedPath2);
153 |
154 | path1 = "/first/";
155 | path2 = "./second/";
156 | path3 = "third";
157 | char* joinedPath3 = strPathJoin(path1, path2, path3);
158 | printf("joinedPath3=%s", joinedPath3);
159 | }
160 |
161 | /**************************************************************************************************
162 | jailbreak path
163 | ****************************************************************************************************/
164 |
165 | //for debug: detect jb path
166 | void testJbPathDetect(void){
167 | const char* jsPathList[] = {
168 | "/usr/bin/ssh",
169 | "/usr/bin/ssh-",
170 | "/Applications/Cydia.app/Info.plist",
171 | "/bin/bash",
172 | "/Applications/Cydia.app/../Cydia.app",
173 | "/./usr/././../usr/bin/./ssh-keyscan",
174 | "/./bin/../bin/./bash",
175 | "/private/./etc/ssh/../ssh/sshd_config",
176 | };
177 | int jbPathListLen = sizeof(jsPathList)/sizeof(const char *);
178 | for (int i=0; i < jbPathListLen; i++) {
179 | const char* curJbPath = jsPathList[i];
180 | bool isJbPath = isJailbreakPath(curJbPath);
181 | printf("curJbPath=%s -> isJbPath=%s\n", curJbPath, boolToStr(isJbPath));
182 | printf("\n");
183 | }
184 | }
185 |
186 | /**************************************************************************************************
187 | string lowercase
188 | ****************************************************************************************************/
189 |
190 | void testLowcase(void){
191 | char* str1 = "CYDIA://xxx";
192 | char* str2 = "Cydia://xxx";
193 | char* startWithLower = "cydia://";
194 |
195 | char* lowerStr1 = strToLowercase(str1);
196 | bool isEqual1 = strStartsWith(lowerStr1, startWithLower);
197 | printf("isEqual1=%s\n", boolToStr(isEqual1));
198 | free(lowerStr1);
199 |
200 | char* lowerStr2 = strToLowercase(str2);
201 | bool isEqual2 = strStartsWith(lowerStr2, startWithLower);
202 | printf("isEqual2=%s\n", boolToStr(isEqual2));
203 | free(lowerStr2);
204 | }
205 |
206 | /**************************************************************************************************/
207 | /* Time */
208 | /**************************************************************************************************/
209 |
210 | /* use for only test several times in a loop */
211 | #define MAX_TEST_COUNT 15
212 |
213 | // How to calculate the elapsed time
214 | //http://www.crifan.com/how_to_calculate_the_elapsed_time/
215 | void showCalculateElapsedTime(void){
216 | struct timeval tv_begin_mdct, tv_end_mdct;
217 | int test_count = 0; // test times
218 | // every part of encoder time of one frame in milliseconds
219 | long mdct_time = 0;
220 |
221 | //calculate mdct time of one of the firt ten frames
222 | if(test_count <= MAX_TEST_COUNT)
223 | {
224 | gettimeofday(&tv_begin_mdct, 0);
225 | }
226 |
227 | // ......
228 | // do what you wan to do
229 | // ......
230 | //Func();
231 |
232 | //calculate mdct time of one of the firt ten frames
233 | if( test_count <= MAX_TEST_COUNT )
234 | {
235 | gettimeofday(&tv_end_mdct, 0);
236 | mdct_time = tv_end_mdct.tv_usec - tv_begin_mdct.tv_usec;
237 | printf("The mdct time of the %d frame is ttt%ld msn", test_count, mdct_time/1000);
238 | }
239 | }
240 |
241 | void testExpired_compileTime(void){
242 | // const int MAX_VALID_DAYS = 5;
243 | // const int MAX_VALID_SECONDS = MAX_VALID_DAYS * 24 * 60 * 60;
244 | const int MAX_VALID_SECONDS = 60;
245 |
246 | struct tm CompileTimeInfo;
247 | // char *strptime(const char * __restrict, const char * __restrict, struct tm * __restrict);
248 | // char* retNoProcessedStr = strptime(CompileDateStr, DATE_FORMAT, &CompileTimeInfo);
249 | // char* curCompileDateTimeStr = getCompileDateTimeStr();
250 | char* curCompileDateTimeStr = __DATE__ " " __TIME__; // "Jan 19 2022 10:34:16"
251 | char* retNoProcessedStr = parseTimeInfo(curCompileDateTimeStr, &CompileTimeInfo);
252 | printf("retNoProcessedStr=%s\n", retNoProcessedStr);
253 | time_t CompileEpoch = mktime(&CompileTimeInfo);
254 | printf("CompileEpoch=%ld\n", CompileEpoch); // 1639983548
255 | time_t ExpiredEpoch = CompileEpoch + MAX_VALID_SECONDS;
256 | printf("ExpiredEpoch=%ld\n", ExpiredEpoch); //
257 |
258 | time_t curTimeEpoch = time(NULL);
259 | printf("curTimeEpoch=%ld\n", curTimeEpoch); // 1639983552
260 | // time_t elapsedTimeEcoch = curTimeEpoch - CompileEpoch;
261 | // printf("elapsedTimeEcoch=%d\n", elapsedTimeEcoch);
262 | bool isExpired = curTimeEpoch >= ExpiredEpoch;
263 | printf("isExpired=%s\n", boolToStr(isExpired));
264 | }
265 |
266 | void testExpired_defineTime(void){
267 | // const char* expiredTimeStr = "2022-1-24 15:11:00";
268 | const char* expiredTimeStr = "2022-1-24 15:40:00";
269 | bool isExpired = isTimeExpired(expiredTimeStr);
270 | printf("isExpired=%s\n", boolToStr(isExpired)); // isExpired=True
271 | }
272 |
273 | void testTimeDate(void){
274 | testExpired_compileTime();
275 | testExpired_defineTime();
276 | }
277 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/c/CrifanLibDemo.h:
--------------------------------------------------------------------------------
1 | /*
2 | File: CrifanLibDemo.h
3 | Function: crifan's common C lib function demo header
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/c/CrifanLibDemo.h
6 | Updated: 20220124_1552
7 | */
8 |
9 | #ifndef CrifanLibDemo_h
10 | #define CrifanLibDemo_h
11 |
12 | void testCustomStrstr(void);
13 | void testConst(void);
14 | void testRandomStr(void);
15 | void testIsIntInList(void);
16 | void testParsePurePath(void);
17 | void testPathCompare(void);
18 | void testPathJoin(void);
19 | void testJbPathDetect(void);
20 | void testLowcase(void);
21 | void showCalculateElapsedTime(void);
22 |
23 | void testExpired_compileTime(void);
24 | void testExpired_defineTime(void);
25 | void testTimeDate(void);
26 |
27 | #endif /* CrifanLibDemo_h */
28 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/c/JailbreakPathList.c:
--------------------------------------------------------------------------------
1 | /*
2 | File: JailbreakPathList.c
3 | Function: crifan's common jailbreak file path list
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/c/JailbreakPathList.c
6 | Updated: 20221104_1730
7 | */
8 |
9 | #include "JailbreakPathList.h"
10 |
11 | /*==============================================================================
12 | Jailbreak Path List
13 | ==============================================================================*/
14 |
15 | // when use isJailbreakPath_realpath, should/could disable KEEP_SOFT_LINK -> internally will convert soft link to real link, so no need soft link
16 | // when use isJailbreakPath_pureC, shold enable KEEP_SOFT_LINK -> to include other soft link jailbreak path for later compare
17 | #define KEEP_SOFT_LINK
18 |
19 | const char* jailbreakDylibFuncNameList[] = {
20 | "MSGetImageByName",
21 | "MSFindSymbol",
22 | "MSHookFunction",
23 | "MSHookMessageEx",
24 |
25 | "SubGetImageByName",
26 | "SubFindSymbol",
27 | "SubHookFunction",
28 | "SubHookMessageEx",
29 | };
30 |
31 | const char* jailbreakPathList_Dylib[] = {
32 | //char* jailbreakPathList_Dylib[] = {
33 | // common: tweak plugin libs
34 | "/Library/Frameworks/Cephei.framework/Cephei", // -> /usr/lib/CepheiUI.framework/CepheiUI ?
35 |
36 | #ifdef KEEP_SOFT_LINK
37 | "/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate", // -> /usr/lib/libsubstrate.dylib
38 | #endif
39 |
40 | "/Library/MobileSubstrate/DynamicLibraries/ Choicy.dylib",
41 | "/Library/MobileSubstrate/DynamicLibraries/0Shadow.dylib",
42 | "/Library/MobileSubstrate/DynamicLibraries/afc2dService.dylib",
43 | "/Library/MobileSubstrate/DynamicLibraries/afc2dSupport.dylib",
44 | "/Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib",
45 | "/Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-installd.dylib",
46 | "/Library/MobileSubstrate/DynamicLibraries/ChoicySB.dylib",
47 | "/Library/MobileSubstrate/DynamicLibraries/dygz.dylib",
48 | "/Library/MobileSubstrate/DynamicLibraries/LiveClock.dylib",
49 | "/Library/MobileSubstrate/DynamicLibraries/MobileSafety.dylib",
50 | "/Library/MobileSubstrate/DynamicLibraries/PreferenceLoader.dylib",
51 | "/Library/MobileSubstrate/DynamicLibraries/RocketBootstrap.dylib",
52 | "/Library/MobileSubstrate/DynamicLibraries/Veency.dylib",
53 | "/Library/MobileSubstrate/DynamicLibraries/xCon.dylib",
54 | "/Library/MobileSubstrate/DynamicLibraries/zorro.dylib",
55 | "/Library/MobileSubstrate/DynamicLibraries/zzzzHeiBaoLib.dylib",
56 |
57 | "/usr/lib/libsubstrate.dylib",
58 |
59 | // Cydia Substrate libs
60 | "/Library/MobileSubstrate/MobileSubstrate.dylib",
61 | "/usr/lib/CepheiUI.framework/CepheiUI",
62 | "/usr/lib/substrate/SubstrateInserter.dylib",
63 | "/usr/lib/substrate/SubstrateLoader.dylib",
64 | "/usr/lib/substrate/SubstrateBootstrap.dylib",
65 |
66 | // Substitute libs
67 | "/usr/lib/libsubstitute.dylib",
68 | #ifdef KEEP_SOFT_LINK
69 | "/usr/lib/libsubstitute.0.dylib", // -> /usr/lib/libsubstitute.dylib
70 | #endif
71 | "/usr/lib/substitute-inserter.dylib",
72 | "/usr/lib/substitute-loader.dylib",
73 | #ifdef KEEP_SOFT_LINK
74 | "/Library/Frameworks/CydiaSubstrate.framework/SubstrateLoader.dylib", // -> /usr/lib/substitute-loader.dylib
75 | #endif
76 |
77 | // Other libs
78 | "/private/var/lib/clutch/overdrive.dylib",
79 | "/usr/lib/frida/frida-agent.dylib",
80 |
81 | #ifdef KEEP_SOFT_LINK
82 | "/usr/lib/libapt-inst.2.0.dylib",
83 | "/usr/lib/libapt-pkg.5.0.dylib",
84 | "/usr/lib/libapt-private.0.0.dylib",
85 | #endif
86 | "/usr/lib/libapt-inst.2.0.0.dylib",
87 | "/usr/lib/libapt-pkg.5.0.2.dylib",
88 | "/usr/lib/libapt-private.0.0.0.dylib",
89 |
90 | "/usr/lib/libcycript.dylib",
91 | "/usr/lib/librocketbootstrap.dylib",
92 | "/usr/lib/tweakloader.dylib",
93 | };
94 |
95 | const char* jailbreakPathList_Other[] = {
96 | //char* jailbreakPathList_Other[] = {
97 | "/Applications/Activator.app",
98 | "/Applications/ALS.app",
99 | "/Applications/blackra1n.app",
100 | "/Applications/Cydia.app",
101 | "/Applications/FakeCarrier.app",
102 | "/Applications/Filza.app",
103 | "/Applications/FlyJB.app",
104 | "/Applications/Icy.app",
105 | "/Applications/iFile.app",
106 | "/Applications/Iny.app",
107 | "/Applications/IntelliScreen.app",
108 | "/Applications/MTerminal.app",
109 | "/Applications/MxTube.app",
110 | "/Applications/RockApp.app",
111 | "/Applications/SBSettings.app",
112 | "/Applications/SubstituteSettings.app"
113 | "/Applications/SubstituteSettings.app/Info.plist",
114 | "/Applications/SubstituteSettings.app/SubstituteSettings",
115 | "/Applications/Snoop-itConfig.app",
116 | "/Applications/WinterBoard.app",
117 |
118 | #ifdef KEEP_SOFT_LINK
119 | "/bin/sh",
120 | #endif
121 | "/bin/bash",
122 |
123 | #ifdef KEEP_SOFT_LINK
124 | // Note: etc -> private/etc/ !!!
125 | "/etc/alternatives/sh",
126 | "/etc/apt",
127 | "/etc/apt/preferences.d/checkra1n",
128 | "/etc/apt/preferences.d/cydia",
129 | "/etc/clutch.conf",
130 | "/etc/clutch_cracked.plist",
131 | "/etc/dpkg/origins/debian",
132 | "/etc/rc.d/substitute-launcher",
133 | "/etc/ssh/sshd_config",
134 | #endif
135 |
136 | "/Library/Activator",
137 | "/Library/Flipswitch",
138 | "/Library/dpkg/",
139 |
140 | "/Library/Frameworks/CydiaSubstrate.framework/",
141 | "/Library/Frameworks/CydiaSubstrate.framework/Headers/"
142 | "/Library/Frameworks/CydiaSubstrate.framework/Headers/CydiaSubstrate.h",
143 | "/Library/Frameworks/CydiaSubstrate.framework/Info.plist",
144 |
145 | "/Library/LaunchDaemons/ai.akemi.asu_inject.plist",
146 | "/Library/LaunchDaemons/com.openssh.sshd.plist",
147 | "/Library/LaunchDaemons/com.rpetrich.rocketbootstrapd.plist",
148 | "/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist",
149 | "/Library/LaunchDaemons/com.tigisoftware.filza.helper.plist",
150 | "/Library/LaunchDaemons/dhpdaemon.plist",
151 | "/Library/LaunchDaemons/re.frida.server.plist",
152 |
153 | // for debug: try avoid 抖音(Aweme) crash
154 | "/Library/MobileSubstrate/",
155 | "/Library/MobileSubstrate/DynamicLibraries/",
156 |
157 | "/Library/MobileSubstrate/DynamicLibraries/ Choicy.plist",
158 | "/Library/MobileSubstrate/DynamicLibraries/afc2dService.plist",
159 | "/Library/MobileSubstrate/DynamicLibraries/afc2dSupport.plist",
160 | "/Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.plist",
161 | "/Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-installd.plist",
162 | "/Library/MobileSubstrate/DynamicLibraries/ChoicySB.plist",
163 | "/Library/MobileSubstrate/DynamicLibraries/dygz.plist",
164 | "/Library/MobileSubstrate/DynamicLibraries/LiveClock.plist",
165 | "/Library/MobileSubstrate/DynamicLibraries/MobileSafety.plist",
166 | "/Library/MobileSubstrate/DynamicLibraries/PreferenceLoader.plist",
167 | "/Library/MobileSubstrate/DynamicLibraries/RocketBootstrap.plist",
168 | "/Library/MobileSubstrate/DynamicLibraries/Veency.plist",
169 | "/Library/MobileSubstrate/DynamicLibraries/xCon.plist",
170 | "/Library/MobileSubstrate/DynamicLibraries/zorro.plist",
171 | "/Library/MobileSubstrate/DynamicLibraries/zzzzHeiBaoLib.plist",
172 |
173 | "/Library/PreferenceBundles/SubstitutePrefs.bundle/",
174 | "/Library/PreferenceBundles/SubstitutePrefs.bundle/Info.plist",
175 | "/Library/PreferenceBundles/SubstitutePrefs.bundle/SubstitutePrefs",
176 |
177 | "/Library/PreferenceLoader/Preferences/SubstituteSettings.plist",
178 |
179 | "/private/etc/alternatives/sh",
180 | "/private/etc/apt",
181 | "/private/etc/apt/preferences.d/checkra1n",
182 | "/private/etc/apt/preferences.d/cydia",
183 | "/private/etc/clutch.conf",
184 | "/private/etc/clutch_cracked.plist",
185 | "/private/etc/dpkg/origins/debian",
186 | "/private/etc/rc.d/substitute-launcher",
187 | "/private/etc/ssh/sshd_config",
188 |
189 | "/private/var/cache/apt/",
190 | "/private/var/cache/clutch.plist",
191 | "/private/var/cache/clutch_cracked.plist",
192 | "/private/var/db/stash",
193 | "/private/var/evasi0n",
194 | "/private/var/lib/apt/",
195 | "/private/var/lib/cydia/",
196 | "/private/var/lib/dpkg/",
197 |
198 | "/private/var/mobile/Applications/", //TODO: non-jailbreak can normally open?
199 | "/private/var/mobile/Library/Filza/",
200 | "/private/var/mobile/Library/Filza/pasteboard.plist",
201 | "/private/var/mobile/Library/Cydia/",
202 | "/private/var/mobile/Library/Preferences/com.ex.substitute.plist",
203 | "/private/var/mobile/Library/SBSettingsThemes/",
204 | "/private/var/MobileSoftwareUpdate/mnt1/System/Library/PrivateFrameworks/DictionaryServices.framework/SubstituteCharacters.plist",
205 | "/private/var/root/Documents/Cracked/",
206 | "/private/var/stash",
207 | "/private/var/tmp/cydia.log",
208 |
209 | "/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist",
210 | "/System/Library/LaunchDaemons/com.ikey.bbot.plist",
211 | "/System/Library/PrivateFrameworks/DictionaryServices.framework/SubstituteCharacters.plist",
212 |
213 | #ifdef KEEP_SOFT_LINK
214 | // Note: /User -> /var/mobile/
215 | "/User/Applications/", //TODO: non-jailbreak can normally open?
216 | "/User/Library/Filza/",
217 | "/User/Library/Filza/pasteboard.plist",
218 | "/User/Library/Cydia/",
219 | #endif
220 |
221 | "/usr/bin/asu_inject",
222 | "/usr/bin/cycc",
223 | "/usr/bin/cycript",
224 | #ifdef KEEP_SOFT_LINK
225 | "/usr/bin/cynject", // -> /usr/bin/sinject
226 | "/usr/bin/Filza", // -> /usr/libexec/filza/Filza
227 | #endif
228 | "/usr/bin/scp",
229 | "/usr/bin/sftp",
230 | "/usr/bin/ssh",
231 | "/usr/bin/ssh-add",
232 | "/usr/bin/ssh-agent",
233 | "/usr/bin/ssh-keygen",
234 | "/usr/bin/ssh-keyscan",
235 | "/usr/bin/sshd",
236 | "/usr/bin/sinject",
237 |
238 | "/usr/include/substrate.h",
239 |
240 | "/usr/lib/cycript0.9/",
241 | "/usr/lib/cycript0.9/com/",
242 | "/usr/lib/cycript0.9/com/saurik/"
243 | "/usr/lib/cycript0.9/com/saurik/substrate/",
244 | "/usr/lib/cycript0.9/com/saurik/substrate/MS.cy",
245 | "/usr/libexec/filza/Filza",
246 | "/usr/libexec/substituted",
247 | "/usr/libexec/sinject-vpa",
248 |
249 | "/usr/lib/substrate/",
250 |
251 | "/usr/lib/TweakInject",
252 |
253 | "/usr/libexec/cydia/",
254 | "/usr/libexec/sftp-server",
255 | "/usr/libexec/substrate",
256 | "/usr/libexec/substrated",
257 | "/usr/libexec/ssh-keysign",
258 |
259 | "/usr/local/bin/cycript",
260 |
261 | "/usr/sbin/frida-server",
262 | "/usr/sbin/sshd",
263 |
264 | #ifdef KEEP_SOFT_LINK
265 | // /var -> /private/var/
266 |
267 | // TODO: add more /var/xxx path
268 | "/var/cache/apt/",
269 | "/var/cache/clutch.plist",
270 | "/var/cache/clutch_cracked.plist",
271 | "/var/db/stash",
272 | "/var/evasi0n",
273 | "/var/lib/apt/",
274 | "/var/lib/cydia/",
275 | "/var/lib/dpkg/",
276 |
277 | "/var/mobile/Applications/", //TODO: non-jailbreak can normally open?
278 | "/var/mobile/Library/Filza/",
279 | "/var/mobile/Library/Filza/pasteboard.plist",
280 | "/var/mobile/Library/Cydia/",
281 | "/var/mobile/Library/Preferences/com.ex.substitute.plist",
282 | "/var/mobile/Library/SBSettingsThemes/",
283 | "/var/MobileSoftwareUpdate/mnt1/System/Library/PrivateFrameworks/DictionaryServices.framework/SubstituteCharacters.plist",
284 | "/var/root/Documents/Cracked/",
285 | "/var/stash",
286 | "/var/tmp/cydia.log",
287 |
288 | #endif
289 | };
290 |
291 | const int StrSize = sizeof(const char *);
292 | const int jailbreakPathListLen_Dylib = sizeof(jailbreakPathList_Dylib) / StrSize;
293 | const int jailbreakPathListLen_Other = sizeof(jailbreakPathList_Other) / StrSize;
294 |
295 | //int jailbreakPathListLen = sizeof(jailbreakPathList) / StrSize;
296 | const int jailbreakPathListLen = jailbreakPathListLen_Dylib + jailbreakPathListLen_Other;
297 |
298 | const int jailbreakDylibFuncNameListLen = sizeof(jailbreakDylibFuncNameList) / StrSize;
299 |
300 | const char** getJailbreakPathList(void){
301 | int strPtrMaxIdx = jailbreakPathListLen; // 133
302 | int strPtrNum = strPtrMaxIdx + 1; // 134
303 | int singleSize = sizeof(const char *); // 8
304 | size_t mallocSize = singleSize * strPtrNum; // 1072
305 | const char** jailbreakPathStrPtrList = malloc(mallocSize);
306 | // jailbreakPathStrPtrList=0x000000011e840c00
307 |
308 | // set each string
309 | for(int curStrIdx = 0; curStrIdx < jailbreakPathListLen_Dylib; curStrIdx++){
310 | const char* curStrPtr = jailbreakPathList_Dylib[curStrIdx];
311 | jailbreakPathStrPtrList[curStrIdx] = curStrPtr;
312 | }
313 |
314 | for(int curStrIdx = 0; curStrIdx < jailbreakPathListLen_Other; curStrIdx++){
315 | int totalIndex = jailbreakPathListLen_Dylib + curStrIdx;
316 | const char* curStrPtr = jailbreakPathList_Other[curStrIdx];
317 | jailbreakPathStrPtrList[totalIndex] = curStrPtr;
318 | }
319 | // set end
320 | jailbreakPathStrPtrList[strPtrMaxIdx] = NULL;
321 |
322 | return jailbreakPathStrPtrList;
323 | }
324 |
325 |
326 | /*==============================================================================
327 | Jailbreak Function
328 | ==============================================================================*/
329 |
330 | bool isPathInList(
331 | const char* inputPath,
332 | // char* inputPath,
333 | const char** pathList,
334 | // char** pathList,
335 | int pathListLen,
336 | bool isConvertToPurePath, // is convert to pure path or not
337 | bool isCmpSubFolder // is compare sub foder or not
338 | ){
339 | bool isInside = false;
340 | if (!inputPath) {
341 | return isInside;
342 | }
343 |
344 | char* inputOrigOrPurePath = NULL;
345 | if (isConvertToPurePath){
346 | inputOrigOrPurePath = toPurePath(inputPath);
347 | }else{
348 | inputOrigOrPurePath = strdup(inputPath);
349 | }
350 |
351 | char* matchedPath = NULL;
352 |
353 | char* curPathNoEndSlash = NULL;
354 | char * curPathWithEndSlash = NULL;
355 | for (int i=0; i < pathListLen; i++) {
356 | const char* curPath = pathList[i];
357 | // char* curPath = pathList[i];
358 | if (isPathEaqual(inputOrigOrPurePath, curPath)){
359 | isInside = true;
360 | matchedPath = (char *)curPath;
361 | break;
362 | }
363 |
364 | if (isCmpSubFolder){
365 | // check sub folder
366 | // "/Applications/Cydia.app/Info.plist" belong to "/Applications/Cydia.app/", should bypass
367 | // but avoid: '/usr/bin/ssh-keyscan' starts with '/usr/bin/ssh'
368 | curPathNoEndSlash = removeEndSlash(curPath);
369 | curPathWithEndSlash = NULL;
370 | asprintf(&curPathWithEndSlash, "%s/", curPathNoEndSlash);
371 |
372 | if (strStartsWith(inputOrigOrPurePath, curPathWithEndSlash)){
373 | isInside = true;
374 | matchedPath = (char *)curPath;
375 | break;
376 | }
377 | }
378 |
379 | if(NULL != curPathNoEndSlash){
380 | free(curPathNoEndSlash);
381 | curPathNoEndSlash = NULL;
382 | }
383 |
384 | if(NULL != curPathWithEndSlash){
385 | free(curPathWithEndSlash);
386 | curPathWithEndSlash = NULL;
387 | }
388 | }
389 |
390 | if (NULL != inputOrigOrPurePath){
391 | free(inputOrigOrPurePath);
392 | }
393 |
394 | return isInside;
395 | }
396 |
397 | bool isPathInJailbreakPathList(const char *curPath){
398 | bool isInJbPathList = false;
399 |
400 | const char** jailbreakPathList = getJailbreakPathList();
401 | if(jailbreakPathList) {
402 | isInJbPathList = isPathInList(curPath, jailbreakPathList, jailbreakPathListLen, true, true);
403 | // final: free char** self
404 | free(jailbreakPathList);
405 | }
406 |
407 | return isInJbPathList;
408 | }
409 |
410 | bool isJailbreakPath_pureC(const char *curPath){
411 | bool isJbPath = false;
412 | if (!curPath) {
413 | return isJbPath;
414 | }
415 |
416 | isJbPath = isPathInJailbreakPathList(curPath);
417 |
418 | return isJbPath;
419 | }
420 |
421 | bool isJailbreakPath_realpath(const char *curPath){
422 | bool isJbPath = false;
423 | if (!curPath) {
424 | return isJbPath;
425 | }
426 |
427 | char gotRealPath[PATH_MAX];
428 | bool isParseRealPathOk = parseRealPath(curPath, gotRealPath);
429 | // os_log(OS_LOG_DEFAULT, "isJailbreakPath: isParseRealPathOk=%{bool}d", isParseRealPathOk);
430 |
431 | char curRealPath[PATH_MAX];
432 | if (isParseRealPathOk) {
433 | strcpy(curRealPath, gotRealPath);
434 | } else {
435 | strcpy(curRealPath, curPath);
436 | }
437 | // os_log(OS_LOG_DEFAULT, "isJailbreakPath: curRealPath=%{public}s", curRealPath);
438 | isJbPath = isPathInJailbreakPathList(curRealPath);
439 |
440 | return isJbPath;
441 | }
442 |
443 | // "/Applications/Cydia.app" -> true
444 | bool isJailbreakPath(const char *pathname){
445 | if (!pathname) {
446 | return false;
447 | } else {
448 | // return isJailbreakPath_realpath(pathname);
449 | return isJailbreakPath_pureC(pathname);
450 | }
451 | }
452 |
453 | // "/Library/MobileSubstrate/MobileSubstrate.dylib" -> true
454 | bool isJailbreakDylib(const char *pathname){
455 | bool isJbDylib = false;
456 |
457 | if (NULL != pathname){
458 | isJbDylib = isPathInList(pathname, jailbreakPathList_Dylib, jailbreakPathListLen_Dylib, true, false);
459 | }
460 |
461 | return isJbDylib;
462 | }
463 |
464 | // "MSHookFunction" -> true
465 | bool isJailbreakDylibFunctionName(const char *libFuncName){
466 | bool isJbDylibFuncName = false;
467 |
468 | if (NULL != libFuncName){
469 | isJbDylibFuncName = isPathInList(libFuncName, jailbreakDylibFuncNameList, jailbreakDylibFuncNameListLen, false, false);
470 | }
471 |
472 | return isJbDylibFuncName;
473 | }
474 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/c/JailbreakPathList.h:
--------------------------------------------------------------------------------
1 | /*
2 | File: JailbreakPathList.h
3 | Function: crifan's common jailbreak file path list header file
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/c/JailbreakPathList.h
6 | Updated: 20211230_1049
7 | */
8 |
9 | // This will not work with all C++ compilers, but it works with clang and gcc
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | #ifndef JailbreakPathList_h
15 | #define JailbreakPathList_h
16 |
17 | #include
18 |
19 | #include "CrifanLib.h"
20 |
21 | extern const int jailbreakPathListLen;
22 | extern const char* jailbreakPathList_Dylib[];
23 | extern const char* jailbreakPathList_Other[];
24 | //extern char* jailbreakPathList_Dylib[];
25 | //extern char* jailbreakPathList_Other[];
26 | extern const int jailbreakPathListLen_Dylib;
27 | extern const int jailbreakPathListLen_Other;
28 |
29 | //extern const char* jailbreakPathList[];
30 | const char** getJailbreakPathList(void);
31 | //char** getJailbreakPathList(void);
32 |
33 | bool isPathInJailbreakPathList(const char *curPath);
34 | bool isJailbreakPath_pureC(const char *curPath);
35 | bool isJailbreakPath_realpath(const char *pathname);
36 | bool isJailbreakPath(const char *pathname);
37 | bool isJailbreakDylib(const char *pathname);
38 | bool isJailbreakDylibFunctionName(const char *libFuncName);
39 |
40 | bool isPathInList(
41 | const char* inputPath,
42 | // char* inputPath,
43 | const char** pathList,
44 | // char** pathList,
45 | int pathListLen,
46 | bool isConvertToPurePath, // is convert to pure path or not
47 | bool isCmpSubFolder // is compare sub foder or not
48 | );
49 |
50 | #endif /* JailbreakPathList_h */
51 |
52 | #ifdef __cplusplus
53 | }
54 | #endif
55 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/iOS/CrifanLibiOS.h:
--------------------------------------------------------------------------------
1 | /*
2 | File: CrifanLibiOS.h
3 | Function: crifan's common iOS function
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/iOS/CrifanLibiOS.h
6 | Updated: 20220316_1717
7 | */
8 |
9 | #import
10 | #import
11 | #import
12 | #import
13 | #import
14 | #import
15 | #import
16 | #import
17 |
18 | #import "CrifanLib.h"
19 |
20 | /*==============================================================================
21 | Common Define
22 | ==============================================================================*/
23 |
24 | // String
25 | #define STR_EMPTY ""
26 | #define IS_EMPTY_STR(curStr) (0 == strcmp(curStr, STR_EMPTY))
27 |
28 | // Log
29 |
30 | #define ERROR_STR(curErr) ((error != NULL) ? *error: @"")
31 |
32 | #define HOOK_PREFIX(isEnable) (isEnable ? "":"no_hook ")
33 |
34 | //#ifdef FOR_RELEASE
35 | #ifdef DISABLE_ALL_IOS_LOG
36 |
37 | //// for debug
38 | //#define IOS_LOG_INFO_ENABLE 1
39 | #define IOS_LOG_INFO_ENABLE 0
40 |
41 | #define IOS_LOG_DEBUG_ENABLE 0
42 | #define IOS_LOG_ERROR_ENABLE 0
43 |
44 | #else
45 |
46 | #define IOS_LOG_INFO_ENABLE 1
47 | #define IOS_LOG_DEBUG_ENABLE 0
48 | #define IOS_LOG_ERROR_ENABLE 1
49 |
50 | #endif
51 |
52 | //// hook_openFile.xm -> hook_openFile
53 | //#define FILENAME_NO_SUFFIX (strrchr(__FILE_NAME__, '.') ? strrchr(__FILE_NAME__, '.') + 1 : __FILE_NAME__)
54 |
55 | // // _logos_function$_ungrouped$open -> open
56 | // #define PURE_FUNC (strrchr(__func__, '$') ? strrchr(__func__, '$') + 1 : __func__)
57 |
58 | // // _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$ -> fileExistsAtPath$
59 |
60 |
61 | #define UNGROUP_STR "_ungrouped$"
62 | #define UNGROUP_LEN strlen(UNGROUP_STR)
63 | #define HOOK_ "hook_"
64 | //#define HOOK_SPACE "hook_ "
65 |
66 | // Method 1:
67 | // // _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$ -> NSFileManager$fileExistsAtPath$
68 | // //#define FUNC_UNGROUPED_NEXT (0 == strcmp(PURE_FUNC, "")) ? (strstr(__func__, UNGROUP_STR) + UNGROUP_LEN) : (PURE_FUNC)
69 | // #define FUNC_UNGROUPED_NEXT IS_EMPTY_STR(PURE_FUNC) ? (strstr(__func__, UNGROUP_STR) + UNGROUP_LEN) : (PURE_FUNC)
70 |
71 | // // NSFileManager$fileExistsAtPath$ -> fileExistsAtPath$
72 | // // #define FUNC_ONLY_METHOD strchr(FUNC_UNGROUPED_NEXT, '$') ? (strchr(FUNC_UNGROUPED_NEXT, '$') + 1) : __func__
73 | // // #define FUNC_ONLY_METHOD (NULL != strchr(FUNC_UNGROUPED_NEXT, '$')) ? (strchr(FUNC_UNGROUPED_NEXT, '$') + 1) : __func__
74 | // #define FUNC_ONLY_METHOD strchr(FUNC_UNGROUPED_NEXT, '$') ? (strchr(FUNC_UNGROUPED_NEXT, '$') + 1) : FUNC_UNGROUPED_NEXT
75 |
76 |
77 | // Method 2:
78 | #define FUNC_NAME_AFTER_UNGROUP strstr(__func__, UNGROUP_STR) ? (strstr(__func__, UNGROUP_STR) + UNGROUP_LEN) : __func__
79 | // =>
80 | // _logos_function$_ungrouped$open -> open
81 | // _logos_method$_ungrouped$NSFileManager$fileExistsAtPath$ -> NSFileManager$fileExistsAtPath$
82 | // normal_function -> normal_function
83 |
84 | //#define FUNC_NAME strchr(FUNC_NAME_AFTER_UNGROUP, '$') ? (strchr(FUNC_NAME_AFTER_UNGROUP, '$') + 1) : FUNC_NAME_AFTER_UNGROUP
85 | //#define FUNC_NAME_NO_CLASS strchr(FUNC_NAME_AFTER_UNGROUP, '$') ? (strchr(FUNC_NAME_AFTER_UNGROUP, '$') + 1) : FUNC_NAME_AFTER_UNGROUP
86 | // =>
87 | // open -> open
88 | // NSFileManager$fileExistsAtPath$ -> fileExistsAtPath$
89 | // normal_function -> normal_function
90 |
91 | // Updated: add support for `_logos_meta_method` inside hook_aweme.mm
92 | // static BOOL _logos_meta_method$_ungrouped$TTInstallUtil$isJailBroken(_LOGOS_SELF_TYPE_NORMAL Class _LOGOS_SELF_CONST, SEL);
93 | #define FUNC_NAME_NO_CLASS FUNC_NAME_AFTER_UNGROUP
94 |
95 | #define FUNC_NAME strchr(FUNC_NAME_NO_CLASS, ' ') ? (strchr(FUNC_NAME_NO_CLASS, ' ') + 1) : FUNC_NAME_NO_CLASS
96 | // =>
97 | // +[CrifanLibHookiOS nsStrListToStr:isSortList:isAddIndexPrefix:] -> nsStrListToStr:isSortList:isAddIndexPrefix:]
98 |
99 | #define HOOK_FILE_NAME strstr(__FILE_NAME__, HOOK_) ? __FILE_NAME__ : (HOOK_ " " __FILE_NAME__)
100 | // =>
101 | // hook_aweme.xm -> hook_aweme.xm
102 | // CrifanLibHookiOS.m -> hook_ CrifanLibHookiOS.m
103 |
104 | #define iosLogInfo(format, ...) \
105 | do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, HOOK_FILE_NAME, FUNC_NAME, __VA_ARGS__); } while(0)
106 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, FUNC_NAME, __VA_ARGS__); } while(0)
107 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, FUNC_ONLY_METHOD, __VA_ARGS__); } while(0)
108 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, FUNC_UNGROUPED_NEXT, __VA_ARGS__); } while(0)
109 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, PURE_FUNC, __VA_ARGS__); } while(0)
110 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, FILENAME_NO_SUFFIX, PURE_FUNC, __VA_ARGS__); } while(0)
111 | // do { if (IOS_LOG_INFO_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, __func__, __VA_ARGS__); } while(0)
112 |
113 | #define iosLogDebug(format, ...) \
114 | do { if (IOS_LOG_DEBUG_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, HOOK_FILE_NAME, FUNC_NAME, __VA_ARGS__); } while(0)
115 | // do { if (IOS_LOG_DEBUG_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, FUNC_NAME, __VA_ARGS__); } while(0)
116 | // do { if (IOS_LOG_DEBUG_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, PURE_FUNC, __VA_ARGS__); } while(0)
117 |
118 | #define iosLogError(format, ...) \
119 | do { if (IOS_LOG_ERROR_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, HOOK_FILE_NAME, FUNC_NAME, __VA_ARGS__); } while(0)
120 | // do { if (IOS_LOG_ERROR_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, FUNC_NAME, __VA_ARGS__); } while(0)
121 | // do { if (IOS_LOG_ERROR_ENABLE) os_log(OS_LOG_DEFAULT, "%s %s: " format, __FILE_NAME__, PURE_FUNC, __VA_ARGS__); } while(0)
122 |
123 | /*==============================================================================
124 | Exported Global Variable
125 | ==============================================================================*/
126 |
127 | extern const int OPEN_OK;
128 | extern const int OPEN_FAILED;
129 |
130 | extern const int OPEN_FD_INVALID;
131 |
132 | extern const int ACCESS_OK;
133 | extern const int ACCESS_FAILED;
134 |
135 | extern const int STAT_OK;
136 | extern const int STAT_FAILED;
137 |
138 | extern const int STATFS_OK;
139 | extern const int STATFS_FAILED;
140 |
141 | extern const int FORK_FAILED;
142 |
143 | extern const int PTRACE_OK;
144 | extern const int PTRACE_FAILED;
145 |
146 | extern const int FOPEN_OPEN_FAILED;
147 |
148 | extern const int FCNTL_FAILED;
149 |
150 | //extern const char* REALPATH_FAILED;
151 | extern char* REALPATH_FAILED;
152 |
153 | //extern const char* OPENDIR_FAILED;
154 | //extern char* OPENDIR_FAILED;
155 | //extern const int OPENDIR_FAILED;
156 | //extern int OPENDIR_FAILED;
157 | extern DIR* OPENDIR_FAILED;
158 |
159 | extern const int StrPointerSize;
160 |
161 | extern const int DLADDR_FAILED;
162 |
163 | extern const int DYLD_IMAGE_INDEX_INVALID;
164 | extern const long DYLD_IMAGE_SLIDE_INVALID;
165 |
166 | extern const int SYSCTL_OK;
167 | extern const int SYSCTL_FAIL;
168 |
169 |
170 | /*==============================================================================
171 | Global Type
172 | ==============================================================================*/
173 |
174 | typedef NS_ENUM(NSInteger, OpenFileFunctionType) {
175 | FUNC_UNKNOWN,
176 | FUNC_STAT,
177 | FUNC_STAT64,
178 | FUNC_SYSCALL_STAT,
179 | FUNC_SYSCALL_STAT64,
180 | FUNC_SVC_0X80_STAT,
181 | FUNC_SVC_0X80_STAT64,
182 | FUNC_OPEN,
183 | FUNC_SYSCALL_OPEN,
184 | FUNC_SVC_0X80_OPEN,
185 | FUNC_FOPEN,
186 | FUNC_NSFILEMANAGER,
187 | FUNC_ACCESS,
188 | FUNC_FACCESSAT,
189 | FUNC_LSTAT,
190 | FUNC_REALPATH,
191 | FUNC_OPENDIR,
192 | FUNC___OPENDIR2,
193 | FUNC_NSURL,
194 | FUNC_STATFS,
195 | FUNC_STATFS64,
196 | FUNC_FSTATFS,
197 | FUNC_FSTATAT,
198 | FUNC_FSTAT,
199 | FUNC_SYSCALL_LSTAT,
200 | FUNC_SYSCALL_FSTAT,
201 | FUNC_SYSCALL_FSTATAT,
202 | FUNC_SYSCALL_STATFS,
203 | FUNC_SYSCALL_FSTATFS,
204 | FUNC_SYSCALL_FOPEN,
205 | FUNC_SYSCALL_ACCESS,
206 | FUNC_SYSCALL_FACCESSAT,
207 | };
208 |
209 | typedef NS_ENUM(NSInteger, ButtonId) {
210 | BTN_STAT=1,
211 | BTN_STAT64=2,
212 | BTN_SYSCALL_STAT=3,
213 | BTN_SYSCALL_STAT64=4,
214 | BTN_SVC_0X80_STAT=5,
215 | BTN_SVC_0X80_STAT64=6,
216 | BTN_OPEN=7,
217 | BTN_SYSCALL_OPEN=8,
218 | BTN_SVC_0X80_OPEN=9,
219 | BTN_FOPEN=10,
220 | BTN_NSFILEMANAGER=11,
221 | BTN_ACCESS=12,
222 | BTN_FACCESSAT=13,
223 | BTN_LSTAT=14,
224 | BTN_REALPATH=15,
225 | BTN_OPENDIR=16,
226 | BTN___OPENDIR2=17,
227 | BTN_NSURL=18,
228 | BTN_STATFS=19,
229 | BTN_STATFS64=20,
230 | BTN_FSTATFS=21,
231 | BTN_FSTATAT=22,
232 | BTN_FSTAT=23,
233 | BTN_SYSCALL_LSTAT=24,
234 | BTN_SYSCALL_FSTAT=25,
235 | BTN_SYSCALL_FSTATAT=26,
236 | BTN_SYSCALL_STATFS=27,
237 | BTN_SYSCALL_FSTATFS=28,
238 | BTN_SYSCALL_FOPEN=29,
239 | BTN_SYSCALL_ACCESS=30,
240 | BTN_SYSCALL_FACCESSAT=31,
241 | };
242 |
243 |
244 | /*==============================================================================
245 | iOS Related
246 | ==============================================================================*/
247 |
248 | NS_ASSUME_NONNULL_BEGIN
249 |
250 | @interface CrifanLibiOS : NSObject
251 |
252 | /*==============================================================================
253 | String List
254 | ==============================================================================*/
255 |
256 | //+ (NSArray *) strListToNSArray: (char*_Nullable*_Nullable)strList listCount:(int)listCount;
257 | + (NSArray *) strListToNSArray: (char**)strList listCount:(int)listCount;
258 |
259 | /*==============================================================================
260 | NSArray
261 | ==============================================================================*/
262 |
263 | + (NSString*) nsStrListToStr: (NSArray*)curList;
264 | + (NSString*) nsStrListToStr: (NSArray*)curList isSortList:(BOOL)isSortList isAddIndexPrefix:(BOOL)isAddIndexPrefix;
265 |
266 | /*==============================================================================
267 | Open File
268 | ==============================================================================*/
269 |
270 | + (BOOL) openFile:(NSString *)filePath funcType:(OpenFileFunctionType) funcType;
271 |
272 | /*==============================================================================
273 | Codesign
274 | ==============================================================================*/
275 |
276 | + (BOOL) isCodeSignExist;
277 | + (NSString*) getEmbeddedCodesign;
278 | + (NSString*) getAppId;
279 | + (BOOL) isSelfAppId: (NSString*) selfAppId;
280 |
281 | /*==============================================================================
282 | Process
283 | ==============================================================================*/
284 |
285 | + (NSArray *)runningProcesses;
286 |
287 | @end
288 |
289 | NS_ASSUME_NONNULL_END
290 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/iOS/JailbreakiOS.h:
--------------------------------------------------------------------------------
1 | /*
2 | File: JailbreakiOS.h
3 | Function: crifan's common iOS jailbreak functions
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/iOS/JailbreakiOS.h
6 | Updated: 20220303_1402
7 | */
8 |
9 | #import
10 |
11 | /*==============================================================================
12 | Define
13 | ==============================================================================*/
14 | //#define FILE_PREFIX = "file://"
15 |
16 | /*==============================================================================
17 | Const
18 | ==============================================================================*/
19 | //const char* _Nonnull FILE_PREFIX = "file://";
20 | extern const char* _Nonnull FILE_PREFIX;
21 |
22 | NS_ASSUME_NONNULL_BEGIN
23 |
24 | @interface JailbreakiOS : NSObject
25 |
26 | /*==============================================================================
27 | Jailbreak Path
28 | ==============================================================================*/
29 |
30 | + (NSArray *) jbPathList;
31 | + (BOOL) isJailbreakPath_iOS: (NSString*)curPath;
32 |
33 | + (NSArray *) jbDylibList;
34 | + (BOOL) isJbDylib: (NSString*)curPath;
35 |
36 | /*==============================================================================
37 | Phone Type
38 | ==============================================================================*/
39 |
40 | //+ (NSDictionary*) phoneTypeDict;
41 | //+ (NSMutableArray *) phoneTypeList;
42 |
43 | + (NSArray *) phoneTypeList;
44 |
45 | + (NSString *) getPhoneName:(NSString *)phoneId;
46 |
47 |
48 | @end
49 |
50 | NS_ASSUME_NONNULL_END
51 |
--------------------------------------------------------------------------------
/iOSBypassJailbreak/libs/iOS/JailbreakiOS.m:
--------------------------------------------------------------------------------
1 | /*
2 | File: JailbreakiOS.m
3 | Function: crifan's common iOS jailbreak functions
4 | Author: Crifan Li
5 | Latest: https://github.com/crifan/crifanLib/blob/master/iOS/JailbreakiOS.m
6 | Updated: 20220308_1002
7 | */
8 |
9 | #import "JailbreakiOS.h"
10 | #import "JailbreakPathList.h"
11 | #import "CrifanLibiOS.h"
12 |
13 | const char* _Nonnull FILE_PREFIX = "file://";
14 |
15 | @implementation JailbreakiOS
16 |
17 | /*==============================================================================
18 | Jailbreak Path
19 | ==============================================================================*/
20 |
21 | + (NSArray *) jbPathList
22 | {
23 | NSMutableArray * jbPathArr = [NSMutableArray array];
24 |
25 | const char** jailbreakPathList = getJailbreakPathList();
26 | // char** jailbreakPathList = getJailbreakPathList();
27 |
28 | if (jailbreakPathList) {
29 | // //for debug
30 | // NSArray* additionalTestPathList = @[
31 | // // 20211112_0915 test abnormal path
32 | // @"/Library/dpkg",
33 | // @"/./Library/../Library/dpkg/",
34 | // @"/Applications/Cydia.app/../Cydia.app",
35 | // @"/Applications/Cydia.app/Info.plist",
36 | //// @"/var/root/iOSOpenDevPackages/", // not jb file, just for test
37 | // @"/var/NotExisted",
38 | // // for EPERM = Operation not permitted
39 | // @"/./bin/../bin/./bash",
40 | // @"/private/./etc/ssh/../ssh/sshd_config",
41 | // @"/usr/././../usr/bin/ssh-keyscan",
42 | // ];
43 | //
44 | // for (NSString* curAdditionalTestPach in additionalTestPathList){
45 | // [jbPathArr addObject: curAdditionalTestPach];
46 | // }
47 |
48 | jbPathArr = [CrifanLibiOS strListToNSArray:jailbreakPathList listCount:jailbreakPathListLen];
49 |
50 | // final: free char** self
51 | free(jailbreakPathList);
52 | }
53 |
54 | return jbPathArr;
55 | }
56 |
57 | + (BOOL) isJailbreakPath_iOS: (NSString*)curPath{
58 | BOOL isJbPath = FALSE;
59 |
60 | if (NULL != curPath){
61 | const char* curPathStr = [curPath UTF8String];
62 | // isJbPath = isJailbreakPath(curPathStr);
63 |
64 | // const char* pathNoFilePrefix = removeHead(curPathStr, FILE_PREFIX);
65 | char* toFreePtr = NULL;
66 | const char* pathNoFilePrefix = removeHead(curPathStr, FILE_PREFIX, &toFreePtr);
67 |
68 | isJbPath = isJailbreakPath(pathNoFilePrefix);
69 |
70 | // free(pathNoFilePrefix);
71 | // if (NULL != toFreePtr) {
72 | // NSLog(@"Now to free: toFreePtr=%p", toFreePtr);
73 | free(toFreePtr);
74 | // }
75 | }
76 | // NSLog(@"curPath=%@ -> isJbPath=%d", curPath, isJbPath);
77 | return isJbPath;
78 | }
79 |
80 | + (NSArray *) jbDylibList
81 | {
82 | return [CrifanLibiOS strListToNSArray:jailbreakPathList_Dylib listCount:jailbreakPathListLen_Dylib];
83 | }
84 |
85 | + (BOOL) isJbDylib: (NSString*)curPath{
86 | BOOL isJbLib = FALSE;
87 | if([JailbreakiOS.jbDylibList containsObject:curPath]){
88 | isJbLib = TRUE;
89 | }
90 | return isJbLib;
91 | }
92 |
93 | /*==============================================================================
94 | Phone Type
95 | ==============================================================================*/
96 |
97 | + (NSArray *) phoneTypeList
98 | {
99 | // https://stackoverflow.com/questions/18414032/how-to-identify-a-hw-machine-identifier-reliable
100 | // https://www.theiphonewiki.com/wiki/Models
101 | return @[
102 | @[@"iPhone7,2", @"iPhone 6"],
103 | @[@"iPhone7,1", @"iPhone 6 Plus"],
104 | // added by Crifan Li, 20211014
105 | @[@"iPhone8,1", @"iPhone 6s"],
106 | @[@"iPhone8,2", @"iPhone 6s Plus"],
107 | @[@"iPhone8,4", @"iPhone SE 一代"], //(1st generation)
108 | @[@"iPhone9,1", @"iPhone 7"],
109 | @[@"iPhone9,3", @"iPhone 7 美版"],
110 | @[@"iPhone9,2", @"iPhone 7 Plus"],
111 | @[@"iPhone9,4", @"iPhone 7 Plus 美版"],
112 | @[@"iPhone10,1", @"iPhone 8"],
113 | @[@"iPhone10,4", @"iPhone 8 美版"],
114 | @[@"iPhone10,2", @"iPhone 8 Plus"],
115 | @[@"iPhone10,5", @"iPhone 8 Plus 美版"],
116 | @[@"iPhone10,3", @"iPhone X"],
117 | @[@"iPhone10,6", @"iPhone X 美版"],
118 | @[@"iPhone11,8", @"iPhone XR"],
119 | @[@"iPhone11,2", @"iPhone XS"],
120 | @[@"iPhone11,4", @"iPhone XS Max"],
121 | @[@"iPhone11,6", @"iPhone XS Max 美版"],
122 | @[@"iPhone12,1", @"iPhone 11"],
123 | @[@"iPhone12,3", @"iPhone 11 Pro"],
124 | @[@"iPhone12,5", @"iPhone 11 Pro Max"],
125 | @[@"iPhone12,8", @"iPhone SE 二代"], //(2nd generation)
126 | @[@"iPhone13,1", @"iPhone 12 mini"],
127 | @[@"iPhone13,2", @"iPhone 12"],
128 | @[@"iPhone13,3", @"iPhone 12 Pro"],
129 | @[@"iPhone13,4", @"iPhone 12 Pro Max"],
130 | @[@"iPhone14,4", @"iPhone 13 mini"],
131 | @[@"iPhone14,5", @"iPhone 13"],
132 | @[@"iPhone14,2", @"iPhone 13 Pro"],
133 | @[@"iPhone14,3", @"iPhone 13 Pro Max"],
134 | ];
135 | }
136 |
137 | //+ (NSDictionary *) phoneTypeDict
138 | //{
139 | // // https://stackoverflow.com/questions/18414032/how-to-identify-a-hw-machine-identifier-reliable
140 | // // https://www.theiphonewiki.com/wiki/Models
141 | // return @{
142 | // /*
143 | // Identifier : Generation(Name)
144 | // */
145 | // //iPhone.
146 | //// @"iPhone1,1" : @"iPhone 2G",
147 | //// @"iPhone1,2" : @"iPhone 3G",
148 | //// @"iPhone2,1" : @"iPhone 3GS",
149 | //// @"iPhone3,1" : @"iPhone 4",
150 | //// @"iPhone3,2" : @"iPhone 4",
151 | //// @"iPhone3,3" : @"iPhone 4",
152 | //// @"iPhone4,1" : @"iPhone 4S",
153 | //// @"iPhone5,1" : @"iPhone 5",
154 | //// @"iPhone5,2" : @"iPhone 5",
155 | //// @"iPhone5,3" : @"iPhone 5C",
156 | //// @"iPhone5,4" : @"iPhone 5C",
157 | //// @"iPhone6,1" : @"iPhone 5S",
158 | //// @"iPhone6,2" : @"iPhone 5S",
159 | // @"iPhone7,2" : @"iPhone 6",
160 | // @"iPhone7,1" : @"iPhone 6 Plus",
161 | // // added by Crifan Li, 20211014
162 | // @"iPhone8,1" : @"iPhone 6s",
163 | // @"iPhone8,2" : @"iPhone 6s Plus",
164 | // @"iPhone8,4" : @"iPhone SE 一代", //(1st generation)
165 | // @"iPhone9,1" : @"iPhone 7",
166 | // @"iPhone9,3" : @"iPhone 7 美版",
167 | // @"iPhone9,2" : @"iPhone 7 Plus",
168 | // @"iPhone9,4" : @"iPhone 7 Plus 美版",
169 | // @"iPhone10,1" : @"iPhone 8",
170 | // @"iPhone10,4" : @"iPhone 8 美版",
171 | // @"iPhone10,2" : @"iPhone 8 Plus",
172 | // @"iPhone10,5" : @"iPhone 8 Plus 美版",
173 | // @"iPhone10,3" : @"iPhone X",
174 | // @"iPhone10,6" : @"iPhone X 美版",
175 | // @"iPhone11,8" : @"iPhone XR",
176 | // @"iPhone11,2" : @"iPhone XS",
177 | // @"iPhone11,4" : @"iPhone XS Max",
178 | // @"iPhone11,6" : @"iPhone XS Max 美版",
179 | // @"iPhone12,1" : @"iPhone 11",
180 | // @"iPhone12,3" : @"iPhone 11 Pro",
181 | // @"iPhone12,5" : @"iPhone 11 Pro Max",
182 | // @"iPhone12,8" : @"iPhone SE 二代", //(2nd generation)
183 | // @"iPhone13,1" : @"iPhone 12 mini",
184 | // @"iPhone13,2" : @"iPhone 12",
185 | // @"iPhone13,3" : @"iPhone 12 Pro",
186 | // @"iPhone13,4" : @"iPhone 12 Pro Max",
187 | // @"iPhone14,4" : @"iPhone 13 mini",
188 | // @"iPhone14,5" : @"iPhone 13",
189 | // @"iPhone14,2" : @"iPhone 13 Pro",
190 | // @"iPhone14,3" : @"iPhone 13 Pro Max",
191 | // };
192 | //}
193 |
194 |
195 | //+ (NSMutableArray *) phoneTypeList{
196 | // NSMutableArray * phoneTypeArr = [NSMutableArray array];
197 | // for (NSString* curPhoneId in [self phoneTypeDict]){
198 | // NSString* curPhoneName = self.phoneTypeDict[curPhoneId];
199 | // NSLog(@"phone id %@ -> phone name %@", curPhoneId, curPhoneName);
200 | //
201 | // NSMutableArray * curPhoneArry = [NSMutableArray array];
202 | // [curPhoneArry addObject: curPhoneId];
203 | // [curPhoneArry addObject: curPhoneName];
204 | // NSLog(@"curPhoneArry=%@", curPhoneArry);
205 | //
206 | // [phoneTypeArr addObject: curPhoneArry];
207 | // NSLog(@"Latest phoneTypeArr=%@", phoneTypeArr);
208 | // }
209 | //
210 | // return phoneTypeArr;
211 | //}
212 |
213 |
214 | + (NSString *) getPhoneName:(NSString *)phoneId {
215 | // NSString * phoneName = [[self phoneTypeDict] objectForKey:phoneId];
216 | NSString * phoneName = NULL;
217 |
218 | // for (int i=0; i < [self.phoneTypeList count]; i++){
219 | // NSArray* curPhoneIdNameArr = self.phoneTypeList[i];
220 | for (int i=0; i < [JailbreakiOS.phoneTypeList count]; i++){
221 | NSArray* curPhoneIdNameArr = JailbreakiOS.phoneTypeList[i];
222 | // NSLog(@"[%d]: %@", i, curPhoneIdNameArr);
223 | NSString *curPhoneId = curPhoneIdNameArr[0];
224 | NSString *curPhoneName = curPhoneIdNameArr[1];
225 | if ([curPhoneId isEqualToString:phoneId]){
226 | NSLog(@"Found same phoneId: %@s", phoneId);
227 | phoneName = curPhoneName;
228 | break;
229 | }
230 | }
231 |
232 | NSLog(@"phone: id=%@s -> name=%@s", phoneId, phoneName);
233 | return phoneName;
234 | }
235 |
236 | @end
237 |
--------------------------------------------------------------------------------