├── .gitignore ├── LatestBuild ├── Packages ├── net.ymlab.dev.csflags_1.0-2_iphoneos-arm.deb └── net.ymlab.dev.debugserverXII_1.0-2_iphoneos-arm.deb ├── README.md ├── csflags.xcodeproj ├── project.pbxproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ │ └── IDEWorkspaceChecks.plist └── xcuserdata │ └── h4ck.xcuserdatad │ └── xcschemes │ └── xcschememanagement.plist ├── csflags ├── Entitlements.plist ├── Package │ ├── DEBIAN │ │ ├── control │ │ ├── postinst │ │ ├── postrm │ │ ├── preinst │ │ └── prerm │ └── usr │ │ └── bin │ │ └── csflags ├── PackageVersion.plist ├── QiLin.h ├── csflags-Prefix.pch ├── main.m └── qilin12.o └── debugserverXII ├── Package ├── DEBIAN │ ├── control │ ├── postinst │ ├── postrm │ ├── preinst │ └── prerm └── usr │ └── bin │ └── debugserverXII ├── PackageVersion.plist ├── debugserverXII-Prefix.pch └── main.m /.gitignore: -------------------------------------------------------------------------------- 1 | # Xcode 2 | .DS_Store 3 | */build/* 4 | *.pbxuser 5 | !default.pbxuser 6 | *.mode1v3 7 | !default.mode1v3 8 | *.mode2v3 9 | !default.mode2v3 10 | *.perspectivev3 11 | !default.perspectivev3 12 | xcuserdata 13 | profile 14 | *.moved-aside 15 | DerivedData 16 | .idea/ 17 | *.hmap 18 | *.xccheckout 19 | product/ 20 | !iTunesMetadata.plist 21 | !iTunesArtwork 22 | Build/ 23 | build/ 24 | Resources/ 25 | LatestBuild/ 26 | Pods/ -------------------------------------------------------------------------------- /LatestBuild: -------------------------------------------------------------------------------- 1 | /Users/h4ck/Library/Developer/Xcode/DerivedData/csflags-fvdssgfsfopiznfqswjgutpialkm/Build/Products/Release-iphoneos -------------------------------------------------------------------------------- /Packages/net.ymlab.dev.csflags_1.0-2_iphoneos-arm.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lemon4ex/debugserverXII/e55aa2bcc9c08b55ac728c080ca205792bf2ee54/Packages/net.ymlab.dev.csflags_1.0-2_iphoneos-arm.deb -------------------------------------------------------------------------------- /Packages/net.ymlab.dev.debugserverXII_1.0-2_iphoneos-arm.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lemon4ex/debugserverXII/e55aa2bcc9c08b55ac728c080ca205792bf2ee54/Packages/net.ymlab.dev.debugserverXII_1.0-2_iphoneos-arm.deb -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### 项目简介 2 | 3 | 用于解决在`iOS12`的越狱设备上使用debugserver调试应用时出现 `Terminated due to code signing error` 的问题。 4 | 5 | 解决方案使用大神[@Morpheus______](http://twitter.com/Morpheus______)写的[QiLin(麒麟)](http://newosxbook.com/QiLin/)工具,思路参考他写的[一篇文章](http://newosxbook.com/articles/MDGA.html) 6 | 7 | * csflags: 单独的工具,只支持iOS12,[原网页](http://newosxbook.com/articles/MDGA.html)中的`csflags`貌似只支持iOS11,这里重新写一个。 8 | * debugserverXII: 包装debugserver以便绕过签名错误的问题。工具在iOS12.0 + iPhone7(iPhone9,1)下测试通过。 9 | 10 | ### 使用教程 11 | 12 | #### csflags 13 | 参考作者[原网页](http://newosxbook.com/articles/MDGA.html)的用法,这里不馈述。 14 | 15 | #### debugserverXII 16 | 将编译好的二进制文件拷贝到越狱设备`/jb/debugserverXII`中,赋予可执行权限并签名 17 | ``` 18 | iPhone-7:~ root# chmod +x /jb/debugserverXII 19 | iPhone-7:~ root# ldid -S/jb/entitlements.plist -M -K/usr/share/jailbreak/signcert.p12 /jb/debugserverXII 20 | 21 | ``` 22 | 23 | 其中,`/jb/entitlements.plist`内容如下: 24 | ``` 25 | 26 | 27 | 28 | 29 | platform-application 30 | 31 | 32 | 33 | ``` 34 | 35 | 调试时,直接执行如下代码即可: 36 | ``` 37 | iPhone-7:~ root# /jb/debugserverXII localhost:1111 -a SpringBoard 38 | ``` 39 | 40 | 注意:`debugserver`的路径必须为`/usr/bin/debugserver`,`debugserverXII`需要用到它。 41 | 42 | 由于`debugserverXII`是`debugserver`的包装,因此它可以使用的参数和`debugserver`一致。 43 | 44 | ### 已知问题 45 | 到目前为止,[QiLin(麒麟)ToolKit](http://newosxbook.com/QiLin/)默认只支持如下设备和系统,[原文地址](http://newosxbook.com/forum/viewtopic.php?f=15&t=19641): 46 | ``` 47 | //iOS 12.1.2 - iPhone X 48 | { "12.1.1", "iPhone11,2", "D331AP", "_kernproc", 0xfffffff00913c638}, 49 | { "12.1.2", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638}, 50 | { "12.1.1", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638}, 51 | 52 | 53 | { "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0}, 54 | { "12.1.2", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8}, 55 | 56 | //iOS 12.1.1 - iPhone X 57 | { "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0}, 58 | { "12.1.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8}, 59 | //iOS 12.1 - iPhone X 60 | { "12.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 61 | { "12.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 62 | //iOS 12.0.1 - iPhone X 63 | { "12.0.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 64 | { "12.0.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 65 | //iOS 12.0 - iPhone X 66 | { "12.0", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 67 | { "12.0", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 68 | 69 | //iOS 12.1.2 - iPhone 8 Plus 70 | { "12.1.2", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0}, 71 | { "12.1.2", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8}, 72 | { "12.1.2", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0}, 73 | { "12.1.2", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8}, 74 | //iOS 12.1.1 - iPhone 8 Plus 75 | { "12.1.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0}, 76 | { "12.1.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8}, 77 | { "12.1.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0}, 78 | { "12.1.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8}, 79 | //iOS 12.1 - iPhone 8 Plus 80 | { "12.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 81 | { "12.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 82 | { "12.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 83 | { "12.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 84 | //iOS 12.0.1 - iPhone 8 Plus 85 | { "12.0.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 86 | { "12.0.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 87 | { "12.0.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 88 | { "12.0.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 89 | //iOS 12.0 - iPhone 8 Plus 90 | { "12.0", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 91 | { "12.0", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 92 | { "12.0", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 93 | { "12.0", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 94 | 95 | 96 | //iOS 12.1.2 - iPhone 8 97 | { "12.1.2", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0}, 98 | { "12.1.2", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8}, 99 | { "12.1.2", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0}, 100 | { "12.1.2", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8}, 101 | //iOS 12.1.1 - iPhone 8 102 | { "12.1.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0}, 103 | { "12.1.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8}, 104 | { "12.1.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0}, 105 | { "12.1.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8}, 106 | //iOS 12.0.1 - iPhone 8 107 | { "12.0.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0}, 108 | { "12.0.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8}, 109 | { "12.0.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0}, 110 | { "12.0.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8}, 111 | //iOS 12.0 - iPhone 8 112 | { "12.0", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0}, 113 | { "12.0", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8}, 114 | { "12.0", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0}, 115 | { "12.0", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8}, 116 | 117 | 118 | //iOS 12.1.2 - iPhone X 119 | { "12.1.2", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0}, 120 | { "12.1.2", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8}, 121 | //iOS 12.1.1 - iPhone X 122 | { "12.1.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0}, 123 | { "12.1.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8}, 124 | //iOS 12.1 - iPhone X 125 | { "12.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 126 | { "12.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 127 | //iOS 12.0.1 - iPhone X 128 | { "12.0.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 129 | { "12.0.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 130 | //iOS 12.0 - iPhone X 131 | { "12.0", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 132 | { "12.0", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 133 | 134 | 135 | //iOS 12.1.2 - iPhone 8 Plus 136 | { "12.1.2", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0}, 137 | { "12.1.2", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8}, 138 | 139 | { "12.1.2", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0}, 140 | { "12.1.2", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8}, 141 | //iOS 12.1.1 - iPhone 8 Plus 142 | { "12.1.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0}, 143 | { "12.1.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8}, 144 | { "12.1.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0}, 145 | { "12.1.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8}, 146 | //iOS 12.1 - iPhone 8 Plus 147 | { "12.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 148 | { "12.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 149 | { "12.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 150 | { "12.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 151 | //iOS 12.0.1 - iPhone 8 Plus 152 | { "12.0.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 153 | { "12.0.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 154 | { "12.0.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 155 | { "12.0.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 156 | //iOS 12.0.1 - iPhone 8 Plus 157 | { "12.0", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 158 | { "12.0", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 159 | { "12.0", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 160 | { "12.0", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 161 | 162 | 163 | //iOS 12.1.2 - iPhone 8 164 | { "12.1.2", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0}, 165 | { "12.1.2", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8}, 166 | { "12.1.2", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0}, 167 | { "12.1.2", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8}, 168 | //iOS 12.1.1 - iPhone 8 169 | { "12.1.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0}, 170 | { "12.1.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8}, 171 | { "12.1.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0}, 172 | { "12.1.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8}, 173 | //iOS 12.1 - iPhone 8 174 | { "12.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 175 | { "12.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 176 | { "12.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 177 | { "12.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 178 | //iOS 12.0.1 - iPhone 8 179 | { "12.0.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 180 | { "12.0.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 181 | { "12.0.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 182 | { "12.0.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 183 | //iOS 12.0 - iPhone 8 184 | { "12.0", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 185 | { "12.0", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 186 | { "12.0", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 187 | { "12.0", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 188 | 189 | 190 | //iOS 12.1.2 - iPhone 7 Plus 191 | { "12.1.2", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 192 | { "12.1.2", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 193 | //iOS 12.1.1 - iPhone 7 Plus 194 | { "12.1.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 195 | { "12.1.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 196 | //iOS 12.1 - iPhone 7 Plus 197 | { "12.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 198 | { "12.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 199 | //iOS 12.0.1 - iPhone 7 Plus 200 | { "12.0.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 201 | { "12.0.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 202 | //iOS 12.0 - iPhone 7 Plus 203 | { "12.0", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 204 | { "12.0", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 205 | 206 | 207 | //iOS 12.1.2 - iPhone 7 208 | { "12.1.2", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 209 | { "12.1.2", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 210 | //iOS 12.1 - iPhone 7 211 | { "12.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff00766a0c0}, 212 | { "12.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 213 | //iOS 12.1.1 - iPhone 7 214 | { "12.1.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 215 | { "12.1.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 216 | //iOS 12.0.1 - iPhone 7 217 | { "12.0.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 218 | { "12.0.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 219 | //iOS 12.0 - iPhone 7 220 | { "12.0", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 221 | { "12.0", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 222 | 223 | 224 | //iOS 12.1.2 - iPhone 7 Plus 225 | { "12.1.2", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 226 | { "12.1.2", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 227 | //iOS 12.1.1 - iPhone 7 Plus 228 | { "12.1.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 229 | { "12.1.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 230 | //iOS 12.1 - iPhone 7 Plus 231 | { "12.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 232 | { "12.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 233 | //iOS 12.0.1 - iPhone 7 Plus 234 | { "12.0.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 235 | { "12.0.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 236 | //iOS 12.0 - iPhone 7 Plus 237 | { "12.0", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 238 | { "12.0", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 239 | 240 | 241 | //iOS 12.1.2 - iPhone 7 242 | { "12.1.2", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 243 | { "12.1.2", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 244 | //iOS 12.1.1 - iPhone 7 245 | { "12.1.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 246 | { "12.1.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 247 | //iOS 12.1 - iPhone 7 248 | { "12.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 249 | { "12.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 250 | //iOS 12.0.1 - iPhone 7 251 | { "12.0.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 252 | { "12.0.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 253 | //iOS 12.0 - iPhone 7 254 | { "12.0", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 255 | { "12.0", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 256 | 257 | 258 | //iOS 12.1.2 - iPhone SE 259 | { "12.1.2", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 260 | { "12.1.2", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 261 | { "12.1.2", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 262 | { "12.1.2", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 263 | //iOS 12.1.1 - iPhone SE 264 | { "12.1.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 265 | { "12.1.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 266 | { "12.1.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 267 | { "12.1.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 268 | //iOS 12.1 - iPhone SE 269 | { "12.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 270 | { "12.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 271 | { "12.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 272 | { "12.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 273 | //iOS 12.0.1 - iPhone SE 274 | { "12.0.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 275 | { "12.0.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 276 | { "12.0.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 277 | { "12.0.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 278 | //iOS 12.0 - iPhone SE 279 | { "12.0", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 280 | { "12.0", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 281 | { "12.0", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 282 | { "12.0", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 283 | ``` 284 | 如果需要支持自己手中的设备,要么直接联系作者添加支持,要么就使用[jtool2](http://newosxbook.com/tools/jtool2.tgz)获取到自己设备对应内核的`_kernproc`函数地址,然后代码中调用`void setKernelSymbol (char *Symbol, uint64_t Address);`来设定符号`_kernproc`。 285 | 286 | > And you have debugging again :-) -------------------------------------------------------------------------------- /csflags.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 50; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | C9B78E72225AEF2F004B25EC /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = C9B78E71225AEF2F004B25EC /* main.m */; }; 11 | C9B78E7A225AF06F004B25EC /* qilin12.o in Frameworks */ = {isa = PBXBuildFile; fileRef = C9B78E79225AF06F004B25EC /* qilin12.o */; }; 12 | C9B78E7F225AF4A2004B25EC /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9B78E7E225AF4A1004B25EC /* CoreFoundation.framework */; }; 13 | C9B78E81225AF4C1004B25EC /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9B78E80225AF4C1004B25EC /* Foundation.framework */; }; 14 | C9B78E89225B341D004B25EC /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9B78E80225AF4C1004B25EC /* Foundation.framework */; }; 15 | C9B78E9A225B341D004B25EC /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = C9B78E99225B341D004B25EC /* main.m */; }; 16 | C9B78E9E225B34AF004B25EC /* qilin12.o in Frameworks */ = {isa = PBXBuildFile; fileRef = C9B78E79225AF06F004B25EC /* qilin12.o */; }; 17 | /* End PBXBuildFile section */ 18 | 19 | /* Begin PBXFileReference section */ 20 | C9B78E60225AEF2F004B25EC /* csflags */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = csflags; sourceTree = BUILT_PRODUCTS_DIR; }; 21 | C9B78E65225AEF2F004B25EC /* preinst */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = preinst; path = Package/DEBIAN/preinst; sourceTree = ""; }; 22 | C9B78E66225AEF2F004B25EC /* postinst */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = postinst; path = Package/DEBIAN/postinst; sourceTree = ""; }; 23 | C9B78E67225AEF2F004B25EC /* postrm */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = postrm; path = Package/DEBIAN/postrm; sourceTree = ""; }; 24 | C9B78E68225AEF2F004B25EC /* prerm */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = prerm; path = Package/DEBIAN/prerm; sourceTree = ""; }; 25 | C9B78E69225AEF2F004B25EC /* control */ = {isa = PBXFileReference; lastKnownFileType = text; name = control; path = Package/DEBIAN/control; sourceTree = ""; }; 26 | C9B78E6A225AEF2F004B25EC /* control.txt */ = {isa = PBXFileReference; lastKnownFileType = text; name = control.txt; path = Package/DEBIAN/control.txt; sourceTree = ""; }; 27 | C9B78E6C225AEF2F004B25EC /* PackageVersion.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = PackageVersion.plist; sourceTree = ""; }; 28 | C9B78E6D225AEF2F004B25EC /* csflags-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "csflags-Prefix.pch"; sourceTree = ""; }; 29 | C9B78E70225AEF2F004B25EC /* 0xdeadfa11 */ = {isa = PBXFileReference; lastKnownFileType = text; name = 0xdeadfa11; path = Package/usr/bin/0xdeadfa11; sourceTree = ""; }; 30 | C9B78E71225AEF2F004B25EC /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 31 | C9B78E78225AEF53004B25EC /* QiLin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = QiLin.h; sourceTree = ""; }; 32 | C9B78E79225AF06F004B25EC /* qilin12.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = qilin12.o; sourceTree = ""; }; 33 | C9B78E7C225AF449004B25EC /* UIKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = UIKit.framework; path = System/Library/Frameworks/UIKit.framework; sourceTree = SDKROOT; }; 34 | C9B78E7E225AF4A1004B25EC /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; 35 | C9B78E80225AF4C1004B25EC /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; 36 | C9B78E82225AFB71004B25EC /* Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Entitlements.plist; sourceTree = ""; }; 37 | C9B78E88225B341D004B25EC /* debugserverXII */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = debugserverXII; sourceTree = BUILT_PRODUCTS_DIR; }; 38 | C9B78E8D225B341D004B25EC /* preinst */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = preinst; path = Package/DEBIAN/preinst; sourceTree = ""; }; 39 | C9B78E8E225B341D004B25EC /* postinst */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = postinst; path = Package/DEBIAN/postinst; sourceTree = ""; }; 40 | C9B78E8F225B341D004B25EC /* postrm */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = postrm; path = Package/DEBIAN/postrm; sourceTree = ""; }; 41 | C9B78E90225B341D004B25EC /* prerm */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = prerm; path = Package/DEBIAN/prerm; sourceTree = ""; }; 42 | C9B78E91225B341D004B25EC /* control */ = {isa = PBXFileReference; lastKnownFileType = text; name = control; path = Package/DEBIAN/control; sourceTree = ""; }; 43 | C9B78E92225B341D004B25EC /* control.txt */ = {isa = PBXFileReference; lastKnownFileType = text; name = control.txt; path = Package/DEBIAN/control.txt; sourceTree = ""; }; 44 | C9B78E94225B341D004B25EC /* PackageVersion.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = PackageVersion.plist; sourceTree = ""; }; 45 | C9B78E95225B341D004B25EC /* debugserverXII-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "debugserverXII-Prefix.pch"; sourceTree = ""; }; 46 | C9B78E98225B341D004B25EC /* 0xdeadfa11 */ = {isa = PBXFileReference; lastKnownFileType = text; name = 0xdeadfa11; path = Package/usr/bin/0xdeadfa11; sourceTree = ""; }; 47 | C9B78E99225B341D004B25EC /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 48 | /* End PBXFileReference section */ 49 | 50 | /* Begin PBXFrameworksBuildPhase section */ 51 | C9B78E5D225AEF2F004B25EC /* Frameworks */ = { 52 | isa = PBXFrameworksBuildPhase; 53 | buildActionMask = 2147483647; 54 | files = ( 55 | C9B78E81225AF4C1004B25EC /* Foundation.framework in Frameworks */, 56 | C9B78E7F225AF4A2004B25EC /* CoreFoundation.framework in Frameworks */, 57 | C9B78E7A225AF06F004B25EC /* qilin12.o in Frameworks */, 58 | ); 59 | runOnlyForDeploymentPostprocessing = 0; 60 | }; 61 | C9B78E85225B341D004B25EC /* Frameworks */ = { 62 | isa = PBXFrameworksBuildPhase; 63 | buildActionMask = 2147483647; 64 | files = ( 65 | C9B78E89225B341D004B25EC /* Foundation.framework in Frameworks */, 66 | C9B78E9E225B34AF004B25EC /* qilin12.o in Frameworks */, 67 | ); 68 | runOnlyForDeploymentPostprocessing = 0; 69 | }; 70 | /* End PBXFrameworksBuildPhase section */ 71 | 72 | /* Begin PBXGroup section */ 73 | C9B78E56225AEF2F004B25EC = { 74 | isa = PBXGroup; 75 | children = ( 76 | C9B78E62225AEF2F004B25EC /* csflags */, 77 | C9B78E8A225B341D004B25EC /* debugserverXII */, 78 | C9B78E61225AEF2F004B25EC /* Products */, 79 | C9B78E7B225AF449004B25EC /* Frameworks */, 80 | ); 81 | sourceTree = ""; 82 | }; 83 | C9B78E61225AEF2F004B25EC /* Products */ = { 84 | isa = PBXGroup; 85 | children = ( 86 | C9B78E60225AEF2F004B25EC /* csflags */, 87 | C9B78E88225B341D004B25EC /* debugserverXII */, 88 | ); 89 | name = Products; 90 | sourceTree = ""; 91 | }; 92 | C9B78E62225AEF2F004B25EC /* csflags */ = { 93 | isa = PBXGroup; 94 | children = ( 95 | C9B78E78225AEF53004B25EC /* QiLin.h */, 96 | C9B78E79225AF06F004B25EC /* qilin12.o */, 97 | C9B78E71225AEF2F004B25EC /* main.m */, 98 | C9B78E82225AFB71004B25EC /* Entitlements.plist */, 99 | C9B78E63225AEF2F004B25EC /* Package */, 100 | C9B78E6B225AEF2F004B25EC /* Supporting Files */, 101 | ); 102 | path = csflags; 103 | sourceTree = ""; 104 | }; 105 | C9B78E63225AEF2F004B25EC /* Package */ = { 106 | isa = PBXGroup; 107 | children = ( 108 | C9B78E64225AEF2F004B25EC /* DEBIAN */, 109 | C9B78E6E225AEF2F004B25EC /* usr */, 110 | ); 111 | name = Package; 112 | sourceTree = ""; 113 | }; 114 | C9B78E64225AEF2F004B25EC /* DEBIAN */ = { 115 | isa = PBXGroup; 116 | children = ( 117 | C9B78E65225AEF2F004B25EC /* preinst */, 118 | C9B78E66225AEF2F004B25EC /* postinst */, 119 | C9B78E67225AEF2F004B25EC /* postrm */, 120 | C9B78E68225AEF2F004B25EC /* prerm */, 121 | C9B78E69225AEF2F004B25EC /* control */, 122 | C9B78E6A225AEF2F004B25EC /* control.txt */, 123 | ); 124 | name = DEBIAN; 125 | sourceTree = ""; 126 | }; 127 | C9B78E6B225AEF2F004B25EC /* Supporting Files */ = { 128 | isa = PBXGroup; 129 | children = ( 130 | C9B78E6C225AEF2F004B25EC /* PackageVersion.plist */, 131 | C9B78E6D225AEF2F004B25EC /* csflags-Prefix.pch */, 132 | ); 133 | name = "Supporting Files"; 134 | sourceTree = ""; 135 | }; 136 | C9B78E6E225AEF2F004B25EC /* usr */ = { 137 | isa = PBXGroup; 138 | children = ( 139 | C9B78E6F225AEF2F004B25EC /* bin */, 140 | ); 141 | name = usr; 142 | sourceTree = ""; 143 | }; 144 | C9B78E6F225AEF2F004B25EC /* bin */ = { 145 | isa = PBXGroup; 146 | children = ( 147 | C9B78E70225AEF2F004B25EC /* 0xdeadfa11 */, 148 | ); 149 | name = bin; 150 | sourceTree = ""; 151 | }; 152 | C9B78E7B225AF449004B25EC /* Frameworks */ = { 153 | isa = PBXGroup; 154 | children = ( 155 | C9B78E80225AF4C1004B25EC /* Foundation.framework */, 156 | C9B78E7E225AF4A1004B25EC /* CoreFoundation.framework */, 157 | C9B78E7C225AF449004B25EC /* UIKit.framework */, 158 | ); 159 | name = Frameworks; 160 | sourceTree = ""; 161 | }; 162 | C9B78E8A225B341D004B25EC /* debugserverXII */ = { 163 | isa = PBXGroup; 164 | children = ( 165 | C9B78E99225B341D004B25EC /* main.m */, 166 | C9B78E8B225B341D004B25EC /* Package */, 167 | C9B78E93225B341D004B25EC /* Supporting Files */, 168 | ); 169 | path = debugserverXII; 170 | sourceTree = ""; 171 | }; 172 | C9B78E8B225B341D004B25EC /* Package */ = { 173 | isa = PBXGroup; 174 | children = ( 175 | C9B78E8C225B341D004B25EC /* DEBIAN */, 176 | C9B78E96225B341D004B25EC /* usr */, 177 | ); 178 | name = Package; 179 | sourceTree = ""; 180 | }; 181 | C9B78E8C225B341D004B25EC /* DEBIAN */ = { 182 | isa = PBXGroup; 183 | children = ( 184 | C9B78E8D225B341D004B25EC /* preinst */, 185 | C9B78E8E225B341D004B25EC /* postinst */, 186 | C9B78E8F225B341D004B25EC /* postrm */, 187 | C9B78E90225B341D004B25EC /* prerm */, 188 | C9B78E91225B341D004B25EC /* control */, 189 | C9B78E92225B341D004B25EC /* control.txt */, 190 | ); 191 | name = DEBIAN; 192 | sourceTree = ""; 193 | }; 194 | C9B78E93225B341D004B25EC /* Supporting Files */ = { 195 | isa = PBXGroup; 196 | children = ( 197 | C9B78E94225B341D004B25EC /* PackageVersion.plist */, 198 | C9B78E95225B341D004B25EC /* debugserverXII-Prefix.pch */, 199 | ); 200 | name = "Supporting Files"; 201 | sourceTree = ""; 202 | }; 203 | C9B78E96225B341D004B25EC /* usr */ = { 204 | isa = PBXGroup; 205 | children = ( 206 | C9B78E97225B341D004B25EC /* bin */, 207 | ); 208 | name = usr; 209 | sourceTree = ""; 210 | }; 211 | C9B78E97225B341D004B25EC /* bin */ = { 212 | isa = PBXGroup; 213 | children = ( 214 | C9B78E98225B341D004B25EC /* 0xdeadfa11 */, 215 | ); 216 | name = bin; 217 | sourceTree = ""; 218 | }; 219 | /* End PBXGroup section */ 220 | 221 | /* Begin PBXNativeTarget section */ 222 | C9B78E5F225AEF2F004B25EC /* csflags */ = { 223 | isa = PBXNativeTarget; 224 | buildConfigurationList = C9B78E75225AEF2F004B25EC /* Build configuration list for PBXNativeTarget "csflags" */; 225 | buildPhases = ( 226 | C9B78E5B225AEF2F004B25EC /* ShellScript */, 227 | C9B78E5C225AEF2F004B25EC /* Sources */, 228 | C9B78E5D225AEF2F004B25EC /* Frameworks */, 229 | C9B78E5E225AEF2F004B25EC /* ShellScript */, 230 | ); 231 | buildRules = ( 232 | ); 233 | dependencies = ( 234 | ); 235 | name = csflags; 236 | productName = csflags; 237 | productReference = C9B78E60225AEF2F004B25EC /* csflags */; 238 | productType = "com.apple.product-type.tool"; 239 | }; 240 | C9B78E87225B341D004B25EC /* debugserverXII */ = { 241 | isa = PBXNativeTarget; 242 | buildConfigurationList = C9B78E9B225B341D004B25EC /* Build configuration list for PBXNativeTarget "debugserverXII" */; 243 | buildPhases = ( 244 | C9B78E83225B341D004B25EC /* ShellScript */, 245 | C9B78E84225B341D004B25EC /* Sources */, 246 | C9B78E85225B341D004B25EC /* Frameworks */, 247 | C9B78E86225B341D004B25EC /* ShellScript */, 248 | ); 249 | buildRules = ( 250 | ); 251 | dependencies = ( 252 | ); 253 | name = debugserverXII; 254 | productName = debugserverXII; 255 | productReference = C9B78E88225B341D004B25EC /* debugserverXII */; 256 | productType = "com.apple.product-type.tool"; 257 | }; 258 | /* End PBXNativeTarget section */ 259 | 260 | /* Begin PBXProject section */ 261 | C9B78E57225AEF2F004B25EC /* Project object */ = { 262 | isa = PBXProject; 263 | attributes = { 264 | LastUpgradeCheck = 0940; 265 | TargetAttributes = { 266 | C9B78E5F225AEF2F004B25EC = { 267 | CreatedOnToolsVersion = 9.4.1; 268 | }; 269 | C9B78E87225B341D004B25EC = { 270 | CreatedOnToolsVersion = 9.4.1; 271 | }; 272 | }; 273 | }; 274 | buildConfigurationList = C9B78E5A225AEF2F004B25EC /* Build configuration list for PBXProject "csflags" */; 275 | compatibilityVersion = "Xcode 9.3"; 276 | developmentRegion = en; 277 | hasScannedForEncodings = 0; 278 | knownRegions = ( 279 | en, 280 | ); 281 | mainGroup = C9B78E56225AEF2F004B25EC; 282 | productRefGroup = C9B78E61225AEF2F004B25EC /* Products */; 283 | projectDirPath = ""; 284 | projectRoot = ""; 285 | targets = ( 286 | C9B78E5F225AEF2F004B25EC /* csflags */, 287 | C9B78E87225B341D004B25EC /* debugserverXII */, 288 | ); 289 | }; 290 | /* End PBXProject section */ 291 | 292 | /* Begin PBXShellScriptBuildPhase section */ 293 | C9B78E5B225AEF2F004B25EC /* ShellScript */ = { 294 | isa = PBXShellScriptBuildPhase; 295 | buildActionMask = 2147483647; 296 | files = ( 297 | ); 298 | inputPaths = ( 299 | ); 300 | outputPaths = ( 301 | ); 302 | runOnlyForDeploymentPostprocessing = 0; 303 | shellPath = /bin/sh; 304 | shellScript = "#!/bin/sh\n\n# rm -rf \"${PROJECT_DIR}/${TARGET_NAME}/Package/usr/bin/*\"\n# cp -rf \"${BUILD_DIR}/${CONFIGURATION}-iphoneos/PalmRiskSvr\" \"${PROJECT_DIR}/${TARGET_NAME}/Package/usr/bin/\"\n\n# 自动更新deb包版本号\necho $CONFIGURATION\nif [ \"Release\" == \"${CONFIGURATION}\" ]\nthen\npackInfoPlist=\"${PROJECT_DIR}/${TARGET_NAME}/PackageVersion.plist\"\nbuildNumber=$(/usr/libexec/PlistBuddy -c \"Print PackageRevision\" \"${packInfoPlist}\")\nbuildNumber=$(($buildNumber + 1))\n/usr/libexec/PlistBuddy -c \"Set :PackageRevision $buildNumber\" \"${packInfoPlist}\"\necho \"build number increase\"\nfi"; 305 | }; 306 | C9B78E5E225AEF2F004B25EC /* ShellScript */ = { 307 | isa = PBXShellScriptBuildPhase; 308 | buildActionMask = 2147483647; 309 | files = ( 310 | ); 311 | inputPaths = ( 312 | ); 313 | outputPaths = ( 314 | ); 315 | runOnlyForDeploymentPostprocessing = 0; 316 | shellPath = /bin/sh; 317 | shellScript = "/opt/EasyDev/bin/ed --xcbp"; 318 | }; 319 | C9B78E83225B341D004B25EC /* ShellScript */ = { 320 | isa = PBXShellScriptBuildPhase; 321 | buildActionMask = 2147483647; 322 | files = ( 323 | ); 324 | inputPaths = ( 325 | ); 326 | outputPaths = ( 327 | ); 328 | runOnlyForDeploymentPostprocessing = 0; 329 | shellPath = /bin/sh; 330 | shellScript = "#!/bin/sh\n\n# rm -rf \"${PROJECT_DIR}/${TARGET_NAME}/Package/usr/bin/*\"\n# cp -rf \"${BUILD_DIR}/${CONFIGURATION}-iphoneos/PalmRiskSvr\" \"${PROJECT_DIR}/${TARGET_NAME}/Package/usr/bin/\"\n\n# 自动更新deb包版本号\necho $CONFIGURATION\nif [ \"Release\" == \"${CONFIGURATION}\" ]\nthen\npackInfoPlist=\"${PROJECT_DIR}/${TARGET_NAME}/PackageVersion.plist\"\nbuildNumber=$(/usr/libexec/PlistBuddy -c \"Print PackageRevision\" \"${packInfoPlist}\")\nbuildNumber=$(($buildNumber + 1))\n/usr/libexec/PlistBuddy -c \"Set :PackageRevision $buildNumber\" \"${packInfoPlist}\"\necho \"build number increase\"\nfi"; 331 | }; 332 | C9B78E86225B341D004B25EC /* ShellScript */ = { 333 | isa = PBXShellScriptBuildPhase; 334 | buildActionMask = 2147483647; 335 | files = ( 336 | ); 337 | inputPaths = ( 338 | ); 339 | outputPaths = ( 340 | ); 341 | runOnlyForDeploymentPostprocessing = 0; 342 | shellPath = /bin/sh; 343 | shellScript = "/opt/EasyDev/bin/ed --xcbp"; 344 | }; 345 | /* End PBXShellScriptBuildPhase section */ 346 | 347 | /* Begin PBXSourcesBuildPhase section */ 348 | C9B78E5C225AEF2F004B25EC /* Sources */ = { 349 | isa = PBXSourcesBuildPhase; 350 | buildActionMask = 2147483647; 351 | files = ( 352 | C9B78E72225AEF2F004B25EC /* main.m in Sources */, 353 | ); 354 | runOnlyForDeploymentPostprocessing = 0; 355 | }; 356 | C9B78E84225B341D004B25EC /* Sources */ = { 357 | isa = PBXSourcesBuildPhase; 358 | buildActionMask = 2147483647; 359 | files = ( 360 | C9B78E9A225B341D004B25EC /* main.m in Sources */, 361 | ); 362 | runOnlyForDeploymentPostprocessing = 0; 363 | }; 364 | /* End PBXSourcesBuildPhase section */ 365 | 366 | /* Begin XCBuildConfiguration section */ 367 | C9B78E73225AEF2F004B25EC /* Release */ = { 368 | isa = XCBuildConfiguration; 369 | buildSettings = { 370 | CLANG_ENABLE_OBJC_ARC = YES; 371 | CODE_SIGN_IDENTITY = "iPhone Developer"; 372 | COPY_PHASE_STRIP = YES; 373 | DEPLOYMENT_POSTPROCESSING = YES; 374 | ENABLE_BITCODE = NO; 375 | EXCLUDED_RECURSIVE_SEARCH_PATH_SUBDIRECTORIES = "*.nib *.lproj *.gch (*) .DS_Store CVS .svn .git .hg *.xcodeproj *.xcode *.pbproj *.pbxproj"; 376 | EasyDevPath = /opt/EasyDev; 377 | EasyDevTheosPath = /opt/theos; 378 | FRAMEWORK_SEARCH_PATHS = ( 379 | "$(inherited)", 380 | "$(EasyDevPath)/frameworks", 381 | "$(EasyDevTheosPath)/vendor/lib", 382 | ); 383 | GCC_C_LANGUAGE_STANDARD = gnu99; 384 | GCC_SYMBOLS_PRIVATE_EXTERN = YES; 385 | GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; 386 | GCC_WARN_ABOUT_RETURN_TYPE = YES; 387 | GCC_WARN_UNUSED_VARIABLE = YES; 388 | HEADER_SEARCH_PATHS = ( 389 | "$(inherited)", 390 | "$(EasyDevPath)/include", 391 | "$(EasyDevTheosPath)/vendor/include", 392 | ); 393 | IPHONEOS_DEPLOYMENT_TARGET = 8.0; 394 | LIBRARY_SEARCH_PATHS = ( 395 | "$(inherited)", 396 | "$(EasyDevTheosPath)/vendor/lib", 397 | ); 398 | ONLY_ACTIVE_ARCH = NO; 399 | SDKROOT = iphoneos; 400 | TARGETED_DEVICE_FAMILY = "1,2"; 401 | VALIDATE_PRODUCT = YES; 402 | }; 403 | name = Release; 404 | }; 405 | C9B78E74225AEF2F004B25EC /* Debug */ = { 406 | isa = XCBuildConfiguration; 407 | buildSettings = { 408 | CLANG_ENABLE_OBJC_ARC = YES; 409 | CODE_SIGN_IDENTITY = "iPhone Developer"; 410 | COPY_PHASE_STRIP = NO; 411 | ENABLE_BITCODE = NO; 412 | EXCLUDED_RECURSIVE_SEARCH_PATH_SUBDIRECTORIES = "*.nib *.lproj *.gch (*) .DS_Store CVS .svn .git .hg *.xcodeproj *.xcode *.pbproj *.pbxproj"; 413 | EasyDevPath = /opt/EasyDev; 414 | EasyDevTheosPath = /opt/theos; 415 | FRAMEWORK_SEARCH_PATHS = ( 416 | "$(inherited)", 417 | "$(EasyDevPath)/frameworks", 418 | "$(EasyDevTheosPath)/vendor/lib", 419 | ); 420 | GCC_C_LANGUAGE_STANDARD = gnu99; 421 | GCC_DYNAMIC_NO_PIC = NO; 422 | GCC_OPTIMIZATION_LEVEL = 0; 423 | GCC_PREPROCESSOR_DEFINITIONS = ( 424 | "DEBUG=1", 425 | "$(inherited)", 426 | ); 427 | GCC_SYMBOLS_PRIVATE_EXTERN = NO; 428 | GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; 429 | GCC_WARN_ABOUT_RETURN_TYPE = YES; 430 | GCC_WARN_UNUSED_VARIABLE = YES; 431 | HEADER_SEARCH_PATHS = ( 432 | "$(inherited)", 433 | "$(EasyDevPath)/include", 434 | "$(EasyDevTheosPath)/vendor/include", 435 | ); 436 | IPHONEOS_DEPLOYMENT_TARGET = 8.0; 437 | LIBRARY_SEARCH_PATHS = ( 438 | "$(inherited)", 439 | "$(EasyDevTheosPath)/vendor/lib", 440 | ); 441 | ONLY_ACTIVE_ARCH = YES; 442 | SDKROOT = iphoneos; 443 | TARGETED_DEVICE_FAMILY = "1,2"; 444 | VALIDATE_PRODUCT = NO; 445 | }; 446 | name = Debug; 447 | }; 448 | C9B78E76225AEF2F004B25EC /* Release */ = { 449 | isa = XCBuildConfiguration; 450 | buildSettings = { 451 | CODE_SIGN_ENTITLEMENTS = csflags/Entitlements.plist; 452 | CODE_SIGN_IDENTITY = "iPhone Developer"; 453 | CODE_SIGN_STYLE = Automatic; 454 | DEVELOPMENT_TEAM = 9B8J3GNFE6; 455 | ENABLE_BITCODE = NO; 456 | EasyDevAlsoBuildZipPackageOnAnyBuild = NO; 457 | EasyDevBuildPackageOnAnyBuild = NO; 458 | EasyDevClearUiCacheOnInstall = NO; 459 | EasyDevCopyExecutableOnAnyBuild = NO; 460 | EasyDevDeviceIP = ""; 461 | EasyDevDevicePort = ""; 462 | EasyDevInstallOnAnyBuild = NO; 463 | EasyDevInstallOnProfiling = NO; 464 | EasyDevKillProcessName = ""; 465 | EasyDevKillProcessOnInstall = NO; 466 | EasyDevUsePackageVersionPList = YES; 467 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 468 | GCC_PREFIX_HEADER = "csflags/csflags-Prefix.pch"; 469 | INSTALL_PATH = /usr/bin; 470 | IPHONEOS_DEPLOYMENT_TARGET = 11.4; 471 | PRODUCT_NAME = "$(TARGET_NAME)"; 472 | TARGETED_DEVICE_FAMILY = "1,2"; 473 | VALID_ARCHS = arm64; 474 | }; 475 | name = Release; 476 | }; 477 | C9B78E77225AEF2F004B25EC /* Debug */ = { 478 | isa = XCBuildConfiguration; 479 | buildSettings = { 480 | CODE_SIGN_ENTITLEMENTS = csflags/Entitlements.plist; 481 | CODE_SIGN_IDENTITY = "iPhone Developer"; 482 | CODE_SIGN_STYLE = Automatic; 483 | DEVELOPMENT_TEAM = 9B8J3GNFE6; 484 | ENABLE_BITCODE = NO; 485 | EasyDevAlsoBuildZipPackageOnAnyBuild = NO; 486 | EasyDevBuildPackageOnAnyBuild = NO; 487 | EasyDevClearUiCacheOnInstall = NO; 488 | EasyDevCopyExecutableOnAnyBuild = NO; 489 | EasyDevDeviceIP = ""; 490 | EasyDevDevicePort = ""; 491 | EasyDevInstallOnAnyBuild = NO; 492 | EasyDevInstallOnProfiling = NO; 493 | EasyDevKillProcessName = ""; 494 | EasyDevKillProcessOnInstall = NO; 495 | EasyDevUsePackageVersionPList = YES; 496 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 497 | GCC_PREFIX_HEADER = "csflags/csflags-Prefix.pch"; 498 | INSTALL_PATH = /usr/bin; 499 | IPHONEOS_DEPLOYMENT_TARGET = 11.4; 500 | PRODUCT_NAME = "$(TARGET_NAME)"; 501 | TARGETED_DEVICE_FAMILY = "1,2"; 502 | VALID_ARCHS = arm64; 503 | }; 504 | name = Debug; 505 | }; 506 | C9B78E9C225B341D004B25EC /* Release */ = { 507 | isa = XCBuildConfiguration; 508 | buildSettings = { 509 | CODE_SIGN_ENTITLEMENTS = csflags/Entitlements.plist; 510 | CODE_SIGN_IDENTITY = "iPhone Developer"; 511 | CODE_SIGN_STYLE = Automatic; 512 | DEVELOPMENT_TEAM = 9B8J3GNFE6; 513 | ENABLE_BITCODE = NO; 514 | EasyDevAlsoBuildZipPackageOnAnyBuild = NO; 515 | EasyDevBuildPackageOnAnyBuild = NO; 516 | EasyDevClearUiCacheOnInstall = NO; 517 | EasyDevCopyExecutableOnAnyBuild = NO; 518 | EasyDevDeviceIP = ""; 519 | EasyDevDevicePort = ""; 520 | EasyDevInstallOnAnyBuild = NO; 521 | EasyDevInstallOnProfiling = NO; 522 | EasyDevKillProcessName = ""; 523 | EasyDevKillProcessOnInstall = NO; 524 | EasyDevUsePackageVersionPList = YES; 525 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 526 | GCC_PREFIX_HEADER = "debugserverXII/debugserverXII-Prefix.pch"; 527 | INSTALL_PATH = /usr/bin; 528 | PRODUCT_NAME = "$(TARGET_NAME)"; 529 | TARGETED_DEVICE_FAMILY = "1,2"; 530 | VALID_ARCHS = arm64; 531 | }; 532 | name = Release; 533 | }; 534 | C9B78E9D225B341D004B25EC /* Debug */ = { 535 | isa = XCBuildConfiguration; 536 | buildSettings = { 537 | CODE_SIGN_ENTITLEMENTS = csflags/Entitlements.plist; 538 | CODE_SIGN_IDENTITY = "iPhone Developer"; 539 | CODE_SIGN_STYLE = Automatic; 540 | DEVELOPMENT_TEAM = 9B8J3GNFE6; 541 | ENABLE_BITCODE = NO; 542 | EasyDevAlsoBuildZipPackageOnAnyBuild = NO; 543 | EasyDevBuildPackageOnAnyBuild = NO; 544 | EasyDevClearUiCacheOnInstall = NO; 545 | EasyDevCopyExecutableOnAnyBuild = NO; 546 | EasyDevDeviceIP = ""; 547 | EasyDevDevicePort = ""; 548 | EasyDevInstallOnAnyBuild = NO; 549 | EasyDevInstallOnProfiling = NO; 550 | EasyDevKillProcessName = ""; 551 | EasyDevKillProcessOnInstall = NO; 552 | EasyDevUsePackageVersionPList = YES; 553 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 554 | GCC_PREFIX_HEADER = "debugserverXII/debugserverXII-Prefix.pch"; 555 | INSTALL_PATH = /usr/bin; 556 | PRODUCT_NAME = "$(TARGET_NAME)"; 557 | TARGETED_DEVICE_FAMILY = "1,2"; 558 | VALID_ARCHS = arm64; 559 | }; 560 | name = Debug; 561 | }; 562 | /* End XCBuildConfiguration section */ 563 | 564 | /* Begin XCConfigurationList section */ 565 | C9B78E5A225AEF2F004B25EC /* Build configuration list for PBXProject "csflags" */ = { 566 | isa = XCConfigurationList; 567 | buildConfigurations = ( 568 | C9B78E73225AEF2F004B25EC /* Release */, 569 | C9B78E74225AEF2F004B25EC /* Debug */, 570 | ); 571 | defaultConfigurationIsVisible = 0; 572 | defaultConfigurationName = Release; 573 | }; 574 | C9B78E75225AEF2F004B25EC /* Build configuration list for PBXNativeTarget "csflags" */ = { 575 | isa = XCConfigurationList; 576 | buildConfigurations = ( 577 | C9B78E76225AEF2F004B25EC /* Release */, 578 | C9B78E77225AEF2F004B25EC /* Debug */, 579 | ); 580 | defaultConfigurationIsVisible = 0; 581 | defaultConfigurationName = Release; 582 | }; 583 | C9B78E9B225B341D004B25EC /* Build configuration list for PBXNativeTarget "debugserverXII" */ = { 584 | isa = XCConfigurationList; 585 | buildConfigurations = ( 586 | C9B78E9C225B341D004B25EC /* Release */, 587 | C9B78E9D225B341D004B25EC /* Debug */, 588 | ); 589 | defaultConfigurationIsVisible = 0; 590 | defaultConfigurationName = Release; 591 | }; 592 | /* End XCConfigurationList section */ 593 | }; 594 | rootObject = C9B78E57225AEF2F004B25EC /* Project object */; 595 | } 596 | -------------------------------------------------------------------------------- /csflags.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /csflags.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | IDEDidComputeMac32BitWarning 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /csflags.xcodeproj/xcuserdata/h4ck.xcuserdatad/xcschemes/xcschememanagement.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SchemeUserState 6 | 7 | csflags.xcscheme 8 | 9 | orderHint 10 | 0 11 | 12 | debugserverXII.xcscheme 13 | 14 | orderHint 15 | 1 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /csflags/Entitlements.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | platform-application 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /csflags/Package/DEBIAN/control: -------------------------------------------------------------------------------- 1 | Package: net.ymlab.dev.csflags 2 | Name: csflags 3 | Version: 1.0-2 4 | Description: 5 | Section: System 6 | Depends: firmware (>= 7.0) 7 | Conflicts: 8 | Replaces: 9 | Priority: optional 10 | Architecture: iphoneos-arm 11 | Author: h4ck 12 | dev: 13 | Homepage: 14 | Depiction: 15 | Maintainer: 16 | Icon: 17 | 18 | -------------------------------------------------------------------------------- /csflags/Package/DEBIAN/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | chown root:wheel /usr/bin/csflags 4 | chmod 755 /usr/bin/csflags 5 | 6 | exit 0 7 | -------------------------------------------------------------------------------- /csflags/Package/DEBIAN/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed AFTER the Debian package is REMOVED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /csflags/Package/DEBIAN/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed BEFORE the Debian package is INSTALLED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /csflags/Package/DEBIAN/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed BEFORE the Debian package is REMOVED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /csflags/Package/usr/bin/csflags: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lemon4ex/debugserverXII/e55aa2bcc9c08b55ac728c080ca205792bf2ee54/csflags/Package/usr/bin/csflags -------------------------------------------------------------------------------- /csflags/PackageVersion.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | BugFix 6 | 7 | Major 8 | 1 9 | Minor 10 | 0 11 | PackageRevision 12 | 2 13 | Stage 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /csflags/QiLin.h: -------------------------------------------------------------------------------- 1 | // 2 | // jjt.h 3 | // QiLin 4 | // 5 | // Created by JL on 12/7/17. 6 | // Copyright 漏 2017 NewOSXBook. All rights reserved. 7 | 8 | // Revision 3: Added spawnAndPlatformize(), 9 | // moved to posix_spawn() implementation for exec() family 10 | // actually exported the set*Reporter functions (formerly ErrorHandler.. etc - 11 | // "Reporter" is more accurate, because they allow you to propagate messages to 12 | // a GUI. 13 | // 14 | // Revision 4: Added kexec (executeInKernel) 15 | // 16 | // Revision 5: KMR/KMW (Kernel memory read/write) functions weren't exported! Oops! 17 | // 18 | // Revision 6: RootFS mount, fixed bug in getting symbols (no longer needs setKernelSymbol) 19 | // and added respring 20 | // and also added uint64_t getVnodeByPathName (char *Path) ; 21 | // 22 | // (Almost) free to use (ABSE) per the license in http://NewOSXBook.com/QiLin/ 23 | // 24 | // Remember to give credit where due and please tweet with #QiLin 25 | // so others can quickly find your JailBreak or other project. 26 | // 27 | 28 | #if 0 29 | Johnny's (semi) open source license, v0.4 30 | ----------------------------------------- 31 | 32 | This is (well, will be, at the time of writing) open source, and I can't but appeal to your sense of decency. 33 | You might try compile this and try to pass it as your own. Heck, you might even try to run it through llvm-obfuscator. 34 | But that would be stealing code. And obfuscate as you will, you can't obfuscate enough to hide the methods. 35 | So, primum non nocere. Do no harm, and do not steal. 36 | 37 | To be fully clear: 38 | 39 | - Yes, you may use this source or code library as you see fit, PROVIDED THAT: 40 | 41 | - IT IS NOT USED COMMERCIALLY IN ANY WAY. For this, I ask that you contact my company, @Technologeeks, 42 | and ask for proper licensing - they'll also provide official support. 43 | 44 | - IT IS NOT USED AS A COMPONENT OF AN APT IN ANY KIND FORM OR MANNER. 45 | (NSO/Hackin9/Finfisher/Equus/etc - that means you) 46 | 47 | - WHEN YOU DO USE IT, I ASK THAT YOU MENTION THAT YOUR TOOL IS "powered by the QiLin Toolkit", 48 | or otherwise provide a user facing indication that it is using this code. 49 | I'd appreciate it if you tweeted with #QiLin, too. 50 | 51 | - If you spread lies about other people, propaganda or false claims, while using this toolkit, 52 | then you must renounce your ways, and apologize. Then you can use it freely. 53 | 54 | - There are no limitation on nationality, specific people exclusions (i.e. this is AISE, subject to last condition, above ;-), 55 | or any other race, color or creed - provided the above are met. 56 | 57 | 58 | - QiLin comes with NO LIABILITY WHATSOEVER. YOU USE THIS AT YOUR OWN RISK. 59 | 60 | I CANNOT AND WILL NOT BE HELD ACCOUNTABLE FOR ANY DAMAGE, SOFTWARE OR HARDWARE OR YOUR DATA OR OTHERWISE, 61 | 62 | WHICH MAY OR MAY NOT RESULT TO YOUR IOS DEVICE BY USING THIS. 63 | 64 | - Remember I'm doing this AS A FAVOR. I AM NO IN WAY INDEBTED OR COMMITTED TO SUPPORT THIS, OR ANY OTHER OF MY TOOLS. 65 | You don't have to thank for this (you're welcome) but please don't slander me either. 66 | 67 | - Should you wish to contribute/donate, you may do so in one of the following ways: 68 | 69 | - Monetary: Pick a charity. Any charity. Of your choice. Pay them however money you want. 70 | Optionally, tweet/fb/insta/snap-whatever a screen capture stating "#QiLin". 71 | 72 | - Development: Through http://NewOSXBook.com/forum - you are welcome to ask (proper technical, not lame wen eta) 73 | questions and engage in discussions 74 | 75 | 76 | 77 | First, do no harm. Next, have fun :-) 78 | 79 | Changelog: 80 | 81 | - v0.1 Was AISE but SE is being more of an ass than usual and slandering fake claims directly attacking me. 82 | So this was updated with new condition excluding him until he grows up and behaves like the decent, 83 | talented researcher he can be. 84 | 85 | - v0.3 adds request to tweet #QiLin. 86 | 87 | - v0.4 states what should be obvious - NO LIABILITY WHATSOEVER 88 | 89 | ////iOS 12.1.2 - iPhone X 90 | //{ "12.1.1", "iPhone11,2", "D331AP", "_kernproc", 0xfffffff00913c638}, 91 | //{ "12.1.2", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638}, 92 | //{ "12.1.1", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638}, 93 | // 94 | // 95 | //{ "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0}, 96 | //{ "12.1.2", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8}, 97 | // 98 | ////iOS 12.1.1 - iPhone X 99 | //{ "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0}, 100 | //{ "12.1.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8}, 101 | ////iOS 12.1 - iPhone X 102 | //{ "12.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 103 | //{ "12.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 104 | ////iOS 12.0.1 - iPhone X 105 | //{ "12.0.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 106 | //{ "12.0.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 107 | ////iOS 12.0 - iPhone X 108 | //{ "12.0", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0}, 109 | //{ "12.0", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8}, 110 | // 111 | ////iOS 12.1.2 - iPhone 8 Plus 112 | //{ "12.1.2", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0}, 113 | //{ "12.1.2", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8}, 114 | //{ "12.1.2", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0}, 115 | //{ "12.1.2", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8}, 116 | ////iOS 12.1.1 - iPhone 8 Plus 117 | //{ "12.1.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0}, 118 | //{ "12.1.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8}, 119 | //{ "12.1.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0}, 120 | //{ "12.1.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8}, 121 | ////iOS 12.1 - iPhone 8 Plus 122 | //{ "12.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 123 | //{ "12.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 124 | //{ "12.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 125 | //{ "12.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 126 | ////iOS 12.0.1 - iPhone 8 Plus 127 | //{ "12.0.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 128 | //{ "12.0.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 129 | //{ "12.0.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 130 | //{ "12.0.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 131 | ////iOS 12.0 - iPhone 8 Plus 132 | //{ "12.0", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0}, 133 | //{ "12.0", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8}, 134 | //{ "12.0", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0}, 135 | //{ "12.0", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8}, 136 | // 137 | // 138 | ////iOS 12.1.2 - iPhone 8 139 | //{ "12.1.2", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0}, 140 | //{ "12.1.2", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8}, 141 | //{ "12.1.2", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0}, 142 | //{ "12.1.2", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8}, 143 | ////iOS 12.1.1 - iPhone 8 144 | //{ "12.1.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0}, 145 | //{ "12.1.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8}, 146 | //{ "12.1.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0}, 147 | //{ "12.1.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8}, 148 | ////iOS 12.0.1 - iPhone 8 149 | //{ "12.0.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0}, 150 | //{ "12.0.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8}, 151 | //{ "12.0.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0}, 152 | //{ "12.0.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8}, 153 | ////iOS 12.0 - iPhone 8 154 | //{ "12.0", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0}, 155 | //{ "12.0", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8}, 156 | //{ "12.0", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0}, 157 | //{ "12.0", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8}, 158 | // 159 | // 160 | ////iOS 12.1.2 - iPhone X 161 | //{ "12.1.2", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0}, 162 | //{ "12.1.2", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8}, 163 | ////iOS 12.1.1 - iPhone X 164 | //{ "12.1.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0}, 165 | //{ "12.1.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8}, 166 | ////iOS 12.1 - iPhone X 167 | //{ "12.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 168 | //{ "12.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 169 | ////iOS 12.0.1 - iPhone X 170 | //{ "12.0.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 171 | //{ "12.0.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 172 | ////iOS 12.0 - iPhone X 173 | //{ "12.0", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0}, 174 | //{ "12.0", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8}, 175 | // 176 | // 177 | ////iOS 12.1.2 - iPhone 8 Plus 178 | //{ "12.1.2", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0}, 179 | //{ "12.1.2", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8}, 180 | // 181 | //{ "12.1.2", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0}, 182 | //{ "12.1.2", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8}, 183 | ////iOS 12.1.1 - iPhone 8 Plus 184 | //{ "12.1.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0}, 185 | //{ "12.1.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8}, 186 | //{ "12.1.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0}, 187 | //{ "12.1.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8}, 188 | ////iOS 12.1 - iPhone 8 Plus 189 | //{ "12.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 190 | //{ "12.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 191 | //{ "12.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 192 | //{ "12.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 193 | ////iOS 12.0.1 - iPhone 8 Plus 194 | //{ "12.0.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 195 | //{ "12.0.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 196 | //{ "12.0.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 197 | //{ "12.0.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 198 | ////iOS 12.0.1 - iPhone 8 Plus 199 | //{ "12.0", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0}, 200 | //{ "12.0", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8}, 201 | //{ "12.0", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0}, 202 | //{ "12.0", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8}, 203 | // 204 | // 205 | ////iOS 12.1.2 - iPhone 8 206 | //{ "12.1.2", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0}, 207 | //{ "12.1.2", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8}, 208 | //{ "12.1.2", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0}, 209 | //{ "12.1.2", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8}, 210 | ////iOS 12.1.1 - iPhone 8 211 | //{ "12.1.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0}, 212 | //{ "12.1.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8}, 213 | //{ "12.1.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0}, 214 | //{ "12.1.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8}, 215 | ////iOS 12.1 - iPhone 8 216 | //{ "12.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 217 | //{ "12.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 218 | //{ "12.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 219 | //{ "12.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 220 | ////iOS 12.0.1 - iPhone 8 221 | //{ "12.0.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 222 | //{ "12.0.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 223 | //{ "12.0.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 224 | //{ "12.0.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 225 | ////iOS 12.0 - iPhone 8 226 | //{ "12.0", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0}, 227 | //{ "12.0", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8}, 228 | //{ "12.0", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0}, 229 | //{ "12.0", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8}, 230 | // 231 | // 232 | ////iOS 12.1.2 - iPhone 7 Plus 233 | //{ "12.1.2", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 234 | //{ "12.1.2", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 235 | ////iOS 12.1.1 - iPhone 7 Plus 236 | //{ "12.1.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 237 | //{ "12.1.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 238 | ////iOS 12.1 - iPhone 7 Plus 239 | //{ "12.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 240 | //{ "12.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 241 | ////iOS 12.0.1 - iPhone 7 Plus 242 | //{ "12.0.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 243 | //{ "12.0.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 244 | ////iOS 12.0 - iPhone 7 Plus 245 | //{ "12.0", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8}, 246 | //{ "12.0", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0}, 247 | // 248 | // 249 | ////iOS 12.1.2 - iPhone 7 250 | //{ "12.1.2", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 251 | //{ "12.1.2", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 252 | ////iOS 12.1 - iPhone 7 253 | //{ "12.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff00766a0c0}, 254 | //{ "12.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 255 | ////iOS 12.1.1 - iPhone 7 256 | //{ "12.1.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 257 | //{ "12.1.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 258 | ////iOS 12.0.1 - iPhone 7 259 | //{ "12.0.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 260 | //{ "12.0.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 261 | ////iOS 12.0 - iPhone 7 262 | //{ "12.0", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8}, 263 | //{ "12.0", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0}, 264 | // 265 | // 266 | ////iOS 12.1.2 - iPhone 7 Plus 267 | //{ "12.1.2", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 268 | //{ "12.1.2", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 269 | ////iOS 12.1.1 - iPhone 7 Plus 270 | //{ "12.1.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 271 | //{ "12.1.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 272 | ////iOS 12.1 - iPhone 7 Plus 273 | //{ "12.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 274 | //{ "12.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 275 | ////iOS 12.0.1 - iPhone 7 Plus 276 | //{ "12.0.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 277 | //{ "12.0.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 278 | ////iOS 12.0 - iPhone 7 Plus 279 | //{ "12.0", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8}, 280 | //{ "12.0", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0}, 281 | // 282 | // 283 | ////iOS 12.1.2 - iPhone 7 284 | //{ "12.1.2", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 285 | //{ "12.1.2", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 286 | ////iOS 12.1.1 - iPhone 7 287 | //{ "12.1.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 288 | //{ "12.1.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 289 | ////iOS 12.1 - iPhone 7 290 | //{ "12.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 291 | //{ "12.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 292 | ////iOS 12.0.1 - iPhone 7 293 | //{ "12.0.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 294 | //{ "12.0.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 295 | ////iOS 12.0 - iPhone 7 296 | //{ "12.0", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8}, 297 | //{ "12.0", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0}, 298 | // 299 | // 300 | ////iOS 12.1.2 - iPhone SE 301 | //{ "12.1.2", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 302 | //{ "12.1.2", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 303 | //{ "12.1.2", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 304 | //{ "12.1.2", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 305 | ////iOS 12.1.1 - iPhone SE 306 | //{ "12.1.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 307 | //{ "12.1.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 308 | //{ "12.1.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 309 | //{ "12.1.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 310 | ////iOS 12.1 - iPhone SE 311 | //{ "12.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 312 | //{ "12.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 313 | //{ "12.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 314 | //{ "12.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 315 | ////iOS 12.0.1 - iPhone SE 316 | //{ "12.0.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 317 | //{ "12.0.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 318 | //{ "12.0.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 319 | //{ "12.0.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 320 | ////iOS 12.0 - iPhone SE 321 | //{ "12.0", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8}, 322 | //{ "12.0", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0}, 323 | //{ "12.0", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8}, 324 | //{ "12.0", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0}, 325 | 326 | #endif 327 | #ifndef qilin_h 328 | #define qilin_h 329 | #include 330 | #include 331 | #include 332 | 333 | 334 | char *getMachine (void); 335 | char *getOSVer(void); 336 | 337 | typedef int (*KMRFunc)(uint64_t Address, uint64_t Len, void **To); 338 | typedef int (*KMWFunc)(uint64_t Address, uint64_t Len, void *From); 339 | void setKernelMemoryReadFunction(KMRFunc F); 340 | void setKernelMemoryWriteFunction(KMWFunc F); 341 | 342 | 343 | // MUST call either initQiLin variant first - with or without TFP0, though, that's your call. 344 | 345 | int initQiLin (mach_port_t TFP0, uint64_t KernelBase); 346 | int initQiLinWithKMRW(uint64_t KernelBase, KMRFunc Kmr, KMWFunc Kmw); 347 | int initQilinWithTFP0AndMyTaskPortAddr(mach_port_t TFP0, uint64_t MyTaskPortAddr); 348 | 349 | 350 | // System wide effects 351 | // 352 | int remountRootFS (void); 353 | int reSpring (void); // @FCE365 - this is for you 354 | 355 | pid_t execCommand(char *Cmd, char *Arg1, char *Arg2, char *Arg3, char *Arg4, char *Arg5 , int Flags); 356 | int execCommandAndWait(char *Cmd, char *Arg1, char *Arg2, char *Arg3, char *Arg4, char *Arg5); 357 | 358 | int setTFP0AsHostSpecialPort4 (void); 359 | 360 | // 1/17/18 - This is super useful 361 | int spawnAndPlatformize (char *AmfidebPath, char *Arg1, char *Arg2, char *Arg3 , char *Arg4, char *Arg5); 362 | int spawnAndShaiHulud (char *AmfidebPath, char *Arg1, char *Arg2, char *Arg3 , char *Arg4, char *Arg5); 363 | 364 | 365 | int moveFileFromAppDir (char *File, char *Dest); 366 | int disableAutoUpdates(void); 367 | 368 | // Code signing 369 | 370 | // Will set AMFId's exception ports and thereby disable code signing 371 | // 372 | int castrateAmfid (void); 373 | 374 | // Utility function - you probably won't need this directly. 375 | #define ALGORITHM_SHA256 2 376 | #define ALGORITHM_SHA1 1 377 | char *cdHashOfFile(char *fileName,int Algorithm); // Calculate CDHash of a given Mach-O (for messing with AMFI) 378 | 379 | 380 | 381 | // Kernel Memory access (wrappers over kernel_task send right) 382 | uint64_t findKernelSymbol (char *Symbol); 383 | void setKernelSymbol (char *Symbol, uint64_t Address); // NOTE: "_kernproc", not "kernproc" 384 | 385 | int readKernelMemory(uint64_t Address, uint64_t Len, void **To); 386 | int writeKernelMemory(uint64_t Address, uint64_t Len, void *From); 387 | 388 | // 03/20/2018: Kernel execution 389 | 390 | int kexec(uint64_t Address, uint64_t Arg0, uint64_t Arg1,uint64_t Arg2,uint64_t Arg3,uint64_t Arg4,uint64_t Arg5,uint64_t Arg6); 391 | 392 | 393 | // 03/20/2018 394 | uint64_t getAddressOfPort(pid_t Pid, mach_port_name_t Port); 395 | 396 | // 06/15/2018 ------- 397 | // Will return the address of the kernel vnode representing Path. 398 | uint64_t getVnodeByPathName (char *Path) ; 399 | uint64_t getRootVnodeAddr(void); // Convenience, for rootvnode ("/") instead of _rootvnode sym deref 400 | 401 | //------------------- 402 | 403 | // Not recommended, but doable: Bestow task port of Pid in TargetPid 404 | mach_port_t task_for_pid_in_kernel (pid_t Pid, pid_t TargetPid); 405 | 406 | //-------------------------------------- 407 | 408 | // Process manipulation functions 409 | 410 | // Finds the address of struct proc for this pid_t in kernel memory. 411 | uint64_t getProcStructForPid(pid_t); 412 | 413 | // Finds the pid of a process given its (base) name. Note this will only 414 | // work on processes you are the owner of (or all, if root) - this is intentional 415 | pid_t findPidOfProcess (char *ProcName) ; 416 | 417 | int setCSFlagsForProcAtAddr(uint64_t ProcStructAddr, int Flags, int Set); 418 | int setCSFlagsForPid (pid_t Whom, uint32_t Flags); 419 | int platformizePid(pid_t Whom); 420 | int rootifyPid(pid_t Whom); 421 | int ShaiHuludPid (pid_t Whom, uint64_t CredAddr); // leave 0 for root creds. 422 | int unShaiHuludPid (pid_t Whom); 423 | 424 | 425 | 426 | uint64_t borrowEntitlementsFromDonor(char *UnwittingDonor, char *Arg); 427 | // By request :-) 428 | uint64_t borrowEntitlementsFromPid(pid_t Pid); 429 | 430 | 431 | 432 | // Presently, limited to two entitlements, and assumed boolean (true) 433 | int entitlePidWithKernelEnts (pid_t Whom, char *Ent1, char *Ent2); 434 | 435 | // Convenience functions - do all the above , but on my process 436 | 437 | int platformizeMe (void); 438 | int rootifyMe(void); 439 | 440 | // Escape sandbox: 441 | // call with 0 to assume kernel cred, else specify value. Will return origCreds 442 | uint64_t ShaiHuludMe(uint64_t OtherCredsOr0ForKernelCreds); 443 | void unShaiHuludMe(uint64_t OrigCreds); 444 | int entitleMe(char *entitlementString); 445 | 446 | uint64_t getKernelCredAddr (void); 447 | 448 | 449 | /// Vnode functions - bringing @MinZheng's APFS bypass to the masses: 450 | uint64_t getVnodeByPathName (char *Path); 451 | 452 | /// Launchd handling utilities - just for you @launchderp :-) 453 | int makeLaunchdPlist (char *PlistName, char *Program, char *ProgramArguments, char *StandardOutputPath, char *StandardErrorPath, int RunAtLoad); 454 | int launjctlLaunchdPlist(char *Name); 455 | 456 | // I use these internally, not sure anyone else would need them 457 | int launjctlPrintSystem (void); 458 | int launjctlDumpState(void); 459 | 460 | 461 | // This one is still in progress. Don't use it please. 462 | int movePortToPid(mach_port_t PortMoved, pid_t Pid, mach_port_name_t Name); 463 | int spawnJailbreakServer (char *Name, mach_port_t TFP0, mach_port_name_t NameInTarget); 464 | 465 | // UI Support: 466 | // Provide status, error and debug print outs to user, 467 | // which may be redirected to GUI views, etc. 468 | // Default implmenentations are NSLog. 469 | 470 | typedef void (status_func) (char *,...); 471 | void setStatusReporter (status_func *Func); 472 | void setErrorReporter (status_func *Func); 473 | void setDebugReporter (status_func *Func); 474 | 475 | 476 | // Utility functions you probably won't need unless you want to do your own debugging 477 | void hexDump(void *Mem, int Len, uint64_t Addr); 478 | void dumpARMThreadState64(_STRUCT_ARM_THREAD_STATE64 *old_state); 479 | 480 | // Even more Internal/advanced use: 481 | uint64_t findKernelTask (void); 482 | uint64_t findMyProcStructInKernelMemory(void); // For other advanced uses I haven't provided already 483 | 484 | 485 | #endif /* qilin_h */ 486 | -------------------------------------------------------------------------------- /csflags/csflags-Prefix.pch: -------------------------------------------------------------------------------- 1 | // 2 | // Prefix header for all source files of the 'csflags' target in the 'csflags' project 3 | // 4 | 5 | #ifdef __OBJC__ 6 | #import 7 | #endif 8 | -------------------------------------------------------------------------------- /csflags/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.c 3 | // csflags 4 | // 5 | // Created by h4ck on 2019/4/8. 6 | // Copyright (c) 2019年 ___ORGANIZATIONNAME___. All rights reserved. 7 | // 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include "QiLin.h" 14 | 15 | // http://newosxbook.com/articles/MDGA.html 16 | // http://newosxbook.com/QiLin/ 17 | 18 | // This is csflags that support iOS12. 19 | // Only test on iPhone7(iPhone9,1) + iOS12.0 20 | 21 | static void nullFunc(char *a1,...) {}; // suppress debug 22 | 23 | int main (int argc, const char * argv[]) 24 | { 25 | setDebugReporter(nullFunc); 26 | do { 27 | if (argc < 3) break; 28 | int pid = atoi(argv[1]); 29 | int flag = 0; 30 | int ret = sscanf(argv[2], "0x%x",&flag); 31 | if (!ret) break; 32 | mach_port_t kernel_task_port; 33 | kern_return_t host_get_special_port(task_t, int node, int which, mach_port_t *); 34 | kern_return_t kr = host_get_special_port(mach_host_self(), 0, 4, &kernel_task_port); 35 | if (kr) { fprintf(stderr,"Call host_get_special_port failed!\n"); return kr;} 36 | NSDictionary *offsets = [NSDictionary dictionaryWithContentsOfFile:@"/jb/offsets.plist"]; 37 | NSString *stringBase = offsets[@"KernelBase"]; 38 | NSString *stringSlide = offsets[@"KernelSlide"]; 39 | NSString *stringTask = offsets[@"KernelTask"]; 40 | NSLog(@"Read offsets from /jb/offsets.plist: \n%@",offsets); 41 | uint64_t kernel_base = 0; 42 | uint64_t kernel_slide = 0; 43 | uint64_t kernel_task = 0; 44 | ret = sscanf(stringBase.UTF8String, "0x%llx",&kernel_base); 45 | if (!ret) { fprintf(stderr,"Read kernel base from hex value failed!\n"); return ret;} 46 | ret = sscanf(stringSlide.UTF8String, "0x%llx",&kernel_slide); 47 | if (!ret) { fprintf(stderr,"Read kernel slide from hex value failed!\n"); return ret;} 48 | ret = sscanf(stringTask.UTF8String, "0x%llx",&kernel_task); 49 | if (!ret) { fprintf(stderr,"Read kernel task from hex value failed!\n"); return ret;} 50 | printf("Kernel: port 0x%x, task 0x%llx, base 0x%llx, slide 0x%llx\n", kernel_task_port,kernel_task,kernel_base,kernel_slide); 51 | int rc = initQiLin(kernel_task_port, kernel_base); 52 | if (rc) { fprintf(stderr,"Qilin Initialization failed!\n"); return rc;} 53 | // setKernelSymbol("_kernproc", kernel_task); 54 | ret = setCSFlagsForPid(pid,flag); 55 | printf("RC: %d\n", ret); 56 | return 0; 57 | } while (0); 58 | fprintf(__stderrp, "Usage: csflags _pid_ 0xflags\nExample: csflags 936 0x4\nYou can find more info: http://newosxbook.com/articles/MDGA.html\n"); 59 | return 1; 60 | } 61 | 62 | -------------------------------------------------------------------------------- /csflags/qilin12.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lemon4ex/debugserverXII/e55aa2bcc9c08b55ac728c080ca205792bf2ee54/csflags/qilin12.o -------------------------------------------------------------------------------- /debugserverXII/Package/DEBIAN/control: -------------------------------------------------------------------------------- 1 | Package: net.ymlab.dev.debugserverXII 2 | Name: debugserverXII 3 | Version: 1.0-2 4 | Description: 5 | Section: System 6 | Depends: firmware (>= 7.0) 7 | Conflicts: 8 | Replaces: 9 | Priority: optional 10 | Architecture: iphoneos-arm 11 | Author: h4ck 12 | dev: 13 | Homepage: 14 | Depiction: 15 | Maintainer: 16 | Icon: 17 | 18 | -------------------------------------------------------------------------------- /debugserverXII/Package/DEBIAN/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | chown root:wheel /usr/bin/debugserverXII 4 | chmod 755 /usr/bin/debugserverXII 5 | 6 | exit 0 7 | -------------------------------------------------------------------------------- /debugserverXII/Package/DEBIAN/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed AFTER the Debian package is REMOVED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /debugserverXII/Package/DEBIAN/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed BEFORE the Debian package is INSTALLED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /debugserverXII/Package/DEBIAN/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed BEFORE the Debian package is REMOVED 4 | # For information about this file, see http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html#s-maintscripts. 5 | 6 | -------------------------------------------------------------------------------- /debugserverXII/Package/usr/bin/debugserverXII: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lemon4ex/debugserverXII/e55aa2bcc9c08b55ac728c080ca205792bf2ee54/debugserverXII/Package/usr/bin/debugserverXII -------------------------------------------------------------------------------- /debugserverXII/PackageVersion.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | BugFix 6 | 7 | Major 8 | 1 9 | Minor 10 | 0 11 | PackageRevision 12 | 2 13 | Stage 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /debugserverXII/debugserverXII-Prefix.pch: -------------------------------------------------------------------------------- 1 | // 2 | // Prefix header for all source files of the 'debugserverXII' target in the 'debugserverXII' project 3 | // 4 | 5 | #ifdef __OBJC__ 6 | #import 7 | #endif 8 | -------------------------------------------------------------------------------- /debugserverXII/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // debugserverXII 4 | // 5 | // Created by h4ck on 2019/4/8. 6 | // Copyright (c) 2019年 h4ck. All rights reserved. 7 | // 8 | 9 | #import 10 | #include 11 | #include 12 | #include 13 | #include "QiLin.h" 14 | #include 15 | #include 16 | #include 17 | #include 18 | 19 | extern char **environ; 20 | 21 | static void nullFunc(char *a1,...) {}; // suppress debug 22 | 23 | static int isInt(char* str) 24 | { 25 | for(int i=0; i < strlen(str); i++) 26 | { 27 | if(!(isdigit(str[i]))) return 0; 28 | } 29 | return 1; 30 | } 31 | 32 | 33 | int main (int argc, const char * argv[]) 34 | { 35 | setDebugReporter(nullFunc); 36 | pid_t pid = 0; 37 | char *target = NULL; 38 | for (int i = 0; i < argc; i++) { 39 | if (strcmp(argv[i], "-a") == 0 && i + 1 < argc) { 40 | target = strdup(argv[i+1]); 41 | break; 42 | } 43 | } 44 | 45 | if (isInt(target)) { 46 | pid = atoi(target); 47 | } 48 | else{ 49 | pid = findPidOfProcess(target); 50 | } 51 | free(target); 52 | if (pid <= 0) { 53 | fprintf(stderr,"[-] Get process pid failed!\n"); 54 | return pid; 55 | } 56 | 57 | int ret = 0; 58 | mach_port_t kernel_task_port; 59 | kern_return_t host_get_special_port(task_t, int node, int which, mach_port_t *); 60 | kern_return_t kr = host_get_special_port(mach_host_self(), 0, 4, &kernel_task_port); 61 | if (kr) { 62 | fprintf(stderr,"[-] Call host_get_special_port failed!\n"); 63 | return kr; 64 | } 65 | NSDictionary *offsets = [NSDictionary dictionaryWithContentsOfFile:@"/jb/offsets.plist"]; 66 | NSString *stringBase = offsets[@"KernelBase"]; 67 | 68 | printf("[+] Read offsets from /jb/offsets.plist\n"); 69 | uint64_t kernel_base = 0; 70 | 71 | ret = sscanf(stringBase.UTF8String, "0x%llx",&kernel_base); 72 | if (!ret) { 73 | fprintf(stderr,"[-] Read kernel base from hex value failed!\n"); 74 | return ret; 75 | } 76 | 77 | printf("[+] Kernel: port 0x%x, base 0x%llx\n", kernel_task_port,kernel_base); 78 | int rc = initQiLin(kernel_task_port, kernel_base); 79 | if (rc) { fprintf(stderr,"[-] Qilin Initialization failed!\n"); return rc;} 80 | 81 | // if you want to support your device, please uncomment next line 82 | // setKernelSymbol("_kernproc", kernel_task); 83 | 84 | ret = setCSFlagsForPid(pid,0x4); 85 | if (ret) { 86 | fprintf(stderr,"[-] Call setCSFlagsForPid failed!\n"); 87 | return ret; 88 | } 89 | 90 | // real path of debugserver, /usr/local/bin/debugserver is a shell script tool 91 | char *server_path = "/usr/bin/debugserver"; 92 | chmod(server_path,0x1FF); 93 | ret = access(server_path, 1); 94 | if (ret) 95 | { 96 | printf("[-] Can't execute %s",server_path); 97 | ret = access(server_path, 0); 98 | if ( ret ) 99 | fprintf(stderr, ", Doesn't even exist\n"); 100 | else 101 | fprintf(stderr, "\n"); 102 | return ret; 103 | } 104 | 105 | // make a argv string 106 | size_t argc_len = strlen(server_path); 107 | for (int i = 1; i < argc; i++) { 108 | argc_len += strlen(argv[i]); 109 | argc_len += 1; 110 | } 111 | char *fork_cmd = calloc(argc_len + 1, 1); 112 | memset(fork_cmd, 0, argc_len + 1); 113 | strcpy(fork_cmd, server_path); 114 | for (int i = 1; i < argc; i++) { 115 | strcat(fork_cmd, " "); 116 | strcat(fork_cmd, argv[i]); 117 | } 118 | printf("[+] Execute %s\n",fork_cmd); 119 | 120 | // Execute 121 | pid_t fork_pid; 122 | int fork_status; 123 | const char *fork_argv[] = {"sh", "-c", fork_cmd, NULL}; 124 | posix_spawn(&fork_pid, "/bin/sh", NULL, NULL, (char * const *)fork_argv, environ); 125 | waitpid(fork_pid, &fork_status, WEXITED); 126 | free(fork_cmd); 127 | return fork_status; 128 | } 129 | 130 | --------------------------------------------------------------------------------