***yawn***

4 files changed, 100 insertions, 3 deletions

diff --git a/ios-bootstrap/generic-dyld-inserted.m b/ios-bootstrap/generic-dyld-inserted.m
new file mode 100644
index 0000000..532b844
--- /dev/null
+++ b/ios-bootstrap/generic-dyld-inserted.m
@@ -0,0 +1,5 @@
+#include <syslog.h>
+__attribute__((constructor))
+static void init() {
+    syslog(LOG_WARNING, "Hi!");
+}
diff --git a/ios-bootstrap/inject-into-launchd.c b/ios-bootstrap/inject-into-launchd.c
new file mode 100644
index 0000000..1da4a02
--- /dev/null
+++ b/ios-bootstrap/inject-into-launchd.c
@@ -0,0 +1,77 @@
+#include "substitute.h"
+#include "substitute-internal.h"
+#include <mach/mach.h>
+#include <mach/mach_time.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <syslog.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+void *IOHIDEventCreateKeyboardEvent(CFAllocatorRef, uint64_t, uint32_t, uint32_t, bool, uint32_t);
+void *IOHIDEventSystemCreate(CFAllocatorRef);
+void *IOHIDEventSystemCopyEvent(void *, uint32_t, void *, uint32_t);
+
+CFIndex IOHIDEventGetIntegerValue(void *, uint32_t);
+enum {
+    kIOHIDEventTypeKeyboard = 3,
+    kIOHIDEventFieldKeyboardDown = 3 << 16 | 2,
+};
+
+static bool button_pressed(uint32_t usage_page, uint32_t usage) {
+    /* This magic comes straight from Substrate... I don't really understand
+     * what it's doing.  In particular, where is the equivalent kernel
+     * implementation on OS X?  Does it not exist?  But I guess Substrate is
+     * emulating backboardd. */
+    void *dummy = IOHIDEventCreateKeyboardEvent(NULL, mach_absolute_time(),
+                                                usage_page, usage,
+                                                0, 0);
+    if (!dummy) {
+        syslog(LOG_EMERG, "couldn't create dummy HID event");
+        return false;
+    }
+    void *event_system = IOHIDEventSystemCreate(NULL);
+    if (!event_system) {
+        syslog(LOG_EMERG, "couldn't create HID event system");
+        return false;
+    }
+    void *event = IOHIDEventSystemCopyEvent(event_system,
+                                            kIOHIDEventTypeKeyboard,
+                                            dummy, 0);
+    if (!event) {
+        syslog(LOG_EMERG, "couldn't copy HID event");
+        return false;
+    }
+    CFIndex ival = IOHIDEventGetIntegerValue(event, kIOHIDEventFieldKeyboardDown);
+    return ival;
+}
+
+int main(UNUSED int argc, char **argv) {
+    pid_t pid = argv[1] ? atoi(argv[1]) : 1; /* for testing */
+
+    if (button_pressed(0x0c, 0xe9) || /* consumer page -> Volume Increment */
+        button_pressed(0x0b, 0x21)) { /* telephony page -> Flash */
+        syslog(LOG_WARNING, "disabling due to button press");
+        return 0;
+    }
+    mach_port_t port = 0;
+    kern_return_t kr = mach_port_allocate(mach_task_self(),
+                                          MACH_PORT_RIGHT_RECEIVE,
+                                          &port);
+    if (kr) {
+        syslog(LOG_EMERG, "mach_port_allocate: %x", kr);
+        return 0;
+    }
+    const char *lib = "/Library/Substitute/posixspawn-hook.dylib";
+    struct shuttle shuttle = {
+        .type = SUBSTITUTE_SHUTTLE_MACH_PORT,
+        .u.mach.right_type = MACH_MSG_TYPE_MAKE_SEND,
+        .u.mach.port = port
+    };
+    char *error;
+    int ret = substitute_dlopen_in_pid(pid, lib, 0, &shuttle, 1, &error);
+    if (ret) {
+        syslog(LOG_EMERG, "substitute_dlopen_in_pid: %s/%s",
+               substitute_strerror(ret), error);
+        return 0;
+    }
+}
diff --git a/ios-bootstrap/posixspawn-hook.c b/ios-bootstrap/posixspawn-hook.c
index 525b597..25c7973 100644
--- a/ios-bootstrap/posixspawn-hook.c
+++ b/ios-bootstrap/posixspawn-hook.c
@@ -67,7 +67,6 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old,
     const char *p = orig_dyld_insert;
     while (*p) { /* W.N.H. */
         const char *next = strchr(p, ':') ?: (p + strlen(p));
-        printf("p:%s next:%s\n", p, next);
         /* append if it isn't a copy of ours */
         if (!(next - p == sizeof(my_dylib) - 1 &&
               memcmp(next, my_dylib, sizeof(my_dylib) - 1))) {
@@ -76,9 +75,10 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old,
             memcpy(newp, p, next - p);
             newp += next - p;
         }
-        p = next;
+        if (!*next)
+            break;
+        p = next + 1;
     }
-    printf("ok\n");
     /* append ours if necessary */
     if (!safe_mode) {
         if (newp != newp_orig)
@@ -138,6 +138,10 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old,
                    "posixspawn-hook: couldn't start unrestrict-me - oh well...");
             goto skip;
         }
+        int xstat;
+        /* reap intermediate to avoid zombie - if it doesn't work, not a big deal */
+        if (waitpid(prog_pid, &xstat, 0))
+            syslog(LOG_ERR, "posixspawn-hook: couldn't waitpid");
     }
 
     int ret = old(pid, path, file_actions, &my_attr, argv, envp_to_use);
diff --git a/ios-bootstrap/unrestrict-me.c b/ios-bootstrap/unrestrict-me.c
index a297471..5a2c6dd 100644
--- a/ios-bootstrap/unrestrict-me.c
+++ b/ios-bootstrap/unrestrict-me.c
@@ -2,6 +2,8 @@
 #include "substitute-internal.h"
 #include <stdlib.h>
 #include <syslog.h>
+#include <errno.h>
+#include <stdio.h>
 
 int main(int argc, char **argv) {
     if (argc != 3) {
@@ -22,6 +24,15 @@ int main(int argc, char **argv) {
         return 1;
     }
 
+    /* double fork to avoid zombies */
+    int ret = fork();
+    if (ret == -1) {
+        syslog(LOG_EMERG, "unrestrict-me: fork: %s", strerror(errno));
+        return 1;
+    } else if (ret) {
+        return 0;
+    }
+
     char *err = NULL;
     int sret = substitute_ios_unrestrict((pid_t) pid, should_resume[0] == '1', &err);
     if (sret) {