From 6536ff3cd2b2fac8a2068058735e77479341f19f Mon Sep 17 00:00:00 2001 From: comex Date: Wed, 28 Jan 2015 02:54:21 -0500 Subject: ***yawn*** --- ios-bootstrap/generic-dyld-inserted.m | 5 +++ ios-bootstrap/inject-into-launchd.c | 77 +++++++++++++++++++++++++++++++++++ ios-bootstrap/posixspawn-hook.c | 10 +++-- ios-bootstrap/unrestrict-me.c | 11 +++++ 4 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 ios-bootstrap/generic-dyld-inserted.m create mode 100644 ios-bootstrap/inject-into-launchd.c (limited to 'ios-bootstrap') diff --git a/ios-bootstrap/generic-dyld-inserted.m b/ios-bootstrap/generic-dyld-inserted.m new file mode 100644 index 0000000..532b844 --- /dev/null +++ b/ios-bootstrap/generic-dyld-inserted.m @@ -0,0 +1,5 @@ +#include +__attribute__((constructor)) +static void init() { + syslog(LOG_WARNING, "Hi!"); +} diff --git a/ios-bootstrap/inject-into-launchd.c b/ios-bootstrap/inject-into-launchd.c new file mode 100644 index 0000000..1da4a02 --- /dev/null +++ b/ios-bootstrap/inject-into-launchd.c @@ -0,0 +1,77 @@ +#include "substitute.h" +#include "substitute-internal.h" +#include +#include +#include +#include +#include +#include + +void *IOHIDEventCreateKeyboardEvent(CFAllocatorRef, uint64_t, uint32_t, uint32_t, bool, uint32_t); +void *IOHIDEventSystemCreate(CFAllocatorRef); +void *IOHIDEventSystemCopyEvent(void *, uint32_t, void *, uint32_t); + +CFIndex IOHIDEventGetIntegerValue(void *, uint32_t); +enum { + kIOHIDEventTypeKeyboard = 3, + kIOHIDEventFieldKeyboardDown = 3 << 16 | 2, +}; + +static bool button_pressed(uint32_t usage_page, uint32_t usage) { + /* This magic comes straight from Substrate... I don't really understand + * what it's doing. In particular, where is the equivalent kernel + * implementation on OS X? Does it not exist? But I guess Substrate is + * emulating backboardd. */ + void *dummy = IOHIDEventCreateKeyboardEvent(NULL, mach_absolute_time(), + usage_page, usage, + 0, 0); + if (!dummy) { + syslog(LOG_EMERG, "couldn't create dummy HID event"); + return false; + } + void *event_system = IOHIDEventSystemCreate(NULL); + if (!event_system) { + syslog(LOG_EMERG, "couldn't create HID event system"); + return false; + } + void *event = IOHIDEventSystemCopyEvent(event_system, + kIOHIDEventTypeKeyboard, + dummy, 0); + if (!event) { + syslog(LOG_EMERG, "couldn't copy HID event"); + return false; + } + CFIndex ival = IOHIDEventGetIntegerValue(event, kIOHIDEventFieldKeyboardDown); + return ival; +} + +int main(UNUSED int argc, char **argv) { + pid_t pid = argv[1] ? atoi(argv[1]) : 1; /* for testing */ + + if (button_pressed(0x0c, 0xe9) || /* consumer page -> Volume Increment */ + button_pressed(0x0b, 0x21)) { /* telephony page -> Flash */ + syslog(LOG_WARNING, "disabling due to button press"); + return 0; + } + mach_port_t port = 0; + kern_return_t kr = mach_port_allocate(mach_task_self(), + MACH_PORT_RIGHT_RECEIVE, + &port); + if (kr) { + syslog(LOG_EMERG, "mach_port_allocate: %x", kr); + return 0; + } + const char *lib = "/Library/Substitute/posixspawn-hook.dylib"; + struct shuttle shuttle = { + .type = SUBSTITUTE_SHUTTLE_MACH_PORT, + .u.mach.right_type = MACH_MSG_TYPE_MAKE_SEND, + .u.mach.port = port + }; + char *error; + int ret = substitute_dlopen_in_pid(pid, lib, 0, &shuttle, 1, &error); + if (ret) { + syslog(LOG_EMERG, "substitute_dlopen_in_pid: %s/%s", + substitute_strerror(ret), error); + return 0; + } +} diff --git a/ios-bootstrap/posixspawn-hook.c b/ios-bootstrap/posixspawn-hook.c index 525b597..25c7973 100644 --- a/ios-bootstrap/posixspawn-hook.c +++ b/ios-bootstrap/posixspawn-hook.c @@ -67,7 +67,6 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old, const char *p = orig_dyld_insert; while (*p) { /* W.N.H. */ const char *next = strchr(p, ':') ?: (p + strlen(p)); - printf("p:%s next:%s\n", p, next); /* append if it isn't a copy of ours */ if (!(next - p == sizeof(my_dylib) - 1 && memcmp(next, my_dylib, sizeof(my_dylib) - 1))) { @@ -76,9 +75,10 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old, memcpy(newp, p, next - p); newp += next - p; } - p = next; + if (!*next) + break; + p = next + 1; } - printf("ok\n"); /* append ours if necessary */ if (!safe_mode) { if (newp != newp_orig) @@ -138,6 +138,10 @@ static int hook_posix_spawn_generic(__typeof__(posix_spawn) *old, "posixspawn-hook: couldn't start unrestrict-me - oh well..."); goto skip; } + int xstat; + /* reap intermediate to avoid zombie - if it doesn't work, not a big deal */ + if (waitpid(prog_pid, &xstat, 0)) + syslog(LOG_ERR, "posixspawn-hook: couldn't waitpid"); } int ret = old(pid, path, file_actions, &my_attr, argv, envp_to_use); diff --git a/ios-bootstrap/unrestrict-me.c b/ios-bootstrap/unrestrict-me.c index a297471..5a2c6dd 100644 --- a/ios-bootstrap/unrestrict-me.c +++ b/ios-bootstrap/unrestrict-me.c @@ -2,6 +2,8 @@ #include "substitute-internal.h" #include #include +#include +#include int main(int argc, char **argv) { if (argc != 3) { @@ -22,6 +24,15 @@ int main(int argc, char **argv) { return 1; } + /* double fork to avoid zombies */ + int ret = fork(); + if (ret == -1) { + syslog(LOG_EMERG, "unrestrict-me: fork: %s", strerror(errno)); + return 1; + } else if (ret) { + return 0; + } + char *err = NULL; int sret = substitute_ios_unrestrict((pid_t) pid, should_resume[0] == '1', &err); if (sret) { -- cgit v1.2.3