6 years ago · c9588fb350
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Contents.json
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Contents.json
@@ -54,38 +54,45 @@
 
				       "scale" : "1x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "20x20",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-Small-41.png",
			
 
				       "scale" : "2x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "29x29",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-Small.png",
			
 
				       "scale" : "1x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "29x29",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-Small@2x-1.png",
			
 
				       "scale" : "2x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "40x40",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-Small-42.png",
			
 
				       "scale" : "1x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "40x40",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-Small-40@2x-1.png",
			
 
				       "scale" : "2x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "76x76",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-76.png",
			
 
				       "scale" : "1x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ipad",
			
 
				       "size" : "76x76",
			
 
				+      "idiom" : "ipad",
			
 
				+      "filename" : "Icon-76@2x.png",
			
 
				       "scale" : "2x"
			
 
				     },
			
 
				     {
			
@@ -94,8 +101,9 @@
 
				       "scale" : "2x"
			
 
				     },
			
 
				     {
			
 
				-      "idiom" : "ios-marketing",
			
 
				       "size" : "1024x1024",
			
 
				+      "idiom" : "ios-marketing",
			
 
				+      "filename" : "iTunesArtwork@2x.png",
			
 
				       "scale" : "1x"
			
 
				     }
			
 
				   ],
			
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@2x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@2x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@3x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-60@3x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76@2x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-76@2x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x-1.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x-1.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@2x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@3x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-40@3x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-41.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-41.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-42.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small-42.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x-1.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x-1.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@2x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@3x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/Icon-Small@3x.png
--- a/g0blin/Assets.xcassets/AppIcon.appiconset/iTunesArtwork@2x.png
+++ b/g0blin/Assets.xcassets/AppIcon.appiconset/iTunesArtwork@2x.png
--- a/g0blin/Base.lproj/Main.storyboard
+++ b/g0blin/Base.lproj/Main.storyboard
@@ -157,14 +157,14 @@
 
				                                 </connections>
			
 
				                             </button>
			
 
				                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" text="INFO" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="UI2-uu-82L">
			
 
				-                                <rect key="frame" x="16" y="186" width="265" height="50"/>
			
 
				+                                <rect key="frame" x="16" y="161" width="265" height="50"/>
			
 
				                                 <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
			
 
				                                 <fontDescription key="fontDescription" name="Menlo-Bold" family="Menlo" pointSize="36"/>
			
 
				                                 <color key="textColor" red="0.50196078431372548" green="0.0" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				                                 <nil key="highlightedColor"/>
			
 
				                             </label>
			
 
				                             <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" usesAttributedText="YES" lineBreakMode="tailTruncation" numberOfLines="0" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="SXG-YB-Hu8">
			
 
				-                                <rect key="frame" x="16" y="249" width="288" height="149"/>
			
 
				+                                <rect key="frame" x="16" y="224" width="288" height="149"/>
			
 
				                                 <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMaxX="YES" flexibleMaxY="YES"/>
			
 
				                                 <attributedString key="attributedText">
			
 
				                                     <fragment content="kernel exploit:  siguza discovered by:   ian beer poc:             windknown kpp bypass:      luca todesco cs:              ">
			
@@ -212,39 +212,35 @@
 
				                                 </attributedString>
			
 
				                                 <nil key="highlightedColor"/>
			
 
				                             </label>
			
 
				-                            <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" usesAttributedText="YES" lineBreakMode="tailTruncation" numberOfLines="0" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="euL-w4-QKa">
			
 
				-                                <rect key="frame" x="16" y="406" width="288" height="83"/>
			
 
				-                                <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMaxX="YES" flexibleMaxY="YES"/>
			
 
				-                                <attributedString key="attributedText">
			
 
				-                                    <fragment content="greetz: ">
			
 
				-                                        <attributes>
			
 
				-                                            <color key="NSColor" red="0.37055522200000002" green="0.37056469920000001" blue="0.37055957319999999" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				-                                            <font key="NSFont" size="12" name="Menlo-Regular"/>
			
 
				-                                            <paragraphStyle key="NSParagraphStyle" alignment="left" lineBreakMode="wordWrapping" baseWritingDirection="natural" lineSpacing="2" tighteningFactorForTruncation="0.0"/>
			
 
				-                                        </attributes>
			
 
				-                                    </fragment>
			
 
				-                                    <fragment content="uroboro, ">
			
 
				-                                        <attributes>
			
 
				-                                            <color key="NSColor" red="0.37056" green="0.37056" blue="0.37056" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				-                                            <font key="NSFont" size="12" name="Menlo-Regular"/>
			
 
				-                                            <paragraphStyle key="NSParagraphStyle" alignment="left" lineBreakMode="wordWrapping" baseWritingDirection="natural" lineSpacing="2" tighteningFactorForTruncation="0.0"/>
			
 
				-                                        </attributes>
			
 
				-                                    </fragment>
			
 
				-                                    <fragment content="psycho tea, arx8x, cheesecakeufo, ninjaprawn, DrTC,">
			
 
				-                                        <attributes>
			
 
				-                                            <color key="NSColor" red="0.37055522200000002" green="0.37056469920000001" blue="0.37055957319999999" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				-                                            <font key="NSFont" size="12" name="Menlo-Regular"/>
			
 
				-                                            <paragraphStyle key="NSParagraphStyle" alignment="left" lineBreakMode="wordWrapping" baseWritingDirection="natural" lineSpacing="2" tighteningFactorForTruncation="0.0"/>
			
 
				-                                        </attributes>
			
 
				-                                    </fragment>
			
 
				-                                </attributedString>
			
 
				-                                <nil key="highlightedColor"/>
			
 
				-                            </label>
			
 
				+                            <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="roundedRect" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="toY-9V-4Rf">
			
 
				+                                <rect key="frame" x="16" y="405" width="96" height="32"/>
			
 
				+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
			
 
				+                                <color key="backgroundColor" red="0.50196078431372548" green="0.0" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				+                                <state key="normal" title="r/jailbreak">
			
 
				+                                    <color key="titleColor" red="0.99999600649999998" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				+                                </state>
			
 
				+                                <connections>
			
 
				+                                    <action selector="goReddit:" destination="E4R-mI-ttA" eventType="touchUpInside" id="oXy-WD-Gkt"/>
			
 
				+                                </connections>
			
 
				+                            </button>
			
 
				+                            <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="roundedRect" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="pGU-D6-HFn">
			
 
				+                                <rect key="frame" x="16" y="453" width="96" height="32"/>
			
 
				+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
			
 
				+                                <color key="backgroundColor" red="0.50196078430000002" green="0.0" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				+                                <state key="normal" title="discord">
			
 
				+                                    <color key="titleColor" red="0.99999600649999998" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
			
 
				+                                </state>
			
 
				+                                <connections>
			
 
				+                                    <action selector="goDiscord:" destination="E4R-mI-ttA" eventType="touchUpInside" id="mBt-9B-fxG"/>
			
 
				+                                </connections>
			
 
				+                            </button>
			
 
				                         </subviews>
			
 
				                         <color key="backgroundColor" white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
			
 
				                         <viewLayoutGuide key="safeArea" id="WAO-C2-OHy"/>
			
 
				                     </view>
			
 
				                     <connections>
			
 
				+                        <outlet property="discordButton" destination="pGU-D6-HFn" id="9sv-qE-aqd"/>
			
 
				+                        <outlet property="redditButton" destination="toY-9V-4Rf" id="S8A-gG-idf"/>
			
 
				                         <outlet property="reinstallBootstrapSwitch" destination="UjU-65-8UT" id="pvk-Ve-lp5"/>
			
 
				                     </connections>
			
 
				                 </viewController>
			
--- a/g0blin/SettingsController.m
+++ b/g0blin/SettingsController.m
@@ -9,7 +9,8 @@
 
				 #import "SettingsController.h"
			
 
				 
			
 
				 @interface SettingsController ()
			
 
				-
			
 
				+@property (weak, nonatomic) IBOutlet UIButton *redditButton;
			
 
				+@property (weak, nonatomic) IBOutlet UIButton *discordButton;
			
 
				 @end
			
 
				 
			
 
				 @implementation SettingsController
			
@@ -18,9 +19,24 @@
 
				     [super viewDidLoad];
			
 
				     // Do any additional setup after loading the view.
			
 
				     
			
 
				+    self.redditButton.layer.cornerRadius = 6;
			
 
				+    self.discordButton.layer.cornerRadius = 6;
			
 
				+    
			
 
				     [self.reinstallBootstrapSwitch setOn:NO animated:NO];
			
 
				 }
			
 
				 
			
 
				+- (IBAction)goReddit:(UIButton *)sender {
			
 
				+    NSURL *url = [NSURL URLWithString:@"http://reddit.com/r/jailbreak"];
			
 
				+//    [[UIApplication sharedApplication] openURL:url];
			
 
				+    [[UIApplication sharedApplication] openURL:url options:@{} completionHandler:nil];
			
 
				+}
			
 
				+
			
 
				+- (IBAction)goDiscord:(UIButton *)sender {
			
 
				+    NSURL *url = [NSURL URLWithString:@"http://discord.gg/RZqpUfR"];
			
 
				+    //    [[UIApplication sharedApplication] openURL:url];
			
 
				+    [[UIApplication sharedApplication] openURL:url options:@{} completionHandler:nil];
			
 
				+}
			
 
				+
			
 
				 - (void)didReceiveMemoryWarning {
			
 
				     [super didReceiveMemoryWarning];
			
 
				     // Dispose of any resources that can be recreated.
			
--- a/g0blin/ViewController.m
+++ b/g0blin/ViewController.m
@@ -26,7 +26,6 @@
 
				 @interface ViewController ()
			
 
				 @property (weak, nonatomic) IBOutlet UIImageView *logoView;
			
 
				 @property (weak, nonatomic) IBOutlet UIButton *goButton;
			
 
				-@property (weak, nonatomic) IBOutlet UIProgressView *progressView;
			
 
				 @property (weak, nonatomic) IBOutlet UITextView *consoleView;
			
 
				 @property (weak, nonatomic) IBOutlet UIButton *settingsButton;
			
 
				 @property (weak, nonatomic) IBOutlet UILabel *reinstallBootstrapLabel;
			
@@ -38,6 +37,7 @@ static uint64_t kslide;
 
				 static uint64_t kbase;
			
 
				 static uint64_t kcred;
			
 
				 
			
 
				+BOOL respringNeeded;
			
 
				 BOOL fun;
			
 
				 AVPlayer *player;
			
 
				 AVPlayerViewController *cont;
			
@@ -49,9 +49,6 @@ AVPlayerViewController *cont;
 
				     [super viewDidLoad];
			
 
				     // Do any additional setup after loading the view, typically from a nib.
			
 
				     
			
 
				-    self.progressView.progress = 0;
			
 
				-    self.progressView.hidden = YES;
			
 
				-
			
 
				     self.consoleView.layer.cornerRadius = 6;
			
 
				     self.consoleView.text = nil;
			
 
				     
			
@@ -106,13 +103,15 @@ AVPlayerViewController *cont;
 
				 }
			
 
				 
			
 
				 - (IBAction)go:(UIButton *)sender {
			
 
				+    if (respringNeeded == YES) {
			
 
				+        [self restart];
			
 
				+        return;
			
 
				+    }
			
 
				+    
			
 
				     self.goButton.enabled = NO;
			
 
				     self.goButton.backgroundColor = UIColor.darkGrayColor;
			
 
				     [self.goButton setTitle:@"jailbreaking" forState:UIControlStateDisabled];
			
 
				     
			
 
				-    self.progressView.hidden = NO;
			
 
				-    [self.progressView setProgress:0.1 animated:YES];
			
 
				-    
			
 
				     [self log:@"exploiting kernel"];
			
 
				     
			
 
				     kern_return_t ret = v0rtex(&tfp0, &kslide, &kcred);
			
@@ -136,9 +135,7 @@ AVPlayerViewController *cont;
 
				 }
			
 
				 
			
 
				 - (void)bypassKPP {
			
 
				-    
			
 
				-    [self.progressView setProgress:0.3 animated:YES];
			
 
				-    [self log:@"bypassing kernel patch protection"];
			
 
				+    [self log:@"pwning kernel"];
			
 
				     
			
 
				     if (do_kpp(1, 0, kbase, kslide, tfp0) == KERN_SUCCESS) {
			
 
				         LOG("you down with kpp? yeah you know me");
			
@@ -149,9 +146,7 @@ AVPlayerViewController *cont;
 
				 }
			
 
				 
			
 
				 - (void)remount {
			
 
				-    
			
 
				-    [self.progressView setProgress:0.5 animated:YES];
			
 
				-    [self log:@"remounting / as r/w"];
			
 
				+    [self log:@"remounting"];
			
 
				     
			
 
				     if (do_remount(kslide) == KERN_SUCCESS) {
			
 
				         [self bootstrap];
			
@@ -161,8 +156,6 @@ AVPlayerViewController *cont;
 
				 }
			
 
				 
			
 
				 - (void)bootstrap {
			
 
				-    
			
 
				-    [self.progressView setProgress:0.6 animated:YES];
			
 
				     [self log:@"bootstrapping"];
			
 
				     
			
 
				     BOOL force = NO;
			
@@ -179,14 +172,13 @@ AVPlayerViewController *cont;
 
				 }
			
 
				 
			
 
				 - (void)finish {
			
 
				-    [self.progressView setProgress:1 animated:YES];
			
 
				-    [self.goButton setTitle:@"jailbroke yo!" forState:UIControlStateDisabled];
			
 
				-    
			
 
				-    [self log:@"All done, peace!"];
			
 
				+    [self log:@"device is now jailbroken!"];
			
 
				     [self log:@""];
			
 
				-    [self log:@"ssh server listening on port 2222"];
			
 
				-    [self log:@"change your root/mobile passwords!"];
			
 
				-    
			
 
				+    [self log:@"SSH server is ready on port 2222"];
			
 
				+    [self log:@"change your root/mobile passwords"];
			
 
				+    [self log:@""];
			
 
				+    [self log:@"respring to load tweaks"];
			
 
				+
			
 
				     sleep(2);
			
 
				     
			
 
				     LOG("reloading daemons...");
			
@@ -196,14 +188,17 @@ AVPlayerViewController *cont;
 
				     
			
 
				     sleep(2);
			
 
				     
			
 
				-    // TODO: not working
			
 
				+    respringNeeded = YES;
			
 
				+    [self.goButton setTitle:@"respring" forState:UIControlStateNormal];
			
 
				+    self.goButton.enabled = YES;
			
 
				+}
			
 
				+
			
 
				+- (void)restart {
			
 
				     LOG("restarting SpringBoard...");
			
 
				     
			
 
				-    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
			
 
				-        pid_t pid;
			
 
				-        //posix_spawn(&pid, "killall", 0, 0, (char**)&(const char*[]){"killall", "-9", "backboardd", NULL}, NULL);
			
 
				-        posix_spawn(&pid, "killall", 0, 0, (char**)&(const char*[]){"killall", "SpringBoard", NULL}, NULL);
			
 
				-    });
			
 
				+    pid_t pid;
			
 
				+    const char* args[] = { "killall", "backboardd", NULL };
			
 
				+    posix_spawn(&pid, "/usr/bin/killall", NULL, NULL, (char* const*)args, NULL);
			
 
				 }
			
 
				 
			
 
				 - (IBAction)fun:(UITapGestureRecognizer *)recognizer {
			
@@ -233,6 +228,7 @@ AVPlayerViewController *cont;
 
				         cont.view.frame = self.consoleView.bounds;
			
 
				         [self.consoleView addSubview:cont.view];
			
 
				         [player play];
			
 
				+        
			
 
				     } else {
			
 
				         [player pause];
			
 
				         [cont.view removeFromSuperview];
			
--- a/g0blin/bootstrap.m
+++ b/g0blin/bootstrap.m
@@ -23,7 +23,7 @@ kern_return_t do_bootstrap(bool force) {
 
				     pid_t pd = 0;
			
 
				     NSString* execpath = [[NSString stringWithUTF8String:pt] stringByDeletingLastPathComponent];
			
 
				     
			
 
				-    int f = open("/.installed_g0blin", O_RDONLY);
			
 
				+    int f = open("/.installed_g0blin_rc0", O_RDONLY);
			
 
				     if (f == -1 || force) {
			
 
				         LOG("installing bootstrap...");
			
 
				         
			
@@ -34,6 +34,7 @@ kern_return_t do_bootstrap(bool force) {
 
				         unlink("/bin/tar");
			
 
				         unlink("/bin/launchctl");
			
 
				         
			
 
				+        
			
 
				         copyfile([tar UTF8String], "/bin/tar", 0, COPYFILE_ALL);
			
 
				         chmod("/bin/tar", 0755);
			
 
				         
			
@@ -42,12 +43,16 @@ kern_return_t do_bootstrap(bool force) {
 
				         waitpid(pd, 0, 0);
			
 
				         LOG("bootstrap unpacked");
			
 
				         
			
 
				+        
			
 
				         copyfile([launchctl UTF8String], "/bin/launchctl", 0, COPYFILE_ALL);
			
 
				         chmod("/bin/launchctl", 0755);
			
 
				         
			
 
				-        open("/.installed_g0blin", O_RDWR|O_CREAT);
			
 
				+        unlink(".installed_g0blin");
			
 
				+        open("/.installed_g0blin_rc0", O_RDWR|O_CREAT);
			
 
				+        
			
 
				         open("/.cydia_no_stash", O_RDWR|O_CREAT);
			
 
				         
			
 
				+        
			
 
				         // run Cydia install scripts
			
 
				         {
			
 
				             char *name = "/var/lib/dpkg/info/base.extrainst_";
			
--- a/g0blin/kpp.m
+++ b/g0blin/kpp.m
@@ -407,13 +407,22 @@ remappage[remapcnt++] = (x & (~PMK));\
 
				         }
			
 
				 
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_file_check_mmap)), 0);
			
 
				-        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_rename)), 0);
			
 
				+        
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_iokit_check_get_property)), 0); //ts
			
 
				+        
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_mount_check_stat)), 0);
			
 
				+        
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_fork)), 0); //ts
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_run_cs_invalid)), 0); //test
			
 
				+        
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_access)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_chroot)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_create)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_deleteextattr)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_exchangedata)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_exec)), 0);
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_fsgetpath)), 0);
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getattr)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getattrlist)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getextattr)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_ioctl)), 0);
			
@@ -421,6 +430,9 @@ remappage[remapcnt++] = (x & (~PMK));\
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_listextattr)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_open)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_readlink)), 0);
			
 
				+        
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_rename)), 0);
			
 
				+        
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setattrlist)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setextattr)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_setflags)), 0);
			
@@ -430,40 +442,27 @@ remappage[remapcnt++] = (x & (~PMK));\
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_stat)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_truncate)), 0);
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_unlink)), 0);
			
 
				+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_write)), 0);
			
 
				+
			
 
				         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_notify_create)), 0);
			
 
				-        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_fsgetpath)), 0);
			
 
				-        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_getattr)), 0);
			
 
				-        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_mount_check_stat)), 0);
			
 
				         
			
 
				-        // thx tihmstar
			
 
				+        // mpo_cred_check_label_update_execve - tihmstar
			
 
				+        // WARNING - has to patched like this or Widgets (and javascript?) fail.
			
 
				         {
			
 
				-            WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_fork)), 0); //needed?
			
 
				-            WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_iokit_check_get_property)), 0); //needed?
			
 
				-            
			
 
				-            // WARNING! nulling these policies like this causes Widgets (and javascript?) to fail.
			
 
				-            //WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_cred_check_label_update_execve)), 0);
			
 
				-            //WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_cred_label_update_execve)), 0);
			
 
				-            
			
 
				-            
			
 
				-            #define INSN_NOP  0xd503201f
			
 
				-            uint64_t offset_sandbox_label_update_execve;
			
 
				-            
			
 
				-            //----------- TEST PATCHFINDER --------------//
			
 
				-            uint64_t a = find_sandbox_label_update_execve();
			
 
				-            LOG("a = 0x%llx", a);
			
 
				+            uint64_t offset_sandbox_label_update_execve = find_sandbox_label_update_execve();
			
 
				+            LOG("find_sandbox_label_update_execve = 0x%llx", offset_sandbox_label_update_execve);
			
 
				             LOG("was looking for: 0xfffffff006c35fb8");
			
 
				-            //----------- TEST PATCHFINDER --------------//
			
 
				             
			
 
				             //----------- TEMP FIX --------------//
			
 
				-            offset_sandbox_label_update_execve = 0xfffffff006c35fb8;
			
 
				+            //offset_sandbox_label_update_execve = 0xfffffff006c35fb8;
			
 
				             //----------- TEMP FIX --------------//
			
 
				             
			
 
				-            LOG("offset_sandbox_label_update_execve = 0x%llx", offset_sandbox_label_update_execve);
			
 
				             offset_sandbox_label_update_execve += slide;
			
 
				+            
			
 
				+            #define INSN_NOP  0xd503201f
			
 
				             RemapPage(offset_sandbox_label_update_execve);
			
 
				             WriteAnywhere32(NewPointer(offset_sandbox_label_update_execve), INSN_NOP);
			
 
				         }
			
 
				-        
			
 
				     }
			
 
				     
			
 
				     {
			
--- a/g0blin/patchfinder64.c
+++ b/g0blin/patchfinder64.c
@@ -1197,12 +1197,11 @@ find_symbol(const char *symbol)
 
				 }
			
 
				 
			
 
				 
			
 
				-/* g0blin test ****************************************************************/
			
 
				+/* g0blin ****z****************************************************************/
			
 
				 addr_t find_sandbox_label_update_execve(void) {
			
 
				     
			
 
				-    // Option 1
			
 
				+    addr_t ref = 0;
			
 
				     
			
 
				-    addr_t ref;
			
 
				     for (int i = 1; (ref  = find_strref("process-exec denied", i, 1)); i++) {
			
 
				         if (ref) {
			
 
				             printf("found process-exec denied at: 0x%llx\n", ref);
			
@@ -1210,11 +1209,6 @@ addr_t find_sandbox_label_update_execve(void) {
 
				         }
			
 
				     }
			
 
				     
			
 
				-    
			
 
				-    // Option 2
			
 
				-    
			
 
				-    ref = 0;
			
 
				-    
			
 
				     addr_t off, what;
			
 
				     uint8_t *str = boyermoore_horspool_memmem(kernel + pstring_base, pstring_size, (uint8_t *)"process-exec denied", sizeof("process-exec denied") - 1);
			
 
				     if (str) {
			
@@ -1222,11 +1216,16 @@ addr_t find_sandbox_label_update_execve(void) {
 
				         for (off = 0; off < kernel_size - prelink_base; off += 8) {
			
 
				             if (*(uint64_t *)(kernel + prelink_base + off) == what) {
			
 
				                 ref = *(uint64_t *)(kernel + prelink_base + off + 24);
			
 
				-                printf("also found process-exec denied at: 0x%llx\n", ref);
			
 
				+                printf("found process-exec denied at: 0x%llx\n", ref);
			
 
				+                break;
			
 
				             }
			
 
				         }
			
 
				     }
			
 
				-        
			
 
				+    
			
 
				+    printf("ref = 0x%llx\n", ref);
			
 
				+    
			
 
				+    ref =  ref - 0x368;
			
 
				+    
			
 
				     return ref;
			
 
				 }