Browse Source

fix electra in 11.1, about to do a major overhaul to try and use newer jailbreakd with 10.2.2. defensively committing while things still work

Kevin Bradley 2 years ago
parent
commit
7b22bda7cd

+ 1 - 1
Meridian/meridianTV/Info.plist

@@ -19,7 +19,7 @@
 	<key>CFBundleShortVersionString</key>
 	<string>1.2.2</string>
 	<key>CFBundleVersion</key>
-	<string>1</string>
+	<string>3</string>
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
 	<key>UIMainStoryboardFile</key>

BIN
Meridian/meridianTV/basebinaries.tar


+ 2 - 2
Meridian/meridianTV/electra_extras/sbinject/.theos/_/DEBIAN/control

@@ -8,5 +8,5 @@ Description: A modified version of Coolstars TweakInject to work on tvOS
 Maintainer: Kevin Bradley
 Author: Kevin Bradley
 Section: Utilities
-Version: 0.0.1-26
-Installed-Size: 92
+Version: 0.0.1-33
+Installed-Size: 96

BIN
Meridian/meridianTV/electra_extras/sbinject/.theos/_/usr/lib/TweakInject.dylib


+ 1 - 1
Meridian/meridianTV/electra_extras/sbinject/.theos/last_package

@@ -1 +1 @@
-./debs/com.nito.tweakinject_0.0.1-26_appletvos-arm64.deb
+./debs/com.nito.tweakinject_0.0.1-33_appletvos-arm64.deb

BIN
Meridian/meridianTV/electra_extras/sbinject/.theos/obj/appletv/debug/TweakInject.dylib


BIN
Meridian/meridianTV/electra_extras/sbinject/.theos/obj/appletv/debug/arm64/TweakInject.dylib


+ 7 - 6
Meridian/meridianTV/electra_extras/sbinject/Makefile

@@ -1,15 +1,16 @@
 ARCHS=arm64
 TARGET=appletv:clang:10.0:10.0
-#SDKVERSION=10.0
+
 include theos/makefiles/common.mk
-export THEOS_DEVICE_IP=btv.local
+export THEOS_DEVICE_IP=192.168.0.2
+export GO_EASY_ON_ME = 1
 
 LIBRARY_NAME = TweakInject
 TweakInject_LIBRARIES = substrate
-TweakInject_FILES = SBInject.x
-TweakInject_LDFLAGS := -F/Applications/Xcode8.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS10.0.sdk/System/Library/Frameworks/
-#SBInject_USE_SUBSTRATE=0
-
+TweakInject_FILES = SBInject.x 
+TweakInject_LDFLAGS := -F.
+#TweakInject_USE_SUBSTRATE=0
+#TweakInject_LOGOS_DEFAULT_GENERATOR=internal
 include $(THEOS_MAKE_PATH)/library.mk
 
 after-stage::

+ 38 - 57
Meridian/meridianTV/electra_extras/sbinject/SBInject.x

@@ -8,22 +8,21 @@
 #import <sys/types.h>
 #import <CommonCrypto/CommonDigest.h>
 #include <syslog.h>
+#import <Foundation/Foundation.h>
+#import <UIKit/UIKit.h>
 
 #define PROC_PIDPATHINFO_MAXSIZE  (1024)
 int proc_pidpath(pid_t pid, void *buffer, uint32_t buffersize);
 
-#define dylibDir @"/usr/lib/TweakInject"
+#define dylibDir @"/Library/TweakInject"
 
 NSArray *sbinjectGenerateDylibList() {
-
     NSString *processName = [[NSProcessInfo processInfo] processName];
     // launchctl, amfid you are special cases
     if ([processName isEqualToString:@"launchctl"]) {
-        HBLogInfo(@"launchctl exit");
         return nil;
     }
     if ([processName isEqualToString:@"amfid"]) {
-        HBLogInfo(@"amfid exit");
         return nil;
     }
     // Create an array containing all the filenames in dylibDir (/opt/simject)
@@ -33,8 +32,7 @@ NSArray *sbinjectGenerateDylibList() {
         return nil;
     }
     // Read current bundle identifier
-    NSString *bundleIdentifier = NSBundle.mainBundle.bundleIdentifier;
-    //NSLog(@"bundleID: %@", bundleIdentifier);
+    //NSString *bundleIdentifier = NSBundle.mainBundle.bundleIdentifier;
     // We're only interested in the plist files
     NSArray *plists = [dylibDirContents filteredArrayUsingPredicate:[NSPredicate predicateWithFormat:@"SELF ENDSWITH %@", @"plist"]];
     // Create an empty mutable array that will contain a list of dylib paths to be injected into the target process
@@ -42,8 +40,6 @@ NSArray *sbinjectGenerateDylibList() {
     // Loop through the list of plists
     for (NSString *plist in plists) {
         // We'll want to deal with absolute paths, so append the filename to dylibDir
-
-        //NSLog(@"plist: %@", plist);
         NSString *plistPath = [dylibDir stringByAppendingPathComponent:plist];
         NSDictionary *filter = [NSDictionary dictionaryWithContentsOfFile:plistPath];
         // This boolean indicates whether or not the dylib has already been injected
@@ -62,41 +58,23 @@ NSArray *sbinjectGenerateDylibList() {
             }
         }
         // Decide whether or not to load the dylib based on the Bundles values
-        
-        NSArray *injectBundles = filter[@"Filter"][@"Bundles"];
-        //NSLog(@"injectBundles: %@ vs %@", injectBundles, bundleIdentifier);
-
-        if ([injectBundles containsObject:bundleIdentifier]){
-
-            NSLog(@"inject bundles contains object: %@", bundleIdentifier);
-            
-            [dylibsToInject addObject:[[plistPath stringByDeletingPathExtension] stringByAppendingString:@".dylib"]];
-            isInjected = YES;
-            continue;
-        }
-
-
-            //this code never worked for me on tvOS
         for (NSString *entry in filter[@"Filter"][@"Bundles"]) {
             // Check to see whether or not this bundle is actually loaded in this application or not
             if (!CFBundleGetBundleWithIdentifier((CFStringRef)entry)) {
                 // If not, skip it
-                //NSLog(@"we not in here?: %@", entry);
                 continue;
             }
             [dylibsToInject addObject:[[plistPath stringByDeletingPathExtension] stringByAppendingString:@".dylib"]];
             isInjected = YES;
-            //NSLog(@"here?: %@", entry);
-            continue;
+            break;
         }
-        
         if (!isInjected) {
             // Decide whether or not to load the dylib based on the Executables values
             for (NSString *process in filter[@"Filter"][@"Executables"]) {
                 if ([process isEqualToString:processName]) {
                     [dylibsToInject addObject:[[plistPath stringByDeletingPathExtension] stringByAppendingString:@".dylib"]];
                     isInjected = YES;
-                    continue;
+                    break;
                 }
             }
         }
@@ -111,11 +89,10 @@ NSArray *sbinjectGenerateDylibList() {
                 // It's fine to add this dylib at this point
                 [dylibsToInject addObject:[[plistPath stringByDeletingPathExtension] stringByAppendingString:@".dylib"]];
                 isInjected = YES;
-                continue;
+                break;
             }
         }
     }
-
     [dylibsToInject sortUsingSelector:@selector(caseInsensitiveCompare:)];
     return dylibsToInject;
 }
@@ -126,11 +103,8 @@ int file_exist(char *filename) {
     return (r == 0);
 }
 
-
-
-@interface SpringBoard : NSObject
+@interface SpringBoard : UIApplication
 - (BOOL)launchApplicationWithIdentifier:(NSString *)identifier suspended:(BOOL)suspended;
-- (id)sharedApplication;
 @end
 
 %group SafeMode
@@ -142,7 +116,7 @@ int file_exist(char *filename) {
     return [newVariables autorelease];
 }
 %end
-/*
+
 %hook SBLockScreenManager
 -(BOOL)_finishUIUnlockFromSource:(int)arg1 withOptions:(id)arg2 {
     BOOL ret = %orig;
@@ -156,7 +130,6 @@ int file_exist(char *filename) {
     [(SpringBoard *)[%c(UIApplication) sharedApplication] launchApplicationWithIdentifier:@"org.coolstar.SafeMode" suspended:NO];
 }
 %end
-*/
 %end
 
 static BOOL isSpringBoardOrBackboard = NO;
@@ -169,9 +142,11 @@ void SpringBoardSigHandler(int signo, siginfo_t *info, void *uap){
         fprintf(f, "Hello World\n");
         fclose(f);
     }
-    FILE *f = fopen([[NSString stringWithFormat:@"%@/.safeMode-%@", NSTemporaryDirectory(), processHash] UTF8String], "w");
-    fprintf(f, "Hello World!\n");
-    fclose(f);
+    if (processHash){
+        FILE *f = fopen([[NSString stringWithFormat:@"%@/.safeMode-%@", NSTemporaryDirectory(), processHash] UTF8String], "w");
+        fprintf(f, "Hello World!\n");
+        fclose(f);
+    }
 
     raise(signo);
 }
@@ -179,21 +154,30 @@ void SpringBoardSigHandler(int signo, siginfo_t *info, void *uap){
 __attribute__ ((constructor))
 static void ctor(void) {
     @autoreleasepool {
+        unsetenv("DYLD_INSERT_LIBRARIES");
+
         if (NSBundle.mainBundle.bundleIdentifier == nil || ![NSBundle.mainBundle.bundleIdentifier isEqualToString:@"org.coolstar.SafeMode"]){
             char pathbuf[PROC_PIDPATHINFO_MAXSIZE] = {0};
             int ret = proc_pidpath(getpid(), pathbuf, sizeof(pathbuf));
             if (ret > 0){
-                uint8_t digest[CC_SHA1_DIGEST_LENGTH];
+                NSString *pathStr = [[NSString stringWithUTF8String:pathbuf] stringByResolvingSymlinksInPath];
+                NSLog(@"TweakInject: Loading for binary %@", pathStr.lastPathComponent);
+
+                if ([pathStr hasPrefix:@"/Applications"] || [pathStr hasPrefix:@"/var/containers/Bundle/Application"]){
+                    processHash = nil;
+                } else {
+                    uint8_t digest[CC_SHA1_DIGEST_LENGTH];
 
-                CC_SHA1(pathbuf, ret, digest);
+                    CC_SHA1(pathbuf, ret, digest);
 
-                NSMutableString *output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
+                    NSMutableString *output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
 
-                for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)
-                {
-                    [output appendFormat:@"%02x", digest[i]];
+                    for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)
+                    {
+                        [output appendFormat:@"%02x", digest[i]];
+                    }
+                    processHash = [[NSString alloc] initWithString:output];
                 }
-                processHash = [[NSString alloc] initWithString:output];
             }
 
             safeMode = false;
@@ -231,10 +215,12 @@ static void ctor(void) {
                 dlopen("/usr/lib/TweakInjectMapsCheck.dylib", RTLD_LAZY | RTLD_GLOBAL);
             }
 
-            const char *safeModeByProcPath = [[NSString stringWithFormat:@"%@/.safeMode-%@", NSTemporaryDirectory(), processHash] UTF8String];
-            if (file_exist((char *)safeModeByProcPath)){
-                safeMode = true;
-                unlink(safeModeByProcPath);
+            if (processHash){
+                const char *safeModeByProcPath = [[NSString stringWithFormat:@"%@/.safeMode-%@", NSTemporaryDirectory(), processHash] UTF8String];
+                if (file_exist((char *)safeModeByProcPath)){
+                    safeMode = true;
+                    unlink(safeModeByProcPath);
+                }
             }
 
             if (getenv("_MSSafeMode")){
@@ -254,12 +240,7 @@ static void ctor(void) {
             }
 
             if (!safeMode){
-
-                //HBLogInfo(@"In bundle: %@", NSBundle.mainBundle.bundleIdentifier);
-
-                NSArray *theList = sbinjectGenerateDylibList();
-                //HBLogInfo(@"theList: %@", theList);
-                for (NSString *dylib in theList) {
+                for (NSString *dylib in sbinjectGenerateDylibList()) {
                     NSLog(@"Injecting %@", dylib);
                     void *dl = dlopen([dylib UTF8String], RTLD_LAZY | RTLD_GLOBAL);
 
@@ -272,4 +253,4 @@ static void ctor(void) {
             }
         }
     }
-}
+}

BIN
Meridian/meridianTV/jailbreakd.plist