1.2 release

Meridian/Meridian/build_time

@@ -1 +1 @@
-Sun, 08 Jul 2018 22:28:29 -0700
+Sun, 22 Jul 2018 13:55:00 -0700

Meridian/Meridian/jailbreak.m

@@ -395,11 +395,12 @@ int makeShitHappen(ViewController *view, BOOL kppless) {
     if (!isKppless) {
     // start jailbreakd
     
-    ret = inject_trust("/meridian/inject_criticald");
-    //ret = inject_trust("/electra/amfid_payload.dylib");
-    //ret = inject_trust("/electra/pspawn_payload.dylib");
-    //ret = inject_trust("/electra/libjailbreak.dylib");
-  
+    //ret = inject_trust("/meridian/inject_criticald");
+    //ret = inject_trust("/meridian/amfid_payload.dylib");
+    //ret = inject_trust("/usr/lib/pspawn_hook.dylib");
+    //ret = inject_trust("/usr/lib/libjailbreak.dylib");
+    //ret = inject_trust("/Library/MobileSubstrate/DynamicLibraries/DalesDeadBug.dylib");
+   
     //if (ret != 0) return -1;
     
     
@@ -412,8 +413,17 @@ int makeShitHappen(ViewController *view, BOOL kppless) {
         }
         return 1;
     }
+        //pid_t pid = get_pid_for_name("installd");
+        //ret = call_jailbreakd(JAILBREAKD_COMMAND_ENTITLE, pid);
+        //ret = inject_library(pid, "/Library/MobileSubstrate/DynamicLibraries/DalesDeadBug.dylib");
     [view writeText:@"done!"];
+    /*
+#define inject_criticald "/meridian/inject_criticald"
     
+    const char* args_launchd[] = {inject_criticald, itoa(1), "/usr/lib/pspawn_hook.dylib", NULL};
+    int rv = posix_spawn(&pd, inject_criticald, NULL, NULL, (char **)&args_launchd, NULL);
+    waitpid(pd, NULL, 0);
+    */
     // patch com.apple.System.boot-nonce
     [view writeText:@"patching boot-nonce..."];
     ret = nvpatch("com.apple.System.boot-nonce");
@@ -521,7 +531,7 @@ int extractMeridianData() {
     unlink("/usr/bin/cynject");
     unlink("/usr/bin/cycc");
     symlink("/meridian/inject_criticald", "/usr/bin/cynject"); //mimic cynject
-    symlink("/usr/bin/ssh", "/usr/local/bin/"); //get scp working
+    symlink("/usr/bin/ssh", "/usr/local/bin/ssh"); //get scp working
     //rv = extract_bundle_tar("basebinaries.tar");
     return rv;
 }
@@ -810,6 +820,7 @@ int startJailbreakd() {
         }
     }
     
+    //return 0;
     usleep(100000);
     
     

Meridian/amfid/IOKit.framework/IOKit

@@ -0,0 +1 @@
+Versions/A/IOKit

Meridian/amfid/IOKit.framework/Versions/Current

@@ -0,0 +1 @@
+A

Meridian/amfid/Makefile

@@ -2,9 +2,9 @@ TARGET  = amfid_payload.dylib
 OUTDIR ?= bin
 SRC     = $(wildcard *.c) $(wildcard *.m) $(wildcard */*.c) $(wildcard */*.m)
 
-CC      = xcrun -sdk iphoneos gcc -arch arm64
+CC      = xcrun -sdk appletvos gcc -arch arm64
 LDID    = ldid
-CFLAGS  = -dynamiclib -framework Foundation -framework IOKit -lc++
+CFLAGS  = -dynamiclib -framework Foundation -framework IOKit -lc++ -F.
 
 all: $(OUTDIR)/$(TARGET)
 

Meridian/amfid/main.m

@@ -97,7 +97,7 @@ int fake_MISValidateSignatureAndCopyInfo(NSString* file, NSDictionary* options,
     const char *hash_name = get_hash_name(chosen_csdir->hashType);
     
     INFO(@"magic was performed [%08x (%s)]: %@", ntohl(*(uint64_t *)cd_hash), hash_name, file);
-    
+    /*
     // let's check entitlements, add platform-application if necessary
     ret = fixup_platform_application(file.UTF8String,
                                      file_off,
@@ -110,7 +110,7 @@ int fake_MISValidateSignatureAndCopyInfo(NSString* file, NSDictionary* options,
     if (ret != 0) {
         ERROR(@"fixup_platform_application returned: %d", ret);
     }
-    
+    */
     close_img(&img);
     return 0;
 }

Meridian/jailbreakd/Makefile

@@ -2,8 +2,9 @@ TARGET  = jailbreakd
 OUTDIR ?= bin
 SRC     = $(wildcard *.c) $(wildcard *.m) $(wildcard */*.c) $(wildcard */*.m)
 
+#CC      = xcrun -sdk iphoneos gcc -arch arm64
 CC      = xcrun -sdk iphoneos gcc -arch arm64
-LDID    = ldid
+LDID    = ldid2
 CHMOD   = chmod
 
 all: $(OUTDIR)/$(TARGET)

Meridian/meridian.xcodeproj/project.pbxproj

@@ -67,6 +67,7 @@
 		325A25B920E89561001D1BAD /* unliberios.c in Sources */ = {isa = PBXBuildFile; fileRef = 325A259E20E8952E001D1BAD /* unliberios.c */; };
 		325A25BA20E89561001D1BAD /* utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 325A25A020E8952E001D1BAD /* utils.c */; };
 		328CC34720EE91BE0071849C /* tar.gz in Resources */ = {isa = PBXBuildFile; fileRef = 328CC34620EE91BE0071849C /* tar.gz */; };
+		32A431A621018C2200DC223C /* nonce.c in Sources */ = {isa = PBXBuildFile; fileRef = 32A431A421018C2200DC223C /* nonce.c */; };
 		32DC44E420EF0F8B008FFF9C /* kpp.m in Sources */ = {isa = PBXBuildFile; fileRef = 32DC44E220EF0F8B008FFF9C /* kpp.m */; };
 		32DC44E720EF103E008FFF9C /* kpppatchfinder64.c in Sources */ = {isa = PBXBuildFile; fileRef = 32DC44E520EF103D008FFF9C /* kpppatchfinder64.c */; };
 		32DC44EC20EF123A008FFF9C /* kppkernel.m in Sources */ = {isa = PBXBuildFile; fileRef = 32DC44E920EF1239008FFF9C /* kppkernel.m */; };
@@ -230,6 +231,9 @@
 		325A25A020E8952E001D1BAD /* utils.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = utils.c; sourceTree = "<group>"; };
 		325A25A120E8952E001D1BAD /* utils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = utils.h; sourceTree = "<group>"; };
 		328CC34620EE91BE0071849C /* tar.gz */ = {isa = PBXFileReference; lastKnownFileType = archive.gzip; name = tar.gz; path = meridianTV/electra/bootstrap/tar.gz; sourceTree = "<group>"; };
+		32A431A421018C2200DC223C /* nonce.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = nonce.c; sourceTree = "<group>"; };
+		32A431A521018C2200DC223C /* nonce.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = nonce.h; sourceTree = "<group>"; };
+		32A431A721018C8900DC223C /* debug.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = "<group>"; };
 		32DC44E220EF0F8B008FFF9C /* kpp.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = kpp.m; sourceTree = "<group>"; };
 		32DC44E320EF0F8B008FFF9C /* kpp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kpp.h; sourceTree = "<group>"; };
 		32DC44E520EF103D008FFF9C /* kpppatchfinder64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kpppatchfinder64.c; sourceTree = "<group>"; };
@@ -480,6 +484,9 @@
 		325A258F20E8952E001D1BAD /* utilities */ = {
 			isa = PBXGroup;
 			children = (
+				32A431A721018C8900DC223C /* debug.h */,
+				32A431A421018C2200DC223C /* nonce.c */,
+				32A431A521018C2200DC223C /* nonce.h */,
 				325A259020E8952E001D1BAD /* amfi_utils.c */,
 				325A259120E8952E001D1BAD /* amfi_utils.h */,
 				325A259220E8952E001D1BAD /* apfs_util.c */,
@@ -922,6 +929,7 @@
 				32DC44E720EF103E008FFF9C /* kpppatchfinder64.c in Sources */,
 				325A25AB20E89556001D1BAD /* bootstrap.c in Sources */,
 				320AFA9A20E34FD500859485 /* NSData+GZip.m in Sources */,
+				32A431A621018C2200DC223C /* nonce.c in Sources */,
 				3252639E20E0B1D3003BD42A /* jailbreak.m in Sources */,
 				32DC44EF20EF14B5008FFF9C /* kppremount.m in Sources */,
 				325A25AD20E89556001D1BAD /* fun_objc.m in Sources */,

Meridian/meridian.xcodeproj/xcuserdata/kevinbradley.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -30,33 +30,5 @@
 			<integer>2</integer>
 		</dict>
 	</dict>
-	<key>SuppressBuildableAutocreation</key>
-	<dict>
-		<key>3252638220E0B140003BD42A</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-		<key>B514CC751FECD788005F4E6B</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-		<key>B5555EA6205438CA00D62F57</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-		<key>B5555EAE205438F300D62F57</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-		<key>B5555EB22054390100D62F57</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-	</dict>
 </dict>
 </plist>

Meridian/meridianTV/Info.plist

@@ -17,7 +17,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1</string>
+	<string>1.2</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>LSRequiresIPhoneOS</key>

Meridian/meridianTV/ViewController.m

@@ -56,7 +56,7 @@ typedef NS_ENUM(NSInteger, BSInstallType) {
 @property (strong, nonatomic) UILabel *versionLabel;
 @end
 
-NSString *Version = @"backr00m: 1.1";
+NSString *Version = @"backr00m: 1.2";
 NSOperatingSystemVersion osVersion;
 
 id thisClass;
@@ -338,7 +338,7 @@ bool jailbreak_has_run = false;
     
     [self writeTextPlain:[NSString stringWithFormat:@"> %@", Version]];
     
-    [self writeTextPlain:@"> Includes software / explots by Ian Beer, CoolStar, Jaywalker, nitoTV, nullpixel, PsychoTea, pwn20wnd, Siguza and tihmstar" ];
+    [self writeTextPlain:@"> Includes software / explots by Ian Beer, CoolStar, Jaywalker, nitoTV, nullpixel, PsychoTea, pwn20wnd, Siguza, stek29 and tihmstar" ];
     
     if (self.installMode == BSInstallTypeUnsupported) {
         
@@ -397,12 +397,13 @@ bool jailbreak_has_run = false;
     
     if (self.installMode == BSInstallTypeMeridian) {
         
+        /*
         
         playPauseOrMenuDoubleTapRecognizer = [[UITapGestureRecognizer alloc]initWithTarget:self action:@selector(handleDoubleTapMenuOrPlayPause:)];
         playPauseOrMenuDoubleTapRecognizer.numberOfTapsRequired = 2;
         playPauseOrMenuDoubleTapRecognizer.allowedPressTypes = @[[NSNumber numberWithInteger:UIPressTypePlayPause], [NSNumber numberWithInteger:UIPressTypeMenu]];
         [self.view addGestureRecognizer:playPauseOrMenuDoubleTapRecognizer];
-        
+        */
         if ([self shouldShowTimer]){
             
             [self showWaitTimer];

Meridian/pspawn_hook/Makefile

@@ -1,8 +1,9 @@
 TARGET  = pspawn_hook.dylib
 OUTDIR ?= bin
 
-CC      = xcrun -sdk iphoneos gcc -arch arm64 -arch armv7 -arch armv7s
-LDID    = ldid
+#CC      = xcrun -sdk iphoneos gcc -arch arm64 -arch armv7 -arch armv7s
+CC      = xcrun -sdk appletvos gcc -arch arm64 -F.
+LDID    = ldid2
 
 all: $(OUTDIR)/$(TARGET)
 

Meridian/pspawn_hook/pspawn_hook.m

@@ -154,10 +154,10 @@ int fake_posix_spawn_common(pid_t *pid, const char *path, const posix_spawn_file
     char const** newenvp = (char const **)malloc((envcount + 2) * sizeof(char **));
     int j = 0;
     for (int i = 0; i < envcount; i++) {
-        if (strstr(envp[j], "DYLD_INSERT_LIBRARIES") != NULL) {
+        if (strstr(envp[i], "DYLD_INSERT_LIBRARIES") != NULL) {
             continue;
         }
-        newenvp[i] = envp[j];
+        newenvp[j] = envp[i];
         j++;
     }