Home Explore Help
Sign In
NitoTV
/
merdian
Watch 3
Star 0
Fork 0
Files Issues 0 Pull Requests 1 Wiki
Tree: 55cb733ca3
Branches Tags
merdian
/
Meridian
/
Meridian
/
patchfinders
/
offsetfinder.mm

offsetfinder.mm 4.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. //
    2. 

  2. //  offsetfinder.mm
    3. 

  3. //  Meridian
    4. 

  4. //
    5. 

  5. //  Created by Ben Sparkes on 08/03/2018.
    6. 

  6. //  Copyright © 2018 Ben Sparkes. All rights reserved.
    7. 

  7. //
    8. 

  8. 

  9. #include "v0rtex.h"
    10. 

  10. #include "liboffsetfinder64.hpp"
    11. 

  11. #include "ViewController.h"
    12. 

  12. #import <Foundation/Foundation.h>
    13. 

  13. 

  14. static bool DidInit = false;
    15. 

  15. static offsets_t off;
    16. 

  16. 

  17. extern "C" offsets_t *get_offsets() {
    18. 

  18.     if (DidInit) {
    19. 

  19.         return &off;
    20. 

  20.     }
    21. 

  21. 

  22.     try {
    23. 

  23.         NSLog(@"[OFFSET] initializing offsetfinder...");
    24. 

  24.         tihmstar::offsetfinder64 fi("/System/Library/Caches/com.apple.kernelcaches/kernelcache");
    25. 

  25.         NSLog(@"[OFFSET] initialized offsetfinder");
    26. 

  26. 

  27.         off.base = 0xfffffff007004000;
    28. 

  28. 

  29.         NSLog(@"[OFFSET] begginning offset finding...");
    30. 

  30.         off.sizeof_task                         = (kptr_t)fi.find_sizeof_task();
    31. 

  31.         off.task_itk_self                       = (kptr_t)fi.find_task_itk_self();
    32. 

  32.         off.task_itk_registered                 = (kptr_t)fi.find_task_itk_registered();
    33. 

  33.         off.task_bsd_info                       = (kptr_t)fi.find_task_bsd_info();
    34. 

  34.         off.proc_ucred                          = (kptr_t)fi.find_proc_ucred();
    35. 

  35.         off.vm_map_hdr                          = (kptr_t)fi.find_vm_map_hdr();
    36. 

  36.         off.ipc_space_is_task                   = (kptr_t)fi.find_ipc_space_is_task();
    37. 

  37.         off.realhost_special                    = 0x10;
    38. 

  38.         off.iouserclient_ipc                    = (kptr_t)fi.find_iouserclient_ipc();
    39. 

  39.         off.vtab_get_retain_count               = (kptr_t)fi.find_vtab_get_retain_count();
    40. 

  40.         off.vtab_get_external_trap_for_index    = (kptr_t)fi.find_vtab_get_external_trap_for_index();
    41. 

  41.         NSLog(@"[OFFSET] grabbed struct offsets");
    42. 

  42. 

  43.         off.zone_map                            = (kptr_t)fi.find_zone_map();
    44. 

  44.         off.kernel_map                          = (kptr_t)fi.find_kernel_map();
    45. 

  45.         off.kernel_task                         = (kptr_t)fi.find_kernel_task();
    46. 

  46.         off.realhost                            = (kptr_t)fi.find_realhost();
    47. 

  47.         NSLog(@"[OFFSET] grabbed map offsets");
    48. 

  48.         
    49. 

  49.         off.copyin                              = (kptr_t)fi.find_copyin();
    50. 

  50.         off.copyout                             = (kptr_t)fi.find_copyout();
    51. 

  51.         off.chgproccnt                          = (kptr_t)fi.find_chgproccnt();
    52. 

  52.         off.kauth_cred_ref                      = (kptr_t)fi.find_kauth_cred_ref();
    53. 

  53.         off.ipc_port_alloc_special              = (kptr_t)fi.find_ipc_port_alloc_special();
    54. 

  54.         off.ipc_kobject_set                     = (kptr_t)fi.find_ipc_kobject_set();
    55. 

  55.         off.ipc_port_make_send                  = (kptr_t)fi.find_ipc_port_make_send();
    56. 

  56.         off.osserializer_serialize              = (kptr_t)fi.find_osserializer_serialize();
    57. 

  57.         off.rop_ldr_x0_x0_0x10                  = (kptr_t)fi.find_rop_ldr_x0_x0_0x10();
    58. 

  58.         NSLog(@"[OFFSET] grabbed code offsets");
    59. 

  59.         
    60. 

  60.         off.root_vnode                          = (kptr_t)fi.find_rootvnode();
    61. 

  61.         
    62. 

  62.         off.vfs_context_current                 = (kptr_t)fi.find_sym("_vfs_context_current");
    63. 

  63.         off.vnode_getfromfd                     = (kptr_t)fi.find_sym("_vnode_getfromfd");
    64. 

  64.         off.vnode_getattr                       = (kptr_t)fi.find_sym("_vnode_getattr");
    65. 

  65.         off.csblob_ent_dict_set                 = (kptr_t)fi.find_sym("_csblob_entitlements_dictionary_set");
    66. 

  66.         off.sha1_init                           = (kptr_t)fi.find_sym("_SHA1Init");
    67. 

  67.         off.sha1_update                         = (kptr_t)fi.find_sym("_SHA1Update");
    68. 

  68.         off.sha1_final                          = (kptr_t)fi.find_sym("_SHA1Final");
    69. 

  69.         NSLog(@"[OFFSET] grabbed amfi offsets");
    70. 

  70.         
    71. 

  71.         NSLog(@"[OFFSET] sizeof_task = 0x%llx", off.sizeof_task);
    72. 

  72.         NSLog(@"[OFFSET] task_itk_self = 0x%llx", off.task_itk_self);
    73. 

  73.         NSLog(@"[OFFSET] task_itk_registered = 0x%llx", off.task_itk_registered);
    74. 

  74.         NSLog(@"[OFFSET] kernel_task = 0x%llx", off.kernel_task);
    75. 

  75.         NSLog(@"[OFFSET] rootvnode = 0x%llx", off.root_vnode);
    76. 

  76.         NSLog(@"[OFFSET] sha1_init = 0x%llx", off.sha1_init);
    77. 

  77.     } catch (tihmstar::exception &e) {
    78. 

  78.         NSLog(@"offsetfinder failure! %d (%s)", e.code(), e.what());
    79. 

  79.         return NULL;
    80. 

  80.     } catch (std::exception &e) {
    81. 

  81.         NSLog(@"fatal offsetfinder failure! %s", e.what());
    82. 

  82.         return NULL;
    83. 

  83.     }
    84. 

  84.         
    85. 

  85.     DidInit = true;
    86. 

  86. 

  87.     return &off;
    88. 

  88. }
    89. 

  89.