From 06e4075a26d67cd22be0bf8e414026916ad156c6 Mon Sep 17 00:00:00 2001 From: opa334 Date: Sun, 4 Sep 2022 15:37:49 +0200 Subject: [PATCH] 1.0.5 --- Helper/control | 2 +- Helper/main.m | 82 +++++++++++++++---- .../TrollInstaller/exploit/kernel_base.c | 21 ++++- PersistenceHelper/Resources/Info.plist | 2 +- PersistenceHelper/control | 2 +- Store/Resources/Info.plist | 2 +- Store/TSAppTableViewController.m | 10 ++- Store/TSApplicationsManager.h | 1 + Store/TSApplicationsManager.m | 9 ++ Store/TSSceneDelegate.m | 7 +- Store/control | 2 +- Store/entitlements.plist | 2 + 12 files changed, 108 insertions(+), 34 deletions(-) diff --git a/Helper/control b/Helper/control index 855c170..630a2bf 100644 --- a/Helper/control +++ b/Helper/control @@ -1,6 +1,6 @@ Package: com.opa334.trollstoreroothelper Name: trollstoreroothelper -Version: 1.0.4 +Version: 1.0.5 Architecture: iphoneos-arm Description: An awesome tool of some sort!! Maintainer: opa334 diff --git a/Helper/main.m b/Helper/main.m index 4bdbc81..24d70f5 100644 --- a/Helper/main.m +++ b/Helper/main.m @@ -378,6 +378,19 @@ BOOL signApp(NSString* appPath, NSError** error) return ldidRet == 0; } +void applyPatchesToInfoDictionary(NSString* appPath) +{ + NSURL* appURL = [NSURL fileURLWithPath:appPath]; + NSURL* infoPlistURL = [appURL URLByAppendingPathComponent:@"Info.plist"]; + NSMutableDictionary* infoDictM = [[NSDictionary dictionaryWithContentsOfURL:infoPlistURL error:nil] mutableCopy]; + if(!infoDictM) return; + + // enable notifications + infoDictM[@"SBAppUsesLocalNotifications"] = @1; + + [infoDictM writeToURL:infoPlistURL error:nil]; +} + // 170: failed to create container for app bundle // 171: a non trollstore app with the same identifier is already installled // 172: no info.plist found in app @@ -388,6 +401,8 @@ int installApp(NSString* appPath, BOOL sign, BOOL force, NSError** error) NSString* appId = appIdForAppPath(appPath); if(!appId) return 172; + applyPatchesToInfoDictionary(appPath); + if(sign) { // if it fails to sign, we don't care @@ -427,13 +442,25 @@ int installApp(NSString* appPath, BOOL sign, BOOL force, NSError** error) // Mark app as TrollStore app [[NSFileManager defaultManager] createFileAtPath:trollStoreMarkURL.path contents:[NSData data] attributes:nil]; - // Apply correct permissions - NSDirectoryEnumerator *enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil]; + // Apply correct permissions (First run, set everything to 644, owner 33) NSURL* fileURL; + NSDirectoryEnumerator *enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil]; while(fileURL = [enumerator nextObject]) { NSString* filePath = fileURL.path; chown(filePath.UTF8String, 33, 33); + chmod(filePath.UTF8String, 0644); + } + + // Apply correct permissions (Second run, set executables and directories to 0755) + enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil]; + while(fileURL = [enumerator nextObject]) + { + NSString* filePath = fileURL.path; + + BOOL isDir; + [[NSFileManager defaultManager] fileExistsAtPath:fileURL.path isDirectory:&isDir]; + if([filePath.lastPathComponent isEqualToString:@"Info.plist"]) { NSDictionary* infoDictionary = [NSDictionary dictionaryWithContentsOfFile:filePath]; @@ -444,10 +471,15 @@ int installApp(NSString* appPath, BOOL sign, BOOL force, NSError** error) chmod(executablePath.UTF8String, 0755); } } - else if([filePath.pathExtension isEqualToString:@"dylib"]) + else if(!isDir && [filePath.pathExtension isEqualToString:@"dylib"]) { chmod(filePath.UTF8String, 0755); } + else if(isDir) + { + // apparently all dirs are writable by default + chmod(filePath.UTF8String, 0755); + } } // chown 0 all root binaries @@ -509,17 +541,10 @@ int installApp(NSString* appPath, BOOL sign, BOOL force, NSError** error) } } -int uninstallApp(NSString* appId, NSError** error) +int uninstallApp(NSString* appPath, NSString* appId, NSError** error) { - NSString* appPath = appPathForAppId(appId, error); - if(!appPath) return 1; - LSApplicationProxy* appProxy = [LSApplicationProxy applicationProxyForIdentifier:appId]; - NSLog(@"appProxy: %@", appProxy); - - MCMContainer *appContainer = [objc_getClass("MCMAppDataContainer") containerWithIdentifier:appId createIfNecessary:NO existed:nil error:nil]; - NSLog(@"1"); NSString *containerPath = [appContainer url].path; if(containerPath) { @@ -531,8 +556,8 @@ int uninstallApp(NSString* appId, NSError** error) // delete group container paths [[appProxy groupContainerURLs] enumerateKeysAndObjectsUsingBlock:^(NSString* groupID, NSURL* groupURL, BOOL* stop) { - [[NSFileManager defaultManager] removeItemAtURL:groupURL error:nil]; NSLog(@"deleting %@", groupURL); + [[NSFileManager defaultManager] removeItemAtURL:groupURL error:nil]; }]; // delete app plugin paths @@ -541,15 +566,15 @@ int uninstallApp(NSString* appId, NSError** error) NSURL* pluginURL = pluginProxy.dataContainerURL; if(pluginURL) { - [[NSFileManager defaultManager] removeItemAtPath:pluginURL.path error:error]; - NSLog(@"deleting %@", pluginURL.path); + NSLog(@"deleting %@", pluginURL); + [[NSFileManager defaultManager] removeItemAtURL:pluginURL error:error]; } } // unregister app registerPath((char*)appPath.UTF8String, 1); - NSLog(@"deleting %@", [appPath stringByDeletingLastPathComponent]); + NSLog(@"deleting %@", [appPath stringByDeletingLastPathComponent]); // delete app BOOL deleteSuc = [[NSFileManager defaultManager] removeItemAtPath:[appPath stringByDeletingLastPathComponent] error:error]; if(deleteSuc) @@ -562,6 +587,22 @@ int uninstallApp(NSString* appId, NSError** error) } } +int uninstallAppByPath(NSString* appPath, NSError** error) +{ + if(!appPath) return 1; + NSString* appId = appIdForAppPath(appPath); + if(!appId) return 1; + return uninstallApp(appPath, appId, error); +} + +int uninstallAppById(NSString* appId, NSError** error) +{ + if(!appId) return 1; + NSString* appPath = appPathForAppId(appId, error); + if(!appPath) return 1; + return uninstallApp(appPath, appId, error); +} + // 166: IPA does not exist or is not accessible // 167: IPA does not appear to contain an app @@ -604,7 +645,7 @@ void uninstallAllApps(void) { for(NSString* appPath in trollStoreInstalledAppBundlePaths()) { - uninstallApp(appIdForAppPath(appPath), nil); + uninstallAppById(appIdForAppPath(appPath), nil); } } @@ -818,8 +859,13 @@ int main(int argc, char *argv[], char *envp[]) { { if(argc <= 2) return -3; NSString* appId = [NSString stringWithUTF8String:argv[2]]; - ret = uninstallApp(appId, &error); - } else if([cmd isEqualToString:@"install-trollstore"]) + ret = uninstallAppById(appId, &error); + } else if([cmd isEqualToString:@"uninstall-path"]) + { + if(argc <= 2) return -3; + NSString* appPath = [NSString stringWithUTF8String:argv[2]]; + ret = uninstallAppByPath(appPath, &error); + }else if([cmd isEqualToString:@"install-trollstore"]) { if(argc <= 2) return -3; NSString* tsTar = [NSString stringWithUTF8String:argv[2]]; diff --git a/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c b/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c index 5c40f51..4d67ec7 100644 --- a/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c +++ b/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c @@ -10,6 +10,7 @@ #include #include #include +#import extern void badLog(const char*, ...); @@ -53,18 +54,30 @@ uint64_t kernel_base_from_holder(mach_port_t holder, uint64_t holder_addr) struct utsname u; uname(&u); uint64_t off_task_bsd_info; - + #if __arm64e__ - if (strstr(u.machine, "iPhone14,")) + cpu_subtype_t cpuFamily = 0; + size_t cpuFamilySize = sizeof(cpuFamily); + sysctlbyname("hw.cpufamily", &cpuFamily, &cpuFamilySize, NULL, 0); + + bool isA15OrNewer; + if (cpuFamily == CPUFAMILY_ARM_BLIZZARD_AVALANCHE) { + isA15OrNewer = true; + } + else { + isA15OrNewer = false; + } + + if (isA15OrNewer) { off_task_bsd_info = 0x3c8; // ios15.1 a15 // proc_t::task_bsd_info } else { - off_task_bsd_info = 0x3b8; //; iOS15.1 a12 // proc_t::task_bsd_info + off_task_bsd_info = 0x3b8; //; iOS15.1 a12-a14 // proc_t::task_bsd_info } #else - off_task_bsd_info = 0x3A0; + off_task_bsd_info = 0x3A0; // a9-a11 #endif g_self_proc = xpaci(kread64(self_task + off_task_bsd_info)); diff --git a/PersistenceHelper/Resources/Info.plist b/PersistenceHelper/Resources/Info.plist index 2818f6d..c89c107 100644 --- a/PersistenceHelper/Resources/Info.plist +++ b/PersistenceHelper/Resources/Info.plist @@ -52,7 +52,7 @@ iPhoneOS CFBundleVersion - 1.0.4 + 1.0.5 LSRequiresIPhoneOS UIDeviceFamily diff --git a/PersistenceHelper/control b/PersistenceHelper/control index 36422fa..980a5ec 100644 --- a/PersistenceHelper/control +++ b/PersistenceHelper/control @@ -1,6 +1,6 @@ Package: com.opa334.trollstorehelper Name: TrollStore Helper -Version: 1.0.4 +Version: 1.0.5 Architecture: iphoneos-arm Description: Helper app to install and manage TrollStore! Maintainer: opa334 diff --git a/Store/Resources/Info.plist b/Store/Resources/Info.plist index 1b107f7..9684759 100644 --- a/Store/Resources/Info.plist +++ b/Store/Resources/Info.plist @@ -50,7 +50,7 @@ iPhoneOS CFBundleVersion - 1.0.4 + 1.0.5 LSRequiresIPhoneOS UIDeviceFamily diff --git a/Store/TSAppTableViewController.m b/Store/TSAppTableViewController.m index cd11afc..72549ce 100644 --- a/Store/TSAppTableViewController.m +++ b/Store/TSAppTableViewController.m @@ -55,7 +55,15 @@ { NSString* appPath = [[TSApplicationsManager sharedInstance] installedAppPaths][indexPath.row]; NSString* appId = [[TSApplicationsManager sharedInstance] appIdForAppPath:appPath]; - [[TSApplicationsManager sharedInstance] uninstallApp:appId]; + + if(appId) + { + [[TSApplicationsManager sharedInstance] uninstallApp:appId]; + } + else + { + [[TSApplicationsManager sharedInstance] uninstallAppByPath:appPath]; + } } } diff --git a/Store/TSApplicationsManager.h b/Store/TSApplicationsManager.h index 2b238f7..b8f8a41 100644 --- a/Store/TSApplicationsManager.h +++ b/Store/TSApplicationsManager.h @@ -17,5 +17,6 @@ - (int)installIpa:(NSString*)pathToIpa force:(BOOL)force; - (int)installIpa:(NSString*)pathToIpa; - (int)uninstallApp:(NSString*)appId; +- (int)uninstallAppByPath:(NSString*)path; @end \ No newline at end of file diff --git a/Store/TSApplicationsManager.m b/Store/TSApplicationsManager.m index 957a3eb..57294c2 100644 --- a/Store/TSApplicationsManager.m +++ b/Store/TSApplicationsManager.m @@ -100,9 +100,18 @@ - (int)uninstallApp:(NSString*)appId { + if(!appId) return -200; int ret = spawnRoot(helperPath(), @[@"uninstall", appId]); [[NSNotificationCenter defaultCenter] postNotificationName:@"ApplicationsChanged" object:nil]; return ret; } +- (int)uninstallAppByPath:(NSString*)path +{ + if(!path) return -200; + int ret = spawnRoot(helperPath(), @[@"uninstall-path", path]); + [[NSNotificationCenter defaultCenter] postNotificationName:@"ApplicationsChanged" object:nil]; + return ret; +} + @end \ No newline at end of file diff --git a/Store/TSSceneDelegate.m b/Store/TSSceneDelegate.m index 55b1a1d..a09325c 100644 --- a/Store/TSSceneDelegate.m +++ b/Store/TSSceneDelegate.m @@ -77,13 +77,8 @@ NSURL* url = context.URL; if (url != nil && [url isFileURL]) { [url startAccessingSecurityScopedResource]; - NSURL* tmpCopyURL = [NSURL fileURLWithPath:[NSTemporaryDirectory() stringByAppendingPathComponent:url.lastPathComponent]]; - - [[NSFileManager defaultManager] copyItemAtURL:url toURL:tmpCopyURL error:nil]; - void (^doneBlock)(BOOL) = ^(BOOL shouldExit) { - [[NSFileManager defaultManager] removeItemAtURL:tmpCopyURL error:nil]; [url stopAccessingSecurityScopedResource]; [[NSFileManager defaultManager] removeItemAtURL:url error:nil]; @@ -105,7 +100,7 @@ { // Update TrollStore itself NSLog(@"Updating TrollStore..."); - int ret = spawnRoot(helperPath(), @[@"install-trollstore", tmpCopyURL.path]); + int ret = spawnRoot(helperPath(), @[@"install-trollstore", url.path]); doneBlock(ret == 0); NSLog(@"Updated TrollStore!"); } diff --git a/Store/control b/Store/control index 808c568..812c349 100644 --- a/Store/control +++ b/Store/control @@ -1,6 +1,6 @@ Package: com.opa334.trollstore Name: TrollStore -Version: 1.0.4 +Version: 1.0.5 Architecture: iphoneos-arm Description: An awesome application! Maintainer: opa334 diff --git a/Store/entitlements.plist b/Store/entitlements.plist index e3a4663..b1b4f33 100644 --- a/Store/entitlements.plist +++ b/Store/entitlements.plist @@ -30,5 +30,7 @@ com.apple.private.uninstall.deletion + com.apple.private.security.storage.MobileDocuments + \ No newline at end of file