From e8b69f97cc74d47edb1605cb75780a5e683b4635 Mon Sep 17 00:00:00 2001 From: khanhduytran0 Date: Tue, 23 Jan 2024 15:23:45 +0700 Subject: [PATCH] Add option to open app with JIT --- JITHelper/Makefile | 15 ++++++++++ JITHelper/control | 9 ++++++ JITHelper/entitlements.plist | 16 +++++++++++ JITHelper/main.m | 41 +++++++++++++++++++++++++++ Makefile | 6 +++- TrollStore/Resources/Info.plist | 1 + TrollStore/TSAppInfo.h | 1 + TrollStore/TSAppInfo.m | 18 ++++++++++++ TrollStore/TSAppTableViewController.m | 25 ++++++++++++++-- TrollStore/TSApplicationsManager.h | 1 + TrollStore/TSApplicationsManager.m | 7 +++++ 11 files changed, 137 insertions(+), 3 deletions(-) create mode 100644 JITHelper/Makefile create mode 100644 JITHelper/control create mode 100644 JITHelper/entitlements.plist create mode 100644 JITHelper/main.m diff --git a/JITHelper/Makefile b/JITHelper/Makefile new file mode 100644 index 0000000..d1e97ad --- /dev/null +++ b/JITHelper/Makefile @@ -0,0 +1,15 @@ +TARGET := iphone:clang:16.5:14.0 +ARCHS = arm64 + +TARGET_CODESIGN = ../Exploits/fastPathSign/fastPathSign + +include $(THEOS)/makefiles/common.mk + +TOOL_NAME = trollstorejithelper + +trollstorejithelper_FILES = $(wildcard *.m) +trollstorejithelper_CODESIGN_FLAGS = --entitlements entitlements.plist +trollstorejithelper_INSTALL_PATH = /usr/local/bin +trollstorejithelper_PRIVATE_FRAMEWORKS = RunningBoardServices + +include $(THEOS_MAKE_PATH)/tool.mk diff --git a/JITHelper/control b/JITHelper/control new file mode 100644 index 0000000..5c3018c --- /dev/null +++ b/JITHelper/control @@ -0,0 +1,9 @@ +Package: com.opa334.trollstorejithelper +Name: trollstorejithelper +Version: 2.0.11 +Architecture: iphoneos-arm +Description: An awesome tool of some sort!! +Maintainer: opa334 +Author: opa334 +Section: System +Tag: role::hacker diff --git a/JITHelper/entitlements.plist b/JITHelper/entitlements.plist new file mode 100644 index 0000000..e2bf44a --- /dev/null +++ b/JITHelper/entitlements.plist @@ -0,0 +1,16 @@ + + + + + com.apple.private.security.container-required + + com.apple.private.security.no-sandbox + + com.apple.runningboard.process-state + + platform-application + + task_for_pid-allow + + + diff --git a/JITHelper/main.m b/JITHelper/main.m new file mode 100644 index 0000000..d4bf724 --- /dev/null +++ b/JITHelper/main.m @@ -0,0 +1,41 @@ +@import Foundation; +@import Darwin; + +@interface RBSProcessPredicate ++ (instancetype)predicateMatchingBundleIdentifier:(NSString *)bundleID; +@end + +@interface RBSProcessHandle ++ (instancetype)handleForPredicate:(RBSProcessPredicate *)predicate error:(NSError **)error; +- (int)rbs_pid; +@end + +#define PT_DETACH 11 +#define PT_ATTACHEXC 14 +int ptrace(int _request, pid_t _pid, caddr_t _addr, int _data); + +int main(int argc, const char* argv[]) { + RBSProcessPredicate *predicate = [RBSProcessPredicate predicateMatchingBundleIdentifier:@(argv[1])]; + RBSProcessHandle* process = [RBSProcessHandle handleForPredicate:predicate error:nil]; + + int pid = process.rbs_pid; + if (!pid) + { + return -1; + } + + int ret = ptrace(PT_ATTACHEXC, pid, 0, 0); + if (ret == -1) + { + return errno; + } + + usleep(100000); + ret = ptrace(PT_DETACH, pid, 0, 0); + if (ret == -1) + { + return errno; + } + return 0; +} + diff --git a/Makefile b/Makefile index 7b62de6..cc5e43b 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ TOPTARGETS := all clean update -$(TOPTARGETS): pre_build make_fastPathSign make_roothelper make_trollstore make_trollhelper_embedded make_trollhelper_package assemble_trollstore build_installer15 build_installer64e +$(TOPTARGETS): pre_build make_fastPathSign make_jithelper make_roothelper make_trollstore make_trollhelper_embedded make_trollhelper_package assemble_trollstore build_installer15 build_installer64e pre_build: @rm -rf ./_build 2>/dev/null || true @@ -9,6 +9,9 @@ pre_build: make_fastPathSign: @$(MAKE) -C ./Exploits/fastPathSign $(MAKECMDGOALS) +make_jithelper: + @$(MAKE) -C ./JITHelper FINALPACKAGE=1 $(MAKECMDGOALS) + make_roothelper: @$(MAKE) -C ./RootHelper FINALPACKAGE=1 $(MAKECMDGOALS) @@ -39,6 +42,7 @@ make_trollhelper_embedded: assemble_trollstore: @cp ./RootHelper/.theos/obj/trollstorehelper ./TrollStore/.theos/obj/TrollStore.app/trollstorehelper + @cp ./JITHelper/.theos/obj/trollstorejithelper ./TrollStore/.theos/obj/TrollStore.app/trollstorejithelper @cp ./TrollHelper/.theos/obj/TrollStorePersistenceHelper.app/TrollStorePersistenceHelper ./TrollStore/.theos/obj/TrollStore.app/PersistenceHelper @export COPYFILE_DISABLE=1 @tar -czvf ./_build/TrollStore.tar -C ./TrollStore/.theos/obj TrollStore.app diff --git a/TrollStore/Resources/Info.plist b/TrollStore/Resources/Info.plist index 375bf9b..657d429 100644 --- a/TrollStore/Resources/Info.plist +++ b/TrollStore/Resources/Info.plist @@ -190,6 +190,7 @@ TSRootBinaries + trollstorejithelper trollstorehelper ldid diff --git a/TrollStore/TSAppInfo.h b/TrollStore/TSAppInfo.h index 14ae0c8..1f902f1 100644 --- a/TrollStore/TSAppInfo.h +++ b/TrollStore/TSAppInfo.h @@ -50,6 +50,7 @@ - (NSAttributedString*)detailedInfoTitle; - (NSAttributedString*)detailedInfoDescription; //- (UIImage*)image; +- (BOOL)isDebuggable; - (void)log; @end diff --git a/TrollStore/TSAppInfo.m b/TrollStore/TSAppInfo.m index 952be1a..2046269 100644 --- a/TrollStore/TSAppInfo.m +++ b/TrollStore/TSAppInfo.m @@ -1165,5 +1165,23 @@ extern UIImage* imageWithSize(UIImage* image, CGSize size); }]; } +- (BOOL)isDebuggable +{ + [self loadEntitlements]; + __block BOOL debuggable = NO; + [self enumerateAllEntitlements:^(NSString *key, NSObject *value, BOOL *stop) + { + if([key isEqualToString:@"get-task-allow"]) + { + NSNumber* valueNum = (NSNumber*)value; + if(valueNum && [valueNum isKindOfClass:NSNumber.class]) + { + debuggable = valueNum.boolValue; + *stop = YES; + } + } + }]; + return debuggable; +} @end diff --git a/TrollStore/TSAppTableViewController.m b/TrollStore/TSAppTableViewController.m index 58948a7..11fc5ca 100644 --- a/TrollStore/TSAppTableViewController.m +++ b/TrollStore/TSAppTableViewController.m @@ -187,7 +187,7 @@ UIImage* imageWithSize(UIImage* image, CGSize size) [TSInstallationController presentInstallationAlertIfEnabledForFile:pathToIPA isRemoteInstall:NO completion:nil]; } -- (void)openAppPressedForRowAtIndexPath:(NSIndexPath*)indexPath +- (void)openAppPressedForRowAtIndexPath:(NSIndexPath*)indexPath enableJIT:(BOOL)enableJIT { TSApplicationsManager* appsManager = [TSApplicationsManager sharedInstance]; @@ -211,6 +211,17 @@ UIImage* imageWithSize(UIImage* image, CGSize size) [didFailController addAction:cancelAction]; [TSPresentationDelegate presentViewController:didFailController animated:YES completion:nil]; } + else if (enableJIT) + { + int ret = [appsManager enableJITForBundleID:appId]; + if (ret != 0) + { + UIAlertController* errorAlert = [UIAlertController alertControllerWithTitle:@"Error" message:[NSString stringWithFormat:@"Error enabling JIT: trollstorejithelper returned %d", ret] preferredStyle:UIAlertControllerStyleAlert]; + UIAlertAction* closeAction = [UIAlertAction actionWithTitle:@"Close" style:UIAlertActionStyleDefault handler:nil]; + [errorAlert addAction:closeAction]; + [TSPresentationDelegate presentViewController:errorAlert animated:YES completion:nil]; + } + } } - (void)showDetailsPressedForRowAtIndexPath:(NSIndexPath*)indexPath @@ -424,11 +435,21 @@ UIImage* imageWithSize(UIImage* image, CGSize size) UIAlertAction* openAction = [UIAlertAction actionWithTitle:@"Open" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) { - [self openAppPressedForRowAtIndexPath:indexPath]; + [self openAppPressedForRowAtIndexPath:indexPath enableJIT:NO]; [self deselectRow]; }]; [appSelectAlert addAction:openAction]; + if ([appInfo isDebuggable]) + { + UIAlertAction* openWithJITAction = [UIAlertAction actionWithTitle:@"Open with JIT" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) + { + [self openAppPressedForRowAtIndexPath:indexPath enableJIT:YES]; + [self deselectRow]; + }]; + [appSelectAlert addAction:openWithJITAction]; + } + UIAlertAction* showDetailsAction = [UIAlertAction actionWithTitle:@"Show Details" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) { [self showDetailsPressedForRowAtIndexPath:indexPath]; diff --git a/TrollStore/TSApplicationsManager.h b/TrollStore/TSApplicationsManager.h index 2cb588b..f15cd3f 100644 --- a/TrollStore/TSApplicationsManager.h +++ b/TrollStore/TSApplicationsManager.h @@ -16,6 +16,7 @@ - (int)uninstallApp:(NSString*)appId; - (int)uninstallAppByPath:(NSString*)path; - (BOOL)openApplicationWithBundleID:(NSString *)appID; +- (int)enableJITForBundleID:(NSString *)appID; - (int)changeAppRegistration:(NSString*)appPath toState:(NSString*)newState; @end \ No newline at end of file diff --git a/TrollStore/TSApplicationsManager.m b/TrollStore/TSApplicationsManager.m index 99d91da..c967ea1 100644 --- a/TrollStore/TSApplicationsManager.m +++ b/TrollStore/TSApplicationsManager.m @@ -179,6 +179,13 @@ extern NSUserDefaults* trollStoreUserDefaults(); return [[LSApplicationWorkspace defaultWorkspace] openApplicationWithBundleID:appId]; } +- (int)enableJITForBundleID:(NSString *)appId +{ + NSString *jitHelperPath = [[NSBundle mainBundle].bundlePath stringByAppendingPathComponent:@"trollstorejithelper"]; + int ret = spawnRoot(jitHelperPath, @[appId], nil, nil); + return ret; +} + - (int)changeAppRegistration:(NSString*)appPath toState:(NSString*)newState { if(!appPath || !newState) return -200;