From 647f43087c2c554c13e5aced60a3cbe86815ac64 Mon Sep 17 00:00:00 2001 From: khanhduytran0 Date: Tue, 23 Jan 2024 18:18:57 +0700 Subject: [PATCH 1/3] Add option to open app with JIT --- RootHelper/Makefile | 2 +- RootHelper/entitlements.plist | 2 ++ RootHelper/jit.h | 3 ++ RootHelper/jit.m | 45 +++++++++++++++++++++++++++ RootHelper/main.m | 7 +++++ TrollStore/TSAppInfo.h | 1 + TrollStore/TSAppInfo.m | 18 +++++++++++ TrollStore/TSAppTableViewController.m | 25 +++++++++++++-- TrollStore/TSApplicationsManager.h | 1 + TrollStore/TSApplicationsManager.m | 5 +++ 10 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 RootHelper/jit.h create mode 100644 RootHelper/jit.m diff --git a/RootHelper/Makefile b/RootHelper/Makefile index 4b62acb..2712772 100644 --- a/RootHelper/Makefile +++ b/RootHelper/Makefile @@ -14,6 +14,6 @@ trollstorehelper_CODESIGN_FLAGS = --entitlements entitlements.plist trollstorehelper_INSTALL_PATH = /usr/local/bin trollstorehelper_LIBRARIES = archive trollstorehelper_FRAMEWORKS = CoreTelephony -trollstorehelper_PRIVATE_FRAMEWORKS = SpringBoardServices BackBoardServices MobileContainerManager FrontBoardServices +trollstorehelper_PRIVATE_FRAMEWORKS = SpringBoardServices BackBoardServices MobileContainerManager FrontBoardServices RunningBoardServices include $(THEOS_MAKE_PATH)/tool.mk diff --git a/RootHelper/entitlements.plist b/RootHelper/entitlements.plist index 2a0d842..fa1f5a3 100644 --- a/RootHelper/entitlements.plist +++ b/RootHelper/entitlements.plist @@ -48,5 +48,7 @@ com.apple.frontboard.shutdown + com.apple.runningboard.process-state + diff --git a/RootHelper/jit.h b/RootHelper/jit.h new file mode 100644 index 0000000..ecf4b6a --- /dev/null +++ b/RootHelper/jit.h @@ -0,0 +1,3 @@ +#import + +int enableJIT(NSString *bundleID); diff --git a/RootHelper/jit.m b/RootHelper/jit.m new file mode 100644 index 0000000..b77cb9a --- /dev/null +++ b/RootHelper/jit.m @@ -0,0 +1,45 @@ +@import Foundation; +@import Darwin; + +@interface RBSProcessPredicate ++ (instancetype)predicateMatchingBundleIdentifier:(NSString *)bundleID; +@end + +@interface RBSProcessHandle ++ (instancetype)handleForPredicate:(RBSProcessPredicate *)predicate error:(NSError **)error; +- (int)rbs_pid; +@end + +#define PT_DETACH 11 +#define PT_ATTACHEXC 14 +int ptrace(int request, pid_t pid, caddr_t addr, int data); + +int enableJIT(NSString *bundleID) { +#ifdef EMBEDDED_ROOT_HELPER + return -1; +#else + RBSProcessPredicate *predicate = [RBSProcessPredicate predicateMatchingBundleIdentifier:bundleID]; + RBSProcessHandle* process = [RBSProcessHandle handleForPredicate:predicate error:nil]; + int pid = process.rbs_pid; + + if (!pid) + { + return ESRCH; + } + + int ret = ptrace(PT_ATTACHEXC, pid, 0, 0); + if (ret == -1) + { + return errno; + } + + usleep(100000); + ret = ptrace(PT_DETACH, pid, 0, 0); + if (ret == -1) + { + return errno; + } + return 0; +#endif +} + diff --git a/RootHelper/main.m b/RootHelper/main.m index 7d1e1c3..4cb8377 100644 --- a/RootHelper/main.m +++ b/RootHelper/main.m @@ -11,6 +11,7 @@ #import #import #import "devmode.h" +#import "jit.h" #ifndef EMBEDDED_ROOT_HELPER #import "codesign.h" #import "coretrust_bug.h" @@ -1573,6 +1574,12 @@ int MAIN_NAME(int argc, char *argv[], char *envp[]) // Give the system some time to reboot sleep(1); } + else if([cmd isEqualToString:@"enable-jit"]) + { + if(args.count < 2) return -3; + NSString* userAppId = args.lastObject; + ret = enableJIT(userAppId); + } NSLog(@"trollstorehelper returning %d", ret); return ret; diff --git a/TrollStore/TSAppInfo.h b/TrollStore/TSAppInfo.h index 14ae0c8..1f902f1 100644 --- a/TrollStore/TSAppInfo.h +++ b/TrollStore/TSAppInfo.h @@ -50,6 +50,7 @@ - (NSAttributedString*)detailedInfoTitle; - (NSAttributedString*)detailedInfoDescription; //- (UIImage*)image; +- (BOOL)isDebuggable; - (void)log; @end diff --git a/TrollStore/TSAppInfo.m b/TrollStore/TSAppInfo.m index 952be1a..2046269 100644 --- a/TrollStore/TSAppInfo.m +++ b/TrollStore/TSAppInfo.m @@ -1165,5 +1165,23 @@ extern UIImage* imageWithSize(UIImage* image, CGSize size); }]; } +- (BOOL)isDebuggable +{ + [self loadEntitlements]; + __block BOOL debuggable = NO; + [self enumerateAllEntitlements:^(NSString *key, NSObject *value, BOOL *stop) + { + if([key isEqualToString:@"get-task-allow"]) + { + NSNumber* valueNum = (NSNumber*)value; + if(valueNum && [valueNum isKindOfClass:NSNumber.class]) + { + debuggable = valueNum.boolValue; + *stop = YES; + } + } + }]; + return debuggable; +} @end diff --git a/TrollStore/TSAppTableViewController.m b/TrollStore/TSAppTableViewController.m index 58948a7..11fc5ca 100644 --- a/TrollStore/TSAppTableViewController.m +++ b/TrollStore/TSAppTableViewController.m @@ -187,7 +187,7 @@ UIImage* imageWithSize(UIImage* image, CGSize size) [TSInstallationController presentInstallationAlertIfEnabledForFile:pathToIPA isRemoteInstall:NO completion:nil]; } -- (void)openAppPressedForRowAtIndexPath:(NSIndexPath*)indexPath +- (void)openAppPressedForRowAtIndexPath:(NSIndexPath*)indexPath enableJIT:(BOOL)enableJIT { TSApplicationsManager* appsManager = [TSApplicationsManager sharedInstance]; @@ -211,6 +211,17 @@ UIImage* imageWithSize(UIImage* image, CGSize size) [didFailController addAction:cancelAction]; [TSPresentationDelegate presentViewController:didFailController animated:YES completion:nil]; } + else if (enableJIT) + { + int ret = [appsManager enableJITForBundleID:appId]; + if (ret != 0) + { + UIAlertController* errorAlert = [UIAlertController alertControllerWithTitle:@"Error" message:[NSString stringWithFormat:@"Error enabling JIT: trollstorejithelper returned %d", ret] preferredStyle:UIAlertControllerStyleAlert]; + UIAlertAction* closeAction = [UIAlertAction actionWithTitle:@"Close" style:UIAlertActionStyleDefault handler:nil]; + [errorAlert addAction:closeAction]; + [TSPresentationDelegate presentViewController:errorAlert animated:YES completion:nil]; + } + } } - (void)showDetailsPressedForRowAtIndexPath:(NSIndexPath*)indexPath @@ -424,11 +435,21 @@ UIImage* imageWithSize(UIImage* image, CGSize size) UIAlertAction* openAction = [UIAlertAction actionWithTitle:@"Open" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) { - [self openAppPressedForRowAtIndexPath:indexPath]; + [self openAppPressedForRowAtIndexPath:indexPath enableJIT:NO]; [self deselectRow]; }]; [appSelectAlert addAction:openAction]; + if ([appInfo isDebuggable]) + { + UIAlertAction* openWithJITAction = [UIAlertAction actionWithTitle:@"Open with JIT" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) + { + [self openAppPressedForRowAtIndexPath:indexPath enableJIT:YES]; + [self deselectRow]; + }]; + [appSelectAlert addAction:openWithJITAction]; + } + UIAlertAction* showDetailsAction = [UIAlertAction actionWithTitle:@"Show Details" style:UIAlertActionStyleDefault handler:^(UIAlertAction* action) { [self showDetailsPressedForRowAtIndexPath:indexPath]; diff --git a/TrollStore/TSApplicationsManager.h b/TrollStore/TSApplicationsManager.h index 2cb588b..f15cd3f 100644 --- a/TrollStore/TSApplicationsManager.h +++ b/TrollStore/TSApplicationsManager.h @@ -16,6 +16,7 @@ - (int)uninstallApp:(NSString*)appId; - (int)uninstallAppByPath:(NSString*)path; - (BOOL)openApplicationWithBundleID:(NSString *)appID; +- (int)enableJITForBundleID:(NSString *)appID; - (int)changeAppRegistration:(NSString*)appPath toState:(NSString*)newState; @end \ No newline at end of file diff --git a/TrollStore/TSApplicationsManager.m b/TrollStore/TSApplicationsManager.m index 99d91da..dbc92e4 100644 --- a/TrollStore/TSApplicationsManager.m +++ b/TrollStore/TSApplicationsManager.m @@ -179,6 +179,11 @@ extern NSUserDefaults* trollStoreUserDefaults(); return [[LSApplicationWorkspace defaultWorkspace] openApplicationWithBundleID:appId]; } +- (int)enableJITForBundleID:(NSString *)appId +{ + return spawnRoot(rootHelperPath(), @[@"enable-jit", appId], nil, nil); +} + - (int)changeAppRegistration:(NSString*)appPath toState:(NSString*)newState { if(!appPath || !newState) return -200; From 4bfc994f706322aa4a928106536123dfdc4022f4 Mon Sep 17 00:00:00 2001 From: Duy Tran Khanh <40482367+khanhduytran0@users.noreply.github.com> Date: Tue, 23 Jan 2024 18:47:55 +0700 Subject: [PATCH 2/3] Almost forgot this --- TrollStore/TSAppTableViewController.m | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TrollStore/TSAppTableViewController.m b/TrollStore/TSAppTableViewController.m index 11fc5ca..ed99728 100644 --- a/TrollStore/TSAppTableViewController.m +++ b/TrollStore/TSAppTableViewController.m @@ -216,7 +216,7 @@ UIImage* imageWithSize(UIImage* image, CGSize size) int ret = [appsManager enableJITForBundleID:appId]; if (ret != 0) { - UIAlertController* errorAlert = [UIAlertController alertControllerWithTitle:@"Error" message:[NSString stringWithFormat:@"Error enabling JIT: trollstorejithelper returned %d", ret] preferredStyle:UIAlertControllerStyleAlert]; + UIAlertController* errorAlert = [UIAlertController alertControllerWithTitle:@"Error" message:[NSString stringWithFormat:@"Error enabling JIT: trollstorehelper returned %d", ret] preferredStyle:UIAlertControllerStyleAlert]; UIAlertAction* closeAction = [UIAlertAction actionWithTitle:@"Close" style:UIAlertActionStyleDefault handler:nil]; [errorAlert addAction:closeAction]; [TSPresentationDelegate presentViewController:errorAlert animated:YES completion:nil]; @@ -507,4 +507,4 @@ UIImage* imageWithSize(UIImage* image, CGSize size) [self reloadTable]; } -@end \ No newline at end of file +@end From b83c53cb460bc684482786fe10bd4f0e72642923 Mon Sep 17 00:00:00 2001 From: khanhduytran0 Date: Thu, 25 Jan 2024 20:04:24 +0700 Subject: [PATCH 3/3] Add enable-jit URL scheme endpoint --- README.md | 5 ++- TrollStore/TSSceneDelegate.m | 54 +++++++++++++++++++++++++++ TrollStore/TSSettingsListController.m | 2 +- 3 files changed, 58 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2a1fc4d..d5e6e75 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,10 @@ On jailbroken iOS 14 when TrollHelper is used for installation, it is located in ## URL Scheme -As of version 1.3, TrollStore replaces the system URL scheme "apple-magnifier" (this is done so "jailbreak" detections can't detect TrollStore like they could if TrollStore had a unique URL scheme). This URL scheme can be used to install applications right from the browser, the format goes as follows: +As of version 1.3, TrollStore replaces the system URL scheme "apple-magnifier" (this is done so "jailbreak" detections can't detect TrollStore like they could if TrollStore had a unique URL scheme). This URL scheme can be used to install applications right from the browser, or to enable JIT from the app itself, the format goes as follows: -`apple-magnifier://install?url=` +- `apple-magnifier://install?url=` +- `apple-magnifier://enable-jit?bundle-id=` On devices that don't have TrollStore (1.3+) installed, this will just open the magnifier app. diff --git a/TrollStore/TSSceneDelegate.m b/TrollStore/TSSceneDelegate.m index f4b242b..b5090fa 100644 --- a/TrollStore/TSSceneDelegate.m +++ b/TrollStore/TSSceneDelegate.m @@ -1,6 +1,7 @@ #import "TSSceneDelegate.h" #import "TSRootViewController.h" #import "TSUtil.h" +#import "TSApplicationsManager.h" #import "TSInstallationController.h" #import @@ -67,11 +68,64 @@ [TSInstallationController handleAppInstallFromRemoteURL:URLToInstall completion:nil]; } } + else if([components.host isEqualToString:@"enable-jit"]) + { + NSString* BundleIDToEnableJIT; + + for(NSURLQueryItem* queryItem in components.queryItems) + { + if([queryItem.name isEqualToString:@"bundle-id"]) + { + BundleIDToEnableJIT = queryItem.value; + break; + } + } + + if(BundleIDToEnableJIT && [BundleIDToEnableJIT isKindOfClass:NSString.class]) + { + dispatch_async(dispatch_get_main_queue(), ^ + { + [self handleEnableJITForBundleID:BundleIDToEnableJIT]; + }); + } + } } } } } +- (void)handleEnableJITForBundleID:(NSString *)appId +{ + TSApplicationsManager* appsManager = [TSApplicationsManager sharedInstance]; + + BOOL didOpen = [appsManager openApplicationWithBundleID:appId]; + + // if we failed to open the app, show an alert + if(!didOpen) + { + NSString* failMessage = @""; + // we don't have TSAppInfo here so we cannot check the registration state + + NSString* failTitle = [NSString stringWithFormat:@"Failed to open %@", appId]; + UIAlertController* didFailController = [UIAlertController alertControllerWithTitle:failTitle message:failMessage preferredStyle:UIAlertControllerStyleAlert]; + UIAlertAction* cancelAction = [UIAlertAction actionWithTitle:@"Cancel" style:UIAlertActionStyleCancel handler:nil]; + + [didFailController addAction:cancelAction]; + [TSPresentationDelegate presentViewController:didFailController animated:YES completion:nil]; + } + else + { + int ret = [appsManager enableJITForBundleID:appId]; + if (ret != 0) + { + UIAlertController* errorAlert = [UIAlertController alertControllerWithTitle:@"Error" message:[NSString stringWithFormat:@"Error enabling JIT: trollstorehelper returned %d", ret] preferredStyle:UIAlertControllerStyleAlert]; + UIAlertAction* closeAction = [UIAlertAction actionWithTitle:@"Close" style:UIAlertActionStyleDefault handler:nil]; + [errorAlert addAction:closeAction]; + [TSPresentationDelegate presentViewController:errorAlert animated:YES completion:nil]; + } + } +} + // We want to auto install ldid if either it doesn't exist // or if it's the one from an old TrollStore version that's no longer supported - (void)handleLdidCheck diff --git a/TrollStore/TSSettingsListController.m b/TrollStore/TSSettingsListController.m index f9b9119..61976cc 100644 --- a/TrollStore/TSSettingsListController.m +++ b/TrollStore/TSSettingsListController.m @@ -291,7 +291,7 @@ extern NSUserDefaults* trollStoreUserDefaults(void); PSSpecifier* installationSettingsGroupSpecifier = [PSSpecifier emptyGroupSpecifier]; installationSettingsGroupSpecifier.name = @"Security"; - [installationSettingsGroupSpecifier setProperty:@"The URL Scheme, when enabled, will allow apps and websites to trigger TrollStore installations through the apple-magnifier://install?url= URL scheme." forKey:@"footerText"]; + [installationSettingsGroupSpecifier setProperty:@"The URL Scheme, when enabled, will allow apps and websites to trigger TrollStore installations through the apple-magnifier://install?url= URL scheme and enable JIT through the apple-magnifier://enable-jit?bundle-id= URL scheme." forKey:@"footerText"]; [_specifiers addObject:installationSettingsGroupSpecifier];