Update for new in-kernel offset cacheHEADmaster

7 files changed, 55 insertions, 50 deletions

diff --git a/.gitmodules b/.gitmodules
index 8cafbbc..82056c8 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "patchfinder64"]
 	path = patchfinder64
 	url = git@github.com:sbingner/patchfinder64.git
+[submodule "offset-cache"]
+	path = offset-cache
+	url = git@github.com:sbingner/offset-cache.git
diff --git a/Makefile b/Makefile
index 86c2eb2..1f80c82 100644
--- a/Makefile
+++ b/Makefile
@@ -5,9 +5,9 @@ include $(THEOS)/makefiles/common.mk
 
 TOOL_NAME = inject
 inject_CODESIGN_FLAGS = -Sentitlements.xml
-inject_CFLAGS += -I. -I./patchfinder64 -I./kernel_call -Wno-unused-variable -Wno-unused-function -Wno-unused-label
+inject_CFLAGS += -I. -Ipatchfinder64 -Ikernel_call -Ioffset-cache -Wno-unused-variable -Wno-unused-function -Wno-unused-label
 inject_LIBRARIES = mis
 inject_FRAMEWORKS = Foundation CoreFoundation IOKit Security
-inject_FILES = main.m inject.m patchfinder64/patchfinder64.c kern_funcs.c kernel_call/kc_parameters.c kernel_call/kernel_alloc.c kernel_call/kernel_call.c kernel_call/kernel_memory.c kernel_call/kernel_slide.c kernel_call/log.c kernel_call/pac.c kernel_call/parameters.c kernel_call/platform_match.c kernel_call/platform.c kernel_call/user_client.c
+inject_FILES = main.m inject.m patchfinder64/patchfinder64.c kern_funcs.c kernel_call/kc_parameters.c kernel_call/kernel_alloc.c kernel_call/kernel_call.c kernel_call/kernel_memory.c kernel_call/kernel_slide.c kernel_call/log.c kernel_call/pac.c kernel_call/parameters.c kernel_call/platform_match.c kernel_call/platform.c kernel_call/user_client.c offset-cache/offsetcache.c
 
 include $(THEOS_MAKE_PATH)/tool.mk
diff --git a/control b/control
index c68b069..807ab3b 100644
--- a/control
+++ b/control
@@ -1,6 +1,6 @@
 Package: trustinjector
 Name: Trust Cache Injector
-Version: 0.4~b4
+Version: 0.4~b5
 Architecture: iphoneos-arm
 Description: Inject files to kernel trust cache
 Maintainer: Sam Bingner <maintainer@sbdhi.com>
diff --git a/kern_funcs.c b/kern_funcs.c
index c701cb3..8c09684 100644
--- a/kern_funcs.c
+++ b/kern_funcs.c
@@ -25,7 +25,6 @@
 #include "kc_parameters.h"
 #include "kernel_memory.h"
 
-offsets_t offs;
 uint64_t kernel_base;
 static mach_port_t tfp0=MACH_PORT_NULL;
 size_t kread(uint64_t where, void *p, size_t size);
diff --git a/kern_funcs.h b/kern_funcs.h
index e97e13a..bbeb5a0 100644
--- a/kern_funcs.h
+++ b/kern_funcs.h
@@ -1,29 +1,10 @@
 #ifndef _KERN_FUNCS_H_
 #define _KERN_FUNCS_H_
+#include <offsetcache.h>
 
-#define SETOFFSET(offset, val) (offs.offset = val)
-#define GETOFFSET(offset) offs.offset
+#define SETOFFSET(offset, val) set_offset(#offset, val)
+#define GETOFFSET(offset) get_offset(#offset)
 
-typedef struct {
-    uint64_t trustcache;
-    uint64_t kernel_task;
-    uint64_t pmap_load_trust_cache;
-    uint64_t paciza_pointer__l2tp_domain_module_start;
-    uint64_t paciza_pointer__l2tp_domain_module_stop;
-    uint64_t l2tp_domain_inited;
-    uint64_t sysctl__net_ppp_l2tp;
-    uint64_t sysctl_unregister_oid;
-    uint64_t mov_x0_x4__br_x5;
-    uint64_t mov_x9_x0__br_x1;
-    uint64_t mov_x10_x3__br_x6;
-    uint64_t kernel_forge_pacia_gadget;
-    uint64_t kernel_forge_pacda_gadget;
-    uint64_t IOUserClient__vtable;
-    uint64_t IORegistryEntry__getRegistryEntryID;
-    uint64_t pmap_loaded_trust_caches;
-} offsets_t;
-
-extern offsets_t offs;
 extern uint64_t kernel_base;
 extern uint64_t kernel_slide;
 
diff --git a/main.m b/main.m
index 0afddec..a4095d1 100644
--- a/main.m
+++ b/main.m
@@ -10,7 +10,8 @@
 #include <CoreFoundation/CoreFoundation.h>
 #include <mach/mach.h>
 #include <dlfcn.h>
-#include "patchfinder64/patchfinder64.h"
+#include <offsetcache.h>
+#include <patchfinder64.h>
 #include "CSCommon.h"
 #include "kern_funcs.h"
 #include "inject.h"
@@ -46,31 +47,52 @@ int main(int argc, char* argv[]) {
     set_tfp0(tfp0);
     struct task_dyld_info dyld_info = { 0 };
     mach_msg_type_number_t count = TASK_DYLD_INFO_COUNT;
-    if (task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &count) != KERN_SUCCESS ||
-        (kernel_base = dyld_info.all_image_info_addr) == 0) {
+    if (task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &count) == 0 &&
+            dyld_info.all_image_info_addr != 0 &&
+            dyld_info.all_image_info_addr != dyld_info.all_image_info_size + 0xfffffff007004000) {
+
+        size_t blob_size = rk64(dyld_info.all_image_info_addr);
+        struct cache_blob *blob = create_cache_blob(blob_size);
+        if (kread(dyld_info.all_image_info_addr, blob, blob_size)) import_cache_blob(blob);
+        free(blob);
+        if (get_offset("kernel_slide") == kernel_slide) {
+#ifdef DEBUG
+            print_cache();
+#endif
+            if (get_offset("kernel_base")) {
+                kernel_base = get_offset("kernel_base");
+            } else {
+                kernel_base = dyld_info.all_image_info_size + 0xfffffff007004000;
+            }
+        }
+    } else if ((kernel_base = dyld_info.all_image_info_addr) != 0) {
+        kernel_slide = dyld_info.all_image_info_size;
+        @autoreleasepool {
+            NSMutableDictionary *offsets = [NSMutableDictionary dictionaryWithContentsOfFile:@"/jb/offsets.plist"];
+            SETOFFSET(trustcache, (uint64_t)strtoull([offsets[@"TrustChain"] UTF8String], NULL, 16));
+#if __arm64e__
+            SETOFFSET(kernel_task, (uint64_t)strtoull([offsets[@"KernelTask"] UTF8String], NULL, 16));
+            // We should use this on other things but kexecute is broken for i6 at least
+            SETOFFSET(pmap_load_trust_cache, (uint64_t)strtoull([offsets[@"PmapLoadTrustCache"] UTF8String], NULL, 16));
+            SETOFFSET(paciza_pointer__l2tp_domain_module_start, (uint64_t)strtoull([offsets[@"PacizaPointerL2TPDomainModuleStart"] UTF8String], NULL, 16));
+            SETOFFSET(paciza_pointer__l2tp_domain_module_stop, (uint64_t)strtoull([offsets[@"PacizaPointerL2TPDomainModuleStop"] UTF8String], NULL, 16));
+            SETOFFSET(l2tp_domain_inited, (uint64_t)strtoull([offsets[@"L2TPDomainInited"] UTF8String], NULL, 16));
+            SETOFFSET(sysctl__net_ppp_l2tp, (uint64_t)strtoull([offsets[@"SysctlNetPPPL2TP"] UTF8String], NULL, 16));
+            SETOFFSET(sysctl_unregister_oid, (uint64_t)strtoull([offsets[@"SysctlUnregisterOid"] UTF8String], NULL, 16));
+            SETOFFSET(mov_x0_x4__br_x5, (uint64_t)strtoull([offsets[@"MovX0X4BrX5"] UTF8String], NULL, 16));
+            SETOFFSET(mov_x9_x0__br_x1, (uint64_t)strtoull([offsets[@"MovX9X0BrX1"] UTF8String], NULL, 16));
+            SETOFFSET(mov_x10_x3__br_x6, (uint64_t)strtoull([offsets[@"MovX10X3BrX6"] UTF8String], NULL, 16));
+            SETOFFSET(kernel_forge_pacia_gadget, (uint64_t)strtoull([offsets[@"KernelForgePaciaGadget"] UTF8String], NULL, 16));
+            SETOFFSET(kernel_forge_pacda_gadget, (uint64_t)strtoull([offsets[@"KernelForgePacdaGadget"] UTF8String], NULL, 16));
+            SETOFFSET(IOUserClient__vtable, (uint64_t)strtoull([offsets[@"IOUserClientVtable"] UTF8String], NULL, 16));
+            SETOFFSET(IORegistryEntry__getRegistryEntryID, (uint64_t)strtoull([offsets[@"IORegistryEntryGetRegistryEntryID"] UTF8String], NULL, 16));
+#endif
+        }
+    } else {
         return -3;
     }
-    kernel_slide = dyld_info.all_image_info_size;
-  @autoreleasepool {
-    NSMutableDictionary *offsets = [NSMutableDictionary dictionaryWithContentsOfFile:@"/jb/offsets.plist"];
-    SETOFFSET(trustcache, (uint64_t)strtoull([offsets[@"TrustChain"] UTF8String], NULL, 16));
 #if __arm64e__
-    SETOFFSET(kernel_task, (uint64_t)strtoull([offsets[@"KernelTask"] UTF8String], NULL, 16));
-    // We should use this on other things but kexecute is broken for i6 at least
-    SETOFFSET(pmap_load_trust_cache, (uint64_t)strtoull([offsets[@"PmapLoadTrustCache"] UTF8String], NULL, 16));
     if (GETOFFSET(pmap_load_trust_cache)) pmap_load_trust_cache = _pmap_load_trust_cache;
-    SETOFFSET(paciza_pointer__l2tp_domain_module_start, (uint64_t)strtoull([offsets[@"PacizaPointerL2TPDomainModuleStart"] UTF8String], NULL, 16));
-    SETOFFSET(paciza_pointer__l2tp_domain_module_stop, (uint64_t)strtoull([offsets[@"PacizaPointerL2TPDomainModuleStop"] UTF8String], NULL, 16));
-    SETOFFSET(l2tp_domain_inited, (uint64_t)strtoull([offsets[@"L2TPDomainInited"] UTF8String], NULL, 16));
-    SETOFFSET(sysctl__net_ppp_l2tp, (uint64_t)strtoull([offsets[@"SysctlNetPPPL2TP"] UTF8String], NULL, 16));
-    SETOFFSET(sysctl_unregister_oid, (uint64_t)strtoull([offsets[@"SysctlUnregisterOid"] UTF8String], NULL, 16));
-    SETOFFSET(mov_x0_x4__br_x5, (uint64_t)strtoull([offsets[@"MovX0X4BrX5"] UTF8String], NULL, 16));
-    SETOFFSET(mov_x9_x0__br_x1, (uint64_t)strtoull([offsets[@"MovX9X0BrX1"] UTF8String], NULL, 16));
-    SETOFFSET(mov_x10_x3__br_x6, (uint64_t)strtoull([offsets[@"MovX10X3BrX6"] UTF8String], NULL, 16));
-    SETOFFSET(kernel_forge_pacia_gadget, (uint64_t)strtoull([offsets[@"KernelForgePaciaGadget"] UTF8String], NULL, 16));
-    SETOFFSET(kernel_forge_pacda_gadget, (uint64_t)strtoull([offsets[@"KernelForgePacdaGadget"] UTF8String], NULL, 16));
-    SETOFFSET(IOUserClient__vtable, (uint64_t)strtoull([offsets[@"IOUserClientVtable"] UTF8String], NULL, 16));
-    SETOFFSET(IORegistryEntry__getRegistryEntryID, (uint64_t)strtoull([offsets[@"IORegistryEntryGetRegistryEntryID"] UTF8String], NULL, 16));
     parameters_init();
     kernel_task_port = tfp0;
     current_task = rk64(task_self_addr() + OFFSET(ipc_port, ip_kobject));
@@ -89,8 +111,8 @@ int main(int argc, char* argv[]) {
     } else {
         printf("Successfully injected [%d/%d] to trust cache.\n", (int)files.count - errs, (int)files.count);
     }
+#if __arm64e__
     kernel_call_deinit();
-
+#endif
     return errs;
-  }
 }
diff --git a/offset-cache b/offset-cache
new file mode 160000
+Subproject e4bb1114e574795b7097783edf556a2626eb685