diff options
Diffstat (limited to 'main.m')
-rw-r--r-- | main.m | 35 |
1 files changed, 32 insertions, 3 deletions
@@ -6,6 +6,7 @@ * */ +#include <Foundation/Foundation.h> #include <CoreFoundation/CoreFoundation.h> #include <mach/mach.h> #include <dlfcn.h> @@ -13,7 +14,12 @@ #include "CSCommon.h" #include "kern_funcs.h" #include "inject.h" +#include "kernel_call.h" +#include "parameters.h" +#include "kc_parameters.h" +#include "kernel_memory.h" +#define PF(x) SETOFFSET(x, find_ ## x ()) mach_port_t try_restore_port() { mach_port_t port = MACH_PORT_NULL; @@ -39,28 +45,51 @@ int main(int argc, char* argv[]) { if (tfp0 == MACH_PORT_NULL) return -2; set_tfp0(tfp0); - uint64_t kernel_base = 0; struct task_dyld_info dyld_info = { 0 }; mach_msg_type_number_t count = TASK_DYLD_INFO_COUNT; if (task_info(tfp0, TASK_DYLD_INFO, (task_info_t)&dyld_info, &count) != KERN_SUCCESS || - (kernel_base = dyld_info.all_image_info_addr) == 0) { + (kernel_base = dyld_info.all_image_info_addr) == 0 || + (kernel_slide = dyld_info.all_image_info_size) == 0) { return -3; } init_kernel(kread, kernel_base, NULL); uint64_t trust_chain = find_trustcache(); + PF(trustcache); + PF(kernel_task); + PF(pmap_load_trust_cache); +#if __arm64e__ + PF(paciza_pointer__l2tp_domain_module_start); + PF(paciza_pointer__l2tp_domain_module_stop); + PF(l2tp_domain_inited); + PF(sysctl__net_ppp_l2tp); + PF(sysctl_unregister_oid); + PF(mov_x0_x4__br_x5); + PF(mov_x9_x0__br_x1); + PF(mov_x10_x3__br_x6); + PF(kernel_forge_pacia_gadget); + PF(kernel_forge_pacda_gadget); +#endif + PF(IOUserClient__vtable); + PF(IORegistryEntry__getRegistryEntryID); term_kernel(); + parameters_init(); + kernel_task_port = tfp0; + current_task = rk64(task_self_addr() + OFFSET(ipc_port, ip_kobject)); + kernel_task = rk64(GETOFFSET(kernel_task)); + kernel_call_init(); printf("Injecting to trust cache...\n"); @autoreleasepool { NSMutableArray *files = [NSMutableArray new]; for (int i=1; i<argc; i++) { [files addObject:@( argv[i] )]; } - int errs = injectTrustCache(files, trust_chain); + int errs = injectTrustCache(files, trust_chain, pmap_load_trust_cache); if (errs < 0) { printf("Error %d injecting to trust cache.\n", errs); } else { printf("Successfully injected [%d/%d] to trust cache.\n", (int)files.count - errs, (int)files.count); } + kernel_call_deinit(); return errs; } |