Add HFS+ formatted root dmg

be99b186 · Spotlight Deveaux · 0f99a693 · be99b186 · be99b186 · be99b186
Unverified Commit be99b186 authored 6 years ago by Spotlight Deveaux
--- a/.gitignore
+++ b/.gitignore
 mobile_inject
 p0sixspwn_limd.xcodeproj
+.DS_Store
--- a/Resources/Makefile
+++ b/Resources/Makefile
 .PHONY:	all
 all:
-	sudo hdiutil create -format UDZO -layout NONE -srcfolder ../Root Root.dmg -ov
+	sudo hdiutil create -fs "HFS+" -format UDZO -layout NONE -srcfolder ../Root Root.dmg -ov
--- a/Resources/Root.dmg
+++ b/Resources/Root.dmg
--- a/Root/BuildCopyIt.sh
+++ b/Root/BuildCopyIt.sh
+xcrun -sdk iphoneos clang CopyIt.c -o CopyIt -arch armv7
+codesign -s- CopyIt
--- a/Root/CopyIt
+++ b/Root/CopyIt
--- a/Root/CopyIt.c
+++ b/Root/CopyIt.c
+/*
+ * yeah, there's a .c file in the jailbreak dmg, whatcha gonna do about it?
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <syslog.h>
+#include <stdio.h>
+#include <unistd.h>
+int file_exists(const char* path)
+{
+	struct stat buf;
+	if(stat(path, &buf) != 0) {
+		syslog(0, "stat64 of %s failed\n", path);
+		return -1;
+	}
+	return 0;
+}
+/* shamelessly stolen from anthrax */
+int cp(const char *src, const char *dest) {
+	int count = 0;
+	char buf[0x800];
+	struct stat status;
+	while (stat(src, &status) != 0) {
+		printf("Unable to find source file\n");
+		return -1;
+	}
+	int in = open(src, O_RDONLY, 0);
+	if (in < 0) {
+		return -1;
+	}
+	int out = open(dest, O_WRONLY | O_CREAT, 0);
+	if (out < 0) {
+		close(in);
+		return -1;
+	}
+	do {
+		count = read(in, buf, 0x800);
+		if (count > 0) {
+			count = write(out, buf, count);
+		}
+	} while (count > 0);
+	close(in);
+	close(out);
+	if (count < 0) {
+		return -1;
+	}
+	return 0;
+}
+int main(int argc, char* argv[])
+{
+#define CheckAndCopy(path, dst)						\
+	do {								\
+		int ret = file_exists(path);				\
+		if(ret) {						\
+			syslog(0, "file %s does not exist!\n", path);	\
+			exit(0);					\
+		}							\
+		syslog(0, "Copying %s => %s\n", path, dst);		\
+		cp(path, dst);						\
+	} while(0);							
+	mkdir("/private/var/untether", 0777);
+	CheckAndCopy("/Developer/Library/Helpers/_.dylib", "/private/var/untether/_.dylib");
+	CheckAndCopy("/Developer/Library/Helpers/untether", "/private/var/untether/untether");
+	CheckAndCopy("/Developer/Library/Helpers/Cydia.tar", "/private/var/untether/Cydia.tar");
+	CheckAndCopy("/Developer/Library/Helpers/tar", "/private/var/untether/tar");
+	CheckAndCopy("/Developer/Library/Helpers/launchd.conf", "/etc/launchd.conf");
+	CheckAndCopy("/Developer/Library/Helpers/dirhelper", "/usr/libexec/dirhelper");
+	chmod("/private/var/untether/tar", 0755);
+	chmod("/private/var/untether/untether", 0755);
+	chmod("/usr/libexec/dirhelper", 0755);
+	syslog(0, "done, rebooting!!!");
+	reboot(0);
+	return 0;
+}
--- a/Root/Library/Helpers/Cydia.tar
+++ b/Root/Library/Helpers/Cydia.tar
--- a/.DS_Store
+++ b/.DS_Store
--- a/Root/Library/Helpers/dirhelper
+++ b/Root/Library/Helpers/dirhelper
+#!/bin/bash
+if [[ "$1" == "-machineBoot" ]]; then
+    /bin/mkdir -m 700 -p /var/tmp/launchd
+    if [[ -e /var/tmp/launchd/sock ]]; then
+        /bin/rm -f /var/untether/sock
+    else
+        /bin/mv -f /var/untether/sock /var/tmp/launchd/sock
+    fi
+fi
+exit 0
--- a/Root/Library/Helpers/launchd.conf
+++ b/Root/Library/Helpers/launchd.conf
+unload /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
+bsexec .. /sbin/mount -u -o rw,suid,dev /
+setenv DYLD_INSERT_LIBRARIES /private/var/untether/_.dylib
+load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
+bsexec .. /private/var/untether/untether
+unsetenv DYLD_INSERT_LIBRARIES
+bsexec .. /bin/rm -f /private/var/untether/sock
+bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/untether/sock
--- a/Root/Library/Helpers/tar
+++ b/Root/Library/Helpers/tar
--- a/Root/Library/Helpers/untether
+++ b/Root/Library/Helpers/untether
--- a/Root/Library/LaunchDaemons/com.apple.First.plist
+++ b/Root/Library/LaunchDaemons/com.apple.First.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>KeepAlive</key>
+	<true/>
+	<key>Label</key>
+	<string>com.apple.First</string>
+	<key>POSIXSpawnType</key>
+	<string>Interactive</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/bin/launchctl</string>
+		<string>unload</string>
+		<string>/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist</string>
+	</array>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>UserName</key>
+	<string>root</string>
+	<key>LaunchOnlyOnce</key>
+	<true/>
+</dict>
+</plist>
--- a/Root/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
+++ b/Root/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>EnvironmentVariables</key>
+	<dict>
+		<key>DYLD_INSERT_LIBRARIES</key>
+		<string>/Developer/Library/Helpers/_.dylib</string>
+	</dict>
+	<key>MachServices</key>
+	<dict>
+		<key>com.apple.MobileFileIntegrity</key>
+		<dict>
+			<key>HostSpecialPort</key>
+			<integer>18</integer>
+		</dict>
+	</dict>
+	<key>KeepAlive</key>
+	<true/>
+	<key>Label</key>
+	<string>com.apple.MobileFileIntegrity</string>
+	<key>POSIXSpawnType</key>
+	<string>Interactive</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/usr/libexec/amfid</string>
+	</array>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>UserName</key>
+	<string>root</string>
+</dict>
+</plist>
--- a/Root/Library/LaunchDaemons/com.apple.RemountRoot.plist
+++ b/Root/Library/LaunchDaemons/com.apple.RemountRoot.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>KeepAlive</key>
+	<true/>
+	<key>Label</key>
+	<string>com.apple.RemountRoot</string>
+	<key>POSIXSpawnType</key>
+	<string>Interactive</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/sbin/mount</string>
+		<string>-u</string>
+		<string>-o</string>
+		<string>rw,suid,dev</string>
+		<string>/</string>
+	</array>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>UserName</key>
+	<string>root</string>
+</dict>
+</plist>
--- a/Root/Library/Lockdown/ServiceAgents/CopyIt.plist
+++ b/Root/Library/Lockdown/ServiceAgents/CopyIt.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>CopyIt</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Developer/CopyIt</string>
+	</array>
+</dict>
+</plist>
--- a/Root/Library/Lockdown/ServiceAgents/RemountRoot.plist
+++ b/Root/Library/Lockdown/ServiceAgents/RemountRoot.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>RemountRoot</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/sbin/mount</string>
+		<string>-u</string>
+		<string>-o</string>
+		<string>rw,suid,dev</string>
+		<string>/</string>
+	</array>
+</dict>
+</plist>
--- a/Root/Library/Lockdown/ServiceAgents/UnloadAmfi.plist
+++ b/Root/Library/Lockdown/ServiceAgents/UnloadAmfi.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>UnloadAmfi</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/bin/launchctl</string>
+		<string>unload</string>
+		<string>/System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist</string>
+	</array>
+</dict>
+</plist>
--- a/Root/Library/Lockdown/ServiceAgents/com.apple.afc2.plist
+++ b/Root/Library/Lockdown/ServiceAgents/com.apple.afc2.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>Label</key>
+		<string>com.apple.afc2</string>
+		<key>ProgramArguments</key>
+		<array>
+			<string>/usr/libexec/afcd</string>
+			<string>--lockdown</string>
+			<string>-S</string>
+			<string>-d</string>
+			<string>/</string>
+		</array>
+	</dict>
+</plist>
--- a/mobile_inject.c
+++ b/mobile_inject.c
@@ -99,9 +99,9 @@ Retry:	{}
 		plist_dict_set_item(mount_request_dict, "Command", plist_new_string("MountImage"));
 		plist_dict_set_item(mount_request_dict, "ImagePath", plist_new_string("/var/mobile/Media/PublicStaging/staging.dimage"));
 		plist_dict_set_item(mount_request_dict, "ImageType", plist_new_string("Developer"));
-		printf("%s\n", (const char*)sig);
 		plist_dict_set_item(mount_request_dict, "ImageSignature", plist_new_data((const char*)sig, sizeof(sig)));
-		print_xml(mount_request_dict);
+		// If you want to debug what's being sent, check this out.
+		// print_xml(mount_request_dict);
 		property_list_service_error_t plist_send_err = property_list_service_send_xml_plist(mim_client, mount_request_dict);
 		if (plist_send_err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
@@ -156,9 +156,10 @@ Retry:	{}
 			}
 			assert(!fcntl(helper_socket, F_SETFL, O_NONBLOCK));
 			assert(!fcntl(0, F_SETFL, O_NONBLOCK));
+			exit(0);
 		} else {
 			printf("Failed to inject image, trying again... (if it fails, try a different time), delay ... %dus\n", timesl);
-			timesl += 1000;
+			timesl += 100;
 			goto Retry;
 		}
  }