diff --git a/Hooks/API/MachO.xm b/Hooks/API/MachO.xm index 2ca8493..5c2bbc8 100644 --- a/Hooks/API/MachO.xm +++ b/Hooks/API/MachO.xm @@ -20,10 +20,6 @@ extern unsigned long get_edata(void); * Runtime interfaces for 32-bit Mach-O programs. -extern uint8_t *getsegmentdata( - const struct mach_header *mhp, - const char *segname, - unsigned long *size); Runtime interfaces for 64-bit Mach-O programs. extern const struct section_64 *getsectbyname( diff --git a/Hooks/API/ObjCRuntime.xm b/Hooks/API/ObjCRuntime.xm index 03a2ad0..628278b 100644 --- a/Hooks/API/ObjCRuntime.xm +++ b/Hooks/API/ObjCRuntime.xm @@ -51,7 +51,8 @@ BOOL (*old_class_addIvar)(Class cls, const char *name, size_t size,uint8_t align Class (*old_objc_getClass)(const char *name); IMP (*old_class_getMethodImplementation)(Class cls, SEL name); IMP (*old_class_replaceMethod)(Class cls, SEL name, IMP imp, const char *types); - +const char **(*old_objc_copyImageNames)(unsigned int *outCount); +const char *(*old_class_getImageName)(Class cls); //New Func Class new_NSClassFromString(NSString* aClassName){ if(WTShouldLog){ @@ -228,6 +229,40 @@ IMP new_class_replaceMethod(Class cls, SEL name, IMP imp, const char *types){ } + +const char ** new_objc_copyImageNames(unsigned int *outCount){ +const char** NameList=old_objc_copyImageNames(outCount); +if(WTShouldLog){ + WTInit(@"ObjCRuntime",@"objc_copyImageNames"); + int Counter=*outCount; + for(int x=0;x -#import -extern NSString* RandomString(); -extern void init_DeviceIDFake_hook(){ -#ifdef PROTOTYPE -//Because We Ain't Ready Yet. No Test - for(int i=0;i<_dyld_image_count();i++){ - const char * Nam=_dyld_get_image_name(i); - NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease]; - if([curName containsString:WTFJHTWEAKNAME]){ - intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i); - //We Found Ourself -#ifndef _____LP64_____ - uint32_t size=0; - const struct mach_header* selfHeader=(const struct mach_header*)_dyld_get_image_header(i); - char * data=getsectdatafromheader(selfHeader,"WTFJH","DeviceIDFake",&size); - -#elif - uint64_t size=0; - const struct mach_header_64* selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i); - char * data=getsectdatafromheader_64(selfHeader,"WTFJH","DeviceIDFake",&size); -#endif - data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address - NSData* SDData=[NSData dataWithBytes:data length:size]; - NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()]; - [SDData writeToFile:randomPath atomically:YES]; - dlopen(randomPath.UTF8String,RTLD_NOW); - //Inform Our Logger - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"]; - [tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"]; - [tracer addArgFromPlistObject:randomPath withKey:@"Path"]; - [tracer addArgFromPlistObject:@"DeviceIDFake" withKey:@"ModuleName"]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - //End - - [SDData release]; - break; - } - - - - } -#endif -} diff --git a/Hooks/ThirdPartyTools/InspectiveC.xm b/Hooks/ThirdPartyTools/InspectiveC.xm deleted file mode 100644 index 4cc1c3f..0000000 --- a/Hooks/ThirdPartyTools/InspectiveC.xm +++ /dev/null @@ -1,47 +0,0 @@ -//Shall We Use Marcos instead of this shit? -#import "../SharedDefine.pch" -#import -#import -extern NSString* RandomString(); -extern void init_InspectiveC_hook(){ -#ifdef PROTOTYPE -//Because We Ain't Ready Yet. No Test - for(int i=0;i<_dyld_image_count();i++){ - const char * Nam=_dyld_get_image_name(i); - NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease]; - if([curName containsString:WTFJHTWEAKNAME]){ - intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i); - //We Found Ourself -#ifndef _____LP64_____ - uint32_t size=0; - const struct mach_header* selfHeader=(const struct mach_header*)_dyld_get_image_header(i); - char * data=getsectdatafromheader(selfHeader,"WTFJH","InspectiveC",&size); - -#elif - uint64_t size=0; - const struct mach_header_64* selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i); - char * data=getsectdatafromheader_64(selfHeader,"WTFJH","InspectiveC",&size); -#endif - data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address - NSData* SDData=[NSData dataWithBytes:data length:size]; - NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()]; - [SDData writeToFile:randomPath atomically:YES]; - dlopen(randomPath.UTF8String,RTLD_NOW); - //Inform Our Logger - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"]; - [tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"]; - [tracer addArgFromPlistObject:randomPath withKey:@"Path"]; - [tracer addArgFromPlistObject:@"InspectiveC" withKey:@"ModuleName"]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - //End - - [SDData release]; - break; - } - - - - } -#endif -} diff --git a/Hooks/ThirdPartyTools/README.md b/Hooks/ThirdPartyTools/README.md index 355ff56..8d94e19 100644 --- a/Hooks/ThirdPartyTools/README.md +++ b/Hooks/ThirdPartyTools/README.md @@ -1,3 +1,4 @@ #ThirdPartyLoaders >This is the place where you put your third party loaders. + >Build Script Will Generate One If you don't want(or need) to write one your self diff --git a/Hooks/ThirdPartyTools/classdumpdyld.xm b/Hooks/ThirdPartyTools/classdumpdyld.xm deleted file mode 100644 index 4e4c39d..0000000 --- a/Hooks/ThirdPartyTools/classdumpdyld.xm +++ /dev/null @@ -1,47 +0,0 @@ -//Shall We Use Marcos instead of this shit? -#import "../SharedDefine.pch" -#import -#import -extern NSString* RandomString(); -extern void init_classdumpdyld_hook(){ -#ifdef PROTOTYPE -//Because We Ain't Ready Yet. No Test - for(int i=0;i<_dyld_image_count();i++){ - const char * Nam=_dyld_get_image_name(i); - NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease]; - if([curName containsString:WTFJHTWEAKNAME]){ - intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i); - //We Found Ourself -#ifndef _____LP64_____ - uint32_t size=0; - const struct mach_header* selfHeader=(const struct mach_header*)_dyld_get_image_header(i); - char * data=getsectdatafromheader(selfHeader,"WTFJH","classdumpdyld",&size); - -#elif - uint64_t size=0; - const struct mach_header_64* selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i); - char * data=getsectdatafromheader_64(selfHeader,"WTFJH","classdumpdyld",&size); -#endif - data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address - NSData* SDData=[NSData dataWithBytes:data length:size]; - NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()]; - [SDData writeToFile:randomPath atomically:YES]; - dlopen(randomPath.UTF8String,RTLD_NOW); - //Inform Our Logger - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"]; - [tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"]; - [tracer addArgFromPlistObject:randomPath withKey:@"Path"]; - [tracer addArgFromPlistObject:@"classdumpdyld" withKey:@"ModuleName"]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - //End - - [SDData release]; - break; - } - - - - } -#endif -} diff --git a/Hooks/ThirdPartyTools/dumpdecrypted.xm b/Hooks/ThirdPartyTools/dumpdecrypted.xm deleted file mode 100644 index 3409aa5..0000000 --- a/Hooks/ThirdPartyTools/dumpdecrypted.xm +++ /dev/null @@ -1,47 +0,0 @@ -//Shall We Use Marcos instead of this shit? -#import "../SharedDefine.pch" -#import -#import -extern NSString* RandomString(); -extern void init_dumpdecrypted_hook(){ -#ifdef PROTOTYPE -//Because We Ain't Ready Yet. No Test - for(int i=0;i<_dyld_image_count();i++){ - const char * Nam=_dyld_get_image_name(i); - NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease]; - if([curName containsString:WTFJHTWEAKNAME]){ - intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i); - //We Found Ourself -#ifndef _____LP64_____ - uint32_t size=0; - const struct mach_header* selfHeader=(const struct mach_header*)_dyld_get_image_header(i); - char * data=getsectdatafromheader(selfHeader,"WTFJH","dumpdecrypted",&size); - -#elif - uint64_t size=0; - const struct mach_header_64* selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i); - char * data=getsectdatafromheader_64(selfHeader,"WTFJH","dumpdecrypted",&size); -#endif - data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address - NSData* SDData=[NSData dataWithBytes:data length:size]; - NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()]; - [SDData writeToFile:randomPath atomically:YES]; - dlopen(randomPath.UTF8String,RTLD_NOW); - //Inform Our Logger - CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"]; - [tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"]; - [tracer addArgFromPlistObject:randomPath withKey:@"Path"]; - [tracer addArgFromPlistObject:@"dumpdecrypted" withKey:@"ModuleName"]; - [traceStorage saveTracedCall: tracer]; - [tracer release]; - //End - - [SDData release]; - break; - } - - - - } -#endif -} diff --git a/Makefile b/Makefile deleted file mode 100644 index 600fcac..0000000 --- a/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -export CFLAGS=-Wp,"-DWTFJHTWEAKNAME=@\"9G590B9CEO634B4\"" -include theos/makefiles/common.mk -export ARCHS = armv7 armv7s arm64 -export TARGET = iphone:clang:7.0:7.0 -TWEAK_NAME = 9G590B9CEO634B4 -9G590B9CEO634B4_FILES = Tweak.xm CompileDefines.xm Hooks/API/AppleAccount.xm Hooks/API/CommonCryptor.xm Hooks/API/CommonDigest.xm Hooks/API/CommonHMAC.xm Hooks/API/CommonKeyDerivation.xm Hooks/API/CoreTelephony.xm Hooks/API/dlfcn.xm Hooks/API/Keychain.xm Hooks/API/libC.xm Hooks/API/libMobileGestalt.xm Hooks/API/LSApplication.xm Hooks/API/MachO.xm Hooks/API/NSData.xm Hooks/API/NSFileHandle.xm Hooks/API/NSFileManager.xm Hooks/API/NSHTTPCookie.xm Hooks/API/NSInputStream.xm Hooks/API/NSKeyedArchiver.xm Hooks/API/NSKeyedUnarchiver.xm Hooks/API/NSOutputStream.xm Hooks/API/NSProcessInfo.xm Hooks/API/NSURLConnection.xm Hooks/API/NSURLCredential.xm Hooks/API/NSURLSession.xm Hooks/API/NSUserDefaults.xm Hooks/API/NSXMLParser.xm Hooks/API/ObjCRuntime.xm Hooks/API/Security.xm Hooks/API/SSLKillSwitch.xm Hooks/API/sysctl.xm Hooks/API/UIPasteboard.xm Hooks/SDK/FclBlowfish.xm Hooks/SDK/JSPatch.xm Hooks/SDK/OpenSSLAES.xm Hooks/SDK/OpenSSLBlowFish.xm Hooks/SDK/OpenSSLMD5.xm Hooks/SDK/OpenSSLSHA1.xm Hooks/SDK/OpenSSLSHA512.xm Hooks/SDK/Wax.xm Hooks/Utils/CallStackInspector.m Hooks/Utils/CallTracer.m Hooks/Utils/DelegateProxies.m Hooks/Utils/NSURLConnectionDelegateProx.m Hooks/Utils/NSURLSessionDelegateProxy.m Hooks/Utils/PlistObjectConverter.m Hooks/Utils/RuntimeUtils.m Hooks/Utils/SQLiteStorage.m Hooks/Utils/Utils.m Hooks/Utils/WebShell.m Hooks/ThirdPartyTools/classdumpdyld.xm Hooks/ThirdPartyTools/DeviceIDFake.xm Hooks/ThirdPartyTools/dumpdecrypted.xm Hooks/ThirdPartyTools/InspectiveC.xm Hooks/Misc/Cycript.xm Hooks/Misc/RemoveASLR.xm Hooks/Misc/SplitMachO.mm -ADDITIONAL_CCFLAGS = -Qunused-arguments -ADDITIONAL_LDFLAGS = -Wl,-segalign,4000,-sectcreate,WTFJH,SIGDB,./SignatureDatabase.plist,-sectcreate,WTFJH,classdumpdyld,./classdumpdyld.dylib,-sectcreate,WTFJH,DeviceIDFake,./DeviceIDFake.dylib,-sectcreate,WTFJH,dumpdecrypted,./dumpdecrypted.dylib,-sectcreate,WTFJH,InspectiveC,./InspectiveC.dylib -F./ -9G590B9CEO634B4_LIBRARIES = sqlite3 substrate stdc++ c++ -9G590B9CEO634B4_FRAMEWORKS = Foundation UIKit Security JavaScriptCore Cycript -include $(THEOS_MAKE_PATH)/tweak.mk -after-install:: - install.exec "killall -9 SpringBoard" \ No newline at end of file diff --git a/ThirdPartyTools/InspectiveC/obj b/ThirdPartyTools/InspectiveC/obj index ab9619e..27c3ca0 120000 --- a/ThirdPartyTools/InspectiveC/obj +++ b/ThirdPartyTools/InspectiveC/obj @@ -1 +1 @@ -./.theos/obj \ No newline at end of file +.theos/obj \ No newline at end of file diff --git a/VERSION b/VERSION index 235adf8..b2786cd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -349 \ No newline at end of file +351 \ No newline at end of file diff --git a/build.py b/build.py index 5d890b0..d2f37bb 100755 --- a/build.py +++ b/build.py @@ -68,7 +68,15 @@ def buildlistdir(path):#So We Can Intercept And Remove Unwanted Modules for y in fileList: if (y == x+".xm"):#Only Remove Module Files fileList.remove(y) - print (Fore.RED+y+" Removed") + print (Fore.RED+y+" Removed From Modules") + return fileList +def Thirdbuildlistdir(path):#So We Can Intercept And Remove Unwanted Modules + fileList=listdir(path) + for x in SkippedList: + for y in fileList: + if (x == y):#Only Remove Module Files + fileList.remove(y) + print (Fore.RED+y+" Removed From Third Party Modules") return fileList #Clean-Up def cleanUp(): @@ -302,7 +310,7 @@ def BuildLoader(ModuleName): f.close() def buildThirdPartyComponents(): Exec("find . -type f -name .DS_Store -delete && xattr -cr *") - for x in buildlistdir("ThirdPartyTools"): + for x in Thirdbuildlistdir("ThirdPartyTools"): os.chdir(InitialCWD)#Make Sure CWD We've changed in buildThirdPartyComponents() is set back if os.path.isdir("ThirdPartyTools/"+x)==False: print (Fore.YELLOW+"ThirdPartyTools/"+x+" Not A Folder. Skipped")