diff --git a/src/payload/jailbreakd/bootstrap.c b/src/payload/jailbreakd/bootstrap.c index e6d90c6..7985603 100644 --- a/src/payload/jailbreakd/bootstrap.c +++ b/src/payload/jailbreakd/bootstrap.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -105,6 +106,18 @@ void bootstrap(xpc_object_t xrequest, xpc_object_t xreply, struct paleinfo* pinf ret = remount_func(&name); BOOTSTRAP_ASSURE(ret == 0, errno, "remount failed"); + if ((pinfo->flags & palerain_option_ssv) == 0) { + char hash[97], snapshotName[150]; + BOOTSTRAP_ASSURE(jailbreak_get_bmhash(hash) == 0, errno, "could not get boot-manifest-hash"); + snprintf(snapshotName, 150, "com.apple.os.update-%s", hash); + int dirfd = open("/", O_RDONLY, 0); + ret = fs_snapshot_rename(dirfd, snapshotName, "orig-fs", 0); + if (ret != 0) { + BOOTSTRAP_ASSURE(errno == 2, errno, "fs_snapshot_rename failed"); + } + close(dirfd); + } + char tarPath[150]; if (pinfo->flags & palerain_option_rootful) { tarPath[0] = '/'; diff --git a/src/payload/loader/prelaunchd.c b/src/payload/loader/prelaunchd.c index 62210c9..f8ed63a 100644 --- a/src/payload/loader/prelaunchd.c +++ b/src/payload/loader/prelaunchd.c @@ -14,10 +14,12 @@ #include #include #include +#include #include #include #include #include +#include int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) { setvbuf(stderr, NULL, _IONBF, 0); @@ -33,17 +35,19 @@ int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) { char dev_rootdev[32]; snprintf(dev_rootdev, 32, "/dev/%s", pinfo_p->rootdev); - if ((pinfo_p->flags & palerain_option_rootful) && ((pinfo_p->flags & palerain_option_force_revert))) { - printf("will delete %s\n", dev_rootdev); - if (access(dev_rootdev, F_OK) == 0) { - int16_t role = 0; - CHECK_ERROR(APFSVolumeRole(dev_rootdev, &role, NULL), 0, "APFSVolumeRole(%s) Failed", dev_rootdev); - printf("found apfs volume role: 0x%04x\n", role); - if (role != APFS_VOL_ROLE_RECOVERY) { - fprintf(stderr, "BUG: SAFETY: deleting non-recovery volume is not allowed\n"); - spin(); - } else { - CHECK_ERROR(errno = APFSVolumeDelete(pinfo_p->rootdev), 1, "failed to delete fakefs"); + if ((pinfo_p->flags & (palerain_option_rootful | palerain_option_force_revert)) == (palerain_option_rootful | palerain_option_force_revert)) { + if (pinfo_p->flags & palerain_option_ssv) { + printf("will delete %s\n", dev_rootdev); + if (access(dev_rootdev, F_OK) == 0) { + int16_t role = 0; + CHECK_ERROR(APFSVolumeRole(dev_rootdev, &role, NULL), 0, "APFSVolumeRole(%s) Failed", dev_rootdev); + printf("found apfs volume role: 0x%04x\n", role); + if (role != APFS_VOL_ROLE_RECOVERY) { + fprintf(stderr, "BUG: SAFETY: deleting non-recovery volume is not allowed\n"); + spin(); + } else { + CHECK_ERROR(errno = APFSVolumeDelete(pinfo_p->rootdev), 1, "failed to delete fakefs"); + } } } } diff --git a/src/payload/loader/sysstatuscheck.c b/src/payload/loader/sysstatuscheck.c index d933acf..fa11e16 100644 --- a/src/payload/loader/sysstatuscheck.c +++ b/src/payload/loader/sysstatuscheck.c @@ -11,6 +11,7 @@ #include #include #include +#include #define SB_PREF_PLIST_PATH "/var/mobile/Library/Preferences/com.apple.springboard.plist" #define CF_STRING_GET_CSTRING_PTR(cfStr, cPtr) do { \ @@ -147,7 +148,37 @@ int sysstatuscheck(uint32_t __unused payload_options, uint64_t pflags) { printf("generating ssh host key...\n"); runCommand((char*[]){ "/cores/binpack/usr/bin/dropbearkey", "-f", "/private/var/dropbear_rsa_host_key", "-t", "rsa", "-s", "4096", NULL }); } - if ((pflags & palerain_option_force_revert)) remove_jailbreak_files(pflags); + if ((pflags & palerain_option_force_revert)) { + remove_jailbreak_files(pflags); + if ((pflags & (palerain_option_rootful | palerain_option_force_revert)) == (palerain_option_rootful | palerain_option_force_revert)) { + if ((pflags & (palerain_option_ssv)) == 0) { + struct utsname name; + uname(&name); + remount_rootfs(&name); + char hash[97], snapshotName[150]; + int ret = jailbreak_get_bmhash(hash); + if (ret) { + fprintf(stderr, "failed to get boot-manifest-hash\n"); + spin(); + } + snprintf(snapshotName, 150, "com.apple.os.update-%s", hash); + int dirfd = open("/", O_RDONLY, 0); + ret = fs_snapshot_rename(dirfd, "orig-fs", snapshotName, 0); + if (ret != 0) { + fprintf(stderr, "could not rename snapshot: %d: %s\n", errno, strerror(errno)); + } else { + printf(""); + } + ret = fs_snapshot_revert(dirfd, snapshotName, 0); + if (ret != 0) { + fprintf(stderr, "could not revert snapshot: %d: %s\n", errno, strerror(errno)); + } + close(dirfd); + sync(); + host_reboot(mach_host_self(), 0x1000); + } + } + } if (pflags & palerain_option_rootful) { remove_bogus_var_jb(); unlink("/var/jb"); diff --git a/src/payload_dylib/pspawn.c b/src/payload_dylib/pspawn.c index 9dae1c1..53b5dc4 100644 --- a/src/payload_dylib/pspawn.c +++ b/src/payload_dylib/pspawn.c @@ -113,8 +113,9 @@ static int posix_spawn_hook(pid_t *restrict pid, const char *restrict path, return spawn_hook_common_p(pid, path, file_actions, attrp, argv, envp, posix_spawn_orig_wrapper); } +#define ENABLE_CONSOLE_HOOK -#ifdef ENABLE_CONSOLE_HOOK +//#ifdef ENABLE_CONSOLE_HOOK dev_t dev_console_d = 0; ssize_t (*write_orig)(int fildes, const void *buf, size_t nbyte);