Showing preview only (2,849K chars total). Download the full file or copy to clipboard to get everything.
Repository: hrtowii/Serotonin
Branch: A12restart
Commit: a2a05595f301
Files: 191
Total size: 21.3 MB
Directory structure:
gitextract_ym5s8a6q/
├── .gitignore
├── .gitmodules
├── Makefile
├── README.md
├── RootHelperSample/
│ ├── CoreServices.h
│ ├── Makefile
│ ├── RemoteLog.h
│ ├── RootHelperSample.xcodeproj/
│ │ └── project.pbxproj
│ ├── TSUtil.h
│ ├── TSUtil.m
│ ├── control
│ ├── entitlements.plist
│ ├── external/
│ │ ├── include/
│ │ │ └── choma/
│ │ │ ├── Base64.h
│ │ │ ├── BufferedStream.h
│ │ │ ├── CSBlob.h
│ │ │ ├── CodeDirectory.h
│ │ │ ├── FAT.h
│ │ │ ├── FileStream.h
│ │ │ ├── Host.h
│ │ │ ├── MachO.h
│ │ │ ├── MachOByteOrder.h
│ │ │ ├── MachOLoadCommand.h
│ │ │ ├── MemoryStream.h
│ │ │ ├── PatchFinder.h
│ │ │ ├── SignOSSL.h
│ │ │ ├── Signing.h
│ │ │ └── Util.h
│ │ └── lib/
│ │ ├── libchoma.a
│ │ └── libcrypto.a
│ ├── insert_dylib.h
│ ├── insert_dylib.m
│ ├── launchdshim/
│ │ ├── .gitignore
│ │ ├── SpringBoardShim/
│ │ │ ├── Makefile
│ │ │ ├── SpringBoardEnts.plist
│ │ │ ├── SpringBoardEntsBedtime.plist
│ │ │ ├── SpringBoardHook/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── Makefile
│ │ │ │ ├── SpringBoardHook.plist
│ │ │ │ ├── Tweak.x
│ │ │ │ ├── build.sh
│ │ │ │ └── control
│ │ │ ├── build.sh
│ │ │ ├── main.c
│ │ │ └── springboardshimsignedinjected
│ │ ├── build.sh
│ │ ├── launchdentitlements.plist
│ │ └── launchdhook/
│ │ ├── Frameworks/
│ │ │ └── IOMobileFramebuffer.framework/
│ │ │ └── IOMobileFramebuffer.tbd
│ │ ├── IOMobileFramebuffer.h
│ │ ├── LICENCE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── build.sh
│ │ ├── control
│ │ ├── entitlements.plist
│ │ ├── fishhook.c
│ │ ├── fishhook.h
│ │ ├── main.m
│ │ └── verbose/
│ │ ├── IOMobileFramebuffer.h
│ │ ├── console/
│ │ │ ├── iso_font.c
│ │ │ ├── msgbuf.h
│ │ │ ├── serial_protos.h
│ │ │ ├── video_console.c
│ │ │ ├── video_console.h
│ │ │ └── video_scroll.c
│ │ └── verbose_boot.m
│ └── main.m
├── Serotonin.xcodeproj/
│ ├── project.pbxproj
│ ├── project.xcworkspace/
│ │ ├── contents.xcworkspacedata
│ │ ├── xcshareddata/
│ │ │ └── IDEWorkspaceChecks.plist
│ │ └── xcuserdata/
│ │ └── hariz.xcuserdatad/
│ │ └── UserInterfaceState.xcuserstate
│ └── xcuserdata/
│ ├── hariz.xcuserdatad/
│ │ └── xcschemes/
│ │ └── xcschememanagement.plist
│ └── ibarahime.xcuserdatad/
│ ├── xcdebugger/
│ │ └── Breakpoints_v2.xcbkptlist
│ └── xcschemes/
│ └── xcschememanagement.plist
├── build.sh
├── ent.plist
└── usprebooter/
├── Assets.xcassets/
│ ├── AccentColor.colorset/
│ │ └── Contents.json
│ ├── AppIcon.appiconset/
│ │ └── Contents.json
│ ├── Contents.json
│ ├── accent.colorset/
│ │ └── Contents.json
│ ├── alfienick.imageset/
│ │ └── Contents.json
│ ├── bedtime.imageset/
│ │ └── Contents.json
│ ├── duy.imageset/
│ │ └── Contents.json
│ ├── fish.imageset/
│ │ └── Contents.json
│ ├── haxi0.imageset/
│ │ └── Contents.json
│ └── htrowii.imageset/
│ └── Contents.json
├── ContentView.swift
├── External/
│ ├── FluidGradient/
│ │ ├── BlobLayer.swift
│ │ ├── CGPoint+Extensions.swift
│ │ ├── FluidGradient.swift
│ │ ├── FluidGradientView.swift
│ │ └── ResizableLayer.swift
│ ├── SwiftBackports/
│ │ ├── Backport.swift
│ │ ├── CoreTransferable/
│ │ │ ├── Representations/
│ │ │ │ ├── Codable+Representation.swift
│ │ │ │ ├── Data+Representation.swift
│ │ │ │ ├── File+Representations.swift
│ │ │ │ ├── Never+Representation.swift
│ │ │ │ ├── Tuple+Representation.swift
│ │ │ │ └── _ConditionalRepresentation.swift
│ │ │ ├── Support/
│ │ │ │ ├── NSItemProvider+Transferable.swift
│ │ │ │ ├── ReceivedTransferredFile.swift
│ │ │ │ ├── SentTransferredFile.swift
│ │ │ │ └── Visibility.swift
│ │ │ ├── TransferRepresentationBuilder.swift
│ │ │ ├── Transferable.swift
│ │ │ ├── TransferableRepresentation.swift
│ │ │ └── Transferables/
│ │ │ ├── AttributedString+Transferable.swift
│ │ │ ├── Data+Transferable.swift
│ │ │ ├── Never+Transferable.swift
│ │ │ ├── String+Transferable.swift
│ │ │ └── URL+Transferable.swift
│ │ ├── URLSession/
│ │ │ └── URLSession+Async.swift
│ │ └── UniformTypeIdentifiers/
│ │ ├── CoreTypes.swift
│ │ ├── UTTagClass.swift
│ │ └── UTType.swift
│ └── SwiftUIBackports/
│ ├── Internal/
│ │ ├── Environment+String.swift
│ │ ├── Environment.swift
│ │ ├── Inspect.swift
│ │ ├── NSItemProvider+Async.swift
│ │ ├── OwningController.swift
│ │ ├── Platforms.swift
│ │ ├── SafeArea.swift
│ │ ├── String+LocalizationKey.swift
│ │ ├── UIScene.swift
│ │ └── VisualEffects/
│ │ ├── VisualEffect+iOS.swift
│ │ └── VisualEffect+macOS.swift
│ ├── UIBackport.swift
│ └── iOS/
│ └── Presentation/
│ └── Detents.swift
├── Info.plist
├── Log.swift
├── Private Headers I stole from the macOS SDK/
│ ├── bootstrap.h
│ └── xpc/
│ ├── activity.h
│ ├── availability.h
│ ├── base.h
│ ├── debug.h
│ ├── endpoint.h
│ ├── launch.h
│ ├── listener.h
│ ├── rich_error.h
│ ├── session.h
│ ├── xpc.h
│ └── xpc_connection.h
├── TheCoolerContentView.swift
├── boot-happy.jp2
├── boot-sad.jp2
├── ct_bypass_signed
├── fun/
│ ├── cs_blobs.h
│ ├── cs_blobs.m
│ ├── dir.h
│ ├── dir.m
│ ├── fun.h
│ ├── fun.m
│ ├── krw.c
│ ├── krw.h
│ ├── offsets.h
│ ├── offsets.m
│ ├── proc.c
│ ├── proc.h
│ ├── thanks_opa334dev_htrowii.h
│ ├── thanks_opa334dev_htrowii.m
│ ├── utils.h
│ ├── utils.m
│ ├── vnode.h
│ └── vnode.m
├── ldid
├── libkfd/
│ ├── common.h
│ ├── info/
│ │ ├── dynamic_info.h
│ │ └── static_info.h
│ ├── info.h
│ ├── krkw/
│ │ ├── kread/
│ │ │ ├── kread_kqueue_workloop_ctl.h
│ │ │ └── kread_sem_open.h
│ │ └── kwrite/
│ │ ├── kwrite_dup.h
│ │ └── kwrite_sem_open.h
│ ├── krkw.h
│ ├── perf.h
│ ├── puaf/
│ │ ├── landa.h
│ │ ├── physpuppet.h
│ │ └── smith.h
│ └── puaf.h
├── libkfd.h
├── memoryControl.h
├── memoryControl.m
├── overwriter.h
├── overwriter.m
├── troller.h
├── troller.m
├── usprebooter-Bridging-Header.h
├── usprebooterApp.swift
├── util.h
├── util.m
├── vm_unaligned_copy_switch_race.c
└── vm_unaligned_copy_switch_race.h
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
build
build/
.theos
Payload
.DS_Store
usprebooter.xcodeproj/xcuserdata
usprebooter.xcodeproj/project.xcworkspace/xcuserdata
*.ipa
*.tipa
RootHelperSample/RootHelperSample.xcodeproj/xcuserdata
RootHelperSample/build
RootHelperSample/launchdshim/launchdhook/.theos
apple-include
ChOma_host
================================================
FILE: .gitmodules
================================================
[submodule "ChOma"]
path = ChOma
url = https://github.com/opa334/ChOma
================================================
FILE: Makefile
================================================
CC = clang
SHELL = /usr/bin/env bash
LDID = ldid
MACOSX_SYSROOT = $(shell xcrun -sdk macosx --show-sdk-path)
TARGET_SYSROOT = $(shell xcrun -sdk iphoneos --show-sdk-path)
all: Serotonin.tipa
Serotonin.tipa: $(wildcard **/*.c **/*.m **/*.swift **/*.plist **/*.xml)
echo "[*] Building ChOma for host"
$(MAKE) -C ChOma
cp -r ChOma ChOma_host
echo "[*] Building ChOma for target"
$(MAKE) -C ChOma TARGET=ios
echo "[*] Building fastPathSign"
$(MAKE) -C RootHelperSample/Exploits/fastPathSign
echo "[*] Building lunchd hook"
$(MAKE) -C RootHelperSample/launchdshim/launchdhook
echo "[*] Signing lunchd hook"
$(shell test -f RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib || ./ChOma_host/output/tests/ct_bypass -i RootHelperSample/launchdshim/launchdhook/.theos/obj/debug/launchdhook.dylib -o RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib)
echo "[*] Building SpringBoard Hook"
$(MAKE) -C RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook
echo "[*] Signing SB hook"
$(shell test -f RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib || ./ChOma_host/output/tests/ct_bypass -i RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/.theos/obj/debug/SpringBoardHook.dylib -o RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib)
# jank workaround at best, can someone else please fix this weird file dependency? – bomberfish
echo "[*] Copying fastPathSign"
mkdir -p ChOma/output/ios/tests
cp RootHelperSample/Exploits/fastPathSign/fastPathSign ChOma/output/ios/tests
echo "[*] Building Serotonin"
xcodebuild clean build -project Serotonin.xcodeproj -sdk iphoneos -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED="NO"
echo "[*] Done building. Packaging for TS..."
$(MAKE) -C RootHelperSample
rm -rf Payload
rm -rf Serotonin.tipa
mkdir Payload
cp -a build/Release-iphoneos/usprebooter.app Payload
cp RootHelperSample/.theos/obj/debug/arm64/trolltoolsroothelper Payload/usprebooter.app/trolltoolsroothelper
install -m755 RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib Payload/usprebooter.app/launchdhooksigned.dylib
install -m755 RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib Payload/usprebooter.app/springboardhooksigned.dylib
$(LDID) -S./RootHelperSample/entitlements.plist -Cadhoc Payload/usprebooter.app/{fastPathSign,ldid,trolltoolsroothelper}
$(LDID) -Sent.plist -Cadhoc Payload/usprebooter.app/usprebooter
zip -vr9 Serotonin.tipa Payload/ -x "*.DS_Store"
apple-include:
mkdir -p apple-include/{bsm,objc,os/internal,sys,firehose,CoreFoundation,FSEvents,IOSurface,IOKit/kext,libkern,kern,arm,{mach/,}machine,CommonCrypto,Security,CoreSymbolication,Kernel/{kern,IOKit,libkern},rpc,rpcsvc,xpc/private,ktrace,mach-o,dispatch}
cp -af $(MACOSX_SYSROOT)/usr/include/{arpa,bsm,hfs,net,xpc,netinet,servers,timeconv.h,launch.h} apple-include
cp -af $(MACOSX_SYSROOT)/usr/include/objc/objc-runtime.h apple-include/objc
cp -af $(MACOSX_SYSROOT)/usr/include/libkern/{OSDebug.h,OSKextLib.h,OSReturn.h,OSThermalNotification.h,OSTypes.h,machine} apple-include/libkern
cp -af $(MACOSX_SYSROOT)/usr/include/kern apple-include
cp -af $(MACOSX_SYSROOT)/usr/include/sys/{tty*,ptrace,kern*,random,reboot,user,vnode,disk,vmmeter,conf}.h apple-include/sys
cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/Kernel.framework/Versions/Current/Headers/sys/disklabel.h apple-include/sys
cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOKit.framework/Headers/{AppleConvergedIPCKeys.h,IOBSD.h,IOCFBundle.h,IOCFPlugIn.h,IOCFURLAccess.h,IOKitServer.h,IORPC.h,IOSharedLock.h,IOUserServer.h,audio,avc,firewire,graphics,hid,hidsystem,i2c,iokitmig.h,kext,ndrvsupport,network,ps,pwr_mgt,sbp2,scsi,serial,storage,stream,usb,video} apple-include/IOKit
cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/Security.framework/Headers/{mds_schema,oidsalg,SecKeychainSearch,certextensions,Authorization,eisl,SecDigestTransform,SecKeychainItem,oidscrl,cssmcspi,CSCommon,cssmaci,SecCode,CMSDecoder,oidscert,SecRequirement,AuthSession,SecReadTransform,oids,cssmconfig,cssmkrapi,SecPolicySearch,SecAccess,cssmtpi,SecACL,SecEncryptTransform,cssmapi,cssmcli,mds,x509defs,oidsbase,SecSignVerifyTransform,cssmspi,cssmkrspi,SecTask,cssmdli,SecAsn1Coder,cssm,SecTrustedApplication,SecCodeHost,SecCustomTransform,oidsattr,SecIdentitySearch,cssmtype,SecAsn1Types,emmtype,SecTransform,SecTrustSettings,SecStaticCode,emmspi,SecTransformReadTransform,SecKeychain,SecDecodeTransform,CodeSigning,AuthorizationPlugin,cssmerr,AuthorizationTags,CMSEncoder,SecEncodeTransform,SecureDownload,SecAsn1Templates,AuthorizationDB,SecCertificateOIDs,cssmapple}.h apple-include/Security
cp -af $(MACOSX_SYSROOT)/usr/include/{ar,bootstrap,launch,libc,libcharset,localcharset,nlist,NSSystemDirectories,tzfile,vproc}.h apple-include
cp -af $(MACOSX_SYSROOT)/usr/include/mach/{*.defs,{mach_vm,shared_region}.h} apple-include/mach
cp -af $(MACOSX_SYSROOT)/usr/include/mach/machine/*.defs apple-include/mach/machine
cp -af $(MACOSX_SYSROOT)/usr/include/rpc/pmap_clnt.h apple-include/rpc
cp -af $(MACOSX_SYSROOT)/usr/include/rpcsvc/yp{_prot,clnt}.h apple-include/rpcsvc
cp -af $(TARGET_SYSROOT)/usr/include/mach/machine/thread_state.h apple-include/mach/machine
cp -af $(TARGET_SYSROOT)/usr/include/mach/arm apple-include/mach
cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOKit.framework/Headers/* apple-include/IOKit
cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOSurface.framework/Headers/* apple-include/IOSurface
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/stdlib.h > apple-include/stdlib.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/time.h > apple-include/time.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/unistd.h > apple-include/unistd.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/mach/task.h > apple-include/mach/task.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/mach/mach_host.h > apple-include/mach/mach_host.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/ucontext.h > apple-include/ucontext.h
gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/signal.h > apple-include/signal.h
gsed -E /'__API_UNAVAILABLE'/d < $(TARGET_SYSROOT)/usr/include/pthread.h > apple-include/pthread.h
@if [ -f $(TARGET_SYSROOT)/System/Library/Frameworks/CoreFoundation.framework/Headers/CFUserNotification.h ]; then gsed -E 's/API_UNAVAILABLE\(ios, watchos, tvos\)//g' < $(TARGET_SYSROOT)/System/Library/Frameworks/CoreFoundation.framework/Headers/CFUserNotification.h > apple-include/CoreFoundation/CFUserNotification.h; fi
gsed -i -E s/'__API_UNAVAILABLE\(.*\)'// apple-include/IOKit/IOKitLib.h
clean:
rm -rf Payload build RootHelperSample/.theos apple-include RootHelperSample/build FUCK.tipa Serotonin.tipa
.PHONY: all clean
================================================
FILE: README.md
================================================
# This repository's code is now unmaintained and is merged into [the new Serotonin fork with Mineek](https://github.com/mineek/Serotonin)
<div align="center">
<img src="https://raw.githubusercontent.com/hrtowii/Serotonin/A12restart/artwork/serotonin-precomposed.png" height="128" width="128" style="border-radius:25%">
<h1> Serotonin
<br/> not/semi-jailbreak
</h1>
</div>
<h6 align="center"> Supports iOS/iPadOS 16.2 - 16.6.1 </h6>
## How do I use this?
To use this app, you need to be on a supported version (mentioned above), and have [TrollStore](https://github.com/opa334/TrollStore/) installed. You can follow [this guide](https://ios.cfw.guide/installing-trollstore/) to install it on your device. Please note that this tool doesn't support iOS 17.0 despite of it having TrollStore.
1. Download and install [Bootstrap from RootHide](https://github.com/RootHide/Bootstrap)
2. Install ElleKit from Sileo
3. Download the `.tipa` file from the [latest release](https://github.com/hrtowii/Serotonin/releases/latest)
4. Install the downloaded file in TrollStore
5. Open the app and press the Jelbrek button. Your device should userspace reboot, and you should be (not/semi) jailbroken!
## How was this done?
- It replaces launchd by searching through /sbin's vp_namecache, finds launchd's name cache and kwrites it with a patch to `lunchd`, our patched `launchd` (*you can have a look at a better explanation from AlfieCG [here](https://www.reddit.com/r/jailbreak/comments/18zehl2/comment/kgi5ya3/)*)
- Patched launchd hooks posix_spawnp of SpringBoard and execs our own SpringBoard with springboardhook.dylib
- Springboardhook loads in tweaks, ellekit, etc.
- CoreTrust Bug found by [AlfieCG](https://github.com/alfiecg24)
- [KFD Exploit](https://github.com/felix-pb/kfd)
## TODO
- Try adding support for lower iOS versions by overwriting NSGetExecutablePath
- Add support for arm64
- Add a boot splash screen (SOON)
- Fix some Makefile jankiness
- Fix `puaf_pages` picker crash in new UI
## Credits
- [DuyKhanhTran](https://github.com/khanhduytran0) - launchd and SpringBoard hooks
- [NSBedtime](https://twitter.com/NSBedtime) - initial launchdhax, helped out a ton!
- [AlfieCG](https://github.com/alfiecg24) - helped out a ton!
- [Nick Chan](https://github.com/asdfugil) - helped out a ton!
- [BomberFish](https://github.com/BomberFish) - Icon, new UI, `lunchd` name idea :trollface:
- [haxi0](https://github.com/haxi0) - old UI
- [Evelyne](https://github.com/evelyneee) for showing it was possible.
================================================
FILE: RootHelperSample/CoreServices.h
================================================
@interface LSBundleProxy
@property (nonatomic,readonly) NSString * bundleIdentifier;
@property (nonatomic) NSURL* dataContainerURL;
-(NSString*)localizedName;
@end
@interface LSApplicationProxy : LSBundleProxy
+ (instancetype)applicationProxyForIdentifier:(NSString*)identifier;
@property NSURL* bundleURL;
@property NSString* bundleType;
@property NSString* canonicalExecutablePath;
@property (nonatomic,readonly) NSDictionary* groupContainerURLs;
@property (nonatomic,readonly) NSArray* plugInKitPlugins;
@property (getter=isInstalled,nonatomic,readonly) BOOL installed;
@property (getter=isPlaceholder,nonatomic,readonly) BOOL placeholder;
@property (getter=isRestricted,nonatomic,readonly) BOOL restricted;
@property (nonatomic,readonly) NSSet * claimedURLSchemes;
@end
@interface LSApplicationWorkspace : NSObject
+ (instancetype)defaultWorkspace;
- (BOOL)registerApplicationDictionary:(NSDictionary*)dict;
- (BOOL)unregisterApplication:(id)arg1;
- (BOOL)_LSPrivateRebuildApplicationDatabasesForSystemApps:(BOOL)arg1 internal:(BOOL)arg2 user:(BOOL)arg3;
- (BOOL)uninstallApplication:(NSString*)arg1 withOptions:(id)arg2;
- (BOOL)openApplicationWithBundleID:(NSString *)arg1 ;
- (void)enumerateApplicationsOfType:(NSUInteger)type block:(void (^)(LSApplicationProxy*))block;
@end
@interface LSEnumerator : NSEnumerator
@property (nonatomic,copy) NSPredicate * predicate;
+ (instancetype)enumeratorForApplicationProxiesWithOptions:(NSUInteger)options;
@end
@interface LSPlugInKitProxy : LSBundleProxy
@property (nonatomic,readonly) NSString* pluginIdentifier;
@property (nonatomic,readonly) NSDictionary * pluginKitDictionary;
+ (instancetype)pluginKitProxyForIdentifier:(NSString*)arg1;
@end
@interface MCMContainer : NSObject
+ (id)containerWithIdentifier:(id)arg1 createIfNecessary:(BOOL)arg2 existed:(BOOL*)arg3 error:(id*)arg4;
@property (nonatomic,readonly) NSURL * url;
@end
@interface MCMDataContainer : MCMContainer
@end
@interface MCMAppDataContainer : MCMDataContainer
@end
@interface MCMAppContainer : MCMContainer
@end
@interface MCMPluginKitPluginDataContainer : MCMDataContainer
@end
================================================
FILE: RootHelperSample/Makefile
================================================
TARGET := iphone:clang:16.5:14.0
ARCHS = arm64
include $(THEOS)/makefiles/common.mk
TOOL_NAME = trolltoolsroothelper
trolltoolsroothelper_FILES = $(wildcard *.m) Exploits/fastPathSign/src/coretrust_bug.c Exploits/fastPathSign/src/codesign.m
trolltoolsroothelper_LDFLAGS = -Lexternal/lib -lcrypto -lchoma
trolltoolsroothelper_CFLAGS = -fobjc-arc $(shell pkg-config --cflags libcrypto) -Iexternal/include -Wmissing-braces -IExploits/fastPathSign/src
trolltoolsroothelper_CODESIGN_FLAGS = -Sentitlements.plist
trolltoolsroothelper_INSTALL_PATH = /usr/local/bin
trolltoolsroothelper_LIBRARIES = archive
trolltoolsroothelper_PRIVATE_FRAMEWORKS = SpringBoardServices BackBoardServices MobileCoreServices MobileContainerManager IOKit
include $(THEOS_MAKE_PATH)/tool.mk
================================================
FILE: RootHelperSample/RemoteLog.h
================================================
#ifndef _REMOTE_LOG_H_
#define _REMOTE_LOG_H_
#import <netinet/in.h>
#import <sys/socket.h>
#import <unistd.h>
#import <arpa/inet.h>
// change this to match your destination (server) IP address
#define RLOG_IP_ADDRESS "192.168.0.24"
#define RLOG_PORT 11909
__attribute__((unused)) static void RLogv(NSString* format, va_list args)
{
NSString* str = [[NSString alloc] initWithFormat:format arguments:args];
int sd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (sd <= 0)
{
NSLog(@"[RemoteLog] Error: Could not open socket");
return;
}
int broadcastEnable = 1;
int ret = setsockopt(sd, SOL_SOCKET, SO_BROADCAST, &broadcastEnable, sizeof(broadcastEnable));
if (ret)
{
NSLog(@"[RemoteLog] Error: Could not open set socket to broadcast mode");
close(sd);
return;
}
struct sockaddr_in broadcastAddr;
memset(&broadcastAddr, 0, sizeof broadcastAddr);
broadcastAddr.sin_family = AF_INET;
inet_pton(AF_INET, RLOG_IP_ADDRESS, &broadcastAddr.sin_addr);
broadcastAddr.sin_port = htons(RLOG_PORT);
char* request = (char*)[str UTF8String];
ret = sendto(sd, request, strlen(request), 0, (struct sockaddr*)&broadcastAddr, sizeof broadcastAddr);
if (ret < 0)
{
NSLog(@"[RemoteLog] Error: Could not send broadcast");
close(sd);
return;
}
close(sd);
}
__attribute__((unused)) static void RLog(NSString* format, ...)
{
va_list args;
va_start(args, format);
RLogv(format, args);
va_end(args);
}
#endif
================================================
FILE: RootHelperSample/RootHelperSample.xcodeproj/project.pbxproj
================================================
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 56;
objects = {
/* Begin PBXFileReference section */
C82AFEFB2B1762CD0070EA49 /* .DS_Store */ = {isa = PBXFileReference; lastKnownFileType = file; path = .DS_Store; sourceTree = "<group>"; };
C82AFEFC2B1762CD0070EA49 /* uicache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = uicache.h; sourceTree = "<group>"; };
C82AFEFD2B1762CD0070EA49 /* .theos */ = {isa = PBXFileReference; lastKnownFileType = folder; path = .theos; sourceTree = "<group>"; };
C82AFEFE2B1762CD0070EA49 /* Makefile */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = "<group>"; };
C82AFEFF2B1762CD0070EA49 /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = entitlements.plist; sourceTree = "<group>"; };
C82AFF002B1762CD0070EA49 /* TSUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TSUtil.m; sourceTree = "<group>"; };
C82AFF012B1762CD0070EA49 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
C82AFF022B1762CD0070EA49 /* uicache.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = uicache.m; sourceTree = "<group>"; };
C82AFF032B1762CD0070EA49 /* TSUtil.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TSUtil.h; sourceTree = "<group>"; };
C82AFF042B1762CD0070EA49 /* CoreServices.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CoreServices.h; sourceTree = "<group>"; };
C82AFF052B1762CD0070EA49 /* RemoteLog.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteLog.h; sourceTree = "<group>"; };
C82AFF062B1762CD0070EA49 /* control */ = {isa = PBXFileReference; lastKnownFileType = text; path = control; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXGroup section */
C82AFEF52B1762CD0070EA49 = {
isa = PBXGroup;
children = (
C82AFEFB2B1762CD0070EA49 /* .DS_Store */,
C82AFEFC2B1762CD0070EA49 /* uicache.h */,
C82AFEFD2B1762CD0070EA49 /* .theos */,
C82AFEFE2B1762CD0070EA49 /* Makefile */,
C82AFEFF2B1762CD0070EA49 /* entitlements.plist */,
C82AFF002B1762CD0070EA49 /* TSUtil.m */,
C82AFF012B1762CD0070EA49 /* main.m */,
C82AFF022B1762CD0070EA49 /* uicache.m */,
C82AFF032B1762CD0070EA49 /* TSUtil.h */,
C82AFF042B1762CD0070EA49 /* CoreServices.h */,
C82AFF052B1762CD0070EA49 /* RemoteLog.h */,
C82AFF062B1762CD0070EA49 /* control */,
);
sourceTree = "<group>";
};
/* End PBXGroup section */
/* Begin PBXLegacyTarget section */
C82AFEFA2B1762CD0070EA49 /* RootHelperSample */ = {
isa = PBXLegacyTarget;
buildArgumentsString = "$(ACTION)";
buildConfigurationList = C82AFF072B1762CD0070EA49 /* Build configuration list for PBXLegacyTarget "RootHelperSample" */;
buildPhases = (
);
buildToolPath = "bash /Users/ibarahime/usprebooter/build.sh";
buildWorkingDirectory = /Users/ibarahime/usprebooter/RootHelperSample;
dependencies = (
);
name = RootHelperSample;
passBuildSettingsInEnvironment = 1;
productName = RootHelperSample;
};
/* End PBXLegacyTarget section */
/* Begin PBXProject section */
C82AFEF62B1762CD0070EA49 /* Project object */ = {
isa = PBXProject;
attributes = {
BuildIndependentTargetsInParallel = 1;
};
buildConfigurationList = C82AFEF92B1762CD0070EA49 /* Build configuration list for PBXProject "RootHelperSample" */;
compatibilityVersion = "Xcode 14.0";
developmentRegion = en;
hasScannedForEncodings = 0;
knownRegions = (
en,
Base,
);
mainGroup = C82AFEF52B1762CD0070EA49;
projectDirPath = "";
projectRoot = "";
targets = (
C82AFEFA2B1762CD0070EA49 /* RootHelperSample */,
);
};
/* End PBXProject section */
/* Begin XCBuildConfiguration section */
C82AFEF72B1762CD0070EA49 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ARCHS = "$(ARCHS_STANDARD_32_BIT)";
COPY_PHASE_STRIP = NO;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = macosx10.6;
};
name = Debug;
};
C82AFEF82B1762CD0070EA49 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ARCHS = "$(ARCHS_STANDARD_32_BIT)";
COPY_PHASE_STRIP = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
SDKROOT = macosx10.6;
};
name = Release;
};
C82AFF082B1762CD0070EA49 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
COPY_PHASE_STRIP = NO;
DEBUGGING_SYMBOLS = YES;
GCC_DYNAMIC_NO_PIC = NO;
GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
PRODUCT_NAME = RootHelperSample;
};
name = Debug;
};
C82AFF092B1762CD0070EA49 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
COPY_PHASE_STRIP = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
GCC_ENABLE_FIX_AND_CONTINUE = NO;
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
PRODUCT_NAME = RootHelperSample;
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
C82AFEF92B1762CD0070EA49 /* Build configuration list for PBXProject "RootHelperSample" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C82AFEF72B1762CD0070EA49 /* Debug */,
C82AFEF82B1762CD0070EA49 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
C82AFF072B1762CD0070EA49 /* Build configuration list for PBXLegacyTarget "RootHelperSample" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C82AFF082B1762CD0070EA49 /* Debug */,
C82AFF092B1762CD0070EA49 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = C82AFEF62B1762CD0070EA49 /* Project object */;
}
================================================
FILE: RootHelperSample/TSUtil.h
================================================
@import Foundation;
#import "CoreServices.h"
#define TrollStoreErrorDomain @"TrollStoreErrorDomain"
extern void chineseWifiFixup(void);
extern void loadMCMFramework(void);
extern NSString* safe_getExecutablePath();
extern NSString* rootHelperPath(void);
extern NSString* getNSStringFromFile(int fd);
extern void printMultilineNSString(NSString* stringToPrint);
extern int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr);
extern void killall(NSString* processName);
extern void respring(void);
char* getPatchedLaunchdCopy(void);
================================================
FILE: RootHelperSample/TSUtil.m
================================================
#import "TSUtil.h"
#import <Foundation/Foundation.h>
#import <spawn.h>
#import <sys/sysctl.h>
#include <IOKit/IOKitLib.h>
@interface PSAppDataUsagePolicyCache : NSObject
+ (instancetype)sharedInstance;
- (void)setUsagePoliciesForBundle:(NSString*)bundleId cellular:(BOOL)cellular wifi:(BOOL)wifi;
@end
#define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE 1
extern int posix_spawnattr_set_persona_np(const posix_spawnattr_t* __restrict, uid_t, uint32_t);
extern int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t* __restrict, uid_t);
extern int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t* __restrict, uid_t);
void loadMCMFramework(void)
{
static dispatch_once_t onceToken;
dispatch_once (&onceToken, ^{
NSBundle* mcmBundle = [NSBundle bundleWithPath:@"/System/Library/PrivateFrameworks/MobileContainerManager.framework"];
[mcmBundle load];
});
}
extern char*** _NSGetArgv();
NSString* safe_getExecutablePath()
{
char* executablePathC = **_NSGetArgv();
return [NSString stringWithUTF8String:executablePathC];
}
#ifdef EMBEDDED_ROOT_HELPER
NSString* rootHelperPath(void)
{
return safe_getExecutablePath();
}
#else
NSString* rootHelperPath(void)
{
return [[NSBundle mainBundle].bundlePath stringByAppendingPathComponent:@"trolltoolsroothelper"];
}
#endif
NSString* getNSStringFromFile(int fd)
{
NSMutableString* ms = [NSMutableString new];
ssize_t num_read;
char c;
while((num_read = read(fd, &c, sizeof(c))))
{
[ms appendString:[NSString stringWithFormat:@"%c", c]];
}
return ms.copy;
}
void printMultilineNSString(NSString* stringToPrint)
{
NSCharacterSet *separator = [NSCharacterSet newlineCharacterSet];
NSArray* lines = [stringToPrint componentsSeparatedByCharactersInSet:separator];
for(NSString* line in lines)
{
NSLog(@"%@", line);
}
}
int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr)
{
NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new];
[argsM insertObject:path.lastPathComponent atIndex:0];
NSUInteger argCount = [argsM count];
char **argsC = (char **)malloc((argCount + 1) * sizeof(char*));
for (NSUInteger i = 0; i < argCount; i++)
{
argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]);
}
argsC[argCount] = NULL;
posix_spawnattr_t attr;
posix_spawnattr_init(&attr);
posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE);
posix_spawnattr_set_persona_uid_np(&attr, 0);
posix_spawnattr_set_persona_gid_np(&attr, 0);
posix_spawn_file_actions_t action;
posix_spawn_file_actions_init(&action);
int outErr[2];
if(stdErr)
{
pipe(outErr);
posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO);
posix_spawn_file_actions_addclose(&action, outErr[0]);
}
int out[2];
if(stdOut)
{
pipe(out);
posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO);
posix_spawn_file_actions_addclose(&action, out[0]);
}
pid_t task_pid;
int status = -200;
int spawnError = posix_spawn(&task_pid, [path UTF8String], &action, &attr, (char* const*)argsC, NULL);
posix_spawnattr_destroy(&attr);
for (NSUInteger i = 0; i < argCount; i++)
{
free(argsC[i]);
}
free(argsC);
if(spawnError != 0)
{
NSLog(@"posix_spawn error %d\n", spawnError);
return spawnError;
}
do
{
if (waitpid(task_pid, &status, 0) != -1) {
NSLog(@"Child status %d", WEXITSTATUS(status));
} else
{
perror("waitpid");
return -222;
}
} while (!WIFEXITED(status) && !WIFSIGNALED(status));
if(stdOut)
{
close(out[1]);
NSString* output = getNSStringFromFile(out[0]);
*stdOut = output;
}
if(stdErr)
{
close(outErr[1]);
NSString* errorOutput = getNSStringFromFile(outErr[0]);
*stdErr = errorOutput;
}
return WEXITSTATUS(status);
}
void enumerateProcessesUsingBlock(void (^enumerator)(pid_t pid, NSString* executablePath, BOOL* stop))
{
static int maxArgumentSize = 0;
if (maxArgumentSize == 0) {
size_t size = sizeof(maxArgumentSize);
if (sysctl((int[]){ CTL_KERN, KERN_ARGMAX }, 2, &maxArgumentSize, &size, NULL, 0) == -1) {
perror("sysctl argument size");
maxArgumentSize = 4096; // Default
}
}
int mib[3] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL};
struct kinfo_proc *info;
size_t length;
int count;
if (sysctl(mib, 3, NULL, &length, NULL, 0) < 0)
return;
if (!(info = malloc(length)))
return;
if (sysctl(mib, 3, info, &length, NULL, 0) < 0) {
free(info);
return;
}
count = length / sizeof(struct kinfo_proc);
for (int i = 0; i < count; i++) {
@autoreleasepool {
pid_t pid = info[i].kp_proc.p_pid;
if (pid == 0) {
continue;
}
size_t size = maxArgumentSize;
char* buffer = (char *)malloc(length);
if (sysctl((int[]){ CTL_KERN, KERN_PROCARGS2, pid }, 3, buffer, &size, NULL, 0) == 0) {
NSString* executablePath = [NSString stringWithCString:(buffer+sizeof(int)) encoding:NSUTF8StringEncoding];
BOOL stop = NO;
enumerator(pid, executablePath, &stop);
if(stop)
{
free(buffer);
break;
}
}
free(buffer);
}
}
free(info);
}
void killall(NSString* processName)
{
enumerateProcessesUsingBlock(^(pid_t pid, NSString* executablePath, BOOL* stop)
{
if([executablePath.lastPathComponent isEqualToString:processName])
{
kill(pid, SIGTERM);
}
});
}
void respring(void)
{
killall(@"SpringBoard");
exit(0);
}
int get_boot_manifest_hash(char hash[97])
{
const UInt8 *bytes;
CFIndex length;
io_registry_entry_t chosen = IORegistryEntryFromPath(0, "IODeviceTree:/chosen");
if (!MACH_PORT_VALID(chosen)) return 1;
CFDataRef manifestHash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("boot-manifest-hash"), kCFAllocatorDefault, 0);
IOObjectRelease(chosen);
if (manifestHash == NULL || CFGetTypeID(manifestHash) != CFDataGetTypeID())
{
if (manifestHash != NULL) CFRelease(manifestHash);
return 1;
}
length = CFDataGetLength(manifestHash);
bytes = CFDataGetBytePtr(manifestHash);
for (int i = 0; i < length; i++)
{
snprintf(&hash[i * 2], 3, "%02X", bytes[i]);
}
CFRelease(manifestHash);
return 0;
}
char* return_boot_manifest_hash_main(void) {
static char hash[97];
int ret = get_boot_manifest_hash(hash);
if (ret != 0) {
fprintf(stderr, "could not get boot manifest hash\n");
return "lmao";
}
static char result[115];
sprintf(result, "/private/preboot/%s", hash);
return result;
}
char* getPatchedLaunchdCopy(void) {
char* prebootpath = return_boot_manifest_hash_main();
static char originallaunchd[256];
sprintf(originallaunchd, "%s/%s", prebootpath, "patchedlaunchd");
NSLog(@"patchedlaunchd: %s", originallaunchd);
return originallaunchd;
}
char* getOriginalLaunchdCopy(void) {
char* prebootpath = return_boot_manifest_hash_main();
static char originallaunchd[256];
sprintf(originallaunchd, "%s/%s", prebootpath, "patchedlaunchd");
NSLog(@"patchedlaunchd: %s", originallaunchd);
return originallaunchd;
}
================================================
FILE: RootHelperSample/control
================================================
Package: net.sourceloc.trolltoolsroothelper
Name: trolltoolsroothelper
Version: 1.0
Architecture: iphoneos-arm
Description: TrollToolsRootHelper
Maintainer: sourcelocation
Author: sourcelocation
Section: System
Tag: role::hacker
================================================
FILE: RootHelperSample/entitlements.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.domain-extension</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.xpc.domain-extension</key>
<true/>
<key>com.apple.private.xpc.domain-extension.proxy</key>
<true/>
<key>com.apple.private.xpc.launchd.app-state-manager</key>
<true/>
<key>com.apple.private.xpc.launchd.enable-disable-system-services</key>
<true/>
<key>com.apple.private.xpc.launchd.event-monitor</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-bootstrapper</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-outside-bundle</key>
<true/>
<key>com.apple.private.xpc.launchd.obliterator</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-create.mbsetupuser</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-lookup</key>
<true/>
<key>com.apple.private.xpc.launchd.reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.service-hold</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot-now</key>
<true/>
<key>com.apple.private.xpc.persona-creator</key>
<true/>
<key>com.apple.private.xpc.persona-manager</key>
<true/>
<key>com.apple.private.persona-mgmt</key>
<true/>
<key>com.apple.private.xpc.service-attach</key>
<true/>
<key>com.apple.private.xpc.service-configure</key>
<true/>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>com.apple.private.security.storage.AppBundles</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>
<key>com.apple.security.exception.mach-lookup.global-name</key>
<array>
<string>com.apple.mmaintenanced</string>
<string>com.apple.memory-maintenance</string>
</array>
</dict>
</plist>
================================================
FILE: RootHelperSample/external/include/choma/Base64.h
================================================
#ifndef BASE64_H
#define BASE64_H
#include <stdint.h>
#include <stdlib.h>
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
#endif // BASE64_H
================================================
FILE: RootHelperSample/external/include/choma/BufferedStream.h
================================================
#ifndef BUFFERED_STREAM_H
#define BUFFERED_STREAM_H
#include "MemoryStream.h"
#include <stdbool.h>
#define BUFFERED_STREAM_FLAG_AUTO_EXPAND (1 << 0)
typedef struct BufferedStreamContext {
uint8_t *buffer;
size_t bufferSize;
uint32_t subBufferStart;
size_t subBufferSize;
} BufferedStreamContext;
MemoryStream *buffered_stream_init_from_buffer_nocopy(void *buffer, size_t bufferSize, uint32_t flags);
MemoryStream *buffered_stream_init_from_buffer(void *buffer, size_t bufferSize, uint32_t flags);
#endif // BUFFERED_STREAM_H
================================================
FILE: RootHelperSample/external/include/choma/CSBlob.h
================================================
#ifndef CS_BLOB_H
#define CS_BLOB_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include "FAT.h"
#include "MachO.h"
#include "MemoryStream.h"
// Blob index
typedef struct __BlobIndex {
uint32_t type;
uint32_t offset;
} CS_BlobIndex;
// CMS superblob
typedef struct __SuperBlob {
uint32_t magic;
uint32_t length;
uint32_t count;
CS_BlobIndex index[];
} CS_SuperBlob;
typedef struct __GenericBlob {
uint32_t magic; /* magic number */
uint32_t length; /* total length of blob */
char data[];
} CS_GenericBlob;
// CMS blob magic types
enum {
CSBLOB_REQUIREMENT = 0xfade0c00,
CSBLOB_REQUIREMENTS = 0xfade0c01,
CSBLOB_CODEDIRECTORY = 0xfade0c02,
CSBLOB_EMBEDDED_SIGNATURE = 0xfade0cc0,
CSBLOB_DETACHED_SIGNATURE = 0xfade0cc1,
CSBLOB_ENTITLEMENTS = 0xfade7171,
CSBLOB_DER_ENTITLEMENTS = 0xfade7172,
CSBLOB_SIGNATURE_BLOB = 0xfade0b01
} CS_BlobType;
enum {
CSSLOT_CODEDIRECTORY = 0,
CSSLOT_INFOSLOT = 1,
CSSLOT_REQUIREMENTS = 2,
CSSLOT_RESOURCEDIR = 3,
CSSLOT_APPLICATION = 4,
CSSLOT_ENTITLEMENTS = 5,
CSSLOT_DER_ENTITLEMENTS = 7,
CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000,
CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5,
CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX,
CSSLOT_SIGNATURESLOT = 0x10000
} CS_SlotType;
typedef struct s_CS_DecodedBlob {
struct s_CS_DecodedBlob *next;
uint32_t type;
MemoryStream *stream;
} CS_DecodedBlob;
typedef struct s_CS_DecodedSuperBlob {
uint32_t magic;
struct s_CS_DecodedBlob *firstBlob;
} CS_DecodedSuperBlob;
// Convert blob magic to readable blob type string
char *cs_blob_magic_to_string(int magic);
// Extract Code Signature to file
int macho_extract_cs_to_file(MachO *macho, CS_SuperBlob *superblob);
int macho_find_code_signature_bounds(MachO *macho, uint32_t *offsetOut, uint32_t *sizeOut);
CS_SuperBlob *macho_read_code_signature(MachO *macho);
int macho_replace_code_signature(MachO *macho, CS_SuperBlob *superblob);
int update_load_commands(MachO *macho, CS_SuperBlob *superblob, uint64_t originalSize);
CS_DecodedBlob *csd_blob_init(uint32_t type, CS_GenericBlob *blobData);
int csd_blob_read(CS_DecodedBlob *blob, uint64_t offset, size_t size, void *outBuf);
int csd_blob_write(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_insert(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_delete(CS_DecodedBlob *blob, uint64_t offset, size_t size);
int csd_blob_read_string(CS_DecodedBlob *blob, uint64_t offset, char **outString);
int csd_blob_write_string(CS_DecodedBlob *blob, uint64_t offset, const char *string);
int csd_blob_get_size(CS_DecodedBlob *blob);
uint32_t csd_blob_get_type(CS_DecodedBlob *blob);
void csd_blob_set_type(CS_DecodedBlob *blob, uint32_t type);
void csd_blob_free(CS_DecodedBlob *blob);
CS_DecodedSuperBlob *csd_superblob_decode(CS_SuperBlob *superblob);
CS_SuperBlob *csd_superblob_encode(CS_DecodedSuperBlob *decodedSuperblob);
CS_DecodedBlob *csd_superblob_find_blob(CS_DecodedSuperBlob *superblob, uint32_t type, uint32_t *indexOut);
int csd_superblob_insert_blob_after_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, CS_DecodedBlob *afterBlob);
int csd_superblob_insert_blob_at_index(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, uint32_t atIndex);
int csd_superblob_append_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToAppend);
int csd_superblob_remove_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToRemove); // <- Important: When calling this, caller is responsible for freeing blobToRemove
int csd_superblob_remove_blob_at_index(CS_DecodedSuperBlob *superblob, uint32_t atIndex);
int csd_superblob_print_content(CS_DecodedSuperBlob *decodedSuperblob, MachO *macho, bool printAllSlots, bool verifySlots);
void csd_superblob_free(CS_DecodedSuperBlob *decodedSuperblob);
#endif // CS_BLOB_H
================================================
FILE: RootHelperSample/external/include/choma/CodeDirectory.h
================================================
#ifndef CODE_DIRECTORY_H
#define CODE_DIRECTORY_H
#include <stdint.h>
#include <math.h>
#include <CommonCrypto/CommonDigest.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FAT.h"
#include "MachOByteOrder.h"
#include "MachOLoadCommand.h"
#include "MemoryStream.h"
// Code directory blob header
typedef struct __CodeDirectory {
uint32_t magic;
uint32_t length;
uint32_t version;
uint32_t flags;
uint32_t hashOffset;
uint32_t identOffset;
uint32_t nSpecialSlots;
uint32_t nCodeSlots;
uint32_t codeLimit;
uint8_t hashSize;
uint8_t hashType;
uint8_t spare1;
uint8_t pageSize;
uint32_t spare2;
uint32_t scatterOffset;
uint32_t teamOffset;
} CS_CodeDirectory;
enum CS_HashType {
CS_HASHTYPE_SHA160_160 = 1,
CS_HASHTYPE_SHA256_256 = 2,
CS_HASHTYPE_SHA256_160 = 3,
CS_HASHTYPE_SHA384_384 = 4,
};
char *csd_code_directory_copy_identity(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
char *csd_code_directory_copy_team_id(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
int csd_code_directory_set_team_id(CS_DecodedBlob *codeDirBlob, char *newTeamID);
uint32_t csd_code_directory_get_flags(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_flags(CS_DecodedBlob *codeDirBlob, uint32_t flags);
uint8_t csd_code_directory_get_hash_type(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_hash_type(CS_DecodedBlob *codeDirBlob, uint8_t hashType);
int csd_code_directory_print_content(CS_DecodedBlob *codeDirBlob, MachO *macho, bool printSlots, bool verifySlots);
void csd_code_directory_update(CS_DecodedBlob *codeDirBlob, MachO *macho);
#endif // CODE_DIRECTORY_H
================================================
FILE: RootHelperSample/external/include/choma/FAT.h
================================================
#ifndef MACHO_H
#define MACHO_H
#include <stdio.h>
#include <libkern/OSByteOrder.h>
#include <mach/mach.h>
#include <mach-o/loader.h>
#include <mach-o/fat.h>
#include <sys/stat.h>
#include "MemoryStream.h"
typedef struct MachO MachO;
// A FAT structure can either represent a FAT file with multiple slices, in which the slices will be loaded into the slices attribute
// Or a single slice MachO, in which case it serves as a compatibility layer and the single slice will also be loaded into the slices attribute
typedef struct FAT
{
MemoryStream *stream;
MachO **slices;
uint32_t slicesCount;
int fileDescriptor;
} FAT;
int fat_read_at_offset(FAT *fat, uint64_t offset, size_t size, void *outBuf);
MemoryStream *fat_get_stream(FAT *fat);
// Initialise a FAT structure from a memory stream
FAT *fat_init_from_memory_stream(MemoryStream *stream);
// Initialise a FAT structure using the path to the file
FAT *fat_init_from_path(const char *filePath);
//FAT *fat_init_from_path_for_writing(const char *filePath);
// Find macho with cputype and cpusubtype in FAT, returns NULL if not found
MachO *fat_find_slice(FAT *fat, cpu_type_t cputype, cpu_subtype_t cpusubtype);
// Free all elements of the FAT structure
void fat_free(FAT *fat);
#endif // MACHO_H
================================================
FILE: RootHelperSample/external/include/choma/FileStream.h
================================================
#ifndef FILE_STREAM_H
#define FILE_STREAM_H
#include "MemoryStream.h"
#define FILE_STREAM_SIZE_AUTO 0
#define FILE_STREAM_FLAG_WRITABLE (1 << 0)
#define FILE_STREAM_FLAG_AUTO_EXPAND (1 << 1)
typedef struct FileStreamContext {
int fd;
size_t fileSize;
uint32_t bufferStart;
size_t bufferSize;
} FileStreamContext;
MemoryStream *file_stream_init_from_file_descriptor_nodup(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_file_descriptor(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_path(const char *path, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
#endif // FILE_STREAM_H
================================================
FILE: RootHelperSample/external/include/choma/Host.h
================================================
#ifndef HOST_H
#define HOST_H
#include "FAT.h"
// Retrieve the preferred MachO slice from a FAT
// Preferred slice as in the slice that the kernel would use when loading the file
MachO *fat_find_preferred_slice(FAT *fat);
#endif // HOST_H
================================================
FILE: RootHelperSample/external/include/choma/MachO.h
================================================
#ifndef MACHO_SLICE_H
#define MACHO_SLICE_H
#include <stdbool.h>
#include <mach-o/fat.h>
#include <mach-o/loader.h>
#include "MemoryStream.h"
#include "FAT.h"
typedef struct MachOSegment
{
struct segment_command_64 command;
struct section_64 sections[];
} __attribute__((__packed__)) MachOSegment;
typedef struct FilesetMachO {
char *entry_id;
uint64_t vmaddr;
uint64_t fileoff;
FAT *underlyingMachO;
} FilesetMachO;
typedef struct MachO {
MemoryStream *stream;
bool isSupported;
struct mach_header_64 machHeader;
struct fat_arch_64 archDescriptor;
uint32_t filesetCount;
FilesetMachO *filesetMachos;
uint32_t segmentCount;
MachOSegment **segments;
} MachO;
// Read data from a MachO at a specified offset
int macho_read_at_offset(MachO *macho, uint64_t offset, size_t size, void *outBuf);
// Write data from a MachO at a specified offset, auto expands, only works if opened via macho_init_for_writing
int macho_write_at_offset(MachO *macho, uint64_t offset, size_t size, void *inBuf);
MemoryStream *macho_get_stream(MachO *macho);
uint32_t macho_get_filetype(MachO *macho);
// Perform translation between file offsets and virtual addresses
int macho_translate_fileoff_to_vmaddr(MachO *macho, uint64_t fileoff, uint64_t *vmaddrOut, MachOSegment **segmentOut);
int macho_translate_vmaddr_to_fileoff(MachO *macho, uint64_t vmaddr, uint64_t *fileoffOut, MachOSegment **segmentOut);
// Read data from a MachO at a specified virtual address
int macho_read_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, void *outBuf);
int macho_enumerate_load_commands(MachO *macho, void (^enumeratorBlock)(struct load_command loadCommand, uint64_t offset, void *cmd, bool *stop));
// Initialise a MachO object from a MemoryStream and it's corresponding FAT arch descriptor
MachO *macho_init(MemoryStream *stream, struct fat_arch_64 archDescriptor);
// Initialize a single slice macho for writing to it
MachO *macho_init_for_writing(const char *filePath);
void macho_free(MachO *macho);
#endif // MACHO_SLICE_H
================================================
FILE: RootHelperSample/external/include/choma/MachOByteOrder.h
================================================
#ifndef MACHO_BYTE_ORDER_H
#define MACHO_BYTE_ORDER_H
#include <stdio.h>
#include <stdlib.h>
// 8-bit integers needed for CodeDirectory
#define BIG_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapBigToHostInt16(n), \
uint16_t: OSSwapBigToHostInt16(n), \
int32_t: OSSwapBigToHostInt32(n), \
uint32_t: OSSwapBigToHostInt32(n), \
int64_t: OSSwapBigToHostInt64(n), \
uint64_t: OSSwapBigToHostInt64(n) \
)
#define HOST_TO_BIG(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
uint16_t: OSSwapHostToBigInt16(n), \
int16_t: OSSwapHostToBigInt16(n), \
int32_t: OSSwapHostToBigInt32(n), \
uint32_t: OSSwapHostToBigInt32(n), \
int64_t: OSSwapHostToBigInt64(n), \
uint64_t: OSSwapHostToBigInt64(n) \
)
#define LITTLE_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapLittleToHostInt16(n), \
uint16_t: OSSwapLittleToHostInt16(n), \
int32_t: OSSwapLittleToHostInt32(n), \
uint32_t: OSSwapLittleToHostInt32(n), \
int64_t: OSSwapLittleToHostInt64(n), \
uint64_t: OSSwapLittleToHostInt64(n) \
)
#define HOST_TO_LITTLE(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapHostToLittleInt16(n), \
uint16_t: OSSwapHostToLittleInt16(n), \
int32_t: OSSwapHostToLittleInt32(n), \
uint32_t: OSSwapHostToLittleInt32(n), \
int64_t: OSSwapHostToLittleInt64(n), \
uint64_t: OSSwapHostToLittleInt64(n) \
)
#define HOST_TO_LITTLE_APPLIER(instance, member) \
(instance)->member = HOST_TO_LITTLE((instance)->member)
#define HOST_TO_BIG_APPLIER(instance, member) \
(instance)->member = HOST_TO_BIG((instance)->member)
#define LITTLE_TO_HOST_APPLIER(instance, member) \
(instance)->member = LITTLE_TO_HOST((instance)->member)
#define BIG_TO_HOST_APPLIER(instance, member) \
(instance)->member = BIG_TO_HOST((instance)->member)
#define FAT_HEADER_APPLY_BYTE_ORDER(fh, applier) \
applier(fh, magic); \
applier(fh, nfat_arch);
#define FAT_ARCH_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
#define FAT_ARCH_64_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
applier(arch, reserved); \
#define MACH_HEADER_APPLY_BYTE_ORDER(mh, applier) \
applier(mh, magic); \
applier(mh, cputype); \
applier(mh, cpusubtype); \
applier(mh, filetype); \
applier(mh, ncmds); \
applier(mh, sizeofcmds); \
applier(mh, reserved);
#define LOAD_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize);
#define LINKEDIT_DATA_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize); \
applier(lc, dataoff); \
applier(lc, datasize);
#define BLOB_INDEX_APPLY_BYTE_ORDER(bi, applier) \
applier(bi, type); \
applier(bi, offset);
#define SUPERBLOB_APPLY_BYTE_ORDER(sb, applier) \
applier(sb, magic); \
applier(sb, length); \
applier(sb, count);
#define GENERIC_BLOB_APPLY_BYTE_ORDER(gb, applier) \
applier(gb, magic); \
applier(gb, length);
#define CODE_DIRECTORY_APPLY_BYTE_ORDER(cd, applier) \
applier(cd, magic); \
applier(cd, length); \
applier(cd, version); \
applier(cd, flags); \
applier(cd, hashOffset); \
applier(cd, identOffset); \
applier(cd, nSpecialSlots); \
applier(cd, nCodeSlots); \
applier(cd, codeLimit); \
applier(cd, hashSize); \
applier(cd, hashType); \
applier(cd, spare1); \
applier(cd, pageSize); \
applier(cd, spare2); \
applier(cd, scatterOffset); \
applier(cd, teamOffset);
#define SEGMENT_COMMAND_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, cmd); \
applier(sc64, cmdsize); \
applier(sc64, fileoff); \
applier(sc64, filesize); \
applier(sc64, vmaddr); \
applier(sc64, vmsize); \
applier(sc64, flags); \
applier(sc64, initprot); \
applier(sc64, maxprot); \
applier(sc64, nsects);
#define SECTION_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, addr); \
applier(sc64, align); \
applier(sc64, flags); \
applier(sc64, nreloc); \
applier(sc64, offset); \
applier(sc64, reserved1); \
applier(sc64, reserved2); \
applier(sc64, reserved3); \
applier(sc64, size);
#define FILESET_ENTRY_COMMAND_APPLY_BYTE_ORDER(fse, applier) \
applier(fse, cmd); \
applier(fse, cmdsize); \
applier(fse, vmaddr); \
applier(fse, fileoff); \
applier(fse, entry_id.offset); \
applier(fse, reserved); \
#endif // MACHO_BYTE_ORDER_H
================================================
FILE: RootHelperSample/external/include/choma/MachOLoadCommand.h
================================================
#ifndef MACHO_LOAD_COMMAND_H
#define MACHO_LOAD_COMMAND_H
#include <mach-o/loader.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FileStream.h"
#include "MachOByteOrder.h"
// Convert load command to load command name
char *load_command_to_string(int loadCommand);
void update_segment_command_64(MachO *macho, const char *segmentName, uint64_t vmaddr, uint64_t vmsize, uint64_t fileoff, uint64_t filesize);
void update_lc_code_signature(MachO *macho, uint64_t size);
int update_load_commands_for_coretrust_bypass(MachO *macho, CS_SuperBlob *superblob, uint64_t originalCodeSignatureSize, uint64_t originalMachOSize);
#endif // MACHO_LOAD_COMMAND_H
================================================
FILE: RootHelperSample/external/include/choma/MemoryStream.h
================================================
#ifndef MEMORY_STREAM_H
#define MEMORY_STREAM_H
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdbool.h>
#define MEMORY_STREAM_FLAG_OWNS_DATA (1 << 0)
#define MEMORY_STREAM_FLAG_MUTABLE (1 << 1)
#define MEMORY_STREAM_FLAG_AUTO_EXPAND (1 << 2)
#define MEMORY_STREAM_SIZE_INVALID (size_t)-1
// A generic memory IO interface that is used throughout this project
// Can be backed by anything, just the functions have to be implemented
typedef struct s_MemoryStream {
void *context;
uint32_t flags;
int (*read)(struct s_MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int (*write)(struct s_MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int (*getSize)(struct s_MemoryStream *stream, size_t *sizeOut);
uint8_t *(*getRawPtr)(struct s_MemoryStream *stream);
int (*trim)(struct s_MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int (*expand)(struct s_MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
struct s_MemoryStream *(*hardclone)(struct s_MemoryStream *stream);
struct s_MemoryStream *(*softclone)(struct s_MemoryStream *stream);
void (*free)(struct s_MemoryStream *stream);
} MemoryStream;
int memory_stream_read(MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int memory_stream_write(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_insert(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_delete(MemoryStream *stream, uint64_t offset, size_t size);
int memory_stream_read_string(MemoryStream *stream, uint64_t offset, char **outString);
int memory_stream_write_string(MemoryStream *stream, uint64_t offset, const char *string);
size_t memory_stream_get_size(MemoryStream *stream);
uint8_t *memory_stream_get_raw_pointer(MemoryStream *stream);
uint32_t memory_stream_get_flags(MemoryStream *stream);
MemoryStream *memory_stream_softclone(MemoryStream *stream);
MemoryStream *memory_stream_hardclone(MemoryStream *stream);
int memory_stream_trim(MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int memory_stream_expand(MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
void memory_stream_free(MemoryStream *stream);
int memory_stream_copy_data(MemoryStream *originStream, uint64_t originOffset, MemoryStream *targetStream, uint64_t targetOffset, size_t size);
int memory_stream_find_memory(MemoryStream *stream, uint64_t searchOffset, size_t searchSize, void *bytes, void *mask, size_t nbytes, uint16_t alignment, uint64_t *foundOffsetOut);
#endif // MEMORY_STREAM_H
================================================
FILE: RootHelperSample/external/include/choma/PatchFinder.h
================================================
#include <stdint.h>
#include "MachO.h"
#define METRIC_TYPE_PATTERN 1
#define METRIC_TYPE_STRING_XREF 2
#define METRIC_TYPE_FUNCTION_XREF 3
typedef struct PFSection {
uint64_t fileoff;
uint64_t vmaddr;
uint64_t size;
uint8_t *cache;
bool ownsCache;
} PFSection;
PFSection *macho_patchfinder_create_section(MachO *macho, const char *filesetEntryId, const char *segName, const char *sectName);
int macho_patchfinder_cache_section(PFSection *section, MachO *fromMacho);
void macho_patchfinder_section_free(PFSection *section);
typedef struct MetricShared {
uint32_t type;
PFSection *section;
} MetricShared;
typedef enum {
BYTE_PATTERN_ALIGN_8_BIT,
BYTE_PATTERN_ALIGN_16_BIT,
BYTE_PATTERN_ALIGN_32_BIT,
BYTE_PATTERN_ALIGN_64_BIT,
} BytePatternAlignment;
typedef struct BytePatternMetric {
MetricShared shared;
void *bytes;
void *mask;
size_t nbytes;
BytePatternAlignment alignment;
} BytePatternMetric;
BytePatternMetric *macho_patchfinder_create_byte_pattern_metric(PFSection *section, void *bytes, void *mask, size_t nbytes, BytePatternAlignment alignment);
void macho_patchfinder_run_metric(MachO *macho, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop));
================================================
FILE: RootHelperSample/external/include/choma/SignOSSL.h
================================================
#ifndef SIGN_OSSL_H
#define SIGN_OSSL_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/err.h>
unsigned char *signWithRSA(unsigned char *inputData, size_t inputDataLength, unsigned char *key, size_t key_len, size_t *outputDataLength);
#endif // SIGN_OSSL_H
// 0xA422
================================================
FILE: RootHelperSample/external/include/choma/Signing.h
================================================
#ifndef SIGNING_H
#define SIGNING_H
#include <stdio.h>
#include <stdlib.h>
#include <CommonCrypto/CommonCrypto.h>
#include <Security/SecKey.h>
#include <Security/Security.h>
// int signWithRSA(const char *certificateFile, const char *inputFile, const char *outputFile);
#endif // SIGNING_H
================================================
FILE: RootHelperSample/external/include/choma/Util.h
================================================
#include <stdint.h>
#include <stdlib.h>
uint64_t align_to_size(int size, int alignment);
int count_digits(int64_t num);
void print_hash(uint8_t *hash, size_t size);
================================================
FILE: RootHelperSample/external/lib/libcrypto.a
================================================
[File too large to display: 18.6 MB]
================================================
FILE: RootHelperSample/insert_dylib.h
================================================
//
// insert_dylib.h
// kfd
//
// Created by Alfie on 02/01/2024.
//
#ifndef insert_dylib_h
#define insert_dylib_h
int insert_dylib_main(const char *dylib_path, const char *binary_path);
#endif /* insert_dylib_h */
================================================
FILE: RootHelperSample/insert_dylib.m
================================================
// https://github.com/tyilo/insert_dylib
// thanks Alfie
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <getopt.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <copyfile.h>
#include <mach-o/loader.h>
#include <mach-o/fat.h>
#include "insert_dylib.h"
#include <Foundation/Foundation.h>
void NSLogC(const char *format, ...) {
va_list args;
va_start(args, format);
vprintf(format, args);
va_end(args);
va_start(args, format);
NSString *logString = [[NSString alloc] initWithFormat:[NSString stringWithUTF8String:format] arguments:args];
NSLog(@"%@", logString);
va_end(args);
}
#define IS_64_BIT(x) ((x) == MH_MAGIC_64 || (x) == MH_CIGAM_64)
#define IS_LITTLE_ENDIAN(x) ((x) == FAT_CIGAM || (x) == MH_CIGAM_64 || (x) == MH_CIGAM)
#define SWAP32(x, magic) (IS_LITTLE_ENDIAN(magic)? OSSwapInt32(x): (x))
#define SWAP64(x, magic) (IS_LITTLE_ENDIAN(magic)? OSSwapInt64(x): (x))
#define ROUND_UP(x, y) (((x) + (y) - 1) & -(y))
#define ABSDIFF(x, y) ((x) > (y)? (uintmax_t)(x) - (uintmax_t)(y): (uintmax_t)(y) - (uintmax_t)(x))
#define BUFSIZE 512
void fbzero(FILE *f, off_t offset, size_t len) {
static unsigned char zeros[BUFSIZE] = {0};
fseeko(f, offset, SEEK_SET);
while(len != 0) {
size_t size = MIN(len, sizeof(zeros));
fwrite(zeros, size, 1, f);
len -= size;
}
}
void fmemmove(FILE *f, off_t dst, off_t src, size_t len) {
static unsigned char buf[BUFSIZE];
while(len != 0) {
size_t size = MIN(len, sizeof(buf));
fseeko(f, src, SEEK_SET);
fread(&buf, size, 1, f);
fseeko(f, dst, SEEK_SET);
fwrite(buf, size, 1, f);
len -= size;
src += size;
dst += size;
}
}
int inplace_flag = false;
int weak_flag = false;
int overwrite_flag = false;
int codesig_flag = 0;
int yes_flag = false;
static struct option long_options[] = {
{"inplace", no_argument, &inplace_flag, true},
{"weak", no_argument, &weak_flag, true},
{"overwrite", no_argument, &overwrite_flag, true},
{"strip-codesig", no_argument, &codesig_flag, 1},
{"no-strip-codesig", no_argument, &codesig_flag, 2},
{"all-yes", no_argument, &yes_flag, true},
{NULL, 0, NULL, 0}
};
__attribute__((noreturn)) void usage(void) {
NSLogC("[kfdHaxx] insert_dylib: Usage: insert_dylib dylib_path binary_path [new_binary_path]\n");
NSLogC("[kfdHaxx] insert_dylib: Option flags:");
struct option *opt = long_options;
while(opt->name != NULL) {
NSLogC("[kfdHaxx] insert_dylib: --%s", opt->name);
opt++;
}
NSLogC("[kfdHaxx] insert_dylib: \n");
exit(1);
}
__attribute__((format(printf, 1, 2))) bool ask(const char *format, ...) {
char *question;
asprintf(&question, "%s [y/n] ", format);
va_list args;
va_start(args, format);
vprintf(question, args);
va_end(args);
free(question);
while(true) {
char *line = NULL;
size_t size;
if(yes_flag) {
puts("y");
line = "y";
} else {
getline(&line, &size, stdin);
}
switch(line[0]) {
case 'y':
case 'Y':
return true;
break;
case 'n':
case 'N':
return false;
break;
default:
// NSLogC("[kfdHaxx] insert_dylib: Please enter y or n: ");
return true;
}
}
}
size_t fpeek(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream) {
off_t pos = ftello(stream);
size_t result = fread(ptr, size, nitems, stream);
fseeko(stream, pos, SEEK_SET);
return result;
}
void *read_load_command(FILE *f, uint32_t cmdsize) {
void *lc = malloc(cmdsize);
fpeek(lc, cmdsize, 1, f);
return lc;
}
bool check_load_commands(FILE *f, struct mach_header *mh, size_t header_offset, size_t commands_offset, const char *dylib_path, off_t *slice_size) {
fseeko(f, commands_offset, SEEK_SET);
uint32_t ncmds = SWAP32(mh->ncmds, mh->magic);
off_t linkedit_32_pos = -1;
off_t linkedit_64_pos = -1;
struct segment_command linkedit_32;
struct segment_command_64 linkedit_64;
off_t symtab_pos = -1;
uint32_t symtab_size = 0;
for(int i = 0; i < ncmds; i++) {
struct load_command lc;
fpeek(&lc, sizeof(lc), 1, f);
uint32_t cmdsize = SWAP32(lc.cmdsize, mh->magic);
uint32_t cmd = SWAP32(lc.cmd, mh->magic);
switch(cmd) {
case LC_CODE_SIGNATURE:
if(i == ncmds - 1) {
if(codesig_flag == 2) {
return true;
}
if(codesig_flag == 0 && !ask("LC_CODE_SIGNATURE load command found. Remove it?")) {
return true;
}
struct linkedit_data_command *cmd = read_load_command(f, cmdsize);
fbzero(f, ftello(f), cmdsize);
uint32_t dataoff = SWAP32(cmd->dataoff, mh->magic);
uint32_t datasize = SWAP32(cmd->datasize, mh->magic);
free(cmd);
uint64_t linkedit_fileoff = 0;
uint64_t linkedit_filesize = 0;
if(linkedit_32_pos != -1) {
linkedit_fileoff = SWAP32(linkedit_32.fileoff, mh->magic);
linkedit_filesize = SWAP32(linkedit_32.filesize, mh->magic);
} else if(linkedit_64_pos != -1) {
linkedit_fileoff = SWAP64(linkedit_64.fileoff, mh->magic);
linkedit_filesize = SWAP64(linkedit_64.filesize, mh->magic);
} else {
fprintf(stderr, "Warning: __LINKEDIT segment not found.\n");
}
if(linkedit_32_pos != -1 || linkedit_64_pos != -1) {
if(linkedit_fileoff + linkedit_filesize != *slice_size) {
fprintf(stderr, "Warning: __LINKEDIT segment is not at the end of the file, so codesign will not work on the patched binary.\n");
} else {
if(dataoff + datasize != *slice_size) {
fprintf(stderr, "Warning: Codesignature is not at the end of __LINKEDIT segment, so codesign will not work on the patched binary.\n");
} else {
*slice_size -= datasize;
//int64_t diff_size = 0;
if(symtab_pos == -1) {
fprintf(stderr, "Warning: LC_SYMTAB load command not found. codesign might not work on the patched binary.\n");
} else {
fseeko(f, symtab_pos, SEEK_SET);
struct symtab_command *symtab = read_load_command(f, symtab_size);
uint32_t strsize = SWAP32(symtab->strsize, mh->magic);
int64_t diff_size = SWAP32(symtab->stroff, mh->magic) + strsize - (int64_t)*slice_size;
if(-0x10 <= diff_size && diff_size <= 0) {
symtab->strsize = SWAP32((uint32_t)(strsize - diff_size), mh->magic);
fwrite(symtab, symtab_size, 1, f);
} else {
fprintf(stderr, "Warning: String table doesn't appear right before code signature. codesign might not work on the patched binary. (0x%llx)\n", diff_size);
}
free(symtab);
}
linkedit_filesize -= datasize;
uint64_t linkedit_vmsize = ROUND_UP(linkedit_filesize, 0x1000);
if(linkedit_32_pos != -1) {
linkedit_32.filesize = SWAP32((uint32_t)linkedit_filesize, mh->magic);
linkedit_32.vmsize = SWAP32((uint32_t)linkedit_vmsize, mh->magic);
fseeko(f, linkedit_32_pos, SEEK_SET);
fwrite(&linkedit_32, sizeof(linkedit_32), 1, f);
} else {
linkedit_64.filesize = SWAP64(linkedit_filesize, mh->magic);
linkedit_64.vmsize = SWAP64(linkedit_vmsize, mh->magic);
fseeko(f, linkedit_64_pos, SEEK_SET);
fwrite(&linkedit_64, sizeof(linkedit_64), 1, f);
}
goto fix_header;
}
}
}
// If we haven't truncated the file, zero out the code signature
fbzero(f, header_offset + dataoff, datasize);
fix_header:
mh->ncmds = SWAP32(ncmds - 1, mh->magic);
mh->sizeofcmds = SWAP32(SWAP32(mh->sizeofcmds, mh->magic) - cmdsize, mh->magic);
return true;
} else {
NSLogC("[kfdHaxx] insert_dylib: LC_CODE_SIGNATURE is not the last load command, so couldn't remove.\n");
}
break;
case LC_LOAD_DYLIB:
case LC_LOAD_WEAK_DYLIB: {
struct dylib_command *dylib_command = read_load_command(f, cmdsize);
union lc_str offset = dylib_command->dylib.name;
char *name = &((char *)dylib_command)[SWAP32(offset.offset, mh->magic)];
int cmp = strcmp(name, dylib_path);
free(dylib_command);
if(cmp == 0) {
if(!ask("Binary already contains a load command for that dylib. Continue anyway?")) {
return false;
}
}
break;
}
case LC_SEGMENT:
case LC_SEGMENT_64:
if(cmd == LC_SEGMENT) {
struct segment_command *cmd = read_load_command(f, cmdsize);
if(strcmp(cmd->segname, "__LINKEDIT") == 0) {
linkedit_32_pos = ftello(f);
linkedit_32 = *cmd;
}
free(cmd);
} else {
struct segment_command_64 *cmd = read_load_command(f, cmdsize);
if(strcmp(cmd->segname, "__LINKEDIT") == 0) {
linkedit_64_pos = ftello(f);
linkedit_64 = *cmd;
}
free(cmd);
}
case LC_SYMTAB:
symtab_pos = ftello(f);
symtab_size = cmdsize;
}
fseeko(f, SWAP32(lc.cmdsize, mh->magic), SEEK_CUR);
}
return true;
}
bool insert_dylib(FILE *f, size_t header_offset, const char *dylib_path, off_t *slice_size) {
fseeko(f, header_offset, SEEK_SET);
struct mach_header mh;
fread(&mh, sizeof(struct mach_header), 1, f);
if(mh.magic != MH_MAGIC_64 && mh.magic != MH_CIGAM_64 && mh.magic != MH_MAGIC && mh.magic != MH_CIGAM) {
NSLogC("[kfdHaxx] insert_dylib: Unknown magic: 0x%x\n", mh.magic);
return false;
}
size_t commands_offset = header_offset + (IS_64_BIT(mh.magic)? sizeof(struct mach_header_64): sizeof(struct mach_header));
bool cont = check_load_commands(f, &mh, header_offset, commands_offset, dylib_path, slice_size);
if(!cont) {
return true;
}
// Even though a padding of 4 works for x86_64, codesign doesn't like it
size_t path_padding = 8;
size_t dylib_path_len = strlen(dylib_path);
size_t dylib_path_size = (dylib_path_len & ~(path_padding - 1)) + path_padding;
uint32_t cmdsize = (uint32_t)(sizeof(struct dylib_command) + dylib_path_size);
struct dylib_command dylib_command = {
.cmd = SWAP32(weak_flag? LC_LOAD_WEAK_DYLIB: LC_LOAD_DYLIB, mh.magic),
.cmdsize = SWAP32(cmdsize, mh.magic),
.dylib = {
.name = {SWAP32(sizeof(struct dylib_command), mh.magic)},
.timestamp = 0,
.current_version = 0,
.compatibility_version = 0
}
};
uint32_t sizeofcmds = SWAP32(mh.sizeofcmds, mh.magic);
fseeko(f, commands_offset + sizeofcmds, SEEK_SET);
char space[cmdsize];
fread(&space, cmdsize, 1, f);
bool empty = true;
for(int i = 0; i < cmdsize; i++) {
if(space[i] != 0) {
empty = false;
break;
}
}
if(!empty) {
if(!ask("It doesn't seem like there is enough empty space. Continue anyway?")) {
return false;
}
}
fseeko(f, -((off_t)cmdsize), SEEK_CUR);
char *dylib_path_padded = calloc(dylib_path_size, 1);
memcpy(dylib_path_padded, dylib_path, dylib_path_len);
fwrite(&dylib_command, sizeof(dylib_command), 1, f);
fwrite(dylib_path_padded, dylib_path_size, 1, f);
free(dylib_path_padded);
mh.ncmds = SWAP32(SWAP32(mh.ncmds, mh.magic) + 1, mh.magic);
sizeofcmds += cmdsize;
mh.sizeofcmds = SWAP32(sizeofcmds, mh.magic);
fseeko(f, header_offset, SEEK_SET);
fwrite(&mh, sizeof(mh), 1, f);
return true;
}
int insert_dylib_main(const char *dylib_path, const char *binary_path) {
struct stat s;
if(stat(binary_path, &s) != 0) {
perror(binary_path);
return -1;
}
FILE *f = fopen(binary_path, "r+");
if(!f) {
NSLogC("[kfdHaxx] insert_dylib: Couldn't open file %s\n", binary_path);
return -1;
}
bool success = true;
fseeko(f, 0, SEEK_END);
off_t file_size = ftello(f);
rewind(f);
uint32_t magic;
fread(&magic, sizeof(uint32_t), 1, f);
switch(magic) {
case MH_MAGIC_64:
case MH_CIGAM_64:
case MH_MAGIC:
case MH_CIGAM:
if(insert_dylib(f, 0, dylib_path, &file_size)) {
ftruncate(fileno(f), file_size);
NSLogC("[kfdHaxx] insert_dylib: Added load command to %s\n", binary_path);
} else {
NSLogC("[kfdHaxx] insert_dylib: Failed to add load command!\n");
success = false;
}
break;
default:
NSLogC("[kfdHaxx] insert_dylib: Unknown magic: 0x%x\n", magic);
return -1;
}
fclose(f);
if(!success) {
return -1;
}
return 0;
}
================================================
FILE: RootHelperSample/launchdshim/.gitignore
================================================
launchd
launchdinjected
launchdsignedinjected
launchdhook/launchdhooksigned.dylib
SpringBoardShim/launchdsignedinjected
SpringBoardShim/springboardshiminjected
SpringBoardShim/springboardshimsignedinjected
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/Makefile
================================================
TARGET := iphone:clang:latest
ARCHS = arm64e
include $(THEOS)/makefiles/common.mk
TOOL_NAME = springboardshim
springboardshim_FILES = main.c
springboardshim_CFLAGS = -fobjc-arc -isystem
springboardshim_LDFLAGS = -L./ -lbsm
springboardshim_CODESIGN_FLAGS = -SSpringBoardEnts.plist
#springboardshim_PRIVATE_FRAMEWORKS = SpringBoard SpringBoardServices Foundation // adding SpringBoard to privateframeworks here will add it into load command before the tweak dylib is loaded, which causes the platform check to fail - thanks DuyKhanhTran
after-package::
ct_bypass -i .theos/obj/debug/springboardshim -o springboardshimsigned
include $(THEOS_MAKE_PATH)/tool.mk
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEnts.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allow-obliterate-device</key>
<true/>
<key>application-identifier</key>
<string>com.apple.springboard</string>
<key>com.apple.private.security.no-sandbox</key>
<true/>
<key>com.apple.private.domain-extension</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.skip-library-validation</key>
<true/>
<key>com.apple.private.xpc.domain-extension</key>
<true/>
<key>com.apple.private.xpc.domain-extension.proxy</key>
<true/>
<key>com.apple.private.xpc.launchd.app-state-manager</key>
<true/>
<key>com.apple.private.xpc.launchd.enable-disable-system-services</key>
<true/>
<key>com.apple.private.xpc.launchd.event-monitor</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-bootstrapper</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-outside-bundle</key>
<true/>
<key>com.apple.private.xpc.launchd.obliterator</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-create.mbsetupuser</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-lookup</key>
<true/>
<key>com.apple.private.xpc.launchd.reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.service-hold</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot-now</key>
<true/>
<key>com.apple.private.xpc.persona-creator</key>
<true/>
<key>com.apple.private.xpc.persona-manager</key>
<true/>
<key>com.apple.private.persona-mgmt</key>
<true/>
<key>com.apple.private.xpc.service-attach</key>
<true/>
<key>com.apple.private.xpc.service-configure</key>
<true/>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>aps-connection-initiate</key>
<true/>
<key>backupd-connection-initiate</key>
<true/>
<key>checklessPersistentURLTranslation</key>
<true/>
<key>com.apple.BTServer.allowRestrictedServices</key>
<true/>
<key>com.apple.BTServer.programmaticPairing</key>
<true/>
<key>com.apple.CallHistory.sync.allow</key>
<true/>
<key>com.apple.CommCenter.StormBreaker</key>
<true/>
<key>com.apple.CommCenter.fine-grained</key>
<array>
<string>spi</string>
<string>preferences-reset</string>
<string>voice</string>
<string>identity</string>
<string>phone</string>
<string>carrier-settings</string>
</array>
<key>com.apple.CompanionLink</key>
<true/>
<key>com.apple.Contacts.database-allow</key>
<true/>
<key>com.apple.CoreRoutine.LocationOfInterest</key>
<true/>
<key>com.apple.MobileInternetSharing.allow</key>
<true/>
<key>com.apple.ModeEntityScorer</key>
<true/>
<key>com.apple.Pasteboard.trusted-authentication-message-request</key>
<true/>
<key>com.apple.PerformanceTrace.Tracing</key>
<true/>
<key>com.apple.QuartzCore.cache-asynchronous</key>
<true/>
<key>com.apple.QuartzCore.debug</key>
<true/>
<key>com.apple.QuartzCore.displayable-context</key>
<true/>
<key>com.apple.QuartzCore.flipbook</key>
<true/>
<key>com.apple.QuartzCore.global-capture</key>
<true/>
<key>com.apple.QuartzCore.occlusion-override</key>
<true/>
<key>com.apple.QuartzCore.secure-capture</key>
<true/>
<key>com.apple.QuartzCore.secure-mode</key>
<true/>
<key>com.apple.QuartzCore.system-layers</key>
<true/>
<key>com.apple.SystemConfiguration.SCDynamicStore-write-access</key>
<true/>
<key>com.apple.SystemConfiguration.SCPreferences-write-access</key>
<array>
<string>com.apple.AutoWake.xml</string>
<string>preferences.plist</string>
<string>com.apple.radios.plist</string>
</array>
<key>com.apple.TapToRadarKit.service-access</key>
<true/>
<key>com.apple.abm.helper.mobile.allow</key>
<true/>
<key>com.apple.accounts.appleaccount.fullaccess</key>
<true/>
<key>com.apple.assistant.announcement_state</key>
<true/>
<key>com.apple.assistant.client</key>
<true/>
<key>com.apple.assistant.settings</key>
<true/>
<key>com.apple.authkit.client.private</key>
<true/>
<key>com.apple.authkit.writer.internal</key>
<true/>
<key>com.apple.avfoundation.allow-identifying-output-device-details</key>
<true/>
<key>com.apple.avfoundation.allow-still-image-capture-shutter-sound-manipulation</key>
<true/>
<key>com.apple.avfoundation.allow-system-wide-context</key>
<true/>
<key>com.apple.avfoundation.allows-access-to-device-list</key>
<true/>
<key>com.apple.avfoundation.allows-set-output-device</key>
<true/>
<key>com.apple.backboard.client</key>
<true/>
<key>com.apple.backboard.display.archive</key>
<true/>
<key>com.apple.backboard.displaybrightness</key>
<true/>
<key>com.apple.backboardd.cancelsTouchesInHostedContent</key>
<true/>
<key>com.apple.backboardd.displayArrangement</key>
<true/>
<key>com.apple.backboardd.eventAuthenticationVerification</key>
<true/>
<key>com.apple.backboardd.global-pointer-event-routing</key>
<true/>
<key>com.apple.backboardd.hostCanRequireTouchesFromHostedContent</key>
<true/>
<key>com.apple.backboardd.lastUserEventTime</key>
<true/>
<key>com.apple.backboardd.launchapplications</key>
<true/>
<key>com.apple.backboardd.pointerAutomation</key>
<true/>
<key>com.apple.backboardd.pointerRepositioning</key>
<true/>
<key>com.apple.backboardd.touchDeliveryObservation</key>
<true/>
<key>com.apple.backboardd.transferTouches</key>
<true/>
<key>com.apple.backboardd.virtualDisplay</key>
<true/>
<key>com.apple.bannerkit.post</key>
<true/>
<key>com.apple.biome.PublicStreamAccessService</key>
<true/>
<key>com.apple.bluetooth.system</key>
<true/>
<key>com.apple.bulletinboard</key>
<true/>
<key>com.apple.bulletinboard.dataprovider</key>
<true/>
<key>com.apple.bulletinboard.observer</key>
<true/>
<key>com.apple.bulletinboard.serverconduit</key>
<true/>
<key>com.apple.bulletinboard.settings</key>
<true/>
<key>com.apple.bulletinboard.systemstate</key>
<true/>
<key>com.apple.bulletinboard.utilities</key>
<true/>
<key>com.apple.cards.all-access</key>
<true/>
<key>com.apple.chronod.toolservices</key>
<true/>
<key>com.apple.chronoservices</key>
<true/>
<key>com.apple.coreaudio.CanRecordPastData</key>
<true/>
<key>com.apple.coreaudio.allow-amr-decode</key>
<true/>
<key>com.apple.coreaudio.allow-opus-codec</key>
<true/>
<key>com.apple.coreaudio.allow-speex-codec</key>
<true/>
<key>com.apple.coreduetd.allow</key>
<true/>
<key>com.apple.coreduetd.batterysaver.allow</key>
<true/>
<key>com.apple.coreduetd.context</key>
<true/>
<key>com.apple.coreduetd.knowledge</key>
<true/>
<key>com.apple.coremedia.allow-pre-wiring-pixel-buffers</key>
<true/>
<key>com.apple.coremedia.allow-protected-content-playback</key>
<true/>
<key>com.apple.coremedia.virtualdisplaysession</key>
<true/>
<key>com.apple.developer.extension-host.widget-extension</key>
<true/>
<key>com.apple.developer.homekit</key>
<true/>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>com.apple.springboard</string>
<key>com.apple.duet.activityscheduler.allow</key>
<true/>
<key>com.apple.duet.expertcenter.consumer</key>
<true/>
<key>com.apple.extensionkit.host.extension-point-identifiers</key>
<array>
<string>com.apple.SoundScapesViewServices.ViewService</string>
</array>
<key>com.apple.fileprovider.acl-write</key>
<true/>
<key>com.apple.fileprovider.enumerate</key>
<true/>
<key>com.apple.fileprovider.fetch-url</key>
<true/>
<key>com.apple.frontboard.app-badge-value-access</key>
<true/>
<key>com.apple.frontboard.launchapplications</key>
<true/>
<key>com.apple.frontboard.shutdown</key>
<true/>
<key>com.apple.frontboardservices.display-layout-monitor</key>
<true/>
<key>com.apple.geoservices.navigation_info</key>
<true/>
<key>com.apple.homekit.private-spi-access</key>
<true/>
<key>com.apple.iapd.accessibility</key>
<true/>
<key>com.apple.icloud.findmydeviced.access</key>
<true/>
<key>com.apple.icloud.findmydeviced.findmydevice-user-agent.access</key>
<true/>
<key>com.apple.icloud.fmfd.access</key>
<true/>
<key>com.apple.icloud.searchpartyd.beaconmanager</key>
<true/>
<key>com.apple.idle-timer-services</key>
<true/>
<key>com.apple.imagent</key>
<true/>
<key>com.apple.imagent.av</key>
<true/>
<key>com.apple.imagent.chat</key>
<true/>
<key>com.apple.intents.extension.discovery</key>
<true/>
<key>com.apple.intents.uiextension.discovery</key>
<true/>
<key>com.apple.internal.seserviced.all.endpoints.and.cas</key>
<true/>
<key>com.apple.internal.seserviced.ptattestation</key>
<true/>
<key>com.apple.itunesstored.private</key>
<true/>
<key>com.apple.keystore.device</key>
<true/>
<key>com.apple.keystore.lockassertion</key>
<true/>
<key>com.apple.keystore.stash.access</key>
<true/>
<key>com.apple.launchservices.clearadvertisingid</key>
<true/>
<key>com.apple.localizationswitcher</key>
<true/>
<key>com.apple.locationd.activity</key>
<true/>
<key>com.apple.locationd.asmanager</key>
<true/>
<key>com.apple.locationd.authorizeapplications</key>
<true/>
<key>com.apple.locationd.effective_bundle</key>
<true/>
<key>com.apple.locationd.motion_alarms</key>
<true/>
<key>com.apple.locationd.place_inference</key>
<true/>
<key>com.apple.locationd.prompt_behavior</key>
<true/>
<key>com.apple.locationd.region_proxy_service</key>
<true/>
<key>com.apple.locationd.status</key>
<true/>
<key>com.apple.locationd.usage_oracle</key>
<true/>
<key>com.apple.locationd.vehicle_data</key>
<true/>
<key>com.apple.logind.client.entitlement</key>
<true/>
<key>com.apple.lsapplicationproxy.deviceidentifierforvendor</key>
<true/>
<key>com.apple.managedconfiguration.mdmd-access</key>
<true/>
<key>com.apple.managedconfiguration.profiled-access</key>
<true/>
<key>com.apple.mediaremote.ui-control</key>
<true/>
<key>com.apple.mediastream.mstreamd-access</key>
<true/>
<key>com.apple.messages.composeclient</key>
<true/>
<key>com.apple.mkb.usersession.info</key>
<true/>
<key>com.apple.mkb.usersession.loginwindow</key>
<true/>
<key>com.apple.mobile.deleted.AllowFreeSpace</key>
<true/>
<key>com.apple.mobile.keybagd.UserManager.logoutcritical</key>
<true/>
<key>com.apple.mobilemail.mailservices</key>
<true/>
<key>com.apple.multitasking.systemappassertions</key>
<true/>
<key>com.apple.multitasking.termination</key>
<true/>
<key>com.apple.nano.nanoregistry.generalaccess</key>
<true/>
<key>com.apple.nfcd.hwmanager</key>
<true/>
<key>com.apple.nfcd.radio.powertoggle</key>
<true/>
<key>com.apple.nfcd.seshat</key>
<true/>
<key>com.apple.nfcd.session.ecommerce</key>
<true/>
<key>com.apple.nfcd.session.fieldOperations</key>
<true/>
<key>com.apple.nfcd.session.peerpayment</key>
<true/>
<key>com.apple.nfcd.session.reader.internal</key>
<true/>
<key>com.apple.nfcd.session.se</key>
<true/>
<key>com.apple.nfcd.session.trust</key>
<true/>
<key>com.apple.nfcd.singleUser</key>
<true/>
<key>com.apple.notificationcenter.widgetcontrollerhascontent</key>
<true/>
<key>com.apple.osanalytics.otatasking-service-access</key>
<true/>
<key>com.apple.payment.configuration</key>
<true/>
<key>com.apple.payment.presentation</key>
<true/>
<key>com.apple.photos.bourgeoisie</key>
<true/>
<key>com.apple.pointerui.persistentlyHidePointer</key>
<true/>
<key>com.apple.pointerui.service-keep-alive-assertion</key>
<true/>
<key>com.apple.pointerui.set-system-cursor-interaction-context</key>
<true/>
<key>com.apple.posterboardservices.data-store</key>
<true/>
<key>com.apple.posterboardservices.data-store.accessSwitcherConfiguration</key>
<true/>
<key>com.apple.powerd.lowpowermode.allow</key>
<true/>
<key>com.apple.private.CallHistory.read</key>
<true/>
<key>com.apple.private.ClipServices</key>
<true/>
<key>com.apple.private.CoreAuthentication.SPI</key>
<true/>
<key>com.apple.private.InstallCoordination.allowed</key>
<true/>
<key>com.apple.private.MobileContainerManager.otherIdLookup</key>
<true/>
<key>com.apple.private.MobileGestalt.AllowedProtectedKeys</key>
<array>
<string>InverseDeviceID</string>
</array>
<key>com.apple.private.ReplayKitAngel.client</key>
<true/>
<key>com.apple.private.SafariServices.PasswordPicker.setRemoteAppProperties</key>
<true/>
<key>com.apple.private.ShazamKit</key>
<true/>
<key>com.apple.private.WebClips.read-write</key>
<true/>
<key>com.apple.private.accessories.showallconnections</key>
<true/>
<key>com.apple.private.accounts.allaccounts</key>
<true/>
<key>com.apple.private.activitykit.activityAuthorizer</key>
<true/>
<key>com.apple.private.activitykit.activityEnder</key>
<false/>
<key>com.apple.private.activitykit.alertPresenter</key>
<false/>
<key>com.apple.private.activitykit.assertionRequester</key>
<false/>
<key>com.apple.private.activitykit.listener</key>
<false/>
<key>com.apple.private.activitykit.presentationAssertionRequester</key>
<false/>
<key>com.apple.private.activitykit.prominenceObserver</key>
<false/>
<key>com.apple.private.airdrop.settings</key>
<true/>
<key>com.apple.private.appleaccount.app-hidden-from-icloud-settings</key>
<true/>
<key>com.apple.private.applecredentialmanager.allow</key>
<true/>
<key>com.apple.private.appstored</key>
<array>
<string>Repair</string>
<string>TestFlightFeedback</string>
<string>StoreKitExternalNotification</string>
<string>Update</string>
</array>
<key>com.apple.private.assets.accessible-asset-types</key>
<array>
<string>com.apple.MobileAsset.DuetExpertCenterAsset</string>
</array>
<key>com.apple.private.attentionawareness</key>
<true/>
<key>com.apple.private.attentionawareness.poll</key>
<true/>
<key>com.apple.private.attribution.implicitly-assumed-identity</key>
<dict>
<key>type</key>
<string>path</string>
<key>value</key>
<string>/System/Library/CoreServices/SpringBoard.app/SpringBoard</string>
</dict>
<key>com.apple.private.barcodesupport.allowNotifications</key>
<true/>
<key>com.apple.private.biome.read-only</key>
<array>
<string>AppLaunch</string>
<string>InferredMode</string>
<string>Notification</string>
<string>ScreenSharing</string>
<string>HomeKitClientAccessoryControl</string>
<string>HomeKitClientMediaAccessoryControl</string>
<string>HomeKitClientActionSet</string>
</array>
<key>com.apple.private.biome.read-write</key>
<array>
<string>SiriUI</string>
<string>Device.Display.Appearance</string>
<string>Device.Display.AlwaysOn</string>
<string>OSAnalytics.Hardware.Reliability</string>
</array>
<key>com.apple.private.biome.realTimeSensorSession</key>
<true/>
<key>com.apple.private.bmk.allow</key>
<true/>
<key>com.apple.private.calendar.allow-suggestions</key>
<true/>
<key>com.apple.private.canGetAppLinkInfo</key>
<true/>
<key>com.apple.private.canModifyAppLinkPermissions</key>
<true/>
<key>com.apple.private.carkit</key>
<true/>
<key>com.apple.private.carkit.app</key>
<true/>
<key>com.apple.private.carkit.dnd</key>
<true/>
<key>com.apple.private.clouddocs.can-grant-access-to-document</key>
<true/>
<key>com.apple.private.contactsui</key>
<true/>
<key>com.apple.private.coordination.alarms</key>
<true/>
<key>com.apple.private.coordination.timers</key>
<true/>
<key>com.apple.private.coreaudio.borrowaudiosession.allow</key>
<true/>
<key>com.apple.private.coreaudio.mxsessionPropertyPipe</key>
<true/>
<key>com.apple.private.coremedia.interruptions.phonecallpriority.allow</key>
<true/>
<key>com.apple.private.corerecents</key>
<true/>
<key>com.apple.private.coreservices.canmaplsdatabase</key>
<true/>
<key>com.apple.private.coreservices.canopenactivity</key>
<true/>
<key>com.apple.private.coreservices.lsuseractivityd.bestappsuggestion</key>
<true/>
<key>com.apple.private.corespotlight.internal</key>
<true/>
<key>com.apple.private.corespotlight.search.internal</key>
<true/>
<key>com.apple.private.corewifi.internal</key>
<true/>
<key>com.apple.private.dmd.policy</key>
<true/>
<key>com.apple.private.donotdisturb.behavior.resolution.client-identifiers</key>
<array>
<string>com.apple.springboard.SBBulletinSpokenObserverGateway</string>
<string>com.apple.springboard.NCBulletinNotificationSource</string>
</array>
<key>com.apple.private.donotdisturb.mode.assertion.client-identifiers</key>
<array>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.focus.activity-manager</string>
</array>
<key>com.apple.private.donotdisturb.mode.assertion.user-requested.client-identifiers</key>
<array>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.focus.activity-manager</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.modify.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.NCModeManager</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.request.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.proactive.AppPredictionClient</string>
<string>com.apple.springboard.focusappconfigurationcontextmonitor</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.updates.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.proactive.AppPredictionClient</string>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.focusappconfigurationcontextmonitor</string>
<string>com.apple.FocusSettings</string>
</array>
<key>com.apple.private.donotdisturb.settings.request.client-identifiers</key>
<array>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.proactive.AppPredictionClient</string>
</array>
<key>com.apple.private.donotdisturb.settings.updates.client-identifiers</key>
<array>
<string>com.apple.springboard.donotdisturb.notifications</string>
</array>
<key>com.apple.private.donotdisturb.state.request.client-identifiers</key>
<array>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.SBDashBoardCombinedListViewController</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.awdmetrics</string>
<string>com.apple.springboard.dashboard.bedtime</string>
<string>com.apple.accessibility.visual.alerts</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.springboard.SBDoNotDisturbMetric</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.dndstatemonitor</string>
<string>com.apple.springboard.CoverSheetDiscoveryProvider</string>
</array>
<key>com.apple.private.donotdisturb.state.updates.client-identifiers</key>
<array>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.SBDashBoardCombinedListViewController</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.awdmetrics</string>
<string>com.apple.springboard.dashboard.bedtime</string>
<string>com.apple.accessibility.visual.alerts</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.springboard.SBDoNotDisturbMetric</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.dndstatemonitor</string>
<string>com.apple.springboard.CoverSheetDiscoveryProvider</string>
</array>
<key>com.apple.private.externalaccessory.showallaccessories</key>
<true/>
<key>com.apple.private.followup</key>
<true/>
<key>com.apple.private.game-center</key>
<array>
<string>Account</string>
<string>Games</string>
</array>
<key>com.apple.private.game-center.bypass-authentication</key>
<true/>
<key>com.apple.private.healthkit</key>
<true/>
<key>com.apple.private.healthkit.feature-availability.read</key>
<array>
<string>SleepCoaching</string>
</array>
<key>com.apple.private.healthkit.read_authorization_override</key>
<array>
<string>HKCategoryTypeIdentifierSleepAnalysis</string>
</array>
<key>com.apple.private.healthkit.source_override</key>
<string>com.apple.mobiletimer</string>
<key>com.apple.private.healthkit.write_authorization_override</key>
<array>
<string>HKCategoryTypeIdentifierSleepAnalysis</string>
</array>
<key>com.apple.private.hid.client.event-dispatch</key>
<true/>
<key>com.apple.private.hid.client.service-protected</key>
<true/>
<key>com.apple.private.hid.manager.client</key>
<true/>
<key>com.apple.private.homekit</key>
<true/>
<key>com.apple.private.homekit.allow-secure-access</key>
<true/>
<key>com.apple.private.icfcallserver</key>
<true/>
<key>com.apple.private.ids.idsquery</key>
<true/>
<key>com.apple.private.ids.messaging</key>
<array>
<string>com.apple.private.alloy.bulletinboard</string>
<string>com.apple.private.alloy.donotdisturb</string>
<string>com.apple.madrid</string>
<string>com.apple.private.alloy.siri.phrasespotter</string>
</array>
<key>com.apple.private.ids.messaging.urgent-priority</key>
<array>
<string>com.apple.private.alloy.bulletinboard</string>
<string>com.apple.private.alloy.donotdisturb</string>
<string>com.apple.private.alloy.siri.phrasespotter</string>
</array>
<key>com.apple.private.ids.registration-reset</key>
<true/>
<key>com.apple.private.imavcore.imavagent</key>
<true/>
<key>com.apple.private.imcore.imdpersistence.database-access</key>
<true/>
<key>com.apple.private.imcore.imremoteurlconnection</key>
<true/>
<key>com.apple.private.imcore.spi.database-access</key>
<true/>
<key>com.apple.private.in-app-payments</key>
<true/>
<key>com.apple.private.iokit.powersource-control</key>
<true/>
<key>com.apple.private.kernel.darkboot</key>
<true/>
<key>com.apple.private.kernel.jetsam</key>
<true/>
<key>com.apple.private.librarian.can-get-application-info</key>
<true/>
<key>com.apple.private.lockdown.finegrained-get</key>
<array>
<string>NULL/ActivationState</string>
<string>NULL/BrickState</string>
<string>NULL/SBLockdownEverRegisteredKey</string>
<string>com.apple.xcode.developerdomain/DeveloperStatus</string>
<string>NULL/BuildExpireTime</string>
</array>
<key>com.apple.private.lockdown.finegrained-remove</key>
<array>
<string>com.apple.mobile.iTunes.store/AppleID</string>
<string>com.apple.mobile.data_sync/Contacts</string>
<string>com.apple.mobile.data_sync/Calendars</string>
<string>com.apple.mobile.data_sync/Bookmarks</string>
<string>com.apple.mobile.data_sync/Mail Accounts</string>
</array>
<key>com.apple.private.mediaexperience.allowemergencyalertpriority</key>
<true/>
<key>com.apple.private.mediasafetynet.exception.notificationappex</key>
<true/>
<key>com.apple.private.mis.online_auth_agent</key>
<true/>
<key>com.apple.private.mobileinstall.allowedSPI</key>
<array>
<string>UninstallForLaunchServices</string>
<string>SetCapabilities</string>
<string>Lookup</string>
</array>
<key>com.apple.private.mobilesafari.searchengine</key>
<true/>
<key>com.apple.private.mobilestoredemo.enabledemo</key>
<array>
<string>Manage</string>
</array>
<key>com.apple.private.mobiletimerd</key>
<true/>
<key>com.apple.private.nearbyinteraction.system-shutdown</key>
<true/>
<key>com.apple.private.network.socket-delegate</key>
<true/>
<key>com.apple.private.networkextension.configuration</key>
<true/>
<key>com.apple.private.persona.read</key>
<true/>
<key>com.apple.private.photos.service.demo</key>
<true/>
<key>com.apple.private.photos.service.multilibrary</key>
<true/>
<key>com.apple.private.ppm.superclient</key>
<true/>
<key>com.apple.private.replay-kit</key>
<true/>
<key>com.apple.private.rtcreportingd</key>
<true/>
<key>com.apple.private.screen-time</key>
<true/>
<key>com.apple.private.security.container-manager</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>
<key>com.apple.private.security.storage.Calendar</key>
<true/>
<key>com.apple.private.security.storage.Photos</key>
<true/>
<key>com.apple.private.security.storage.clipserviced</key>
<true/>
<key>com.apple.private.security.storage.familycircled</key>
<true/>
<key>com.apple.private.security.storage.triald</key>
<true/>
<key>com.apple.private.sessionkit.alertPresenter</key>
<true/>
<key>com.apple.private.sessionkit.assertionRequester</key>
<true/>
<key>com.apple.private.sessionkit.custom-platter-target</key>
<true/>
<key>com.apple.private.sessionkit.listener</key>
<true/>
<key>com.apple.private.sessionkit.permitMultipleProcessInputs</key>
<true/>
<key>com.apple.private.sessionkit.presentationAssertionRequester</key>
<true/>
<key>com.apple.private.sessionkit.prominenceObserver</key>
<true/>
<key>com.apple.private.sessionkit.sessionFinisher</key>
<true/>
<key>com.apple.private.sessionkit.sessionRequest</key>
<true/>
<key>com.apple.private.sharing.unlock-manager</key>
<true/>
<key>com.apple.private.shazamkit.allow-external-audio-recording</key>
<true/>
<key>com.apple.private.shazamkit.allow-internal-audio-recording</key>
<true/>
<key>com.apple.private.sleepd</key>
<true/>
<key>com.apple.private.suggestions.contacts</key>
<true/>
<key>com.apple.private.suggestions.events</key>
<true/>
<key>com.apple.private.system-keychain</key>
<true/>
<key>com.apple.private.tcc.allow</key>
<array>
<string>kTCCServiceAddressBook</string>
<string>kTCCServiceCalendar</string>
<string>kTCCServiceReminders</string>
<string>kTCCServicePhotos</string>
<string>kTCCServicePhotosAdd</string>
<string>kTCCServiceMediaLibrary</string>
<string>kTCCServiceMicrophone</string>
<string>kTCCServiceCamera</string>
<string>kTCCServiceWillow</string>
<string>kTCCServiceFaceID</string>
<string>kTCCServiceBluetoothAlways</string>
</array>
<key>com.apple.private.tcc.manager.access.read</key>
<array>
<string>kTCCServiceFocusStatus</string>
</array>
<key>com.apple.private.tipsd.discoverability</key>
<true/>
<key>com.apple.private.tty.settings</key>
<true/>
<key>com.apple.private.ubiquity-kvstore-access</key>
<array>
<string>com.apple.weather</string>
<string>com.apple.stocks</string>
<string>com.apple.backboardd</string>
<string>com.apple.Accessibility</string>
<string>com.apple.Accessibility.SwitchControl</string>
<string>com.apple.Accessibility.TouchAccommodations</string>
<string>com.apple.AssistiveTouch</string>
<string>com.apple.HearingAids</string>
<string>com.apple.SpeakSelection</string>
<string>com.apple.VoiceOverTouch</string>
<string>com.apple.ZoomTouch</string>
</array>
<key>com.apple.private.usernotifications.bundle-identifiers</key>
<array>
<string>com.apple.donotdisturb</string>
<string>com.apple.mobiletimer</string>
<string>com.apple.usernotifications.example</string>
</array>
<key>com.apple.private.usernotifications.settings</key>
<array>
<string>read</string>
</array>
<key>com.apple.private.vfs.allow-low-space-writes</key>
<true/>
<key>com.apple.private.vfs.open-by-id</key>
<true/>
<key>com.apple.private.wallpaperkit.service.migration</key>
<true/>
<key>com.apple.private.xpc.launchd.app-server</key>
<true/>
<key>com.apple.proactive.ActionPrediction.predictions</key>
<true/>
<key>com.apple.proactive.AppPrediction.predictions</key>
<true/>
<key>com.apple.proactive.DefaultWidgetSuggester</key>
<true/>
<key>com.apple.proactive.NotificationDigest.xpc</key>
<true/>
<key>com.apple.proactive.ProactiveSuggestionClientModel.xpc</key>
<true/>
<key>com.apple.proactive.SuggestedPages</key>
<true/>
<key>com.apple.proactive.UserEducationSuggestion.server-listener.xpc</key>
<true/>
<key>com.apple.proactive.appDirectory</key>
<true/>
<key>com.apple.proactive.eventtracker</key>
<true/>
<key>com.apple.proactive.hero.AppPrediction.predictions</key>
<true/>
<key>com.apple.proactive.infoSuggestion.xpc</key>
<true/>
<key>com.apple.purplebuddy.budd.access</key>
<true/>
<key>com.apple.remotenotification.access</key>
<true/>
<key>com.apple.remotenotification.preferences</key>
<true/>
<key>com.apple.rootless.storage.com.apple.MobileAsset.DuetExpertCenterAsset</key>
<true/>
<key>com.apple.rootless.storage.coreduet_knowledge_store</key>
<true/>
<key>com.apple.rootless.storage.proactivepredictions</key>
<true/>
<key>com.apple.runningboard.hereditarygrantoriginator</key>
<true/>
<key>com.apple.runningboard.posterkit.host</key>
<true/>
<key>com.apple.runningboard.primitiveattribute</key>
<true/>
<key>com.apple.runningboard.process-state</key>
<true/>
<key>com.apple.runningboard.request.identity</key>
<true/>
<key>com.apple.runningboard.terminateprocess</key>
<true/>
<key>com.apple.runningboard.underlyingassertion</key>
<true/>
<key>com.apple.securebackupd.access</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.apple.weather</string>
<string>group.com.apple.stocks</string>
<string>com.apple.Home.group</string>
</array>
<key>com.apple.security.enterprise-volume-access</key>
<true/>
<key>com.apple.security.exception.files.absolute-path.read-only</key>
<array>
<string>/private/var/mobile/Library/Trial/NamespaceDescriptors/</string>
<string>/private/var/mobile/Library/Trial/Treatments/180/</string>
</array>
<key>com.apple.security.exception.mach-lookup.global-name</key>
<array>
<string>com.apple.sirittsd</string>
<string>com.apple.proactive.UserEducationSuggestion.server-listener.xpc</string>
<string>com.apple.Photos.MultiLibrary</string>
<string>com.apple.abm.helper.mobile</string>
<string>com.apple.siri.activation.service</string>
<string>com.apple.springboard.SBRendererService</string>
<string>com.apple.appstored.xpc</string>
<string>com.apple.appstored.xpc.request</string>
<string>com.apple.PointerUI.pointeruid.service-launching</string>
<string>com.apple.proactive.appDirectory</string>
<string>com.apple.CarPlayApp.service</string>
<string>com.apple.sleepd.sleepserver</string>
<string>com.apple.donotdisturb.service</string>
<string>com.apple.coordination.alarms</string>
<string>com.apple.coordination.timers</string>
<string>com.apple.tipsd</string>
<string>com.apple.ModeEntityScorer</string>
<string>com.apple.proactive.NotificationDigest.xpc</string>
<string>com.apple.assistant.announcement_state.service</string>
<string>com.apple.icloud.searchpartyd.beaconmanager</string>
<string>com.apple.server.bluetooth.general.xpc</string>
<string>com.apple.powerd.smartpowernap</string>
<string>com.apple.biomesyncd.realTimeSession</string>
<string>com.apple.sessionservices</string>
<string>aps-connection-initiate</string>
<string>com.apple.mobileassetd.v2</string>
<string>com.apple.HearingApp</string>
</array>
<key>com.apple.security.exception.shared-preference.read-only</key>
<array>
<string>com.apple.appstored</string>
<string>com.apple.itunesstored</string>
<string>com.apple.suggestions</string>
</array>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>AGXCommandQueue</string>
<string>AGXDevice</string>
<string>AGXDeviceUserClient</string>
<string>AGXSharedUserClient</string>
<string>AppleCredentialManagerUserClient</string>
<string>AppleJPEGDriverUserClient</string>
<string>ApplePPMUserClient</string>
<string>AppleSPUHIDDeviceUserClient</string>
<string>AppleSPUHIDDriverUserClient</string>
<string>IOAccelContext</string>
<string>IOAccelContext2</string>
<string>IOAccelDevice</string>
<string>IOAccelDevice2</string>
<string>IOAccelSharedUserClient</string>
<string>IOAccelSharedUserClient2</string>
<string>IOAccelSubmitter2</string>
<string>IOHIDEventServiceFastPathUserClient</string>
<string>IOHIDLibUserClient</string>
<string>IOMobileFramebufferUserClient</string>
<string>IOReportUserClient</string>
<string>IOSurfaceAcceleratorClient</string>
<string>IOSurfaceRootUserClient</string>
<string>RootDomainUserClient</string>
<string>IOGPUDeviceUserClient</string>
</array>
<key>com.apple.security.system-container</key>
<true/>
<key>com.apple.security.system-groups</key>
<array>
<string>systemgroup.com.apple.sharedpclogging</string>
<string>systemgroup.com.apple.regulatory_images</string>
<string>systemgroup.com.apple.userimagecache</string>
</array>
<key>com.apple.seld.tsmamnager</key>
<true/>
<key>com.apple.seserviced.key</key>
<true/>
<key>com.apple.seserviced.kmlXpcService</key>
<true/>
<key>com.apple.sharing.Client</key>
<true/>
<key>com.apple.sharing.CoordinatedAlerts</key>
<true/>
<key>com.apple.sharing.Diagnostics</key>
<true/>
<key>com.apple.sharing.Session</key>
<true/>
<key>com.apple.siri.VoiceShortcuts.xpc</key>
<true/>
<key>com.apple.siri.activation.assertion</key>
<true/>
<key>com.apple.siri.activation.button-event.listener</key>
<true/>
<key>com.apple.siri.activation.service</key>
<true/>
<key>com.apple.siri.client_lite</key>
<true/>
<key>com.apple.siri.external_request</key>
<true/>
<key>com.apple.sos.trigger</key>
<true/>
<key>com.apple.soundscapes.picker</key>
<true/>
<key>com.apple.splashboard.launch-image-capture</key>
<true/>
<key>com.apple.springboard-ui.client</key>
<true/>
<key>com.apple.springboard.activateRemoteAlert</key>
<true/>
<key>com.apple.springboard.activateawayviewplugins</key>
<true/>
<key>com.apple.springboard.allowallcallurls</key>
<true/>
<key>com.apple.springboard.application-removability.proxy</key>
<true/>
<key>com.apple.springboard.display-lookup</key>
<true/>
<key>com.apple.springboard.lockScreenContentAssertion</key>
<true/>
<key>com.apple.springboard.multiwindow.triggerShowAllWindows</key>
<true/>
<key>com.apple.springboard.opensensitiveurl</key>
<true/>
<key>com.apple.springboard.openurlswhenlocked</key>
<true/>
<key>com.apple.springboard.setbadgestring</key>
<true/>
<key>com.apple.springboard.shortcutitems.fullaccess</key>
<true/>
<key>com.apple.springboard.statusbarstyleoverrides</key>
<true/>
<key>com.apple.springboard.statusbarstyleoverrides.coordinator</key>
<array>
<string>UIStatusBarStyleOverrideAutoAirPlayReady</string>
<string>UIStatusBarStyleOverrideAutoAirPlayPlaying</string>
</array>
<key>com.apple.symptom_analytics.query</key>
<true/>
<key>com.apple.symptom_analytics.refresh</key>
<true/>
<key>com.apple.symptoms.NetworkOfInterest</key>
<true/>
<key>com.apple.telephonyutilities.callservicesd</key>
<array>
<string>access-calls</string>
<string>modify-calls</string>
<string>access-call-providers</string>
<string>access-moments</string>
</array>
<key>com.apple.timed</key>
<true/>
<key>com.apple.trial.client</key>
<array>
<string>962</string>
</array>
<key>com.apple.tzlink.allow</key>
<true/>
<key>com.apple.ui-services-discovery</key>
<true/>
<key>com.apple.videoconference.allow-conferencing</key>
<true/>
<key>com.apple.visualvoicemail.client</key>
<true/>
<key>com.apple.voiceservices.tts.customvoice</key>
<true/>
<key>com.apple.voicetrigger.voicetriggerservice</key>
<true/>
<key>com.apple.wallet.banner</key>
<true/>
<key>com.apple.watchlist.private</key>
<true/>
<key>com.apple.wifi.manager-access</key>
<true/>
<key>com.apple.wipedevice</key>
<true/>
<key>fairplay-client</key>
<string>1172857363</string>
<key>keychain-access-groups</key>
<array>
<string>apple</string>
<string>com.apple.preferences</string>
</array>
<key>vm-pressure-level</key>
<true/>
</dict>
</plist>
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEntsBedtime.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>platform-application</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
<key>allow-obliterate-device</key>
<true/>
<key>application-identifier</key>
<string>com.apple.springboard</string>
<key>aps-connection-initiate</key>
<true/>
<key>backupd-connection-initiate</key>
<true/>
<key>checklessPersistentURLTranslation</key>
<true/>
<key>com.apple.BTServer.allowRestrictedServices</key>
<true/>
<key>com.apple.BTServer.programmaticPairing</key>
<true/>
<key>com.apple.CallHistory.sync.allow</key>
<true/>
<key>com.apple.CommCenter.StormBreaker</key>
<true/>
<key>com.apple.CommCenter.fine-grained</key>
<array>
<string>spi</string>
<string>preferences-reset</string>
<string>voice</string>
<string>identity</string>
<string>phone</string>
<string>carrier-settings</string>
</array>
<key>com.apple.CompanionLink</key>
<true/>
<key>com.apple.Contacts.database-allow</key>
<true/>
<key>com.apple.CoreRoutine.LocationOfInterest</key>
<true/>
<key>com.apple.MobileInternetSharing.allow</key>
<true/>
<key>com.apple.ModeEntityScorer</key>
<true/>
<key>com.apple.Pasteboard.trusted-authentication-message-request</key>
<true/>
<key>com.apple.PerformanceTrace.Tracing</key>
<true/>
<key>com.apple.QuartzCore.cache-asynchronous</key>
<true/>
<key>com.apple.QuartzCore.debug</key>
<true/>
<key>com.apple.QuartzCore.displayable-context</key>
<true/>
<key>com.apple.QuartzCore.flipbook</key>
<true/>
<key>com.apple.QuartzCore.global-capture</key>
<true/>
<key>com.apple.QuartzCore.occlusion-override</key>
<true/>
<key>com.apple.QuartzCore.secure-capture</key>
<true/>
<key>com.apple.QuartzCore.secure-mode</key>
<true/>
<key>com.apple.QuartzCore.system-layers</key>
<true/>
<key>com.apple.SystemConfiguration.SCDynamicStore-write-access</key>
<true/>
<key>com.apple.SystemConfiguration.SCPreferences-write-access</key>
<array>
<string>com.apple.AutoWake.xml</string>
<string>preferences.plist</string>
<string>com.apple.radios.plist</string>
</array>
<key>com.apple.TapToRadarKit.service-access</key>
<true/>
<key>com.apple.abm.helper.mobile.allow</key>
<true/>
<key>com.apple.accounts.appleaccount.fullaccess</key>
<true/>
<key>com.apple.assistant.announcement_state</key>
<true/>
<key>com.apple.assistant.client</key>
<true/>
<key>com.apple.assistant.settings</key>
<true/>
<key>com.apple.authkit.client.private</key>
<true/>
<key>com.apple.authkit.writer.internal</key>
<true/>
<key>com.apple.avfoundation.allow-identifying-output-device-details</key>
<true/>
<key>com.apple.avfoundation.allow-still-image-capture-shutter-sound-manipulation</key>
<true/>
<key>com.apple.avfoundation.allow-system-wide-context</key>
<true/>
<key>com.apple.avfoundation.allows-access-to-device-list</key>
<true/>
<key>com.apple.avfoundation.allows-set-output-device</key>
<true/>
<key>com.apple.backboard.client</key>
<true/>
<key>com.apple.backboard.display.archive</key>
<true/>
<key>com.apple.backboard.displaybrightness</key>
<true/>
<key>com.apple.backboardd.cancelsTouchesInHostedContent</key>
<true/>
<key>com.apple.backboardd.displayArrangement</key>
<true/>
<key>com.apple.backboardd.eventAuthenticationVerification</key>
<true/>
<key>com.apple.backboardd.global-pointer-event-routing</key>
<true/>
<key>com.apple.backboardd.hostCanRequireTouchesFromHostedContent</key>
<true/>
<key>com.apple.backboardd.lastUserEventTime</key>
<true/>
<key>com.apple.backboardd.launchapplications</key>
<true/>
<key>com.apple.backboardd.pointerAutomation</key>
<true/>
<key>com.apple.backboardd.pointerRepositioning</key>
<true/>
<key>com.apple.backboardd.touchDeliveryObservation</key>
<true/>
<key>com.apple.backboardd.transferTouches</key>
<true/>
<key>com.apple.backboardd.virtualDisplay</key>
<true/>
<key>com.apple.bannerkit.post</key>
<true/>
<key>com.apple.biome.PublicStreamAccessService</key>
<true/>
<key>com.apple.bluetooth.system</key>
<true/>
<key>com.apple.bulletinboard</key>
<true/>
<key>com.apple.bulletinboard.dataprovider</key>
<true/>
<key>com.apple.bulletinboard.observer</key>
<true/>
<key>com.apple.bulletinboard.serverconduit</key>
<true/>
<key>com.apple.bulletinboard.settings</key>
<true/>
<key>com.apple.bulletinboard.systemstate</key>
<true/>
<key>com.apple.bulletinboard.utilities</key>
<true/>
<key>com.apple.cards.all-access</key>
<true/>
<key>com.apple.chronod.toolservices</key>
<true/>
<key>com.apple.chronoservices</key>
<true/>
<key>com.apple.coreaudio.CanRecordPastData</key>
<true/>
<key>com.apple.coreaudio.allow-amr-decode</key>
<true/>
<key>com.apple.coreaudio.allow-opus-codec</key>
<true/>
<key>com.apple.coreaudio.allow-speex-codec</key>
<true/>
<key>com.apple.coreduetd.allow</key>
<true/>
<key>com.apple.coreduetd.batterysaver.allow</key>
<true/>
<key>com.apple.coreduetd.context</key>
<true/>
<key>com.apple.coreduetd.knowledge</key>
<true/>
<key>com.apple.coremedia.allow-pre-wiring-pixel-buffers</key>
<true/>
<key>com.apple.coremedia.allow-protected-content-playback</key>
<true/>
<key>com.apple.coremedia.virtualdisplaysession</key>
<true/>
<key>com.apple.developer.extension-host.widget-extension</key>
<true/>
<key>com.apple.developer.homekit</key>
<true/>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>com.apple.springboard</string>
<key>com.apple.duet.activityscheduler.allow</key>
<true/>
<key>com.apple.duet.expertcenter.consumer</key>
<true/>
<key>com.apple.extensionkit.host.extension-point-identifiers</key>
<array>
<string>com.apple.SoundScapesViewServices.ViewService</string>
</array>
<key>com.apple.fileprovider.acl-write</key>
<true/>
<key>com.apple.fileprovider.enumerate</key>
<true/>
<key>com.apple.fileprovider.fetch-url</key>
<true/>
<key>com.apple.frontboard.app-badge-value-access</key>
<true/>
<key>com.apple.frontboard.launchapplications</key>
<true/>
<key>com.apple.frontboard.shutdown</key>
<true/>
<key>com.apple.frontboardservices.display-layout-monitor</key>
<true/>
<key>com.apple.geoservices.navigation_info</key>
<true/>
<key>com.apple.homekit.private-spi-access</key>
<true/>
<key>com.apple.iapd.accessibility</key>
<true/>
<key>com.apple.icloud.findmydeviced.access</key>
<true/>
<key>com.apple.icloud.findmydeviced.findmydevice-user-agent.access</key>
<true/>
<key>com.apple.icloud.fmfd.access</key>
<true/>
<key>com.apple.icloud.searchpartyd.beaconmanager</key>
<true/>
<key>com.apple.idle-timer-services</key>
<true/>
<key>com.apple.imagent</key>
<true/>
<key>com.apple.imagent.av</key>
<true/>
<key>com.apple.imagent.chat</key>
<true/>
<key>com.apple.intents.extension.discovery</key>
<true/>
<key>com.apple.intents.uiextension.discovery</key>
<true/>
<key>com.apple.internal.seserviced.all.endpoints.and.cas</key>
<true/>
<key>com.apple.internal.seserviced.ptattestation</key>
<true/>
<key>com.apple.itunesstored.private</key>
<true/>
<key>com.apple.keystore.device</key>
<true/>
<key>com.apple.keystore.lockassertion</key>
<true/>
<key>com.apple.keystore.stash.access</key>
<true/>
<key>com.apple.launchservices.clearadvertisingid</key>
<true/>
<key>com.apple.localizationswitcher</key>
<true/>
<key>com.apple.locationd.activity</key>
<true/>
<key>com.apple.locationd.asmanager</key>
<true/>
<key>com.apple.locationd.authorizeapplications</key>
<true/>
<key>com.apple.locationd.effective_bundle</key>
<true/>
<key>com.apple.locationd.motion_alarms</key>
<true/>
<key>com.apple.locationd.place_inference</key>
<true/>
<key>com.apple.locationd.prompt_behavior</key>
<true/>
<key>com.apple.locationd.region_proxy_service</key>
<true/>
<key>com.apple.locationd.status</key>
<true/>
<key>com.apple.locationd.usage_oracle</key>
<true/>
<key>com.apple.locationd.vehicle_data</key>
<true/>
<key>com.apple.logind.client.entitlement</key>
<true/>
<key>com.apple.lsapplicationproxy.deviceidentifierforvendor</key>
<true/>
<key>com.apple.managedconfiguration.mdmd-access</key>
<true/>
<key>com.apple.managedconfiguration.profiled-access</key>
<true/>
<key>com.apple.mediaremote.ui-control</key>
<true/>
<key>com.apple.mediastream.mstreamd-access</key>
<true/>
<key>com.apple.messages.composeclient</key>
<true/>
<key>com.apple.mkb.usersession.info</key>
<true/>
<key>com.apple.mkb.usersession.loginwindow</key>
<true/>
<key>com.apple.mobile.deleted.AllowFreeSpace</key>
<true/>
<key>com.apple.mobile.keybagd.UserManager.logoutcritical</key>
<true/>
<key>com.apple.mobilemail.mailservices</key>
<true/>
<key>com.apple.multitasking.systemappassertions</key>
<true/>
<key>com.apple.multitasking.termination</key>
<true/>
<key>com.apple.nano.nanoregistry.generalaccess</key>
<true/>
<key>com.apple.nfcd.hwmanager</key>
<true/>
<key>com.apple.nfcd.radio.powertoggle</key>
<true/>
<key>com.apple.nfcd.seshat</key>
<true/>
<key>com.apple.nfcd.session.ecommerce</key>
<true/>
<key>com.apple.nfcd.session.fieldOperations</key>
<true/>
<key>com.apple.nfcd.session.peerpayment</key>
<true/>
<key>com.apple.nfcd.session.reader.internal</key>
<true/>
<key>com.apple.nfcd.session.se</key>
<true/>
<key>com.apple.nfcd.session.trust</key>
<true/>
<key>com.apple.nfcd.singleUser</key>
<true/>
<key>com.apple.notificationcenter.widgetcontrollerhascontent</key>
<true/>
<key>com.apple.osanalytics.otatasking-service-access</key>
<true/>
<key>com.apple.payment.configuration</key>
<true/>
<key>com.apple.payment.presentation</key>
<true/>
<key>com.apple.photos.bourgeoisie</key>
<true/>
<key>com.apple.pointerui.persistentlyHidePointer</key>
<true/>
<key>com.apple.pointerui.service-keep-alive-assertion</key>
<true/>
<key>com.apple.pointerui.set-system-cursor-interaction-context</key>
<true/>
<key>com.apple.posterboardservices.data-store</key>
<true/>
<key>com.apple.posterboardservices.data-store.accessSwitcherConfiguration</key>
<true/>
<key>com.apple.powerd.lowpowermode.allow</key>
<true/>
<key>com.apple.private.CallHistory.read</key>
<true/>
<key>com.apple.private.ClipServices</key>
<true/>
<key>com.apple.private.CoreAuthentication.SPI</key>
<true/>
<key>com.apple.private.InstallCoordination.allowed</key>
<true/>
<key>com.apple.private.MobileContainerManager.otherIdLookup</key>
<true/>
<key>com.apple.private.MobileGestalt.AllowedProtectedKeys</key>
<array>
<string>InverseDeviceID</string>
</array>
<key>com.apple.private.ReplayKitAngel.client</key>
<true/>
<key>com.apple.private.SafariServices.PasswordPicker.setRemoteAppProperties</key>
<true/>
<key>com.apple.private.ShazamKit</key>
<true/>
<key>com.apple.private.WebClips.read-write</key>
<true/>
<key>com.apple.private.accessories.showallconnections</key>
<true/>
<key>com.apple.private.accounts.allaccounts</key>
<true/>
<key>com.apple.private.activitykit.activityAuthorizer</key>
<true/>
<key>com.apple.private.activitykit.activityEnder</key>
<false/>
<key>com.apple.private.activitykit.alertPresenter</key>
<false/>
<key>com.apple.private.activitykit.assertionRequester</key>
<false/>
<key>com.apple.private.activitykit.listener</key>
<false/>
<key>com.apple.private.activitykit.presentationAssertionRequester</key>
<false/>
<key>com.apple.private.activitykit.prominenceObserver</key>
<false/>
<key>com.apple.private.airdrop.settings</key>
<true/>
<key>com.apple.private.appleaccount.app-hidden-from-icloud-settings</key>
<true/>
<key>com.apple.private.applecredentialmanager.allow</key>
<true/>
<key>com.apple.private.appstored</key>
<array>
<string>Repair</string>
<string>TestFlightFeedback</string>
<string>StoreKitExternalNotification</string>
<string>Update</string>
</array>
<key>com.apple.private.assets.accessible-asset-types</key>
<array>
<string>com.apple.MobileAsset.DuetExpertCenterAsset</string>
</array>
<key>com.apple.private.attentionawareness</key>
<true/>
<key>com.apple.private.attentionawareness.poll</key>
<true/>
<key>com.apple.private.attribution.implicitly-assumed-identity</key>
<dict>
<key>type</key>
<string>path</string>
<key>value</key>
<string>/System/Library/CoreServices/SpringBoard.app/SpringBoard</string>
</dict>
<key>com.apple.private.barcodesupport.allowNotifications</key>
<true/>
<key>com.apple.private.biome.read-only</key>
<array>
<string>AppLaunch</string>
<string>InferredMode</string>
<string>Notification</string>
<string>ScreenSharing</string>
<string>HomeKitClientAccessoryControl</string>
<string>HomeKitClientMediaAccessoryControl</string>
<string>HomeKitClientActionSet</string>
</array>
<key>com.apple.private.biome.read-write</key>
<array>
<string>SiriUI</string>
<string>Device.Display.Appearance</string>
<string>Device.Display.AlwaysOn</string>
<string>OSAnalytics.Hardware.Reliability</string>
</array>
<key>com.apple.private.biome.realTimeSensorSession</key>
<true/>
<key>com.apple.private.bmk.allow</key>
<true/>
<key>com.apple.private.calendar.allow-suggestions</key>
<true/>
<key>com.apple.private.canGetAppLinkInfo</key>
<true/>
<key>com.apple.private.canModifyAppLinkPermissions</key>
<true/>
<key>com.apple.private.carkit</key>
<true/>
<key>com.apple.private.carkit.app</key>
<true/>
<key>com.apple.private.carkit.dnd</key>
<true/>
<key>com.apple.private.clouddocs.can-grant-access-to-document</key>
<true/>
<key>com.apple.private.contactsui</key>
<true/>
<key>com.apple.private.coordination.alarms</key>
<true/>
<key>com.apple.private.coordination.timers</key>
<true/>
<key>com.apple.private.coreaudio.borrowaudiosession.allow</key>
<true/>
<key>com.apple.private.coreaudio.mxsessionPropertyPipe</key>
<true/>
<key>com.apple.private.coremedia.interruptions.phonecallpriority.allow</key>
<true/>
<key>com.apple.private.corerecents</key>
<true/>
<key>com.apple.private.coreservices.canmaplsdatabase</key>
<true/>
<key>com.apple.private.coreservices.canopenactivity</key>
<true/>
<key>com.apple.private.coreservices.lsuseractivityd.bestappsuggestion</key>
<true/>
<key>com.apple.private.corespotlight.internal</key>
<true/>
<key>com.apple.private.corespotlight.search.internal</key>
<true/>
<key>com.apple.private.corewifi.internal</key>
<true/>
<key>com.apple.private.dmd.policy</key>
<true/>
<key>com.apple.private.donotdisturb.behavior.resolution.client-identifiers</key>
<array>
<string>com.apple.springboard.SBBulletinSpokenObserverGateway</string>
<string>com.apple.springboard.NCBulletinNotificationSource</string>
</array>
<key>com.apple.private.donotdisturb.mode.assertion.client-identifiers</key>
<array>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.focus.activity-manager</string>
</array>
<key>com.apple.private.donotdisturb.mode.assertion.user-requested.client-identifiers</key>
<array>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.focus.activity-manager</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.modify.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.NCModeManager</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.request.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.proactive.AppPredictionClient</string>
<string>com.apple.springboard.focusappconfigurationcontextmonitor</string>
</array>
<key>com.apple.private.donotdisturb.modeconfiguration.updates.client-identifiers</key>
<array>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.focussettingsui.activity-config</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.proactive.AppPredictionClient</string>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.focusappconfigurationcontextmonitor</string>
<string>com.apple.FocusSettings</string>
</array>
<key>com.apple.private.donotdisturb.settings.request.client-identifiers</key>
<array>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.proactive.AppPredictionClient</string>
</array>
<key>com.apple.private.donotdisturb.settings.updates.client-identifiers</key>
<array>
<string>com.apple.springboard.donotdisturb.notifications</string>
</array>
<key>com.apple.private.donotdisturb.state.request.client-identifiers</key>
<array>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.SBDashBoardCombinedListViewController</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.awdmetrics</string>
<string>com.apple.springboard.dashboard.bedtime</string>
<string>com.apple.accessibility.visual.alerts</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.springboard.SBDoNotDisturbMetric</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.dndstatemonitor</string>
<string>com.apple.springboard.CoverSheetDiscoveryProvider</string>
</array>
<key>com.apple.private.donotdisturb.state.updates.client-identifiers</key>
<array>
<string>com.apple.springboard.SBIconController</string>
<string>com.apple.springboard.SBDashBoardCombinedListViewController</string>
<string>com.apple.donotdisturb.control-center.module</string>
<string>com.apple.springboard.donotdisturb.notifications</string>
<string>com.apple.springboard.donotdisturb.awdmetrics</string>
<string>com.apple.springboard.dashboard.bedtime</string>
<string>com.apple.accessibility.visual.alerts</string>
<string>com.apple.springboard.donotdisturb.hid</string>
<string>com.apple.springboard.SBDoNotDisturbMetric</string>
<string>com.apple.focus.activity-manager</string>
<string>com.apple.springboard.NCModeManager</string>
<string>com.apple.springboard.dndstatemonitor</string>
<string>com.apple.springboard.CoverSheetDiscoveryProvider</string>
</array>
<key>com.apple.private.externalaccessory.showallaccessories</key>
<true/>
<key>com.apple.private.followup</key>
<true/>
<key>com.apple.private.game-center</key>
<array>
<string>Account</string>
<string>Games</string>
</array>
<key>com.apple.private.game-center.bypass-authentication</key>
<true/>
<key>com.apple.private.healthkit</key>
<true/>
<key>com.apple.private.healthkit.feature-availability.read</key>
<array>
<string>SleepCoaching</string>
</array>
<key>com.apple.private.healthkit.read_authorization_override</key>
<array>
<string>HKCategoryTypeIdentifierSleepAnalysis</string>
</array>
<key>com.apple.private.healthkit.source_override</key>
<string>com.apple.mobiletimer</string>
<key>com.apple.private.healthkit.write_authorization_override</key>
<array>
<string>HKCategoryTypeIdentifierSleepAnalysis</string>
</array>
<key>com.apple.private.hid.client.event-dispatch</key>
<true/>
<key>com.apple.private.hid.client.service-protected</key>
<true/>
<key>com.apple.private.hid.manager.client</key>
<true/>
<key>com.apple.private.homekit</key>
<true/>
<key>com.apple.private.homekit.allow-secure-access</key>
<true/>
<key>com.apple.private.icfcallserver</key>
<true/>
<key>com.apple.private.ids.idsquery</key>
<true/>
<key>com.apple.private.ids.messaging</key>
<array>
<string>com.apple.private.alloy.bulletinboard</string>
<string>com.apple.private.alloy.donotdisturb</string>
<string>com.apple.madrid</string>
<string>com.apple.private.alloy.siri.phrasespotter</string>
</array>
<key>com.apple.private.ids.messaging.urgent-priority</key>
<array>
<string>com.apple.private.alloy.bulletinboard</string>
<string>com.apple.private.alloy.donotdisturb</string>
<string>com.apple.private.alloy.siri.phrasespotter</string>
</array>
<key>com.apple.private.ids.registration-reset</key>
<true/>
<key>com.apple.private.imavcore.imavagent</key>
<true/>
<key>com.apple.private.imcore.imdpersistence.database-access</key>
<true/>
<key>com.apple.private.imcore.imremoteurlconnection</key>
<true/>
<key>com.apple.private.imcore.spi.database-access</key>
<true/>
<key>com.apple.private.in-app-payments</key>
<true/>
<key>com.apple.private.iokit.powersource-control</key>
<true/>
<key>com.apple.private.kernel.darkboot</key>
<true/>
<key>com.apple.private.kernel.jetsam</key>
<true/>
<key>com.apple.private.librarian.can-get-application-info</key>
<true/>
<key>com.apple.private.lockdown.finegrained-get</key>
<array>
<string>NULL/ActivationState</string>
<string>NULL/BrickState</string>
<string>NULL/SBLockdownEverRegisteredKey</string>
<string>com.apple.xcode.developerdomain/DeveloperStatus</string>
<string>NULL/BuildExpireTime</string>
</array>
<key>com.apple.private.lockdown.finegrained-remove</key>
<array>
<string>com.apple.mobile.iTunes.store/AppleID</string>
<string>com.apple.mobile.data_sync/Contacts</string>
<string>com.apple.mobile.data_sync/Calendars</string>
<string>com.apple.mobile.data_sync/Bookmarks</string>
<string>com.apple.mobile.data_sync/Mail Accounts</string>
</array>
<key>com.apple.private.mediaexperience.allowemergencyalertpriority</key>
<true/>
<key>com.apple.private.mediasafetynet.exception.notificationappex</key>
<true/>
<key>com.apple.private.mis.online_auth_agent</key>
<true/>
<key>com.apple.private.mobileinstall.allowedSPI</key>
<array>
<string>UninstallForLaunchServices</string>
<string>SetCapabilities</string>
<string>Lookup</string>
</array>
<key>com.apple.private.mobilesafari.searchengine</key>
<true/>
<key>com.apple.private.mobilestoredemo.enabledemo</key>
<array>
<string>Manage</string>
</array>
<key>com.apple.private.mobiletimerd</key>
<true/>
<key>com.apple.private.nearbyinteraction.system-shutdown</key>
<true/>
<key>com.apple.private.network.socket-delegate</key>
<true/>
<key>com.apple.private.networkextension.configuration</key>
<true/>
<key>com.apple.private.persona.read</key>
<true/>
<key>com.apple.private.photos.service.demo</key>
<true/>
<key>com.apple.private.photos.service.multilibrary</key>
<true/>
<key>com.apple.private.ppm.superclient</key>
<true/>
<key>com.apple.private.replay-kit</key>
<true/>
<key>com.apple.private.rtcreportingd</key>
<true/>
<key>com.apple.private.screen-time</key>
<true/>
<key>com.apple.private.security.container-manager</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>
<key>com.apple.private.security.storage.Calendar</key>
<true/>
<key>com.apple.private.security.storage.Photos</key>
<true/>
<key>com.apple.private.security.storage.clipserviced</key>
<true/>
<key>com.apple.private.security.storage.familycircled</key>
<true/>
<key>com.apple.private.security.storage.triald</key>
<true/>
<key>com.apple.private.sessionkit.alertPresenter</key>
<true/>
<key>com.apple.private.sessionkit.assertionRequester</key>
<true/>
<key>com.apple.private.sessionkit.custom-platter-target</key>
<true/>
<key>com.apple.private.sessionkit.listener</key>
<true/>
<key>com.apple.private.sessionkit.permitMultipleProcessInputs</key>
<true/>
<key>com.apple.private.sessionkit.presentationAssertionRequester</key>
<true/>
<key>com.apple.private.sessionkit.prominenceObserver</key>
<true/>
<key>com.apple.private.sessionkit.sessionFinisher</key>
<true/>
<key>com.apple.private.sessionkit.sessionRequest</key>
<true/>
<key>com.apple.private.sharing.unlock-manager</key>
<true/>
<key>com.apple.private.shazamkit.allow-external-audio-recording</key>
<true/>
<key>com.apple.private.shazamkit.allow-internal-audio-recording</key>
<true/>
<key>com.apple.private.sleepd</key>
<true/>
<key>com.apple.private.suggestions.contacts</key>
<true/>
<key>com.apple.private.suggestions.events</key>
<true/>
<key>com.apple.private.system-keychain</key>
<true/>
<key>com.apple.private.tcc.allow</key>
<array>
<string>kTCCServiceAddressBook</string>
<string>kTCCServiceCalendar</string>
<string>kTCCServiceReminders</string>
<string>kTCCServicePhotos</string>
<string>kTCCServicePhotosAdd</string>
<string>kTCCServiceMediaLibrary</string>
<string>kTCCServiceMicrophone</string>
<string>kTCCServiceCamera</string>
<string>kTCCServiceWillow</string>
<string>kTCCServiceFaceID</string>
<string>kTCCServiceBluetoothAlways</string>
</array>
<key>com.apple.private.tcc.manager.access.read</key>
<array>
<string>kTCCServiceFocusStatus</string>
</array>
<key>com.apple.private.tipsd.discoverability</key>
<true/>
<key>com.apple.private.tty.settings</key>
<true/>
<key>com.apple.private.ubiquity-kvstore-access</key>
<array>
<string>com.apple.weather</string>
<string>com.apple.stocks</string>
<string>com.apple.backboardd</string>
<string>com.apple.Accessibility</string>
<string>com.apple.Accessibility.SwitchControl</string>
<string>com.apple.Accessibility.TouchAccommodations</string>
<string>com.apple.AssistiveTouch</string>
<string>com.apple.HearingAids</string>
<string>com.apple.SpeakSelection</string>
<string>com.apple.VoiceOverTouch</string>
<string>com.apple.ZoomTouch</string>
</array>
<key>com.apple.private.usernotifications.bundle-identifiers</key>
<array>
<string>com.apple.donotdisturb</string>
<string>com.apple.mobiletimer</string>
<string>com.apple.usernotifications.example</string>
</array>
<key>com.apple.private.usernotifications.settings</key>
<array>
<string>read</string>
</array>
<key>com.apple.private.vfs.allow-low-space-writes</key>
<true/>
<key>com.apple.private.vfs.open-by-id</key>
<true/>
<key>com.apple.private.wallpaperkit.service.migration</key>
<true/>
<key>com.apple.private.xpc.launchd.app-server</key>
<true/>
<key>com.apple.proactive.ActionPrediction.predictions</key>
<true/>
<key>com.apple.proactive.AppPrediction.predictions</key>
<true/>
<key>com.apple.proactive.DefaultWidgetSuggester</key>
<true/>
<key>com.apple.proactive.NotificationDigest.xpc</key>
<true/>
<key>com.apple.proactive.ProactiveSuggestionClientModel.xpc</key>
<true/>
<key>com.apple.proactive.SuggestedPages</key>
<true/>
<key>com.apple.proactive.UserEducationSuggestion.server-listener.xpc</key>
<true/>
<key>com.apple.proactive.appDirectory</key>
<true/>
<key>com.apple.proactive.eventtracker</key>
<true/>
<key>com.apple.proactive.hero.AppPrediction.predictions</key>
<true/>
<key>com.apple.proactive.infoSuggestion.xpc</key>
<true/>
<key>com.apple.purplebuddy.budd.access</key>
<true/>
<key>com.apple.remotenotification.access</key>
<true/>
<key>com.apple.remotenotification.preferences</key>
<true/>
<key>com.apple.rootless.storage.com.apple.MobileAsset.DuetExpertCenterAsset</key>
<true/>
<key>com.apple.rootless.storage.coreduet_knowledge_store</key>
<true/>
<key>com.apple.rootless.storage.proactivepredictions</key>
<true/>
<key>com.apple.runningboard.hereditarygrantoriginator</key>
<true/>
<key>com.apple.runningboard.posterkit.host</key>
<true/>
<key>com.apple.runningboard.primitiveattribute</key>
<true/>
<key>com.apple.runningboard.process-state</key>
<true/>
<key>com.apple.runningboard.request.identity</key>
<true/>
<key>com.apple.runningboard.terminateprocess</key>
<true/>
<key>com.apple.runningboard.underlyingassertion</key>
<true/>
<key>com.apple.securebackupd.access</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.apple.weather</string>
<string>group.com.apple.stocks</string>
<string>com.apple.Home.group</string>
</array>
<key>com.apple.security.enterprise-volume-access</key>
<true/>
<key>com.apple.security.exception.files.absolute-path.read-only</key>
<array>
<string>/private/var/mobile/Library/Trial/NamespaceDescriptors/</string>
<string>/private/var/mobile/Library/Trial/Treatments/180/</string>
</array>
<key>com.apple.security.exception.mach-lookup.global-name</key>
<array>
<string>com.apple.sirittsd</string>
<string>com.apple.proactive.UserEducationSuggestion.server-listener.xpc</string>
<string>com.apple.Photos.MultiLibrary</string>
<string>com.apple.abm.helper.mobile</string>
<string>com.apple.siri.activation.service</string>
<string>com.apple.springboard.SBRendererService</string>
<string>com.apple.appstored.xpc</string>
<string>com.apple.appstored.xpc.request</string>
<string>com.apple.PointerUI.pointeruid.service-launching</string>
<string>com.apple.proactive.appDirectory</string>
<string>com.apple.CarPlayApp.service</string>
<string>com.apple.sleepd.sleepserver</string>
<string>com.apple.donotdisturb.service</string>
<string>com.apple.coordination.alarms</string>
<string>com.apple.coordination.timers</string>
<string>com.apple.tipsd</string>
<string>com.apple.ModeEntityScorer</string>
<string>com.apple.proactive.NotificationDigest.xpc</string>
<string>com.apple.assistant.announcement_state.service</string>
<string>com.apple.icloud.searchpartyd.beaconmanager</string>
<string>com.apple.server.bluetooth.general.xpc</string>
<string>com.apple.powerd.smartpowernap</string>
<string>com.apple.biomesyncd.realTimeSession</string>
<string>com.apple.sessionservices</string>
<string>aps-connection-initiate</string>
<string>com.apple.mobileassetd.v2</string>
<string>com.apple.HearingApp</string>
</array>
<key>com.apple.security.exception.shared-preference.read-only</key>
<array>
<string>com.apple.appstored</string>
<string>com.apple.itunesstored</string>
<string>com.apple.suggestions</string>
</array>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
</array>
<key>com.apple.security.system-container</key>
<true/>
<key>com.apple.security.system-groups</key>
<array>
<string>systemgroup.com.apple.sharedpclogging</string>
<string>systemgroup.com.apple.regulatory_images</string>
<string>systemgroup.com.apple.userimagecache</string>
</array>
<key>com.apple.seld.tsmamnager</key>
<true/>
<key>com.apple.seserviced.key</key>
<true/>
<key>com.apple.seserviced.kmlXpcService</key>
<true/>
<key>com.apple.sharing.Client</key>
<true/>
<key>com.apple.sharing.CoordinatedAlerts</key>
<true/>
<key>com.apple.sharing.Diagnostics</key>
<true/>
<key>com.apple.sharing.Session</key>
<true/>
<key>com.apple.siri.VoiceShortcuts.xpc</key>
<true/>
<key>com.apple.siri.activation.assertion</key>
<true/>
<key>com.apple.siri.activation.button-event.listener</key>
<true/>
<key>com.apple.siri.activation.service</key>
<true/>
<key>com.apple.siri.client_lite</key>
<true/>
<key>com.apple.siri.external_request</key>
<true/>
<key>com.apple.sos.trigger</key>
<true/>
<key>com.apple.soundscapes.picker</key>
<true/>
<key>com.apple.splashboard.launch-image-capture</key>
<true/>
<key>com.apple.springboard-ui.client</key>
<true/>
<key>com.apple.springboard.activateRemoteAlert</key>
<true/>
<key>com.apple.springboard.activateawayviewplugins</key>
<true/>
<key>com.apple.springboard.allowallcallurls</key>
<true/>
<key>com.apple.springboard.application-removability.proxy</key>
<true/>
<key>com.apple.springboard.display-lookup</key>
<true/>
<key>com.apple.springboard.lockScreenContentAssertion</key>
<true/>
<key>com.apple.springboard.multiwindow.triggerShowAllWindows</key>
<true/>
<key>com.apple.springboard.opensensitiveurl</key>
<true/>
<key>com.apple.springboard.openurlswhenlocked</key>
<true/>
<key>com.apple.springboard.setbadgestring</key>
<true/>
<key>com.apple.springboard.shortcutitems.fullaccess</key>
<true/>
<key>com.apple.springboard.statusbarstyleoverrides</key>
<true/>
<key>com.apple.springboard.statusbarstyleoverrides.coordinator</key>
<array>
<string>UIStatusBarStyleOverrideAutoAirPlayReady</string>
<string>UIStatusBarStyleOverrideAutoAirPlayPlaying</string>
</array>
<key>com.apple.symptom_analytics.query</key>
<true/>
<key>com.apple.symptom_analytics.refresh</key>
<true/>
<key>com.apple.symptoms.NetworkOfInterest</key>
<true/>
<key>com.apple.telephonyutilities.callservicesd</key>
<array>
<string>access-calls</string>
<string>modify-calls</string>
<string>access-call-providers</string>
<string>access-moments</string>
</array>
<key>com.apple.timed</key>
<true/>
<key>com.apple.trial.client</key>
<array>
<string>962</string>
</array>
<key>com.apple.tzlink.allow</key>
<true/>
<key>com.apple.ui-services-discovery</key>
<true/>
<key>com.apple.videoconference.allow-conferencing</key>
<true/>
<key>com.apple.visualvoicemail.client</key>
<true/>
<key>com.apple.voiceservices.tts.customvoice</key>
<true/>
<key>com.apple.voicetrigger.voicetriggerservice</key>
<true/>
<key>com.apple.wallet.banner</key>
<true/>
<key>com.apple.watchlist.private</key>
<true/>
<key>com.apple.wifi.manager-access</key>
<true/>
<key>com.apple.wipedevice</key>
<true/>
<key>fairplay-client</key>
<string>1172857363</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>apple</string>
<string>com.apple.preferences</string>
</array>
<key>vm-pressure-level</key>
<true/>
</dict>
</plist>
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/.gitignore
================================================
.theos/
packages/
.DS_Store
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Makefile
================================================
TARGET := iphone:clang:latest:15.0
ARCHS = arm64e
THEOS_PACKAGE_SCHEME=roothide
INSTALL_TARGET_PROCESSES = SpringBoard
include $(THEOS)/makefiles/common.mk
TWEAK_NAME = SpringBoardHook
SpringBoardHook_FILES = Tweak.x
SpringBoardHook_CFLAGS = -fobjc-arc -lbsm
after-package::
echo "[*] Signing SB hook"
../../../ChOma/output/tests/ct_bypass -i .theos/obj/debug/springboardhook.dylib -o springboardhooksigned.dylib
include $(THEOS_MAKE_PATH)/tweak.mk
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/SpringBoardHook.plist
================================================
{ Filter = { Bundles = ( "com.apple.springboard" ); }; }
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x
================================================
#include <unistd.h>
#include <stdio.h>
#include <dlfcn.h>
#include <spawn.h>
#include <dispatch/dispatch.h>
#include <Foundation/Foundation.h>
#include <dirent.h>
#include <roothide.h>
#define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE 1
int posix_spawnattr_set_persona_np(const posix_spawnattr_t* __restrict, uid_t, uint32_t);
int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t* __restrict, uid_t);
int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t* __restrict, uid_t);
int fd_is_valid(int fd)
{
return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
}
NSString* getNSStringFromFile(int fd)
{
NSMutableString* ms = [NSMutableString new];
ssize_t num_read;
char c;
if(!fd_is_valid(fd)) return @"";
while((num_read = read(fd, &c, sizeof(c))))
{
[ms appendString:[NSString stringWithFormat:@"%c", c]];
if(c == '\n') break;
}
return ms.copy;
}
int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr)
{
NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new];
[argsM insertObject:path.lastPathComponent atIndex:0];
NSUInteger argCount = [argsM count];
char **argsC = (char **)malloc((argCount + 1) * sizeof(char*));
for (NSUInteger i = 0; i < argCount; i++)
{
argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]);
}
argsC[argCount] = NULL;
posix_spawnattr_t attr;
posix_spawnattr_init(&attr);
posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE);
posix_spawnattr_set_persona_uid_np(&attr, 0);
posix_spawnattr_set_persona_gid_np(&attr, 0);
posix_spawn_file_actions_t action;
posix_spawn_file_actions_init(&action);
int outErr[2];
if(stdErr)
{
pipe(outErr);
posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO);
posix_spawn_file_actions_addclose(&action, outErr[0]);
}
int out[2];
if(stdOut)
{
pipe(out);
posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO);
posix_spawn_file_actions_addclose(&action, out[0]);
}
pid_t task_pid;
int status = -200;
int spawnError = posix_spawn(&task_pid, [path UTF8String], &action, &attr, (char* const*)argsC, NULL);
posix_spawnattr_destroy(&attr);
for (NSUInteger i = 0; i < argCount; i++)
{
free(argsC[i]);
}
free(argsC);
if(spawnError != 0)
{
NSLog(@"posix_spawn error %d\n", spawnError);
return spawnError;
}
do
{
if (waitpid(task_pid, &status, 0) != -1) {
NSLog(@"Child status %d", WEXITSTATUS(status));
} else
{
perror("waitpid");
return -222;
}
} while (!WIFEXITED(status) && !WIFSIGNALED(status));
if(stdOut)
{
close(out[1]);
NSString* output = getNSStringFromFile(out[0]);
*stdOut = output;
}
if(stdErr)
{
close(outErr[1]);
NSString* errorOutput = getNSStringFromFile(outErr[0]);
*stdErr = errorOutput;
}
return WEXITSTATUS(status);
}
%hook CSStatusTextView
- (void)setInternalLegalText:(NSString *)string {
%orig(@":troll:");
}
%end
bool OpenedTweaks = false;
bool os_variant_has_internal_content(const char* subsystem);
%hookf(bool, os_variant_has_internal_content, const char* subsystem) {
if (OpenedTweaks == false) {
//const char* path = jbroot("/Library/MobileSubstrate/DynamicLibraries");
//DIR *dir;
//struct dirent *ent;
// if ((dir = opendir(path)) != NULL) {
// while ((ent = readdir(dir)) != NULL) {
// if (ent->d_type == DT_REG && strstr(ent->d_name, ".dylib")) {
// char filePath[256];
// snprintf(filePath, sizeof(filePath), "%s/%s", path, ent->d_name);
// dlopen(filePath, RTLD_NOW | RTLD_GLOBAL);
// }
// }
spawnRoot(jbroot(@"/basebin/bootstrapd"), @[@"daemon",@"-f"], nil, nil);
dlopen(jbroot(@"/basebin/bootstrap.dylib").UTF8String, RTLD_GLOBAL | RTLD_NOW);
OpenedTweaks = true;
return true;
} else {
return true;
}
}
#define CS_DEBUGGED 0x10000000
int csops(pid_t pid, unsigned int ops, void *useraddr, size_t usersize);
int fork();
int ptrace(int, int, int, int);
int isJITEnabled() {
int flags;
csops(getpid(), 0, &flags, sizeof(flags));
return (flags & CS_DEBUGGED) != 0;
}
%ctor {
if (!isJITEnabled()) {
// Enable JIT
int pid = fork();
if (pid == 0) {
ptrace(0, 0, 0, 0);
exit(0);
} else if (pid > 0) {
while (wait(NULL) > 0) {
usleep(1000);
}
}
}
}
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/build.sh
================================================
make
ldid -S../../launchdentitlements.plist -Cadhoc .theos/obj/debug/SpringBoardHook.dylib
/Users/ibarahime/ChOma/ct_bypass -i .theos/obj/debug/SpringBoardHook.dylib -r -o springboardhooksigned.dylib
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/control
================================================
Package: com.yourcompany.springboardhook
Name: SpringBoardHook
Version: 0.0.1
Architecture: iphoneos-arm
Description: An awesome MobileSubstrate tweak!
Maintainer: LL
Author: LL
Section: Tweaks
Depends: mobilesubstrate (>= 0.9.5000)
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/build.sh
================================================
function replaceByte() {
printf "\x00\x00\x00\x00" | dd of="$1" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null
}
make
# /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/ellekit/libinjector.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes
# /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/libellekit.dylib springboardshiminjected springboardshiminjected --all-yes
/Users/ibarahime/insert_dylib/insert_dylib/insert_dylib @loader_path/springboardhook.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes
# replaceByte 'springboardshiminjected' 8
ldid -SSpringBoardEnts.plist springboardshiminjected
/Users/ibarahime/ChOma/ct_bypass -i springboardshiminjected -r -o springboardshimsignedinjected
================================================
FILE: RootHelperSample/launchdshim/SpringBoardShim/main.c
================================================
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
int (*SBSystemAppMain)(int argc, char *argv[], char *envp[], char* apple[]);
int main(int argc, char *argv[], char *envp[], char* apple[]) {
void *handle = dlopen("/System/Library/PrivateFrameworks/SpringBoard.framework/SpringBoard", RTLD_GLOBAL);
SBSystemAppMain = dlsym(handle, "SBSystemAppMain");
return SBSystemAppMain(argc, argv, envp, apple);
}
================================================
FILE: RootHelperSample/launchdshim/build.sh
================================================
function replaceByte() {
printf "\x00\x00\x00\x00" | dd of="$1" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null
}
replaceByte 'launchd' 8
# /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/ellekit/libinjector.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes
# /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/libellekit.dylib springboardshiminjected springboardshiminjected --all-yes
/Users/ibarahime/insert_dylib/insert_dylib/insert_dylib @loader_path/launchdhook.dylib launchd launchdinjected --all-yes
ldid -Slaunchdentitlements.plist launchdinjected
/Users/ibarahime/ChOma/ct_bypass -i launchdinjected -r -o launchdsignedinjected
================================================
FILE: RootHelperSample/launchdshim/launchdentitlements.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.security.no-sandbox</key>
<true/>
<key>com.apple.private.domain-extension</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.skip-library-validation</key>
<true/>
<key>com.apple.private.xpc.domain-extension</key>
<true/>
<key>com.apple.private.xpc.domain-extension.proxy</key>
<true/>
<key>com.apple.private.xpc.launchd.app-state-manager</key>
<true/>
<key>com.apple.private.xpc.launchd.enable-disable-system-services</key>
<true/>
<key>com.apple.private.xpc.launchd.event-monitor</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-bootstrapper</key>
<true/>
<key>com.apple.private.xpc.launchd.loginitem-outside-bundle</key>
<true/>
<key>com.apple.private.xpc.launchd.obliterator</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-create.mbsetupuser</key>
<true/>
<key>com.apple.private.xpc.launchd.per-user-lookup</key>
<true/>
<key>com.apple.private.xpc.launchd.reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.service-hold</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot</key>
<true/>
<key>com.apple.private.xpc.launchd.userspace-reboot-now</key>
<true/>
<key>com.apple.private.xpc.persona-creator</key>
<true/>
<key>com.apple.private.xpc.persona-manager</key>
<true/>
<key>com.apple.private.persona-mgmt</key>
<true/>
<key>com.apple.private.xpc.service-attach</key>
<true/>
<key>com.apple.private.xpc.service-configure</key>
<true/>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
<!-- <key>com.apple.private.security.storage.AppBundles</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/> -->
<key>com.apple.private.set-launch-type.internal</key>
<true/>
<key>com.apple.security.exception.mach-lookup.global-name</key>
<array>
<string>com.apple.mmaintenanced</string>
<string>com.apple.memory-maintenance</string>
</array>
<key>com.apple.apfs.get-dev-by-role</key>
<true/>
<key>com.apple.private.amfi.can-allow-non-platform</key>
<true/>
<key>com.apple.private.iokit.system-nvram-allow</key>
<true/>
<key>com.apple.private.kernel.system-override</key>
<true/>
<key>com.apple.private.persona-mgmt</key>
<true/>
<key>com.apple.private.pmap.load-trust-cache</key>
<array>
<string>cryptex1.boot.os</string>
<string>cryptex1.boot.app</string>
<string>cryptex1.safari-downlevel</string>
</array>
<key>com.apple.private.record_system_event</key>
<true/>
<key>com.apple.private.roots-installed-read-write</key>
<true/>
<key>com.apple.private.security.disk-device-access</key>
<true/>
<key>com.apple.private.security.storage.driverkitd</key>
<true/>
<key>com.apple.private.security.storage.launchd</key>
<true/>
<key>com.apple.private.security.system-mount-authority</key>
<true/>
<key>com.apple.private.set-atm-diagnostic-flag</key>
<true/>
<key>com.apple.private.spawn-panic-crash-behavior</key>
<true/>
<key>com.apple.private.spawn-subsystem-root</key>
<true/>
<key>com.apple.private.vfs.allow-low-space-writes</key>
<true/>
<key>com.apple.private.vfs.graftdmg</key>
<true/>
<key>com.apple.private.vfs.pivot-root</key>
<true/>
<key>com.apple.rootless.restricted-block-devices</key>
<true/>
<key>com.apple.rootless.storage.early_boot_mount</key>
<true/>
<key>com.apple.rootless.volume.Preboot</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
================================================
FILE: RootHelperSample/launchdshim/launchdhook/Frameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer.tbd
================================================
--- !tapi-tbd-v3
archs: [ armv7, armv7s, arm64, arm64e ]
platform: ios
flags: [ flat_namespace ]
install-name: /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer
current-version: 1
compatibility-version: 1
exports:
- archs: [ armv7, armv7s, arm64, arm64e ]
symbols: [ _IOMobileFrameBufferEnableDebugTracing,
_IOMobileFrameBufferEnableVBLTraces,
_IOMobileFrameBufferGetDebugTraces,
_IOMobileFrameBufferGetMirroringCapability,
_IOMobileFrameBufferPrintDebugTraces,
_IOMobileFrameBufferSetLogLevel,
_IOMobileFrameBufferprintDisplayRegs,
_IOMobileFramebufferALSSEnableWindows,
_IOMobileFramebufferALSSGetRGBCoeffs,
_IOMobileFramebufferALSSGetWindows,
_IOMobileFramebufferALSSGetWindowsSums,
_IOMobileFramebufferALSSSetRGBCoeffs,
_IOMobileFramebufferALSSSetWindows,
_IOMobileFramebufferChangeFrameInfo,
_IOMobileFramebufferCopyLayerDisplayedSurface,
_IOMobileFramebufferCopyProperty,
_IOMobileFramebufferCreateDisplayList,
_IOMobileFramebufferCreateStatistics,
_IOMobileFramebufferDisableCRCNotifications,
_IOMobileFramebufferDisableHotPlugDetectNotifications,
_IOMobileFramebufferDisablePowerNotifications,
_IOMobileFramebufferDisableVSyncNotifications,
_IOMobileFramebufferEnableCRCNotifications,
_IOMobileFramebufferEnableDisableDithering,
_IOMobileFramebufferEnableDisableVideoPowerSavings,
_IOMobileFramebufferEnableHotPlugDetectNotifications,
_IOMobileFramebufferEnableMirroring,
_IOMobileFramebufferEnablePowerNotifications,
_IOMobileFramebufferEnableStatistics,
_IOMobileFramebufferEnableVSyncNotifications,
_IOMobileFramebufferFactoryPortal,
_IOMobileFramebufferFrameInfo,
_IOMobileFramebufferGetBlock,
_IOMobileFramebufferGetBrightnessControlCapabilities,
_IOMobileFramebufferGetBrightnessControlInfo,
_IOMobileFramebufferGetBufBlock,
_IOMobileFramebufferGetCRCNotifyMessageCount,
_IOMobileFramebufferGetCRCRunLoopSource,
_IOMobileFramebufferGetCanvasSizes,
_IOMobileFramebufferGetColorRemapMode,
_IOMobileFramebufferGetCurrentAbsoluteTime,
_IOMobileFramebufferGetDigitalOutState,
_IOMobileFramebufferGetDisplayArea,
_IOMobileFramebufferGetDisplaySize,
_IOMobileFramebufferGetDotPitch,
_IOMobileFramebufferGetFrameworkInfo,
_IOMobileFramebufferGetGammaTable,
_IOMobileFramebufferGetHDCPAuthenticationProtocol,
_IOMobileFramebufferGetHDCPDownstreamState,
_IOMobileFramebufferGetHDCPRunLoopSource,
_IOMobileFramebufferGetHotPlugRunLoopSource,
_IOMobileFramebufferGetID,
_IOMobileFramebufferGetLayerDefaultSurface,
_IOMobileFramebufferGetLinkQuality,
_IOMobileFramebufferGetMainDisplay,
_IOMobileFramebufferGetMatrix,
_IOMobileFramebufferGetMirrorError,
_IOMobileFramebufferGetProtectionOptions,
_IOMobileFramebufferGetRunLoopSource,
_IOMobileFramebufferGetSecondaryDisplay,
_IOMobileFramebufferGetServiceObject,
_IOMobileFramebufferGetSupportedDigitalOutModes,
_IOMobileFramebufferGetTypeID,
_IOMobileFramebufferGetVSyncRunLoopSource,
_IOMobileFramebufferGetWirelessSurface,
_IOMobileFramebufferGetWirelessSurfaceWithOptions,
_IOMobileFramebufferHDCPGetReply,
_IOMobileFramebufferHDCPSendRequest,
_IOMobileFramebufferInstallVirtualDisplay,
_IOMobileFramebufferInstallVirtualDisplays,
_IOMobileFramebufferIsMainDisplay,
_IOMobileFramebufferKernelTests,
_IOMobileFramebufferOpen,
_IOMobileFramebufferOpenByName,
_IOMobileFramebufferReadyForSwap,
_IOMobileFramebufferRequestPowerChange,
_IOMobileFramebufferSPLCGetBrightness,
_IOMobileFramebufferSPLCSetBrightness,
_IOMobileFramebufferScheduleWithDispatchQueue,
_IOMobileFramebufferSetBlock,
_IOMobileFramebufferSetBrightnessControlCallback,
_IOMobileFramebufferSetBrightnessCorrection,
_IOMobileFramebufferSetCanvasSize,
_IOMobileFramebufferSetColorRemapMode,
_IOMobileFramebufferSetContrast,
_IOMobileFramebufferSetDebugFlags,
_IOMobileFramebufferSetDigitalOutMode,
_IOMobileFramebufferSetDisplayDevice,
_IOMobileFramebufferSetDroppable,
_IOMobileFramebufferSetFlags,
_IOMobileFramebufferSetGammaTable,
_IOMobileFramebufferSetIdleBuffer,
_IOMobileFramebufferSetLine21Data,
_IOMobileFramebufferSetMatrix,
_IOMobileFramebufferSetMirrorContentRegion,
_IOMobileFramebufferSetParameter,
_IOMobileFramebufferSetRenderingAngle,
_IOMobileFramebufferSetTVOutMode,
_IOMobileFramebufferSetTVOutSignalType,
_IOMobileFramebufferSetUnderrunColor,
_IOMobileFramebufferSetVideoDACGain,
_IOMobileFramebufferSetWSSInfo,
_IOMobileFramebufferSetWhiteOnBlackMode,
_IOMobileFramebufferSupportedFrameInfo,
_IOMobileFramebufferSurfaceIsReplaceable,
_IOMobileFramebufferSwapActiveRegion,
_IOMobileFramebufferSwapBegin,
_IOMobileFramebufferSwapCancel,
_IOMobileFramebufferSwapCancelAll,
_IOMobileFramebufferSwapDirtyRegion,
_IOMobileFramebufferSwapEnd,
_IOMobileFramebufferSwapSetBackgroundColor,
_IOMobileFramebufferSwapSetBrightness,
_IOMobileFramebufferSwapSetBrightnessLimit,
_IOMobileFramebufferSwapSetColorMatrix,
_IOMobileFramebufferSwapSetDisplayEdr,
_IOMobileFramebufferSwapSetGammaTable,
_IOMobileFramebufferSwapSetICCCurve,
_IOMobileFramebufferSwapSetICCMatrix,
_IOMobileFramebufferSwapSetLayer,
_IOMobileFramebufferSwapSetParams,
_IOMobileFramebufferSwapSetTimestamp,
_IOMobileFramebufferSwapSetTimestamps,
_IOMobileFramebufferSwapSetUISubRegion,
_IOMobileFramebufferSwapSetVideoDestEdgeAlpha,
_IOMobileFramebufferSwapSignal,
_IOMobileFramebufferSwapSubtitleRegion,
_IOMobileFramebufferSwapUIEdgeBlendMode,
_IOMobileFramebufferSwapWait,
_IOMobileFramebufferSwapWaitWithTimeout,
_IOMobileFramebufferSwapWorkaroundSettings,
_IOMobileFramebufferUnscheduleFromDispatchQueue,
_IOMobileFramebufferWaitSurface, _kIOMFB_TotalSwaps,
_kIOMFB_TotalVBLs ]
...
================================================
FILE: RootHelperSample/launchdshim/launchdhook/IOMobileFramebuffer.h
================================================
#ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H
#define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H
#include <CoreFoundation/CoreFoundation.h>
#include <IOKit/IOKitLib.h>
#include <IOKit/IOTypes.h>
#include <CoreGraphics/CoreGraphics.h>
typedef IOReturn IOMobileFramebufferReturn;
typedef struct __IOMobileFramebuffer *IOMobileFramebufferRef;
typedef CGSize IOMobileFramebufferDisplaySize;
__BEGIN_DECLS
IOMobileFramebufferReturn
IOMobileFramebufferGetMainDisplay(IOMobileFramebufferRef *pointer);
IOMobileFramebufferReturn
IOMobileFramebufferGetDisplaySize(IOMobileFramebufferRef pointer, IOMobileFramebufferDisplaySize *size);
IOMobileFramebufferReturn
IOMobileFramebufferGetLayerDefaultSurface(IOMobileFramebufferRef pointer, int surface, IOSurfaceRef *buffer);
IOMobileFramebufferReturn
IOMobileFramebufferSwapBegin(IOMobileFramebufferRef pointer, int *token);
IOMobileFramebufferReturn
IOMobileFramebufferSwapEnd(IOMobileFramebufferRef pointer);
IOMobileFramebufferReturn
IOMobileFramebufferSwapSetLayer(IOMobileFramebufferRef pointer, int layerid, IOSurfaceRef buffer, CGRect bounds, CGRect frame, int flags);
__END_DECLS
#endif
================================================
FILE: RootHelperSample/launchdshim/launchdhook/LICENCE
================================================
MIT License
Copyright (c) 2023 Hariz Shirazi (https://bomberfish.ca)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: RootHelperSample/launchdshim/launchdhook/Makefile
================================================
TARGET := iphone:clang:latest:15.0
ARCHS = arm64e
THEOS_PACKAGE_SCHEME = roothide
include $(THEOS)/makefiles/common.mk
LIBRARY_NAME = launchdhook
launchdhook_FILES = $(wildcard *.m) $(wildcard *.c) $(wildcard verbose/*.m)
launchdhook_CFLAGS = -fobjc-arc -isystem "../../../usprebooter/Private Headers I stole from the macOS SDK" -Wno-error
launchdhook_CODESIGN_FLAGS = -S../launchdentitlements.plist
launchdhook_LDFLAGS = -F./Frameworks
launchdhook_EXTRA_FRAMEWORKS += IOMobileFramebuffer IOSurface
after-package::
echo "[*] Signing lunchd hook"
../../../ChOma/output/tests/ct_bypass -i .theos/obj/debug/launchdhook.dylib -o launchdhooksigned.dylib
include $(THEOS_MAKE_PATH)/library.mk
================================================
FILE: RootHelperSample/launchdshim/launchdhook/README.md
================================================
# FBWrite
Write text to the framebuffer, with style.
================================================
FILE: RootHelperSample/launchdshim/launchdhook/build.sh
================================================
make
/Users/ibarahime/ChOma/ct_bypass -i .theos/obj/debug/launchdhook.dylib -r -o launchdhooksigned.dylib
================================================
FILE: RootHelperSample/launchdshim/launchdhook/control
================================================
Package: ca.bomberfish.fbwrite
Name: FBWrite
Version: 0.0.1
Architecture: iphoneos-arm
Description: Write to the framebuffer with style.
Maintainer: BomberFish Industries
Author: BomberFish Industries
Section: System
Tag: role::hacker
================================================
FILE: RootHelperSample/launchdshim/launchdhook/entitlements.plist
================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<true/>
<key>platform-application</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.allow-explicit-graphics-priority</key>
<true/>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOSurfaceRootUserClient</string>
<string>IOMobileFramebufferUserClient</string>
<string>IOHIDEventServiceUserClient</string>
</array>
</dict>
</plist>
================================================
FILE: RootHelperSample/launchdshim/launchdhook/fishhook.c
================================================
// Copyright (c) 2013, Facebook, Inc.
// All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
// * Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
// * Neither the name Facebook nor the names of its contributors may be used to
// endorse or promote products derived from this software without specific
// prior written permission.
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "fishhook.h"
#include <dlfcn.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/vm_map.h>
#include <mach/vm_region.h>
#include <mach-o/dyld.h>
#include <mach-o/loader.h>
#include <mach-o/nlist.h>
#if __has_include(<ptrauth.h>)
#include <ptrauth.h>
#endif
#ifdef __LP64__
typedef struct mach_header_64 mach_header_t;
typedef struct segment_command_64 segment_command_t;
typedef struct section_64 section_t;
typedef struct nlist_64 nlist_t;
#define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT_64
#else
typedef struct mach_header mach_header_t;
typedef struct segment_command segment_command_t;
typedef struct section section_t;
typedef struct nlist nlist_t;
#define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT
#endif
#ifndef SEG_DATA_CONST
#define SEG_DATA_CONST "__DATA_CONST"
#endif
struct rebindings_entry {
struct rebinding *rebindings;
size_t rebindings_nel;
struct rebindings_entry *next;
};
static struct rebindings_entry *_rebindings_head;
static int prepend_rebindings(struct rebindings_entry **rebindings_head,
struct rebinding rebindings[],
size_t nel) {
struct rebindings_entry *new_entry = (struct rebindings_entry *) malloc(sizeof(struct rebindings_entry));
if (!new_entry) {
return -1;
}
new_entry->rebindings = (struct rebinding *) malloc(sizeof(struct rebinding) * nel);
if (!new_entry->rebindings) {
free(new_entry);
return -1;
}
memcpy(new_entry->rebindings, rebindings, sizeof(struct rebinding) * nel);
new_entry->rebindings_nel = nel;
new_entry->next = *rebindings_head;
*rebindings_head = new_entry;
return 0;
}
#if 0
static int get_protection(void *addr, vm_prot_t *prot, vm_prot_t *max_prot) {
mach_port_t task = mach_task_self();
vm_size_t size = 0;
vm_address_t address = (vm_address_t)addr;
memory_object_name_t object;
#ifdef __LP64__
mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64;
vm_region_basic_info_data_64_t info;
kern_return_t info_ret = vm_region_64(
task, &address, &size, VM_REGION_BASIC_INFO_64, (vm_region_info_64_t)&info, &count, &object);
#else
mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT;
vm_region_basic_info_data_t info;
kern_return_t info_ret = vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t)&info, &count, &object);
#endif
if (info_ret == KERN_SUCCESS) {
if (prot != NULL)
*prot = info.protection;
if (max_prot != NULL)
*max_prot = info.max_protection;
return 0;
}
return -1;
}
#endif
static void perform_rebinding_with_section(struct rebindings_entry *rebindings,
section_t *section,
intptr_t slide,
nlist_t *symtab,
char *strtab,
uint32_t *indirect_symtab) {
uint32_t *indirect_symbol_indices = indirect_symtab + section->reserved1;
void **indirect_symbol_bindings = (void **)((uintptr_t)slide + section->addr);
for (uint i = 0; i < section->size / sizeof(void *); i++) {
uint32_t symtab_index = indirect_symbol_indices[i];
if (symtab_index == INDIRECT_SYMBOL_ABS || symtab_index == INDIRECT_SYMBOL_LOCAL ||
symtab_index == (INDIRECT_SYMBOL_LOCAL | INDIRECT_SYMBOL_ABS)) {
continue;
}
uint32_t strtab_offset = symtab[symtab_index].n_un.n_strx;
char *symbol_name = strtab + strtab_offset;
bool symbol_name_longer_than_1 = symbol_name[0] && symbol_name[1];
struct rebindings_entry *cur = rebindings;
while (cur) {
for (uint j = 0; j < cur->rebindings_nel; j++) {
if (symbol_name_longer_than_1 && strcmp(&symbol_name[1], cur->rebindings[j].name) == 0) {
kern_return_t err;
if (cur->rebindings[j].replaced != NULL && indirect_symbol_bindings[i] != cur->rebindings[j].replacement)
*(cur->rebindings[j].replaced) = indirect_symbol_bindings[i];
/**
* 1. Moved the vm protection modifying codes to here to reduce the
* changing scope.
* 2. Adding VM_PROT_WRITE mode unconditionally because vm_region
* API on some iOS/Mac reports mismatch vm protection attributes.
* -- Lianfu Hao Jun 16th, 2021
**/
err = vm_protect (mach_task_self (), (uintptr_t)indirect_symbol_bindings, section->size, 0, VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY);
if (err == KERN_SUCCESS) {
/**
* Once we failed to change the vm protection, we
* MUST NOT continue the following write actions!
* iOS 15 has corrected the const segments prot.
* -- Lionfore Hao Jun 11th, 2021
**/
#if !__has_feature(ptrauth_calls)
indirect_symbol_bindings[i] = cur->rebindings[j].replacement;
#else
void *replacement = cur->rebindings[j].replacement;
if (!strcmp(section->sectname, "__auth_got")) {
void *stripped = ptrauth_strip(replacement, ptrauth_key_process_independent_code);
replacement = ptrauth_sign_unauthenticated(stripped, ptrauth_key_process_independent_code, &indirect_symbol_bindings[i]);
}
indirect_symbol_bindings[i] = replacement;
#endif
}
goto symbol_loop;
}
}
cur = cur->next;
}
symbol_loop:;
}
}
static void rebind_symbols_for_image(struct rebindings_entry *rebindings,
const struct mach_header *header,
intptr_t slide) {
Dl_info info;
if (dladdr(header, &info) == 0) {
return;
}
segment_command_t *cur_seg_cmd;
segment_command_t *linkedit_segment = NULL;
struct symtab_command* symtab_cmd = NULL;
struct dysymtab_command* dysymtab_cmd = NULL;
uintptr_t cur = (uintptr_t)header + sizeof(mach_header_t);
for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) {
cur_seg_cmd = (segment_command_t *)cur;
if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) {
if (strcmp(cur_seg_cmd->segname, SEG_LINKEDIT) == 0) {
linkedit_segment = cur_seg_cmd;
}
} else if (cur_seg_cmd->cmd == LC_SYMTAB) {
symtab_cmd = (struct symtab_command*)cur_seg_cmd;
} else if (cur_seg_cmd->cmd == LC_DYSYMTAB) {
dysymtab_cmd = (struct dysymtab_command*)cur_seg_cmd;
}
}
if (!symtab_cmd || !dysymtab_cmd || !linkedit_segment ||
!dysymtab_cmd->nindirectsyms) {
return;
}
// Find base symbol/string table addresses
uintptr_t linkedit_base = (uintptr_t)slide + linkedit_segment->vmaddr - linkedit_segment->fileoff;
nlist_t *symtab = (nlist_t *)(linkedit_base + symtab_cmd->symoff);
char *strtab = (char *)(linkedit_base + symtab_cmd->stroff);
// Get indirect symbol table (array of uint32_t indices into symbol table)
uint32_t *indirect_symtab = (uint32_t *)(linkedit_base + dysymtab_cmd->indirectsymoff);
cur = (uintptr_t)header + sizeof(mach_header_t);
for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) {
cur_seg_cmd = (segment_command_t *)cur;
if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) {
if (strcmp(cur_seg_cmd->segname, SEG_DATA) != 0 &&
strcmp(cur_seg_cmd->segname, SEG_DATA_CONST) != 0) {
continue;
}
for (uint j = 0; j < cur_seg_cmd->nsects; j++) {
section_t *sect =
(section_t *)(cur + sizeof(segment_command_t)) + j;
if ((sect->flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS) {
perform_rebinding_with_section(rebindings, sect, slide, symtab, strtab, indirect_symtab);
}
if ((sect->flags & SECTION_TYPE) == S_NON_LAZY_SYMBOL_POINTERS) {
perform_rebinding_with_section(rebindings, sect, slide, symtab, strtab, indirect_symtab);
}
}
}
}
}
static void _rebind_symbols_for_image(const struct mach_header *header,
intptr_t slide) {
rebind_symbols_for_image(_rebindings_head, header, slide);
}
int rebind_symbols_image(void *header,
intptr_t slide,
struct rebinding rebindings[],
size_t rebindings_nel) {
struct rebindings_entry *rebindings_head = NULL;
int retval = prepend_rebindings(&rebindings_head, rebindings, rebindings_nel);
rebind_symbols_for_image(rebindings_head, (const struct mach_header *) header, slide);
if (rebindings_head) {
free(rebindings_head->rebindings);
}
free(rebindings_head);
return retval;
}
int rebind_symbols(struct rebinding rebindings[], size_t rebindings_nel) {
int retval = prepend_rebindings(&_rebindings_head, rebindings, rebindings_nel);
if (retval < 0) {
return retval;
}
// If this was the first call, register callback for image additions (which is also invoked for
// existing images, otherwise, just run on existing images
if (!_rebindings_head->next) {
_dyld_register_func_for_add_image(_rebind_symbols_for_image);
} else {
uint32_t c = _dyld_image_count();
for (uint32_t i = 0; i < c; i++) {
_rebind_symbols_for_image(_dyld_get_image_header(i), _dyld_get_image_vmaddr_slide(i));
}
}
return retval;
}
================================================
FILE: RootHelperSample/launchdshim/launchdhook/fishhook.h
================================================
// Copyright (c) 2013, Facebook, Inc.
// All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
// * Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
// * Neither the name Facebook nor the names of its contributors may be used to
// endorse or promote products derived from this software without specific
// prior written permission.
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#ifndef fishhook_h
#define fishhook_h
#include <stddef.h>
#include <stdint.h>
#if !defined(FISHHOOK_EXPORT)
#define FISHHOOK_VISIBILITY __attribute__((visibility("hidden")))
#else
#define FISHHOOK_VISIBILITY __attribute__((visibility("default")))
#endif
#ifdef __cplusplus
extern "C" {
#endif //__cplusplus
/*
* A structure representing a particular intended rebinding from a symbol
* name to its replacement
*/
struct rebinding {
const char *name;
void *replacement;
void **replaced;
};
/*
* For each rebinding in rebindings, rebinds references to external, indirect
* symbols with the specified name to instead point at replacement for each
* image in the calling process as well as for all future images that are loaded
* by the process. If rebind_functions is called more than once, the symbols to
* rebind are added to the existing list of rebindings, and if a given symbol
* is rebound more than once, the later rebinding will take precedence.
*/
FISHHOOK_VISIBILITY
int rebind_symbols(struct rebinding rebindings[], size_t rebindings_nel);
/*
* Rebinds as above, but only in the specified image. The header should point
* to the mach-o header, the slide should be the slide offset. Others as above.
*/
FISHHOOK_VISIBILITY
int rebind_symbols_image(void *header,
intptr_t slide,
struct rebinding rebindings[],
size_t rebindings_nel);
#ifdef __cplusplus
}
#endif //__cplusplus
#endif //fishhook_h
================================================
FILE: RootHelperSample/launchdshim/launchdhook/main.m
================================================
#include <mach-o/dyld.h>
#include <mach-o/dyld_images.h>
#include <Foundation/Foundation.h>
#include <bsm/audit.h>
#include <xpc/xpc.h>
#include <stdio.h>
#include "fishhook.h"
#include <spawn.h>
#include <limits.h>
#include <dirent.h>
#include <stdbool.h>
#include <errno.h>
#include <roothide.h>
#include <signal.h>
#define PT_DETACH 11 /* stop tracing a process */
#define PT_ATTACHEXC 14 /* attach to running process with signal exception */
int ptrace(int request, pid_t pid, caddr_t addr, int data);
int posix_spawnattr_set_launch_type_np(posix_spawnattr_t *attr, uint8_t launch_type);
int (*orig_csops)(pid_t pid, unsigned int ops, void * useraddr, size_t usersize);
int (*orig_csops_audittoken)(pid_t pid, unsigned int ops, void * useraddr, size_t usersize, audit_token_t * token);
int (*orig_posix_spawn)(pid_t * __restrict pid, const char * __restrict path,
const posix_spawn_file_actions_t *file_actions,
const posix_spawnattr_t * __restrict attrp,
char *const argv[ __restrict], char *const envp[ __restrict]);
int (*orig_posix_spawnp)(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *restrict file_actions, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]);
int hooked_csops(pid_t pid, unsigned int ops, void *useraddr, size_t usersize) {
int result = orig_csops(pid, ops, useraddr, usersize);
if (result != 0) return result;
if (ops == 0) { // CS_OPS_STATUS
*((uint32_t *)useraddr) |= 0x4000000; // CS_PLATFORM_BINARY
}
return result;
}
int hooked_csops_audittoken(pid_t pid, unsigned int ops, void * useraddr, size_t usersize, audit_token_t * token) {
int result = orig_csops_audittoken(pid, ops, useraddr, usersize, token);
if (result != 0) return result;
if (ops == 0) { // CS_OPS_STATUS
*((uint32_t *)useraddr) |= 0x4000000; // CS_PLATFORM_BINARY
}
return result;
}
void change_launchtype(const posix_spawnattr_t *attrp, const char *restrict path) {
const char *prefixes[] = {
"/private/var",
"/var",
"/private/preboot"
};
if (__builtin_available(macOS 13.0, iOS 16.0, tvOS 16.0, watchOS 9.0, *)) {
for (size_t i = 0; i < sizeof(prefixes) / sizeof(prefixes[0]); ++i) {
size_t prefix_len = strlen(prefixes[i]);
if (strncmp(path, prefixes[i], prefix_len) == 0) {
// FILE *file = fopen("/var/mobile/lunchd.log", "a");
if (/*file && */attrp != 0) {
// char output[1024];
// sprintf(output, "[lunchd] setting launch type path %s to 0\n", path);
// fputs(output, file);
// fclose(file);
posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); // needs ios 16.0 sdk
}
break;
}
}
}
}
int hooked_posix_spawn(pid_t *pid, const char *path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t *attrp, char *const argv[], char *const envp[]) {
change_launchtype(attrp, path);
// const char *launchdPath = "/sbin/launchd";
// const char *coolerLaunchd = jbroot("lunchd");
// if (!strncmp(path, launchdPath, strlen(launchdPath))) {
// posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0);
// path = coolerLaunchd;
// return orig_posix_spawn(pid, path, file_actions, attrp, argv, envp);
// }
return orig_posix_spawn(pid, path, file_actions, attrp, argv, envp);
}
int hooked_posix_spawnp(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *restrict file_actions, posix_spawnattr_t *attrp, char *const argv[restrict], char *const envp[restrict]) {
change_launchtype(attrp, path);
const char *springboardPath = "/System/Library/CoreServices/SpringBoard.app/SpringBoard";
const char *coolerSpringboard = jbroot("/System/Library/CoreServices/SpringBoard.app/SpringBoard");
if (!strncmp(path, springboardPath, strlen(springboardPath))) {
posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0);
// FILE *file = fopen("/var/mobile/lunchd.log", "a");
// char output[1024];
// sprintf(output, "[lunchd] changing path %s to %s\n", path, coolerSpringboard);
// fputs(output, file);
path = coolerSpringboard;
// fclose(file);
return posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp);
}
return orig_posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp);
}
bool (*xpc_dictionary_get_bool_orig)(xpc_object_t dictionary, const char *key);
bool hook_xpc_dictionary_get_bool(xpc_object_t dictionary, const char *key) {
if (!strcmp(key, "LogPerformanceStatistics")) return true;
else return xpc_dictionary_get_bool_orig(dictionary, key);
}
void initVerboseFramebuffer(void);
__attribute__((constructor)) static void init(int argc, char **argv) {
// FILE *file;
// file = fopen("/var/mobile/lunchd.log", "w");
// char output[1024];
// sprintf(output, "[lunchd] launchdhook pid %d", getpid());
// printf("[lunchd] launchdhook pid %d", getpid());
// fputs(output, file);
// fclose(file);
// sync();
bool verboseBoot = false;
NSString *verboseBootPath = @"/var/mobile/.serotonin_verbose";
NSString *happyMac = @"/var/mobile/boot-happy.jp2";
NSString *sadMac = @"/var/mobile/boot-sad.jp2";
if ([NSFileManager.defaultManager fileExistsAtPath:verboseBootPath]) {
verboseBoot = true;
}
if (verboseBoot) {
initVerboseFramebuffer();
} else {
// TODO: Boot splash
}
printf("[lunchd] launchdhook pid %d", getpid());
if (getpid() == 1) {
printf("============\n");
printf("== WE ARE ==\n");
printf("== PID1 ==\n");
printf("============\n\n");
printf("Also, my parent is %d\n", getppid());
}
struct rebinding rebindings[] = (struct rebinding[]){
{"csops", hooked_csops, (void *)&orig_csops},
{"csops_audittoken", hooked_csops_audittoken, (void *)&orig_csops_audittoken},
{"posix_spawn", hooked_posix_spawn, (void *)&orig_posix_spawn},
{"posix_spawnp", hooked_posix_spawnp, (void *)&orig_posix_spawnp},
{"xpc_dictionary_get_bool", hook_xpc_dictionary_get_bool, (void *)&xpc_dictionary_get_bool_orig},
};
rebind_symbols(rebindings, sizeof(rebindings)/sizeof(struct rebinding));
}
================================================
FILE: RootHelperSample/launchdshim/launchdhook/verbose/IOMobileFramebuffer.h
================================================
#ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H
#define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H
#include <CoreFoundation/CoreFoundation.h>
#include <IOKit/IOKitLib.h>
#include <IOKit/IOTypes.h>
#include <CoreGraphics/CoreGraphics.h>
typedef IOReturn IOMobileFramebufferReturn;
typedef struct __IOMobileFramebuffer *IOMobileFramebufferRef;
typedef CGSize IOMobileFramebufferDisplaySize;
__BEGIN_DECLS
IOMobileFramebufferReturn
IOMobileFramebufferGetMainDisplay(IOMobileFramebufferRef *pointer);
IOMobileFramebufferReturn
IOMobileFramebufferGetDisplaySize(IOMobileFramebufferRef pointer, IOMobileFramebufferDisplaySize *size);
IOMobileFramebufferReturn
IOMobileFramebufferGetLayerDefaultSurface(IOMobileFramebufferRef pointer, int surface, IOSurfaceRef *buffer);
IOMobileFramebufferReturn
IOMobileFramebufferSwapBegin(IOMobileFramebufferRef pointer, int *token);
IOMobileFramebufferReturn
IOMobileFramebufferSwapEnd(IOMobileFramebufferRef pointer);
IOMobileFramebufferReturn
IOMobileFramebufferSwapSetLayer(IOMobileFramebufferRef pointer, int layerid, IOSurfaceRef buffer, CGRect bounds, CGRect frame, int flags);
__END_DECLS
#endif
================================================
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/iso_font.c
================================================
/*
* Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. The rights granted to you under the License
* may not be used to create, or enable the creation or redistribution of,
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
*
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/*
* @OSF_COPYRIGHT@
*/
/*
* ISO Latin-1 Font
*
* Copyright (c) 2000
* Ka-Ping Yee <ping@lfw.org>
*
* This font may be freely used for any purpose.
*/
/*
* adjusted 'A' 'V' to improve their dense appearance (ie. lightened)
* adjusted 'i' 'l' to improve their flow within a word (ie. widened)
* adjusted 'E' 'F' '#'
*/
unsigned char iso_font[256 * 16] = {
/* 0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 1 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 2 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 3 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 4 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 5 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 6 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 7 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 8 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 9 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 11 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 12 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 13 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 14 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 15 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 16 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 17 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 19 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 21 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 22 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 23 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 24 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 25 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 26 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 27 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 29 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 30 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 31 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 32 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 33 */ 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00,
/* 34 */ 0x00, 0x00, 0x6c, 0x6c, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 35 */ 0x00, 0x00, 0x00, 0x36, 0x36, 0x7f, 0x36, 0x36, 0x7f, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 36 */ 0x00, 0x08, 0x08, 0x3e, 0x6b, 0x0b, 0x0b, 0x3e, 0x68, 0x68, 0x6b, 0x3e, 0x08, 0x08, 0x00, 0x00,
/* 37 */ 0x00, 0x00, 0x00, 0x33, 0x13, 0x18, 0x08, 0x0c, 0x04, 0x06, 0x32, 0x33, 0x00, 0x00, 0x00, 0x00,
/* 38 */ 0x00, 0x00, 0x1c, 0x36, 0x36, 0x1c, 0x6c, 0x3e, 0x33, 0x33, 0x7b, 0xce, 0x00, 0x00, 0x00, 0x00,
/* 39 */ 0x00, 0x00, 0x18, 0x18, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
gitextract_ym5s8a6q/
├── .gitignore
├── .gitmodules
├── Makefile
├── README.md
├── RootHelperSample/
│ ├── CoreServices.h
│ ├── Makefile
│ ├── RemoteLog.h
│ ├── RootHelperSample.xcodeproj/
│ │ └── project.pbxproj
│ ├── TSUtil.h
│ ├── TSUtil.m
│ ├── control
│ ├── entitlements.plist
│ ├── external/
│ │ ├── include/
│ │ │ └── choma/
│ │ │ ├── Base64.h
│ │ │ ├── BufferedStream.h
│ │ │ ├── CSBlob.h
│ │ │ ├── CodeDirectory.h
│ │ │ ├── FAT.h
│ │ │ ├── FileStream.h
│ │ │ ├── Host.h
│ │ │ ├── MachO.h
│ │ │ ├── MachOByteOrder.h
│ │ │ ├── MachOLoadCommand.h
│ │ │ ├── MemoryStream.h
│ │ │ ├── PatchFinder.h
│ │ │ ├── SignOSSL.h
│ │ │ ├── Signing.h
│ │ │ └── Util.h
│ │ └── lib/
│ │ ├── libchoma.a
│ │ └── libcrypto.a
│ ├── insert_dylib.h
│ ├── insert_dylib.m
│ ├── launchdshim/
│ │ ├── .gitignore
│ │ ├── SpringBoardShim/
│ │ │ ├── Makefile
│ │ │ ├── SpringBoardEnts.plist
│ │ │ ├── SpringBoardEntsBedtime.plist
│ │ │ ├── SpringBoardHook/
│ │ │ │ ├── .gitignore
│ │ │ │ ├── Makefile
│ │ │ │ ├── SpringBoardHook.plist
│ │ │ │ ├── Tweak.x
│ │ │ │ ├── build.sh
│ │ │ │ └── control
│ │ │ ├── build.sh
│ │ │ ├── main.c
│ │ │ └── springboardshimsignedinjected
│ │ ├── build.sh
│ │ ├── launchdentitlements.plist
│ │ └── launchdhook/
│ │ ├── Frameworks/
│ │ │ └── IOMobileFramebuffer.framework/
│ │ │ └── IOMobileFramebuffer.tbd
│ │ ├── IOMobileFramebuffer.h
│ │ ├── LICENCE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── build.sh
│ │ ├── control
│ │ ├── entitlements.plist
│ │ ├── fishhook.c
│ │ ├── fishhook.h
│ │ ├── main.m
│ │ └── verbose/
│ │ ├── IOMobileFramebuffer.h
│ │ ├── console/
│ │ │ ├── iso_font.c
│ │ │ ├── msgbuf.h
│ │ │ ├── serial_protos.h
│ │ │ ├── video_console.c
│ │ │ ├── video_console.h
│ │ │ └── video_scroll.c
│ │ └── verbose_boot.m
│ └── main.m
├── Serotonin.xcodeproj/
│ ├── project.pbxproj
│ ├── project.xcworkspace/
│ │ ├── contents.xcworkspacedata
│ │ ├── xcshareddata/
│ │ │ └── IDEWorkspaceChecks.plist
│ │ └── xcuserdata/
│ │ └── hariz.xcuserdatad/
│ │ └── UserInterfaceState.xcuserstate
│ └── xcuserdata/
│ ├── hariz.xcuserdatad/
│ │ └── xcschemes/
│ │ └── xcschememanagement.plist
│ └── ibarahime.xcuserdatad/
│ ├── xcdebugger/
│ │ └── Breakpoints_v2.xcbkptlist
│ └── xcschemes/
│ └── xcschememanagement.plist
├── build.sh
├── ent.plist
└── usprebooter/
├── Assets.xcassets/
│ ├── AccentColor.colorset/
│ │ └── Contents.json
│ ├── AppIcon.appiconset/
│ │ └── Contents.json
│ ├── Contents.json
│ ├── accent.colorset/
│ │ └── Contents.json
│ ├── alfienick.imageset/
│ │ └── Contents.json
│ ├── bedtime.imageset/
│ │ └── Contents.json
│ ├── duy.imageset/
│ │ └── Contents.json
│ ├── fish.imageset/
│ │ └── Contents.json
│ ├── haxi0.imageset/
│ │ └── Contents.json
│ └── htrowii.imageset/
│ └── Contents.json
├── ContentView.swift
├── External/
│ ├── FluidGradient/
│ │ ├── BlobLayer.swift
│ │ ├── CGPoint+Extensions.swift
│ │ ├── FluidGradient.swift
│ │ ├── FluidGradientView.swift
│ │ └── ResizableLayer.swift
│ ├── SwiftBackports/
│ │ ├── Backport.swift
│ │ ├── CoreTransferable/
│ │ │ ├── Representations/
│ │ │ │ ├── Codable+Representation.swift
│ │ │ │ ├── Data+Representation.swift
│ │ │ │ ├── File+Representations.swift
│ │ │ │ ├── Never+Representation.swift
│ │ │ │ ├── Tuple+Representation.swift
│ │ │ │ └── _ConditionalRepresentation.swift
│ │ │ ├── Support/
│ │ │ │ ├── NSItemProvider+Transferable.swift
│ │ │ │ ├── ReceivedTransferredFile.swift
│ │ │ │ ├── SentTransferredFile.swift
│ │ │ │ └── Visibility.swift
│ │ │ ├── TransferRepresentationBuilder.swift
│ │ │ ├── Transferable.swift
│ │ │ ├── TransferableRepresentation.swift
│ │ │ └── Transferables/
│ │ │ ├── AttributedString+Transferable.swift
│ │ │ ├── Data+Transferable.swift
│ │ │ ├── Never+Transferable.swift
│ │ │ ├── String+Transferable.swift
│ │ │ └── URL+Transferable.swift
│ │ ├── URLSession/
│ │ │ └── URLSession+Async.swift
│ │ └── UniformTypeIdentifiers/
│ │ ├── CoreTypes.swift
│ │ ├── UTTagClass.swift
│ │ └── UTType.swift
│ └── SwiftUIBackports/
│ ├── Internal/
│ │ ├── Environment+String.swift
│ │ ├── Environment.swift
│ │ ├── Inspect.swift
│ │ ├── NSItemProvider+Async.swift
│ │ ├── OwningController.swift
│ │ ├── Platforms.swift
│ │ ├── SafeArea.swift
│ │ ├── String+LocalizationKey.swift
│ │ ├── UIScene.swift
│ │ └── VisualEffects/
│ │ ├── VisualEffect+iOS.swift
│ │ └── VisualEffect+macOS.swift
│ ├── UIBackport.swift
│ └── iOS/
│ └── Presentation/
│ └── Detents.swift
├── Info.plist
├── Log.swift
├── Private Headers I stole from the macOS SDK/
│ ├── bootstrap.h
│ └── xpc/
│ ├── activity.h
│ ├── availability.h
│ ├── base.h
│ ├── debug.h
│ ├── endpoint.h
│ ├── launch.h
│ ├── listener.h
│ ├── rich_error.h
│ ├── session.h
│ ├── xpc.h
│ └── xpc_connection.h
├── TheCoolerContentView.swift
├── boot-happy.jp2
├── boot-sad.jp2
├── ct_bypass_signed
├── fun/
│ ├── cs_blobs.h
│ ├── cs_blobs.m
│ ├── dir.h
│ ├── dir.m
│ ├── fun.h
│ ├── fun.m
│ ├── krw.c
│ ├── krw.h
│ ├── offsets.h
│ ├── offsets.m
│ ├── proc.c
│ ├── proc.h
│ ├── thanks_opa334dev_htrowii.h
│ ├── thanks_opa334dev_htrowii.m
│ ├── utils.h
│ ├── utils.m
│ ├── vnode.h
│ └── vnode.m
├── ldid
├── libkfd/
│ ├── common.h
│ ├── info/
│ │ ├── dynamic_info.h
│ │ └── static_info.h
│ ├── info.h
│ ├── krkw/
│ │ ├── kread/
│ │ │ ├── kread_kqueue_workloop_ctl.h
│ │ │ └── kread_sem_open.h
│ │ └── kwrite/
│ │ ├── kwrite_dup.h
│ │ └── kwrite_sem_open.h
│ ├── krkw.h
│ ├── perf.h
│ ├── puaf/
│ │ ├── landa.h
│ │ ├── physpuppet.h
│ │ └── smith.h
│ └── puaf.h
├── libkfd.h
├── memoryControl.h
├── memoryControl.m
├── overwriter.h
├── overwriter.m
├── troller.h
├── troller.m
├── usprebooter-Bridging-Header.h
├── usprebooterApp.swift
├── util.h
├── util.m
├── vm_unaligned_copy_switch_race.c
└── vm_unaligned_copy_switch_race.h
SYMBOL INDEX (339 symbols across 43 files)
FILE: RootHelperSample/RemoteLog.h
function RLogv (line 13) | __attribute__((unused)) static void RLogv(NSString* format, va_list args)
function RLog (line 50) | __attribute__((unused)) static void RLog(NSString* format, ...)
FILE: RootHelperSample/external/include/choma/BufferedStream.h
type BufferedStreamContext (line 9) | typedef struct BufferedStreamContext {
FILE: RootHelperSample/external/include/choma/CSBlob.h
type CS_BlobIndex (line 14) | typedef struct __BlobIndex {
type CS_SuperBlob (line 20) | typedef struct __SuperBlob {
type CS_GenericBlob (line 27) | typedef struct __GenericBlob {
type CS_DecodedBlob (line 59) | typedef struct s_CS_DecodedBlob {
type CS_DecodedSuperBlob (line 65) | typedef struct s_CS_DecodedSuperBlob {
FILE: RootHelperSample/external/include/choma/CodeDirectory.h
type CS_CodeDirectory (line 17) | typedef struct __CodeDirectory {
type CS_HashType (line 36) | enum CS_HashType {
FILE: RootHelperSample/external/include/choma/FAT.h
type MachO (line 12) | typedef struct MachO MachO;
type FAT (line 16) | typedef struct FAT
FILE: RootHelperSample/external/include/choma/FileStream.h
type FileStreamContext (line 10) | typedef struct FileStreamContext {
FILE: RootHelperSample/external/include/choma/MachO.h
type MachOSegment (line 10) | typedef struct MachOSegment
type FilesetMachO (line 16) | typedef struct FilesetMachO {
type MachO (line 23) | typedef struct MachO {
type load_command (line 52) | struct load_command
type fat_arch_64 (line 55) | struct fat_arch_64
FILE: RootHelperSample/external/include/choma/MemoryStream.h
type MemoryStream (line 20) | typedef struct s_MemoryStream {
FILE: RootHelperSample/external/include/choma/PatchFinder.h
type PFSection (line 8) | typedef struct PFSection {
type MetricShared (line 20) | typedef struct MetricShared {
type BytePatternAlignment (line 26) | typedef enum {
type BytePatternMetric (line 33) | typedef struct BytePatternMetric {
FILE: RootHelperSample/launchdshim/SpringBoardShim/main.c
function main (line 9) | int main(int argc, char *argv[], char *envp[], char* apple[]) {
FILE: RootHelperSample/launchdshim/launchdhook/IOMobileFramebuffer.h
type IOReturn (line 9) | typedef IOReturn IOMobileFramebufferReturn;
type __IOMobileFramebuffer (line 10) | struct __IOMobileFramebuffer
type CGSize (line 11) | typedef CGSize IOMobileFramebufferDisplaySize;
FILE: RootHelperSample/launchdshim/launchdhook/fishhook.c
type mach_header_t (line 44) | typedef struct mach_header_64 mach_header_t;
type segment_command_t (line 45) | typedef struct segment_command_64 segment_command_t;
type section_t (line 46) | typedef struct section_64 section_t;
type nlist_t (line 47) | typedef struct nlist_64 nlist_t;
type mach_header_t (line 50) | typedef struct mach_header mach_header_t;
type segment_command_t (line 51) | typedef struct segment_command segment_command_t;
type section_t (line 52) | typedef struct section section_t;
type nlist_t (line 53) | typedef struct nlist nlist_t;
type rebindings_entry (line 61) | struct rebindings_entry {
type rebindings_entry (line 67) | struct rebindings_entry
function prepend_rebindings (line 69) | static int prepend_rebindings(struct rebindings_entry **rebindings_head,
function get_protection (line 89) | static int get_protection(void *addr, vm_prot_t *prot, vm_prot_t *max_pr...
function perform_rebinding_with_section (line 118) | static void perform_rebinding_with_section(struct rebindings_entry *rebi...
function rebind_symbols_for_image (line 180) | static void rebind_symbols_for_image(struct rebindings_entry *rebindings,
function _rebind_symbols_for_image (line 242) | static void _rebind_symbols_for_image(const struct mach_header *header,
function rebind_symbols_image (line 247) | int rebind_symbols_image(void *header,
function rebind_symbols (line 261) | int rebind_symbols(struct rebinding rebindings[], size_t rebindings_nel) {
FILE: RootHelperSample/launchdshim/launchdhook/fishhook.h
type rebinding (line 44) | struct rebinding {
type rebinding (line 59) | struct rebinding
type rebinding (line 68) | struct rebinding
FILE: RootHelperSample/launchdshim/launchdhook/verbose/IOMobileFramebuffer.h
type IOReturn (line 9) | typedef IOReturn IOMobileFramebufferReturn;
type __IOMobileFramebuffer (line 10) | struct __IOMobileFramebuffer
type CGSize (line 11) | typedef CGSize IOMobileFramebufferDisplaySize;
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/msgbuf.h
type msgbuf (line 69) | struct msgbuf {
type msgbuf (line 81) | struct msgbuf
type msgbuf (line 83) | struct msgbuf
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/serial_protos.h
type console_ops (line 66) | struct console_ops {
type console_printbuf_state (line 82) | struct console_printbuf_state {
type console_printbuf_state (line 92) | struct console_printbuf_state
type console_printbuf_state (line 94) | struct console_printbuf_state
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.c
function switch_to_serial_console (line 146) | int switch_to_serial_console() {return 0;}
type spl_t (line 161) | typedef unsigned spl_t;
type thread_call (line 165) | struct thread_call {}
type thread_call_data_t (line 166) | typedef struct thread_call thread_call_data_t;
type PE_Video (line 182) | struct PE_Video {
type PE_Video (line 202) | typedef struct PE_Video PE_Video;
function clock_deadline_for_periodic_event (line 204) | void
function clock_interval_to_absolutetime_interval (line 233) | void
function clock_interval_to_deadline (line 246) | void
type vc_info (line 267) | struct vc_info
type vc_info (line 279) | struct vc_info
type vt100state_e (line 352) | enum vt100state_e {
type vc_info (line 399) | struct vc_info
function gc_clear_line (line 421) | static void
function gc_clear_screen (line 455) | static void
function gc_enable (line 493) | static void
function gc_hide_cursor (line 631) | static void
function gc_initialize (line 653) | static void
function gc_paint_char (line 669) | static void
function gc_putchar (line 683) | static void
function gc_putc_askcmd (line 738) | static void
function gc_putc_charsetcmd (line 759) | static void
function gc_putc_charsizecmd (line 777) | static void
function gc_putc_esc (line 801) | static void
function gc_putc_getpars (line 876) | static void
function gc_putc_gotpars (line 900) | static void
function gc_putc_normal (line 1044) | static void
function gc_putc_square (line 1121) | static void
function gc_reset_screen (line 1136) | static void
function gc_reset_tabs (line 1145) | static void
function gc_set_tab_stop (line 1159) | static void
function boolean_t (line 1167) | static boolean_t
function gc_reset_vt100 (line 1180) | static void
function gc_scroll_down (line 1195) | static void
function gc_scroll_up (line 1289) | static void
function gc_show_cursor (line 1383) | static void
function gc_update_color (line 1405) | static void
function vcputc (line 1414) | void
function vc_clear_screen (line 1502) | static void
function vc_render_char (line 1553) | static void
function vc_paint_char_8 (line 1589) | static void
function vc_paint_char_16 (line 1656) | static void
function vc_paint_char_32 (line 1718) | static void
function vc_paint_char (line 1789) | static void
function vc_render_font (line 1813) | static void
function vc_enable (line 1877) | static void
function vc_reverse_cursor (line 1883) | static void
function vc_scroll_down (line 1917) | static void
function vc_scroll_up (line 1951) | static void
function vc_update_color (line 1984) | static void
function vc_blit_rect (line 2088) | static void
function vc_blit_rect_8 (line 2125) | static void
function vc_blit_rect_16 (line 2203) | static void
function vc_blit_rect_32 (line 2279) | static void
function vc_blit_rect_30 (line 2353) | static void
function vc_clean_boot_graphics (line 2430) | static void
type lzss_image_state (line 2446) | struct lzss_image_state {
type lzss_image_state (line 2455) | typedef struct lzss_image_state lzss_image_state;
function vc_decompress_lzss_next_pixel (line 2458) | static inline int
function vc_display_lzss_icon (line 2513) | int
function noroot_icon_test (line 2595) | void
function vc_display_icon (line 2608) | void
function vc_progress_initialize (line 2629) | void
function vc_progress_set (line 2666) | void
function vc_progressmeter_range (line 2807) | static uint32_t
function vc_progressmeter_task (line 2821) | static void
function vc_progress_setdiskspeed (line 2847) | void
function vc_progress_task (line 2855) | static void
function gc_pause (line 2953) | static void
function vc_initialize (line 2988) | static void
function initialize_prescreen (line 3017) | void initialize_prescreen(struct vc_info new_vinfo) {
function initialize_screen (line 3053) | void
function vcattach (line 3287) | void
function vc_draw_progress_meter (line 3344) | static void
function internal_enable_progressmeter (line 3425) | static void
function internal_set_progressmeter (line 3488) | static void
function vc_enable_progressmeter (line 3521) | void
function vc_set_progressmeter (line 3527) | void
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.h
type vc_progress_user_options (line 64) | struct vc_progress_user_options {
type vc_progress_user_options (line 71) | typedef struct vc_progress_user_options vc_progress_user_options;
type vc_info (line 91) | struct vc_info {
type vc_progress_element (line 108) | struct vc_progress_element {
type vc_progress_element (line 121) | typedef struct vc_progress_element vc_progress_element;
type vc_progress_user_options (line 123) | struct vc_progress_user_options
FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_scroll.c
function video_scroll_up (line 32) | void
function video_scroll_down (line 38) | void
FILE: usprebooter/Private Headers I stole from the macOS SDK/bootstrap.h
type name_t (line 26) | typedef name_t *name_array_t;
type bootstrap_status_t (line 27) | typedef int bootstrap_status_t;
type bootstrap_status_t (line 28) | typedef bootstrap_status_t *bootstrap_status_array_t;
type bootstrap_property_t (line 29) | typedef unsigned int bootstrap_property_t;
type bootstrap_property_t (line 30) | typedef bootstrap_property_t * bootstrap_property_array_t;
type boolean_t (line 32) | typedef boolean_t *bool_array_t;
FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/activity.h
type xpc_activity_state_t (line 381) | typedef long xpc_activity_state_t;
FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/launch.h
type _launch_data (line 200) | struct _launch_data
type launch_data_type_t (line 204) | typedef enum {
FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc.h
type _xpc_type_s (line 46) | struct _xpc_type_s
function _xpc_object_validate (line 77) | void
type _xpc_bool_s (line 172) | struct _xpc_bool_s
type _xpc_bool_s (line 182) | struct _xpc_bool_s
FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc_connection.h
type _xpc_dictionary_s (line 38) | struct _xpc_dictionary_s
type _xpc_dictionary_s (line 57) | struct _xpc_dictionary_s
type _xpc_dictionary_s (line 80) | struct _xpc_dictionary_s
type _xpc_dictionary_s (line 94) | struct _xpc_dictionary_s
FILE: usprebooter/fun/krw.c
function do_kopen (line 20) | __attribute__ ((optnone)) uint64_t do_kopen(uint64_t puaf_pages, uint64_...
function do_kclose (line 92) | void do_kclose(void)
function do_kread (line 98) | void do_kread(u64 kaddr, void* uaddr, u64 size)
function do_kwrite (line 103) | void do_kwrite(void* uaddr, u64 kaddr, u64 size)
function get_kslide (line 108) | uint64_t get_kslide(void) {
function get_kernproc (line 112) | uint64_t get_kernproc(void) {
function kread8 (line 116) | uint8_t kread8(uint64_t where) {
function kread16 (line 121) | uint32_t kread16(uint64_t where) {
function kread32 (line 126) | uint32_t kread32(uint64_t where) {
function kread64 (line 131) | uint64_t kread64(uint64_t where) {
function kread64_smr (line 138) | uint64_t kread64_smr(uint64_t where) {
function kwrite8 (line 145) | void kwrite8(uint64_t where, uint8_t what) {
function kwrite16 (line 158) | void kwrite16(uint64_t where, uint16_t what) {
function kwrite32 (line 167) | void kwrite32(uint64_t where, uint32_t what) {
function kwrite64 (line 173) | void kwrite64(uint64_t where, uint64_t what) {
FILE: usprebooter/fun/proc.c
function getProc (line 18) | uint64_t getProc(pid_t pid) {
function getProcByName (line 34) | uint64_t getProcByName(char* nm) {
function getPidByName (line 54) | int getPidByName(char* nm) {
function funProc (line 60) | int funProc(uint64_t proc) {
FILE: usprebooter/libkfd.h
type puaf_method (line 22) | enum puaf_method {
type kread_method (line 28) | enum kread_method {
type kwrite_method (line 33) | enum kwrite_method {
type kfd (line 47) | struct kfd
type info (line 49) | struct info {
type perf (line 76) | struct perf {
type puaf (line 105) | struct puaf {
type krkw (line 118) | struct krkw {
type kfd (line 139) | struct kfd {
type kfd (line 152) | struct kfd
type kfd (line 154) | struct kfd
type kfd (line 154) | struct kfd
type kfd (line 154) | struct kfd
function kfd_free (line 162) | void kfd_free(struct kfd* kfd)
function u64 (line 171) | u64 kopen(u64 puaf_pages, u64 puaf_method, u64 kread_method, u64 kwrite_...
function kread (line 194) | void kread(u64 kfd, u64 kaddr, void* uaddr, u64 size)
function kwrite (line 199) | void kwrite(u64 kfd, void* uaddr, u64 kaddr, u64 size)
function kclose (line 204) | void kclose(u64 kfd)
FILE: usprebooter/libkfd/common.h
type i8 (line 32) | typedef int8_t i8;
type i16 (line 33) | typedef int16_t i16;
type i32 (line 34) | typedef int32_t i32;
type i64 (line 35) | typedef int64_t i64;
type isize (line 36) | typedef intptr_t isize;
type u8 (line 38) | typedef uint8_t u8;
type u16 (line 39) | typedef uint16_t u16;
type u32 (line 40) | typedef uint32_t u32;
type u64 (line 41) | typedef uint64_t u64;
type usize (line 42) | typedef uintptr_t usize;
FILE: usprebooter/libkfd/info.h
function info_init (line 53) | void info_init(struct kfd* kfd)
function info_run (line 144) | void info_run(struct kfd* kfd)
function info_free (line 198) | void info_free(struct kfd* kfd)
FILE: usprebooter/libkfd/info/dynamic_info.h
type dynamic_info (line 4) | struct dynamic_info {
type dynamic_info (line 104) | struct dynamic_info
FILE: usprebooter/libkfd/info/static_info.h
type psemnode (line 21) | struct psemnode {
type fileproc (line 26) | struct fileproc {
type kqueue_workloop_params (line 49) | struct kqueue_workloop_params {
type vinfo_stat (line 95) | struct vinfo_stat {
type proc_fileinfo (line 130) | struct proc_fileinfo {
type psem_info (line 138) | struct psem_info {
type psem_fdinfo (line 143) | struct psem_fdinfo {
type kqueue_info (line 151) | struct kqueue_info {
type kqueue_dyninfo (line 157) | struct kqueue_dyninfo {
type perfmon_layout (line 179) | struct perfmon_layout {
type perfmon_event (line 190) | struct perfmon_event {
type perfmon_attr (line 196) | struct perfmon_attr {
type perfmon_spec (line 201) | struct perfmon_spec {
type perfmon_kind (line 208) | enum perfmon_kind {
type perfmon_source (line 214) | struct perfmon_source {
type perfmon_counter (line 223) | struct perfmon_counter {
type perfmon_config (line 227) | struct perfmon_config {
type perfmon_device (line 237) | struct perfmon_device {
type perfmon_ioctl (line 244) | enum perfmon_ioctl {
FILE: usprebooter/libkfd/krkw.h
type kfd (line 35) | struct kfd
type krkw (line 35) | struct krkw
type kfd (line 36) | struct kfd
type kfd (line 37) | struct kfd
type krkw (line 37) | struct krkw
type kfd (line 38) | struct kfd
type krkw (line 38) | struct krkw
type kfd (line 39) | struct kfd
type krkw (line 39) | struct krkw
function krkw_init (line 71) | void krkw_init(struct kfd* kfd, u64 kread_method, u64 kwrite_method)
function krkw_run (line 87) | void krkw_run(struct kfd* kfd)
function krkw_kread (line 99) | void krkw_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size)
function krkw_kwrite (line 104) | void krkw_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size)
function krkw_free (line 109) | void krkw_free(struct kfd* kfd)
function krkw_helper_init (line 119) | void krkw_helper_init(struct kfd* kfd, struct krkw* krkw)
function krkw_helper_grab_free_pages (line 124) | void krkw_helper_grab_free_pages(struct kfd* kfd)
function krkw_helper_run_allocate (line 151) | void krkw_helper_run_allocate(struct kfd* kfd, struct krkw* krkw)
function krkw_helper_run_deallocate (line 232) | void krkw_helper_run_deallocate(struct kfd* kfd, struct krkw* krkw)
function krkw_helper_free (line 247) | void krkw_helper_free(struct kfd* kfd, struct krkw* krkw)
FILE: usprebooter/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h
type kfd (line 10) | struct kfd
function kread_kqueue_workloop_ctl_init (line 12) | void kread_kqueue_workloop_ctl_init(struct kfd* kfd)
function kread_kqueue_workloop_ctl_allocate (line 18) | void kread_kqueue_workloop_ctl_allocate(struct kfd* kfd, u64 id)
function kread_kqueue_workloop_ctl_search (line 34) | bool kread_kqueue_workloop_ctl_search(struct kfd* kfd, u64 object_uaddr)
function kread_kqueue_workloop_ctl_kread (line 53) | void kread_kqueue_workloop_ctl_kread(struct kfd* kfd, u64 kaddr, void* u...
function kread_kqueue_workloop_ctl_find_proc (line 58) | void kread_kqueue_workloop_ctl_find_proc(struct kfd* kfd)
function kread_kqueue_workloop_ctl_deallocate (line 64) | void kread_kqueue_workloop_ctl_deallocate(struct kfd* kfd, u64 id)
function kread_kqueue_workloop_ctl_free (line 78) | void kread_kqueue_workloop_ctl_free(struct kfd* kfd)
function u64 (line 87) | u64 kread_kqueue_workloop_ctl_kread_u64(struct kfd* kfd, u64 kaddr)
FILE: usprebooter/libkfd/krkw/kread/kread_sem_open.h
type kfd (line 10) | struct kfd
type kfd (line 11) | struct kfd
function kread_sem_open_init (line 13) | void kread_sem_open_init(struct kfd* kfd)
function kread_sem_open_allocate (line 38) | void kread_sem_open_allocate(struct kfd* kfd, u64 id)
function kread_sem_open_search (line 47) | bool kread_sem_open_search(struct kfd* kfd, u64 object_uaddr)
function kread_sem_open_kread (line 90) | void kread_sem_open_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 s...
function kread_sem_open_find_proc (line 95) | void kread_sem_open_find_proc(struct kfd* kfd)
function kread_sem_open_deallocate (line 117) | void kread_sem_open_deallocate(struct kfd* kfd, u64 id)
function kread_sem_open_free (line 126) | void kread_sem_open_free(struct kfd* kfd)
function u64 (line 139) | u64 kread_sem_open_kread_u64(struct kfd* kfd, u64 kaddr)
function u32 (line 167) | u32 kread_sem_open_kread_u32(struct kfd* kfd, u64 kaddr)
FILE: usprebooter/libkfd/krkw/kwrite/kwrite_dup.h
type kfd (line 8) | struct kfd
function kwrite_dup_init (line 10) | void kwrite_dup_init(struct kfd* kfd)
function kwrite_dup_allocate (line 25) | void kwrite_dup_allocate(struct kfd* kfd, u64 id)
function kwrite_dup_search (line 34) | bool kwrite_dup_search(struct kfd* kfd, u64 object_uaddr)
function kwrite_dup_kwrite (line 65) | void kwrite_dup_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size)
function kwrite_dup_find_proc (line 70) | void kwrite_dup_find_proc(struct kfd* kfd)
function kwrite_dup_deallocate (line 78) | void kwrite_dup_deallocate(struct kfd* kfd, u64 id)
function kwrite_dup_free (line 84) | void kwrite_dup_free(struct kfd* kfd)
function kwrite_dup_kwrite_u64 (line 94) | void kwrite_dup_kwrite_u64(struct kfd* kfd, u64 kaddr, u64 new_value)
FILE: usprebooter/libkfd/krkw/kwrite/kwrite_sem_open.h
function kwrite_sem_open_init (line 8) | void kwrite_sem_open_init(struct kfd* kfd)
function kwrite_sem_open_allocate (line 17) | void kwrite_sem_open_allocate(struct kfd* kfd, u64 id)
function kwrite_sem_open_search (line 37) | bool kwrite_sem_open_search(struct kfd* kfd, u64 object_uaddr)
function kwrite_sem_open_kwrite (line 45) | void kwrite_sem_open_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64...
function kwrite_sem_open_find_proc (line 53) | void kwrite_sem_open_find_proc(struct kfd* kfd)
function kwrite_sem_open_deallocate (line 61) | void kwrite_sem_open_deallocate(struct kfd* kfd, u64 id)
function kwrite_sem_open_free (line 73) | void kwrite_sem_open_free(struct kfd* kfd)
FILE: usprebooter/libkfd/perf.h
type kfd (line 9) | struct kfd
type kfd (line 10) | struct kfd
function perf_kread (line 12) | void perf_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size)
function perf_kwrite (line 31) | void perf_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size)
function perf_init (line 67) | void perf_init(struct kfd* kfd)
function perf_run (line 86) | void perf_run(struct kfd* kfd)
function perf_free (line 201) | void perf_free(struct kfd* kfd)
function u64 (line 220) | u64 phystokv(struct kfd* kfd, u64 pa)
function u64 (line 238) | u64 vtophys(struct kfd* kfd, u64 va)
FILE: usprebooter/libkfd/puaf.h
function puaf_init (line 28) | void puaf_init(struct kfd* kfd, u64 puaf_pages, u64 puaf_method)
function puaf_run (line 42) | void puaf_run(struct kfd* kfd)
function puaf_cleanup (line 51) | void puaf_cleanup(struct kfd* kfd)
function puaf_free (line 58) | void puaf_free(struct kfd* kfd)
function puaf_helper_get_vm_map_first_and_last (line 73) | void puaf_helper_get_vm_map_first_and_last(u64* first_out, u64* last_out)
function puaf_helper_get_vm_map_min_and_max (line 106) | void puaf_helper_get_vm_map_min_and_max(u64* min_out, u64* max_out)
function puaf_helper_give_ppl_pages (line 117) | void puaf_helper_give_ppl_pages(void)
FILE: usprebooter/libkfd/puaf/landa.h
type landa_data (line 15) | struct landa_data {
function landa_init (line 23) | void landa_init(struct kfd* kfd)
function landa_run (line 29) | void landa_run(struct kfd* kfd)
function landa_cleanup (line 133) | void landa_cleanup(struct kfd* kfd)
function landa_free (line 162) | void landa_free(struct kfd* kfd)
type kfd (line 179) | struct kfd
type kfd (line 179) | struct kfd
type landa_data (line 180) | struct landa_data
type landa_data (line 180) | struct landa_data
FILE: usprebooter/libkfd/puaf/physpuppet.h
function physpuppet_init (line 12) | void physpuppet_init(struct kfd* kfd)
function physpuppet_run (line 20) | void physpuppet_run(struct kfd* kfd)
function physpuppet_cleanup (line 91) | void physpuppet_cleanup(struct kfd* kfd)
function physpuppet_free (line 106) | void physpuppet_free(struct kfd* kfd)
FILE: usprebooter/libkfd/puaf/smith.h
type kfd (line 15) | struct kfd
type kfd (line 18) | struct kfd
type smith_data (line 24) | struct smith_data {
function smith_init (line 49) | void smith_init(struct kfd* kfd)
function smith_run (line 63) | void smith_run(struct kfd* kfd)
function smith_cleanup (line 141) | void smith_cleanup(struct kfd* kfd)
function smith_free (line 178) | void smith_free(struct kfd* kfd)
function smith_helper_init (line 210) | void smith_helper_init(struct kfd* kfd)
type kfd (line 320) | struct kfd
type kfd (line 320) | struct kfd
type smith_data (line 321) | struct smith_data
type smith_data (line 321) | struct smith_data
type kfd (line 352) | struct kfd
type kfd (line 352) | struct kfd
type smith_data (line 353) | struct smith_data
type smith_data (line 353) | struct smith_data
function smith_helper_cleanup (line 406) | void smith_helper_cleanup(struct kfd* kfd)
FILE: usprebooter/memoryControl.h
type CF_BRIDGED_TYPE (line 19) | struct CF_BRIDGED_TYPE
type memorystatus_memlimit_properties_t (line 27) | typedef struct memorystatus_memlimit_properties {
type memorystatus_memlimit_properties2_t (line 34) | typedef struct memorystatus_memlimit_properties2 {
FILE: usprebooter/vm_unaligned_copy_switch_race.c
type context1 (line 30) | struct context1 {
type context1 (line 44) | struct context1
type context1 (line 46) | struct context1
function unaligned_copy_switch_race (line 91) | bool unaligned_copy_switch_race(int file_to_overwrite, off_t file_offset...
Condensed preview — 191 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,912K chars).
[
{
"path": ".gitignore",
"chars": 287,
"preview": "build\nbuild/\n.theos\nPayload\n.DS_Store\nusprebooter.xcodeproj/xcuserdata\nusprebooter.xcodeproj/project.xcworkspace/xcuserd"
},
{
"path": ".gitmodules",
"chars": 73,
"preview": "[submodule \"ChOma\"]\n\tpath = ChOma\n\turl = https://github.com/opa334/ChOma\n"
},
{
"path": "Makefile",
"chars": 7272,
"preview": "CC = clang\nSHELL = /usr/bin/env bash\nLDID = ldid\nMACOSX_SYSROOT = $(shell xcrun -sdk macosx --show-sdk-path)\nTARGET_SYSR"
},
{
"path": "README.md",
"chars": 2543,
"preview": "# This repository's code is now unmaintained and is merged into [the new Serotonin fork with Mineek](https://github.com/"
},
{
"path": "RootHelperSample/CoreServices.h",
"chars": 2113,
"preview": "@interface LSBundleProxy\n@property (nonatomic,readonly) NSString * bundleIdentifier;\n@property (nonatomic) NSURL* dataCo"
},
{
"path": "RootHelperSample/Makefile",
"chars": 766,
"preview": "TARGET := iphone:clang:16.5:14.0\nARCHS = arm64\n\ninclude $(THEOS)/makefiles/common.mk\n\nTOOL_NAME = trolltoolsroothelper\n\n"
},
{
"path": "RootHelperSample/RemoteLog.h",
"chars": 1552,
"preview": "#ifndef _REMOTE_LOG_H_\n#define _REMOTE_LOG_H_\n\n#import <netinet/in.h>\n#import <sys/socket.h>\n#import <unistd.h>\n#import "
},
{
"path": "RootHelperSample/RootHelperSample.xcodeproj/project.pbxproj",
"chars": 6148,
"preview": "// !$*UTF8*$!\n{\n\tarchiveVersion = 1;\n\tclasses = {\n\t};\n\tobjectVersion = 56;\n\tobjects = {\n\n/* Begin PBXFileReference secti"
},
{
"path": "RootHelperSample/TSUtil.h",
"chars": 561,
"preview": "@import Foundation;\n#import \"CoreServices.h\"\n\n#define TrollStoreErrorDomain @\"TrollStoreErrorDomain\"\n\nextern void chines"
},
{
"path": "RootHelperSample/TSUtil.m",
"chars": 6917,
"preview": "#import \"TSUtil.h\"\n\n#import <Foundation/Foundation.h>\n#import <spawn.h>\n#import <sys/sysctl.h>\n#include <IOKit/IOKitLib."
},
{
"path": "RootHelperSample/control",
"chars": 228,
"preview": "Package: net.sourceloc.trolltoolsroothelper\nName: trolltoolsroothelper\nVersion: 1.0\nArchitecture: iphoneos-arm\nDescripti"
},
{
"path": "RootHelperSample/entitlements.plist",
"chars": 2043,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "RootHelperSample/external/include/choma/Base64.h",
"chars": 227,
"preview": "#ifndef BASE64_H\n#define BASE64_H\n\n#include <stdint.h>\n#include <stdlib.h>\n\nchar *base64_encode(const unsigned char *dat"
},
{
"path": "RootHelperSample/external/include/choma/BufferedStream.h",
"chars": 545,
"preview": "#ifndef BUFFERED_STREAM_H\n#define BUFFERED_STREAM_H\n\n#include \"MemoryStream.h\"\n#include <stdbool.h>\n\n#define BUFFERED_ST"
},
{
"path": "RootHelperSample/external/include/choma/CSBlob.h",
"chars": 3979,
"preview": "#ifndef CS_BLOB_H\n#define CS_BLOB_H\n\n#include <stdio.h>\n#include <stdint.h>\n#include <stdlib.h>\n#include <stdbool.h>\n\n#i"
},
{
"path": "RootHelperSample/external/include/choma/CodeDirectory.h",
"chars": 1601,
"preview": "#ifndef CODE_DIRECTORY_H\n#define CODE_DIRECTORY_H\n\n#include <stdint.h>\n#include <math.h>\n#include <CommonCrypto/CommonDi"
},
{
"path": "RootHelperSample/external/include/choma/FAT.h",
"chars": 1275,
"preview": "#ifndef MACHO_H\n#define MACHO_H\n\n#include <stdio.h>\n#include <libkern/OSByteOrder.h>\n#include <mach/mach.h>\n#include <ma"
},
{
"path": "RootHelperSample/external/include/choma/FileStream.h",
"chars": 716,
"preview": "#ifndef FILE_STREAM_H\n#define FILE_STREAM_H\n\n#include \"MemoryStream.h\"\n\n#define FILE_STREAM_SIZE_AUTO 0\n#define FILE_STR"
},
{
"path": "RootHelperSample/external/include/choma/Host.h",
"chars": 241,
"preview": "#ifndef HOST_H\n#define HOST_H\n\n#include \"FAT.h\"\n\n// Retrieve the preferred MachO slice from a FAT\n// Preferred slice as "
},
{
"path": "RootHelperSample/external/include/choma/MachO.h",
"chars": 2064,
"preview": "#ifndef MACHO_SLICE_H\n#define MACHO_SLICE_H\n\n#include <stdbool.h>\n#include <mach-o/fat.h>\n#include <mach-o/loader.h>\n#in"
},
{
"path": "RootHelperSample/external/include/choma/MachOByteOrder.h",
"chars": 4754,
"preview": "#ifndef MACHO_BYTE_ORDER_H\n#define MACHO_BYTE_ORDER_H\n\n#include <stdio.h>\n#include <stdlib.h>\n\n// 8-bit integers needed "
},
{
"path": "RootHelperSample/external/include/choma/MachOLoadCommand.h",
"chars": 653,
"preview": "#ifndef MACHO_LOAD_COMMAND_H\n#define MACHO_LOAD_COMMAND_H\n\n#include <mach-o/loader.h>\n#include \"MachO.h\"\n#include \"CSBlo"
},
{
"path": "RootHelperSample/external/include/choma/MemoryStream.h",
"chars": 2697,
"preview": "#ifndef MEMORY_STREAM_H\n#define MEMORY_STREAM_H\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/stat.h>\n#include <"
},
{
"path": "RootHelperSample/external/include/choma/PatchFinder.h",
"chars": 1194,
"preview": "#include <stdint.h>\n#include \"MachO.h\"\n\n#define METRIC_TYPE_PATTERN 1\n#define METRIC_TYPE_STRING_XREF 2\n#define METRIC_T"
},
{
"path": "RootHelperSample/external/include/choma/SignOSSL.h",
"chars": 374,
"preview": "#ifndef SIGN_OSSL_H\n#define SIGN_OSSL_H\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n#include <openssl/pe"
},
{
"path": "RootHelperSample/external/include/choma/Signing.h",
"chars": 292,
"preview": "#ifndef SIGNING_H\n#define SIGNING_H\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <CommonCrypto/CommonCrypto.h>\n#incl"
},
{
"path": "RootHelperSample/external/include/choma/Util.h",
"chars": 165,
"preview": "#include <stdint.h>\n#include <stdlib.h>\n\nuint64_t align_to_size(int size, int alignment);\nint count_digits(int64_t num);"
},
{
"path": "RootHelperSample/insert_dylib.h",
"chars": 221,
"preview": "//\n// insert_dylib.h\n// kfd\n//\n// Created by Alfie on 02/01/2024.\n//\n\n#ifndef insert_dylib_h\n#define insert_dylib_h\n\n"
},
{
"path": "RootHelperSample/insert_dylib.m",
"chars": 14953,
"preview": "// https://github.com/tyilo/insert_dylib\n// thanks Alfie\n\n#include <stdlib.h>\n#include <stdio.h>\n#include <stdbool.h>\n#i"
},
{
"path": "RootHelperSample/launchdshim/.gitignore",
"chars": 206,
"preview": "launchd\nlaunchdinjected\nlaunchdsignedinjected\nlaunchdhook/launchdhooksigned.dylib\nSpringBoardShim/launchdsignedinjected\n"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/Makefile",
"chars": 664,
"preview": "TARGET := iphone:clang:latest\nARCHS = arm64e\n\ninclude $(THEOS)/makefiles/common.mk\n\nTOOL_NAME = springboardshim\n\nspringb"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEnts.plist",
"chars": 36842,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEntsBedtime.plist",
"chars": 34299,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/.gitignore",
"chars": 28,
"preview": ".theos/\npackages/\n.DS_Store\n"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Makefile",
"chars": 455,
"preview": "TARGET := iphone:clang:latest:15.0\nARCHS = arm64e\nTHEOS_PACKAGE_SCHEME=roothide\nINSTALL_TARGET_PROCESSES = SpringBoard\n\n"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/SpringBoardHook.plist",
"chars": 57,
"preview": "{ Filter = { Bundles = ( \"com.apple.springboard\" ); }; }\n"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x",
"chars": 4821,
"preview": "#include <unistd.h>\n#include <stdio.h>\n#include <dlfcn.h>\n#include <spawn.h>\n#include <dispatch/dispatch.h>\n#include <Fo"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/build.sh",
"chars": 199,
"preview": "make\nldid -S../../launchdentitlements.plist -Cadhoc .theos/obj/debug/SpringBoardHook.dylib\n/Users/ibarahime/ChOma/ct_byp"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/control",
"chars": 233,
"preview": "Package: com.yourcompany.springboardhook\nName: SpringBoardHook\nVersion: 0.0.1\nArchitecture: iphoneos-arm\nDescription: An"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/build.sh",
"chars": 804,
"preview": "function replaceByte() {\n printf \"\\x00\\x00\\x00\\x00\" | dd of=\"$1\" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null\n}\n\nma"
},
{
"path": "RootHelperSample/launchdshim/SpringBoardShim/main.c",
"chars": 464,
"preview": "#include <dlfcn.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n#include <dirent.h>\n\nint (*SBSystemAppMain"
},
{
"path": "RootHelperSample/launchdshim/build.sh",
"chars": 715,
"preview": "function replaceByte() {\n printf \"\\x00\\x00\\x00\\x00\" | dd of=\"$1\" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null\n}\nrep"
},
{
"path": "RootHelperSample/launchdshim/launchdentitlements.plist",
"chars": 3769,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/Frameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer.tbd",
"chars": 9337,
"preview": "--- !tapi-tbd-v3\narchs: [ armv7, armv7s, arm64, arm64e ]\nplatform: ios\nflags: "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/IOMobileFramebuffer.h",
"chars": 1145,
"preview": "#ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H\n#define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H\n\n#include <CoreFound"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/LICENCE",
"chars": 1094,
"preview": "MIT License\n\nCopyright (c) 2023 Hariz Shirazi (https://bomberfish.ca)\n\nPermission is hereby granted, free of charge, to "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/Makefile",
"chars": 691,
"preview": "TARGET := iphone:clang:latest:15.0\nARCHS = arm64e\nTHEOS_PACKAGE_SCHEME = roothide\ninclude $(THEOS)/makefiles/common.mk\n\n"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/README.md",
"chars": 53,
"preview": "# FBWrite\n\nWrite text to the framebuffer, with style."
},
{
"path": "RootHelperSample/launchdshim/launchdhook/build.sh",
"chars": 106,
"preview": "make\n/Users/ibarahime/ChOma/ct_bypass -i .theos/obj/debug/launchdhook.dylib -r -o launchdhooksigned.dylib\n"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/control",
"chars": 235,
"preview": "Package: ca.bomberfish.fbwrite\nName: FBWrite\nVersion: 0.0.1\nArchitecture: iphoneos-arm\nDescription: Write to the framebu"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/entitlements.plist",
"chars": 662,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/fishhook.c",
"chars": 11021,
"preview": "// Copyright (c) 2013, Facebook, Inc.\n// All rights reserved.\n// Redistribution and use in source and binary forms, with"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/fishhook.h",
"chars": 3059,
"preview": "// Copyright (c) 2013, Facebook, Inc.\n// All rights reserved.\n// Redistribution and use in source and binary forms, with"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/main.m",
"chars": 6603,
"preview": "#include <mach-o/dyld.h>\n#include <mach-o/dyld_images.h>\n#include <Foundation/Foundation.h>\n#include <bsm/audit.h>\n#incl"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/IOMobileFramebuffer.h",
"chars": 1145,
"preview": "#ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H\n#define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H\n\n#include <CoreFound"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/iso_font.c",
"chars": 28951,
"preview": "/*\n * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n *\n * "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/msgbuf.h",
"chars": 4005,
"preview": "/*\n * Copyright (c) 2000-2010 Apple, Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n *\n * This"
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/serial_protos.h",
"chars": 3135,
"preview": "/*\n * Copyright (c) 2005-2006 Apple Computer, Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.c",
"chars": 96311,
"preview": "/*\n * Copyright (c) 2000-2020 Apple Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n *\n * This "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.h",
"chars": 4663,
"preview": "/*\n * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/console/video_scroll.c",
"chars": 1714,
"preview": "/*\n * Copyright (c) 2007 Apple Inc. All rights reserved.\n *\n * @APPLE_OSREFERENCE_LICENSE_HEADER_START@\n *\n * This file "
},
{
"path": "RootHelperSample/launchdshim/launchdhook/verbose/verbose_boot.m",
"chars": 4042,
"preview": "#import <CoreFoundation/CoreFoundation.h>\n#include <unistd.h>\n#import <CoreGraphics/CoreGraphics.h>\n#import <Foundation/"
},
{
"path": "RootHelperSample/main.m",
"chars": 15572,
"preview": "#import <stdio.h>\n@import Foundation;\n\n#import <sys/stat.h>\n#import <dlfcn.h>\n#import <spawn.h>\n#import <objc/runtime.h>"
},
{
"path": "Serotonin.xcodeproj/project.pbxproj",
"chars": 67639,
"preview": "// !$*UTF8*$!\n{\n\tarchiveVersion = 1;\n\tclasses = {\n\t};\n\tobjectVersion = 56;\n\tobjects = {\n\n/* Begin PBXBuildFile section *"
},
{
"path": "Serotonin.xcodeproj/project.xcworkspace/contents.xcworkspacedata",
"chars": 183,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Workspace\n version = \"1.0\">\n <FileRef\n location = \"self:/Users/ibarahim"
},
{
"path": "Serotonin.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist",
"chars": 238,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "Serotonin.xcodeproj/xcuserdata/hariz.xcuserdatad/xcschemes/xcschememanagement.plist",
"chars": 346,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "Serotonin.xcodeproj/xcuserdata/ibarahime.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist",
"chars": 140,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Bucket\n uuid = \"EE2F7160-E349-4585-A3DC-F389A8D8ECBF\"\n type = \"1\"\n version"
},
{
"path": "Serotonin.xcodeproj/xcuserdata/ibarahime.xcuserdatad/xcschemes/xcschememanagement.plist",
"chars": 346,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "build.sh",
"chars": 804,
"preview": "#!/bin/sh\nset -e # why wasn't this there earlier – bomberfish\necho \"Building IPA\"\nxcodebuild clean build -sdk iphoneos -"
},
{
"path": "ent.plist",
"chars": 3048,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "usprebooter/Assets.xcassets/AccentColor.colorset/Contents.json",
"chars": 329,
"preview": "{\n \"colors\" : [\n {\n \"color\" : {\n \"color-space\" : \"srgb\",\n \"components\" : {\n \"alpha\" : \"1"
},
{
"path": "usprebooter/Assets.xcassets/AppIcon.appiconset/Contents.json",
"chars": 213,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"serotonin.png\",\n \"idiom\" : \"universal\",\n \"platform\" : \"ios\",\n "
},
{
"path": "usprebooter/Assets.xcassets/Contents.json",
"chars": 63,
"preview": "{\n \"info\" : {\n \"author\" : \"xcode\",\n \"version\" : 1\n }\n}\n"
},
{
"path": "usprebooter/Assets.xcassets/accent.colorset/Contents.json",
"chars": 329,
"preview": "{\n \"colors\" : [\n {\n \"color\" : {\n \"color-space\" : \"srgb\",\n \"components\" : {\n \"alpha\" : \"1"
},
{
"path": "usprebooter/Assets.xcassets/alfienick.imageset/Contents.json",
"chars": 159,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"alfienick.png\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"auth"
},
{
"path": "usprebooter/Assets.xcassets/bedtime.imageset/Contents.json",
"chars": 157,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"bedtime.jpg\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author"
},
{
"path": "usprebooter/Assets.xcassets/duy.imageset/Contents.json",
"chars": 153,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"duy.jpg\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author\" : "
},
{
"path": "usprebooter/Assets.xcassets/fish.imageset/Contents.json",
"chars": 168,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"bomberfish-picasso.png\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n"
},
{
"path": "usprebooter/Assets.xcassets/haxi0.imageset/Contents.json",
"chars": 155,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"haxi0.jpg\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author\" "
},
{
"path": "usprebooter/Assets.xcassets/htrowii.imageset/Contents.json",
"chars": 157,
"preview": "{\n \"images\" : [\n {\n \"filename\" : \"htrowii.jpg\",\n \"idiom\" : \"universal\"\n }\n ],\n \"info\" : {\n \"author"
},
{
"path": "usprebooter/ContentView.swift",
"chars": 2708,
"preview": "import SwiftUI\n\nstruct ContentView: View {\n @State var LogItems: [String.SubSequence] = [\"\"]\n\n @AppStorage(\"headro"
},
{
"path": "usprebooter/External/FluidGradient/BlobLayer.swift",
"chars": 3385,
"preview": "//\n// BlobLayer.swift\n// BlobLayer\n//\n// Created by João Gabriel Pozzobon dos Santos on 04/10/22.\n//\n\nimport SwiftUI\n"
},
{
"path": "usprebooter/External/FluidGradient/CGPoint+Extensions.swift",
"chars": 541,
"preview": "//\n// CGPoint+Extensions.swift\n// \n//\n// Created by João Gabriel Pozzobon dos Santos on 03/10/22.\n//\n\nimport CoreGrap"
},
{
"path": "usprebooter/External/FluidGradient/FluidGradient.swift",
"chars": 3935,
"preview": "//\n// FluidGradient.swift\n// FluidGradient\n//\n// Created by Oskar Groth on 2021-12-23.\n//\n\nimport SwiftUI\n\npublic str"
},
{
"path": "usprebooter/External/FluidGradient/FluidGradientView.swift",
"chars": 4606,
"preview": "//\n// FluidGradientView.swift\n// FluidGradientView\n//\n// Created by Oskar Groth on 2021-12-23.\n//\n\nimport SwiftUI\nimp"
},
{
"path": "usprebooter/External/FluidGradient/ResizableLayer.swift",
"chars": 776,
"preview": "//\n// ResizableLayer.swift\n// ResizableLayer\n//\n// Created by João Gabriel Pozzobon dos Santos on 03/10/22.\n//\n\nimpor"
},
{
"path": "usprebooter/External/SwiftBackports/Backport.swift",
"chars": 1742,
"preview": "import SwiftUI\nimport ObjectiveC\n\n/// Provides a convenient method for backporting API,\n/// including types, functions, "
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/Codable+Representation.swift",
"chars": 2694,
"preview": "//import Foundation\n//import Combine\n//\n//@available(iOS, deprecated: 16)\n//@available(tvOS, deprecated: 16)\n//@availabl"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/Data+Representation.swift",
"chars": 5152,
"preview": "//import Foundation\n//\n//public extension Backport<Any> {\n// /// A transfer representation for types that provide the"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/File+Representations.swift",
"chars": 4968,
"preview": "//import Foundation\n//\n//@available(iOS, deprecated: 16)\n//@available(tvOS, deprecated: 16)\n//@available(macOS, deprecat"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/Never+Representation.swift",
"chars": 776,
"preview": "import Foundation\n\nextension Never: BackportTransferRepresentation {\n /// The type of the item that's being transferr"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/Tuple+Representation.swift",
"chars": 1178,
"preview": "//import Foundation\n//\n//@available(iOS, deprecated: 16)\n//@available(tvOS, deprecated: 16)\n//@available(macOS, deprecat"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Representations/_ConditionalRepresentation.swift",
"chars": 354,
"preview": "//import Foundation\n//\n//public extension Backport<Any> {\n// struct _ConditionalTransferRepresentation<Representation"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Support/NSItemProvider+Transferable.swift",
"chars": 557,
"preview": "//import Foundation\n//\n//extension NSItemProvider {\n// /// Registers every transfer representation of given item with"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Support/ReceivedTransferredFile.swift",
"chars": 507,
"preview": "import Foundation\n\n@available(iOS, deprecated: 16)\n@available(tvOS, deprecated: 16)\n@available(macOS, deprecated: 13)\n@a"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Support/SentTransferredFile.swift",
"chars": 1196,
"preview": "import Foundation\n\n@available(iOS, deprecated: 16)\n@available(tvOS, deprecated: 16)\n@available(macOS, deprecated: 13)\n@a"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Support/Visibility.swift",
"chars": 1328,
"preview": "import Foundation\n\n@available(iOS, deprecated: 16)\n@available(tvOS, deprecated: 16)\n@available(macOS, deprecated: 13)\n@a"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/TransferRepresentationBuilder.swift",
"chars": 7803,
"preview": "import Foundation\nimport Combine\n\n@available(iOS, deprecated: 16)\n@available(tvOS, deprecated: 16)\n@available(macOS, dep"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferable.swift",
"chars": 3988,
"preview": "import Foundation\n\n/// A protocol that describes how a type interacts with transport APIs\n/// such as drag and drop or c"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/TransferableRepresentation.swift",
"chars": 5282,
"preview": "import Foundation\n\n/// A declarative description of the process of importing and exporting a transferable item.\n///\n/// "
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferables/AttributedString+Transferable.swift",
"chars": 846,
"preview": "//import Foundation\n//\n//@available(iOS, introduced: 15, deprecated: 16)\n//@available(tvOS, introduced: 15, deprecated: "
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferables/Data+Transferable.swift",
"chars": 816,
"preview": "//import Foundation\n//\n//@available(iOS, deprecated: 16)\n//@available(tvOS, deprecated: 16)\n//@available(macOS, deprecat"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferables/Never+Transferable.swift",
"chars": 446,
"preview": "import Foundation\n\n@available(iOS, deprecated: 16)\n@available(tvOS, deprecated: 16)\n@available(macOS, deprecated: 13)\n@a"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferables/String+Transferable.swift",
"chars": 797,
"preview": "//import Foundation\n//\n//@available(iOS, deprecated: 16)\n//@available(tvOS, deprecated: 16)\n//@available(macOS, deprecat"
},
{
"path": "usprebooter/External/SwiftBackports/CoreTransferable/Transferables/URL+Transferable.swift",
"chars": 657,
"preview": "//import Foundation\n//\n//extension URL: BackportTransferable, @unchecked Sendable {\n//\n// /// The representation used"
},
{
"path": "usprebooter/External/SwiftBackports/URLSession/URLSession+Async.swift",
"chars": 6579,
"preview": "import Foundation\n\n@available(macOS, deprecated: 12.0)\n@available(iOS, introduced: 13, deprecated: 15.0)\n@available(tvOS"
},
{
"path": "usprebooter/External/SwiftBackports/UniformTypeIdentifiers/CoreTypes.swift",
"chars": 29566,
"preview": "import Foundation\nimport CoreServices\n\npublic extension Backport<Any>.UTType {\n /**\n A generic base type for most"
},
{
"path": "usprebooter/External/SwiftBackports/UniformTypeIdentifiers/UTTagClass.swift",
"chars": 2222,
"preview": "import Foundation\nimport CoreServices\n\nextension Backport<Any> {\n /**\n A type representing tag classes.\n\n A t"
},
{
"path": "usprebooter/External/SwiftBackports/UniformTypeIdentifiers/UTType.swift",
"chars": 18104,
"preview": "import Foundation\nimport CoreServices\n\nextension Backport<Any> {\n /**\n A structure representing a type in a type "
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/Environment+String.swift",
"chars": 4439,
"preview": "import SwiftUI\n//\n\nprivate extension EnvironmentValues {\n\n func containsValue(forKey key: String) -> Bool {\n r"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/Environment.swift",
"chars": 694,
"preview": "import SwiftUI\n//\n\n/*\n The following code is for debugging purposes only!\n */\n\n#if DEBUG\nextension EnvironmentValues: Cu"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/Inspect.swift",
"chars": 9064,
"preview": "import SwiftUI\n//\n\n#if os(iOS) || os(macOS)\n\ninternal extension PlatformViewController {\n func ancestor<ControllerTyp"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/NSItemProvider+Async.swift",
"chars": 1025,
"preview": "import SwiftUI\nimport CoreServices\n//\n\npublic extension NSItemProvider {\n func loadObject<T>(of type: T.Type) async t"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/OwningController.swift",
"chars": 740,
"preview": "//\n\n#if os(iOS)\nimport UIKit\n\npublic extension UIView {\n\n var parentController: UIViewController? {\n if let re"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/Platforms.swift",
"chars": 1522,
"preview": "//\n\n#if os(iOS)\n\nimport UIKit\n\npublic typealias PlatformImage = UIImage\npublic typealias PlatformScreen = UIScreen\n\ninte"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/SafeArea.swift",
"chars": 1589,
"preview": "import SwiftUI\n//\n\n#if os(iOS) || os(tvOS)\n/*\n Since UICollectionView is not designed to support SwiftUI out of the box,"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/String+LocalizationKey.swift",
"chars": 322,
"preview": "import SwiftUI\n//\n\nextension String {\n internal init?(_ stringKey: LocalizedStringKey) {\n guard let key = Mirr"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/UIScene.swift",
"chars": 245,
"preview": "//\n\n#if os(iOS)\nimport UIKit\n\ninternal extension UIApplication {\n static var activeScene: UIWindowScene? {\n sh"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/VisualEffects/VisualEffect+iOS.swift",
"chars": 2914,
"preview": "import SwiftUI\n\n#if os(iOS)\ninternal struct VisualEffectBlur<Content: View>: View {\n /// Defaults to .systemMaterial\n"
},
{
"path": "usprebooter/External/SwiftUIBackports/Internal/VisualEffects/VisualEffect+macOS.swift",
"chars": 2058,
"preview": "import SwiftUI\n\n#if os(macOS)\ninternal struct VisualEffectBlur: View {\n private var material: NSVisualEffectView.Mate"
},
{
"path": "usprebooter/External/SwiftUIBackports/UIBackport.swift",
"chars": 401,
"preview": "import SwiftUI\n//@_exported \n\npublic extension View {\n /// Wraps a SwiftUI `View` that can be extended to provide bac"
},
{
"path": "usprebooter/External/SwiftUIBackports/iOS/Presentation/Detents.swift",
"chars": 9076,
"preview": "import SwiftUI\n\n\n@available(tvOS, deprecated: 16)\n@available(macOS, deprecated: 13)\n@available(watchOS, deprecated: 9)\np"
},
{
"path": "usprebooter/Info.plist",
"chars": 304,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "usprebooter/Log.swift",
"chars": 4255,
"preview": "//\n// Log.swift\n// BootstrapUI\n//\n// Created by haxi0 on 28.12.2023.\n//\n\nimport Foundation\nimport UIKit\nimport SwiftU"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/bootstrap.h",
"chars": 3352,
"preview": "#ifndef __XPC_BOOTSTRAP_H__\n#define __XPC_BOOTSTRAP_H__\n\n#ifndef __XPC_INDIRECT__\n#define __XPC_INDIRECT__\n#endif // __X"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/activity.h",
"chars": 16653,
"preview": "#ifndef __XPC_ACTIVITY_H__\n#define __XPC_ACTIVITY_H__\n\n#ifndef __XPC_INDIRECT__\n#error \"Please #include <xpc/xpc.h> inst"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/availability.h",
"chars": 4312,
"preview": "#ifndef __XPC_AVAILABILITY_H__\n#define __XPC_AVAILABILITY_H__\n\n#include <Availability.h>\n#include <sys/cdefs.h>\n\n__BEGIN"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/base.h",
"chars": 7542,
"preview": "// Copyright (c) 2009-2011 Apple Inc. All rights reserved.\n\n#ifndef __XPC_BASE_H__\n#define __XPC_BASE_H__\n\n#include <sys"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/debug.h",
"chars": 755,
"preview": "#ifndef __XPC_DEBUG_H__\n#define __XPC_DEBUG_H__\n\n__BEGIN_DECLS\n\n/*!\n * @function xpc_debugger_api_misuse_info\n * Returns"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/endpoint.h",
"chars": 715,
"preview": "#ifndef __XPC_ENDPOINT_H__\n#define __XPC_ENDPOINT_H__\n\n__BEGIN_DECLS\n\n/*!\n * @function xpc_endpoint_create\n * Creates a "
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/launch.h",
"chars": 15709,
"preview": "#ifndef __XPC_LAUNCH_H__\n#define __XPC_LAUNCH_H__\n\n/*!\n * @header\n * These interfaces were only ever documented for the "
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/listener.h",
"chars": 6189,
"preview": "#ifndef __XPC_LISTENER_H__\n#define __XPC_LISTENER_H__\n\n#ifndef __XPC_INDIRECT__\n#error \"Please #include <xpc/xpc.h> inst"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/rich_error.h",
"chars": 1213,
"preview": "#ifndef __XPC_RICH_ERROR_H__\n#define __XPC_RICH_ERROR_H__\n\n#ifndef __XPC_INDIRECT__\n#error \"Please #include <xpc/xpc.h> "
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/session.h",
"chars": 13657,
"preview": "#ifndef __XPC_SESSION_H__\n#define __XPC_SESSION_H__\n\n#ifndef __XPC_INDIRECT__\n#error \"Please #include <xpc/xpc.h> instea"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc.h",
"chars": 82648,
"preview": "// Copyright (c) 2009-2020 Apple Inc. All rights reserved. \n\n#ifndef __XPC_H__\n#define __XPC_H__\n\n#include <os/object.h>"
},
{
"path": "usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc_connection.h",
"chars": 32593,
"preview": "#ifndef __XPC_CONNECTION_H__\n#define __XPC_CONNECTION_H__\n\n#ifndef __XPC_INDIRECT__\n#error \"Please #include <xpc/xpc.h> "
},
{
"path": "usprebooter/TheCoolerContentView.swift",
"chars": 25129,
"preview": "// bomberfish\n// ContentView.swift – AppLogDemo\n// created on 2023-12-26\n\n//import FluidGradient\nimport SwiftUI\n//import"
},
{
"path": "usprebooter/fun/cs_blobs.h",
"chars": 307,
"preview": "//\n// cs_blobs.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/08/05.\n//\n\n#ifndef cs_blobs_h\n#define cs_blobs_h\n\n#incl"
},
{
"path": "usprebooter/fun/cs_blobs.m",
"chars": 7934,
"preview": "//\n// cs_blobs.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/08/05.\n//\n\n#include \"cs_blobs.h\"\n#include \"krw.h\"\n#incl"
},
{
"path": "usprebooter/fun/dir.h",
"chars": 977,
"preview": "//\n// dir.h\n// PureKFD\n//\n// Created by Lrdsnow on 9/2/23.\n//\n\n#ifndef dir_h\n#define dir_h\n\n#import <Foundation/Found"
},
{
"path": "usprebooter/fun/dir.m",
"chars": 6647,
"preview": "//\n// dir.m\n// PureKFD\n//\n// Created by Lrdsnow on 9/2/23.\n//\n\n#import <Foundation/Foundation.h>\n#import <dirent.h>\n#"
},
{
"path": "usprebooter/fun/fun.h",
"chars": 164,
"preview": "//\n// fun.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/25.\n//\n\n#ifndef fun_h\n#define fun_h\n\n#include <stdio.h>\n\n"
},
{
"path": "usprebooter/fun/fun.m",
"chars": 5766,
"preview": "//\n// fun.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/25.\n//\n\n#include \"krw.h\"\n#include \"offsets.h\"\n#include <s"
},
{
"path": "usprebooter/fun/krw.c",
"chars": 6688,
"preview": "//\n// krw.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n\n#include \"krw.h\"\n#include \"libkfd.h\"\n//#include "
},
{
"path": "usprebooter/fun/krw.h",
"chars": 875,
"preview": "//\n// krw.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#ifndef krw_h\n#define krw_h\n\n#include <stdio.h>\n#"
},
{
"path": "usprebooter/fun/offsets.h",
"chars": 2969,
"preview": "//\n// offsets.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include <stdio.h>\n\nextern uint32_t off_p_lis"
},
{
"path": "usprebooter/fun/offsets.m",
"chars": 9961,
"preview": "//\n// offsets.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include \"offsets.h\"\n#include <UIKit/UIKit.h>"
},
{
"path": "usprebooter/fun/proc.c",
"chars": 3210,
"preview": "//\n// proc.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include \"proc.h\"\n#include \"offsets.h\"\n#include "
},
{
"path": "usprebooter/fun/proc.h",
"chars": 212,
"preview": "//\n// proc.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include <stdio.h>\n\nuint64_t getProc(pid_t pid);"
},
{
"path": "usprebooter/fun/thanks_opa334dev_htrowii.h",
"chars": 267,
"preview": "//\n// thanks_opa334dev_htrowii.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/30.\n//\n#import <Foundation/Foundatio"
},
{
"path": "usprebooter/fun/thanks_opa334dev_htrowii.m",
"chars": 13234,
"preview": "//\n// thanks_opa334dev_htrowii.m\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/30.\n//\n\n#import <Foundation/Foundati"
},
{
"path": "usprebooter/fun/utils.h",
"chars": 195,
"preview": "//\n// utils.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/30.\n//\n\n#include <stdio.h>\n#include <Foundation/Foundat"
},
{
"path": "usprebooter/fun/utils.m",
"chars": 2070,
"preview": "//\n// utils.m\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/30.\n//\n\n#import <Foundation/Foundation.h>\n#import <dire"
},
{
"path": "usprebooter/fun/vnode.h",
"chars": 3889,
"preview": "//\n// vnode.h\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include <stdio.h>\n\n//https://github.com/apple-"
},
{
"path": "usprebooter/fun/vnode.m",
"chars": 20798,
"preview": "//\n// vnode.c\n// kfd\n//\n// Created by Seo Hyun-gyu on 2023/07/29.\n//\n\n#include \"vnode.h\"\n#include \"krw.h\"\n#include \"p"
},
{
"path": "usprebooter/libkfd/common.h",
"chars": 8286,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef common_h\n#define common_h\n\n#include <e"
},
{
"path": "usprebooter/libkfd/info/dynamic_info.h",
"chars": 1802027,
"preview": "#ifndef dynamic_info_h\n#define dynamic_info_h\n\nstruct dynamic_info {\n const char* kern_version;\n const char* build"
},
{
"path": "usprebooter/libkfd/info/static_info.h",
"chars": 8167,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef static_info_h\n#define static_info_h\n#i"
},
{
"path": "usprebooter/libkfd/info.h",
"chars": 8585,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef info_h\n#define info_h\n\n#include \"info/"
},
{
"path": "usprebooter/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h",
"chars": 3514,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef kread_kqueue_workloop_ctl_h\n#define kr"
},
{
"path": "usprebooter/libkfd/krkw/kread/kread_sem_open.h",
"chars": 6634,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef kread_sem_open_h\n#define kread_sem_ope"
},
{
"path": "usprebooter/libkfd/krkw/kwrite/kwrite_dup.h",
"chars": 4084,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef kwrite_dup_h\n#define kwrite_dup_h\n\nvoi"
},
{
"path": "usprebooter/libkfd/krkw/kwrite/kwrite_sem_open.h",
"chars": 2334,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef kwrite_sem_open_h\n#define kwrite_sem_o"
},
{
"path": "usprebooter/libkfd/krkw.h",
"chars": 9408,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef krkw_h\n#define krkw_h\n\n#define kread_f"
},
{
"path": "usprebooter/libkfd/perf.h",
"chars": 12798,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef perf_h\n#define perf_h\n\n// Forward decl"
},
{
"path": "usprebooter/libkfd/puaf/landa.h",
"chars": 8130,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef landa_h\n#define landa_h\n\nconst u64 lan"
},
{
"path": "usprebooter/libkfd/puaf/physpuppet.h",
"chars": 4575,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef physpuppet_h\n#define physpuppet_h\n\ncon"
},
{
"path": "usprebooter/libkfd/puaf/smith.h",
"chars": 26306,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef smith_h\n#define smith_h\n\n/*\n * This bo"
},
{
"path": "usprebooter/libkfd/puaf.h",
"chars": 4344,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef puaf_h\n#define puaf_h\n\n// Forward decl"
},
{
"path": "usprebooter/libkfd.h",
"chars": 4560,
"preview": "/*\n * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved.\n */\n\n#ifndef libkfd_h\n#define libkfd_h\n\n/*\n * The g"
},
{
"path": "usprebooter/memoryControl.h",
"chars": 1586,
"preview": "//\n// memoryControl.h\n// PureKFD\n//\n// Created by Nick Chan on 10/12/2023.\n//\n\n#ifndef memoryControl_h\n#define memory"
},
{
"path": "usprebooter/memoryControl.m",
"chars": 523,
"preview": "//\n// memoryControl.m\n// PureKFD\n//\n// Created by Nick Chan on 10/12/2023.\n//\n\n#import <Foundation/Foundation.h>\n#inc"
},
{
"path": "usprebooter/overwriter.h",
"chars": 182,
"preview": "//\n// overwriter.h\n// usprebooter\n//\n// Created by LL on 1/12/23.\n//\n\n#ifndef overwriter_h\n#define overwriter_h\nbool "
},
{
"path": "usprebooter/overwriter.m",
"chars": 701,
"preview": "@import Darwin;\n@import Foundation;\n@import MachO;\n\n#import <mach-o/fixup-chains.h>\n#import \"vm_unaligned_copy_switch_ra"
},
{
"path": "usprebooter/troller.h",
"chars": 258,
"preview": "//\n// troller.h\n// usprebooter\n//\n// Created by LL on 29/11/23.\n//\n\n#ifndef troller_h\n#define troller_h\nint userspace"
},
{
"path": "usprebooter/troller.m",
"chars": 3123,
"preview": "//\n// troller.c\n// usprebooter\n//\n// Created by LL on 29/11/23.\n//\n#include <mach/arm/kern_return.h>\n#include \"trolle"
},
{
"path": "usprebooter/usprebooter-Bridging-Header.h",
"chars": 346,
"preview": "//\n// Use this file to import your target's public headers that you would like to expose to Swift.\n//\n#include \"troller"
},
{
"path": "usprebooter/usprebooterApp.swift",
"chars": 1038,
"preview": "import SwiftUI\n@main\nstruct usprebooterApp: App {\n @State var useNewUI: Bool = true\n init() {\n if !FileMana"
},
{
"path": "usprebooter/util.h",
"chars": 291,
"preview": "//\n// util.h\n// usprebooter\n//\n// Created by LL on 29/11/23.\n//\n\n#ifndef util_h\n#define util_h\n#import <Foundation/Fo"
},
{
"path": "usprebooter/util.m",
"chars": 7686,
"preview": "//\n// util.m\n// usprebooter\n//\n// Created by LL on 29/11/23.\n//\n\n#import <Foundation/Foundation.h>\n#import \"util.h\"\n#"
},
{
"path": "usprebooter/vm_unaligned_copy_switch_race.c",
"chars": 12604,
"preview": "// from https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.61.2/tests/vm/vm_unaligned_copy_switch_race.c\n// mo"
},
{
"path": "usprebooter/vm_unaligned_copy_switch_race.h",
"chars": 579,
"preview": "#pragma once\n#include <stdlib.h>\n#include <stdbool.h>\n/// Uses CVE-2022-46689 to overwrite `overwrite_length` bytes of `"
}
]
// ... and 8 more files (download for full content)
About this extraction
This page contains the full source code of the hrtowii/Serotonin GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 191 files (21.3 MB), approximately 712.6k tokens, and a symbol index with 339 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.