ObjCRuntime

Hooks/API/ObjCRuntime.xm

@@ -0,0 +1,64 @@
+#import "../SharedDefine.pch"
+#import <objc/runtime.h>
+#import <Foundation/Foundation.h>
+
+/*
+FOUNDATION_EXPORT NSString *NSStringFromSelector(SEL aSelector);
+FOUNDATION_EXPORT SEL NSSelectorFromString(NSString *aSelectorName);
+*/
+//Old Func Pointers
+Class (*old_NSClassFromString)(NSString *aClassName);
+NSString* (*old_NSStringFromClass)(Class aClass);
+NSString* (*old_NSStringFromProtocol)(Protocol* proto);
+Protocol* (*old_NSProtocolFromString)(NSString* namestr);
+
+
+//New Func
+Class new_NSClassFromString(NSString* aClassName){
+	if(WTShouldLog){
+		WTInit(@"ObjCRuntime",@"NSClassFromString");
+		WTAdd(aClassName,@"ClassName");
+		WTSave;
+		WTRelease;	
+	}
+	return old_NSClassFromString(aClassName);
+}
+NSString* new_NSStringFromClass(Class aClass){
+	NSString* orig=old_NSStringFromClass(aClass);
+	if(WTShouldLog){
+	WTInit(@"ObjCRuntime",@"NSStringFromClass");
+	WTAdd(orig,@"ClassName");
+	WTSave;
+	WTRelease;
+	}
+	return orig;
+}
+
+NSString* new_NSStringFromProtocol(Protocol* proto){
+	NSString* orig=old_NSStringFromProtocol(proto);
+	if(WTShouldLog){
+	WTInit(@"ObjCRuntime",@"NSStringFromProtocol");
+	WTAdd(orig,@"ProtocalName");
+	WTSave;
+	WTRelease;
+	}
+	return orig;
+}
+
+Protocol* new_NSProtocolFromString(NSString* namestr){
+	if(WTShouldLog){
+		WTInit(@"ObjCRuntime",@"NSProtocolFromString");
+		WTAdd(namestr,@"ProtocalName");
+		WTSave;
+		WTRelease;	
+	}
+	return old_NSProtocolFromString(namestr);
+}
+
+extern void init_ObjCRuntime_hook() {
+   MSHookFunction((void*)NSClassFromString,(void*)new_NSClassFromString, (void**)&old_NSClassFromString);
+   MSHookFunction((void*)NSStringFromClass,(void*)new_NSStringFromClass, (void**)&old_NSStringFromClass);
+   MSHookFunction((void*)NSStringFromProtocol,(void*)new_NSStringFromProtocol, (void**)&old_NSStringFromProtocol);
+   MSHookFunction((void*)NSProtocolFromString,(void*)new_NSProtocolFromString, (void**)&old_NSProtocolFromString);
+
+}

Hooks/API/dlfcn.xm

@@ -1,8 +1,5 @@
 #import "../SharedDefine.pch"
 #import <dlfcn.h>
-
-#ifdef PROTOTYPE
-//Pointless. Rarely Used By Apps And Called Too Much By System.Producing Tons Of Useless Message
 int (*old_dladdr)(const void *, Dl_info *);
 int new_dladdr(const void * addr, Dl_info * info){
     int ret = old_dladdr(addr, info);
@@ -15,7 +12,6 @@ int new_dladdr(const void * addr, Dl_info * info){
     }
     return ret;
 }
-#endif
 
 
 void * (*old_dlopen)(const char * __path, int __mode);
@@ -45,9 +41,7 @@ void * new_dlopen(const char * __path, int __mode) {
 
 
 extern void init_dlfcn_hook() {
-#ifdef PROTOTYPE
     MSHookFunction((void*)dladdr,(void*)new_dladdr, (void**)&old_dladdr);
-#endif
     MSHookFunction((void*)dlsym,(void*)new_dlsym, (void**)&old_dlsym);
     MSHookFunction((void*)dlopen,(void*)new_dlopen, (void**)&old_dlopen);
 }

Hooks/ThirdPartyTools/DeviceIDFake.xm

@@ -0,0 +1,47 @@
+//Shall We Use Marcos instead of this shit?
+#import "../SharedDefine.pch"
+#import <mach-o/getsect.h>
+#import <dlfcn.h>
+extern NSString* RandomString();
+extern void init_DeviceIDFake_hook(){
+#ifdef PROTOTYPE 
+//Because We Ain't Ready Yet. No Test
+	 for(int i=0;i<_dyld_image_count();i++){
+        const char * Nam=_dyld_get_image_name(i);
+        NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease];
+        if([curName containsString:WTFJHTWEAKNAME]){
+            intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i);
+            //We Found Ourself
+#ifndef _____LP64_____
+            uint32_t size=0;
+            const struct mach_header*   selfHeader=(const struct mach_header*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader(selfHeader,"WTFJH","DeviceIDFake",&size);
+
+#elif 
+            uint64_t size=0;
+            const struct mach_header_64*   selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader_64(selfHeader,"WTFJH","DeviceIDFake",&size);
+#endif
+            data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address
+            NSData* SDData=[NSData dataWithBytes:data length:size];
+            NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()];
+            [SDData writeToFile:randomPath atomically:YES];
+            dlopen(randomPath.UTF8String,RTLD_NOW);
+            //Inform Our Logger
+            CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"];
+        	[tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"];
+        	[tracer addArgFromPlistObject:randomPath withKey:@"Path"];
+            [tracer addArgFromPlistObject:@"DeviceIDFake" withKey:@"ModuleName"];
+        	[traceStorage saveTracedCall: tracer];
+        	[tracer release];
+        	//End
+
+            [SDData release];
+              break;
+        }
+
+
+
+    }
+#endif
+}

Hooks/ThirdPartyTools/InspectiveC.xm

@@ -0,0 +1,47 @@
+//Shall We Use Marcos instead of this shit?
+#import "../SharedDefine.pch"
+#import <mach-o/getsect.h>
+#import <dlfcn.h>
+extern NSString* RandomString();
+extern void init_InspectiveC_hook(){
+#ifdef PROTOTYPE 
+//Because We Ain't Ready Yet. No Test
+	 for(int i=0;i<_dyld_image_count();i++){
+        const char * Nam=_dyld_get_image_name(i);
+        NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease];
+        if([curName containsString:WTFJHTWEAKNAME]){
+            intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i);
+            //We Found Ourself
+#ifndef _____LP64_____
+            uint32_t size=0;
+            const struct mach_header*   selfHeader=(const struct mach_header*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader(selfHeader,"WTFJH","InspectiveC",&size);
+
+#elif 
+            uint64_t size=0;
+            const struct mach_header_64*   selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader_64(selfHeader,"WTFJH","InspectiveC",&size);
+#endif
+            data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address
+            NSData* SDData=[NSData dataWithBytes:data length:size];
+            NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()];
+            [SDData writeToFile:randomPath atomically:YES];
+            dlopen(randomPath.UTF8String,RTLD_NOW);
+            //Inform Our Logger
+            CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"];
+        	[tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"];
+        	[tracer addArgFromPlistObject:randomPath withKey:@"Path"];
+            [tracer addArgFromPlistObject:@"InspectiveC" withKey:@"ModuleName"];
+        	[traceStorage saveTracedCall: tracer];
+        	[tracer release];
+        	//End
+
+            [SDData release];
+              break;
+        }
+
+
+
+    }
+#endif
+}

Hooks/ThirdPartyTools/RuntimeClassDump.xm

@@ -0,0 +1,47 @@
+//Shall We Use Marcos instead of this shit?
+#import "../SharedDefine.pch"
+#import <mach-o/getsect.h>
+#import <dlfcn.h>
+extern NSString* RandomString();
+extern void init_RuntimeClassDump_hook(){
+#ifdef PROTOTYPE 
+//Because We Ain't Ready Yet. No Test
+	 for(int i=0;i<_dyld_image_count();i++){
+        const char * Nam=_dyld_get_image_name(i);
+        NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease];
+        if([curName containsString:WTFJHTWEAKNAME]){
+            intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i);
+            //We Found Ourself
+#ifndef _____LP64_____
+            uint32_t size=0;
+            const struct mach_header*   selfHeader=(const struct mach_header*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader(selfHeader,"WTFJH","RuntimeClassDump",&size);
+
+#elif 
+            uint64_t size=0;
+            const struct mach_header_64*   selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader_64(selfHeader,"WTFJH","RuntimeClassDump",&size);
+#endif
+            data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address
+            NSData* SDData=[NSData dataWithBytes:data length:size];
+            NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()];
+            [SDData writeToFile:randomPath atomically:YES];
+            dlopen(randomPath.UTF8String,RTLD_NOW);
+            //Inform Our Logger
+            CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"];
+        	[tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"];
+        	[tracer addArgFromPlistObject:randomPath withKey:@"Path"];
+            [tracer addArgFromPlistObject:@"RuntimeClassDump" withKey:@"ModuleName"];
+        	[traceStorage saveTracedCall: tracer];
+        	[tracer release];
+        	//End
+
+            [SDData release];
+              break;
+        }
+
+
+
+    }
+#endif
+}

Hooks/ThirdPartyTools/dumpdecrypted.xm

@@ -0,0 +1,47 @@
+//Shall We Use Marcos instead of this shit?
+#import "../SharedDefine.pch"
+#import <mach-o/getsect.h>
+#import <dlfcn.h>
+extern NSString* RandomString();
+extern void init_dumpdecrypted_hook(){
+#ifdef PROTOTYPE 
+//Because We Ain't Ready Yet. No Test
+	 for(int i=0;i<_dyld_image_count();i++){
+        const char * Nam=_dyld_get_image_name(i);
+        NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease];
+        if([curName containsString:WTFJHTWEAKNAME]){
+            intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i);
+            //We Found Ourself
+#ifndef _____LP64_____
+            uint32_t size=0;
+            const struct mach_header*   selfHeader=(const struct mach_header*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader(selfHeader,"WTFJH","dumpdecrypted",&size);
+
+#elif 
+            uint64_t size=0;
+            const struct mach_header_64*   selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i);
+            char * data=getsectdatafromheader_64(selfHeader,"WTFJH","dumpdecrypted",&size);
+#endif
+            data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address
+            NSData* SDData=[NSData dataWithBytes:data length:size];
+            NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()];
+            [SDData writeToFile:randomPath atomically:YES];
+            dlopen(randomPath.UTF8String,RTLD_NOW);
+            //Inform Our Logger
+            CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"];
+        	[tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"];
+        	[tracer addArgFromPlistObject:randomPath withKey:@"Path"];
+            [tracer addArgFromPlistObject:@"dumpdecrypted" withKey:@"ModuleName"];
+        	[traceStorage saveTracedCall: tracer];
+        	[tracer release];
+        	//End
+
+            [SDData release];
+              break;
+        }
+
+
+
+    }
+#endif
+}

Hooks/Utils/WebShell.m

@@ -10,10 +10,32 @@ -(instancetype)init{
 	}
 	grantpt(self->fatherPTY);
 	unlockpt(self->fatherPTY);
+	self->SSHPID = fork();
+	if(self->SSHPID==0){
+		//Success
+		self->subprocessPTY=open(ptsname(self->fatherPTY),O_RDWR | O_NOCTTY);
+		if(self->subprocessPTY==-1){
+			//Error
+			return nil;
+		}
+		setsid();
+        ioctl(self->subprocessPTY, TIOCSCTTY, 0);
+        //Redirect Subprocess's STDIN/OUT/ERR To The SubPTY
+        dup2(self->subprocessPTY, STDIN_FILENO);
+        dup2(self->subprocessPTY, STDOUT_FILENO);
+        dup2(self->subprocessPTY, STDERR_FILENO);
+        close(self->fatherPTY);
 
+	}
 
 
 	return self;
+}
+-(void)ExecuteCommand:(NSString*)command{
+	char* charCommand=command.UTF8String;
+	write(self->fatherPTY, &charCommand, (size_t)[command length]);
+
+
 }
 -(void)release{
 	close(self->subprocessPTY);

ThirdPartyTools/DeviceIDFake/obj

@@ -0,0 +1 @@
+./.theos/obj

ThirdPartyTools/InspectiveC/obj

@@ -0,0 +1 @@
+./.theos/obj

ThirdPartyTools/RuntimeClassDump/obj

@@ -0,0 +1 @@
+./.theos/obj

ThirdPartyTools/dumpdecrypted/obj

@@ -0,0 +1 @@
+./.theos/obj

VERSION

@@ -1 +1 @@
-337
+338