diff --git a/.gitignore b/.gitignore index 86db871..9576715 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,5 @@ Reveal.framework RevealTMP/ *.db ExtraFWs/ -Packages/ \ No newline at end of file +Packages/ +layout/usr/lib/libReveal.dylib \ No newline at end of file diff --git a/BuildConfig.py b/BuildConfig.py index 70b26e1..577ec10 100644 --- a/BuildConfig.py +++ b/BuildConfig.py @@ -3,7 +3,7 @@ ManualList=["GlobalInit","getBoolFromPreferences","RandomString"] ExtraFramework=["UIKit","CoreGraphics","CoreFoundation","QuartzCore","CFNetwork"] ExtraLibrary=[] -LDFLAGS=["-lz","-L.","-v","-force_load ./ExtraFWs/libcapstone.a","-force_load ./ExtraFWs/libLiberation.a","-force_load ./ExtraFWs/Reveal.framework/Reveal","-force_load ./ExtraFWs/Cycript.framework/Cycript","-F./ExtraFWs/","-Wno-unused-function"] +LDFLAGS=["-lz","-L.","-v","-force_load ./ExtraFWs/libcapstone.a","-force_load ./ExtraFWs/libLiberation.a","-force_load ./ExtraFWs/Cycript.framework/Cycript","-F./ExtraFWs/","-Wno-unused-function"] ExtraCFlags=["-I"+os.getcwd()+"/Hooks/"] ExtraOBJFiles=[] ExtraCCFlags=["-std=c++11"] diff --git a/BundleFilter.plist b/BundleFilter.plist new file mode 100644 index 0000000..e5c60ee --- /dev/null +++ b/BundleFilter.plist @@ -0,0 +1 @@ +{ Filter = { Bundles = ( "com.apple.UIKit" ); }; } diff --git a/Hooks/API/Socket.xm b/Hooks/API/Socket.xm index 2975ccf..c09b2eb 100644 --- a/Hooks/API/Socket.xm +++ b/Hooks/API/Socket.xm @@ -203,12 +203,12 @@ ssize_t new_recv(int socket, void *buffer, size_t length, int flags){ ssize_t new_recvfrom(int socket, void *buffer, size_t length, int flags,struct sockaddr *address, socklen_t *address_len){ ssize_t retVal=0; if(WTShouldLog){ - retVal=old_recvfrom(socket,buffer,length,flags,address,address_len); WTInit(@"Socket",@"recvfrom"); WTAdd([NSNumber numberWithUnsignedInt:socket],@"SocketFileDescriptor"); WTAdd([NSData dataWithBytes:buffer length:length],@"Data"); WTAdd([NSNumber numberWithInt:flags],@"Flags"); WTAdd(get_ip_str(address),@"Address"); + retVal=old_recvfrom(socket,buffer,length,flags,address,address_len); WTReturn([NSNumber numberWithLong:retVal]); WTSave; WTRelease; diff --git a/Hooks/API/dlfcn.xm b/Hooks/API/dlfcn.xm index 902fc6b..b4cddde 100644 --- a/Hooks/API/dlfcn.xm +++ b/Hooks/API/dlfcn.xm @@ -57,7 +57,10 @@ void * new_dlopen(const char * __path, int __mode) { extern void init_dlfcn_hook() { - WTHookFunction((void*)dladdr,(void*)new_dladdr, (void**)&old_dladdr); + WTFishHookSymbols("dladdr",(void*)new_dladdr, (void**)&old_dladdr); + WTFishHookSymbols("dlopen",(void*)new_dlopen, (void**)&old_dlopen); + WTFishHookSymbols("dlsym",(void*)new_dlsym, (void**)&old_dlsym); + /*WTHookFunction((void*)dladdr,(void*)new_dladdr, (void**)&old_dladdr); WTHookFunction((void*)dlsym,(void*)new_dlsym, (void**)&old_dlsym); - WTHookFunction((void*)dlopen,(void*)new_dlopen, (void**)&old_dlopen); + WTHookFunction((void*)dlopen,(void*)new_dlopen, (void**)&old_dlopen);*/ } diff --git a/Hooks/Liberation.h b/Hooks/Liberation.h deleted file mode 100644 index 4bc0512..0000000 --- a/Hooks/Liberation.h +++ /dev/null @@ -1,197 +0,0 @@ -//--------------------------------// -//-----------Liberation-----------// -//-------Created-by-Razzile-------// -//--------------------------------// -//------Don't mess with this------// -//------Unless you are smart------// -//--------------------------------// -//------------Licenses------------// -//--------------------------------// -// Copyright (c) 2016, Razzile - -// Permission to use, copy, modify, and/or distribute this software for any -// purpose -// with or without fee is hereby granted, provided that the above copyright -// notice -// and this permission notice appear in all copies. - -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -// AND -// FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -// LOSS -// OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -// OTHER -// TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE -// OF -// THIS SOFTWARE. - -#if __cplusplus <= 199711L -#error Please enable C++11 for use with Liberation -#endif - -#include -#include -#include -#include -#include -#include - -#define hidden __attribute__((visibility("hidden"))) - -/* Container namespace for classes */ -inline namespace liberation { - -using bytes = std::vector; - -enum class ARMv7Mode { ARM, Thumb }; - -class Patch { -public: - static Patch *CreatePatch(vm_address_t address, uint32_t data); - static Patch *CreatePatch(vm_address_t address, std::string data); - static Patch *CreateRawPatch(vm_address_t addr, char *data, size_t len); - static Patch *CreateInstrPatch(vm_address_t address, std::string instr, - ARMv7Mode mode = ARMv7Mode::Thumb); - - virtual bool Apply(); - virtual bool Reset(); - -private: - Patch() = default; - Patch(vm_address_t addr, char *data, size_t len); - ~Patch(); - -protected: - vm_address_t _address; - bytes _patchBytes; - bytes _origBytes; - size_t _patchSize; -}; - -class Hook { -public: - ~Hook(); - Hook(std::string symbol, void *hookPtr, void **origPtr); - Hook(std::string symbol, void *hookPtr); - Hook(void *hookFuncAddr, void *hookPtr, void **origPtr); - Hook(void *hookFuncAddr, void *hookPtr); - Hook(vm_address_t hookFuncAddr, void *hookPtr, void **origPtr); - Hook(vm_address_t hookFuncAddr, void *hookPtr); - - template - hidden Hook(void *hookFuncAddress, T *hookPtr, T **origPtr) - : Hook(hookFuncAddress, (void *)hookPtr, (void **)origPtr) {} - - template - hidden Hook(void *hookFuncAddress, T *hookPtr) - : Hook(hookFuncAddress, (void *)hookPtr) {} - - template - hidden Hook(vm_address_t hookFuncAddr, T *hookPtr, T **origPtr) - : Hook((void *)(hookFuncAddr), (void *)hookPtr, (void **)origPtr) {} - - template - hidden Hook(vm_address_t hookFuncAddr, T *hookPtr) - : Hook((void *)(hookFuncAddr), (void *)hookPtr) {} - - bool Apply(); - bool Reset(); - -private: - std::string _symbol; - void *_hookPtr; - void **_origPtr; - void *_hookFuncAddr; -}; - -class Settings { -public: - Settings(const char *path); - ~Settings(); - - int GetPrefInt(const char *key); - float GetPrefFloat(const char *key); - bool GetPrefBool(const char *key); - - __attribute__((noinline)) bool reloadSettings(); - - class settings_proxy { - public: - char *key; - - union Value { - int asInt; - bool asBool; - float asFloat; - } value; - - enum ValueType { Int, Bool, Float } valueType; - - Settings *container; - - hidden settings_proxy(const char *_key) { - key = (char *)malloc(strlen(_key)); - strcpy(key, _key); - } - - hidden settings_proxy(int val) { - value.asInt = val; - valueType = Int; - } - - hidden settings_proxy(float val) { - value.asFloat = val; - valueType = Float; - } - - hidden settings_proxy(bool val) { - value.asBool = val; - valueType = Bool; - } - - hidden operator int() { return container->GetPrefInt(key); } - - hidden operator float() { return container->GetPrefFloat(key); } - - hidden operator bool() { return container->GetPrefBool(key); } - - hidden settings_proxy &operator=(const settings_proxy &source) { - switch (source.valueType) { - case Int: { - set(source.value.asInt); - break; - } - case Bool: { - set(source.value.asBool); - break; - } - case Float: { - set(source.value.asFloat); - break; - } - } - return *this; - } - void set(bool value); - void set(int value); - void set(float value); - - hidden ~settings_proxy() { - if (key != NULL) - free(key); - } - }; - - hidden settings_proxy operator[](const char *key) { - settings_proxy proxy(key); - proxy.container = this; - return proxy; - } - -private: - const char *path; - CFDictionaryRef dict; -}; -} // utils diff --git a/Hooks/SDK/Reveal.xm b/Hooks/SDK/Reveal.xm index 13c74cd..4a80c4a 100644 --- a/Hooks/SDK/Reveal.xm +++ b/Hooks/SDK/Reveal.xm @@ -51,9 +51,12 @@ So there you go. %end extern void init_Reveal_hook() { - //Start Reveal +#ifndef NonJailbroken - [[NSNotificationCenter defaultCenter] postNotificationName:@"IBARevealRequestStart" object:nil]; + dlopen("/usr/lib/libReveal.dylib",RTLD_NOW); +#elif + NSLog(@"Reveal Unsupported On Jailed Device"); +#endif %init(Reveal); } diff --git a/Hooks/Utils/SQLiteStorage.m b/Hooks/Utils/SQLiteStorage.m index acf7508..f274bb2 100755 --- a/Hooks/Utils/SQLiteStorage.m +++ b/Hooks/Utils/SQLiteStorage.m @@ -6,8 +6,8 @@ @implementation SQLiteStorage // Database settings static BOOL logToConsole = TRUE; -static NSString *appstoreDBFileFormat = @"~/Library/wtfjh-%@.db"; // Becomes ~/Library/introspy-.db -static NSString *systemDBFileFormat = @"~/Library/Preferences/wtfjh-%@.db"; +static NSString *appstoreDBFileFormat = @"~/Library/wtfjh-%@-%@.db"; +static NSString *systemDBFileFormat = @"~/Library/Preferences/wtfjh-%@-@.db"; static const char createTableStmtStr[] = "CREATE TABLE tracedCalls (className TEXT, methodName TEXT, argumentsAndReturnValueDict TEXT,CALLSTACK TEXT)"; static const char saveTracedCallStmtStr[] = "INSERT INTO tracedCalls VALUES (?1, ?2, ?3,?4)"; static BOOL ApplyCallStack=NO; @@ -45,10 +45,10 @@ - (SQLiteStorage *)initWithDefaultDBFilePathAndLogToConsole: (BOOL) shouldLog { // Are we monitoring a System app or an App Store app ? NSString *appRoot = [@"~/" stringByExpandingTildeInPath]; if ([appRoot isEqualToString: @"/var/mobile"]) { - DBFilePath = [NSString stringWithFormat:systemDBFileFormat, appId]; + DBFilePath = [NSString stringWithFormat:systemDBFileFormat, appId,[NSDate date]]; } else { - DBFilePath = [NSString stringWithFormat:appstoreDBFileFormat, appId]; + DBFilePath = [NSString stringWithFormat:appstoreDBFileFormat, appId,[NSDate date]]; } return [self initWithDBFilePath: [DBFilePath stringByExpandingTildeInPath] andLogToConsole: shouldLog]; diff --git a/Makefile b/Makefile deleted file mode 100644 index 29c7a02..0000000 --- a/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -export CFLAGS=-Wp,"-DWTFJHTWEAKNAME=@\"ABA133XWPFIU121\","-DWTFJHHostName=@\"NavRMBP\" -include $(THEOS)/makefiles/common.mk -TWEAK_NAME = ABA133XWPFIU121 -SUBSTRATE ?= yes -ABA133XWPFIU121_FILES = Tweak.xm CompileDefines.xm Hooks/API/AppleAccount.xm Hooks/API/CommonCryptor.xm Hooks/API/CommonDigest.xm Hooks/API/CommonHMAC.xm Hooks/API/CommonKeyDerivation.xm Hooks/API/CoreTelephony.xm Hooks/API/dlfcn.xm Hooks/API/Keychain.xm Hooks/API/libC.xm Hooks/API/libMobileGestalt.xm Hooks/API/LSApplication.xm Hooks/API/MachO.xm Hooks/API/Notification.xm Hooks/API/NSData.xm Hooks/API/NSFileHandle.xm Hooks/API/NSFileManager.xm Hooks/API/NSHTTPCookie.xm Hooks/API/NSInputStream.xm Hooks/API/NSKeyedArchiver.xm Hooks/API/NSKeyedUnarchiver.xm Hooks/API/NSOutputStream.xm Hooks/API/NSProcessInfo.xm Hooks/API/NSURLConnection.xm Hooks/API/NSURLCredential.xm Hooks/API/NSURLSession.xm Hooks/API/NSUserDefaults.xm Hooks/API/NSXMLParser.xm Hooks/API/ObjCRuntime.xm Hooks/API/Security.xm Hooks/API/Socket.xm Hooks/API/SSLKillSwitch.xm Hooks/API/sysctl.xm Hooks/API/UIPasteboard.xm Hooks/SDK/FclBlowfish.xm Hooks/SDK/JSPatch.xm Hooks/SDK/OpenSSLAES.xm Hooks/SDK/OpenSSLBlowFish.xm Hooks/SDK/OpenSSLMD5.xm Hooks/SDK/OpenSSLSHA1.xm Hooks/SDK/OpenSSLSHA512.xm Hooks/SDK/Reveal.xm Hooks/SDK/Wax.xm Hooks/Utils/CallStackInspector.m Hooks/Utils/CallTracer.m Hooks/Utils/DelegateProxies.m Hooks/Utils/NSURLConnectionDelegateProx.m Hooks/Utils/NSURLSessionDelegateProxy.m Hooks/Utils/PlistObjectConverter.m Hooks/Utils/RemoteLogSender.m Hooks/Utils/RuntimeUtils.m Hooks/Utils/SQLiteStorage.m Hooks/Utils/Utils.m Hooks/ThirdPartyTools/classdumpdyld.xm Hooks/ThirdPartyTools/dumpdecrypted.xm Hooks/ThirdPartyTools/InspectiveC.xm Hooks/Misc/Cycript.xm Hooks/Misc/fishhook.c Hooks/Misc/RemoveASLR.xm Hooks/Misc/SplitMachO.mm Hooks/Misc/WTSubstrate.mm -ABA133XWPFIU121_CCFLAGS = -Qunused-arguments -std=c++11 -ABA133XWPFIU121_LDFLAGS = -Wl,-segalign,4000,-sectcreate,WTFJH,SIGDB,./SignatureDatabase.plist,-sectcreate,WTFJH,classdumpdyld,./classdumpdyld.dylib,-sectcreate,WTFJH,dumpdecrypted,./dumpdecrypted.dylib,-sectcreate,WTFJH,InspectiveC,./InspectiveC.dylib -lz -L. -v -force_load ./ExtraFWs/libcapstone.a -force_load ./ExtraFWs/libLiberation.a -force_load ./ExtraFWs/Reveal.framework/Reveal -force_load ./ExtraFWs/Cycript.framework/Cycript -F./ExtraFWs/ -Wno-unused-function -ABA133XWPFIU121_CFLAGS = -I/Volumes/PAGEZERO/WTFJH/Hooks/ -ABA133XWPFIU121_LIBRARIES = sqlite3 substrate stdc++ c++ -ABA133XWPFIU121_FRAMEWORKS = Foundation UIKit Security JavaScriptCore UIKit CoreGraphics CoreFoundation QuartzCore CFNetwork - -include $(THEOS_MAKE_PATH)/tweak.mk -after-install:: - install.exec "killall -9 SpringBoard" \ No newline at end of file diff --git a/Setup.sh b/Setup.sh index 5ecba47..8a831ad 100755 --- a/Setup.sh +++ b/Setup.sh @@ -58,7 +58,7 @@ rm -rf ./Cycript.zip echo "Downloading Reveal" wget http://download.revealapp.com/Reveal.app.zip unzip Reveal.app.zip -d ./RevealTMP >> /dev/null 2>&1 -cp -rf ./RevealTMP/Reveal.app/Contents/SharedSupport/iOS-Libraries/Reveal.framework ./ExtraFWs/ >> /dev/null 2>&1 +cp -rf ./RevealTMP/Reveal.app/Contents/SharedSupport/iOS-Libraries/libReveal.dylib ./layout/usr/lib >> /dev/null 2>&1 rm -rf ./RevealTMP >> /dev/null 2>&1 rm -rf ./Reveal.app.zip >> /dev/null 2>&1 diff --git a/Tweak.xm b/Tweak.xm index dcacf02..0ab1527 100644 --- a/Tweak.xm +++ b/Tweak.xm @@ -16,9 +16,13 @@ static BOOL RedirectLog(){ void UncaughtExceptionHandler(NSException *exception) { NSArray *arr = [exception callStackSymbols]; NSString *reason = [exception reason]; - NSString *name = [exception name]; - NSLog(@"WTFJH-UncaughtExceptionHandler:\nCallStackSymbols%@\nReason:%@\nName:%@",arr,reason,name); - exit(255); + NSString *name = [exception name]; + WTInit(name,@"UncaughtExceptionHandler"); + WTAdd(arr,@"callStackSymbols"); + WTAdd(reason,@"reason"); + WTSave; + WTRelease; + //exit(255); } @@ -86,8 +90,9 @@ dlopen("/usr/lib/libsubstrate.dylib",RTLD_NOW|RTLD_GLOBAL); if ( (shouldHook == nil) || (! [shouldHook boolValue]) ) { NSLog(@"WTFJH - Profiling disabled for %@", appId); [pool drain]; - return; + return; } + NSLog(@"WTFJH - Profiling enabled for %@", appId); if (getBoolFromPreferences(@"URLSchemesHooks")) { traceURISchemes(); } @@ -97,11 +102,9 @@ dlopen("/usr/lib/libsubstrate.dylib",RTLD_NOW|RTLD_GLOBAL); NSLog(@"Redirect Failed"); } } - // Initialize DB storage - NSLog(@"WTFJH - Profiling enabled for %@", appId); BOOL shouldLog = getBoolFromPreferences(@"LogToTheConsole"); [[SQLiteStorage sharedManager] initWithDefaultDBFilePathAndLogToConsole: shouldLog]; - if (traceStorage != nil) { + if (traceStorage != nil) { if(NSGetUncaughtExceptionHandler()==nil){ NSLog(@"Registering UncaughtExceptionHandler"); NSSetUncaughtExceptionHandler (&UncaughtExceptionHandler); @@ -113,10 +116,10 @@ dlopen("/usr/lib/libsubstrate.dylib",RTLD_NOW|RTLD_GLOBAL); NSLog(@"WTFJH - Enabling Hooks"); extern void GlobalInit(); GlobalInit(); - } - else { - NSLog(@"WTFJH - DB Initialization error; disabling hooks."); - } + } + else { + NSLog(@"WTFJH - DB Initialization error; disabling hooks."); + } [pool drain]; } \ No newline at end of file diff --git a/VERSION b/VERSION index 26f5507..a71e551 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -423 \ No newline at end of file +430 \ No newline at end of file diff --git a/WTFJH.plist b/WTFJH.plist deleted file mode 100644 index d6b46f1..0000000 --- a/WTFJH.plist +++ /dev/null @@ -1 +0,0 @@ -{ Filter = { Bundles = ( "com.apple.Foundation" ); }; } diff --git a/build.py b/build.py index 348f77e..d3f7bd9 100755 --- a/build.py +++ b/build.py @@ -416,7 +416,11 @@ def main(): os.system("echo \" \" >./Hooks/Obfuscation.h") # Generate random Name to bypass detection global randomTweakName - randomTweakName = id_generator() + global OBFUSCATION + if(OBFUSCATION==True): + randomTweakName = id_generator() + else: + randomTweakName="WTFJH" buildThirdPartyComponents()#Call This Before Generating Makefile for a complete Linker Flags. #Call buildThirdPartyComponents() before generating Makefile. Or else the loaders won't be injected os.chdir(InitialCWD)#Make Sure CWD We've changed in buildThirdPartyComponents() is set back @@ -425,7 +429,7 @@ def main(): BuildPF() Obfuscation() BuildMakeFile() - os.system("cp ./WTFJH.plist ./" + randomTweakName + ".plist") + os.system("cp ./BundleFilter.plist ./" + randomTweakName + ".plist") print (Fore.YELLOW +"DEBUG:"+str(DEBUG)) print (Fore.YELLOW +"PROTOTYPE:"+str(PROTOTYPE)) print (Fore.YELLOW +"OBFUSCATION:"+str(OBFUSCATION)) @@ -468,7 +472,7 @@ def main(): FixControlFile("./layout/DEBIAN/control") global theospathmid os.system("mkdir -p ./layout/Library/MobileSubstrate/DynamicLibraries; cp ./obj" +theospathmid+randomTweakName + ".dylib" + " ./layout/Library/MobileSubstrate/DynamicLibraries/") - os.system("cp ./WTFJH.plist" + " ./layout/Library/MobileSubstrate/DynamicLibraries/" + randomTweakName + ".plist") + os.system("cp ./BundleFilter.plist" + " ./layout/Library/MobileSubstrate/DynamicLibraries/" + randomTweakName + ".plist") # Cleaning finder caches, thanks to http://stackoverflow.com/questions/2016844/bash-recursively-remove-files os.system("find . -type f -name .DS_Store -delete && xattr -cr *") os.system("dpkg-deb -Zgzip -b ./layout ./Packages/Build-"+str(currentVersion)+".deb") diff --git a/capstone b/capstone index 1b585c1..0bb4433 160000 --- a/capstone +++ b/capstone @@ -1 +1 @@ -Subproject commit 1b585c161e5d9bddd54d195e3fdd791b8c4a21ed +Subproject commit 0bb4433f26d9754bbfd4aeb5b5f1659b1407dc6b diff --git a/control b/control index 2fbee7a..200fc04 100644 --- a/control +++ b/control @@ -1,6 +1,6 @@ Package: naville.wtfjh Name: What The Fuck Just Happened -Depends: mobilesubstrate, applist +Depends: mobilesubstrate, applist, mobilesubstrate (>= 0.9.5000), firmware (>= 3.0), com.rpetrich.rocketbootstrap (>= 1.0.3) | firmware (<< 7.0) Architecture: iphoneos-arm Description: Ongoing Replacement For Introspy Maintainer: Naville