Skip to content
This repository has been archived by the owner on Nov 22, 2022. It is now read-only.

Commit

Permalink
OCRuntime+MachO
Browse files Browse the repository at this point in the history
  • Loading branch information
Naville committed Mar 13, 2016
1 parent 0bb0567 commit a0af2bb
Show file tree
Hide file tree
Showing 10 changed files with 455 additions and 15 deletions.
1 change: 0 additions & 1 deletion BasePreferences.plist
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,3 @@
<string>WTFJH</string>
</dict>
</plist>

89 changes: 80 additions & 9 deletions Hooks/API/LSApplication.xm
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,47 @@
return ret;

}
+ (id)applicationProxyForItemID:(id)arg1{

id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationProxy",@"applicationProxyForItemID:");
WTAdd(arg1,@"ItemID");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;
}
+ (id)applicationProxyWithBundleUnitID:(unsigned long)arg1{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationProxy",@"applicationProxyWithBundleUnitID:");
WTAdd([NSNumber numberWithUnsignedLong:arg1],@"BundleUnitID");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;
}
- (id)VPNPlugins{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationProxy",@"VPNPlugins");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;
}
/*
+ (id)applicationProxyForItemID:(id)arg1;
+ (id)applicationProxyWithBundleUnitID:(unsigned long)arg1;
- (id)VPNPlugins;
- (id)_initWithBundleUnit:(unsigned long)arg1 applicationIdentifier:(id)arg2;
- (id)appStoreReceiptURL;
- (id)appTags;
- (id)applicationDSID;
- (id)applicationType;
- (id)audioComponents;
- (long)bundleModTime;
- (id)description;
- (id)deviceFamily;
- (id)deviceIdentifierForVendor;
- (id)directionsModes;
Expand All @@ -61,18 +90,60 @@
- (id)staticDiskUsage;
- (id)teamID;
- (id)userActivityStringForAdvertisementData:(id)arg1;
- (id)vendorName;
- (id)vendorName;*/
%end

%hook LSApplicationWorkspace
+ (id)defaultWorkspace;
+ (id)defaultWorkspace{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationWorkspace",@"defaultWorkspace");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;


- (id)URLOverrideForURL:(id)arg1;
}

- (id)URLOverrideForURL:(id)arg1{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationWorkspace",@"URLOverrideForURL:");
WTAdd(arg1,@"URL");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;

}
- (id)allApplications{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationWorkspace",@"allApplications");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;
}
- (id)allInstalledApplications{
id ret=%orig;
if(WTShouldLog){
WTInit(@"LSApplicationWorkspace",@"allInstalledApplications");
WTReturn(ret);
WTSave;
WTRelease;
}
return ret;
}
/*
- (void)_LSClearSchemaCaches;
- (BOOL)_LSPrivateRebuildApplicationDatabasesForSystemApps:(BOOL)arg1 internal:(BOOL)arg2 user:(BOOL)arg3;
- (void)_clearCachedAdvertisingIdentifier;
- (void)addObserver:(id)arg1;
- (id)allApplications;
- (id)allInstalledApplications;
- (id)applicationForOpeningResource:(id)arg1;
- (id)applicationForUserActivityDomainName:(id)arg1;
- (id)applicationForUserActivityType:(id)arg1;
Expand Down
149 changes: 149 additions & 0 deletions Hooks/API/MachO.xm
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
#import "../SharedDefine.pch"
#import <mach-o/getsect.h>

char * (*old_getsectdata)(const char *segname,const char *sectname,unsigned long *size);
const struct section * (*old_getsectbyname)(const char *segname,const char *sectname);
const struct segment_command * (*old_getsegbyname)(const char *segname);
char * (*old_getsectdatafromheader_64)(const struct mach_header_64 *mhp,const char *segname,const char *sectname,uint64_t *size);
/*extern char *getsectdatafromFramework(
const char *FrameworkName,
const char *segname,
const char *sectname,
unsigned long *size);
extern unsigned long get_end(void);
extern unsigned long get_etext(void);
extern unsigned long get_edata(void);
* Runtime interfaces for 32-bit Mach-O programs.
extern uint8_t *getsectiondata(
const struct mach_header *mhp,
const char *segname,
const char *sectname,
unsigned long *size);
extern uint8_t *getsegmentdata(
const struct mach_header *mhp,
const char *segname,
unsigned long *size);
Runtime interfaces for 64-bit Mach-O programs.
extern const struct section_64 *getsectbyname(
const char *segname,
const char *sectname);
extern uint8_t *getsectiondata(
const struct mach_header_64 *mhp,
const char *segname,
const char *sectname,
unsigned long *size);
extern const struct segment_command_64 *getsegbyname(
const char *segname);
extern uint8_t *getsegmentdata(
const struct mach_header_64 *mhp,
const char *segname,
unsigned long *size);
* Interfaces for tools working with 32-bit Mach-O files.
extern char *getsectdatafromheader(
const struct mach_header *mhp,
const char *segname,
const char *sectname,
uint32_t *size);
extern const struct section *getsectbynamefromheader(
const struct mach_header *mhp,
const char *segname,
const char *sectname);
extern const struct section *getsectbynamefromheaderwithswap(
struct mach_header *mhp,
const char *segname,
const char *sectname,
int fSwap);
extern const struct section_64 *getsectbynamefromheader_64(
const struct mach_header_64 *mhp,
const char *segname,
const char *sectname);
extern const struct section *getsectbynamefromheaderwithswap_64(
struct mach_header_64 *mhp,
const char *segname,
const char *sectname,
int fSwap);
*/
char* new_getsectdata(const char *segname,const char *sectname,unsigned long *size){
char* ret=old_getsectdata(segname,sectname,size);
if(WTShouldLog){
NSString* NSSegName=[NSString stringWithUTF8String:segname];
NSString* NSSectName=[NSString stringWithUTF8String:sectname];
NSData* SectData=[NSData dataWithBytes:ret length:*size];
WTInit(@"Mach-O",@"getsectdata");
WTAdd(NSSegName,@"SegmentName");
WTAdd(NSSectName,@"SectionName");
WTAdd(SectData,@"SectionData");

[NSSectName release];
[NSSegName release];
[SectData release];

}
return ret;

}
const struct section * new_getsectbyname(const char *segname,const char *sectname){
if(WTShouldLog){
NSString* NSSegName=[NSString stringWithUTF8String:segname];
NSString* NSSectName=[NSString stringWithUTF8String:sectname];
WTInit(@"Mach-O",@"getsectbyname");
WTAdd(NSSegName,@"SegmentName");
WTAdd(NSSectName,@"SectionName");

[NSSectName release];
[NSSegName release];
}
return old_getsectbyname(segname,sectname);

}
const struct segment_command * new_getsegbyname(const char *segname){

if(WTShouldLog){
NSString* NSSegName=[NSString stringWithUTF8String:segname];
WTInit(@"Mach-O",@"getsegbyname");
WTAdd(NSSegName,@"SegmentName");
[NSSegName release];
}
return old_getsegbyname(segname);
}
char * new_getsectdatafromheader_64(const struct mach_header_64 *mhp,const char *segname,const char *sectname,uint64_t *size){
char* ret=old_getsectdatafromheader_64(mhp,segname,sectname,size);
if(WTShouldLog){
NSString* NSSegName=[NSString stringWithUTF8String:segname];
NSString* NSSectName=[NSString stringWithUTF8String:sectname];
NSData* SectData=[NSData dataWithBytes:ret length:*size];
NSString* HeaderAddress=[NSString stringWithFormat:@"%p",mhp];
WTInit(@"Mach-O",@"getsectdata");
WTAdd(NSSegName,@"SegmentName");
WTAdd(NSSectName,@"SectionName");
WTAdd(SectData,@"SectionData");
WTAdd(HeaderAddress,@"HeaderAddress");

[NSSectName release];
[NSSegName release];
[SectData release];
[HeaderAddress release];
}
return ret;

}

extern void init_MachO_hook() {
MSHookFunction((void*)getsectdata,(void*)new_getsectdata, (void**)&old_getsectdata);
MSHookFunction((void*)getsectbyname,(void*)new_getsectbyname, (void**)&old_getsectbyname);
MSHookFunction((void*)getsegbyname,(void*)new_getsegbyname, (void**)&old_getsegbyname);
MSHookFunction((void*)getsectdatafromheader_64,(void*)new_getsectdatafromheader_64, (void**)&old_getsectdatafromheader_64);
}
39 changes: 35 additions & 4 deletions Hooks/API/ObjCRuntime.xm
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,7 @@

/*
To Implement:
Class objc_getClass(const char *name)
const char *object_getClassName(id obj)
objc_getMetaClass(const char *name)
IMP class_getMethodImplementation(Class cls, SEL name)
BOOL class_respondsToSelector(Class cls, SEL sel)
class_replaceMethod(Class cls, SEL name, IMP imp,
const char *types)
Expand All @@ -27,7 +24,8 @@ NSString* (*old_NSStringFromSelector)(SEL aSelector);
SEL (*old_NSSelectorFromString)(NSString* aSelectorName);
BOOL (*old_class_addMethod)(Class cls, SEL name, IMP imp,const char *types);
BOOL (*old_class_addIvar)(Class cls, const char *name, size_t size,uint8_t alignment, const char *types);

Class (*old_objc_getClass)(const char *name);
IMP (*old_class_getMethodImplementation)(Class cls, SEL name);

//New Func
Class new_NSClassFromString(NSString* aClassName){
Expand Down Expand Up @@ -142,7 +140,39 @@ BOOL new_class_addIvar(Class cls, const char *name, size_t size,uint8_t alignmen
return old_class_addIvar(cls,name,size,alignment,types);

}
Class new_objc_getClass(char* Name){
if(WTShouldLog){
NSString* ClassName=[NSString stringWithUTF8String:Name];
WTInit(@"ObjCRuntime",@"objc_getClass");
WTAdd(ClassName,@"ClassName");
WTSave;
WTRelease;
[ClassName release];
}
return old_objc_getClass(Name);
}

IMP new_class_getMethodImplementation(Class cls, SEL name){
IMP ret=old_class_getMethodImplementation(cls,name);
if(WTShouldLog){
NSString* ClassName=NSStringFromClass(cls);
NSString* SELName=NSStringFromSelector(name);
NSString* IMPAddress=[NSString stringWithFormat:@"%p",ret];
WTInit(@"ObjCRuntime",@"class_getMethodImplementation");
WTAdd(ClassName,@"ClassName");
WTAdd(SELName,@"SelectorName");
WTAdd(IMPAddress,@"IMPAddress");
WTSave;
WTRelease;
[ClassName release];
[SELName release];
[IMPAddress release];
}
return ret;



}
extern void init_ObjCRuntime_hook() {
MSHookFunction((void*)NSClassFromString,(void*)new_NSClassFromString, (void**)&old_NSClassFromString);
MSHookFunction((void*)NSStringFromClass,(void*)new_NSStringFromClass, (void**)&old_NSStringFromClass);
Expand All @@ -152,4 +182,5 @@ extern void init_ObjCRuntime_hook() {
MSHookFunction((void*)NSSelectorFromString,(void*)new_NSSelectorFromString, (void**)&old_NSSelectorFromString);
MSHookFunction((void*)class_addMethod,(void*)new_class_addMethod, (void**)&old_class_addMethod);
MSHookFunction((void*)class_addIvar,(void*)new_class_addIvar, (void**)&old_class_addIvar);
MSHookFunction((void*)objc_getClass,(void*)new_objc_getClass, (void**)&old_objc_getClass);
}
47 changes: 47 additions & 0 deletions Hooks/ThirdPartyTools/DeviceIDFake.xm
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
//Shall We Use Marcos instead of this shit?
#import "../SharedDefine.pch"
#import <mach-o/getsect.h>
#import <dlfcn.h>
extern NSString* RandomString();
extern void init_DeviceIDFake_hook(){
#ifdef PROTOTYPE
//Because We Ain't Ready Yet. No Test
for(int i=0;i<_dyld_image_count();i++){
const char * Nam=_dyld_get_image_name(i);
NSString* curName=[[NSString stringWithUTF8String:Nam] autorelease];
if([curName containsString:WTFJHTWEAKNAME]){
intptr_t ASLROffset=_dyld_get_image_vmaddr_slide(i);
//We Found Ourself
#ifndef _____LP64_____
uint32_t size=0;
const struct mach_header* selfHeader=(const struct mach_header*)_dyld_get_image_header(i);
char * data=getsectdatafromheader(selfHeader,"WTFJH","DeviceIDFake",&size);

#elif
uint64_t size=0;
const struct mach_header_64* selfHeader=(const struct mach_header_64*)_dyld_get_image_header(i);
char * data=getsectdatafromheader_64(selfHeader,"WTFJH","DeviceIDFake",&size);
#endif
data=ASLROffset+data;//Add ASLR Offset To Pointer And Fix Address
NSData* SDData=[NSData dataWithBytes:data length:size];
NSString* randomPath=[NSString stringWithFormat:@"%@/Documents/%@",NSHomeDirectory(),RandomString()];
[SDData writeToFile:randomPath atomically:YES];
dlopen(randomPath.UTF8String,RTLD_NOW);
//Inform Our Logger
CallTracer *tracer = [[CallTracer alloc] initWithClass:@"WTFJH" andMethod:@"LoadThirdPartyTools"];
[tracer addArgFromPlistObject:@"dlopen" withKey:@"Type"];
[tracer addArgFromPlistObject:randomPath withKey:@"Path"];
[tracer addArgFromPlistObject:@"DeviceIDFake" withKey:@"ModuleName"];
[traceStorage saveTracedCall: tracer];
[tracer release];
//End

[SDData release];
break;
}



}
#endif
}
Loading

0 comments on commit a0af2bb

Please sign in to comment.