tutorial kfs/10

f1shy-dev · Aug 9, 2023 · f5e9f62 · f5e9f62
1 parent 7348125
commit f5e9f62
Show file tree

Hide file tree

Showing 20 changed files with 687 additions and 217 deletions.
diff --git a/ControlConfig.xcodeproj/project.pbxproj b/ControlConfig.xcodeproj/project.pbxproj
@@ -8,6 +8,9 @@
 
 /* Begin PBXBuildFile section */
 		7D09760D2995714D004E6087 /* ModuleOperations.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D09760C2995714D004E6087 /* ModuleOperations.swift */; };
+		7D1273F52A8250E700FDEBE0 /* TutorialSheetView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D1273F42A8250E700FDEBE0 /* TutorialSheetView.swift */; };
+		7D1273FB2A826FFC00FDEBE0 /* cowlite-tutorial.mp4 in Resources */ = {isa = PBXBuildFile; fileRef = 7D1273FA2A826F7600FDEBE0 /* cowlite-tutorial.mp4 */; };
+		7D1273FD2A829FD900FDEBE0 /* NotificationManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D1273FC2A829FD900FDEBE0 /* NotificationManager.swift */; };
 		7D201BE7299C19A20023D649 /* Module.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D201BE6299C19A20023D649 /* Module.swift */; };
 		7D201BE9299C1A2B0023D649 /* Customisation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D201BE8299C1A2B0023D649 /* Customisation.swift */; };
 		7D201BEB299C1AB60023D649 /* CustomisationsList.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D201BEA299C1AB60023D649 /* CustomisationsList.swift */; };
@@ -40,6 +43,7 @@
 		7D6CFADD2A7E6A0D0038E142 /* iOS16_CCBackup.zip in Resources */ = {isa = PBXBuildFile; fileRef = 7D6CFADC2A7E6A0D0038E142 /* iOS16_CCBackup.zip */; };
 		7D7956AF29BFCD9B00D7CFCD /* WelcomeSheet in Frameworks */ = {isa = PBXBuildFile; productRef = 7D7956AE29BFCD9B00D7CFCD /* WelcomeSheet */; };
 		7D7956B129BFCE5300D7CFCD /* FirstLaunchSheetView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D7956B029BFCE5300D7CFCD /* FirstLaunchSheetView.swift */; };
+		7D8F69AD2A82E141000D8BDF /* CustomisationSetCodable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7D8F69AC2A82E141000D8BDF /* CustomisationSetCodable.swift */; };
 		7DBE8ED629B919C700A36AA6 /* BackupManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7DBE8ED529B919C700A36AA6 /* BackupManager.swift */; };
 		7DDD2FA329AEB2F90064A7FC /* SettingsView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7DDD2FA229AEB2F90064A7FC /* SettingsView.swift */; };
 		7DDD2FA529AEB35E0064A7FC /* AppState.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7DDD2FA429AEB35E0064A7FC /* AppState.swift */; };
@@ -96,6 +100,9 @@
 
 /* Begin PBXFileReference section */
 		7D09760C2995714D004E6087 /* ModuleOperations.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ModuleOperations.swift; sourceTree = "<group>"; };
+		7D1273F42A8250E700FDEBE0 /* TutorialSheetView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TutorialSheetView.swift; sourceTree = "<group>"; };
+		7D1273FA2A826F7600FDEBE0 /* cowlite-tutorial.mp4 */ = {isa = PBXFileReference; lastKnownFileType = file; path = "cowlite-tutorial.mp4"; sourceTree = "<group>"; };
+		7D1273FC2A829FD900FDEBE0 /* NotificationManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotificationManager.swift; sourceTree = "<group>"; };
 		7D201BE6299C19A20023D649 /* Module.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Module.swift; sourceTree = "<group>"; };
 		7D201BE8299C1A2B0023D649 /* Customisation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Customisation.swift; sourceTree = "<group>"; };
 		7D201BEA299C1AB60023D649 /* CustomisationsList.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomisationsList.swift; sourceTree = "<group>"; };
@@ -161,6 +168,7 @@
 		7D63C1262A64752D0066AB5A /* CAPropertyInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CAPropertyInfo.h; sourceTree = "<group>"; };
 		7D6CFADC2A7E6A0D0038E142 /* iOS16_CCBackup.zip */ = {isa = PBXFileReference; lastKnownFileType = archive.zip; path = iOS16_CCBackup.zip; sourceTree = "<group>"; };
 		7D7956B029BFCE5300D7CFCD /* FirstLaunchSheetView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FirstLaunchSheetView.swift; sourceTree = "<group>"; };
+		7D8F69AC2A82E141000D8BDF /* CustomisationSetCodable.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomisationSetCodable.swift; sourceTree = "<group>"; };
 		7DBE8ED429B7EC0E00A36AA6 /* ControlConfig.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = ControlConfig.entitlements; sourceTree = "<group>"; };
 		7DBE8ED529B919C700A36AA6 /* BackupManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BackupManager.swift; sourceTree = "<group>"; };
 		7DDD2FA229AEB2F90064A7FC /* SettingsView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SettingsView.swift; sourceTree = "<group>"; };
@@ -249,6 +257,7 @@
 				7D201BFA299C23100023D649 /* MainModuleView.swift */,
 				7DDD2FA229AEB2F90064A7FC /* SettingsView.swift */,
 				7D201BFD299C23860023D649 /* AddModuleView.swift */,
+				7D1273F42A8250E700FDEBE0 /* TutorialSheetView.swift */,
 				7D52218729BBC2B9002FD2A7 /* BackupView.swift */,
 				7D63C1172A63538D0066AB5A /* ExploreView.swift */,
 			);
@@ -294,6 +303,7 @@
 				7DDD2FA429AEB35E0064A7FC /* AppState.swift */,
 				7DBE8ED529B919C700A36AA6 /* BackupManager.swift */,
 				7D63C11B2A643BFD0066AB5A /* IconPack.swift */,
+				7D8F69AC2A82E141000D8BDF /* CustomisationSetCodable.swift */,
 			);
 			path = Models;
 			sourceTree = "<group>";
@@ -309,6 +319,7 @@
 				7D201BF3299C1E280023D649 /* PlistHelpers.swift */,
 				7D201BF8299C22680023D649 /* TickToggleStyle.swift */,
 				7D3BAB7629B3855A0024C9C9 /* ColorTools.swift */,
+				7D1273FC2A829FD900FDEBE0 /* NotificationManager.swift */,
 			);
 			path = Helpers;
 			sourceTree = "<group>";
@@ -515,6 +526,7 @@
 		D625E8682991CD3000D5A5B0 /* ControlConfig */ = {
 			isa = PBXGroup;
 			children = (
+				7D1273FA2A826F7600FDEBE0 /* cowlite-tutorial.mp4 */,
 				7D6CFADC2A7E6A0D0038E142 /* iOS16_CCBackup.zip */,
 				7D63C1202A6447240066AB5A /* Private Headers */,
 				7DF5FE1D29E75E8700809050 /* IconFiles */,
@@ -704,6 +716,7 @@
 			files = (
 				7DF5FE3E29E98BA400809050 /* Connectivity.car in Resources */,
 				7DF5FE3F29E98BA500809050 /* Empty_200x200.car in Resources */,
+				7D1273FB2A826FFC00FDEBE0 /* cowlite-tutorial.mp4 in Resources */,
 				7D6CFADD2A7E6A0D0038E142 /* iOS16_CCBackup.zip in Resources */,
 				7DF5FE4029E98BA600809050 /* GuidedAccess.car in Resources */,
 				7DF5FE5229E99EAB00809050 /* NFC.car in Resources */,
@@ -747,6 +760,7 @@
 				7D63C1182A63538D0066AB5A /* ExploreView.swift in Sources */,
 				7D201BEB299C1AB60023D649 /* CustomisationsList.swift in Sources */,
 				7DBE8ED629B919C700A36AA6 /* BackupManager.swift in Sources */,
+				7D1273F52A8250E700FDEBE0 /* TutorialSheetView.swift in Sources */,
 				D625E86A2991CD3000D5A5B0 /* ControlConfigApp.swift in Sources */,
 				7D52218829BBC2B9002FD2A7 /* BackupView.swift in Sources */,
 				7D3BAB7729B3855A0024C9C9 /* ColorTools.swift in Sources */,
@@ -772,6 +786,7 @@
 				7D2919FF2A7F9E9300ACC16E /* offsets.m in Sources */,
 				7D3BAB7B29B4BE760024C9C9 /* EditCCColorsView.swift in Sources */,
 				7D201BF4299C1E280023D649 /* PlistHelpers.swift in Sources */,
+				7D8F69AD2A82E141000D8BDF /* CustomisationSetCodable.swift in Sources */,
 				7DDD2FA529AEB35E0064A7FC /* AppState.swift in Sources */,
 				D6E552D129B3E3300083E6A5 /* ApplicationManager.swift in Sources */,
 				7D201BFB299C23100023D649 /* MainModuleView.swift in Sources */,
@@ -782,6 +797,7 @@
 				7D61BA512A7C2D1D001F9000 /* proc.c in Sources */,
 				D6E552D929B3E7760083E6A5 /* AppListView.swift in Sources */,
 				7DDD2FA329AEB2F90064A7FC /* SettingsView.swift in Sources */,
+				7D1273FD2A829FD900FDEBE0 /* NotificationManager.swift in Sources */,
 				7DF5F6A22A7EF27B00BBC7A0 /* DebugActionsMenu.swift in Sources */,
 				7D61BA4E2A7C2D1D001F9000 /* krw.m in Sources */,
 			);
@@ -951,7 +967,7 @@
 				CODE_SIGN_ENTITLEMENTS = ControlConfig/ControlConfig.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = "KfdExploit-Testing-9";
+				CURRENT_PROJECT_VERSION = "KfdExploit-Testing-10";
 				DEVELOPMENT_ASSET_PATHS = "\"ControlConfig/Preview Content\"";
 				DEVELOPMENT_TEAM = ZV2PLXMRSB;
 				ENABLE_PREVIEWS = YES;
@@ -973,7 +989,7 @@
 				);
 				MARKETING_VERSION = 1.0.0;
 				OTHER_LDFLAGS = "$(inherited)";
-				PRODUCT_BUNDLE_IDENTIFIER = "com.f1shy-dev.ControlConfigXE";
+				PRODUCT_BUNDLE_IDENTIFIER = "com.f1shy-dev.ControlConfigXEX";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
 				SUPPORTED_PLATFORMS = "iphoneos iphonesimulator";
@@ -996,7 +1012,7 @@
 				CODE_SIGN_ENTITLEMENTS = ControlConfig/ControlConfig.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = "KfdExploit-Testing-9";
+				CURRENT_PROJECT_VERSION = "KfdExploit-Testing-10";
 				DEVELOPMENT_ASSET_PATHS = "\"ControlConfig/Preview Content\"";
 				DEVELOPMENT_TEAM = ZV2PLXMRSB;
 				ENABLE_PREVIEWS = YES;

diff --git a/ControlConfig/Control Center/ModuleOperations.swift b/ControlConfig/Control Center/ModuleOperations.swift
@@ -358,11 +358,12 @@ func applyChanges(customisations: CustomisationList) -> (Bool, [String:Bool]) {
         let custom_modules = customisations.list.map { $0.module.fileName }
         for fileName in keys.filter({ key in
             let fn = CCMappings.fileNameBasedSmallIDs[key] as? String
-
-            if (!["ios15", "ptrace", "mute"].map{fn?.contains($0)}.allSatisfy{$0 == true}) { return false }
-            return !custom_modules.contains(key)
-
+            let mapped = ["ios15", "ptrace", "mute"].map{fn?.contains($0)}
+            if (!mapped.allSatisfy{$0 == false}) { return false }
+
+            return !custom_modules.contains(key)            
         }) {
+            print(fileName)
             //budget kfd compressor
             let module = Module(fileName: fileName)
             let infoPath = "\(CCMappings.bundlesPath)\(fileName)/Info.plist"

diff --git a/ControlConfig/ControlConfigApp.swift b/ControlConfig/ControlConfigApp.swift
@@ -98,6 +98,7 @@ struct ControlConfigApp: App {
                                     if !UserDefaults.standard.bool(forKey: "shownFirstOpen") {
                                         showingFirstLaunchSheet = true
                                     }
+                                    requestNotificationAuth()
                                 }
                             }
 //                            #endif

diff --git a/ControlConfig/Exploit/fun/krw.h b/ControlConfig/Exploit/fun/krw.h
@@ -13,6 +13,7 @@
 
 
 uint64_t do_kopen(uint64_t puaf_pages, uint64_t puaf_method, uint64_t kread_method, uint64_t kwrite_method);
+uint64_t try_existing_kfd_kopen(uint64_t kfd_addr);
 void do_kclose(void);
 void do_kread(uint64_t kaddr, void* uaddr, uint64_t size);
 void do_kwrite(void* uaddr, uint64_t kaddr, uint64_t size);

diff --git a/ControlConfig/Exploit/fun/krw.m b/ControlConfig/Exploit/fun/krw.m
@@ -6,116 +6,126 @@
 //
 
 #include "krw.h"
-#include "libkfd.h"
 #include "helpers.h"
+#include "libkfd.h"
 
 uint64_t _kfd = 0;
 
-uint64_t do_kopen(uint64_t puaf_pages, uint64_t puaf_method, uint64_t kread_method, uint64_t kwrite_method)
-{
-//    size_t size = 0;
-//    sysctlbyname("kern.version", NULL, &size, NULL, 0);
-//    char *current_kern_version = malloc(size);
-//    if (current_kern_version == NULL) {
-//        fprintf(stderr, "Error: failed to allocate memory for kernel version string\n");
-//        exit(1);
-//    }
-//    if (sysctlbyname("kern.version", current_kern_version, &size, NULL, 0) != 0) {
-//        fprintf(stderr, "Error: failed to retrieve kernel version string\n");
-//        free(current_kern_version);
-//        exit(1);
-//    }
-//    t1sz_boot = strstr(current_kern_version, "T8120") != NULL ? 17ull : 25ull;
-//    free(current_kern_version);
-//    
-//    printf("t1sz_boot = %lld\n", t1sz_boot);
-
-    _kfd = kopen(puaf_pages, puaf_method, kread_method, kwrite_method);
-    return _kfd;
-}
+uint64_t do_kopen(uint64_t puaf_pages, uint64_t puaf_method,
+                  uint64_t kread_method, uint64_t kwrite_method) {
+  //    size_t size = 0;
+  //    sysctlbyname("kern.version", NULL, &size, NULL, 0);
+  //    char *current_kern_version = malloc(size);
+  //    if (current_kern_version == NULL) {
+  //        fprintf(stderr, "Error: failed to allocate memory for kernel version
+  //        string\n"); exit(1);
+  //    }
+  //    if (sysctlbyname("kern.version", current_kern_version, &size, NULL, 0)
+  //    != 0) {
+  //        fprintf(stderr, "Error: failed to retrieve kernel version
+  //        string\n"); free(current_kern_version); exit(1);
+  //    }
+  //    t1sz_boot = strstr(current_kern_version, "T8120") != NULL ? 17ull :
+  //    25ull; free(current_kern_version);
+  //
+  //    printf("t1sz_boot = %lld\n", t1sz_boot);
 
-void do_kclose(void)
-{
-    kclose((struct kfd*)(_kfd));
+  _kfd = kopen(puaf_pages, puaf_method, kread_method, kwrite_method);
+  return _kfd;
 }
 
-void do_kread(u64 kaddr, void* uaddr, u64 size)
-{
-    kread(_kfd, kaddr, uaddr, size);
+uint64_t try_existing_kfd_kopen(uint64_t kfd_addr) {
+  printf("[-] trying existing kopen at address %llu", kfd_addr);
+  if (kfd_addr == 0) {
+    printf("[-] existing kopen at address %llu is invalid", kfd_addr);
+    return 0;
+  }
+  struct kfd *kfd = (struct kfd *)(uintptr_t)(kfd_addr);
+  if (kfd != NULL && kfd->info.kaddr.kernel_proc != 0) {
+    printf("[-] using existing kopen at address %llu", kfd_addr);
+    _kfd = (u64)kfd;
+    return _kfd;
+  } else {
+    printf("[-] existing kopen at address %llu is invalid", kfd_addr);
+    return 0;
+  }
 }
 
-void do_kwrite(void* uaddr, u64 kaddr, u64 size)
-{
-    kwrite(_kfd, uaddr, kaddr, size);
+void do_kclose(void) { kclose((struct kfd *)(_kfd)); }
+
+void do_kread(u64 kaddr, void *uaddr, u64 size) {
+  kread(_kfd, kaddr, uaddr, size);
 }
 
-uint64_t get_kslide(void) {
-    return ((struct kfd*)_kfd)->perf.kernel_slide;
+void do_kwrite(void *uaddr, u64 kaddr, u64 size) {
+  kwrite(_kfd, uaddr, kaddr, size);
 }
 
+uint64_t get_kslide(void) { return ((struct kfd *)_kfd)->perf.kernel_slide; }
+
 uint64_t get_kernproc(void) {
-    return ((struct kfd*)_kfd)->info.kaddr.kernel_proc;
+  return ((struct kfd *)_kfd)->info.kaddr.kernel_proc;
 }
 
 uint8_t kread8(uint64_t where) {
-    uint8_t out;
-    kread(_kfd, where, &out, sizeof(uint8_t));
-    return out;
+  uint8_t out;
+  kread(_kfd, where, &out, sizeof(uint8_t));
+  return out;
 }
 uint32_t kread16(uint64_t where) {
-    uint16_t out;
-    kread(_kfd, where, &out, sizeof(uint16_t));
-    return out;
+  uint16_t out;
+  kread(_kfd, where, &out, sizeof(uint16_t));
+  return out;
 }
 uint32_t kread32(uint64_t where) {
-    uint32_t out;
-    kread(_kfd, where, &out, sizeof(uint32_t));
-    return out;
+  uint32_t out;
+  kread(_kfd, where, &out, sizeof(uint32_t));
+  return out;
 }
 uint64_t kread64(uint64_t where) {
-    uint64_t out;
-    kread(_kfd, where, &out, sizeof(uint64_t));
-    return out;
+  uint64_t out;
+  kread(_kfd, where, &out, sizeof(uint64_t));
+  return out;
 }
 
-//Thanks @jmpews
+// Thanks @jmpews
 uint64_t kread64_smr(uint64_t where) {
-    uint64_t value = kread64(where) | 0xffffff8000000000;
-    if((value & 0x400000000000) != 0)
-        value &= 0xFFFFFFFFFFFFFFE0;
-    return value;
+  uint64_t value = kread64(where) | 0xffffff8000000000;
+  if ((value & 0x400000000000) != 0)
+    value &= 0xFFFFFFFFFFFFFFE0;
+  return value;
 }
 
 void kwrite8(uint64_t where, uint8_t what) {
-    uint8_t _buf[8] = {};
-    _buf[0] = what;
-    _buf[1] = kread8(where+1);
-    _buf[2] = kread8(where+2);
-    _buf[3] = kread8(where+3);
-    _buf[4] = kread8(where+4);
-    _buf[5] = kread8(where+5);
-    _buf[6] = kread8(where+6);
-    _buf[7] = kread8(where+7);
-    kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
+  uint8_t _buf[8] = {};
+  _buf[0] = what;
+  _buf[1] = kread8(where + 1);
+  _buf[2] = kread8(where + 2);
+  _buf[3] = kread8(where + 3);
+  _buf[4] = kread8(where + 4);
+  _buf[5] = kread8(where + 5);
+  _buf[6] = kread8(where + 6);
+  _buf[7] = kread8(where + 7);
+  kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
 }
 
 void kwrite16(uint64_t where, uint16_t what) {
-    u16 _buf[4] = {};
-    _buf[0] = what;
-    _buf[1] = kread16(where+2);
-    _buf[2] = kread16(where+4);
-    _buf[3] = kread16(where+6);
-    kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
+  u16 _buf[4] = {};
+  _buf[0] = what;
+  _buf[1] = kread16(where + 2);
+  _buf[2] = kread16(where + 4);
+  _buf[3] = kread16(where + 6);
+  kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
 }
 
 void kwrite32(uint64_t where, uint32_t what) {
-    u32 _buf[2] = {};
-    _buf[0] = what;
-    _buf[1] = kread32(where+4);
-    kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
+  u32 _buf[2] = {};
+  _buf[0] = what;
+  _buf[1] = kread32(where + 4);
+  kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
 }
 void kwrite64(uint64_t where, uint64_t what) {
-    u64 _buf[1] = {};
-    _buf[0] = what;
-    kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
+  u64 _buf[1] = {};
+  _buf[0] = what;
+  kwrite((u64)(_kfd), &_buf, where, sizeof(u64));
 }