Skip to content

Commit

Permalink
Support RootHide
Browse files Browse the repository at this point in the history
  • Loading branch information
NyaMisty committed Nov 12, 2023
1 parent 3a54917 commit 4de243d
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 8 deletions.
5 changes: 3 additions & 2 deletions Shadow.dylib/Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
INSTALL_TARGET_PROCESSES = SpringBoard
# INSTALL_TARGET_PROCESSES = SpringBoard
INSTALL_TARGET_PROCESSES =
# LOGOS_DEFAULT_GENERATOR = internal

include $(THEOS)/makefiles/common.mk
Expand All @@ -11,7 +12,7 @@ Shadow_FRAMEWORKS = Foundation
Shadow_EXTRA_FRAMEWORKS = Shadow HookKit RootBridge
Shadow_PRIVATE_FRAMEWORKS = MobileCoreServices
Shadow_CFLAGS = -fobjc-arc -I../Shadow.framework/Headers -I../vendor/HookKit.framework/Headers -I../vendor/RootBridge.framework/Headers
Shadow_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib
Shadow_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath @loader_path/.jbroot/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib -rpath @loader_path/.jbroot/usr/lib
Shadow_LDFLAGS += -F../ -F../vendor
Shadow_LDFLAGS += -weak_framework CydiaSubstrate

Expand Down
52 changes: 50 additions & 2 deletions Shadow.dylib/hooks/dyld.x
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
#pragma clang diagnostic ignored "-Wunused-function"
#pragma clang diagnostic ignored "-Wframe-address"

#import "hooks.h"

static NSMutableArray<NSDictionary *>* _shdw_dyld_collection = nil;
Expand All @@ -9,6 +12,42 @@ static BOOL _shdw_dyld_error = NO;

// todo: maybe hook this private symbol
// extern void call_funcs_for_add_image(struct mach_header *mh, unsigned long vmaddr_slide);
#include <os/log.h>
#undef isCallerTweak
bool isCallerTweak() {
// NSLog(@"%@", NSThread.callStackSymbols);
// os_log(OS_LOG_DEFAULT, "%{public}@", NSThread.callStackSymbols);
// return true;
void *retaddrs[] = {
__builtin_return_address(0),
__builtin_return_address(1),
__builtin_return_address(2),
__builtin_return_address(3),
__builtin_return_address(4),
__builtin_return_address(5),
__builtin_return_address(6),
__builtin_return_address(7),
};
for (int i = 0; i < 8; i++) {
void *addr = __builtin_extract_return_addr(retaddrs[i]);
if (![_shadow isAddrExternal:addr]) { // address is belong to app
return false;
}
if (![_shadow isAddrRestricted:addr]) { // address is belong to tweak
return true;
}
}
// for (NSString *sym in NSThread.callStackSymbols) {
// // do something with object
// if ([sym containsString:@"libinjector.dylib"]) { // RootHide's injector
// return true;
// }
// if ([sym containsString:@"tweaks_iterate"] || [sym containsString:@"injection_init"]) { // RootHide's injector
// return true;
// }
// }
return false;
}

static uint32_t (*original_dyld_image_count)();
static uint32_t replaced_dyld_image_count() {
Expand Down Expand Up @@ -42,12 +81,15 @@ static intptr_t replaced_dyld_get_image_vmaddr_slide(uint32_t image_index) {

static const char* (*original_dyld_get_image_name)(uint32_t image_index);
static const char* replaced_dyld_get_image_name(uint32_t image_index) {
// NSLog(@"_dyld_get_image_name from %p (%d): %@", __builtin_extract_return_addr(__builtin_return_address(0)), isCallerTweak(), NSThread.callStackSymbols);
if(isCallerTweak()) {
return original_dyld_get_image_name(image_index);
}

NSArray* _dyld_collection = [_shdw_dyld_collection copy];
return image_index < [_dyld_collection count] ? [_dyld_collection[image_index][@"name"] fileSystemRepresentation] : NULL;
const char *ret = image_index < [_dyld_collection count] ? [_dyld_collection[image_index][@"name"] fileSystemRepresentation] : NULL;
// NSLog(@"_dyld_get_image_name -> %s", ret ? ret: "");
return ret;
}

static void* (*original_dlopen)(const char* path, int mode);
Expand Down Expand Up @@ -304,14 +346,20 @@ void shadowhook_dyld(HKSubstitutor* hooks) {
_dyld_register_func_for_remove_image(shadowhook_dyld_updatelibs_r);

MSHookFunction(_dyld_get_image_name, replaced_dyld_get_image_name, (void **) &original_dyld_get_image_name);

// !! err in ellekit's substrate, because _dyld_image_count uses x16, conflicts with ellekit
MSHookFunction(_dyld_image_count, replaced_dyld_image_count, (void **) &original_dyld_image_count);

MSHookFunction(_dyld_get_image_header, replaced_dyld_get_image_header, (void **) &original_dyld_get_image_header);
MSHookFunction(_dyld_get_image_vmaddr_slide, replaced_dyld_get_image_vmaddr_slide, (void **) &original_dyld_get_image_vmaddr_slide);
MSHookFunction(_dyld_register_func_for_add_image, replaced_dyld_register_func_for_add_image, (void **) &original_dyld_register_func_for_add_image);
MSHookFunction(_dyld_register_func_for_remove_image, replaced_dyld_register_func_for_remove_image, (void **) &original_dyld_register_func_for_remove_image);

MSHookFunction(task_info, replaced_task_info, (void **) &original_task_info);
MSHookFunction(dlopen_preflight, replaced_dlopen_preflight, (void **) &original_dlopen_preflight);

// !! will cause err in Dobby if directly hook using import address, must use findSymbol
void *p_dlopen_preflight = MSFindSymbol(MSGetImageByName("/usr/lib/system/libdyld.dylib"), "_dlopen_preflight");
MSHookFunction(p_dlopen_preflight, replaced_dlopen_preflight, (void **) &original_dlopen_preflight);

MSHookFunction(dlerror, replaced_dlerror, (void **) &original_dlerror);
}
Expand Down
2 changes: 2 additions & 0 deletions Shadow.framework/Core+Utilities.m
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ + (NSString *)getStandardizedPath:(NSString *)path {
}
}

path = [RootBridge getJBPath:path]; // RootHide jb have the same layout as rootful jb, we need to manually convert the path

if([path hasPrefix:@"/private/var"] || [path hasPrefix:@"/private/etc"]) {
NSMutableArray* pathComponents = [[path pathComponents] mutableCopy];
[pathComponents removeObjectAtIndex:1];
Expand Down
2 changes: 1 addition & 1 deletion Shadow.framework/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,6 @@ Shadow_EXTRA_FRAMEWORKS = RootBridge
Shadow_INSTALL_PATH = /Library/Frameworks
Shadow_CFLAGS = -fobjc-arc -IHeaders -I../vendor/RootBridge.framework/Headers
Shadow_LDFLAGS = -F../vendor/ -install_name @rpath/Shadow.framework/Shadow
Shadow_LDFLAGS += -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib
Shadow_LDFLAGS += -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath @loader_path/.jbroot/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib -rpath @loader_path/.jbroot/usr/lib

include $(THEOS_MAKE_PATH)/framework.mk
2 changes: 1 addition & 1 deletion ShadowSettings.bundle/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ ShadowSettings_EXTRA_FRAMEWORKS = Shadow AltList HookKit RootBridge
ShadowSettings_PRIVATE_FRAMEWORKS = Preferences
ShadowSettings_INSTALL_PATH = /Library/PreferenceBundles
ShadowSettings_CFLAGS = -fobjc-arc -I../Shadow.framework/Headers -I../vendor/HookKit.framework/Headers -I../vendor/RootBridge.framework/Headers
ShadowSettings_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib
ShadowSettings_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath @loader_path/.jbroot/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib -rpath @loader_path/.jbroot/usr/lib
ShadowSettings_LDFLAGS += -F../ -F../vendor

include $(THEOS_MAKE_PATH)/bundle.mk
7 changes: 6 additions & 1 deletion build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,12 @@ mkdir -p $PWD/build

# build main project (rootless ver.)
make clean &&
THEOS_PACKAGE_SCHEME=rootless ARCHS="arm64 arm64e" TARGET=iphone:clang:latest:14.0 make package FINALPACKAGE=1 &&
THEOS_PACKAGE_SCHEME=rootless ARCHS="arm64 arm64e" TARGET=iphone:clang:14.5:14.0 make package FINALPACKAGE=1 &&
cp -p "`ls -dtr1 packages/* | tail -1`" $PWD/build/

# build main project (roothide ver.)
make clean &&
THEOS_PACKAGE_SCHEME=roothide ARCHS="arm64 arm64e" TARGET=iphone:clang:14.5:14.0 make package FINALPACKAGE=1 &&
cp -p "`ls -dtr1 packages/* | tail -1`" $PWD/build/

rm -rf $THEOS/lib/Shadow.framework
Expand Down
2 changes: 1 addition & 1 deletion shdw/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ TOOL_NAME = shdw

shdw_FILES = main.m
shdw_CFLAGS = -fobjc-arc -I../Shadow.framework/Headers -I../vendor/RootBridge.framework/Headers
shdw_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib
shdw_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath @loader_path/.jbroot/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib -rpath @loader_path/.jbroot/usr/lib
shdw_LDFLAGS += -F../ -F../vendor/
shdw_CODESIGN_FLAGS = -Sentitlements.plist
shdw_INSTALL_PATH = /usr/local/bin
Expand Down

0 comments on commit 4de243d

Please sign in to comment.