fixed jailbreak not working on some devices

leminhhieuctvn · Nov 1, 2024 · 5097e5b · 5097e5b
1 parent bebc829
commit 5097e5b
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 6 deletions.
diff --git a/Application/Dopamine/Jailbreak/DOJailbreaker.m b/Application/Dopamine/Jailbreak/DOJailbreaker.m
@@ -594,6 +594,8 @@ - (void)runWithError:(NSError **)errOut didRemoveJailbreak:(BOOL*)didRemove show
     *errOut = [self injectLaunchdHook];
     if (*errOut) return;
 
+    // don't use dyld-in-cache due to dyldhooks
+    setenv("DYLD_IN_CACHE", "0", 1);
     // don't load tweak during jailbreaking
     setenv("DISABLE_TWEAKS", "1", 1);
     // using the stock path during jailbreaking

diff --git a/BaseBin/launchdhook/src/spawn_hook.c b/BaseBin/launchdhook/src/spawn_hook.c
@@ -274,10 +274,17 @@ int __posix_spawn_hook(pid_t *restrict pidp, const char *restrict path, struct _
         posix_spawnattr_setflags(attrp, flags | POSIX_SPAWN_START_SUSPENDED);
     }
 
+	// on some devices dyldhook may fail due to vm_protect(VM_PROT_READ|VM_PROT_WRITE), 2, (os/kern) protection failure in dsc::__DATA_CONST:__const, 
+	// so we need to disable dyld-in-cache here. (or we can use VM_PROT_READ|VM_PROT_WRITE|VM_PROT_COPY)
+	char **envc = envbuf_mutcopy((const char **)envp);
+	envbuf_setenv(&envc, "DYLD_IN_CACHE", "0");
+
     int pid = 0;
     if (!pidp) pidp = &pid;
-    int ret = posix_spawn_hook_shared(pidp, path, desc, argv, envp, __posix_spawn_orig_wrapper, systemwide_trust_binary, platform_set_process_debugged, jbsetting(jetsamMultiplier));
+    int ret = posix_spawn_hook_shared(pidp, path, desc, argv, envc, __posix_spawn_orig_wrapper, systemwide_trust_binary, platform_set_process_debugged, jbsetting(jetsamMultiplier));
     pid = *pidp;
+
+	envbuf_free(envc);
 
 	posix_spawnattr_setflags(attrp, flags); // maybe caller will use it again?
 

diff --git a/BaseBin/libjailbreak/src/deny.m b/BaseBin/libjailbreak/src/deny.m
@@ -45,8 +45,6 @@
     NSString *identifier = appInfo[@"CFBundleIdentifier"];
     if (!identifier) return nil;
 
-    JBLogDebug("spawn app [%s] %s", identifier.UTF8String, path);
-
     return identifier;
 }
 

diff --git a/BaseBin/libjailbreak/src/util.c b/BaseBin/libjailbreak/src/util.c
@@ -584,8 +584,10 @@ int __exec_cmd_internal_va(bool suspended, bool root, bool waitForExit, pid_t *p
 	}
 
 	//force
-	posix_spawnattr_setflags(&attr, POSIX_SPAWN_START_SUSPENDED);
-
+	short flags=0;
+	posix_spawnattr_getflags(&attr, &flags);
+	posix_spawnattr_setflags(&attr, flags | POSIX_SPAWN_START_SUSPENDED);
+
 	pid_t spawnedPid = 0;
 	int spawnError = posix_spawn(&spawnedPid, binary, NULL, &attr, (char *const *)argv, environ);
 	if (attr) posix_spawnattr_destroy(&attr);

diff --git a/BaseBin/systemhook/src/main.c b/BaseBin/systemhook/src/main.c
@@ -272,6 +272,9 @@ bool should_enable_tweaks(void)
 	return true;
 }
 
+
+#include "envbuf.h"
+
 #define POSIX_SPAWN_PROC_TYPE_DRIVER 0x700
 int posix_spawnattr_getprocesstype_np(const posix_spawnattr_t * __restrict, int * __restrict) __API_AVAILABLE(macos(10.8), ios(6.0));
 
@@ -313,10 +316,17 @@ int posix_spawn_hook_roothide(pid_t *restrict pidp, const char *restrict path, s
 		}
 	}
 
+	// on some devices dyldhook may fail due to vm_protect(VM_PROT_READ|VM_PROT_WRITE), 2, (os/kern) protection failure in dsc::__DATA_CONST:__const, 
+	// so we need to disable dyld-in-cache here. (or we can use VM_PROT_READ|VM_PROT_WRITE|VM_PROT_COPY)
+	char **envc = envbuf_mutcopy((const char **)envp);
+	envbuf_setenv(&envc, "DYLD_IN_CACHE", "0");
+
 	int pid = 0;
-	int ret = posix_spawn_hook_shared(&pid, path, desc, argv, envp, orig, trust_binary, set_process_debugged, jetsamMultiplier);
+	int ret = posix_spawn_hook_shared(&pid, path, desc, argv, envc, orig, trust_binary, set_process_debugged, jetsamMultiplier);
 	if (pidp) *pidp = pid;
 
+	envbuf_free(envc);
+
 	// maybe caller will use it again? restore flags
 	posix_spawnattr_setflags(attrp, flags);
 
@@ -605,6 +615,11 @@ __attribute__((constructor)) static void initializer(void)
 //////////////////////////////////////////////////////////////////////
   /* after unsandboxing jbroot and applying dyldhooks */
 
+	const char* DYLD_IN_CACHE = getenv("DYLD_IN_CACHE");
+	if(strcmp(DYLD_IN_CACHE, "0") == 0) {
+		unsetenv("DYLD_IN_CACHE");
+	}
+
 	redirect_paths(JB_RootPath);
 
 	dlopen(JBROOT_PATH("/usr/lib/roothideinit.dylib"), RTLD_NOW);