From 5097e5be9a83f6c5452bd28fd7d5529a86209fdf Mon Sep 17 00:00:00 2001 From: roothider <158083651+roothider@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:48:57 +0800 Subject: [PATCH] fixed jailbreak not working on some devices --- Application/Dopamine/Jailbreak/DOJailbreaker.m | 2 ++ BaseBin/launchdhook/src/spawn_hook.c | 9 ++++++++- BaseBin/libjailbreak/src/deny.m | 2 -- BaseBin/libjailbreak/src/util.c | 6 ++++-- BaseBin/systemhook/src/main.c | 17 ++++++++++++++++- 5 files changed, 30 insertions(+), 6 deletions(-) diff --git a/Application/Dopamine/Jailbreak/DOJailbreaker.m b/Application/Dopamine/Jailbreak/DOJailbreaker.m index 76ac8bcdf..f2adc560c 100644 --- a/Application/Dopamine/Jailbreak/DOJailbreaker.m +++ b/Application/Dopamine/Jailbreak/DOJailbreaker.m @@ -594,6 +594,8 @@ - (void)runWithError:(NSError **)errOut didRemoveJailbreak:(BOOL*)didRemove show *errOut = [self injectLaunchdHook]; if (*errOut) return; + // don't use dyld-in-cache due to dyldhooks + setenv("DYLD_IN_CACHE", "0", 1); // don't load tweak during jailbreaking setenv("DISABLE_TWEAKS", "1", 1); // using the stock path during jailbreaking diff --git a/BaseBin/launchdhook/src/spawn_hook.c b/BaseBin/launchdhook/src/spawn_hook.c index a884bbc7e..4ec2319c2 100644 --- a/BaseBin/launchdhook/src/spawn_hook.c +++ b/BaseBin/launchdhook/src/spawn_hook.c @@ -274,10 +274,17 @@ int __posix_spawn_hook(pid_t *restrict pidp, const char *restrict path, struct _ posix_spawnattr_setflags(attrp, flags | POSIX_SPAWN_START_SUSPENDED); } + // on some devices dyldhook may fail due to vm_protect(VM_PROT_READ|VM_PROT_WRITE), 2, (os/kern) protection failure in dsc::__DATA_CONST:__const, + // so we need to disable dyld-in-cache here. (or we can use VM_PROT_READ|VM_PROT_WRITE|VM_PROT_COPY) + char **envc = envbuf_mutcopy((const char **)envp); + envbuf_setenv(&envc, "DYLD_IN_CACHE", "0"); + int pid = 0; if (!pidp) pidp = &pid; - int ret = posix_spawn_hook_shared(pidp, path, desc, argv, envp, __posix_spawn_orig_wrapper, systemwide_trust_binary, platform_set_process_debugged, jbsetting(jetsamMultiplier)); + int ret = posix_spawn_hook_shared(pidp, path, desc, argv, envc, __posix_spawn_orig_wrapper, systemwide_trust_binary, platform_set_process_debugged, jbsetting(jetsamMultiplier)); pid = *pidp; + + envbuf_free(envc); posix_spawnattr_setflags(attrp, flags); // maybe caller will use it again? diff --git a/BaseBin/libjailbreak/src/deny.m b/BaseBin/libjailbreak/src/deny.m index 70f517bf0..b89f7e016 100644 --- a/BaseBin/libjailbreak/src/deny.m +++ b/BaseBin/libjailbreak/src/deny.m @@ -45,8 +45,6 @@ NSString *identifier = appInfo[@"CFBundleIdentifier"]; if (!identifier) return nil; - JBLogDebug("spawn app [%s] %s", identifier.UTF8String, path); - return identifier; } diff --git a/BaseBin/libjailbreak/src/util.c b/BaseBin/libjailbreak/src/util.c index b88a26794..2080cf052 100644 --- a/BaseBin/libjailbreak/src/util.c +++ b/BaseBin/libjailbreak/src/util.c @@ -584,8 +584,10 @@ int __exec_cmd_internal_va(bool suspended, bool root, bool waitForExit, pid_t *p } //force - posix_spawnattr_setflags(&attr, POSIX_SPAWN_START_SUSPENDED); - + short flags=0; + posix_spawnattr_getflags(&attr, &flags); + posix_spawnattr_setflags(&attr, flags | POSIX_SPAWN_START_SUSPENDED); + pid_t spawnedPid = 0; int spawnError = posix_spawn(&spawnedPid, binary, NULL, &attr, (char *const *)argv, environ); if (attr) posix_spawnattr_destroy(&attr); diff --git a/BaseBin/systemhook/src/main.c b/BaseBin/systemhook/src/main.c index 92e3a2a90..9f4a1063e 100644 --- a/BaseBin/systemhook/src/main.c +++ b/BaseBin/systemhook/src/main.c @@ -272,6 +272,9 @@ bool should_enable_tweaks(void) return true; } + +#include "envbuf.h" + #define POSIX_SPAWN_PROC_TYPE_DRIVER 0x700 int posix_spawnattr_getprocesstype_np(const posix_spawnattr_t * __restrict, int * __restrict) __API_AVAILABLE(macos(10.8), ios(6.0)); @@ -313,10 +316,17 @@ int posix_spawn_hook_roothide(pid_t *restrict pidp, const char *restrict path, s } } + // on some devices dyldhook may fail due to vm_protect(VM_PROT_READ|VM_PROT_WRITE), 2, (os/kern) protection failure in dsc::__DATA_CONST:__const, + // so we need to disable dyld-in-cache here. (or we can use VM_PROT_READ|VM_PROT_WRITE|VM_PROT_COPY) + char **envc = envbuf_mutcopy((const char **)envp); + envbuf_setenv(&envc, "DYLD_IN_CACHE", "0"); + int pid = 0; - int ret = posix_spawn_hook_shared(&pid, path, desc, argv, envp, orig, trust_binary, set_process_debugged, jetsamMultiplier); + int ret = posix_spawn_hook_shared(&pid, path, desc, argv, envc, orig, trust_binary, set_process_debugged, jetsamMultiplier); if (pidp) *pidp = pid; + envbuf_free(envc); + // maybe caller will use it again? restore flags posix_spawnattr_setflags(attrp, flags); @@ -605,6 +615,11 @@ __attribute__((constructor)) static void initializer(void) ////////////////////////////////////////////////////////////////////// /* after unsandboxing jbroot and applying dyldhooks */ + const char* DYLD_IN_CACHE = getenv("DYLD_IN_CACHE"); + if(strcmp(DYLD_IN_CACHE, "0") == 0) { + unsetenv("DYLD_IN_CACHE"); + } + redirect_paths(JB_RootPath); dlopen(JBROOT_PATH("/usr/lib/roothideinit.dylib"), RTLD_NOW);