first commit

.gitignore

@@ -0,0 +1,3 @@
+.theos/
+packages/
+.DS_Store

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Nightwind
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,12 @@
+TARGET := iphone:clang:latest:7.0
+ARCHS = arm64
+
+include $(THEOS)/makefiles/common.mk
+
+TOOL_NAME = oldabichecker
+
+oldabichecker_FILES = main.c
+oldabichecker_CODESIGN_FLAGS = -Sentitlements.plist
+oldabichecker_INSTALL_PATH = /usr/local/bin
+
+include $(THEOS_MAKE_PATH)/tool.mk

README.md

@@ -0,0 +1,26 @@
+# oldabichecker
+A tool to check whether an executable is compiled with the old or new arm64e ABI.
+
+Includes a Filza script for ease-of-use, located at `/var/mobile/Library/Filza/scripts/oldabichecker.script`.
+
+### How to use
+In your terminal, run `oldabichecker` to see the expected input. Verbose logging is available via the `-v` flag to show the type of Mach-O executable (`FAT` or `thinned`). Alternatively, if you have [Filza](https://www.tigisoftware.com/default/?page_id=78), you can run the `oldabichecker` script on an executable and the output will be shown within Filza's alert.
+
+### How to install
+Head over to the [Releases](https://github.com/NightwindDev/oldabichecker/releases) section and download the correct `.deb` for your device.
+
+### How to compile manually
+Make sure you have [Theos](https://github.com/theos/theos) installed and configured.
+
+Clone the repo and run the command you need:
+```bash
+# To build for rootful
+make clean package FINALPACKAGE=1
+# To build for rootless
+make clean package THEOS_PACKAGE_SCHEME=rootless FINALPACKAGE=1
+```
+
+#### License
+This project is licensed under [MIT](LICENSE).
+
+###### Copyright (c) 2024 Nightwind. All rights reserved.

control

@@ -0,0 +1,9 @@
+Package: com.nightwind.oldabichecker
+Name: oldabichecker
+Version: 0.0.1
+Architecture: iphoneos-arm
+Description: A tool to check whether an executable is compiled with the old or new arm64e ABI. Includes a Filza script for ease-of-use.
+Maintainer: Nightwind
+Author: Nightwind
+Section: System
+Tag: role::hacker

entitlements.plist

@@ -0,0 +1,9 @@
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>platform-application</key>
+    <true/>
+    <key>com.apple.private.security.container-required</key>
+    <false/>
+</dict>
+</plist>

layout/DEBIAN/postinst

@@ -0,0 +1,5 @@
+#!/bin/sh
+if [ -d /var/mobile/Library/Filza/scripts ]; then
+	echo "Adding oldabichecker.script to Filza's scripts directory."
+	echo "oldabichecker \"\$1\"" > /var/mobile/Library/Filza/scripts/oldabichecker.script
+fi

layout/DEBIAN/postrm

@@ -0,0 +1,5 @@
+#!/bin/sh
+if [ -f /var/mobile/Library/Filza/scripts/oldabichecker.script ]; then
+	echo "Removing oldabichecker.script from Filza directory."
+	rm /var/mobile/Library/Filza/scripts/oldabichecker.script
+fi

main.c

@@ -0,0 +1,127 @@
+/**
+ * Copyright (c) 2024 Nightwind. All rights reserved.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+#include <mach/mach.h>
+#include <mach-o/fat.h>
+#include <mach-o/loader.h>
+
+// Define the subtypes (credits to OldABI by evelyneee)
+//	https://github.com/evelyneee/OldABI/blob/main/OldABI.swift
+#define CPU_SUBTYPE_ARM64E_OLD_ABI 0x2000000
+#define CPU_SUBTYPE_ARM64E_NEW_ABI 0x2000080
+
+int main(int argc, char *argv[], char *envp[]) {
+	// Check args
+	if (argc != 2 && argc != 3) {
+		fprintf(stderr, "\nExpected: oldabichecker <path/to/executable>\n\tAdd -v to the end for verbose logging\n\n");
+		return EXIT_FAILURE;
+	}
+
+	// Get path to executable
+	const char *path_to_exec = argv[1];
+	// Verbose logging, false by default
+	bool verbose = false;
+
+	// If the user passes in -v as the third argument, set verbose logging to true
+	if (argc == 3 && !strcmp(argv[2], "-v")) {
+		verbose = true;
+	}
+
+	// If the file can't be accessed, throw error
+	if (access(path_to_exec, R_OK) == -1) {
+		fprintf(stderr, "Failed to access executable at path \"%s\"\n", path_to_exec);
+		return EXIT_FAILURE;
+	}
+
+	// Getting the file descriptor for the file in readonly mode
+	int fd = open(path_to_exec, O_RDONLY);
+
+	// If the file wasn't correctly opened, throw error and clean up
+	if (fd == -1) {
+		fprintf(stderr, "Failed to open executable at path \"%s\", error: %s\n", path_to_exec, strerror(errno));
+		close(fd);
+		return EXIT_FAILURE;
+	}
+
+	// Get the file size
+	const off_t file_size = lseek(fd, 0, SEEK_END);
+	// Come back to beginning of file
+	lseek(fd, 0, SEEK_SET);
+
+	// Map the Mach-O in memory
+	void *map = mmap(NULL, file_size, PROT_READ, MAP_PRIVATE, fd, 0);
+
+	// If the mapping failed, throw error and clean up
+	if (map == MAP_FAILED) {
+		fprintf(stderr, "Failed to map file!\n");
+		perror("mmap");
+		munmap(map, file_size);
+		close(fd);
+		return EXIT_FAILURE;
+	}
+
+	// Interpret the map as a 64 bit mach header
+	const struct mach_header_64 *mh = (const struct mach_header_64 *)map;
+
+	// If the Mach-O is a FAT type, then more work needs to be done
+	if (mh->magic == FAT_CIGAM || mh->magic == FAT_MAGIC) {
+		if (verbose) fprintf(stdout, "FAT file, finding arm64e slice...\n");
+
+		// Interpret the map as a fat_header
+		const struct fat_header *fh = (const struct fat_header *)map;
+		// Get the first arch from the fat_header
+		struct fat_arch *arch = (struct fat_arch *)(map + sizeof(struct fat_header));
+
+		// Loop over the arches in the fat_header
+		for (uint32_t i = 0; i < OSSwapBigToHostInt32(fh->nfat_arch); ++i) {
+			// Interpret each arch as a slice header
+			const struct mach_header_64 *sh = (const struct mach_header_64 *)(map + OSSwapBigToHostInt32(arch->offset));
+
+			// Print the ABI type if the corresponding subtype is found
+			if (OSSwapBigToHostInt32(sh->cpusubtype) == CPU_SUBTYPE_ARM64E_OLD_ABI) {
+				fprintf(stdout, "Found old ABI.\n");
+				goto cleanup;
+			} else if (OSSwapBigToHostInt32(sh->cpusubtype) == CPU_SUBTYPE_ARM64E_NEW_ABI) {
+				fprintf(stdout, "Found new ABI.\n");
+				goto cleanup;
+			}
+
+			// Move on to the next arch
+			arch += 1;
+		}
+
+		// If there was no arm64e slice found, then inform user
+		fprintf(stdout, "No arm64e slice found!\n");
+	} else if (mh->magic == MH_MAGIC_64 || mh->magic == MH_CIGAM_64) {
+		// If the program is dealing with a thinned (non FAT) Mach-O, run the operations directly
+
+		if (verbose) fprintf(stdout, "Thinned file, running directly\n");
+
+		// Print the ABI type if the corresponding subtype is found
+		// If there is no arm64e slice found, then inform user
+		if (OSSwapBigToHostInt32(mh->cpusubtype) == CPU_SUBTYPE_ARM64E_OLD_ABI) {
+			fprintf(stdout, "Found old ABI.\n");
+		} else if (OSSwapBigToHostInt32(mh->cpusubtype) == CPU_SUBTYPE_ARM64E_NEW_ABI) {
+			fprintf(stdout, "Found new ABI.\n");
+		} else {
+			fprintf(stdout, "No arm64e slice found!\n");
+		}
+	} else {
+		fprintf(stderr, "File is not an executable! Make sure you're running the program on an executable file and not a .deb file.\n");
+	}
+
+	// Clean up after ourselves
+cleanup:
+	munmap(map, file_size);
+	close(fd);
+
+	return EXIT_SUCCESS;
+}