v3.1

PureKFD · Aug 25, 2023 · aa2b38c · aa2b38c
1 parent d8c764c
commit aa2b38c
Show file tree

Hide file tree

Showing 18 changed files with 429 additions and 101 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/PureKFD.xcodeproj/project.pbxproj b/PureKFD.xcodeproj/project.pbxproj
@@ -27,6 +27,8 @@
 		65EE9D1F2A976C360053E865 /* offsets.m in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CCD2A976C360053E865 /* offsets.m */; };
 		65EE9D202A976C360053E865 /* vnode.m in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CCE2A976C360053E865 /* vnode.m */; };
 		65EE9D212A976C360053E865 /* proc.c in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CCF2A976C360053E865 /* proc.c */; };
+		65EE9D222A976C360053E865 /* encryptkey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CD62A976C360053E865 /* encryptkey.swift */; };
+		65EE9D232A976C360053E865 /* encrypt.swift in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CD72A976C360053E865 /* encrypt.swift */; };
 		65EE9D242A976C360053E865 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 65EE9CD82A976C360053E865 /* Assets.xcassets */; };
 		65EE9D252A976C360053E865 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 65EE9CDA2A976C360053E865 /* Preview Assets.xcassets */; };
 		65EE9D262A976C360053E865 /* pkgs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 65EE9CDC2A976C360053E865 /* pkgs.swift */; };
@@ -116,6 +118,8 @@
 		65EE9CD12A976C360053E865 /* helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = helpers.h; sourceTree = "<group>"; };
 		65EE9CD22A976C360053E865 /* grant_full_disk_access.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = grant_full_disk_access.h; sourceTree = "<group>"; };
 		65EE9CD32A976C360053E865 /* libkfd.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libkfd.h; sourceTree = "<group>"; };
+		65EE9CD62A976C360053E865 /* encryptkey.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = encryptkey.swift; sourceTree = "<group>"; };
+		65EE9CD72A976C360053E865 /* encrypt.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = encrypt.swift; sourceTree = "<group>"; };
 		65EE9CD82A976C360053E865 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 		65EE9CDA2A976C360053E865 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
 		65EE9CDC2A976C360053E865 /* pkgs.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = pkgs.swift; sourceTree = "<group>"; };
@@ -192,6 +196,7 @@
 			children = (
 				65EE9C9C2A976C360053E865 /* Repos */,
 				65EE9C9F2A976C360053E865 /* Exploit */,
+				65EE9CD52A976C360053E865 /* Misaka */,
 				65EE9CD82A976C360053E865 /* Assets.xcassets */,
 				65EE9CD92A976C360053E865 /* Preview Content */,
 				65EE9CDB2A976C360053E865 /* Pkgs */,
@@ -327,6 +332,15 @@
 			path = fun;
 			sourceTree = "<group>";
 		};
+		65EE9CD52A976C360053E865 /* Misaka */ = {
+			isa = PBXGroup;
+			children = (
+				65EE9CD62A976C360053E865 /* encryptkey.swift */,
+				65EE9CD72A976C360053E865 /* encrypt.swift */,
+			);
+			path = Misaka;
+			sourceTree = "<group>";
+		};
 		65EE9CD92A976C360053E865 /* Preview Content */ = {
 			isa = PBXGroup;
 			children = (
@@ -592,6 +606,7 @@
 			files = (
 				65EE9D2F2A976C360053E865 /* Alert++.swift in Sources */,
 				65EE9D122A976C360053E865 /* jit.m in Sources */,
+				65EE9D232A976C360053E865 /* encrypt.swift in Sources */,
 				65EE9D1D2A976C360053E865 /* thanks_opa334dev_htrowii.m in Sources */,
 				65EE9D152A976C360053E865 /* helpers.m in Sources */,
 				65EE9D1E2A976C360053E865 /* krw.c in Sources */,
@@ -616,6 +631,7 @@
 				65EE9D132A976C360053E865 /* vm_unaligned_copy_switch_race.c in Sources */,
 				65EE9D4B2A976C360053E865 /* Images.swift in Sources */,
 				65EE9D2A2A976C360053E865 /* deps.swift in Sources */,
+				65EE9D222A976C360053E865 /* encryptkey.swift in Sources */,
 				65EE9D192A976C360053E865 /* fun.m in Sources */,
 				65EE9D1C2A976C360053E865 /* utils.m in Sources */,
 				65EE9D102A976C360053E865 /* Misaka.swift in Sources */,

diff --git a/...odeproj/project.xcworkspace/xcuserdata/lrdsnow.xcuserdatad/UserInterfaceState.xcuserstate b/...odeproj/project.xcworkspace/xcuserdata/lrdsnow.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/PureKFD/.DS_Store b/PureKFD/.DS_Store
diff --git a/PureKFD/Cluckabunga/UsefulFunctions.swift b/PureKFD/Cluckabunga/UsefulFunctions.swift
@@ -76,7 +76,7 @@ class UsefulFunctions {
                 //respring()
             }
 
-            sleep(2) // give the springboard some time to restart before exiting
+            //sleep(2) // give the springboard some time to restart before exiting
             exit(0)
         }
 

diff --git a/PureKFD/ContentView.swift b/PureKFD/ContentView.swift
@@ -171,6 +171,38 @@ enum SelectedItem: Hashable {
 
 @main
 struct RepoApp: App {
+    init() {
+        // CleanUP
+        let fileManager = FileManager.default
+        let documentsDirectory = fileManager.urls(for: .documentDirectory, in: .userDomainMask).first!
+        let extractedFolderPath = documentsDirectory.appendingPathComponent("Misaka/Extracted")
+        let downloadFolderPath = documentsDirectory.appendingPathComponent("Misaka/Download")
+        let zipFileURL = documentsDirectory.appendingPathComponent("Misaka/downloaded.zip")
+        do {
+            try fileManager.removeItem(atPath: extractedFolderPath.path)
+        } catch {
+            print("")
+        }
+        do {
+            try fileManager.removeItem(at: downloadFolderPath)
+        } catch {
+            print("")
+        }
+        do {
+            try fileManager.removeItem(at: zipFileURL)
+        } catch {
+            print("")
+        }
+        // MDC Grant Full Disk
+        if checkiOSVersionRange() == .mdc {
+            grant_full_disk_access() { error in
+                if (error != nil) {
+                    UIApplication.shared.alert(body: "\(String(describing: error?.localizedDescription))\nPlease close the app and retry.")
+                    return
+                }
+            }
+        }
+    }
     var body: some Scene {
         WindowGroup {
             ContentView()
@@ -602,10 +634,77 @@ func checkiOSVersionRange() -> iOSVersionRange {
     return .other
 }
 
+class UserSettings: ObservableObject {
+    @Published var autoRespring: Bool {
+        didSet {
+            UserDefaults.standard.set(autoRespring, forKey: "autoRespring")
+        }
+    }
+    @Published var dev: Bool {
+        didSet {
+            UserDefaults.standard.set(dev, forKey: "dev")
+        }
+    }
+    @Published var exploit_method: Int {
+        didSet {
+            UserDefaults.standard.set(exploit_method, forKey: "exploit_method")
+        }
+    }
+    @Published var enforce_exploit_method: Bool {
+        didSet {
+            UserDefaults.standard.set(enforce_exploit_method, forKey: "enforce_exploit_method")
+        }
+    }
+
+    @Published var puafPagesIndex: Int {
+        didSet {
+            UserDefaults.standard.set(puafPagesIndex, forKey: "puafPagesIndex")
+        }
+    }
+    @Published var puafMethod: Int {
+        didSet {
+            UserDefaults.standard.set(puafMethod, forKey: "puafMethod")
+        }
+    }
+    @Published var kreadMethod: Int {
+        didSet {
+            UserDefaults.standard.set(kreadMethod, forKey: "kreadMethod")
+        }
+    }
+    @Published var kwriteMethod: Int {
+        didSet {
+            UserDefaults.standard.set(kwriteMethod, forKey: "kwriteMethod")
+        }
+    }
+    @Published var puafPages: Int {
+        didSet {
+            UserDefaults.standard.set(puafPages, forKey: "puafPages")
+        }
+    }
+    @Published var RespringMode: Int {
+        didSet {
+            UserDefaults.standard.set(RespringMode, forKey: "RespringMode")
+        }
+    }
+
+    init() {
+        self.autoRespring = UserDefaults.standard.bool(forKey: "autoRespring")
+        self.dev = UserDefaults.standard.bool(forKey: "dev")
+        self.exploit_method = UserDefaults.standard.integer(forKey: "exploit_method")
+        self.enforce_exploit_method = UserDefaults.standard.bool(forKey: "enforce_exploit_method")
+        self.puafPagesIndex = UserDefaults.standard.integer(forKey: "puafPagesIndex")
+        self.puafMethod = UserDefaults.standard.integer(forKey: "puafMethod")
+        self.kreadMethod = UserDefaults.standard.integer(forKey: "kreadMethod")
+        self.kwriteMethod = UserDefaults.standard.integer(forKey: "kwriteMethod")
+        self.puafPages = UserDefaults.standard.integer(forKey: "puafPages")
+        self.RespringMode = UserDefaults.standard.integer(forKey: "RespringMode")
+    }
+}
+
+
 struct HomeView: View {
+    @StateObject private var userSettings = UserSettings()
     @State private var autoRespring = true
-    @State private var kopened = false
-    @State private var enableResSet = false
     @State private var exploit_method = 0
     @State private var enforce_exploit_method = false
 
@@ -622,8 +721,8 @@ struct HomeView: View {
     var body: some View {
             Form {
                 Section(header: Text("General Options")) {
-                    ToggleSettingView(title: "Respring on Apply", isOn: $autoRespring)
-                    ToggleSettingView(title: "Developer Mode", isOn: $dev)
+                    ToggleSettingView(title: "Respring on Apply", isOn: $userSettings.autoRespring)
+                    ToggleSettingView(title: "Developer Mode", isOn: $userSettings.dev)
                 }
 
                 Section(header: Text("Actions")) {
@@ -637,11 +736,7 @@ struct HomeView: View {
                                     } else if checkiOSVersionRange() == .kfd {
                                         exploit_method = 0
                                     } else {
-                                        exploit_method = -1
-                                        UIApplication.shared.dismissAlert(animated: false)
-                                        DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
-                                            UIApplication.shared.alert(title: "Unsupported!!!", body: "Device not in support range!", animated: false, withButton: true)
-                                        }
+                                        exploit_method = 2
                                     }
                                 }
 
@@ -651,7 +746,6 @@ struct HomeView: View {
                                         fix_exploit()
                                     }
 
-
                                     applyAllTweaks(exploit_method: exploit_method)
 
 
@@ -664,7 +758,7 @@ struct HomeView: View {
                                     if autoRespring {
                                         if RespringMode == 0 {
                                             backboard_respring()
-                                        } else {
+                                        } else if RespringMode == 1 {
                                             respring()
                                         }
                                     }
@@ -705,14 +799,14 @@ struct HomeView: View {
                             .tint(.purple)
                     }
                     NavigationLink(destination: SettingsView(
-                        puafPagesIndex: $puafPagesIndex,
-                        puafMethod: $puafMethod,
-                        kreadMethod: $kreadMethod,
-                        kwriteMethod: $kwriteMethod,
-                        puafPages: $puafPages,
-                        RespringMode: $RespringMode,
-                        exploit_method: $exploit_method, 
-                        enforce_exploit_method: $enforce_exploit_method
+                        puafPagesIndex: $userSettings.puafPagesIndex,
+                        puafMethod: $userSettings.puafMethod,
+                        kreadMethod: $userSettings.kreadMethod,
+                        kwriteMethod: $userSettings.kwriteMethod,
+                        puafPages: $userSettings.puafPages,
+                        RespringMode: $userSettings.RespringMode,
+                        exploit_method: $userSettings.exploit_method,
+                        enforce_exploit_method: $userSettings.enforce_exploit_method
                     )) {
                         Image(systemName: "gearshape.fill")
                             .font(.system(size: 20))
@@ -822,7 +916,7 @@ struct SettingsView: View {
     private let kreadMethodOptions = ["kqueue_workloop_ctl", "sem_open"]
     private let kwriteMethodOptions = ["dup", "sem_open"]
     private let RespringOptions = ["Backboard Respring", "Frontboard Respring"]
-    private let ExploitOptions = ["KFD", "MDC"]
+    private let ExploitOptions = ["KFD", "MDC", "TrollStore"]
 
     var body: some View {
         Form {

diff --git a/PureKFD/Exploit/MDC/grant_full_disk_access.m b/PureKFD/Exploit/MDC/grant_full_disk_access.m
@@ -350,7 +350,7 @@ static void grant_full_disk_access_impl(void (^completion)(NSString* extension_t
   munmap(targetMap, targetLength);
 
   xpc_crasher("com.apple.tccd");
-  sleep(1);
+  usleep(1);
   call_tccd(^(NSString* _Nullable extension_token) {
     overwrite_file(fd, originalData);
     xpc_crasher("com.apple.tccd");
@@ -601,7 +601,7 @@ bool patch_installd() {
   }
   munmap(targetMap, targetLength);
   xpc_crasher("com.apple.mobile.installd");
-  sleep(1);
+  usleep(1);
 
   // TODO(zhuowei): for now we revert it once installd starts
   // so the change will only last until when this installd exits

diff --git a/PureKFD/Exploit/MDC/jit.m b/PureKFD/Exploit/MDC/jit.m
@@ -83,7 +83,7 @@ int jit(int argc, char *argv[]) {
 
 sprintf(packet, "$vAttach;%" PRIx64 "#d4", (uint64_t)pid);
    send(sock, packet, strlen(packet), 0);
-sleep(2);
+//sleep(2);
 /*sprintf(packet, "$z0,1ce6fc0f8,4#fc");
    send(sock, packet, strlen(packet), 0);
 

diff --git a/PureKFD/Exploit/MDC/vm_unaligned_copy_switch_race.c b/PureKFD/Exploit/MDC/vm_unaligned_copy_switch_race.c
@@ -67,7 +67,7 @@ switcheroo_thread(__unused void *arg)
             VM_INHERIT_DEFAULT);
         T_QUIET; T_EXPECT_MACH_SUCCESS(kr, " vm_map() RW");
         /* wait a little bit */
-        usleep(100);
+        usleep(1);
         /* switch bakc to original RO mapping */
         kr = vm_map(mach_task_self(),
             &ctx->e0,
@@ -83,7 +83,7 @@ switcheroo_thread(__unused void *arg)
         T_QUIET; T_EXPECT_MACH_SUCCESS(kr, " vm_map() RO");
         /* tell main thread we're don switching mappings */
         pthread_mutex_unlock(&ctx->mtx);
-        usleep(100);
+        usleep(1);
     }
     return NULL;
 }
@@ -293,7 +293,7 @@ bool unaligned_copy_switch_race(int file_to_overwrite, off_t file_offset, const
         /* let the racing thread go */
         pthread_mutex_unlock(&ctx->mtx);
         /* wait a little bit */
-        usleep(100);
+        usleep(1);
 
         /* trigger copy_unaligned while racing with other thread */
         kr = vm_read_overwrite(mach_task_self(),

diff --git a/PureKFD/Exploit/MacDirtyCowSwift.swift b/PureKFD/Exploit/MacDirtyCowSwift.swift
@@ -9,6 +9,49 @@ import Foundation
 import UIKit
 
 public class MDC {
+    public static func xpcRestart() {
+        let processes = [
+            "com.apple.cfprefsd.daemon",
+            "com.apple.backboard.TouchDeliveryPolicyServer"
+        ]
+        for process in processes {
+            var cString = process.cString(using: .utf8)
+            cString!.withUnsafeMutableBytes { cStringBuffer in
+                if let ptr = cStringBuffer.baseAddress?.assumingMemoryBound(to: CChar.self) {
+                    xpc_crasher(ptr)
+                } else {
+                    print("Error getting pointer to C-style string.")
+                }
+            }
+        }
+    }
+
+    public static func createPlist(at url: URL, height: Int, width: Int) throws {
+        let 💀 : [String: Any] = [
+            "canvas_height": height,
+            "canvas_width": width,
+        ]
+        let data = NSDictionary(dictionary: 💀)
+        data.write(toFile: url.path, atomically: true)
+    }
+
+    public static func setResolution(height: Int, width: Int) {
+        do {
+            let tmpPlistURL = URL(fileURLWithPath: "/var/tmp/com.apple.iokit.IOMobileGraphicsFamily.plist")
+            try? FileManager.default.removeItem(at: tmpPlistURL)
+
+            try createPlist(at: tmpPlistURL, height: height, width: width)
+
+            let aliasURL = URL(fileURLWithPath: "/private/var/mobile/Library/Preferences/com.apple.iokit.IOMobileGraphicsFamily.plist")
+            try? FileManager.default.removeItem(at: aliasURL)
+            try FileManager.default.createSymbolicLink(at: aliasURL, withDestinationURL: tmpPlistURL)
+
+            xpcRestart()
+        } catch {
+            UIApplication.shared.alert(body: error.localizedDescription)
+        }
+    }
+
     public enum MDCOverwriteError: Error, LocalizedError {
         case unknown
         case ram

diff --git a/PureKFD/Exploit/fun/proc.c b/PureKFD/Exploit/fun/proc.c
@@ -14,12 +14,12 @@
 #import "common.h"
 
 u64 getProc(pid_t pid) {
-    usleep(200);
+    usleep(10);
     print_message("get_kernproc");
     u64 proc = get_kernproc();
 
     while (true) {
-        usleep(200);
+        usleep(10);
         if(kread32(proc + off_p_pid) == pid) {
             return proc;
         }