Spaghetti (#6)

* feat: working monitor + update

* docs: Update README

* feat: Version checks

* feat: Helper enable/disable scripts

* feat: Resolve SSL traffic issue

.gitignore

@@ -6,3 +6,4 @@ releases
 .DS_Store
 *.dylib
 .theos
+local

README.md

@@ -4,7 +4,7 @@
 
 A monitor solution for jailbroken iOS devices. The core goal of this project is to make sure a specific iOS application is constantly running without needed to use Single App Mode (SAM) or Guided Access Mode (GAM).
 
-A `./bin/setup` script is included to help with initial configuration of a jailbroken device.
+A script, `./bin/setup`, is included to help with initial configuration of a jailbroken device.
 
 Lastly, in the future I would like to include a way to handle updates for the various components.
 
@@ -17,44 +17,73 @@ If you only care about the monitoring component from this repo you can grab the
 1. Run `dpkg -i com.github.clburlison.dmon-XXX.deb`
 1. The LaunchDaemon service will now monitor to make sure all components are properly running
 
+## Prerequisites
+
+- A Mac
+- A jailbroken iPhone that is supervised
+- Apple Command Line Tools (`xcode-select --install`)
+- imobiledevice tools (`brew install libimobiledevice`)
+- Optional but **highly recommend** creating a ssh keypair
+- Setup your ssh config entry. This makes your life much easier as ssh sessions can be remembered.
+
+  ```sh
+  cat ~/.ssh/config
+  Host iphone
+    HostName localhost
+    User root
+    Port 2222
+    StrictHostKeyChecking no
+
+  Host *
+    ControlMaster auto
+    ControlPath /tmp/%r@%h:%p
+    ControlPersist 1800
+  ```
+
 ## Getting started
 
 It is assumed you know your way around a command line. All commands are run on your computer connected to a single iOS device. While it is possible to do some of this manually on a jailbroken iOS device that is pron to human error.
 
 1. Grab a valid iOS 14+ device and jailbreak it: https://ios.cfw.guide/get-started/select-iphone/
-1. Clone this git repo
+1. Clone this git repo.
 
    ```sh
    git clone https://github.com/clburlison/dmon
    ```
 
-1. Change directory into the freshly cloned repo
+1. Change directory into the freshly cloned repo.
 
    ```sh
    cd dmon
    ```
 
-1. Create a `config.json` at the root of this repo with the correct values
+1. Create a `config.json` at the root of this repo with the correct values.
+
+   Make sure to remove all `// comments` before saving. They are not valid json!
 
    ```json
    {
-     "api_key": "YOUR_GC_API_KEY",
-     "device_configuration_manager_url": "https://my_awesome_DCM_url"
+     "api_key": "YOUR_API_KEY",
+     "device_configuration_manager_url": "https://YOUR_AWESOME_DCM_URL",
+     "dmon_url": "https://YOUR_URL:PORT/path/", // Url to download update files from
+     "dmon_username": "username", // Basic Auth username. Leave empty if not used
+     "dmon_password": "password" // Basic Auth password. Leave empty if not used
    }
    ```
 
-1. Download any extra .deb files you want installed into the `./debs/` directory. These are installed based on file name IE 01_foobar.deb, 02_curl.deb, etc.
-
-   > Substitute is installed as part of the `setup` script
+1. Download any extra .deb files you want installed into the `./debs/` directory.
 
    debs to include:
 
+   - https://apt.bingner.com/debs/1443.00/com.ex.substitute_2.3.1_iphoneos-arm.deb
+   - https://apt.bingner.com/debs/1443.00/com.saurik.substrate.safemode_0.9.6005_iphoneos-arm.deb
    - https://repo.spooferpro.com/debs/com.spooferpro.kernbypass_1.1.0_iphoneos-arm64.deb
-   - Potentially any paid/private debs. nudge, nudge, wink, wink
+   - https://github.com/clburlison/dmon/releases
    - (Optional) https://cydia.akemi.ai/debs/nodelete-ai.akemi.appsyncunified.deb
    - (Optional) https://cydia.akemi.ai/debs/nodelete-ai.akemi.appinst.deb
+   - **Potentially any paid/private debs. nudge, nudge, wink, wink**
 
-1. Grab a copy of Pokemon Go via [majd/ipatool](https://github.com/majd/ipatool)
+1. Grab a copy of Pokemon Go via [majd/ipatool](https://github.com/majd/ipatool).
 
    ```sh
    brew tap majd/repo
@@ -63,8 +92,8 @@ It is assumed you know your way around a command line. All commands are run on y
    ipatool download --purchase -b com.nianticlabs.pokemongo -o pogo.ipa
    ```
 
-1. Connect your iOS device to your computer via USB
-1. Open Terminal and run (remember to only have one phone connected)
+1. Connect your iOS device to your computer via USB.
+1. Open Terminal and run (remember to only have one phone connected).
 
    ```sh
    # Alteratively you can pass -u <device-uuid> if multiple phones are connected
@@ -75,13 +104,14 @@ It is assumed you know your way around a command line. All commands are run on y
 
    ```sh
    ssh root@localhost -p 2222 # default password is 'alpine'
+   # Now disconnect with: Control + d
    ```
 
-1. In a third terminal window run:
+1. Now run:
 
    ```sh
    ./bin/setup
-   # If you want to setup passwordless ssh then pass the argument with the path to your key
+   # If you want to setup passwordless ssh then pass the argument with the path to your public key
    ./bin/setup -s ~/.ssh/main.pub
    ```
 
@@ -97,9 +127,51 @@ Bonus items that are out of scope for this project.
 
 - All testing has been completed with iOS 15 using palera1n
 - Only confirmed on older A9 processors aka iPhone SE first gen
-- DEB Package is build on macOS Ventura
+- DEB Package is built on macOS Ventura
+
+## Commonly asked questions
+
+### Why didn't you use Theos to build the deb?
+
+I was expecting to add a few external compiled binaries and didn't want to read a ton of documentation. Things changed and now I'm too lazy to rewrite.
+
+### How can I stop it?!?!
+
+1. Close Pokemon Go on the phone
+2. ssh into the phone & unload the launch daemon
+
+   ```sh
+   ssh iphone
+   /usr/bin/launchctl unload /Library/LaunchDaemons/com.github.clburlison.dmon.plist
+   ```
+
+### How do I setup the webserver?
+
+It is a flat structure. You can use nginx, apache, caddy, python, node, etc. Your files should be named like this:
+
+```sh
+top_level_folder
+├── gc.deb
+├── pogo.ipa
+└── version.txt
+```
+
+Then in your config point `dmon_url` to `http://HOSTNAME:PORT/top_level_folder`.
+
+### Why did you reuse the existing `config.json`?
+
+This isn't a pure solution. I am lazy. Now bugger off.
+
+### Why didn't you include the debs I need?
+
+I don't have the original authors permissions to upload their files.
+
+### Why is my https url not working?
+
+We are using the stock CA Certificates installed as part of the iOS jailbreak. The Procursus Team placed files in `/usr/lib/ssl/cacert.pem` and I figured it would be safe to keep using them. Those root certs might have expired and need an update.
 
 ## References
 
 - [dm.pl](https://github.com/theos/dm.pl)
+- [theos](https://theos.dev)
 - [appknox/Open](https://github.com/appknox/Open) which was originally from [conradev/Open](https://github.com/conradev/Open)

bin/disable

@@ -0,0 +1,3 @@
+#!/usr/bin/env zsh
+
+ssh iphone "/usr/bin/launchctl unload /Library/LaunchDaemons/com.github.clburlison.dmon.plist"

bin/enable

@@ -0,0 +1,3 @@
+#!/usr/bin/env zsh
+
+ssh iphone "/usr/bin/launchctl load /Library/LaunchDaemons/com.github.clburlison.dmon.plist"

bin/setup

@@ -1,6 +1,6 @@
 #!/bin/zsh
 ############################################
-# Version 0.0.3
+# Version 0.0.4
 ############################################
 SCRIPT_NAME=$(basename $0)
 # Make sure this is always ran from the parent directory path.
@@ -12,7 +12,7 @@ while getopts 's:' OPTION; do
     s)
       SSH_KEY_PATH="$OPTARG"
       echo Setting up ssh passwordless auth with: "$SSH_KEY_PATH"
-      ssh root@localhost -p 2222 'mkdir ~/.ssh'
+      ssh -p 2222 root@localhost 'mkdir ~/.ssh'
       scp -P 2222 "$SSH_KEY_PATH" root@localhost:~/.ssh/authorized_keys
       ;;
     ?)
@@ -23,29 +23,30 @@ while getopts 's:' OPTION; do
 done
 shift "$(($OPTIND -1))"
 
-echo Installing Pogo
-ideviceinstaller -i ./pogo.ipa
+# If local copy of Pogo exists then install it now
+if test -f "./pogo.ip"; then
+    echo Installing Pogo
+    ideviceinstaller -i ./pogo.ipa
+fi
 
-# echo Install Substitute
+# echo Install Substitute. This spaghetti is not reliable. Use the debs!
 # Requires https://repo.palera.in which should be added by default
-ssh root@localhost -p 2222 'apt update'
-ssh root@localhost -p 2222 'apt upgrade -y --allow-unauthenticated'
-ssh root@localhost -p 2222 'apt install -y --allow-unauthenticated com.saurik.substrate.safemode'
-ssh root@localhost -p 2222 'apt install -y --allow-unauthenticated com.ex.substitute'
+# ssh root@localhost -p 2222 'apt update'
+# ssh root@localhost -p 2222 'apt upgrade -y --allow-unauthenticated'
+# ssh root@localhost -p 2222 'apt install -y --allow-unauthenticated com.saurik.substrate.safemode'
+# ssh root@localhost -p 2222 'apt install -y --allow-unauthenticated com.ex.substitute'
 
-for f in ./debs/*
-do
-if [[ "$f" = *\.deb* ]]
-then
-  echo Installing $f
-  scp -P 2222 $f root@localhost:~/
-  ssh root@localhost -p 2222 "dpkg -i $(basename $f)"
-fi
-done
+echo Copying over all debs
+scp -P 2222 -r ./debs root@localhost:~/
+echo Installing all debs
+ssh -p 2222 root@localhost "dpkg -i *.deb"
 
 echo Copying over config file
-ssh root@localhost -p 2222 'mkdir -p /var/mobile/Application\ Support/GoCheats/'
+ssh -p 2222 root@localhost 'mkdir -p /var/mobile/Application\ Support/GoCheats/'
+# scp -P 2222 ./config.json root@localhost:'/var/mobile/Application\ Support/GoCheats/config.json'
 scp -P 2222 ./config.json root@localhost:/var/mobile/Application\ Support/GoCheats/config.json
+ssh -p 2222 root@localhost "chown -R mobile:mobile /var/mobile/Application\ Support/GoCheats/"
 
-echo Phone clean - removing debs
-ssh root@localhost -p 2222 'rm ~/*.deb'
+echo Phone clean - removing debs - respring
+ssh -p 2222 root@localhost 'rm -rf debs'
+ssh -p 2222 root@localhost 'sbreload'

src/DEBIAN/control

@@ -8,4 +8,4 @@ Name: dmon
 Package: com.github.clburlison.dmon
 Section: Tweaks
 Tag: purpose::extension, role::enduser
-Version: 0.0.6
+Version: 0.0.7

src/DEBIAN/postinst

@@ -1,5 +1,5 @@
 #!/usr/bin/bash
 
-/usr/bin/launchctl unload /Library/LaunchDaemons/com.github.clburlison.dmon.plist || true
+/usr/bin/launchctl unload /Library/LaunchDaemons/com.github.clburlison.dmon.plist 2>/dev/null
 /usr/bin/sleep 2
 /usr/bin/launchctl load /Library/LaunchDaemons/com.github.clburlison.dmon.plist

src/Library/LaunchDaemons/com.github.clburlison.dmon.plist

@@ -6,13 +6,8 @@
 	<string>com.github.clburlison.dmon</string>
 	<key>ProgramArguments</key>
 	<array>
-		<string>/bin/bash</string>
 		<string>/usr/bin/dmon</string>
 	</array>
-	<key>StartInterval</key>
-	<integer>180</integer>
-	<key>LowPriorityIO</key>
-	<true/>
 	<key>StandardErrorPath</key>
 	<string>/dev/null</string>
 	<key>StandardOutPath</key>

src/usr/bin/dmon_old

@@ -0,0 +1,45 @@
+#!/usr/bin/bash
+
+# Not perfect. It takes iOS ~10 seconds to register
+# the application has been sent to the background
+# or crashed. Need to test and see if this is consistent.
+get_pogo_pid() {
+    # echo $(ps aux | grep -i "PokmonGO.app" | grep -v grep | tr -s ' ' | cut -d ' ' -f 2)
+    echo $(ps ax | grep -i "PokmonGO.app" | grep -v grep | cut -d ' ' -f 2)
+}
+
+get_kernbypass_pid() {
+    echo $(ps ax | grep -i "/usr/bin/kernbypass" | grep -v grep | cut -d ' ' -f 2)
+}
+
+get_substrate_pid() {
+    echo $(ps ax | grep -i "/etc/rc.d/substitute-launcher" | grep -v grep | cut -d ' ' -f 2)
+}
+
+restart_pogo() {
+    echo Restarting POGO and SERVICES
+    # killall pokemongo
+    # killall kernbypass
+    # sleep 1
+    # killall substrate
+    # sleep 2
+    # /etc/rc.d/substitute-launcher
+    # sleep 5
+    # sbreload
+    local pogo_pid=$(get_pogo_pid)
+    kill -9 $pogo_pid 2>/dev/null
+    local bypass_pid=$(get_kernbypass_pid)
+    kill -9 $bypass_pid 2>/dev/null
+    sleep 5
+    open com.nianticlabs.pokemongo
+    echo "done"
+}
+
+main() {
+    local pid=$(get_pogo_pid)
+    if [ -z "$pid" ]; then
+        restart_pogo
+    fi
+}
+
+main

tools/Entitlements.plist

@@ -2,6 +2,14 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>get-task-allow</key>
+	<true/>
+	<key>proc_info-allow</key>
+	<true/>
+	<key>task_for_pid-allow</key>
+	<true/>
+	<key>run-unsigned-code</key>
+	<true/>
 	<key>platform-application</key>
 	<true/>
 	<key>com.apple.springboard.launchapplications</key>

tools/Makefile

@@ -1,2 +1,26 @@
-open:
-	make -f open.mk clean all
+THEOS=$(PWD)/theos
+export THEOS
+
+TARGET := iphone:14.4
+ARCHS := arm64
+DEBUG = 0
+
+SDKVERSION = 14.5
+export SYSROOT = $(THEOS)/sdks/sdks-master/iPhoneOS14.5.sdk
+
+include $(THEOS)/makefiles/common.mk
+
+# INSTALL_TARGET_PROCESSES = SpringBoard
+TOOL_NAME = dmon
+dmon_FILES = dmon.m
+dmon_PRIVATE_FRAMEWORKS = SpringBoardServices
+# dmon_FRAMEWORKS = ManagedConfiguration
+dmon_OBJ_FILES = ./theos/lib/libcrypto.a ./theos/lib/libcurl.a ./theos/lib/libnghttp2.a ./theos/lib/libssl.a
+dmon_LDFLAGS = -lssl -lcurl -lz
+dmon_CODESIGN_FLAGS = -SEntitlements.plist
+
+include $(THEOS_MAKE_PATH)/tool.mk
+
+all::
+	mkdir -p ../src/usr/bin
+	/bin/cp .theos/obj/dmon ../src/usr/bin