Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

pivot AGAIN

  • Loading branch information...
commit 11a35875575275cdab9073953b7fb50405cb34cd 1 parent 50f4a0f
comex authored
3  .gitmodules
View
@@ -1,3 +1,6 @@
[submodule "data"]
path = data
url = git://github.com/comex/data.git
+[submodule "datautils0"]
+ path = datautils0
+ url = git://github.com/comex/datautils0.git
2  data
@@ -1 +1 @@
-Subproject commit 2f29fb6d481dfeef3119cb0359d18d97d9f67b8f
+Subproject commit 00505805a0d7d78705263363830b00ed24781700
2  headers/IOKit
View
25 make.py
View
@@ -68,10 +68,9 @@ def goo():
def catalog():
locutus()
goo()
- datautils_native()
- sandbox2()
+ data(True)
goto('catalog')
- run('../datautils/make_kernel_patchfile', '../config/cur/kern', '../sandbox2/sandbox.o', 'patchfile')
+ run('../datautils/make_kernel_patchfile', '../config/cur/kern', 'patchfile')
run(GCC, '-c', '-o', 'kcode.o', 'kcode.S', '-Oz')
def catalog_dejavu():
@@ -126,23 +125,9 @@ def chain():
def data(native=True):
goto('data')
- run_multiple(['make', 'clean'], ['make', 'NATIVE=%d' % native])
-
-def datautils(native=False):
- data(native)
- goto('datautils')
-
- gcc = GCC_NATIVE if native else GCC
- ldid = strip = not native
- def cds(files, output):
- return compile_stuff(files, output, cflags=['-DIMG3_SUPPORT', '-I..', '-O3'], ldflags=['../data/libdata.a'], gcc=gcc, ldid=ldid, strip=strip)
-
- cds(['make_kernel_patchfile.c'], 'make_kernel_patchfile')
- cds(['apply_patchfile.c'], 'apply_patchfile')
- cds(['dyld_to_pwn.c'], 'dyld_to_pwn')
-
-def datautils_native():
- datautils(True)
+ run_multiple(['make', 'NATIVE=%d' % native])
+ goto('datautils0')
+ run_multiple(['make', 'NATIVE=%d' % native])
def sandbox2():
goto('sandbox2')
93 sandbox2/sandbox.S
View
@@ -1,93 +0,0 @@
-.thumb
-.syntax unified
-start:
-// <-
- push {r0-r4, lr}
- sub sp, #0x44
- ldr r2, dvp_struct_offset
- ldr r4, [r3, r2]
- cmp r4, #0
- beq actually_eval
- ldr r3, vn_getpath
- mov r1, sp
- movs r0, #0x40
- add r2, sp, #0x40
- str r0, [r2]
- mov r0, r4
- blx r3
- cmp r0, #28
- beq enospc
- cmp r0, #0
- bne actually_eval
-enospc:
- # that error's okay...
-
- mov r0, sp
- adr r1, var_mobile
- movs r2, #19 ;# len(var_mobile)
- ldr r3, memcmp
- blx r3
- cmp r0, #0
- bne allow
-
- mov r0, sp
- adr r1, preferences_com_apple
- movs r2, #49 ;# len(preferences_com_apple)
- ldr r3, memcmp
- blx r3
- cmp r0, #0
- beq actually_eval
-
- mov r0, sp
- adr r1, preferences
- movs r2, #39 ;# len(preferences)
- ldr r3, memcmp
- blx r3
- cmp r0, #0
- bne actually_eval
-
-allow:
- # it's not in /var/mobile but we have a path, let it through
- add sp, #0x44
- pop {r0}
- movs r1, #0
- str r1, [r0]
- movs r1, #0x18
- strb r1, [r0, #4]
- pop {r1-r4, pc}
-
-actually_eval:
- add sp, #0x44
- ldr r0, [sp, #5*4]
- mov lr, r0
- ldr r1, orig_addr
- mov r9, r1
- ldr r0, is_armv7
- cmp r0, #0
- pop {r0-r4}
- add sp, #4
- beq armlol
- .long c_sb_evaluate_orig1
- .long c_sb_evaluate_orig2
- bx r9
-armlol:
- bx pc
-.arm
- .align 2
- .long c_sb_evaluate_orig1
- .long c_sb_evaluate_orig2
- bx r9
-
-
-.align 2
-var_mobile: .ascii "/private/var/mobile"
-.align 2
-preferences_com_apple: .ascii "/private/var/mobile/Library/Preferences/com.apple"
-.align 2
-preferences: .ascii "/private/var/mobile/Library/Preferences"
-.align 2
-orig_addr: .long c_sb_evaluate_jumpto
-memcmp: .long c_memcmp
-vn_getpath: .long c_vn_getpath
-dvp_struct_offset: .long c_dvp_struct_offset
-is_armv7: .long c_is_armv7
Please sign in to comment.
Something went wrong with that request. Please try again.