fixed ssh

markie-dev · Jun 26, 2018 · 6dc8a0b · 6dc8a0b
1 parent 4700720
commit 6dc8a0b
Show file tree

Hide file tree

Showing 14 changed files with 80 additions and 62 deletions.
diff --git a/multi_path.xcodeproj/project.pbxproj b/multi_path.xcodeproj/project.pbxproj
@@ -30,10 +30,10 @@
 		B030E1F620BC0864000CDD4C /* sploit.c in Sources */ = {isa = PBXBuildFile; fileRef = B030E1F520BC0864000CDD4C /* sploit.c */; };
 		B060B7DF20BC0624001FD0CE /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = B060B7DE20BC0624001FD0CE /* AppDelegate.m */; };
 		B060B7E220BC0624001FD0CE /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = B060B7E120BC0624001FD0CE /* ViewController.m */; };
-		B060B7E520BC0624001FD0CE /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = B060B7E320BC0624001FD0CE /* Main.storyboard */; };
 		B060B7E720BC0624001FD0CE /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = B060B7E620BC0624001FD0CE /* Assets.xcassets */; };
 		B060B7EA20BC0624001FD0CE /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = B060B7E820BC0624001FD0CE /* LaunchScreen.storyboard */; };
 		B060B7ED20BC0624001FD0CE /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = B060B7EC20BC0624001FD0CE /* main.m */; };
+		E093F23120E1E7FD00E3D77E /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = E093F22F20E1E7FD00E3D77E /* Main.storyboard */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXFileReference section */
@@ -88,12 +88,12 @@
 		B060B7DE20BC0624001FD0CE /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = "<group>"; };
 		B060B7E020BC0624001FD0CE /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ViewController.h; sourceTree = "<group>"; };
 		B060B7E120BC0624001FD0CE /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ViewController.m; sourceTree = "<group>"; };
-		B060B7E420BC0624001FD0CE /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; };
 		B060B7E620BC0624001FD0CE /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 		B060B7E920BC0624001FD0CE /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = "<group>"; };
 		B060B7EB20BC0624001FD0CE /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		B060B7EC20BC0624001FD0CE /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
 		B060B7F320BC063F001FD0CE /* multi_path.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = multi_path.entitlements; sourceTree = "<group>"; };
+		E093F23020E1E7FD00E3D77E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -204,8 +204,8 @@
 				B060B7DE20BC0624001FD0CE /* AppDelegate.m */,
 				B060B7E020BC0624001FD0CE /* ViewController.h */,
 				B060B7E120BC0624001FD0CE /* ViewController.m */,
-				B060B7E320BC0624001FD0CE /* Main.storyboard */,
 				B060B7E620BC0624001FD0CE /* Assets.xcassets */,
+				E093F22F20E1E7FD00E3D77E /* Main.storyboard */,
 				B060B7E820BC0624001FD0CE /* LaunchScreen.storyboard */,
 				B060B7EB20BC0624001FD0CE /* Info.plist */,
 				B060B7EC20BC0624001FD0CE /* main.m */,
@@ -289,9 +289,9 @@
 				B060B7E720BC0624001FD0CE /* Assets.xcassets in Resources */,
 				8258AE8920D3EC7C00AB9BC0 /* dylibs in Resources */,
 				8232C6F820CC3B1100C6C43B /* iosbinpack64 in Resources */,
+				E093F23120E1E7FD00E3D77E /* Main.storyboard in Resources */,
 				82FA9AA820D2E24600AFBE92 /* screenshot.jpg in Resources */,
 				82724E5620D2EEF1005D0EC2 /* amfid_payload.dylib in Resources */,
-				B060B7E520BC0624001FD0CE /* Main.storyboard in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -324,20 +324,20 @@
 /* End PBXSourcesBuildPhase section */
 
 /* Begin PBXVariantGroup section */
-		B060B7E320BC0624001FD0CE /* Main.storyboard */ = {
+		B060B7E820BC0624001FD0CE /* LaunchScreen.storyboard */ = {
 			isa = PBXVariantGroup;
 			children = (
-				B060B7E420BC0624001FD0CE /* Base */,
+				B060B7E920BC0624001FD0CE /* Base */,
 			);
-			name = Main.storyboard;
+			name = LaunchScreen.storyboard;
 			sourceTree = "<group>";
 		};
-		B060B7E820BC0624001FD0CE /* LaunchScreen.storyboard */ = {
+		E093F22F20E1E7FD00E3D77E /* Main.storyboard */ = {
 			isa = PBXVariantGroup;
 			children = (
-				B060B7E920BC0624001FD0CE /* Base */,
+				E093F23020E1E7FD00E3D77E /* Base */,
 			);
-			name = LaunchScreen.storyboard;
+			name = Main.storyboard;
 			sourceTree = "<group>";
 		};
 /* End PBXVariantGroup section */
@@ -453,7 +453,6 @@
 				ALWAYS_SEARCH_USER_PATHS = YES;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CODE_SIGN_ENTITLEMENTS = multi_path/multi_path.entitlements;
-				CODE_SIGN_IDENTITY = "iPhone Developer: George Lineberger (5L99U5Y2C6)";
 				CODE_SIGN_STYLE = Manual;
 				DEVELOPMENT_TEAM = 5L5G5Q5T69;
 				ENABLE_BITCODE = NO;
@@ -481,7 +480,6 @@
 				ALWAYS_SEARCH_USER_PATHS = YES;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CODE_SIGN_ENTITLEMENTS = multi_path/multi_path.entitlements;
-				CODE_SIGN_IDENTITY = "iPhone Developer: George Lineberger (5L99U5Y2C6)";
 				CODE_SIGN_STYLE = Manual;
 				DEVELOPMENT_TEAM = 5L5G5Q5T69;
 				ENABLE_BITCODE = NO;

diff --git a/...roj/project.xcworkspace/xcuserdata/marcusellison.xcuserdatad/IDEFindNavigatorScopes.plist b/...roj/project.xcworkspace/xcuserdata/marcusellison.xcuserdatad/IDEFindNavigatorScopes.plist
diff --git a/...j/project.xcworkspace/xcuserdata/marcusellison.xcuserdatad/UserInterfaceState.xcuserstate b/...j/project.xcworkspace/xcuserdata/marcusellison.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/multi_path/Base.lproj/Main.storyboard b/multi_path/Base.lproj/Main.storyboard
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="14113" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
+<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="14269.12" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
     <device id="retina4_7" orientation="portrait">
         <adaptation id="fullscreen"/>
     </device>
     <dependencies>
-        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="14088"/>
-        <capability name="Constraints to layout margins" minToolsVersion="6.0"/>
+        <deployment identifier="iOS"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="14252.5"/>
         <capability name="Safe area layout guides" minToolsVersion="9.0"/>
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
@@ -100,6 +100,7 @@ Exploits and Patches From: Electra, QiLin, and JackeaJames.  Achieves SSH, tfp0,
                                     <constraint firstAttribute="height" constant="132" id="qsk-eu-ola"/>
                                 </constraints>
                                 <color key="textColor" white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
+                                <fontDescription key="fontDescription" type="system" pointSize="17"/>
                                 <textInputTraits key="textInputTraits" autocapitalizationType="sentences"/>
                             </textView>
                         </subviews>

diff --git a/multi_path/Info.plist b/multi_path/Info.plist
@@ -4,8 +4,6 @@
 <dict>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>$(DEVELOPMENT_LANGUAGE)</string>
-	<key>CFBundleDisplayName</key>
-	<string>multi_path</string>
 	<key>CFBundleExecutable</key>
 	<string>$(EXECUTABLE_NAME)</string>
 	<key>CFBundleIdentifier</key>
@@ -23,7 +21,7 @@
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
 	<key>UILaunchStoryboardName</key>
-	<string>Main</string>
+	<string>LaunchScreen</string>
 	<key>UIMainStoryboardFile</key>
 	<string>Main</string>
 	<key>UIRequiredDeviceCapabilities</key>

diff --git a/multi_path/Main 10.11.19 PM.storyboard b/multi_path/Main 10.11.19 PM.storyboard
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="14113" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
+    <device id="retina4_7" orientation="portrait">
+        <adaptation id="fullscreen"/>
+    </device>
+    <dependencies>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="14088"/>
+        <capability name="Safe area layout guides" minToolsVersion="9.0"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <scenes>
+        <!--View Controller-->
+        <scene sceneID="tne-QT-ifu">
+            <objects>
+                <viewController id="BYZ-38-t0r" customClass="ViewController" sceneMemberID="viewController">
+                    <view key="view" contentMode="scaleToFill" id="8bC-Xf-vdC">
+                        <rect key="frame" x="0.0" y="0.0" width="375" height="667"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <color key="backgroundColor" red="1" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
+                        <viewLayoutGuide key="safeArea" id="6Tk-OE-BBY"/>
+                    </view>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="dkx-z0-nzr" sceneMemberID="firstResponder"/>
+            </objects>
+            <point key="canvasLocation" x="114.375" y="116.19718309859155"/>
+        </scene>
+    </scenes>
+</document>
diff --git a/multi_path/Main 22-12-56-048.storyboard b/multi_path/Main 22-12-56-048.storyboard
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="14113" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
+    <device id="retina4_7" orientation="portrait">
+        <adaptation id="fullscreen"/>
+    </device>
+    <dependencies>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="14088"/>
+        <capability name="Safe area layout guides" minToolsVersion="9.0"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <scenes>
+        <!--View Controller-->
+        <scene sceneID="tne-QT-ifu">
+            <objects>
+                <viewController id="BYZ-38-t0r" customClass="ViewController" sceneMemberID="viewController">
+                    <view key="view" contentMode="scaleToFill" id="8bC-Xf-vdC">
+                        <rect key="frame" x="0.0" y="0.0" width="375" height="667"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <color key="backgroundColor" red="1" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
+                        <viewLayoutGuide key="safeArea" id="6Tk-OE-BBY"/>
+                    </view>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="dkx-z0-nzr" sceneMemberID="firstResponder"/>
+            </objects>
+            <point key="canvasLocation" x="114.375" y="116.19718309859155"/>
+        </scene>
+    </scenes>
+</document>
diff --git a/multi_path/ViewController.m b/multi_path/ViewController.m
@@ -90,7 +90,6 @@ @interface ViewController ()
 
 @implementation ViewController
 
-
 //https://stackoverflow.com/questions/6807788/how-to-get-ip-address-of-iphone-programmatically
 - (NSString *)getIPAddress {
 
@@ -152,7 +151,6 @@ -(void)jelbrek {
         [self log:@"Failed to get root!"];
         return;
     }
-
 
     //-------------amfid-------------//
 
@@ -226,20 +224,20 @@ -(void)jelbrek {
         NSString *dropbear = [NSString stringWithFormat:@"%@/iosbinpack64/usr/local/bin/dropbear", [[NSBundle mainBundle] bundlePath]];
         NSString *bash = [NSString stringWithFormat:@"%@/iosbinpack64/bin/bash", [[NSBundle mainBundle] bundlePath]];
         NSString *profile = [NSString stringWithFormat:@"%@/iosbinpack64/etc/profile", [[NSBundle mainBundle] bundlePath]];
-        NSString *motd = [NSString stringWithFormat:@"%@/iosbinpack64/etc/motd", [[NSBundle mainBundle] bundlePath]];        NSString *profiledata = [NSString stringWithContentsOfFile:profile encoding:NSASCIIStringEncoding error:nil];
+        NSString *motd = [NSString stringWithFormat:@"%@/iosbinpack64/etc/motd", [[NSBundle mainBundle] bundlePath]];
+        NSString *profiledata = [NSString stringWithContentsOfFile:profile encoding:NSASCIIStringEncoding error:nil];
         [[profiledata stringByReplacingOccurrencesOfString:@"REPLACE_ME" withString:iosbinpack] writeToFile:profile atomically:YES encoding:NSASCIIStringEncoding error:nil];
 
 
         mkdir("/var/dropbear", 0777);
         unlink("/var/profile");
         unlink("/var/motd");
         cp([profile UTF8String], "/var/profile");
-        cp([profile UTF8String], "/var/motd");
+        cp([motd UTF8String], "/var/motd");
         chmod("/var/profile", 0777);
-        chmod("/var/motd", 0777);
-
+        chmod("/var/motd", 0777); //this can be read-only but just in case
 
-        dbret = launchAsPlatform((char*)[dropbear UTF8String], "-R", "--shell", (char*)[bash UTF8String], "-E", "-p", "22", NULL); //since I can't get environment to work properly you have to run /var/profile manually to setup the environment variables
+        dbret = launchAsPlatform((char*)[dropbear UTF8String], "-R", "--shell", (char*)[bash UTF8String], "-E", "-p", "22", NULL); 
 
         //-------------launch daeamons-------------//
         //--you can drop any daemon plist in iosbinpack64/LaunchDaemons and it will be loaded automatically. "REPLACE_BIN" will automatically get replaced by the absolute path of iosbinpack64--//
@@ -334,6 +332,4 @@ - (void)didReceiveMemoryWarning {
 }
 
 
-    @end
-
-
+@end
diff --git a/multi_path/iosbinpack64/bin/bash b/multi_path/iosbinpack64/bin/bash
diff --git a/multi_path/iosbinpack64/etc/motd b/multi_path/iosbinpack64/etc/motd
@@ -1,25 +1 @@
-************************************************************************************
-
-   To get the full binpack:  
-
-     export PATH=$PATH:/jb/usr/bin:/jb/bin:/jb/sbin:/jb/usr/sbin:/jb/usr/local/bin:
-
-   You can easily and selectively move files to your system if you know what
-   you're doing (I'd start with [jb]/usr/share/terminfo)
-
-   I was hoping to support Cydia, but after reaching out to Jay Freeman over various
-   media, all I got was condescending slam on reddit. Therefore, get your Cydia supported
-   in some other jailbreak.
-
-   To spread the good karma: Please consider donating any amount to any charity
-                             of your choice, and hash-tag it #LiberiOS
-
-   Full writeup on how this works (and the QiLin Toolkit used in this jailbreak)
-
-     http://NewOSXBook.com/QiLin/qilin.pdf
-
-   To get rid of this message: rm /etc/motd :-(
-
-   To remove all traces of this JB: /jb/removeMe.sh
-
-************************************************************************************
+cno /var/profile ssh needed! enjoyyyy!
diff --git a/multi_path/iosbinpack64/etc/profile b/multi_path/iosbinpack64/etc/profile
@@ -1,4 +1,3 @@
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:REPLACE_ME/usr/local/sbin:REPLACE_ME/usr/local/bin:REPLACE_ME/usr/sbin:REPLACE_ME/usr/bin:REPLACE_ME/sbin:REPLACE_ME/bin'
 export PS1='\h:\w \u\$ '
 REPLACE_ME/bin/bash
-clear
diff --git a/multi_path/jelbrek/jelbrek.m b/multi_path/jelbrek/jelbrek.m
@@ -211,9 +211,8 @@ void createDirAtPath(const char* path) {
 }
 
 void mountDevAtPathAsRW(const char* devpath, const char* path) {
-
     int rv = spawnAndShaiHulud("/sbin/mount_apfs", devpath, path, NULL, NULL, NULL); //QiLin
-    +    printf("[*] Mounting %s at %s, pspawn returned %d\n", devpath, path, rv); //return value is from posix_spawn instead of mount_apfs but it does work, at least it did for me
+    printf("[*] Mounting %s at %s, pspawn returned %d\n", devpath, path, rv); //return value is from posix_spawn instead of mount_apfs but it does work, at least it did for me
 }
 
 //running this as is will probably make the screen black and reboot a few seconds later, at least that happened to me on 11.1.2

diff --git a/multi_path/sploit.c b/multi_path/sploit.c
@@ -145,8 +145,8 @@ int alloc_and_fill_pipe() {
     if (amount_written != PIPE_SIZE) {
         printf("amount written was short: 0x%ld\n", amount_written);
     }
-    read_fds[next_read_fd++] = read_end;
     write_fds[next_read_fd] = write_end;
+    read_fds[next_read_fd++] = read_end;
     return read_end; // the buffer is actually hanging off the read end struct pipe
 }
 

diff --git a/multipathb3.1.ipa b/multipathb3.1.ipa