Cryptiiiic · alexandredoyen29 · Mar 23, 2025 · Mar 30, 2025 · Mar 30, 2025 · Mar 30, 2025
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@
 *.dylib
 *.bin
 cmake-build-*/
-.DS_Store
+.DS_Store
+.vscode
diff --git a/Include/x8A4/x8A4.h b/Include/x8A4/x8A4.h
@@ -16,6 +16,7 @@
 #define X8A4_X8A4_H
 
 /* Include headers */
+#include <libkrw_plugin.h>
 #include <stdint.h>
 #include <x8A4/Kernel/kernel.h>
 #include <x8A4/Kernel/kpf.h>
@@ -150,6 +151,7 @@ void x8A4_cli_clear_apnonce_generator(void);
 void x8A4_cli_get_accel_keys(uint32_t chosen_key);
 void x8A4_cli_get_nonce_seeds(void);
 void x8A4_cli_set_cryptex_seed(const char *new_seed);
+void x8A4_cli_set_krw_plugin(const char* path);
 
 /* Cached Variables */
 extern int init_done;
@@ -164,5 +166,6 @@ extern uint64_t *gc_cached;
 extern int gc_count_cached;
 extern uint64_t *gc_d_cached;
 extern int gc_d_count_cached;
+extern krw_handlers_t krw_handlers;
 
 #endif//X8A4_X8A4_H
diff --git a/Plugins/IOKernelRW/Makefile b/Plugins/IOKernelRW/Makefile
@@ -0,0 +1,7 @@
+CC=clang
+CFLAGS=-fPIC -shared
+IPATH=-I../../Include
+LDFLAGS=-L/Library/Extensions/IOKernelRW.kext/Contents/MacOS/ -lIOKernelRW
+
+iokernelrw_krw_plugin.so: iokernelrw_krw_plugin.c
+	$(CC) $(CFLAGS) $(IPATH) $^ -o $@ $(LDFLAGS)
diff --git a/Plugins/IOKernelRW/iokernelrw_krw_plugin.c b/Plugins/IOKernelRW/iokernelrw_krw_plugin.c
@@ -0,0 +1,72 @@
+#include <IOKit/IOKitLib.h>
+#include <iokernelrw.h>
+#include <mach/arm/kern_return.h>
+#include <mach/kern_return.h>
+#include <sys/errno.h>
+
+#include "libkrw_plugin.h"
+
+io_connect_t krw_client = IO_OBJECT_NULL;
+
+int kread_wrapper(uint64_t from, void* to, size_t len)
+{
+    kern_return_t result_read;
+    int result;
+
+    if (krw_client == IO_OBJECT_NULL)
+    {
+        krw_client = iokernelrw_open();
+    }
+
+    result_read = iokernelrw_read(krw_client, from, to, len);
+
+    if (result_read == KERN_SUCCESS)
+    {
+        result = 0;
+    }
+    else
+    {
+        result = EDEVERR;
+    }
+
+    return result;
+}
+
+int kwrite_wrapper(void* from, uint64_t to, size_t len)
+{
+    kern_return_t result_write;
+    int result;
+
+    if (krw_client == IO_OBJECT_NULL)
+    {
+        krw_client = iokernelrw_open();
+    }
+
+    result_write = iokernelrw_write(krw_client, from, to, len);
+
+    if (result_write == KERN_SUCCESS)
+    {
+        result = 0;
+    }
+    else
+    {
+        result = EDEVERR;
+    }
+
+    return result;
+}
+
+int krw_plugin_initializer(krw_handlers_t handlers)
+{
+    //handlers->version = TODO;
+    //handlers->kbase = TODO;
+    handlers->kread = kread_wrapper;
+    handlers->kwrite = kwrite_wrapper;
+    //handlers->kmalloc = TODO;
+    //handlers->kdealloc = TODO;
+    //handlers->kcall = TODO;
+    //handlers->physread = TODO;
+    //handlers->physwrite = TODO;
+
+    return 0;
+}
diff --git a/x8A4.c b/x8A4.c
@@ -18,7 +18,10 @@
 #include <x8A4/Kernel/nvram.h>
 #include <x8A4/x8A4.h>
 #include <x8A4/Kernel/kpf.h>
+#include <dlfcn.h>
 #include <libkrw.h>
+#include <libkrw_plugin.h>
+#include <stdlib.h>
 
 /* Cached Variables */
 int init_done = 0;
@@ -34,6 +37,7 @@ uint64_t *gc_cached = NULL;
 int gc_count_cached = 0;
 uint64_t *gc_d_cached = NULL;
 int gc_d_count_cached = 0;
+krw_handlers_t krw_handlers = NULL;
 
 /* Functions */
 /**
@@ -1636,3 +1640,51 @@ void x8A4_cli_set_cryptex_seed(const char *new_seed) {
   x8A4_log("Done!\n", "");
   x8A4_log("Successfully set cryptex seed(%s)!\n", new_seed);
 }
+
+/**
+ * @brief          CLI set Kernel I/O plugin
+ * @param[in]      path Path to the plugin's compiled '.so'
+ */
+void x8A4_cli_set_krw_plugin(const char* path)
+{
+  void* loadedPlugin;
+  krw_plugin_initializer_t pluginInitializer;
+
+  x8A4_log("Loading Kernel I/O plugin %s\n", path);
+
+  if (path == NULL)
+  {
+    x8A4_log("path is NULL (%s:%d)\n", __FILE__, __LINE__);
+    x8A4_destructor();
+    exit(EXIT_FAILURE);
+  }
+
+  krw_handlers = calloc(1, sizeof(struct krw_handlers_s));
+
+  if (krw_handlers == NULL)
+  {
+    x8A4_log("Unable to calloc krw_handlers (%s:%d)\n", __FILE__, __LINE__);
+    x8A4_destructor();
+    exit(EXIT_FAILURE);
+  }
+
+  loadedPlugin = dlopen(path, RTLD_NOW);
+
+  if (loadedPlugin == NULL)
+  {
+    x8A4_log("Unable to dlopen \"%s\" (%s:%d)\n", path, __FILE__, __LINE__);
+    x8A4_destructor();
+    exit(EXIT_FAILURE);
+  }
+
+  pluginInitializer = dlsym(loadedPlugin, "krw_plugin_initializer");
+
+  if (pluginInitializer == NULL)
+  {
+    x8A4_log("Unable to dlsym \"krw_plugin_initializer\" in \"%s\" (%s:%d)\n", path, __FILE__, __LINE__);
+    x8A4_destructor();
+    exit(EXIT_FAILURE);
+  }
+
+  pluginInitializer(krw_handlers);
+}
diff --git a/x8A4_CLI.c b/x8A4_CLI.c
@@ -3,6 +3,7 @@
 //
 
 /* Include headers */
+#include <unistd.h>
 #include <x8A4/x8A4.h>
 #include <x8A4/Logger/logger.h>
 #include <getopt.h>
@@ -22,6 +23,7 @@ static struct option x8A4_options[] = {
     {"get-accel-keys", 0, NULL, 'l'},
     {"get-nonce-seeds", 0, NULL, 'd'},
     {"set-cryptex-nonce", required_argument, NULL, 'z'},
+    {"krw_plugin", required_argument, NULL, 'p'},
     {NULL, 0, NULL, 0}
 };
 
@@ -55,6 +57,8 @@ void x8A4_help(const char *cmd) {
   x8A4_log("  %s, %s\t\t\t\t\t%s\n", "-d", "--get-nonce-seeds", "Dumps all of the nonce seeds domains/nonce slots from nvram");
   x8A4_log("\n%sOptions:\n", "Secret Menu ");
   x8A4_log("  %s, %s\t\t\t\t%s\n", "-z", "--set-cryptex-nonce", "Sets a specified Cryptex1 boot seed in nvram(DANGEROUS: BOOTLOOP!)");
+  x8A4_log("\n%sOptions:\n", "KRW Plugin");
+  x8A4_log("  %s, %s\t\t\t\t\t%s\n", "-p" "--krw_plugin", "Loads a plugin that wrap kernel I/Os (Useful to use IOKernelRW for using x8A4 on Apple Silicon Mac)");
 }
 
 /**
@@ -169,6 +173,20 @@ void set_cryptex_seed(const char *new_seed) {
   x8A4_cli_set_cryptex_seed(new_seed);
 }
 
+/**
+ * @brief        CLI load KRW plugin
+ * @param[in]    path Path to the plugin.so
+ */
+void set_krw_plugin(const char* path)
+{
+  if (x8A4_init() != 0)
+  {
+    return;
+  }
+
+  x8A4_cli_set_krw_plugin(path);
+}
+
 /**
  * @brief           CLI main
  * @param[in]       argc
@@ -223,6 +241,13 @@ int main(int argc, char **argv) {
         if(optarg) {
           set_cryptex_seed(optarg);
         }
+        break;
+      case 'p':
+        if (optarg)
+        {
+          set_krw_plugin(optarg);
+        }
+
         break;
       default:
         x8A4_help(argv[0]);