Skip to content

Get rid of step64 and follow_cal functions #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ryannair05 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Get rid of step64 and follow_cal functions #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 2 additions & 34 deletions Tweak.xm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,9 @@
#import <substrate.h>
#import <stdint.h>

extern "C" CFPropertyListRef MGCopyAnswer(CFStringRef);
static NSDictionary *modifiedKeys;
static NSArray *appsChosen;

/* step64 and follow_cal functions are taken from: https://github.com/xerub/macho/blob/master/patchfinder64.c */
typedef unsigned long long addr_t;

static addr_t step64(const uint8_t *buf, addr_t start, size_t length, uint32_t what, uint32_t mask) {
addr_t end = start + length;
while (start < end) {
uint32_t x = *(uint32_t *)(buf + start);
if ((x & mask) == what) {
return start;
}
start += 4;
}
return 0;
}

// Modified version of find_call64(), replaced what/mask arguments in the function to the ones for branch instruction (0x14000000, 0xFC000000)
static addr_t find_branch64(const uint8_t *buf, addr_t start, size_t length) {
return step64(buf, start, length, 0x14000000, 0xFC000000);
}

static addr_t follow_branch64(const uint8_t *buf, addr_t branch) {
long long w;
w = *(uint32_t *)(buf + branch) & 0x3FFFFFF;
w <<= 64 - 26;
w >>= 64 - 26 - 2;
return branch + w;
}

// Our replaced version of MGCopyAnswer_internal
static CFPropertyListRef (*orig_MGCopyAnswer_internal)(CFStringRef property, uint32_t *outTypeCode);
CFPropertyListRef new_MGCopyAnswer_internal(CFStringRef property, uint32_t *outTypeCode) {
Expand Down Expand Up @@ -70,14 +41,11 @@ static void modifiedKeyUpdated() {
* note: hex implementation of MGCopyAnswer: 01 00 80 d2 01 00 00 14 (from iOS 9+)
* so address of MGCopyAnswer + offset = MGCopyAnswer_internal. MGCopyAnswer_internal *always follows MGCopyAnswer (*from what I've checked)
*/
const uint8_t *MGCopyAnswer_ptr = (const uint8_t *)MGCopyAnswer;
addr_t branch = find_branch64(MGCopyAnswer_ptr, 0, 8);
addr_t branch_offset = follow_branch64(MGCopyAnswer_ptr, branch);
MSHookFunction(((void *)((const uint8_t *)MGCopyAnswerFn + branch_offset)), (void *)new_MGCopyAnswer_internal, (void **)&orig_MGCopyAnswer_internal);
MSHookFunction(((void *)((const uint8_t *)MGCopyAnswerFn + 8)), (void *)new_MGCopyAnswer_internal, (void **)&orig_MGCopyAnswer_internal);
}

CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(), NULL, (CFNotificationCallback)appsChosenUpdated, CFSTR("com.tonyk7.mgspoof/appsChosenUpdated"), NULL, CFNotificationSuspensionBehaviorDeliverImmediately);
CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(), NULL, (CFNotificationCallback)modifiedKeyUpdated, CFSTR("com.tonyk7.mgspoof/modifiedKeyUpdated"), NULL, CFNotificationSuspensionBehaviorDeliverImmediately);
modifiedKeyUpdated();
}
}
}