Unify trustcache since it's the same structure

zenclwsec · Mar 22, 2019 · ff0d38f · ff0d38f
1 parent ad2bb4f
commit ff0d38f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 17 deletions.
diff --git a/Undecimus/source/JailbreakViewController.m b/Undecimus/source/JailbreakViewController.m
@@ -820,9 +820,7 @@ void jailbreak()
         _assert(ISADDR(GETOFFSET(x)), message, true); \
         SETOFFSET(x, GETOFFSET(x) + kernel_slide); \
 } while (false)
-        if (!auth_ptrs) {
-            PF(trustcache);
-        }
+        PF(trustcache);
         PF(OSBoolean_True);
         PF(osunserializexml);
         PF(smalloc);
@@ -843,8 +841,10 @@ void jailbreak()
             PF(apfs_jhash_getvnode);
         }
         PF(pmap_load_trust_cache);
+        if (GETOFFSET(pmap_load_trust_cache)) {
+            pmap_load_trust_cache = _pmap_load_trust_cache;
+        }
         if (auth_ptrs) {
-            PF(pmap_loaded_trust_caches);
             PF(paciza_pointer__l2tp_domain_module_start);
             PF(paciza_pointer__l2tp_domain_module_stop);
             PF(l2tp_domain_inited);
@@ -858,11 +858,6 @@ void jailbreak()
             PF(IOUserClient__vtable);
             PF(IORegistryEntry__getRegistryEntryID);
         }
-        if (auth_ptrs) {
-            trust_chain = GETOFFSET(pmap_loaded_trust_caches);
-        } else {
-            trust_chain = GETOFFSET(trustcache);
-        }
 #undef PF
         found_offsets = true;
         LOG("Successfully found offsets.");
@@ -1354,7 +1349,6 @@ void jailbreak()
         CACHEOFFSET(kernel_forge_pacda_gadget, "KernelForgePacdaGadget");
         CACHEOFFSET(IOUserClient__vtable, "IOUserClientVtable");
         CACHEOFFSET(IORegistryEntry__getRegistryEntryID, "IORegistryEntryGetRegistryEntryID");
-        CACHEOFFSET(pmap_loaded_trust_caches, "PmapLoadedTrustCaches");
 #undef CACHEOFFSET
 #undef CACHEADDR
         if (![[NSMutableDictionary dictionaryWithContentsOfFile:offsetsFile] isEqual:dictionary]) {
@@ -1398,7 +1392,7 @@ void jailbreak()
                 const char *systemSnapshotLaunchdPath = [@(systemSnapshotMountPoint) stringByAppendingPathComponent:@"sbin/launchd"].UTF8String;
                 _assert(waitForFile(systemSnapshotLaunchdPath) == ERR_SUCCESS, message, true);
                 _assert(extractDebsForPkg(@"rsync", nil, false), message, true);
-                _assert(injectTrustCache(@[@"/usr/bin/rsync"], trust_chain, _pmap_load_trust_cache) == ERR_SUCCESS, message, true);
+                _assert(injectTrustCache(@[@"/usr/bin/rsync"], GETOFFSET(trustcache), pmap_load_trust_cache) == ERR_SUCCESS, message, true);
                 _assert(runCommand("/usr/bin/rsync", "-vaxcH", "--progress", "--delete-after", "--exclude=/Developer", [@(systemSnapshotMountPoint) stringByAppendingPathComponent:@"."].UTF8String, "/", NULL) == 0, message, true);
                 unmount(systemSnapshotMountPoint, MNT_FORCE);
             } else {
@@ -1574,7 +1568,7 @@ void jailbreak()
             resources = [@[@"/usr/libexec/substrate"] arrayByAddingObjectsFromArray:resources];
         }
         resources = [@[@"/usr/libexec/substrated"] arrayByAddingObjectsFromArray:resources];
-        _assert(injectTrustCache(resources, trust_chain, _pmap_load_trust_cache) == ERR_SUCCESS, message, true);
+        _assert(injectTrustCache(resources, GETOFFSET(trustcache), pmap_load_trust_cache) == ERR_SUCCESS, message, true);
         LOG("Successfully injected trust cache.");
         INSERTSTATUS(NSLocalizedString(@"Injected trust cache.\n", nil));
     }

diff --git a/Undecimus/source/KernelUtilities.c b/Undecimus/source/KernelUtilities.c
@@ -17,7 +17,6 @@
 
 uint64_t the_realhost;
 uint64_t kernel_base;
-uint64_t trust_chain;
 offsets_t offs;
 bool found_offsets = false;
 
@@ -290,6 +289,7 @@ bool verify_tfp0() {
     return true;
 }
 
+int (*pmap_load_trust_cache)(uint64_t kernel_trust, size_t length) = NULL;
 int _pmap_load_trust_cache(uint64_t kernel_trust, size_t length) {
     return (int)kexecute(GETOFFSET(pmap_load_trust_cache), kernel_trust, length, 0, 0, 0, 0, 0);
 }
diff --git a/Undecimus/source/KernelUtilities.h b/Undecimus/source/KernelUtilities.h
@@ -37,13 +37,11 @@ typedef struct {
     kptr_t kernel_forge_pacda_gadget;
     kptr_t IOUserClient__vtable;
     kptr_t IORegistryEntry__getRegistryEntryID;
-    kptr_t pmap_loaded_trust_caches;
 } offsets_t;
 
 extern offsets_t offs;
 extern uint64_t kernel_base;
 extern uint64_t kernel_slide;
-extern uint64_t trust_chain;
 
 extern uint64_t cached_task_self_addr;
 extern bool found_offsets;
@@ -68,6 +66,7 @@ uint64_t zm_fix_addr(uint64_t addr);
 
 bool verify_tfp0(void);
 
+extern int (*pmap_load_trust_cache)(uint64_t kernel_trust, size_t length);
 int _pmap_load_trust_cache(uint64_t kernel_trust, size_t length);
 
 #endif /* kutils_h */
diff --git a/Undecimus/source/utils.m b/Undecimus/source/utils.m
@@ -40,7 +40,7 @@ void injectDir(NSString *dir) {
     }
     LOG("Injecting %lu files for %@", (unsigned long)toInject.count, dir);
     if (toInject.count > 0) {
-        injectTrustCache(toInject, trust_chain, _pmap_load_trust_cache);
+        injectTrustCache(toInject, GETOFFSET(trustcache), pmap_load_trust_cache);
     }
 }
 
@@ -261,7 +261,7 @@ bool extractDeb(NSString *debPath) {
         }
         LOG("Injecting %lu files for %@", (unsigned long)toInject.count, debPath);
         if (toInject.count > 0) {
-            injectTrustCache(toInject, trust_chain, _pmap_load_trust_cache);
+            injectTrustCache(toInject, GETOFFSET(trustcache), pmap_load_trust_cache);
         }
     }
     return result;