lldb_new_ld: the final runit script of doom

zhuowei · zhuowei · commit 51b0e4337092 · 2021-06-06T18:30:27.000-04:00
diff --git a/lldb_new_ld/runit.lldb b/lldb_new_ld/runit.lldb
@@ -1,3 +1,4 @@
+target modules search-paths add / /Volumes/F32THICKHD/macos114arm64e/out
 process connect connect://localhost:3335
 breakpoint set -n sysctlbyname -c "(int)strcmp((char*)$x0, \"kern.osvariant_status\") == 0" -o true
 breakpoint command add
@@ -8,10 +9,22 @@ c
 DONE
 b SLXServer
 b exit
-b _os_log_error_impl
-b _os_log_debug_impl
-b _os_log_impl
-b mkdir
+#b _os_log_error_impl
+#breakpoint command add
+#print (char*)$x3
+#c
+#DONE
+#b _os_log_debug_impl
+#breakpoint command add
+#print (char*)$x3
+#c
+#DONE
+#b _os_log_impl
+#breakpoint command add
+#print (char*)$x3
+#c
+#DONE
+#b mkdir
 b sandbox_init_with_parameters
 breakpoint command add
 print $x0=0
@@ -25,3 +38,25 @@ print (void)strcpy((void*)$x1, "/var/tmp")
 print $pc=$lr
 c
 DONE
+breakpoint set -n IOServiceMatching -c "(int)strcmp((char*)$x0, \"IOAccelerator\") == 0" -o true
+breakpoint command add
+print $x0=(unsigned long long)strcpy((void*)malloc(0x1000), "IOAcceleratorES");
+c
+DONE
+breakpoint set -n IOServiceNameMatching -c "(int)strcmp((char*)$x0, \"IOSurfaceRoot\") == 0" -o true
+breakpoint command add
+print $x0=(unsigned long long)strcpy((void*)malloc(0x1000), "IOCoreSurfaceRoot");
+c
+DONE
+b IOServiceMatching
+b IOServiceNameMatching
+b gpu_bundle_find_trusted
+breakpoint command add
+print $x0=0
+print (void*)strcpy((void*)$x1, "/usr/local/zhuowei/AGXMetal13_3.bundle")
+print $pc=$lr
+DONE
+b +[NSBundle bundleWithPath:]
+b -[NSBundle load]
+b -[CAWindowServer _detectDisplays]
+b IOHIDEventSystemCreate
diff --git a/resign_any_executable/WindowServer_arm64.entitlement b/resign_any_executable/WindowServer_arm64.entitlement
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.QuartzCore.debug</key>
+	<true/>
+	<key>com.apple.afk.user</key>
+	<true/>
+	<key>com.apple.appledfr.client</key>
+	<true/>
+	<key>com.apple.bluetooth.nsxpc</key>
+	<true/>
+	<key>com.apple.hid.manager.user-access-device</key>
+	<true/>
+	<key>com.apple.hid.manager.user-access-privileged</key>
+	<true/>
+	<key>com.apple.hid.multitouch.user-access</key>
+	<true/>
+	<key>com.apple.hid.system.server-access</key>
+	<true/>
+	<key>com.apple.hid.system.user-access-service</key>
+	<true/>
+	<key>com.apple.hidpreferences.privileged</key>
+	<true/>
+	<key>com.apple.iohideventsystem.server</key>
+	<true/>
+	<key>com.apple.keystore.sik.access</key>
+	<true/>
+	<key>com.apple.private.AmbientDisplay.messaging</key>
+	<true/>
+	<key>com.apple.private.allow-explicit-graphics-priority</key>
+	<true/>
+	<key>com.apple.private.colorsync.privileged</key>
+	<true/>
+	<key>com.apple.private.dfr.brightness-access</key>
+	<true/>
+	<key>com.apple.private.gpuwrangler</key>
+	<true/>
+	<key>com.apple.private.graphics-restart-no-kill</key>
+	<true/>
+	<key>com.apple.private.hid.client.admin</key>
+	<true/>
+	<key>com.apple.private.hid.client.event-monitor</key>
+	<true/>
+	<key>com.apple.private.iokit.displayservice</key>
+	<true/>
+	<key>com.apple.private.iokit.rootdomain-set-property</key>
+	<true/>
+	<key>com.apple.private.iosurfaceinfo</key>
+	<true/>
+	<key>com.apple.private.kernel.work-interval</key>
+	<true/>
+	<key>com.apple.private.tcc.allow</key>
+	<array>
+		<string>kTCCServiceAccessibility</string>
+		<string>kTCCServiceListenEvent</string>
+		<string>kTCCServicePostEvent</string>
+		<string>kTCCServiceScreenCapture</string>
+	</array>
+	<key>com.apple.private.tcc.manager</key>
+	<true/>
+	<key>com.apple.private.xpc.launchd.per-user-lookup</key>
+	<true/>
+	<key>com.apple.runningboard.assertions.fuseboard</key>
+	<true/>
+	<key>com.apple.runningboard.process-state</key>
+	<true/>
+	<key>com.apple.security.exception.mach-lookup.global-name</key>
+	<array>
+		<string>com.apple.backlightd</string>
+	</array>
+	<!-- zhuowei: iOS get out of sandbox -->
+	<key>com.apple.private.security.no-container</key>
+	<true/>
+	<key>platform-application</key>
+	<true/>
+	<!-- zhuowei: iOS probably needs this. Grabbed from splashboardd. -->
+	<key>com.apple.security.iokit-user-client-class</key>
+	<array>
+		<string>AGXCommandQueue</string>
+		<string>AGXDevice</string>
+		<string>AGXDeviceUserClient</string>
+		<string>AGXSharedUserClient</string>
+		<string>AppleJPEGDriverUserClient</string>
+		<string>IOAccelContext</string>
+		<string>IOAccelContext2</string>
+		<string>IOAccelDevice</string>
+		<string>IOAccelDevice2</string>
+		<string>IOAccelSharedUserClient</string>
+		<string>IOAccelSharedUserClient2</string>
+		<string>IOAccelSubmitter2</string>
+		<string>IOMobileFramebufferUserClient</string>
+		<string>IOSurfaceAcceleratorClient</string>
+		<string>IOSurfaceRootUserClient</string>
+	</array>
+</dict>
+</plist>
diff --git a/resign_any_executable/build.sh b/resign_any_executable/build.sh
@@ -2,7 +2,7 @@
 set -e
 lipo -thin arm64e -output "$2" "$1"
 chmod +w "$2"
-codesign -d --entitlement "$2.entitlement" "$2"
+[[ -e "$2.entitlement" ]] || codesign -d --entitlement "$2.entitlement" "$2"
 python3 set_to_arm64.py "$2"
 if [[ -s "$2.entitlement" ]]
 then
