allproc finder

chasnooker · May 17, 2021 · b2815a2 · b2815a2
1 parent 1d7320a
commit b2815a2
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/manticore/Jailbreak/jailbreak.mm b/manticore/Jailbreak/jailbreak.mm
@@ -59,9 +59,11 @@ cpu_subtype_t get_cpu_subtype() {
     uint64_t csflags = read_32(g_exp.self_proc + OFFSET(proc, csflags));
     uint64_t csflags_mod = (csflags|0xA8|0x0000008|0x0000004|0x10000000)&~(0x0000800|0x0000100|0x0000200);
     printf("CS Flags:\t0x%llx | 0x%llx\n", csflags, csflags_mod);
-    // AMFID PATCHES
-    start_rootfs_remount();
-    //perform_amfid_patches();
+    find_allproc();
+
+    //    perform_amfid_patches();
+//    start_rootfs_remount();
+
 
     printf("Goodbye!\n");
     return 0;

diff --git a/manticore/Jailbreak/kernel_utils.mm b/manticore/Jailbreak/kernel_utils.mm
@@ -207,3 +207,14 @@ kptr_t find_vnode_with_fd(kptr_t proc, int fd) {
     ret = vnode;
     return ret;
 }
+
+kptr_t find_allproc(){
+    kptr_t current_proc = g_exp.kernel_proc;
+    while(true){
+        kptr_t next_proc = kapi_read_kptr(current_proc + OFFSET(proc, le_next));
+        if(KERN_POINTER_VALID(next_proc)) current_proc = next_proc;
+        if(KERN_POINTER_INVALID(next_proc)) break;
+    }
+
+    return current_proc;
+}
diff --git a/manticore/Jailbreak/utils.mm b/manticore/Jailbreak/utils.mm
@@ -383,9 +383,7 @@ typedef CF_OPTIONS(uint32_t, SecCSFlags) {
 
 
 void *CDHashFor(char *file){
-
     SecStaticCodeRef staticCode = NULL;
-
     CFStringRef cfstr_path = CFStringCreateWithCString(kCFAllocatorDefault, file, kCFStringEncodingUTF8);
     CFURLRef cfurl = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, cfstr_path, kCFURLPOSIXPathStyle, false);
     CFRelease(cfstr_path);
@@ -584,9 +582,14 @@ void jailbreakExistenceCheck(){
     // Check for files that indicate the existence of another jailbreak
 
     // Check for taurine related files
-    if(isDirectory("/taurine") && access("/taurine/amfidebilitate.plist", R_OK)){
+    if(isDirectory("/taurine") && access("/taurine/amfidebilitate.plist", O_RDONLY)){
         printf("-> Spotted taurine files\n");
     }
+
+    // Check for unc0ver related files
+    if(access("/.installed_unc0ver", O_RDONLY)){
+        printf("-> Spotted unc0ver files\n");
+    }
 }
 
 int waitForFile(const char *filename) {

diff --git a/manticore/include/manticore/kernel_utils.h b/manticore/include/manticore/kernel_utils.h
@@ -27,7 +27,7 @@ bool execute_with_credentials(kptr_t proc, kptr_t credentials, void (^function)(
 
 
 size_t kread(kptr_t where, void* p, size_t size);
-
+kptr_t find_allproc();
 uint64_t proc_of_pid(pid_t pid);
 kptr_t find_vnode_with_fd(kptr_t proc, int fd);