-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathaddtoolstoramdisk.sh
executable file
·69 lines (52 loc) · 2.09 KB
/
addtoolstoramdisk.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/bin/bash
set -e
if [ -z "$1" ] || [ -z "$2" ]
then
echo "Usage: ./addtoolstoramdisk.sh <path/to/048-62250-075.dmg> <path/to/dyld_shared_cache_arm64>"
exit 1
fi
# Download iOS prebuilt utils
if [ ! -e "iosbinpack.tar" ]
then
curl -L "https://github.com/jakeajames/rootlessJB/raw/9de6d1213550dab85a0cb4f49322d9cd2fd49595/rootlessJB/bootstrap/tars/iosbinpack.tar" > iosbinpack.tar
fi
rm -r tmpiOSTools || true
mkdir tmpiOSTools || true
cd tmpiOSTools
tar xf ../iosbinpack.tar
cd ..
echo "**iosbinpack extracted**"
# Mount the ramdisk
outfile="iOSFiles/ramdisk.dmg"
python3 extractfilefromim4p.py "$1" "$outfile"
hdiutil resize -size 1.8G -imagekey diskimage-class=CRawDiskImage "$outfile"
mountinfo="$(hdiutil attach -imagekey diskimage-class=CRawDiskImage "$outfile")"
echo "$mountinfo"
function unmountit() {
hdiutil detach "$mountpath"
}
trap unmountit EXIT
mountpath="$( cut -f 3 <<< "$mountinfo")"
echo "**Mounted at $mountpath**"
# Copy the dyld cache
sudo diskutil enableownership "$mountpath"
sudo mkdir -p "$mountpath/System/Library/Caches/com.apple.dyld/"
sudo cp "$2" "$mountpath/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64e"
sudo chown root "$mountpath/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64e"
echo "**dyld_shared_cache copied**"
# Copy the utilities
sudo cp -R tmpiOSTools/iosbinpack64 "$mountpath/"
echo "**utilities copied**"
# Replace launch daemons
#sudo rm "$mountpath/System/Library/LaunchDaemons/"*
#sudo cp RamdiskPatches/com.apple.bash.plist "$mountpath/System/Library/LaunchDaemons/"
sudo cp RamdiskPatches/com.apple.restored_update.plist "$mountpath/System/Library/LaunchDaemons/"
sudo chown root:wheel "$mountpath/System/Library/LaunchDaemons/"*
echo "**launchdaemon modified - now generating hashes, please wait**"
# YOLO
# sudo cp -R "$mountpath/iosbinpack64/bin/bash" "$mountpath/sbin/launchd"
sudo cp -R "$mountpath/usr/bin/sed" "$mountpath/iosbinpack64/bin/bash"
# Generate hashes for trustcache
#./dumphashes.sh "$mountpath" >tchashes 2>/dev/null
echo "**generated hashes in tchashes - use Aleph Security's script to convert to binary**"
echo "**done**"