changes

palera1n · Apr 2, 2024 · 9410014 · 9410014
1 parent d17a3cf
commit 9410014
Show file tree

Hide file tree

Showing 12 changed files with 171 additions and 77 deletions.
diff --git a/include/libjailbreak/libjailbreak.h b/include/libjailbreak/libjailbreak.h
@@ -29,7 +29,8 @@ enum {
     LAUNCHD_CMD_SET_TWEAKLOADER_PATH,
     LAUNCHD_CMD_SET_PINFO_FLAGS,
     LAUNCHD_CMD_DRAW_IMAGE,
-    LAUNCHD_CMD_CRASH
+    LAUNCHD_CMD_CRASH,
+    LAUNCHD_CMD_RUN_BOOTSCREEND
 };
 
 struct xpc_global_data {

diff --git a/include/payload/payload.h b/include/payload/payload.h
@@ -20,8 +20,8 @@ void NSLog(CFStringRef, ...);
 #define CHECK_ERROR(action, loop, msg, ...) do { \
  {int ___CHECK_ERROR_ret = (action); \
  if (unlikely(___CHECK_ERROR_ret)) { \
-  fprintf(stderr, msg ": %d (%s)\n", ##__VA_ARGS__, errno, strerror(errno)); \
-  if (loop) spin(); \
+  if (!loop) fprintf(stderr, msg ": %d (%s)\n", ##__VA_ARGS__, errno, strerror(errno)); \
+  else _panic(msg ": %d (%s)\n", ##__VA_ARGS__, errno, strerror(errno)); \
  }} \
 } while (0)
 
@@ -94,6 +94,8 @@ int overwrite_main(int argc, char* argv[]);
 void reload_launchd_env(void);
 void perform_reboot3(xpc_object_t peer, xpc_object_t xreply, xpc_object_t request, struct paleinfo* pinfo_p);
 ssize_t write_fdout(int fd, void* buf, size_t len);
+_Noreturn void _panic(char* fmt, ...);
+extern bool panic_did_enter;
 
 enum {
     /* only for sysstatuscheck and prelaunchd stage! */

diff --git a/include/payload_dylib/common.h b/include/payload_dylib/common.h
@@ -16,8 +16,7 @@
 #define CHECK_ERROR(action, msg) do { \
  ret = action; \
  if (unlikely(ret)) { \
-  dprintf(fd_console, msg ": %d (%s)\n", errno, strerror(errno)); \
-  spin(); \
+_panic(msg ": %d (%s)\n", errno, strerror(errno)); \
  } \
 } while (0)
 
@@ -49,6 +48,7 @@ extern int (*spawn_hook_common_p)(pid_t *restrict pid, const char *restrict path
 					   char *const argv[restrict],
 					   char *const envp[restrict],
 					   void *pspawn_org);
+_Noreturn void _panic(char* fmt, ...);
 
 
 #endif
diff --git a/src/fakedyld/main/fakedyld.c b/src/fakedyld/main/fakedyld.c
@@ -79,6 +79,8 @@ int main(int argc, char* argv[], char* envp[], char* apple[]) {
         } else {
             JBRootPathEnv = "JB_ROOT_PATH=/var/jb"; /* will fixup to preboot path in sysstatuscheck stage */
         }
+
+        char* hasVerboseBootEnv = has_verbose_boot ? "JB_HAS_VERBOSE_BOOT=1" : "JB_HAS_VERBOSE_BOOT=0";
 
         char pinfo_buffer[50];
         snprintf(pinfo_buffer, 50, "JB_PINFO_FLAGS=0x%llx", pinfo.flags);
@@ -91,20 +93,23 @@ int main(int argc, char* argv[], char* envp[], char* apple[]) {
         char* launchd_envp1 = (launchd_envp0 + sizeof(INSERT_DYLIB));
         char* launchd_envp2 = (launchd_envp1 + strlen(pinfo_buffer) + 1);
         char* launchd_envp3 = (launchd_envp2 + strlen(JBRootPathEnv) + 1);
+        char* launchd_envp4 = (launchd_envp3 + sizeof(DEFAULT_TWEAKLOADER));
         memcpy(launchd_argv0, "/sbin/launchd", sizeof("/sbin/launchd"));
         memcpy(launchd_envp0, INSERT_DYLIB, sizeof(INSERT_DYLIB));
         memcpy(launchd_envp1, pinfo_buffer, strlen(pinfo_buffer) + 1);
         memcpy(launchd_envp2, JBRootPathEnv, strlen(JBRootPathEnv) + 1);
         memcpy(launchd_envp3, DEFAULT_TWEAKLOADER, sizeof(DEFAULT_TWEAKLOADER));
-        char** launchd_argv = (char**)((char*)launchd_envp3 + sizeof(DEFAULT_TWEAKLOADER));
+        memcpy(launchd_envp4, hasVerboseBootEnv, strlen(hasVerboseBootEnv) + 1);
+        char** launchd_argv = (char**)((char*)launchd_envp4 + strlen(hasVerboseBootEnv) + 1);
         char** launchd_envp = (char**)((char*)launchd_argv + (2*sizeof(char*)));
         launchd_argv[0] = launchd_argv0;
         launchd_argv[1] = NULL;
         launchd_envp[0] = launchd_envp0;
         launchd_envp[1] = launchd_envp1;
         launchd_envp[2] = launchd_envp2;
         launchd_envp[3] = launchd_envp3;
-        launchd_envp[4] = NULL;
+        launchd_envp[4] = launchd_envp4;
+        launchd_envp[5] = NULL;
         LOG("launchd environmental variables: ");
         for (int i = 0; launchd_envp[i] != NULL; i++) {
             LOG("%s", launchd_envp[i]);
@@ -131,6 +136,4 @@ _Noreturn void panic(char* fmt, ...) {
     sleep(60);
   }
   abort_with_payload(42, 0x69, NULL, 0, reason_real, 0);
-  __asm__ ("b .");
-  __builtin_unreachable();
 }
diff --git a/src/payload/loader/launchdaemons.c b/src/payload/loader/launchdaemons.c
@@ -5,6 +5,7 @@
 #include <mach-o/loader.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <pthread.h>
+#include <libjailbreak/libjailbreak.h>
 #include <dlfcn.h>
 
 mach_port_t (*SBSSpringBoardServerPort)(void);
@@ -15,7 +16,7 @@ void sb_launched(CFNotificationCenterRef __unused center, void __unused *observe
     CFRunLoopStop(loop);
 }
 
-int launchdaemons(uint32_t __unused payload_options, uint64_t pflags) {
+int launchdaemons(uint32_t payload_options, uint64_t pflags) {
     printf("plooshInit launchdaemons...\n");
     int platform = get_platform();
     if (platform == -1) {
@@ -37,7 +38,22 @@ int launchdaemons(uint32_t __unused payload_options, uint64_t pflags) {
             fprintf(stderr, "failed to dlopen springboardservices\n");
         }
     } else if (platform == PLATFORM_TVOS) {
-        sleep(15); // ???
+#if 0
+        sleep(10);
+        if ((payload_options & payload_option_userspace_rebooted) == 0) {
+            xpc_object_t xdict, xreply;
+            xdict = xpc_dictionary_create(NULL, NULL, 0);
+            xpc_dictionary_set_uint64(xdict, "cmd", LAUNCHD_CMD_RUN_BOOTSCREEND);
+            int ret = jailbreak_send_launchd_message(xdict, &xreply);
+            if (ret) {
+                print_jailbreakd_reply(xreply);
+            }
+            xpc_release(xdict);
+            xpc_release(xreply);
+        }
+        sleep(5); // ???
+#endif
+        sleep(15);
     }
 
     if (pflags & palerain_option_safemode) {

diff --git a/src/payload/loader/prelaunchd.c b/src/payload/loader/prelaunchd.c
@@ -22,14 +22,17 @@
 #include <sys/snapshot.h>
 #include <dlfcn.h>
 
+bool has_verbose_boot;
+bool panic_did_enter = false;
+
 int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) {
+    has_verbose_boot = (strcmp(getenv("JB_HAS_VERBOSE_BOOT"), "1") == 0);
     setvbuf(stderr, NULL, _IONBF, 0);
     setvbuf(stdout, NULL, _IONBF, 0);
     printf("plooshInit prelaunchd...\n");
     int platform = get_platform();
     if (platform == -1) {
-        fprintf(stderr, "failed to determine current platform\n");
-        spin();
+        _panic("failed to determine current platform\n");
     }
 
     if ((payload_options & payload_option_userspace_rebooted) == 0) {
@@ -53,8 +56,7 @@ int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) {
                 CHECK_ERROR(APFSVolumeRole(dev_rootdev, &role, NULL), 0, "APFSVolumeRole(%s) Failed", dev_rootdev);
                 printf("found apfs volume role: 0x%04x\n", role);
                 if (role != APFS_VOL_ROLE_RECOVERY) {
-                    fprintf(stderr, "BUG: SAFETY: deleting non-recovery volume is not allowed\n");
-                    spin();
+                    _panic("BUG: SAFETY: deleting non-recovery volume is not allowed\n");
                 } else {
                     CHECK_ERROR(errno = APFSVolumeDelete(pinfo_p->rootdev), 1, "failed to delete fakefs");
                 }
@@ -77,3 +79,20 @@ int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) {
 
     return 0;
 }
+
+_Noreturn void _panic(char* fmt, ...) {
+    panic_did_enter = true;
+  char reason[1024], reason_real[1024];
+  va_list va;
+  va_start(va, fmt);
+  vsnprintf(reason, 1024, fmt, va);
+  va_end(va);
+  snprintf(reason_real, 1024, "payload: %s", reason);
+  int fd = open("/cores/panic.txt", O_WRONLY | O_CREAT, 0644);
+  if (fd != -1) {
+    write(fd, reason_real, 1024);
+    close(fd);
+  }
+  kill(1, SIGUSR1);
+    while (1) sleep (86400);
+}
diff --git a/src/payload/loader/setup_fakefs.c b/src/payload/loader/setup_fakefs.c
@@ -106,16 +106,14 @@ int setup_fakefs(uint32_t __unused payload_options, struct paleinfo* pinfo_p) {
     struct statfs rootfs_st;
     CHECK_ERROR(statfs("/", &rootfs_st), 1, "statfs / failed");
     if (strcmp(rootfs_st.f_fstypename, "apfs")) {
-        fprintf(stderr, "unexpected filesystem type of /\n");
-        spin();
+        panic("unexpected filesystem type of /");
     }
 
     char fakefs_mntfromname[50];
     snprintf(fakefs_mntfromname, 50, "/dev/%s", pinfo_p->rootdev);
 
     if (access(fakefs_mntfromname, F_OK) == 0) {
-        fprintf(stderr, "fakefs already exists\n");
-        spin();
+        panic("fakefs already exists");
     }
 
     struct cb_context context = { .pinfo_p = pinfo_p, .bytesToCopy = 0 };
@@ -131,8 +129,7 @@ int setup_fakefs(uint32_t __unused payload_options, struct paleinfo* pinfo_p) {
 
         context.bytesToCopy = attrbuf.spaceused;
         if ((attrbuf.spaceused + MINIMUM_EXTRA_SPACE) > (rootfs_st.f_bavail * rootfs_st.f_bsize)) {
-            fprintf(stderr, "Not enough space! need %lld bytes (%d bytes buffer), have %lld bytes.\n", (attrbuf.spaceused + MINIMUM_EXTRA_SPACE), MINIMUM_EXTRA_SPACE, (rootfs_st.f_bavail * rootfs_st.f_bsize));
-            spin();
+            panic("Not enough space! need %lld bytes (%d bytes buffer), have %lld bytes.`", (attrbuf.spaceused + MINIMUM_EXTRA_SPACE), MINIMUM_EXTRA_SPACE, (rootfs_st.f_bavail * rootfs_st.f_bsize));
         }
     }
 
@@ -154,8 +151,7 @@ int setup_fakefs(uint32_t __unused payload_options, struct paleinfo* pinfo_p) {
 
     int retval = APFSVolumeCreate(container, dict);
     if (retval) {
-        fprintf(stderr, "APFSVolumeCreate failed: %d: %s\n", retval, mach_error_string(retval));
-        spin();
+        panic("APFSVolumeCreate failed: %d: %s\n", retval, mach_error_string(retval));
     }
 
     char actual_fakefs_mntfromname[50];
@@ -169,12 +165,10 @@ int setup_fakefs(uint32_t __unused payload_options, struct paleinfo* pinfo_p) {
     } else if (strstr(rootfs_st.f_mntfromname, "/dev/disk1s") != NULL) {
         snprintf(actual_fakefs_mntfromname, 50, "/dev/disk1s%d", fsindex+1);
     } else {
-        fprintf(stderr, "unexpected rootfs f_mntfromname %s\n", rootfs_st.f_mntfromname);
-        spin();
+        panic("unexpected rootfs f_mntfromname %s", rootfs_st.f_mntfromname);
     }
     if (strcmp(actual_fakefs_mntfromname, fakefs_mntfromname)) {
-        fprintf(stderr, "unexpected fakefs name %s (expected %s)\n", actual_fakefs_mntfromname, fakefs_mntfromname);
-        spin();
+        panic("unexpected fakefs name %s (expected %s)", actual_fakefs_mntfromname, fakefs_mntfromname);
     }
     sleep(2);
     struct apfs_mount_args args = {
@@ -205,8 +199,7 @@ int setup_fakefs(uint32_t __unused payload_options, struct paleinfo* pinfo_p) {
 
     int fd_fakefs = open("/cores/fs/fake", O_RDONLY | O_DIRECTORY);
     if (fd_fakefs == -1) {
-        fprintf(stderr, "cannot open fakefs fd\n");
-        spin();
+        panic("cannot open fakefs fd");
     }
 
     CHECK_ERROR(fs_snapshot_create(fd_fakefs, "orig-fs", 0), 1, "cannot create orig-fs snapshot on fakefs");

diff --git a/src/payload/loader/sysstatuscheck.c b/src/payload/loader/sysstatuscheck.c
@@ -13,6 +13,8 @@
 #include <sys/kern_memorystatus.h>
 #include <sys/snapshot.h>
 
+uint32_t dyld_get_active_platform(void);
+
 #define SB_PREF_PLIST_PATH "/var/mobile/Library/Preferences/com.apple.springboard.plist"
 #define CF_STRING_GET_CSTRING_PTR(cfStr, cPtr) do { \
     cPtr = (char*)CFStringGetCStringPtr(cfStr, kCFStringEncodingUTF8); \
@@ -169,7 +171,6 @@ int sysstatuscheck(uint32_t __unused payload_options, uint64_t pflags) {
     }
 
     remount();
-    uint32_t dyld_get_active_platform(void);
     if (dyld_get_active_platform() == PLATFORM_IOS) enable_non_default_system_apps();
     if (access("/private/var/dropbear_rsa_host_key", F_OK) != 0) {
         printf("generating ssh host key...\n");