mirror of
https://github.com/opa334/TrollStore.git
synced 2026-07-02 03:00:39 +08:00
TrollStore 2: First working POC :D
This commit is contained in:
+4
-2
@@ -1,14 +1,16 @@
|
||||
TARGET := iphone:clang:16.4:14.0
|
||||
ARCHS = arm64
|
||||
|
||||
TARGET_CODESIGN = ../Exploits/fastPathSign/fastPathSign
|
||||
|
||||
include $(THEOS)/makefiles/common.mk
|
||||
|
||||
TOOL_NAME = trollstorehelper
|
||||
|
||||
trollstorehelper_FILES = $(wildcard *.m) $(wildcard ../Shared/*.m) ../Exploits/fastPathSign/src/coretrust_bug.c ../Exploits/fastPathSign/src/adhoc.m
|
||||
trollstorehelper_FILES = $(wildcard *.m) $(wildcard ../Shared/*.m) ../Exploits/fastPathSign/src/coretrust_bug.c ../Exploits/fastPathSign/src/codesign.m
|
||||
trollstorehelper_CFLAGS = -fobjc-arc -I../Shared $(shell pkg-config --cflags libcrypto) -Iexternal/include -I../Exploits/fastPathSign/src
|
||||
trollstorehelper_LDFLAGS = -Lexternal/lib -lcrypto -lchoma
|
||||
trollstorehelper_CODESIGN_FLAGS = -Sentitlements.plist -K../cert.p12
|
||||
trollstorehelper_CODESIGN_FLAGS = --entitlements entitlements.plist
|
||||
trollstorehelper_INSTALL_PATH = /usr/local/bin
|
||||
trollstorehelper_LIBRARIES = archive
|
||||
trollstorehelper_PRIVATE_FRAMEWORKS = SpringBoardServices BackBoardServices MobileContainerManager
|
||||
|
||||
Vendored
BIN
Binary file not shown.
+32
-29
@@ -11,7 +11,7 @@
|
||||
#import <mach-o/loader.h>
|
||||
#import <mach-o/fat.h>
|
||||
#ifndef EMBEDDED_ROOT_HELPER
|
||||
#import "adhoc.h"
|
||||
#import "codesign.h"
|
||||
#import "coretrust_bug.h"
|
||||
#import <choma/FAT.h>
|
||||
#import <choma/MachO.h>
|
||||
@@ -398,45 +398,48 @@ int signApp(NSString* appPath)
|
||||
while(fileURL = [enumerator nextObject])
|
||||
{
|
||||
NSString *filePath = fileURL.path;
|
||||
NSLog(@"Checking %@", filePath);
|
||||
FAT *fat = fat_init_from_path(filePath.fileSystemRepresentation);
|
||||
if (fat) {
|
||||
NSLog(@"%@ is binary", filePath);
|
||||
// This is FAT or MachO, sign and apply CoreTrust bypass
|
||||
MachO *machoForExtraction = fat_find_preferred_slice(fat);
|
||||
if (machoForExtraction) {
|
||||
NSLog(@"Starting signing of %@\n", filePath);
|
||||
NSString *tmpPath = [NSTemporaryDirectory() stringByAppendingPathComponent:[NSUUID UUID].UUIDString];
|
||||
MemoryStream *sliceOutStream = file_stream_init_from_path(tmpPath.fileSystemRepresentation, 0, 0, FILE_STREAM_FLAG_WRITABLE | FILE_STREAM_FLAG_AUTO_EXPAND);
|
||||
MemoryStream *sliceStream = macho_get_stream(machoForExtraction);
|
||||
memory_stream_copy_data(sliceStream, 0, sliceOutStream, 0, memory_stream_get_size(sliceStream));
|
||||
memory_stream_free(sliceOutStream);
|
||||
MemoryStream *sliceOutStream = file_stream_init_from_path(tmpPath.fileSystemRepresentation, 0, 0, FILE_STREAM_FLAG_WRITABLE | FILE_STREAM_FLAG_AUTO_EXPAND);
|
||||
if (sliceOutStream) {
|
||||
memory_stream_copy_data(sliceStream, 0, sliceOutStream, 0, memory_stream_get_size(sliceStream));
|
||||
memory_stream_free(sliceOutStream);
|
||||
|
||||
// Now we have the single slice at tmpPath, which we will sign and apply the bypass, then copy over the original file
|
||||
// Now we have the single slice at tmpPath, which we will sign and apply the bypass, then copy over the original file
|
||||
|
||||
NSLog(@"[%@] Adhoc signing...", filePath);
|
||||
NSLog(@"[%@] Adhoc signing...", filePath);
|
||||
|
||||
// First attempt ad hoc signing
|
||||
int r = binary_sign_adhoc(tmpPath.fileSystemRepresentation, true);
|
||||
if (r != 0) {
|
||||
NSLog(@"[%@] Adhoc signing failed with error code %d, continuing anyways...\n", filePath, r);
|
||||
// First attempt ad hoc signing
|
||||
int r = codesign_sign_adhoc(tmpPath.fileSystemRepresentation, true, nil);
|
||||
if (r != 0) {
|
||||
NSLog(@"[%@] Adhoc signing failed with error code %d, continuing anyways...\n", filePath, r);
|
||||
}
|
||||
else {
|
||||
NSLog(@"[%@] Adhoc signing worked!\n", filePath);
|
||||
}
|
||||
|
||||
NSLog(@"[%@] Applying CoreTrust bypass...", filePath);
|
||||
r = apply_coretrust_bypass(tmpPath.fileSystemRepresentation);
|
||||
if (r == 0) {
|
||||
NSLog(@"[%@] Applied CoreTrust bypass!", filePath);
|
||||
}
|
||||
else {
|
||||
NSLog(@"[%@] CoreTrust bypass failed!!! :(", filePath);
|
||||
fat_free(fat);
|
||||
return 175;
|
||||
}
|
||||
|
||||
// tempFile is now signed, overwrite original file at filePath with it
|
||||
[[NSFileManager defaultManager] removeItemAtPath:filePath error:nil];
|
||||
[[NSFileManager defaultManager] moveItemAtPath:tmpPath toPath:filePath error:nil];
|
||||
}
|
||||
else {
|
||||
NSLog(@"[%@] Adhoc signing worked!\n", filePath);
|
||||
}
|
||||
|
||||
NSLog(@"[%@] Applying CoreTrust bypass...", filePath);
|
||||
r = apply_coretrust_bypass(tmpPath.fileSystemRepresentation);
|
||||
if (r == 0) {
|
||||
NSLog(@"[%@] Applied CoreTrust bypass!", filePath);
|
||||
}
|
||||
else {
|
||||
NSLog(@"[%@] CoreTrust bypass failed!!! :(", filePath);
|
||||
fat_free(fat);
|
||||
return 175;
|
||||
}
|
||||
|
||||
// tempFile is now signed, overwrite original file at filePath with it
|
||||
[[NSFileManager defaultManager] removeItemAtPath:filePath error:nil];
|
||||
[[NSFileManager defaultManager] moveItemAtPath:tmpPath toPath:filePath error:nil];
|
||||
}
|
||||
fat_free(fat);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user