From c978e62d707db7b79f8b0001595facd670da5ea7 Mon Sep 17 00:00:00 2001 From: Huge_Black Date: Sat, 1 Mar 2025 17:05:23 +0800 Subject: [PATCH] fix #374 #358 --- Resources/Info.plist | 4 ++-- control | 2 +- dyld_bypass_validation.m | 39 +++++++++++++++++++++++++++++++++++---- 3 files changed, 38 insertions(+), 7 deletions(-) diff --git a/Resources/Info.plist b/Resources/Info.plist index 7fbfac0..9a7c20e 100644 --- a/Resources/Info.plist +++ b/Resources/Info.plist @@ -42,7 +42,7 @@ CFBundlePackageType APPL CFBundleShortVersionString - 3.2.60 + 3.2.61 CFBundleSignature ???? CFBundleSupportedPlatforms @@ -61,7 +61,7 @@ CFBundleVersion - 3.2.60 + 3.2.61 LSApplicationCategoryType public.app-category.games LSApplicationQueriesSchemes diff --git a/control b/control index df1ce79..15edbdc 100644 --- a/control +++ b/control @@ -1,6 +1,6 @@ Package: com.kdt.livecontainer Name: livecontainer -Version: 3.2.60 +Version: 3.2.61 Architecture: iphoneos-arm Description: Run iOS app without actually installing it! Maintainer: khanhduytran0 diff --git a/dyld_bypass_validation.m b/dyld_bypass_validation.m index c2cd4e0..44b2d3f 100644 --- a/dyld_bypass_validation.m +++ b/dyld_bypass_validation.m @@ -22,6 +22,8 @@ // Signatures to search for static char mmapSig[] = {0xB0, 0x18, 0x80, 0xD2, 0x01, 0x10, 0x00, 0xD4}; static char fcntlSig[] = {0x90, 0x0B, 0x80, 0xD2, 0x01, 0x10, 0x00, 0xD4}; +static char syscallSig[] = {0x01, 0x10, 0x00, 0xD4}; +static int (*dopamineFcntlHookAddr)(int fildes, int cmd, void *param) = 0; extern void* __mmap(void *addr, size_t len, int prot, int flags, int fd, off_t offset); extern int __fcntl(int fildes, int cmd, void* param); @@ -64,8 +66,7 @@ static bool redirectFunction(char *name, void *patchAddr, void *target) { static bool searchAndPatch(char *name, char *base, char *signature, int length, void *target) { char *patchAddr = NULL; - - for(int i=0; i < 0x100000; i++) { + for(int i=0; i < 0x80000; i+=4) { if (base[i] == signature[0] && memcmp(base+i, signature, length) == 0) { patchAddr = base + i; break; @@ -142,7 +143,11 @@ static int hooked___fcntl(int fildes, int cmd, void *param) { } // If for another command or file, we pass through - return __fcntl(fildes, cmd, param); + if(dopamineFcntlHookAddr) { + return dopamineFcntlHookAddr(fildes, cmd, param); + } else { + return __fcntl(fildes, cmd, param); + } } void init_bypassDyldLibValidation() { @@ -160,5 +165,31 @@ void init_bypassDyldLibValidation() { //redirectFunction("mmap", mmap, hooked_mmap); //redirectFunction("fcntl", fcntl, hooked_fcntl); searchAndPatch("dyld_mmap", dyldBase, mmapSig, sizeof(mmapSig), hooked_mmap); - searchAndPatch("dyld_fcntl", dyldBase, fcntlSig, sizeof(fcntlSig), hooked___fcntl); + bool fcntlPatchSuccess = searchAndPatch("dyld_fcntl", dyldBase, fcntlSig, sizeof(fcntlSig), hooked___fcntl); + + // dopamine already hooked it, try to find its hook instaed + if(!fcntlPatchSuccess) { + char* fcntlAddr = 0; + // search all syscalls and see if the the instruction before it is a branch instruction + for(int i=0; i < 0x80000; i+=4) { + if (dyldBase[i] == syscallSig[0] && memcmp(dyldBase+i, syscallSig, 4) == 0) { + char* syscallAddr = dyldBase + i; + uint32_t* prev = (uint32_t*)(syscallAddr - 4); + if(*prev >> 26 == 0x5) { + fcntlAddr = (char*)prev; + break; + } + } + } + + if(fcntlAddr) { + uint32_t* inst = (uint32_t*)fcntlAddr; + int32_t offset = ((int32_t)((*inst)<<6))>>4; + NSLog(@"[DyldLVBypass] Dopamine hook offset = %x", offset); + dopamineFcntlHookAddr = (void*)((char*)fcntlAddr + offset); + redirectFunction("dyld_fcntl (Dopamine)", fcntlAddr, hooked___fcntl); + } else { + NSLog(@"[DyldLVBypass] Dopamine hook not found"); + } + } }