Merge pull request #1 from sammyjeng/master

t

Author: dhd111

.github/workflows/ci.yml

@@ -0,0 +1,48 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: macos-12
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: Theos Setup
+        uses: Randomblock1/theos-action@v1
+
+      - name: Setup libSandy
+        run: |
+          git clone https://github.com/realthunder/mac-headers --depth 1
+          mv mac-headers/usr/include/xpc $THEOS/include
+          git clone https://github.com/opa334/libSandy vendor/libSandy --depth 1
+          cd vendor/libSandy/ && ./install_to_theos.sh && cd -
+
+      - name: Setup AltList
+        run: |
+          git clone https://github.com/opa334/AltList --depth 1
+          cd AltList && ./install_to_theos.sh && cd -
+
+      - name: Build shadow
+        run: ./build.sh
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        with:
+          files: |
+            ${{ github.workspace }}/packages/*.deb
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Makefile

@@ -1,5 +1,5 @@
-ARCHS ?= armv7 armv7s arm64 arm64e
-TARGET ?= iphone:clang:14.5:8.0
+ARCHS ?= arm64
+TARGET ?= iphone:clang:latest:14
 
 include $(THEOS)/makefiles/common.mk
 SUBPROJECTS += Shadow.framework

Shadow.dylib/hooks/hooks.h

@@ -9,6 +9,7 @@
 #import <sys/utsname.h>
 #import <sys/syslimits.h>
 #import <sys/time.h>
+#import <sys/ioctl.h>
 #import <errno.h>
 #import <fcntl.h>
 #import <mach-o/dyld.h>

Shadow.dylib/hooks/libc.x

@@ -831,6 +831,35 @@ static DIR* replaced___opendir2(const char* pathname, size_t bufsize) {
     return NULL;
 }
 
+// anti-antidebug
+//  Another way of figuring out if LLDB is attached. (Rednick16)
+static int (*original_isatty)(int fd);
+static int replaced_isatty(int fd) {
+	int result = original_isatty(fd);
+    if (result && fd == STDOUT_FILENO) {
+		errno = ENOENT;
+        return 0;
+    }
+	return result;
+}
+
+// Yet another way of figuring out if LLDB is attached. (Rednick16)
+static int (*original_ioctl)(int fd, unsigned long request, ...);
+static int replaced_ioctl(int fd, unsigned long request, ...) {
+    void* arg;
+    va_list args;
+    va_start(args, request);
+    arg = va_arg(args, void *);
+    va_end(args);
+
+	int result = original_ioctl(fd, request, arg);
+	if(!result && request == TIOCGWINSZ) {
+		errno = ENOTTY;
+		return -1;
+	}
+	return result;
+}
+
 void shadowhook_libc(HKSubstitutor* hooks) {
     MSHookFunction(access, replaced_access, (void **) &original_access);
     MSHookFunction(chdir, replaced_chdir, (void **) &original_chdir);
@@ -884,4 +913,6 @@ void shadowhook_libc_antidebugging(HKSubstitutor* hooks) {
     MSHookFunction(ptrace, replaced_ptrace, (void **) &original_ptrace);
     MSHookFunction(sysctl, replaced_sysctl, (void **) &original_sysctl);
     MSHookFunction(getppid, replaced_getppid, NULL);
+    MSHookFunction(isatty, replaced_isatty,(void **) &original_isatty);
+    MSHookFunction(ioctl, replaced_ioctl, (void **) &original_ioctl);
 }

Shadow.dylib/hooks/objc.x

@@ -68,6 +68,17 @@ static Class replaced_NSClassFromString(NSString* aClassName) {
     return nil;
 }
 
+// iosSecuritySuite objc class check bypass ~ 809323710123
+static id (*original_objc_getClass)(const char *name); 
+static id replaced_objc_getClass(const char *name) {
+    id result = original_objc_getClass(name);
+
+    if(isCallerTweak() || ![_shadow isAddrRestricted:(__bridge const void *)result]) {
+        return result;
+    }
+    return nil;
+}
+
 typedef struct _NXMapTable NXMapTable;
 typedef struct _NXHashTable NXHashTable;
 
@@ -104,6 +115,7 @@ void shadowhook_objc(HKSubstitutor* hooks) {
 }
 
 void shadowhook_objc_hidetweakclasses(HKSubstitutor* hooks) {
+    MSHookFunction(objc_getClass, replaced_objc_getClass, (void **) &original_objc_getClass);
     MSHookFunction(NSClassFromString, replaced_NSClassFromString, (void **) &original_NSClassFromString);
     MSHookFunction(NXMapGet, replaced_NXMapGet, (void **) &original_NXMapGet);
     MSHookFunction(NXHashGet, replaced_NXHashGet, (void **) &original_NXHashGet);

Shadow.dylib/hooks/syscall.x

@@ -2,6 +2,10 @@
 
 #import "hooks.h"
 
+#ifndef CS_DEBUGGED
+#define CS_DEBUGGED 0x10000000
+#endif
+
 static int (*original_syscall)(int number, ...);
 static int replaced_syscall(int number, ...) {
     NSLog(@"%@: %d", @"syscall", number);
@@ -29,6 +33,7 @@ static int replaced_syscall(int number, ...) {
         || number == SYS_access_extended
         || number == SYS_stat64
         || number == SYS_lstat64
+        || number == SYS_getfsstat64
         || number == SYS_stat64_extended
         || number == SYS_lstat64_extended
         || number == SYS_readlink
@@ -69,8 +74,15 @@ static int replaced_csops(pid_t pid, unsigned int ops, void* useraddr, size_t us
             ret &= ~CS_ENTITLEMENTS_VALIDATED;
             ret |= 0x0000300; /* CS_JIT_ALLOW */
             ret |= CS_REQUIRE_LV;
+
+            int flags = 0;
+            original_csops(pid, ops, &flags, sizeof(flags));
+            if(flags & CS_DEBUGGED) {
+		        *(int*)useraddr &= ~CS_DEBUGGED;
+            }
         }
 
+
         if(ops == CS_OPS_CDHASH) {
             // Hide CDHASH for trustcache checks
             errno = EBADEXEC;

Shadow.framework/Backend.m

@@ -16,15 +16,15 @@ - (instancetype)init {
     return self;
 }
 
-+ (NSArray<ShadowRuleset *> *)_loadRulesets {
-    NSMutableArray<ShadowRuleset *>* result = [NSMutableArray new];
++ (NSArray<KnoxRuleset *> *)_loadRulesets {
+    NSMutableArray<KnoxRuleset *>* result = [NSMutableArray new];
 
     NSURL* ruleset_path_url = [NSURL fileURLWithPath:[RootBridge getJBPath:@SHADOW_RULESETS] isDirectory:YES];
     NSArray* ruleset_urls = [[NSFileManager defaultManager] contentsOfDirectoryAtURL:ruleset_path_url includingPropertiesForKeys:@[] options:0 error:nil];
 
     if(ruleset_urls) {
         for(NSURL* url in ruleset_urls) {
-            ShadowRuleset* ruleset = [ShadowRuleset rulesetWithURL:url];
+            KnoxRuleset* ruleset = [KnoxRuleset rulesetWithURL:url];
 
             if(ruleset) {
                 NSDictionary* info = [[ruleset internalDictionary] objectForKey:@"RulesetInfo"];
@@ -61,7 +61,7 @@ - (BOOL)isPathRestricted:(NSString *)path {
     __block BOOL whitelisted = NO;
 
     // Check rulesets
-    [rulesets enumerateObjectsWithOptions:NSEnumerationConcurrent usingBlock:^(ShadowRuleset* ruleset, NSUInteger idx, BOOL* stop) {
+    [rulesets enumerateObjectsWithOptions:NSEnumerationConcurrent usingBlock:^(KnoxRuleset* ruleset, NSUInteger idx, BOOL* stop) {
         if(![ruleset isPathCompliant:path]) {
             compliant = NO;
             *stop = YES;
@@ -102,7 +102,7 @@ - (BOOL)isSchemeRestricted:(NSString *)scheme {
     __block BOOL restricted = NO;
 
     // Check rulesets
-    [rulesets enumerateObjectsWithOptions:NSEnumerationConcurrent usingBlock:^(ShadowRuleset* ruleset, NSUInteger idx, BOOL* stop) {
+    [rulesets enumerateObjectsWithOptions:NSEnumerationConcurrent usingBlock:^(KnoxRuleset* ruleset, NSUInteger idx, BOOL* stop) {
         if([ruleset isSchemeRestricted:scheme]) {
             restricted = YES;
             *stop = YES;

Shadow.framework/Core+Utilities.m

@@ -101,7 +101,7 @@ + (NSDictionary *)generateDatabase {
 
     // // Load standard (built-in) ruleset.
     // NSString* ruleset_path = [@SHADOW_RULESETS stringByAppendingPathComponent:@"StandardRules.plist"];
-    // ShadowRuleset* ruleset = [ShadowRuleset rulesetWithPath:[RootBridge getJBPath:ruleset_path]];
+    // KnoxRuleset* ruleset = [KnoxRuleset rulesetWithPath:[RootBridge getJBPath:ruleset_path]];
 
     NSArray* db_list_skip = @[@"base.list", @"firmware-sbin.list"];
 

Shadow.framework/Headers/Shadow/Backend.h

@@ -5,7 +5,7 @@
 #import <Shadow/Ruleset.h>
 
 @interface ShadowBackend : NSObject {
-    NSArray<ShadowRuleset *>* rulesets;
+    NSArray<KnoxRuleset *>* rulesets;
     NSCache<NSString *, NSNumber *>* cache_restricted;
 }
 

Shadow.framework/Headers/Shadow/Ruleset.h

@@ -3,7 +3,7 @@
 
 #import <Foundation/Foundation.h>
 
-@interface ShadowRuleset : NSObject {
+@interface KnoxRuleset : NSObject {
     NSSet<NSString *>* set_urlschemes;
     NSSet<NSString *>* set_whitelist;
     NSSet<NSString *>* set_blacklist;

Shadow.framework/Ruleset.m

@@ -1,6 +1,6 @@
 #import <Shadow/Ruleset.h>
 
-@implementation ShadowRuleset
+@implementation KnoxRuleset
 @synthesize internalDictionary;
 
 - (instancetype)init {
@@ -20,7 +20,7 @@ + (instancetype)rulesetWithURL:(NSURL *)url {
     NSDictionary* ruleset_dict = [NSDictionary dictionaryWithContentsOfURL:url];
 
     if(ruleset_dict) {
-        ShadowRuleset* ruleset = [self new];
+        KnoxRuleset* ruleset = [self new];
         [ruleset setInternalDictionary:ruleset_dict];
         [ruleset _compile];
         return ruleset;

Shadow.framework/Shadow.tbd

@@ -1,11 +1,11 @@
 ---
-archs:                 [ armv7, armv7s, arm64, arm64e ]
+archs:                 [  arm64 ]
 platform:              ios
 install-name:          '@rpath/Shadow.framework/Shadow'
 current-version:       0
 compatibility-version: 0
 exports:
-  - archs:                [ armv7, armv7s, arm64, arm64e ]
+  - archs:                [ arm64 ]
     objc-classes:         [ _Shadow, _ShadowBackend,
-                            _ShadowSettings, _ShadowRuleset ]
+                            _ShadowSettings, _KnoxRuleset ]
 ...

ShadowSettings.bundle/Makefile

@@ -5,9 +5,8 @@ include $(THEOS)/makefiles/common.mk
 BUNDLE_NAME = ShadowSettings
 
 ShadowSettings_FILES = $(wildcard *.m)
-ShadowSettings_FRAMEWORKS = Foundation
+ShadowSettings_FRAMEWORKS = Foundation Preferences
 ShadowSettings_EXTRA_FRAMEWORKS = Shadow AltList HookKit RootBridge
-ShadowSettings_PRIVATE_FRAMEWORKS = Preferences
 ShadowSettings_INSTALL_PATH = /Library/PreferenceBundles
 ShadowSettings_CFLAGS = -fobjc-arc -I../Shadow.framework/Headers -I../vendor/HookKit.framework/Headers -I../vendor/RootBridge.framework/Headers
 ShadowSettings_LDFLAGS = -rpath /Library/Frameworks -rpath /var/jb/Library/Frameworks -rpath /usr/lib -rpath /var/jb/usr/lib

build.sh

@@ -10,12 +10,12 @@ mkdir -p $PWD/build
 
 # build main project (rootless ver.)
 make clean &&
-THEOS_PACKAGE_SCHEME=rootless ARCHS="arm64 arm64e" TARGET=iphone:clang:latest:14.0 make package FINALPACKAGE=1 &&
+THEOS_PACKAGE_SCHEME=rootless ARCHS="arm64" TARGET=iphone:clang:latest:14.0 make package FINALPACKAGE=1 &&
 cp -p "`ls -dtr1 packages/* | tail -1`" $PWD/build/
 
 rm -rf $THEOS/lib/Shadow.framework
 
-# build main project (rooted ver.)
+# build main project (rooted ver.) rootful?
 make clean &&
 make package FINALPACKAGE=1 &&
 cp -p "`ls -dtr1 packages/* | tail -1`" $PWD/build/