From 201982ed0d5189298313f999f32d30b9322715ef Mon Sep 17 00:00:00 2001 From: Jamie Bishop Date: Sat, 28 Jan 2017 12:09:58 +0000 Subject: [PATCH 01/23] Add case for already jailbroken device Better console log if already jailbroken --- yalu102/offsets.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/yalu102/offsets.c b/yalu102/offsets.c index 8d4fb23..99ddf8c 100644 --- a/yalu102/offsets.c +++ b/yalu102/offsets.c @@ -96,6 +96,8 @@ void init_offsets() { allproc_offset = 0x5a4128; /* @Mila432 */ procoff = 0x360; rootvnode_offset = 0x5aa0b8; /* @Mila432 */ + } else if (strstr(u.version, "MarijuanARM")) { + printf("Already jailbroken\n"); } else { printf("missing offset, prob crashing\n"); } From a8a0dacb93269ed47a781901e211ccde53ab3e52 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 12:21:19 +0000 Subject: [PATCH 02/23] Added better already jailbroken handling, made a function, and removed memory warning handler --- yalu102/ViewController.h | 1 + yalu102/ViewController.m | 17 ++++++----------- yalu102/offsets.c | 2 ++ 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/yalu102/ViewController.h b/yalu102/ViewController.h index 80fe105..df484ae 100644 --- a/yalu102/ViewController.h +++ b/yalu102/ViewController.h @@ -13,6 +13,7 @@ IBOutlet UIButton* dope; } - (IBAction)yolo:(id)sender; +- (void) setAlreadyJailbroken; @end diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 63328b3..fc4723c 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -33,16 +33,17 @@ @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; init_offsets(); + + [self setAlreadyJailbroken]; +} + +- (void) setAlreadyJailbroken { struct utsname u = { 0 }; uname(&u); - - if (strstr(u.version, "MarijuanARM")) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; } - - // Do any additional setup after loading the view, typically from a nib. } typedef natural_t not_natural_t; @@ -373,14 +374,8 @@ - (IBAction)yolo:(UIButton*)sender void exploit(void*, mach_port_t, uint64_t, uint64_t); exploit(sender, pt, kernel_base, allproc_offset); - [dope setEnabled:NO]; - [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; - -} + [self setAlreadyJailbroken]; -- (void)didReceiveMemoryWarning { - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. } diff --git a/yalu102/offsets.c b/yalu102/offsets.c index 8d4fb23..99ddf8c 100644 --- a/yalu102/offsets.c +++ b/yalu102/offsets.c @@ -96,6 +96,8 @@ void init_offsets() { allproc_offset = 0x5a4128; /* @Mila432 */ procoff = 0x360; rootvnode_offset = 0x5aa0b8; /* @Mila432 */ + } else if (strstr(u.version, "MarijuanARM")) { + printf("Already jailbroken\n"); } else { printf("missing offset, prob crashing\n"); } From b99c5f80744c53991f59648d975dc5a2d0e42deb Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 13:06:22 +0000 Subject: [PATCH 03/23] Added URL scheme & rename setAleadyJailbroken --- yalu102/Info.plist | 11 +++++++++++ yalu102/ViewController.h | 2 +- yalu102/ViewController.m | 8 +++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/yalu102/Info.plist b/yalu102/Info.plist index d052473..99f1e98 100644 --- a/yalu102/Info.plist +++ b/yalu102/Info.plist @@ -2,6 +2,17 @@ + CFBundleURLTypes + + + CFBundleURLSchemes + + yalu + + CFBundleURLName + kim.cracksby.yalu102 + + CFBundleDevelopmentRegion en CFBundleExecutable diff --git a/yalu102/ViewController.h b/yalu102/ViewController.h index df484ae..463449c 100644 --- a/yalu102/ViewController.h +++ b/yalu102/ViewController.h @@ -13,7 +13,7 @@ IBOutlet UIButton* dope; } - (IBAction)yolo:(id)sender; -- (void) setAlreadyJailbroken; +- (bool) alreadyJailbroken; @end diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index fc4723c..a87ddc6 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -34,16 +34,18 @@ - (void)viewDidLoad { [super viewDidLoad]; init_offsets(); - [self setAlreadyJailbroken]; + [self alreadyJailbroken]; } -- (void) setAlreadyJailbroken { +- (bool) alreadyJailbroken { struct utsname u = { 0 }; uname(&u); if (strstr(u.version, "MarijuanARM")) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + return YES; } + return NO; } typedef natural_t not_natural_t; @@ -374,7 +376,7 @@ - (IBAction)yolo:(UIButton*)sender void exploit(void*, mach_port_t, uint64_t, uint64_t); exploit(sender, pt, kernel_base, allproc_offset); - [self setAlreadyJailbroken]; + [self alreadyJailbroken]; } From e8f83238bad24b6e1d890fb57a9fbff8fe3fa3c7 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 13:33:49 +0000 Subject: [PATCH 04/23] Added local bool & rename for easier use in future --- yalu102/ViewController.m | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index a87ddc6..240d299 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -32,20 +32,20 @@ @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; - init_offsets(); - [self alreadyJailbroken]; + init_offsets(); } - (bool) alreadyJailbroken { struct utsname u = { 0 }; uname(&u); - if (strstr(u.version, "MarijuanARM")) { + + bool alreadyJailbroken = strstr(u.version, "MarijuanARM"); + if (alreadyJailbroken) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; - return YES; } - return NO; + return alreadyJailbroken; } typedef natural_t not_natural_t; From 25669fcee3116b12b22becdff4ce3c6748e968e6 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 14:16:06 +0000 Subject: [PATCH 05/23] Add a URL scheme to jailbreak --- yalu102/AppDelegate.h | 2 +- yalu102/AppDelegate.m | 9 ++++++++- yalu102/ViewController.h | 1 + yalu102/ViewController.m | 24 ++++++++++++++++++------ yalu102/jailbreak.m | 2 +- 5 files changed, 29 insertions(+), 9 deletions(-) diff --git a/yalu102/AppDelegate.h b/yalu102/AppDelegate.h index ccd8022..d9a6799 100644 --- a/yalu102/AppDelegate.h +++ b/yalu102/AppDelegate.h @@ -11,7 +11,7 @@ @interface AppDelegate : UIResponder @property (strong, nonatomic) UIWindow *window; - +@property (nonatomic) BOOL shouldJailbreak; @end diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index 8dfdc30..e7d2ab8 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -20,6 +20,14 @@ - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:( return YES; } +- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { + NSString *urlParameter = [[url host] stringByReplacingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; + if ([urlParameter isEqual:@"break"]) { + NSLog(@"We're breaking out of jail bois!"); + _shouldJailbreak = YES; + } + return YES; +} - (void)applicationWillResignActive:(UIApplication *)application { // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. @@ -47,5 +55,4 @@ - (void)applicationWillTerminate:(UIApplication *)application { // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. } - @end diff --git a/yalu102/ViewController.h b/yalu102/ViewController.h index 463449c..5d503aa 100644 --- a/yalu102/ViewController.h +++ b/yalu102/ViewController.h @@ -13,6 +13,7 @@ IBOutlet UIButton* dope; } - (IBAction)yolo:(id)sender; +- (void) doIt; - (bool) alreadyJailbroken; @end diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 240d299..f57b740 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -14,6 +14,7 @@ #undef __IPHONE_OS_VERSION_MIN_REQUIRED #import #include +#include "AppDelegate.h" extern uint64_t procoff; @@ -34,6 +35,13 @@ - (void)viewDidLoad { [super viewDidLoad]; [self alreadyJailbroken]; init_offsets(); + + if([(AppDelegate*)[[UIApplication sharedApplication] delegate] shouldJailbreak]) { + // User opened through 3D touch or URL scheme + if(![self alreadyJailbroken]){ + [self doIt]; + } + } } - (bool) alreadyJailbroken { @@ -120,8 +128,12 @@ - (bool) alreadyJailbroken { #define IKOT_CLOCK 25 char dt[128]; -- (IBAction)yolo:(UIButton*)sender -{ + +- (IBAction)yolo:(UIButton*)sender { + [self doIt]; +} + +- (void)doIt { /* we out here! @@ -256,7 +268,7 @@ - (IBAction)yolo:(UIButton*)sender ports[i] = 0; } } - [sender setTitle:@"failed, retry" forState:UIControlStateNormal]; + [dope setTitle:@"failed, retry" forState:UIControlStateNormal]; return; foundp: @@ -276,7 +288,7 @@ - (IBAction)yolo:(UIButton*)sender } } } - [sender setTitle:@"failed, retry" forState:UIControlStateNormal]; + [dope setTitle:@"failed, retry" forState:UIControlStateNormal]; return; gotclock:; @@ -374,8 +386,8 @@ - (IBAction)yolo:(UIButton*)sender extern uint64_t slide; slide = kernel_base - 0xFFFFFFF007004000; - void exploit(void*, mach_port_t, uint64_t, uint64_t); - exploit(sender, pt, kernel_base, allproc_offset); + void exploit(mach_port_t, uint64_t, uint64_t); + exploit(pt, kernel_base, allproc_offset); [self alreadyJailbroken]; } diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m index 64da483..9ad28e4 100644 --- a/yalu102/jailbreak.m +++ b/yalu102/jailbreak.m @@ -95,7 +95,7 @@ uint64_t WriteAnywhere32(uint64_t addr, uint32_t val) { #import "pte_stuff.h" -void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs) +void exploit(mach_port_t pt, uint64_t kernbase, uint64_t allprocs) { io_iterator_t iterator; IOServiceGetMatchingServices(kIOMasterPortDefault, IOServiceMatching("IOSurfaceRoot"), &iterator); From f289c674a13a5e7249f4c1b14425774814565fa0 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 14:36:56 +0000 Subject: [PATCH 06/23] Add 3D touch shortcut to jailbreak --- yalu102/AppDelegate.m | 10 +++++++++- yalu102/Info.plist | 11 ++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index e7d2ab8..7f2bbb4 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -21,7 +21,7 @@ - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:( } - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { - NSString *urlParameter = [[url host] stringByReplacingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; + NSString *urlParameter = [url host]; if ([urlParameter isEqual:@"break"]) { NSLog(@"We're breaking out of jail bois!"); _shouldJailbreak = YES; @@ -29,6 +29,14 @@ - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { return YES; } +- (void)application:(UIApplication *)application performActionForShortcutItem:(UIApplicationShortcutItem *)shortcutItem completionHandler:(void (^)(BOOL))completionHandler { + NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier]; + NSLog(@"%@", shortcutItem.type); + if ([shortcutItem.type isEqual:[NSString stringWithFormat: @"%@.BREAK", bundleIdentifier]]) { + _shouldJailbreak = YES; + } +} + - (void)applicationWillResignActive:(UIApplication *)application { // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. // Use this method to pause ongoing tasks, disable timers, and invalidate graphics rendering callbacks. Games should use this method to pause the game. diff --git a/yalu102/Info.plist b/yalu102/Info.plist index 99f1e98..8111995 100644 --- a/yalu102/Info.plist +++ b/yalu102/Info.plist @@ -2,6 +2,15 @@ + UIApplicationShortcutItems + + + UIApplicationShortcutItemTitle + Jailbreak + UIApplicationShortcutItemType + ${PRODUCT_BUNDLE_IDENTIFIER}.BREAK + + CFBundleURLTypes @@ -10,7 +19,7 @@ yalu CFBundleURLName - kim.cracksby.yalu102 + $(PRODUCT_BUNDLE_IDENTIFIER) CFBundleDevelopmentRegion From 4dfc25992551b713fbe6a85b7e45cc916e4675d0 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 16:32:43 +0000 Subject: [PATCH 07/23] Fixed 3D touch shortcuts not working? --- yalu102/Info.plist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yalu102/Info.plist b/yalu102/Info.plist index 8111995..e369746 100644 --- a/yalu102/Info.plist +++ b/yalu102/Info.plist @@ -2,7 +2,7 @@ - UIApplicationShortcutItems + UIApplicationShortcutItems UIApplicationShortcutItemTitle From 746b44399d2098355edb2cc16f5baed222a4e2e6 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 16:42:42 +0000 Subject: [PATCH 08/23] Add jailbreaking button state --- yalu102/ViewController.m | 2 ++ 1 file changed, 2 insertions(+) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index f57b740..3be165f 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -139,6 +139,8 @@ - (void)doIt { we out here! */ + [dope setEnabled:NO]; + [dope setTitle:@"jailbreaking" forState:UIControlStateDisabled]; mach_port_t vch = 0; From 8e105de6bd5cbed0f6ecd86e6fadb1782cf121a1 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:01:22 -0500 Subject: [PATCH 09/23] Allow building and running on iOS Simulator --- yalu102/ViewController.m | 6 ++++++ yalu102/jailbreak.m | 2 ++ 2 files changed, 8 insertions(+) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 3be165f..a4fd022 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -134,6 +134,11 @@ - (IBAction)yolo:(UIButton*)sender { } - (void)doIt { + #if TARGET_IPHONE_SIMULATOR + UIAlertController* alert = [UIAlertController alertControllerWithTitle:@"Cannot Jailbreak" message:@"You are currently running the app in the iOS Simulator. To jailbreak, run the tool on a real device." preferredStyle:UIAlertControllerStyleAlert]; + [alert addAction: [UIAlertAction actionWithTitle:@"Dismiss" style:UIAlertActionStyleCancel handler:nil]]; + [self presentViewController:alert animated:YES completion:nil]; + #else /* we out here! @@ -391,6 +396,7 @@ - (void)doIt { void exploit(mach_port_t, uint64_t, uint64_t); exploit(pt, kernel_base, allproc_offset); [self alreadyJailbroken]; + #endif } diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m index 9ad28e4..3d74000 100644 --- a/yalu102/jailbreak.m +++ b/yalu102/jailbreak.m @@ -6,6 +6,7 @@ // Copyright © 2017 kimjongcracks. All rights reserved. // +#if TARGET_OS_IPHONE #import #undef __IPHONE_OS_VERSION_MIN_REQUIRED #import @@ -800,3 +801,4 @@ void exploit(mach_port_t pt, uint64_t kernbase, uint64_t allprocs) NSLog(@"done"); } +#endif From fc5aaf4b95cc772ab5fa480f14614399d0c9e165 Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 17:13:50 +0000 Subject: [PATCH 10/23] Attempt at fixing issue where shouldJailbreak sticks --- yalu102/AppDelegate.h | 2 +- yalu102/AppDelegate.m | 2 +- yalu102/ViewController.m | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/yalu102/AppDelegate.h b/yalu102/AppDelegate.h index d9a6799..e16ffab 100644 --- a/yalu102/AppDelegate.h +++ b/yalu102/AppDelegate.h @@ -11,7 +11,7 @@ @interface AppDelegate : UIResponder @property (strong, nonatomic) UIWindow *window; -@property (nonatomic) BOOL shouldJailbreak; +@property (nonatomic, readwrite) BOOL shouldJailbreak; @end diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index 7f2bbb4..9bfecff 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -13,7 +13,7 @@ @interface AppDelegate () @end @implementation AppDelegate - +@synthesize shouldJailbreak = _shouldJailbreak; - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 3be165f..5f4353a 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -48,10 +48,12 @@ - (bool) alreadyJailbroken { struct utsname u = { 0 }; uname(&u); - bool alreadyJailbroken = strstr(u.version, "MarijuanARM"); + bool alreadyJailbroken = strstr(u.version, "MarijuanARM") == 0; if (alreadyJailbroken) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + [(AppDelegate*)[[UIApplication sharedApplication] delegate] shouldJailbreak:NO]; + } return alreadyJailbroken; } From b28d73e4f62ffc79f5b8e12760a1485660f99812 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:15:09 -0500 Subject: [PATCH 11/23] Fix 3D Touch shortcut --- yalu102/AppDelegate.m | 3 +++ yalu102/ViewController.m | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index 7f2bbb4..52b9113 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -25,6 +25,7 @@ - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { if ([urlParameter isEqual:@"break"]) { NSLog(@"We're breaking out of jail bois!"); _shouldJailbreak = YES; + [[NSNotificationCenter defaultCenter] postNotificationName:@"ReevaluateShouldJailbreak" object:nil userInfo:nil]; } return YES; } @@ -33,7 +34,9 @@ - (void)application:(UIApplication *)application performActionForShortcutItem:(U NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier]; NSLog(@"%@", shortcutItem.type); if ([shortcutItem.type isEqual:[NSString stringWithFormat: @"%@.BREAK", bundleIdentifier]]) { + NSLog(@"3D Touch action to jailbreak hit"); _shouldJailbreak = YES; + [[NSNotificationCenter defaultCenter] postNotificationName: @"ReevaluateShouldJailbreak" object:nil userInfo:nil]; } } diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index a4fd022..79e7607 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -36,9 +36,14 @@ - (void)viewDidLoad { [self alreadyJailbroken]; init_offsets(); + [self evaluateShouldJailbreak]; + [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(evaluateShouldJailbreak) name:@"ReevaluateShouldJailbreak" object:nil]; +} + +- (void) evaluateShouldJailbreak { if([(AppDelegate*)[[UIApplication sharedApplication] delegate] shouldJailbreak]) { // User opened through 3D touch or URL scheme - if(![self alreadyJailbroken]){ + if(![self alreadyJailbroken]) { [self doIt]; } } From a169a55877b4f83f475246c6c54968c07629460e Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:22:44 -0500 Subject: [PATCH 12/23] Move actual UI changes outside of logic function --- yalu102/ViewController.m | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 9aec257..9bb0c26 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -33,7 +33,7 @@ @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; - [self alreadyJailbroken]; + [self performForJailbrokenState]; init_offsets(); [self evaluateShouldJailbreak]; @@ -54,13 +54,15 @@ - (bool) alreadyJailbroken { uname(&u); bool alreadyJailbroken = strstr(u.version, "MarijuanARM") == 0; - if (alreadyJailbroken) { + return alreadyJailbroken; +} + +- (void) performForJailbrokenState { + if ([self alreadyJailbroken]) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; [(AppDelegate*)[[UIApplication sharedApplication] delegate] shouldJailbreak:NO]; - } - return alreadyJailbroken; } typedef natural_t not_natural_t; @@ -402,7 +404,7 @@ - (void)doIt { void exploit(mach_port_t, uint64_t, uint64_t); exploit(pt, kernel_base, allproc_offset); - [self alreadyJailbroken]; + [self performForJailbrokenState]; #endif } From 9378385da4da2fc2d238585c7853246aa7a92725 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:24:05 -0500 Subject: [PATCH 13/23] Move shouldJailbreak setter to better spot --- yalu102/ViewController.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 9bb0c26..db6ae12 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -46,6 +46,7 @@ - (void) evaluateShouldJailbreak { if(![self alreadyJailbroken]) { [self doIt]; } + [(AppDelegate*)[[UIApplication sharedApplication] delegate] setShouldJailbreak:NO]; } } @@ -61,7 +62,6 @@ - (void) performForJailbrokenState { if ([self alreadyJailbroken]) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; - [(AppDelegate*)[[UIApplication sharedApplication] delegate] shouldJailbreak:NO]; } } From d25d842778cc5d45740cb97855e3ad2a101eb516 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:27:57 -0500 Subject: [PATCH 14/23] Comment some of the more "easy" code --- yalu102/AppDelegate.m | 6 +++++- yalu102/ViewController.m | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index ddffedb..3638f7b 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -21,8 +21,10 @@ - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:( } - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { + // URL scheme handling NSString *urlParameter = [url host]; if ([urlParameter isEqual:@"break"]) { + // URL scheme to jailbreak is being handled NSLog(@"We're breaking out of jail bois!"); _shouldJailbreak = YES; [[NSNotificationCenter defaultCenter] postNotificationName:@"ReevaluateShouldJailbreak" object:nil userInfo:nil]; @@ -31,10 +33,12 @@ - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { } - (void)application:(UIApplication *)application performActionForShortcutItem:(UIApplicationShortcutItem *)shortcutItem completionHandler:(void (^)(BOOL))completionHandler { + // 3D Touch shortcut action handling NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier]; NSLog(@"%@", shortcutItem.type); if ([shortcutItem.type isEqual:[NSString stringWithFormat: @"%@.BREAK", bundleIdentifier]]) { - NSLog(@"3D Touch action to jailbreak hit"); + // User has requested through 3D Touch to jailbreal + NSLog(@"3D Touch shortcut action to jailbreak hit!"); _shouldJailbreak = YES; [[NSNotificationCenter defaultCenter] postNotificationName: @"ReevaluateShouldJailbreak" object:nil userInfo:nil]; } diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index db6ae12..aca53cd 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -33,10 +33,14 @@ @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; + + // Check if user is already jailbroken [self performForJailbrokenState]; init_offsets(); + // Check if user has requested to jailbreak through URL schemes or 3D Touch [self evaluateShouldJailbreak]; + // Keep checking for when we need to reevaluate this [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(evaluateShouldJailbreak) name:@"ReevaluateShouldJailbreak" object:nil]; } @@ -59,6 +63,7 @@ - (bool) alreadyJailbroken { } - (void) performForJailbrokenState { + // Check if the device is already jailbroken and change the UI accordingly if ([self alreadyJailbroken]) { [dope setEnabled:NO]; [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; From 0f33ad8bff1a6e67b94792d72707162060b789dc Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:33:44 -0500 Subject: [PATCH 15/23] Move location of device check to make build for real devices again (whoops) --- yalu102/jailbreak.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m index 3d74000..a118eb4 100644 --- a/yalu102/jailbreak.m +++ b/yalu102/jailbreak.m @@ -6,12 +6,12 @@ // Copyright © 2017 kimjongcracks. All rights reserved. // -#if TARGET_OS_IPHONE #import #undef __IPHONE_OS_VERSION_MIN_REQUIRED #import #import "devicesupport.h" +#if TARGET_OS_IPHONE #import #import #import From d83fd90ea4a56ebbf6e27321ecb5da6ba046e10e Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:36:34 -0500 Subject: [PATCH 16/23] Fixed simulator check in jailbreak file --- yalu102/jailbreak.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m index a118eb4..3d41a89 100644 --- a/yalu102/jailbreak.m +++ b/yalu102/jailbreak.m @@ -11,7 +11,7 @@ #import #import "devicesupport.h" -#if TARGET_OS_IPHONE +#if !(TARGET_OS_SIMULATOR) #import #import #import From d02d694badd041246e0b33a1653ac862db66fe74 Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 12:41:38 -0500 Subject: [PATCH 17/23] Fix jailbreak check always returning true --- yalu102/ViewController.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index aca53cd..53eb770 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -58,7 +58,7 @@ - (bool) alreadyJailbroken { struct utsname u = { 0 }; uname(&u); - bool alreadyJailbroken = strstr(u.version, "MarijuanARM") == 0; + bool alreadyJailbroken = strstr(u.version, "MarijuanARM"); return alreadyJailbroken; } From 06ff73b7e51b698c0d200e080afe9810d01dc99a Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sat, 28 Jan 2017 18:57:18 +0000 Subject: [PATCH 18/23] Add some UI changes to main thread --- yalu102/ViewController.m | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index 53eb770..a3ac28b 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -65,8 +65,10 @@ - (bool) alreadyJailbroken { - (void) performForJailbrokenState { // Check if the device is already jailbroken and change the UI accordingly if ([self alreadyJailbroken]) { - [dope setEnabled:NO]; - [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + dispatch_async(dispatch_get_main_queue(), ^{ + [dope setEnabled:NO]; + [dope setTitle:@"already jailbroken" forState:UIControlStateDisabled]; + }); } } From b6dcaf8214a381f7f669abcdcb53c6dc96a751ed Mon Sep 17 00:00:00 2001 From: BuildTools Date: Sat, 28 Jan 2017 23:28:29 -0500 Subject: [PATCH 19/23] Fix offsets typo --- yalu102/offsets.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yalu102/offsets.c b/yalu102/offsets.c index 9e8b951..9e1e548 100644 --- a/yalu102/offsets.c +++ b/yalu102/offsets.c @@ -150,8 +150,8 @@ void init_offsets() { procoff = 0x360; rootvnode_offset = 0x5aa0b8; /* @Mila432 */ } else if (strstr(u.version, "MarijuanARM")) { - pritf("Already jailbroken\n"); + printf("Already jailbroken\n"); } else { printf("missing offset, prob crashing\n"); } -} \ No newline at end of file +} From 89edd86b8641df7b095867c5ebae813b6a94260a Mon Sep 17 00:00:00 2001 From: Jamie Bishop Date: Sun, 29 Jan 2017 16:39:22 +0000 Subject: [PATCH 20/23] Add 5s and 6 to supported devices --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 53a68ba..8250d27 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,9 @@ Please use the "Issues" tab for **code related** issues only. If you need suppor | Device | Version | |---------|----------| +| iPhone 5S | iOS 10.0.0 -> iOS 10.2 | | iPad Pro | iOS 10.0.0 -> iOS 10.2 | +| iPhone 6 | iOS 10.0.0 -> iOS 10.2 | | iPhone 6S | iOS 10.0.0 -> iOS 10.2 | | iPhone SE | iOS 10.0.0 -> iOS 10.2 | @@ -20,10 +22,8 @@ In the near future, the jailbreak will support the following devices: | Device | Version | |---------|----------| -| iPhone 5S | iOS 10.0.0 -> iOS 10.2 | | iPad Air| iOS 10.0.0 -> iOS 10.2 | | iPad Mini 2| iOS 10.0.0 -> iOS 10.2 | -| iPhone 6 | iOS 10.0.0 -> iOS 10.2 | | iPad Air 2| iOS 10.0.0 -> iOS 10.2 | | iPad Mini 3| iOS 10.0.0 -> iOS 10.2 | | iPod touch (6G) | iOS 10.0.0 -> iOS 10.2 | From 12d1c66f4efd3554360c4daa202b3c4c2b22135b Mon Sep 17 00:00:00 2001 From: Jamie Bishop Date: Sun, 29 Jan 2017 18:25:15 +0000 Subject: [PATCH 21/23] Add beta 2 --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8250d27..d583d29 100644 --- a/README.md +++ b/README.md @@ -13,22 +13,22 @@ Please use the "Issues" tab for **code related** issues only. If you need suppor | iPhone 5S | iOS 10.0.0 -> iOS 10.2 | | iPad Pro | iOS 10.0.0 -> iOS 10.2 | | iPhone 6 | iOS 10.0.0 -> iOS 10.2 | +| iPad Air| iOS 10.0.0 -> iOS 10.2 | +| iPad Mini 2| iOS 10.0.0 -> iOS 10.2 | +| iPad Mini 3| iOS 10.0.0 -> iOS 10.2 | +| iPad Mini 4 | iOS 10.0.0 -> iOS 10.2 | | iPhone 6S | iOS 10.0.0 -> iOS 10.2 | | iPhone SE | iOS 10.0.0 -> iOS 10.2 | +| iPod touch (6G) | iOS 10.0.0 -> iOS 10.2 | +| iPhone 7 | iOS 10.0.0 -> iOS 10.1.1 | ### Planned Support: -In the near future, the jailbreak will support the following devices: +In the near future, the jailbreak will support the following device: | Device | Version | |---------|----------| -| iPad Air| iOS 10.0.0 -> iOS 10.2 | -| iPad Mini 2| iOS 10.0.0 -> iOS 10.2 | | iPad Air 2| iOS 10.0.0 -> iOS 10.2 | -| iPad Mini 3| iOS 10.0.0 -> iOS 10.2 | -| iPod touch (6G) | iOS 10.0.0 -> iOS 10.2 | -| iPad Mini 4 | iOS 10.0.0 -> iOS 10.2 | -| iPhone 7 | iOS 10.0.0 -> iOS 10.1.1 | **Note, the iPhone 7 is only supported till iOS 10.1.1** If you are already on iOS 10.2 with an iPhone 7, **stay there**. The actual exploit behind this still works, but the KPP bypass does not. @@ -54,7 +54,7 @@ If you are already on iOS 10.2 with an iPhone 7, **stay there**. The actual expl | Version | Download | SHA1 | |---------|----------|------| | Alpha | [Link](https://yalu.qwertyoruiop.com/yalu102_alpha.ipa) | 2FE14F1C1E1A0D26203BBB123F6747A978DD2B4F | - +| Beta Two | [Link](https://yalu.qwertyoruiop.com/yalu102_beta.ipa)| 4fddad7cca8aa0c0a6579c1d63d00917f15efc86 | ## Contributing Create a fork of the repository, make your changes and then create a pull request. From d7a035c4dd85877b06d0d364cac9ef6bb61bae8e Mon Sep 17 00:00:00 2001 From: Jamie / Null Date: Sun, 29 Jan 2017 18:53:42 +0000 Subject: [PATCH 22/23] Forgot to commit confirm alert --- yalu102/AppDelegate.m | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/yalu102/AppDelegate.m b/yalu102/AppDelegate.m index 3638f7b..eb7626c 100644 --- a/yalu102/AppDelegate.m +++ b/yalu102/AppDelegate.m @@ -25,9 +25,17 @@ - (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { NSString *urlParameter = [url host]; if ([urlParameter isEqual:@"break"]) { // URL scheme to jailbreak is being handled - NSLog(@"We're breaking out of jail bois!"); - _shouldJailbreak = YES; - [[NSNotificationCenter defaultCenter] postNotificationName:@"ReevaluateShouldJailbreak" object:nil userInfo:nil]; + UIAlertController *alertvc = [UIAlertController alertControllerWithTitle:@"Do you really want to jailbreak?" message:@"You used a URI scheme to break out of jail." preferredStyle:UIAlertControllerStyleAlert]; + UIAlertAction *actionOk = [UIAlertAction actionWithTitle:@"I want to jailbreak!" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) { + NSLog(@"We're breaking out of jail bois!"); + _shouldJailbreak = YES; + [[NSNotificationCenter defaultCenter] postNotificationName:@"ReevaluateShouldJailbreak" object:nil userInfo:nil]; + }]; + UIAlertAction* cancelAction = [UIAlertAction actionWithTitle:@"Cancel" style:UIAlertActionStyleDestructive handler:nil]; + [alertvc addAction:actionOk]; + [alertvc addAction:cancelAction]; + UIViewController *vc = self.window.rootViewController; + [vc presentViewController:alertvc animated:YES completion:nil]; } return YES; } From a515977e2ac79e8244d41ff6803374634aa0de7d Mon Sep 17 00:00:00 2001 From: Jamie Bishop Date: Mon, 30 Jan 2017 18:06:44 +0000 Subject: [PATCH 23/23] Fixed hanging --- yalu102/ViewController.m | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/yalu102/ViewController.m b/yalu102/ViewController.m index a3ac28b..8cb2665 100644 --- a/yalu102/ViewController.m +++ b/yalu102/ViewController.m @@ -160,8 +160,9 @@ - (void)doIt { we out here! */ - [dope setEnabled:NO]; - [dope setTitle:@"jailbreaking" forState:UIControlStateDisabled]; + //[dope setEnabled:NO]; + //[dope setTitle:@"jailbreaking" forState:UIControlStateDisabled]; + // Breaks something mach_port_t vch = 0;