From 5b770a9470768ce9b3ca96f51b85fe1b00afffb3 Mon Sep 17 00:00:00 2001 From: m1zole Date: Fri, 3 May 2024 13:51:58 +0900 Subject: [PATCH 1/4] keep the bundle id --- Application/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Application/Makefile b/Application/Makefile index f11b636c5..5cef1ede2 100644 --- a/Application/Makefile +++ b/Application/Makefile @@ -17,10 +17,10 @@ Dopamine.ipa: build/Build/Products/Debug-iphoneos/Dopamine.app ifeq ($(NIGHTLY), 1) build/Build/Products/Debug-iphoneos/Dopamine.app: FORCE - xcodebuild -scheme Dopamine -derivedDataPath build -destination 'generic/platform=iOS' CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO GCC_PREPROCESSOR_DEFINITIONS='NIGHTLY=1 COMMIT_HASH=\"$(COMMIT_HASH)\"' + xcodebuild -scheme Dopamine -derivedDataPath build -destination 'generic/platform=iOS' PRODUCT_BUNDLE_IDENTIFIER="com.opa334.Dopamine" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO GCC_PREPROCESSOR_DEFINITIONS='NIGHTLY=1 COMMIT_HASH=\"$(COMMIT_HASH)\"' else build/Build/Products/Debug-iphoneos/Dopamine.app: FORCE - xcodebuild -scheme Dopamine -derivedDataPath build -destination 'generic/platform=iOS' CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO + xcodebuild -scheme Dopamine -derivedDataPath build -destination 'generic/platform=iOS' PRODUCT_BUNDLE_IDENTIFIER="com.opa334.Dopamine" CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO endif clean: @@ -29,4 +29,4 @@ clean: build_clean: rm -rf Payload build -FORCE: ; \ No newline at end of file +FORCE: ; From b5dc449a30f5d82b5bcb1bafad8ea387b28a7601 Mon Sep 17 00:00:00 2001 From: m1zole Date: Mon, 29 Apr 2024 22:05:48 +0900 Subject: [PATCH 2/4] support --- Application/Dopamine/Exploits/kfd/Info.plist | 9 ++++++++- Application/Dopamine/Exploits/kfd/kfd.m | 13 +++++++++++++ .../Exploits/multicast_bytecopy/exploit/IOGPU.c | 2 ++ Application/Dopamine/Jailbreak/DOBootstrapper.m | 5 ++++- BaseBin/libjailbreak/src/info.c | 3 +++ 5 files changed, 30 insertions(+), 2 deletions(-) diff --git a/Application/Dopamine/Exploits/kfd/Info.plist b/Application/Dopamine/Exploits/kfd/Info.plist index b5aa64a22..85f2447a5 100644 --- a/Application/Dopamine/Exploits/kfd/Info.plist +++ b/Application/Dopamine/Exploits/kfd/Info.plist @@ -29,7 +29,14 @@ DPSupportExclude DPSupportInclude - + + + Builds + + 21A5248v + + + DPSupportedRanges diff --git a/Application/Dopamine/Exploits/kfd/kfd.m b/Application/Dopamine/Exploits/kfd/kfd.m index 5cf1e6107..429ee7baf 100644 --- a/Application/Dopamine/Exploits/kfd/kfd.m +++ b/Application/Dopamine/Exploits/kfd/kfd.m @@ -212,6 +212,19 @@ int exploit_init(const char *flavor) .device__ARM_TT_L1_INDEX_MASK = kconstant(ARM_TT_L1_INDEX_MASK), }; + if (@available(iOS 17.0, *)) { + dynamic_system_info.vm_map__hint = vm_map__pmap + 0x70; + dynamic_system_info.vm_map__hole_hint = vm_map__pmap + 0x78; + dynamic_system_info.vm_map__holes_list = vm_map__pmap + 0x80; + dynamic_system_info.vm_map__object_size = vm_map__pmap + 0x90; + + dynamic_system_info.IOSurface__isa = 0x0; + dynamic_system_info.IOSurface__pixelFormat = 0xac; + dynamic_system_info.IOSurface__allocSize = 0xb4; + dynamic_system_info.IOSurface__useCountPtr = 0xc8; + dynamic_system_info.IOSurface__indexedTimestampPtr = 0x390; + dynamic_system_info.IOSurface__readDisplacement = 0x18; + } if (isiOS15) { dynamic_system_info.proc__task = 0x10; } diff --git a/Application/Dopamine/Exploits/multicast_bytecopy/exploit/IOGPU.c b/Application/Dopamine/Exploits/multicast_bytecopy/exploit/IOGPU.c index 2693d14d4..71a54ab94 100644 --- a/Application/Dopamine/Exploits/multicast_bytecopy/exploit/IOGPU.c +++ b/Application/Dopamine/Exploits/multicast_bytecopy/exploit/IOGPU.c @@ -56,11 +56,13 @@ int IOGPU_get_command_queue_extra_refills_needed(void) // iPhone 11 // iPhone 12 // iPhone 13 + // iPad mini 6 if ( strstr(u.machine, "iPhone9,") || strstr(u.machine, "iPhone12,") || strstr(u.machine, "iPhone13,") || strstr(u.machine, "iPhone14,") + || strstr(u.machine, "iPad14,") ) { return 1; diff --git a/Application/Dopamine/Jailbreak/DOBootstrapper.m b/Application/Dopamine/Jailbreak/DOBootstrapper.m index 4b484dac9..fbe7c838e 100644 --- a/Application/Dopamine/Jailbreak/DOBootstrapper.m +++ b/Application/Dopamine/Jailbreak/DOBootstrapper.m @@ -334,7 +334,10 @@ - (void)patchBasebinDaemonPlists - (NSString *)bootstrapVersion { uint64_t cfver = (((uint64_t)kCFCoreFoundationVersionNumber / 100) * 100); - if (cfver >= 2000) { + if (cfver == 2000) { + cfver -= 100; + } + if (cfver > 2000) { return nil; } return [NSString stringWithFormat:@"%llu", cfver]; diff --git a/BaseBin/libjailbreak/src/info.c b/BaseBin/libjailbreak/src/info.c index 092bf8624..e0ab8daa3 100644 --- a/BaseBin/libjailbreak/src/info.c +++ b/BaseBin/libjailbreak/src/info.c @@ -238,6 +238,9 @@ void jbinfo_initialize_hardcoded_offsets(void) gSystemInfo.kernelStruct.proc.textvp = 0x350; } } + if (strcmp(xnuVersion, "23.0") == 0) { + gSystemInfo.kernelStruct.task.threads = 0x58; + } } } } From 65a309c69eade7b7c0d9135296b4bc2abba0bf12 Mon Sep 17 00:00:00 2001 From: m1zole Date: Fri, 3 May 2024 14:21:42 +0900 Subject: [PATCH 3/4] remove an unneed option --- Application/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Application/Makefile b/Application/Makefile index 5cef1ede2..30690d079 100644 --- a/Application/Makefile +++ b/Application/Makefile @@ -4,7 +4,7 @@ all: Dopamine.ipa Dopamine.ipa: build/Build/Products/Debug-iphoneos/Dopamine.app @echo Ad-Hoc signing Dopamine - xattr -rc build/Build/Products/Debug-iphoneos/Dopamine.app + xattr -c build/Build/Products/Debug-iphoneos/Dopamine.app ldid -SDopamine/Dopamine.entitlements build/Build/Products/Debug-iphoneos/Dopamine.app/Dopamine ldid -s build/Build/Products/Debug-iphoneos/Dopamine.app rm -rf Payload Dopamine.ipa From 772b64f8b9ee7ea23c80186a76966bd115520f56 Mon Sep 17 00:00:00 2001 From: m1zole Date: Tue, 11 Jun 2024 09:41:25 +0900 Subject: [PATCH 4/4] fix XPF and kfd not working on 17.0b1 --- .gitmodules | 2 +- Application/Dopamine/Exploits/kfd/Info.plist | 18 +++++++++--------- BaseBin/XPF | 2 +- BaseBin/libjailbreak/src/info.c | 3 ++- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.gitmodules b/.gitmodules index a43e3bde9..a1aaafca6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,7 +3,7 @@ url = https://github.com/opa334/ChOma [submodule "BaseBin/XPF"] path = BaseBin/XPF - url = https://github.com/opa334/XPF + url = https://github.com/m1zole/XPF [submodule "Exploits/kfd/src/kfd"] path = Application/Dopamine/Dopamine/Exploits/kfd/kfd url = https://github.com/opa334/kfd diff --git a/Application/Dopamine/Exploits/kfd/Info.plist b/Application/Dopamine/Exploits/kfd/Info.plist index 85f2447a5..eb7a9c278 100644 --- a/Application/Dopamine/Exploits/kfd/Info.plist +++ b/Application/Dopamine/Exploits/kfd/Info.plist @@ -11,7 +11,14 @@ DPSupportExclude DPSupportInclude - + + + Builds + + 21A5248v + + + DPSupportedRanges @@ -29,14 +36,7 @@ DPSupportExclude DPSupportInclude - - - Builds - - 21A5248v - - - + DPSupportedRanges diff --git a/BaseBin/XPF b/BaseBin/XPF index a524ce94e..2c3b20040 160000 --- a/BaseBin/XPF +++ b/BaseBin/XPF @@ -1 +1 @@ -Subproject commit a524ce94e9fe9aec59360bca0b1172bec3e992d9 +Subproject commit 2c3b200402c95675aaad8625b791041437bbe9c6 diff --git a/BaseBin/libjailbreak/src/info.c b/BaseBin/libjailbreak/src/info.c index 69899f9f3..9ed5a86e3 100644 --- a/BaseBin/libjailbreak/src/info.c +++ b/BaseBin/libjailbreak/src/info.c @@ -261,8 +261,9 @@ void jbinfo_initialize_hardcoded_offsets(void) gSystemInfo.kernelStruct.proc.textvp = 0x350; } } - if (strcmp(xnuVersion, "23.0") == 0) { + if (strcmp(xnuVersion, "23.0.0") >= 0) { gSystemInfo.kernelStruct.task.threads = 0x58; + gSystemInfo.kernelStruct.vm_map.flags = 0xc8; } } }