Proper framework dumping, finally

KJCracks · Jan 31, 2016 · 95337e4 · 95337e4
1 parent a014912
commit 95337e4
Show file tree

Hide file tree

Showing 8 changed files with 57 additions and 79 deletions.
diff --git a/Clutch/ARM64Dumper.m b/Clutch/ARM64Dumper.m
@@ -179,15 +179,7 @@ - (BOOL)dumpBinary {
 
     //done dumping, let's wait for pid
 
-    dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
-        int result;
-        waitpid(pid, result, 0);
-        waitpid(pid, result, 0);
-        kill(pid, SIGKILL); //just in case;
-    });
-
-    kill(pid, SIGCONT);
-    kill(pid, SIGKILL);
+    _kill(pid);
     if (![swappedBinaryPath isEqualToString:_originalBinary.binaryPath])
         [[NSFileManager defaultManager]removeItemAtPath:swappedBinaryPath error:nil];
     if (![newSinf isEqualToString:_originalBinary.sinfPath])
@@ -201,15 +193,7 @@ - (BOOL)dumpBinary {
 
 gotofail:
 
-    dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
-        int result;
-        waitpid(pid, result, 0);
-        waitpid(pid, result, 0);
-        kill(pid, SIGKILL); //just in case;
-    });
-
-    kill(pid, SIGCONT);
-    kill(pid, SIGKILL);
+    _kill(pid);
     if (![swappedBinaryPath isEqualToString:_originalBinary.binaryPath])
         [[NSFileManager defaultManager]removeItemAtPath:swappedBinaryPath error:nil];
     if (![newSinf isEqualToString:_originalBinary.sinfPath])

diff --git a/Clutch/ARMDumper.m b/Clutch/ARMDumper.m
@@ -188,29 +188,13 @@ - (BOOL)dumpBinary {
     if (![newSupp isEqualToString:_originalBinary.suppPath])
         [[NSFileManager defaultManager]removeItemAtPath:newSupp error:nil];
 
-    dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
-        int result;
-        waitpid(pid, result, 0);
-        waitpid(pid, result, 0);
-        kill(pid, SIGKILL); //just in case;
-    });
-
-    kill(pid, SIGCONT);
-    kill(pid, SIGKILL);
+    _kill(pid);
 
     return dumpResult;
 
 gotofail:
 
-    dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
-        int result;
-        waitpid(pid, result, 0);
-        waitpid(pid, result, 0);
-        kill(pid, SIGKILL); //just in case;
-    });
-
-    kill(pid, SIGCONT);
-    kill(pid, SIGKILL);
+    _kill(pid);
 
     if (![swappedBinaryPath isEqualToString:_originalBinary.binaryPath])
         [[NSFileManager defaultManager]removeItemAtPath:swappedBinaryPath error:nil];

diff --git a/Clutch/Dumper.h b/Clutch/Dumper.h
@@ -21,6 +21,7 @@ void *safe_trim(void *p, size_t n);
     thin_header _thinHeader;
 }
 void exit_with_errno (int err, const char *prefix);
+void _kill(pid_t pid);
 
 @property (readonly) BOOL isASLRProtected;
 @property NSFileHandle *originalFileHandle;

diff --git a/Clutch/Dumper.m b/Clutch/Dumper.m
@@ -251,15 +251,7 @@ - (BOOL)_dumpToFileHandle:(NSFileHandle *)fileHandle withDumpSize:(uint32_t)togo
             DumperLog(@"Failed to dump a page :(");
             free(checksum); // free checksum table
 
-            dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
-                int result;
-                waitpid(pid, result, 0);
-                waitpid(pid, result, 0);
-                kill(pid, SIGKILL); //just in case;
-            });
-
-            kill(pid, SIGCONT);
-            kill(pid, SIGKILL);
+            _kill(pid);
 
             return NO;
         }

diff --git a/Clutch/Framework64Dumper.m b/Clutch/Framework64Dumper.m
@@ -237,7 +237,7 @@ - (BOOL)dumpBinary
         dispatch_sync(queue, ^{
             kill(pid, SIGCONT);
             if (waitpid(pid, &dumpResult, 0) != -1) {
-                DumperDebugLog(@"Success! Child exited with status %u", dumpResult);
+                DumperLog(@"Success! Child exited with status %u", dumpResult);
             } else {
                 perror("waitpid");
             }

diff --git a/Clutch/FrameworkLoader.m b/Clutch/FrameworkLoader.m
@@ -18,6 +18,7 @@
 #import <mach/mach_init.h>
 #import <mach-o/dyld_images.h>
 #import "NSBundle+Clutch.h"
+#import "progressbar.h"
 
 @import ObjectiveC.runtime;
 
@@ -113,14 +114,42 @@ - (BOOL)_dumpToFileHandle:(NSFileHandle *)fileHandle withDumpSize:(uint32_t)togo
 
     uint8_t* buf = malloc(0x1000);
     mach_vm_size_t local_size = 0; // amount of data moved into the buffer
+
+    [fileHandle seekToFileOffset:self.offset];
+
+    unsigned long percent;
+    //uint32_t total = togo;
+
+
+    //progressbar* progress = progressbar_new([NSString stringWithFormat:@"\033[1;35mDumping %@ (%@)\033[0m", _originalBinary, [Dumper readableArchFromHeader:_thinHeader]].UTF8String, 100);
 
-    //void* decrypted = malloc(self.cryptsize);
-    //memcpy(decrypted, (unsigned char*)image_header + self.cryptoff, self.cryptsize);
+    while (togo > 0) {
+
+        /*progress bars messes up console output
+        percent = ceil((((double)total - togo) / (double)total) * 100);
+        PROGRESS(progress, percent);*/
+
+        memcpy(buf, (unsigned char*)image_header + (pages_d * 0x1000), 0x1000);
+        [fileHandle writeData:[NSData dataWithBytes:buf length:0x1000]];
+        sha1(checksum + (20 * pages_d), buf, 0x1000); // perform checksum on the page
+        togo -= 0x1000; // remove a page from the togo
+        pages_d += 1; // increase the amount of completed pages
+    }
+    free(buf);
 
-    [fileHandle seekToFileOffset:self.offset + CFSwapInt32(self.cryptoff)];
-    DumperLog(@"self.offset %u cryptoff: %u", self.offset, self.cryptoff);
-    [fileHandle writeData:[NSData dataWithBytes:(unsigned char*)image_header + self.cryptoff length:self.cryptsize]];
+    //nice! now let's write the new checksum data
+    DumperDebugLog("Writing new checksum");
 
+    [fileHandle seekToFileOffset:(begin + hashOffset)];
+
+    NSData* trimmed_checksum = [[NSData dataWithBytes:checksum length:pages*20] subdataWithRange:NSMakeRange(0, 20*pages_d)];
+    free(checksum);
+    [fileHandle writeData:trimmed_checksum];
+
+    DumperDebugLog(@"Done writing checksum");
+
+    DumperDebugLog(@"Patching cryptid");
+
     NSData* data;
 
     if (image_header->cputype == CPU_TYPE_ARM64) {
@@ -131,45 +160,20 @@ - (BOOL)_dumpToFileHandle:(NSFileHandle *)fileHandle withDumpSize:(uint32_t)togo
         NSLog(@"current cryptid %u", crypt.cryptid);
         crypt.cryptid = 0;
         [fileHandle seekToFileOffset:self.cryptlc_offset];
-
+        
         data = [NSData dataWithBytes:&crypt length:sizeof(struct encryption_info_command_64)];
-        [fileHandle writeData:data];
+
     }
     else {
         struct encryption_info_command crypt;
-         [fileHandle getBytes:&crypt atOffset:self.cryptlc_offset length:sizeof(struct encryption_info_command)];
+        [fileHandle getBytes:&crypt atOffset:self.cryptlc_offset length:sizeof(struct encryption_info_command)];
         NSLog(@"current cryptid %u", crypt.cryptid);
         crypt.cryptid = 0;
         [fileHandle seekToFileOffset:self.cryptlc_offset];
         data = [NSData dataWithBytes:&crypt length:sizeof(struct encryption_info_command)];
-        [fileHandle writeData:data];
-    }
-
-    [fileHandle seekToFileOffset:self.offset];
-
-    DumperDebugLog(@"Finished patching cryptid");
-    while (togo > 0) {
-        data = [fileHandle readDataOfLength:0x1000];
-        [data getBytes:buf length:0x1000];
-        //NSLog(@"reading page %u", CFSwapInt32(pages_d));
-        sha1(checksum + (20 * pages_d), buf, 0x1000); // perform checksum on the page
-        //NSLog(@"checksum ok");
-        togo -= 0x1000; // remove a page from the togo
-        pages_d += 1; // increase the amount of completed pages
     }
-    free(buf);
-    //nice! now let's write the new checksum data
-    DumperDebugLog("Writing new checksum");
-    //DumperLog(@"begin %u", begin);
-    [fileHandle seekToFileOffset:(begin + hashOffset)];
-
 
-    NSData* trimmed_checksum = [[NSData dataWithBytes:checksum length:pages*20] subdataWithRange:NSMakeRange(0, 20*pages_d)];
-    free(checksum);
     [fileHandle writeData:data];
-
-
-    DumperDebugLog(@"Done writing checksum");
     return YES;
 }
 

diff --git a/Clutch/Tweak.xm b/Clutch/Tweak.xm
diff --git a/Clutch/main.m b/Clutch/main.m
@@ -250,4 +250,17 @@ void exit_with_errno (int err, const char *prefix)
     }
 }
 
+void _kill(pid_t pid);
+void _kill(pid_t pid) {
+    dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(void){
+        int result;
+        waitpid(pid, &result, 0);
+        waitpid(pid, &result, 0);
+        kill(pid, SIGKILL); //just in case;
+    });
+
+    kill(pid, SIGCONT);
+    kill(pid, SIGKILL);
+}
+