More offsets and binaries

UInt2048 · Jun 30, 2024 · 7d2912c · 7d2912c
1 parent a3c4d94
commit 7d2912c
Show file tree

Hide file tree

Showing 18 changed files with 681 additions and 422 deletions.
diff --git a/Makefile b/Makefile
@@ -42,6 +42,13 @@ endif
 ifdef RELEASE
 IGCC_FLAGS      += -DRELEASE=1
 endif
+ifdef FD
+STAGE_2_FLAGS    = -DDYLD_CACHE_FD=$(FD)
+CONTROL_FOLDER   = $(SRC_CLI)/debian/fd$(FD)
+else
+STAGE_2_FLAGS    = -DSTAGE1FD_SCREAM_TEST=1
+CONTROL_FOLDER   = $(SRC_CLI)/debian/fdscream
+endif
 UNTETHER_FLAGS  ?= -I$(JAKE)/src -I$(JAKE)/img4lib/libvfs -L$(JAKE) -ljake -L$(JAKE)/img4lib -limg4 -L$(JAKE)/img4lib/lzfse/build/bin -llzfse
 IBTOOL          ?= $(SDK_RESULT) ibtool
 IBTOOL_FLAGS    ?= --output-format human-readable-text --errors --warnings --notices --target-device iphone --target-device ipad $(IBFLAGS)
@@ -98,11 +105,11 @@ $(SRC_CLI)/generated/stage2_hash4.h: $(SRC_CLI)/stage4.m $(SRC_ALL)/*.m $(SRC_AL
 $(SRC_CLI)/install.m: $(SRC_ALL)/offsets.h $(SRC_CLI)/generated/stage2_hash3.h $(SRC_CLI)/generated/install_stage3_offsets.h
 
 $(SRC_CLI)/stage2.m: $(SRC_ALL)/*.c $(SRC_CLI)/install.m $(SRC_CLI)/stage1.m $(SRC_CLI)/generated/stage2_hash3.h $(SRC_CLI)/generated/stage2_hash4.h $(SRC_CLI)/stage2.entitlements $(SRC_CLI)/compile_stage2.sh
-	bash $(SRC_CLI)/compile_stage2.sh
+	bash $(SRC_CLI)/compile_stage2.sh $(STAGE_2_FLAGS)
 
 $(PAYLOAD): $(UNTETHER_SRC) $(SRC_ALL)/*.m $(SRC_ALL)/*.c $(SRC_CLI)/*.sh $(SRC_CLI)/generated/stage2_hash3.h $(SRC_CLI)/generated/stage2_hash4.h $(SRC_CLI)/stage2.m $(SRC_CLI)/control $(SRC_CLI)/postinst
 	rm -rf -- $(SRC_CLI)/generated/package && rm -f $(SRC_CLI)/generated/*.deb
-	mkdir -p $(SRC_CLI)/generated/package/DEBIAN && cp $(SRC_CLI)/control $(SRC_CLI)/generated/package/DEBIAN/control && cp $(SRC_CLI)/postinst $(SRC_CLI)/generated/package/DEBIAN/postinst
+	mkdir -p $(SRC_CLI)/generated/package/DEBIAN && cp $(CONTROL_FOLDER)/control $(SRC_CLI)/generated/package/DEBIAN/control && cp $(SRC_CLI)/debian/postinst $(SRC_CLI)/generated/package/DEBIAN/postinst
 	mkdir -p $(SRC_CLI)/generated/package/private/etc/racoon && cp $(SRC_CLI)/generated/install_stage1_2 $(SRC_CLI)/generated/package/private/etc/racoon/install_stage1_2
 	mkdir -p $(SRC_CLI)/generated/package/usr/sbin && cp $(SRC_CLI)/generated/racoon.dylib $(SRC_CLI)/generated/package/usr/sbin/racoon.dylib
 	mkdir -p $(SRC_CLI)/generated/package/spice && cp $(SRC_CLI)/generated/stage4 $(SRC_CLI)/generated/package/spice/stage4
@@ -127,7 +134,7 @@ $(APP)/Base.lproj:
 	mkdir -p $@
 
 $(UNTETHER): $(UNTETHER_SRC) $(SRC_ALL)/*.m $(SRC_ALL)/*.c $(JAKE)/libjake.a | $(SRC_ALL)/offsets.h $(PAYLOAD)
-	$(IGCC) $(ARCH_CLI) $(UNTETHER_FLAGS) -shared -o $@ -Wl,-exported_symbols_list,res/untether.txt $(IGCC_FLAGS) $^
+	$(IGCC) $(ARCH_CLI) $(UNTETHER_FLAGS) -shared -o $@ -Wl,-exported_symbols_list,res/untether.txt $(IGCC_FLAGS) $(STAGE_2_FLAGS) $^
 	$(SIGN) $(SIGN_FLAGS) $@
 
 $(TRAMP):

diff --git a/README.md b/README.md
@@ -15,25 +15,32 @@ Spice can't help until you can run the vulnerable iOS 11 code (`/usr/sbin/racoon
 
 ## Device support
 
-At present, the repo is configured to build for the **iPhone 6S Plus (iPhone8,2) on 11.3.1**. The binaries in /docs are ONLY built for this device + iOS.
+<!-- Sort this list by iOS version then alphabetically by internal name -->
 
-Devices with offsets already present but untested on a real device (these *may* build fine if the appropriate support is turned on in offsets.h):
-* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2**
+The following devices are currently present in offsets.m (and the binaries in /docs) **and** have been verified on a real device:
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.3**
 * **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.3.1**
+* **iPhone 6S Plus (iPhone8,2) on 11.3.1**
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.4**
+
+The following devices are also present in offsets.m (and the binaries in /docs) but have **not** been verified on a real device:
+* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2**
+* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.2.1**
 * **iPhone 5S (GSM) (iPhone6,1), iOS 11.2.6**
 * **iPhone 6 Plus (iPhone7,1), iOS 11.2.6**
-* **iPhone SE (1st gen) (iPhone8,4), iOS 11.3**
 * **iPhone 6 (iPhone7,2), iOS 11.4**
-* **iPhone SE (1st gen) (iPhone8,4), iOS 11.4**
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.4.1**
 
 Any other device will require offsets to be added. PRs are welcomed to speed this up, but an actual device will be needed to provide the final offset (`DYLD_CACHE_FD`) if you desire support.
 
 Binaries are added to the repo by copying the DEB file in /generated and the Spice-DEV.ipa file to the /docs folder and running `cd docs && dpkg-scanpackages -m ./ > Packages && bzip2 Packages -k -f && cd ../`
 
 ## Installation
 
-Obviously, just run `make` to create all generated files (the makefile requires macOS, use a VM or something if you need it).
-If you have an issue with the makefile, forcibly modify the makefile of img4lib to enable `-DUSE_LIBCOMPRESSION`
+You can simply run `make clean all` to create all generated files (the makefile requires macOS, use a VM or something if you need it).
+
+This will generate a warning that the scream test is enabled, but you can ignore that for now.
+Once you know the stage 1 file descriptor (keep reading for more on this), run `FD=5 make clean all`, replacing 5 with the value you find.
 
 The app is a *semi-untethered jailbreak*. The app will not install the untether payload.
 

diff --git a/docs/Packages b/docs/Packages
@@ -1,15 +1,45 @@
-Package: lol.spyware.spiceuntether
-Version: 1.0.172
+Package: lol.spyware.spiceuntether.fd5
+Version: 1.0.174
 Architecture: iphoneos-arm
 Maintainer: UInt2048
 Depends: firmware (>= 11.0), firmware (<= 11.4.1)
-Filename: ./lol.spyware.spiceuntether_1.0.172_iphoneos-arm.deb
-Size: 134604
-MD5sum: 60a5f3a282958bc273a5c52b8f6dbc84
-SHA1: d9b0eda5d69c79d44de33a4b0e6795ab2f33e428
-SHA256: 5e28e70acd6c55a78fa4f0ab979d4c7f1cab3d79baee85a24d1d2272918ae4f6
+Filename: ./lol.spyware.spiceuntether.fd5_1.0.174_iphoneos-arm.deb
+Size: 138464
+MD5sum: 67b0e3b5de3779665c1035aac63b97fc
+SHA1: bf10f456b34a73221bf2cbf5e62d8c6b007414c8
+SHA256: 09fe8670d7105df44e06062279c79ee88d703a23c81c78cea09d4ebd5cfbd491
 Section: System
 Description: Upgrades the Spice jailbreak to untethered
 Author: JakeBlair420
-Name: Spice Untether Payload
+Name: Spice Untether Payload (FD5)
+
+Package: lol.spyware.spiceuntether.fd6
+Version: 1.0.174
+Architecture: iphoneos-arm
+Maintainer: UInt2048
+Depends: firmware (>= 11.0), firmware (<= 11.4.1)
+Filename: ./lol.spyware.spiceuntether.fd6_1.0.174_iphoneos-arm.deb
+Size: 138408
+MD5sum: 1b951604f719408623a271f26b57befd
+SHA1: 3d3e57ce31a078b58641ecb295b1959b29833f4b
+SHA256: 2e7b4fea1cd65e4018ffc923d12964e6418e40b2cf3be9e2239318bbaea19e2c
+Section: System
+Description: Upgrades the Spice jailbreak to untethered
+Author: JakeBlair420
+Name: Spice Untether Payload (FD6)
+
+Package: lol.spyware.spiceuntether.fdscream
+Version: 1.0.174
+Architecture: iphoneos-arm
+Maintainer: UInt2048
+Depends: firmware (>= 11.0), firmware (<= 11.4.1)
+Filename: ./lol.spyware.spiceuntether.fdscream_1.0.174_iphoneos-arm.deb
+Size: 138484
+MD5sum: a359bf9fea817e5752498d870ba3332e
+SHA1: 3dab85b51c8b9fdba22482ff3031b4d9dde93cbb
+SHA256: e66348b602ccea7a6dd9e65a37f40a7045047e9912214f41db2df172a9dd3bec
+Section: System
+Description: Upgrades the Spice jailbreak to untethered
+Author: JakeBlair420
+Name: Spice Untether Payload (FD Scream Test)
 
diff --git a/docs/Packages.bz2 b/docs/Packages.bz2
diff --git a/docs/Spice-DEV.ipa b/docs/Spice-DEV.ipa
diff --git a/docs/lol.spyware.spiceuntether.fd5_1.0.174_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fd5_1.0.174_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether.fd6_1.0.174_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fd6_1.0.174_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether.fdscream_1.0.174_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fdscream_1.0.174_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether_1.0.172_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether_1.0.172_iphoneos-arm.deb