Offsets and simplify MainVC

UInt2048 · Aug 27, 2024 · 1d772e5 · 1d772e5
1 parent d92a7f2
commit 1d772e5
Show file tree

Hide file tree

Showing 25 changed files with 1,587 additions and 955 deletions.
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@ SHELL            = /bin/bash
 TARGET_GUI       = Spice
 TARGET_CLI       = spice
 PACKAGE          = lol.spyware.spicy
-VERSION          = 1.0.170
+VERSION          = 1.0.171
 
 BIN              = bin
 RES              = res
@@ -41,7 +41,15 @@ endif
 ifdef RELEASE
 IGCC_FLAGS      += -DRELEASE=1
 endif
-STAGE_2_FLAGS    =
+ifdef FD
+STAGE_2_FLAGS    = -DDYLD_CACHE_FD=$(FD)
+UNTETHER_NAME    = lol.spyware.spiceuntether.fd$(FD)
+UNTETHER_TITLE   = Spice Untether Payload (FD$(FD))
+else
+STAGE_2_FLAGS    = -DSTAGE1FD_SCREAM_TEST=1
+UNTETHER_NAME    = lol.spyware.spiceuntether.fdscream
+UNTETHER_TITLE   = Spice Untether Payload (FD Scream Test)
+endif
 UNTETHER_FLAGS  ?= -I$(JAKE)/src -I$(JAKE)/img4lib/libvfs -L$(JAKE) -ljake -L$(JAKE)/img4lib -limg4 -L$(JAKE)/img4lib/lzfse/build/bin -llzfse
 IBTOOL          ?= $(SDK_RESULT) ibtool
 IBTOOL_FLAGS    ?= --output-format human-readable-text --errors --warnings --notices --target-device iphone --target-device ipad $(IBFLAGS)
@@ -125,7 +133,7 @@ $(SRC_CLI)/stage2.m: $(SRC_ALL)/*.c $(SRC_CLI)/install.m $(SRC_CLI)/stage1.m $(S
 $(PAYLOAD): $(UNTETHER_SRC) $(SRC_ALL)/*.m $(SRC_ALL)/*.c $(SRC_CLI)/*.sh $(SRC_CLI)/generated/stage2_hash3.h $(SRC_CLI)/generated/stage2_hash4.h $(SRC_CLI)/stage2.m $(SRC_CLI)/debian/control $(SRC_CLI)/debian/postinst
 	rm -rf -- $(SRC_CLI)/generated/package && rm -f $(SRC_CLI)/generated/*.deb
 	mkdir -p $(SRC_CLI)/generated/package/DEBIAN && cp $(SRC_CLI)/debian/postinst $(SRC_CLI)/generated/package/DEBIAN/postinst
-	sed 's/$$(VERSION)/$(VERSION)/g' $(SRC_CLI)/debian/control > $(SRC_CLI)/generated/package/DEBIAN/control
+	sed 's/$$(VERSION)/$(VERSION)/g;s/$$(UNTETHER_NAME)/$(UNTETHER_NAME)/g;s/$$(UNTETHER_TITLE)/$(UNTETHER_TITLE)/g' $(SRC_CLI)/debian/control > $(SRC_CLI)/generated/package/DEBIAN/control
 	mkdir -p $(SRC_CLI)/generated/package/private/etc/racoon && cp $(SRC_CLI)/generated/install_stage1_2 $(SRC_CLI)/generated/package/private/etc/racoon/install_stage1_2
 	mkdir -p $(SRC_CLI)/generated/package/usr/sbin && cp $(SRC_CLI)/generated/racoon.dylib $(SRC_CLI)/generated/package/usr/sbin/racoon.dylib
 	mkdir -p $(SRC_CLI)/generated/package/mystuff && cp $(SRC_CLI)/generated/stage4 $(SRC_CLI)/generated/package/mystuff/stage4
@@ -150,7 +158,7 @@ $(APP)/Base.lproj:
 	mkdir -p $@
 
 $(UNTETHER): $(UNTETHER_SRC) $(SRC_ALL)/*.m $(SRC_ALL)/*.c $(JAKE)/libjake.a | $(SRC_ALL)/offsets.h $(PAYLOAD)
-	$(IGCC) $(ARCH_CLI) $(UNTETHER_FLAGS) -shared -o $@ -Wl,-exported_symbols_list,res/untether.txt $(IGCC_FLAGS) $^
+	$(IGCC) $(ARCH_CLI) $(UNTETHER_FLAGS) -shared -o $@ -Wl,-exported_symbols_list,res/untether.txt $(IGCC_FLAGS) $(STAGE_2_FLAGS) $^
 	$(SIGN) $(SIGN_FLAGS) $@
 
 $(TRAMP):

diff --git a/README.md b/README.md
@@ -15,18 +15,32 @@ Spice can't help until you can run the vulnerable iOS 11 code (`/usr/sbin/racoon
 
 ## Device support
 
-At present, the repo is configured to build for the **iPhone 6S Plus (iPhone8,2) on 11.3.1**. The binaries in /docs are ONLY built for this device + iOS.
-
-The **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2**, **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.3.1**, **iPhone SE (1st gen) (iPhone8,4), iOS 11.3**, and **iPhone SE (1st gen) (iPhone8,4), iOS 11.4** already have offsets and may build fine if the appropriate support is turned on in offsets.h.
+<!-- Sort this list by iOS version then alphabetically by internal name -->
+
+The following devices are currently present in offsets.m (and the binaries in /docs) **and** have been verified on a real device:
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.3**
+* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.3.1**
+* **iPhone 6S Plus (iPhone8,2) on 11.3.1**
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.4**
+
+The following devices are also present in offsets.m (and the binaries in /docs) but have **not** been verified on a real device:
+* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.1.2**
+* **iPad mini 4 (Wi-Fi) (iPad5,1) on iOS 11.2.1**
+* **iPhone 5S (GSM) (iPhone6,1), iOS 11.2.6**
+* **iPhone 6 Plus (iPhone7,1), iOS 11.2.6**
+* **iPhone 6 (iPhone7,2), iOS 11.4**
+* **iPhone SE (1st gen) (iPhone8,4), iOS 11.4.1**
 
 Any other device will require offsets to be added. PRs are welcomed to speed this up, but an actual device will be needed to provide the final offset (`DYLD_CACHE_FD`) if you desire support.
 
 Binaries are added to the repo by copying the DEB file in /generated and the Spice-DEV.ipa file to the /docs folder and running `cd docs && dpkg-scanpackages -m ./ > Packages && bzip2 Packages -k -f && cd ../`
 
 ## Installation
 
-Obviously, just run `make` to create all generated files (the makefile requires macOS, use a VM or something if you need it).
-If you have an issue with the makefile, forcibly modify the makefile of img4lib to enable `-DUSE_LIBCOMPRESSION`
+You can simply run `make clean all` to create all generated files (the makefile requires macOS, use a VM or something if you need it).
+
+This will generate a warning that the scream test is enabled, but you can ignore that for now.
+Once you know the stage 1 file descriptor (keep reading for more on this), run `FD=5 make clean all`, replacing 5 with the value you find.
 
 The app is a *semi-untethered jailbreak*. The app will not install the untether payload.
 

diff --git a/docs/Packages b/docs/Packages
@@ -1,15 +1,45 @@
-Package: lol.spyware.spiceuntether
-Version: 1.0.170
+Package: lol.spyware.spiceuntether.fd5
+Version: 1.0.171
 Architecture: iphoneos-arm
 Maintainer: UInt2048
 Depends: firmware (>= 11.0), firmware (<= 11.4.1)
-Filename: ./lol.spyware.spiceuntether_1.0.170_iphoneos-arm.deb
-Size: 134168
-MD5sum: a1898a289bfae34d557bb52ccea361be
-SHA1: 0c16eb3cde46f06324528c6b9e7be289d332270b
-SHA256: ec8439c815125fe33ba9ffb5a7b1d82d93f0eff3944644cf62ace14ddd210c8d
+Filename: ./lol.spyware.spiceuntether.fd5_1.0.171_iphoneos-arm.deb
+Size: 140340
+MD5sum: 927ef72b58e7de33b796ec8c0b01c106
+SHA1: 594d376d72ddfb8f50b45b50528ec03a7da13f7a
+SHA256: 56b2e2b4b50a5ebee11eb7d903f6d06047d4a00dac60418c54ee93e13185bc3f
 Section: System
 Description: Upgrades the Spice jailbreak to untethered
 Author: JakeBlair420
-Name: Spice Untether Payload
+Name: Spice Untether Payload (FD5)
+
+Package: lol.spyware.spiceuntether.fd6
+Version: 1.0.171
+Architecture: iphoneos-arm
+Maintainer: UInt2048
+Depends: firmware (>= 11.0), firmware (<= 11.4.1)
+Filename: ./lol.spyware.spiceuntether.fd6_1.0.171_iphoneos-arm.deb
+Size: 140260
+MD5sum: 187a187041d6941445c5f689d3e752f0
+SHA1: 3d1aae2cded5422c42c9bb4c3321b85b6bbec626
+SHA256: 6188732de321d59f663c78863058be4e2b59bd2bdfd548510abd0413ba6c267f
+Section: System
+Description: Upgrades the Spice jailbreak to untethered
+Author: JakeBlair420
+Name: Spice Untether Payload (FD6)
+
+Package: lol.spyware.spiceuntether.fdscream
+Version: 1.0.171
+Architecture: iphoneos-arm
+Maintainer: UInt2048
+Depends: firmware (>= 11.0), firmware (<= 11.4.1)
+Filename: ./lol.spyware.spiceuntether.fdscream_1.0.171_iphoneos-arm.deb
+Size: 140260
+MD5sum: c8b417981b7cd4a8278a8819ceba7f09
+SHA1: b015ee424525a8448bbdf4fde378cade02ae383a
+SHA256: ca3ff1ecb56941034fbfbd501acee426624136fe0eb9ba9154c63f9edc4d7233
+Section: System
+Description: Upgrades the Spice jailbreak to untethered
+Author: JakeBlair420
+Name: Spice Untether Payload (FD Scream Test)
 
diff --git a/docs/Packages.bz2 b/docs/Packages.bz2
diff --git a/docs/Spice-arm64-1.0.170-DEV.ipa → docs/Spice-arm64-1.0.171-DEV.ipa b/docs/Spice-arm64-1.0.170-DEV.ipa → docs/Spice-arm64-1.0.171-DEV.ipa
diff --git a/docs/lol.spyware.spiceuntether.fd5_1.0.171_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fd5_1.0.171_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether.fd6_1.0.171_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fd6_1.0.171_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether.fdscream_1.0.171_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether.fdscream_1.0.171_iphoneos-arm.deb
diff --git a/docs/lol.spyware.spiceuntether_1.0.170_iphoneos-arm.deb b/docs/lol.spyware.spiceuntether_1.0.170_iphoneos-arm.deb
diff --git a/src/app/MainVC.h b/src/app/MainVC.h
@@ -1,111 +1,8 @@
 #ifndef MAINVC_H
 #define MAINVC_H
 #import <UIKit/UIKit.h>
-#include <shared/common.h>
 
-#if N41AP
-#define COMPILED_DEVICE @"iPhone5,1 (iPhone 5, GSM)"
-#elif N42AP
-#define COMPILED_DEVICE @"iPhone5,2 (iPhone 5, Global)"
-#elif N48AP
-#define COMPILED_DEVICE @"iPhone5,3 (iPhone 5c, GSM)"
-#elif N48AP
-#define COMPILED_DEVICE @"iPhone5,4 (iPhone 5c, Global)"
-#elif J71AP
-#define COMPILED_DEVICE @"iPad4,1 (iPad Air 1st gen, Wi-Fi)"
-#elif J72AP
-#define COMPILED_DEVICE @"iPad4,2 (iPad Air 1st gen, cellular)"
-#elif J73AP
-#define COMPILED_DEVICE @"iPad4,3 (iPad Air 1st gen, China)"
-#elif J85AP
-#define COMPILED_DEVICE @"iPad4,4 (iPad mini 2, Wi-Fi)"
-#elif J86AP
-#define COMPILED_DEVICE @"iPad4,5 (iPad mini 2, cellular)"
-#elif J87AP
-#define COMPILED_DEVICE @"iPad4,6 (iPad mini 2, China)"
-#elif J85mAP
-#define COMPILED_DEVICE @"iPad4,7 (iPad mini 3, Wi-Fi)"
-#elif J86mAP
-#define COMPILED_DEVICE @"iPad4,8 (iPad mini 3, cellular)"
-#elif J87mAP
-#define COMPILED_DEVICE @"iPad4,9 (iPad mini 3, China)"
-#elif J96AP
-#define COMPILED_DEVICE @"iPad5,1 (iPad mini 4, Wi-Fi)"
-#elif J97AP
-#define COMPILED_DEVICE @"iPad5,2 (iPad mini 4, cellular)"
-#elif J81AP
-#define COMPILED_DEVICE @"iPad5,3 (iPad Air 2, Wi-Fi)"
-#elif J82AP
-#define COMPILED_DEVICE @"iPad5,4 (iPad Air 2, cellular)"
-#elif J127AP
-#define COMPILED_DEVICE @"iPad6,3 (iPad Pro 9.7, Wi-Fi)"
-#elif J128AP
-#define COMPILED_DEVICE @"iPad6,4 (iPad Pro 9.7, cellular)"
-#elif J98aAP
-#define COMPILED_DEVICE @"iPad6,7 (iPad Pro 12.9, Wi-Fi)"
-#elif J99aAP
-#define COMPILED_DEVICE @"iPad6,8 (iPad Pro 12.9, cellular)"
-#elif (J71sAP | J71tAP)
-#define COMPILED_DEVICE @"iPad6,11 (iPad 5, Wi-Fi)"
-#elif (J72sAP | J72tAP)
-#define COMPILED_DEVICE @"iPad6,12 (iPad 5, cellular)"
-#elif N51AP
-#define COMPILED_DEVICE @"iPhone6,1 (iPhone 5s, GSM)"
-#elif N53AP
-#define COMPILED_DEVICE @"iPhone6,2 (iPhone 5s, Global)"
-#elif N56AP
-#define COMPILED_DEVICE @"iPhone7,1 (iPhone 6 Plus)"
-#elif N61AP
-#define COMPILED_DEVICE @"iPhone7,2 (iPhone 6)"
-#elif N71AP
-#define COMPILED_DEVICE @"iPhone8,1 (iPhone 6s)"
-#elif (N66AP | N66mAP)
-#define COMPILED_DEVICE @"iPhone8,2 (iPhone 6s Plus)"
-#elif (N69AP | N69uAP)
-#define COMPILED_DEVICE @"iPhone8,4 (iPhone SE 1st gen)"
-#elif N102AP
-#define COMPILED_DEVICE @"iPod7,1 (iPod touch 6th gen)"
-#else
-#define COMPILED_DEVICE @"unknown device"
-#endif
-
-#if IOS_10_3_4
-#define COMPILED_IOS @"iOS 10.3.4"
-#elif IOS_11_0
-#define COMPILED_IOS @"iOS 11.0"
-#elif IOS_11_0_1
-#define COMPILED_IOS @"iOS 11.0.1"
-#elif IOS_11_0_2
-#define COMPILED_IOS @"iOS 11.0.2"
-#elif IOS_11_0_3
-#define COMPILED_IOS @"iOS 11.0.3"
-#elif IOS_11_1
-#define COMPILED_IOS @"iOS 11.1"
-#elif IOS_11_1_1
-#define COMPILED_IOS @"iOS 11.1.1"
-#elif IOS_11_1_2
-#define COMPILED_IOS @"iOS 11.1.2"
-#elif IOS_11_2
-#define COMPILED_IOS @"iOS 11.2"
-#elif IOS_11_2_1
-#define COMPILED_IOS @"iOS 11.2.1"
-#elif IOS_11_2_2
-#define COMPILED_IOS @"iOS 11.2.2"
-#elif IOS_11_2_5
-#define COMPILED_IOS @"iOS 11.2.5"
-#elif IOS_11_2_6
-#define COMPILED_IOS @"iOS 11.2.6"
-#elif IOS_11_3
-#define COMPILED_IOS @"iOS 11.3"
-#elif IOS_11_3_1
-#define COMPILED_IOS @"iOS 11.3.1"
-#elif IOS_11_4
-#define COMPILED_IOS @"iOS 11.4"
-#elif IOS_11_4_1
-#define COMPILED_IOS @"iOS 11.4.1"
-#else
-#define COMPILED_IOS @"unknown iOS"
-#endif
+NSString* deviceName(void);
 
 @interface MainVC : UIViewController
 
@@ -117,5 +14,12 @@
 
 - (void)actionJailbreak;
 
+- (void)actionFailed;
+
+- (void)exploitSucceeded;
+
+- (void)exploitFailed;
+
 @end
+
 #endif