Skip to content

Commit

Permalink
Merge pull request #121 from KJCracks/printing
Browse files Browse the repository at this point in the history 
Aw shit this has the application listing stuff too. My bad I'll just close the other one (also merging)
Rate limit · GitHub

Access has been restricted

You have triggered a rate limit.

Please wait a few minutes before you try again;
in some cases this may take up to an hour.

@NinjaLikesCheez
NinjaLikesCheez committed Feb 16, 2016
2 parents 40fbfc8 + cd72e44 commit 3a0f1a5
Showing 25 changed files with 702 additions and 298 deletions.
36 changes: 22 additions & 14 deletions Clutch.xcodeproj/project.pbxproj
View file

Large diffs are not rendered by default.

Binary file added ...h.xcodeproj/project.xcworkspace/xcuserdata/dev.xcuserdatad/UserInterfaceState.xcuserstate
View file
Binary file not shown.
56 changes: 56 additions & 0 deletions Clutch.xcodeproj/xcuserdata/dev.xcuserdatad/xcschemes/xcodewtf.xcscheme
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme
LastUpgradeVersion = "0720"
version = "1.3">
<BuildAction
parallelizeBuildables = "YES"
buildImplicitDependencies = "YES">
</BuildAction>
<TestAction
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
shouldUseLaunchSchemeArgsEnv = "YES">
<Testables>
<TestableReference
skipped = "NO">
<BuildableReference
BuildableIdentifier = "primary"
BlueprintIdentifier = "32BE3C241C5B8C450049ECAD"
BuildableName = "xcodewtf.xctest"
BlueprintName = "xcodewtf"
ReferencedContainer = "container:Clutch.xcodeproj">
</BuildableReference>
</TestableReference>
</Testables>
<AdditionalOptions>
</AdditionalOptions>
</TestAction>
<LaunchAction
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
launchStyle = "0"
useCustomWorkingDirectory = "NO"
ignoresPersistentStateOnLaunch = "NO"
debugDocumentVersioning = "YES"
debugServiceExtension = "internal"
allowLocationSimulation = "YES">
<AdditionalOptions>
</AdditionalOptions>
</LaunchAction>
<ProfileAction
buildConfiguration = "Release"
shouldUseLaunchSchemeArgsEnv = "YES"
savedToolIdentifier = ""
useCustomWorkingDirectory = "NO"
debugDocumentVersioning = "YES">
</ProfileAction>
<AnalyzeAction
buildConfiguration = "Debug">
</AnalyzeAction>
<ArchiveAction
buildConfiguration = "Release"
revealArchiveInOrganizer = "YES">
</ArchiveAction>
</Scheme>
37 changes: 37 additions & 0 deletions Clutch.xcodeproj/xcuserdata/dev.xcuserdatad/xcschemes/xcschememanagement.plist
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>SchemeUserState</key>
<dict>
<key>Clutch.xcscheme_^#shared#^_</key>
<dict>
<key>orderHint</key>
<integer>1</integer>
</dict>
<key>[DEBUG] Clutch.xcscheme_^#shared#^_</key>
<dict>
<key>orderHint</key>
<integer>0</integer>
</dict>
<key>xcodewtf.xcscheme</key>
<dict>
<key>orderHint</key>
<integer>2</integer>
</dict>
</dict>
<key>SuppressBuildableAutocreation</key>
<dict>
<key>329B80701C5B6745007DD817</key>
<dict>
<key>primary</key>
<true/>
</dict>
<key>32BE3C241C5B8C450049ECAD</key>
<dict>
<key>primary</key>
<true/>
</dict>
</dict>
</dict>
</plist>
Binary file added Clutch/.DS_Store
View file
Binary file not shown.
29 changes: 15 additions & 14 deletions Clutch/ARM64Dumper.m
View file
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@
#import <dlfcn.h>
#import <mach/mach_traps.h>
#import <mach/mach_init.h>
#import "ClutchPrint.h"

@implementation ARM64Dumper

@@ -56,7 +57,7 @@ - (BOOL)dumpBinary {

uint64_t __text_start = 0;

DumperDebugLog(@"64bit dumping: arch %@ offset %u", [Dumper readableArchFromHeader:_thinHeader], _thinHeader.offset);
[[ClutchPrint sharedInstance] printDeveloper: @"64bit dumping: arch %@ offset %u", [Dumper readableArchFromHeader:_thinHeader], _thinHeader.offset];

for (int i = 0; i < _thinHeader.header.ncmds; i++) {

@@ -68,15 +69,15 @@ - (BOOL)dumpBinary {
[newFileHandle getBytes:&ldid inRange:NSMakeRange(newFileHandle.offsetInFile,sizeof(struct linkedit_data_command))];
foundSignature = YES;

DumperDebugLog(@"FOUND CODE SIGNATURE: dataoff %u | datasize %u",ldid.dataoff,ldid.datasize);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND CODE SIGNATURE: dataoff %u | datasize %u",ldid.dataoff,ldid.datasize];

break;
}
case LC_ENCRYPTION_INFO_64: {
[newFileHandle getBytes:&crypt inRange:NSMakeRange(newFileHandle.offsetInFile,sizeof(struct encryption_info_command_64))];
foundCrypt = YES;

DumperDebugLog(@"FOUND ENCRYPTION INFO: cryptoff %u | cryptsize %u | cryptid %u",crypt.cryptoff,crypt.cryptsize,crypt.cryptid);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND ENCRYPTION INFO: cryptoff %u | cryptsize %u | cryptid %u",crypt.cryptoff,crypt.cryptsize,crypt.cryptid];

break;
}
@@ -86,7 +87,7 @@ - (BOOL)dumpBinary {

if (strncmp(__text.segname, "__TEXT", 6) == 0) {
foundStartText = YES;
DumperDebugLog(@"FOUND %s SEGMENT",__text.segname);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND %s SEGMENT",__text.segname];
__text_start = __text.vmaddr;
}
break;
@@ -101,11 +102,11 @@ - (BOOL)dumpBinary {

// we need to have all of these
if (!foundCrypt || !foundSignature || !foundStartText) {
DumperDebugLog(@"dumping binary: some load commands were not found %@ %@ %@",foundCrypt?@"YES":@"NO",foundSignature?@"YES":@"NO",foundStartText?@"YES":@"NO");
[[ClutchPrint sharedInstance] printDeveloper: @"dumping binary: some load commands were not found %@ %@ %@",foundCrypt?@"YES":@"NO",foundSignature?@"YES":@"NO",foundStartText?@"YES":@"NO"];
return NO;
}

DumperDebugLog(@"found all required load commands for %@ %@",_originalBinary,[Dumper readableArchFromHeader:_thinHeader]);
[[ClutchPrint sharedInstance] printDeveloper: @"found all required load commands for %@ %@",_originalBinary,[Dumper readableArchFromHeader:_thinHeader]];

pid_t pid; // store the process ID of the fork
mach_port_t port; // mach port used for moving virtual memory
@@ -115,7 +116,7 @@ - (BOOL)dumpBinary {
pid = [self posix_spawn:swappedBinaryPath disableASLR:self.shouldDisableASLR];

if ((err = task_for_pid(mach_task_self(), pid, &port) != KERN_SUCCESS)) {
ERROR(@"Could not obtain mach port, either the process is dead (codesign error?) or entitlements were not properly signed!");
[[ClutchPrint sharedInstance] printError:@"Could not obtain mach port, either the process is dead (codesign error?) or entitlements were not properly signed!"];
goto gotofail;
}

@@ -133,10 +134,10 @@ - (BOOL)dumpBinary {
for (uint32_t index = 0; index < countBlobs; index++) { // is this the code directory?
if (CFSwapInt32(codesignblob->index[index].type) == CSSLOT_CODEDIRECTORY) {
// we'll find the hash metadata in here
DumperDebugLog(@"%u %u %u", _thinHeader.offset, ldid.dataoff, codesignblob->index[index].offset);
[[ClutchPrint sharedInstance] printDeveloper: @"%u %u %u", _thinHeader.offset, ldid.dataoff, codesignblob->index[index].offset];
begin = _thinHeader.offset + ldid.dataoff + CFSwapInt32(codesignblob->index[index].offset); // store the top of the codesign directory blob
[newFileHandle getBytes:&directory inRange:NSMakeRange(begin, sizeof(struct code_directory))]; //read the blob from its beginning
DumperDebugLog(@"Found CSSLOT_CODEDIRECTORY");
[[ClutchPrint sharedInstance] printDeveloper: @"Found CSSLOT_CODEDIRECTORY"];
break; //break (we don't need anything from this the superblob anymore)
}
}
@@ -145,10 +146,10 @@ - (BOOL)dumpBinary {

uint32_t pages = CFSwapInt32(directory.nCodeSlots); // get the amount of codeslots

DumperDebugLog(@"Codesign Pages %u", pages);
[[ClutchPrint sharedInstance] printDeveloper: @"Codesign Pages %u", pages];

if (pages == 0) {
DumperLog(@"pages == 0");
[[ClutchPrint sharedInstance] printColor:ClutchPrinterColorPurple format:@"pages == 0"];
goto gotofail;
}

@@ -158,11 +159,11 @@ - (BOOL)dumpBinary {
{
mach_vm_address_t main_address = [ASLRDisabler slideForPID:pid];
if(main_address == -1) {
DumperLog(@"Failed to find address of header!");
[[ClutchPrint sharedInstance] printColor:ClutchPrinterColorPurple format:@"Failed to find address of header!"];
goto gotofail;
}

DumperLog(@"ASLR slide: 0x%llx", main_address);
[[ClutchPrint sharedInstance] printColor:ClutchPrinterColorPurple format:@"ASLR slide: 0x%llx", main_address];
__text_start = main_address;
}

@@ -175,7 +176,7 @@ - (BOOL)dumpBinary {
});

}
NSLog(@"done dumping");
[[ClutchPrint sharedInstance] printDeveloper:@"done dumping"];

//done dumping, let's wait for pid

29 changes: 15 additions & 14 deletions Clutch/ARMDumper.m
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@
#import <mach/mach_traps.h>
#import <mach/mach_init.h>
#import <mach-o/dyld_images.h>
#import "ClutchPrint.h"

@implementation ARMDumper

@@ -59,7 +60,7 @@ - (BOOL)dumpBinary {

uint64_t __text_start = 0;

DumperDebugLog(@"32bit Dumping: arch %@ offset %u", [Dumper readableArchFromHeader:_thinHeader], _thinHeader.offset);
[[ClutchPrint sharedInstance] printDeveloper: @"32bit Dumping: arch %@ offset %u", [Dumper readableArchFromHeader:_thinHeader], _thinHeader.offset];

for (int i = 0; i < _thinHeader.header.ncmds; i++) {

@@ -71,15 +72,15 @@ - (BOOL)dumpBinary {
[newFileHandle getBytes:&ldid inRange:NSMakeRange(newFileHandle.offsetInFile,sizeof(struct linkedit_data_command))];
foundSignature = YES;

DumperDebugLog(@"FOUND CODE SIGNATURE: dataoff %u | datasize %u",ldid.dataoff,ldid.datasize);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND CODE SIGNATURE: dataoff %u | datasize %u",ldid.dataoff,ldid.datasize];

break;
}
case LC_ENCRYPTION_INFO: {
[newFileHandle getBytes:&crypt inRange:NSMakeRange(newFileHandle.offsetInFile,sizeof(struct encryption_info_command))];
foundCrypt = YES;

DumperDebugLog(@"FOUND ENCRYPTION INFO: cryptoff %u | cryptsize %u | cryptid %u",crypt.cryptoff,crypt.cryptsize,crypt.cryptid);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND ENCRYPTION INFO: cryptoff %u | cryptsize %u | cryptid %u",crypt.cryptoff,crypt.cryptsize,crypt.cryptid];

break;
}
@@ -89,7 +90,7 @@ - (BOOL)dumpBinary {

if (strncmp(__text.segname, "__TEXT", 6) == 0) {
foundStartText = YES;
DumperDebugLog(@"FOUND %s SEGMENT",__text.segname);
[[ClutchPrint sharedInstance] printDeveloper: @"FOUND %s SEGMENT",__text.segname];
__text_start = __text.vmaddr;
}
break;
@@ -102,15 +103,15 @@ - (BOOL)dumpBinary {
break;
}

DumperDebugLog(@"binary path %@", swappedBinaryPath);
[[ClutchPrint sharedInstance] printDeveloper: @"binary path %@", swappedBinaryPath];

// we need to have all of these
if (!foundCrypt || !foundSignature || !foundStartText) {
ERROR(@"dumping binary: some load commands were not found %@ %@ %@",foundCrypt?@"YES":@"NO",foundSignature?@"YES":@"NO",foundStartText?@"YES":@"NO");
[[ClutchPrint sharedInstance] printError:@"dumping binary: some load commands were not found %@ %@ %@",foundCrypt?@"YES":@"NO",foundSignature?@"YES":@"NO",foundStartText?@"YES":@"NO"];
return NO;
}

DumperDebugLog(@"found all required load commands for %@ %@",_originalBinary,[Dumper readableArchFromHeader:_thinHeader]);
[[ClutchPrint sharedInstance] printDeveloper: @"found all required load commands for %@ %@",_originalBinary,[Dumper readableArchFromHeader:_thinHeader]];

pid_t pid; // store the process ID of the fork
mach_port_t port; // mach port used for moving virtual memory
@@ -120,7 +121,7 @@ - (BOOL)dumpBinary {
pid = [self posix_spawn:swappedBinaryPath disableASLR:self.shouldDisableASLR];

if ((err = task_for_pid(mach_task_self(), pid, &port) != KERN_SUCCESS)) {
ERROR(@"Could not obtain mach port, did you sign with proper entitlements?");
[[ClutchPrint sharedInstance] printError:@"Could not obtain mach port, did you sign with proper entitlements?"];
sleep(60);
goto gotofail;
}
@@ -140,10 +141,10 @@ - (BOOL)dumpBinary {
for (uint32_t index = 0; index < countBlobs; index++) { // is this the code directory?
if (CFSwapInt32(codesignblob->index[index].type) == CSSLOT_CODEDIRECTORY) {
// we'll find the hash metadata in here
DumperDebugLog(@"%u %u %u", _thinHeader.offset, ldid.dataoff, codesignblob->index[index].offset);
[[ClutchPrint sharedInstance] printDeveloper: @"%u %u %u", _thinHeader.offset, ldid.dataoff, codesignblob->index[index].offset];
begin = _thinHeader.offset + ldid.dataoff + CFSwapInt32(codesignblob->index[index].offset); // store the top of the codesign directory blob
[newFileHandle getBytes:&directory inRange:NSMakeRange(begin, sizeof(struct code_directory))]; //read the blob from its beginning
DumperDebugLog(@"Found CSSLOT_CODEDIRECTORY");
[[ClutchPrint sharedInstance] printDeveloper: @"Found CSSLOT_CODEDIRECTORY"];
break; //break (we don't need anything from this the superblob anymore)
}
}
@@ -153,7 +154,7 @@ - (BOOL)dumpBinary {
uint32_t pages = CFSwapInt32(directory.nCodeSlots); // get the amount of codeslots

if (pages == 0) {
DumperLog(@"pages == 0");
[[ClutchPrint sharedInstance] printColor:ClutchPrinterColorPurple format:@"pages == 0"];
goto gotofail;
}

@@ -163,11 +164,11 @@ - (BOOL)dumpBinary {
{
mach_vm_address_t main_address = [ASLRDisabler slideForPID:pid];
if(main_address == -1) {
ERROR(@"Failed to find address of header!");
[[ClutchPrint sharedInstance] printError:@"Failed to find address of header!"];
goto gotofail;
}

DumperDebugLog(@"ASLR slide: 0x%llx", main_address);
[[ClutchPrint sharedInstance] printColor:ClutchPrinterColorPurple format:@"ASLR slide: 0x%llx", main_address];
__text_start = main_address;
}

@@ -180,7 +181,7 @@ - (BOOL)dumpBinary {

}

NSLog(@"done dumping");
[[ClutchPrint sharedInstance] printDeveloper:@"done dumping"];
if (![swappedBinaryPath isEqualToString:_originalBinary.binaryPath])
[[NSFileManager defaultManager]removeItemAtPath:swappedBinaryPath error:nil];
if (![newSinf isEqualToString:_originalBinary.sinfPath])
5 changes: 3 additions & 2 deletions Clutch/ASLRDisabler.m
View file
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@
#import <mach/mach_init.h>
#import <mach/vm_map.h>
#import "mach_vm.h"
#import "ClutchPrint.h"

@import MachO.loader;

@@ -23,7 +24,7 @@ + (mach_vm_address_t)slideForPID:(pid_t)pid {
kern_return_t kr = 0;
if (task_for_pid(mach_task_self(), pid, &targetTask))
{
NSLog(@"[ERROR] Can't execute task_for_pid! Do you have the right permissions/entitlements?\n");
[[ClutchPrint sharedInstance] printError:@"Can't execute task_for_pid! Do you have the right permissions/entitlements?"];
return -1;
}

@@ -48,7 +49,7 @@ + (mach_vm_address_t)slideForPID:(pid_t)pid {
if ((mh.magic == MH_MAGIC || mh.magic == MH_MAGIC_64) && mh.filetype == MH_EXECUTE)
{
#if DEBUG
NSLog(@"Found main binary mach-o image @ %p!\n", (void*)addr);
[[ClutchPrint sharedInstance] printDeveloper:@"Found main binary mach-o image @ %p!", (void*)addr];
#endif
return addr;
break;
4 changes: 1 addition & 3 deletions Clutch/Application.m
View file
Original file line number Diff line number Diff line change
@@ -189,9 +189,7 @@ - (void)dumpToDirectoryURL:(NSURL *)directoryURL onlyBinaries:(BOOL)_onlyBinarie
[super dumpToDirectoryURL:directoryURL];

[self prepareForDump];

//NSLog(@"SCInfo SINF for %@:\n %@",self,[SCInfoBuilder parseOriginaleSinfForBundle:self]);


[[NSFileManager defaultManager]createDirectoryAtPath:_workingPath withIntermediateDirectories:YES attributes:nil error:nil];

ZipOperation *_mainZipOperation = [[ZipOperation alloc]initWithApplication:self];
2 changes: 1 addition & 1 deletion Clutch/ApplicationsManager.h
View file
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@

@interface ApplicationsManager : NSObject

+ (instancetype)sharedInstance;
- (instancetype)init;

@property (NS_NONATOMIC_IOSONLY, readonly, copy) NSDictionary *installedApps;

Loading

0 comments on commit 3a0f1a5

Please sign in to comment.