kerninfra's Introduction

KernInfra

KernInfra is a developer-friendly kernel read-write framework.

Why KernInfra

KernInfra is built to address the following engineering issues:

kernel chain RW problem: for operations like vnode_from_fd = proc_t->p_fd->fd_ofiles[0]->f_fglob->fg_data
PAC pointer handling: tons of kxpacd calls
kernel read address checking: no more ~~Kernel Data Abort~~
kernel offset management: no more off_XXX_YYY
multiple kern R/W provider: it's 2021, bye-bye tfp0, and hello libkrw/libkernrw
various simple but useful kernel helper functions: we need patchfinder to find proc, vnodes, tasks, etc.

How does it look like

Before KernInfra: R/W vnode->v_mount->mnt_flag

    printf("got vp: %llx\n", orig);
    uint64_t mount = kernel_read64(orig + off_v_mount);
    uint64_t kxpacd_mount = kxpacd(mount);
    printf("  %s: mount %llx\n", path, kxpacd_mount);
    uint32_t oriflag = kernel_read32(kxpacd_mount + off_mnt_flag);
    printf("  %s: oriflag %x\n", path, oriflag);
    kernel_write32(kxpacd_mount + off_mnt_flag, newflag);

After KernInfra: RW proc->task->map->page_shift ( also compatible with Intellisense ;) )

    auto curp = proc_t_p(current_proc());
    auto vPageShift = curp.task()._map().page_shift();
    DLOG("original page shift: %d", vPageShift.load());
    vPageShift.store(12);
    DLOG("new page shift: %d", vPageShift.load());

Installation & Usage

git submodule add https://github.com/NyaMisty/kerninfra && git submodule update --init --recursive

insert these lines into theos makefile

XXXX_SUBPROJECTS = kerninfra
XXXX_LDFLAGS += -Lkerninfra/libs
XXXX_CCFLAGS += -std=c++2a

enable one of the kern R/W providers in your theos makefile

export USE_TFP0=1
export USE_LIBKRW=1
export USE_LIBKERNRW=1

include it: #include "kerninfra/kerninfra.hpp"

call init func:

if (!!init_kerninfra()) {
    fprintf(stderr, "Failed to init kerninfra!!\n");
    exit(1);
} else {
    DLOG("successfully initialized kerninfra!");
}

profit~, see my fouldecrypt for a simple example, documents are located in docs/ directory ;)

Contribute

You can add more offset into our code, it will benefit EVERYONE. (And maybe we can steal some offset from Odyssey :P)
You can implement more kernel helper functions
see more in docs/HACKING.md

Credits

includes/fmt: it's fmt.dev's fmt, thanks a lot
libkrw: thanks @Siguza
libkernrw: thanks @CoolStar
libdimento: thanks @0x7ff (original dev) & @ichitaso (contributor)

kerninfra's People

Contributors

Stargazers

Watchers

kerninfra's Issues

/opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'

^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
While building module 'UIKit' imported from /opt/theos/Prefix.pch:20:
In file included from :2:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIKit.h:9:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIKitCore.h:13:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIColor.h:13:9: fatal error: could not build module 'CoreImage'
#import <CoreImage/CoreImage.h>

While building module 'UIKit' imported from /opt/theos/Prefix.pch:20:
While building module 'FileProvider' imported from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/NSFileProviderExtension.h:15:
In file included from <module-includes>:1:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/FileProvider.h:28:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/NSFileProviderTesting.h:251:33: error: declaration of 'NSFileProviderItemFields' must be imported from module 'FileProvider.NSFileProviderReplicatedExtension' before it is required
@property (readonly, nonatomic) NSFileProviderItemFields changedFields;
                               ^
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/NSFileProviderReplicatedExtension.h:90:32: note: declaration here is not visible
typedef NS_OPTIONS(NSUInteger, NSFileProviderItemFields) {
                              ^
In file included from <built-in>:1:
/opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'
                       #import <UIKit/UIKit.h>

bypassing PCRD jailbreak verification on iOS 12.3.1 and 12.5.3

Hello, I read your repo about bypassing jailbreak verification with KernBypass for PCRD. My devices are on iOS 12.3.1 and 12.5.3. Since Apple stop signing 14.3 for update, is there any other option to bypass the jailbreak verification with PCRD on either of these iOS versions?

Recommend Projects

nyamisty / kerninfra Goto Github PK

kerninfra's Introduction

KernInfra

Why KernInfra

How does it look like

Installation & Usage

Contribute

Credits

kerninfra's People

Contributors

Stargazers

Watchers

Forkers

kerninfra's Issues

/opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'

bypassing PCRD jailbreak verification on iOS 12.3.1 and 12.5.3

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent