-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathTweak.xm
More file actions
91 lines (81 loc) · 2.1 KB
/
Tweak.xm
File metadata and controls
91 lines (81 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/*
Uh, greetz to Ian Beer of ProjectZero n shit.
http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html
most of this code is his, i just wanted it to be injected into all of the things on my ipad so thanks to him
greets to dat boi ethan & sn0w for help
*/
#import <IOKit/IOKitLib.h>
#import <substrate.h>
#import <Foundation/Foundation.h>
int maybe(){
static int seeded = 0;
if(!seeded){
srand(time(NULL));
seeded = 1;
}
return !(rand() % 100);
}
void flip_bit(void* buf, size_t len){
if (!len)
return;
size_t offset = rand() % len;
((uint8_t*)buf)[offset] ^= (0x01 << (rand() % 8));
}
static kern_return_t (*old_IOConnectCallMethod)(
mach_port_t connection,
uint32_t selector,
uint64_t *input,
uint32_t inputCnt,
void *inputStruct,
size_t inputStructCnt,
uint64_t *output,
uint32_t *outputCnt,
void *outputStruct,
size_t *outputStructCntP);
kern_return_t fake_IOConnectCallMethod(
mach_port_t connection,
uint32_t selector,
uint64_t *input,
uint32_t inputCnt,
void *inputStruct,
size_t inputStructCnt,
uint64_t *output,
uint32_t *outputCnt,
void *outputStruct,
size_t *outputStructCntP)
{
bool didFuzz = 0;
if (((arc4random() % 2000) % 7) == 0)
{
didFuzz = 1;
NSLog(@"fake_IOConnectCallMethod called, we up in this bitch... flipping #1\n");
flip_bit(input, sizeof(input) * inputCnt);
}
if (((arc4random() % 2000) % 7) == 0)
{
didFuzz = 1;
NSLog(@"fake_IOConnectCallMethod called, we up in this bitch... flipping #2\n");
flip_bit(inputStruct, inputStructCnt);
}
if (didFuzz)
{
NSMutableArray *caseData = [[NSMutableArray alloc] init];
[caseData addObject:@"testcase"];
[caseData addObject:@(selector)];
NSLog(@"TESTCASE ::: %@", caseData);
}
return old_IOConnectCallMethod(
connection,
selector,
input,
inputCnt,
inputStruct,
inputStructCnt,
output,
outputCnt,
outputStruct,
outputStructCntP);
}
%ctor {
MSHookFunction((int *)&IOConnectCallMethod, (int *)&fake_IOConnectCallMethod, (void **)&old_IOConnectCallMethod);
}