From cd1544edcc2cc82e4f11fdd80f2d981580107cb4 Mon Sep 17 00:00:00 2001 From: macOS Date: Fri, 16 Oct 2020 01:17:11 +0800 Subject: [PATCH] root-snapshot-name is also readable on iOS from Darwin 20.0.0 --- libsnappy.c | 60 +++++++++++++++++++++++++++++++++++++---------------- snappy.c | 6 +++--- 2 files changed, 45 insertions(+), 21 deletions(-) diff --git a/libsnappy.c b/libsnappy.c index e810eff..d31e155 100644 --- a/libsnappy.c +++ b/libsnappy.c @@ -27,6 +27,8 @@ kern_return_t IOObjectRelease(io_object_t object ); static char *copyBootHash(void); #define APPLESNAP "com.apple.os.update-" +bool READ_NEW_IORegistryEntry = true; + __attribute__((aligned(4))) typedef struct val_attrs { uint32_t length; @@ -143,12 +145,17 @@ static char *copyBootHash(void) return NULL; } - CFDataRef hash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("boot-manifest-hash"), kCFAllocatorDefault, 0); + CFDataRef hash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("root-snapshot-name"), kCFAllocatorDefault, 0); + + if (hash == nil) { + READ_NEW_IORegistryEntry = false; + hash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("boot-manifest-hash"), kCFAllocatorDefault, 0); + } IOObjectRelease(chosen); if (hash == nil) { - fprintf(stderr, "Unable to read boot-manifest-hash\n"); + fprintf(stderr, "Unable to read neither root-snapshot-name nor boot-manifest-hash\n"); return NULL; } @@ -160,18 +167,31 @@ static char *copyBootHash(void) // Make a hex string out of the hash - CFIndex length = CFDataGetLength(hash) * 2 + 1; - char *manifestHash = (char*)calloc(length, sizeof(char)); + char *manifestHash; - int ret = sha1_to_str(CFDataGetBytePtr(hash), CFDataGetLength(hash), manifestHash, length); + if (READ_NEW_IORegistryEntry) { + CFStringRef root_snapshot_name = CFStringCreateFromExternalRepresentation(NULL, hash, kCFStringEncodingUTF8); + CFRelease(hash); + CFIndex length = CFStringGetMaximumSizeForEncoding(CFStringGetLength(root_snapshot_name), kCFStringEncodingUTF8) + 1; + manifestHash = (char*)calloc(length, sizeof(char)); - CFRelease(hash); + CFStringGetCString(root_snapshot_name, manifestHash, length, kCFStringEncodingUTF8); - if (ret != ERR_SUCCESS) { - printf("Unable to generate bootHash string\n"); - free(manifestHash); - return NULL; - } + CFRelease(root_snapshot_name); + } else { + CFIndex length = CFDataGetLength(hash) * 2 + 1; + manifestHash = (char*)calloc(length, sizeof(char)); + + int ret = sha1_to_str(CFDataGetBytePtr(hash), CFDataGetLength(hash), manifestHash, length); + + CFRelease(hash); + + if (ret != ERR_SUCCESS) { + printf("Unable to generate bootHash string\n"); + free(manifestHash); + return NULL; + } + } return manifestHash; } @@ -179,12 +199,16 @@ static char *copyBootHash(void) char *copy_system_snapshot() { char *hash = copyBootHash(); - if (hash == NULL) { - return NULL; + if (READ_NEW_IORegistryEntry) { + return hash; + } else { + if (hash == NULL) { + return NULL; + } + char *hashsnap = malloc(strlen(APPLESNAP) + strlen(hash) + 1); + strcpy(hashsnap, APPLESNAP); + strcpy(hashsnap + strlen(APPLESNAP), hash); + free(hash); + return hashsnap; } - char *hashsnap = malloc(strlen(APPLESNAP) + strlen(hash) + 1); - strcpy(hashsnap, APPLESNAP); - strcpy(hashsnap + strlen(APPLESNAP), hash); - free(hash); - return hashsnap; } diff --git a/snappy.c b/snappy.c index 05a68d9..59d53e9 100644 --- a/snappy.c +++ b/snappy.c @@ -82,8 +82,8 @@ void usage(void) #endif "\t-t, --to PATH\n" "\t-v, --revert NAME\tRevert to snapshot named NAME\n" - "\t-s, --showhash\t\tShow the name of the system snapshot for this boot-manifest-hash\n" - "\t-x, --to-system\t\tSet the target snapshot name to be the iOS system-snapshot\n" + "\t-s, --showhash\t\tShow the name of the system snapshot from IO Registry\n" + "\t-x, --to-system\t\tSet the target snapshot name to be the system-snapshot\n" "\t-o, --orig\t\tRevert to the original pre-jailbreak snapshot\n" ); } @@ -314,7 +314,7 @@ int main(int argc, char **argv, char **envp) printf("System Snapshot: %s\n", hash); free(hash); } else { - perror("Unable to get boot-manifest-hash"); + perror("Unable to get neither root-snapshot-name nor boot-manifest-hash"); error=true; } break;