Afc2d 直接hook 系统C函数的语法和Theos的不一样？

ninita · 2016 年8 月 16 日 06:07

另外看了它的Makefile，好像是用ios来编译的。

#!/bin/bash 2 set -e 3 ver=$(git describe --tags --dirty="+" --match="v*" "${flags[@]}" | sed -e 's@-$[^-]*$-$[^-]*$$@+\1.\2@;s@^v@@;s@%@~@g') 4 sudo rm -rf _ 5 mkdir -p _/DEBIAN 6 ms=_/Library/MobileSubstrate/DynamicLibraries 7 mkdir -p "${ms}" 8 cp -a afc2dService.plist "${ms}" 9 plutil -convert binary1 "${ms}"/afc2dService.plist 10 cycc -i2.0 -o"${ms}"/afc2dService.dylib -s afc2dService.mm -- -framework Foundation 11 cycc -i2.0 -o_/DEBIAN/extrainst_ -- extrainst.mm -lz -framework Foundation 12 cycc -i2.0 -o_/DEBIAN/postrm -- postrm.mm -lz -framework Foundation 13 sed -e 's/\${ver}/'"${ver}"'/' control.in >_/DEBIAN/control 14 mkdir -p _/usr/libexec 15 cp -a afc2d _/usr/libexec 16 deb=com.saurik.afc2d_${ver}_iphoneos-arm.deb 17 sudo chown -R root:wheel _ 18 sudo dpkg-deb -b _ "${deb}" 19 #sudo rm -rf _ 20 ln -sf com.saurik.afc2d.deb "${deb}"

========
俺尝试越狱iphone上安装环境后编译，在cycc这步出错了，（plutil，这个我注释了，二进制格式和xml plist应该没区别），@坛主大神知道如何编译这个项目不？俺只想把lockdown目前用到的service.plist文件给dump出来，看看9.x开始是不是一些服务改名了。

mac上尝试用最新版的Theos 编译

%hook CFPropertyListRef CFPropertyListCreateWithData(CFAllocatorRef allocator, CFDataRef data, CFOptionFlags options, CFPropertyListFormat *format, CFErrorRef *error) {

这行就报错了，囧

项目地址

ninita · 2016 年8 月 16 日 09:21

Saurik 果然大神，他的那套搞不定，有懂得麻烦分享下。

俺用原来的Theos 语法搞定。这是5s 9.3.3 上dump 出来的lockdown 可以启动的service.plist,很多服务名称都不在这个列表里面了，但是原来的可执行程序还在。另外多了ATC2 这个看来苹果又要搞一套正版同步的了？

分享出来给有用的同学

`<?xml version="1.0" encoding="UTF-8"?>

com.apple.PurpleReverseProxy.Conn AllowUnactivatedService Label com.apple.PurpleReverseProxy.Conn UserName mobile XPCServiceName com.apple.PurpleReverseProxy.Conn com.apple.PurpleReverseProxy.Ctrl AllowUnactivatedService Label com.apple.PurpleReverseProxy.Ctrl UserName mobile XPCServiceName com.apple.PurpleReverseProxy.Ctrl com.apple.afc AllowUnactivatedService Label com.apple.afc UserName mobile XPCServiceName com.apple.afcd com.apple.afc2 AllowUnactivatedService Label com.apple.afc2 ProgramArguments /usr/libexec/afc2d -S -L -d / com.apple.ait.aitd Label com.apple.ait.aitd USBOnlyService UserName mobile XPCServiceName com.apple.ait.client com.apple.atc Label com.apple.atc UserName mobile XPCServiceName com.apple.atc com.apple.atc2 Label com.apple.atc2 UserName mobile XPCServiceName com.apple.atc2 com.apple.companion_proxy Label com.apple.companion_proxy UserName mobile XPCServiceName com.apple.companion_proxy com.apple.crashreportcopymobile AllowUnactivatedService Label com.apple.crashreportcopymobile UserName mobile XPCServiceName com.apple.crashreportcopymobile com.apple.crashreportmover AllowUnactivatedService Label com.apple.crashreportmover XPCServiceName com.apple.crash_mover com.apple.idamd Label com.apple.idamd UserName mobile XPCServiceName com.apple.idamd com.apple.iosdiagnostics.relay AllowUnactivatedService Label com.apple.iosdiagnostics.relay ProgramArguments /usr/libexec/ios_diagnostics_relay UserName mobile com.apple.misagent Label com.apple.misagent XPCServiceName com.apple.misagent com.apple.mobile.MCInstall AllowUnactivatedService Label com.apple.mobile.MCInstall ProgramArguments /usr/libexec/mc_mobile_tunnel UserName mobile com.apple.mobile.assertion_agent Label com.apple.mobile.assertion_agent UserName mobile XPCServiceName com.apple.mobile.assertion_agent com.apple.mobile.diagnostics_relay AllowUnactivatedService Label com.apple.mobile.diagnostics_relay ProgramArguments /usr/libexec/mobile_diagnostics_relay com.apple.mobile.file_relay Label com.apple.mobile.file_relay ProgramArguments /usr/libexec/mobile_file_relay com.apple.mobile.heartbeat Label HeartBeat Monitor UserName mobile XPCServiceName com.apple.lockdown.host_watcher com.apple.mobile.house_arrest InstanceLimit 5 Label com.apple.mobile.house_arrest ProgramArguments /usr/libexec/mobile_house_arrest com.apple.mobile.insecure_notification_proxy AllowUnactivatedService Label com.apple.mobile.insecure_notification_proxy UserName mobile XPCServiceName com.apple.mobile.insecure_notification_proxy com.apple.mobile.installation_proxy Label com.apple.mobile.installation_proxy UserName mobile XPCServiceName com.apple.mobile.installation_proxy com.apple.mobile.mobile_image_mounter AllowUnactivatedService Label com.apple.mobile.mobile_image_mounter ProgramArguments /usr/libexec/mobile_storage_proxy com.apple.mobile.notification_proxy AllowUnactivatedService Label com.apple.mobile.notification_proxy UserName mobile XPCServiceName com.apple.mobile.notification_proxy com.apple.mobileactivationd AllowUnactivatedService Label com.apple.mobileactivationd UserName mobile XPCServiceName com.apple.mobileactivationd.lockdown com.apple.mobilebackup InstanceLimit 5 Label com.apple.mobilebackup ProgramArguments /usr/libexec/BackupAgent --lockdown com.apple.mobilebackup2 InstanceLimit 5 Label com.apple.mobilebackup2 ProgramArguments /usr/libexec/BackupAgent2 --lockdown com.apple.mobilesync InstanceLimit 5 Label com.apple.mobilesync ProgramArguments /usr/libexec/SyncAgent --lockdown --oneshot -v UserName mobile com.apple.os_trace_relay AllowUnactivatedService Label com.apple.syslog_relay UserName mobile XPCServiceName com.apple.os_trace_relay com.apple.pcapd AllowUnactivatedService InstanceLimit 1 Label com.apple.pcapd ProgramArguments /usr/libexec/pcapd USBOnlyService com.apple.preboardservice Label com.apple.preboardservice UserName mobile XPCServiceName com.apple.preboardservice com.apple.springboardservices Label com.apple.springboardservicesrelay ProgramArguments /usr/libexec/springboardservicesrelay UserName mobile com.apple.streaming_zip_conduit Label com.apple.streaming_zip_conduit UserName mobile XPCServiceName com.apple.streaming_zip_conduit com.apple.syslog_relay AllowUnactivatedService Label com.apple.syslog_relay UserName mobile XPCServiceName com.apple.syslog_relay com.apple.webinspector Label com.apple.webinspector UserName mobile XPCServiceName com.apple.webinspector `