Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)


Postby darkknight » Tue May 17, 2016 3:49 pm

So about that app that lists the processes and determines whether or not your device jailbroken. Basically comes down to that #169 syscall. Tried the following on iOS 9.0.2:

Code: Select all
#include <unistd.h>   
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/syslimits.h>

#define   CS_OPS_PIDPATH      4   /* get executable's pathname */
#define   CS_OPS_CDHASH      5   /* get code directory hash */

static uint32_t int_buffer;
static off_t   off_buffer;
static pid_t process_id;

typedef void (^describe_t)(void);

static struct csops_struct{
   const char* description;
   describe_t   describe;
   unsigned int ops;
   void*    useraddr;
   size_t    usersize;

int main(int argc, char * argv[])
   struct csops_struct* cs = &(struct csops_struct){

      /* the path name for executable. */
      .description  = "Return the executable path name for PID. "
                  "Used by taskgated.",
      .ops        = CS_OPS_PIDPATH,
      .useraddr     = (void*)BUFFER,  // Path for PID returned
      .usersize     = (PATH_MAX-1),
      .describe     = ^{
      fprintf(stdout, "PID: %d -> Executable path: '%s'\n",

   /*- Get the PID -*/
   process_id = atoi(argv[1]);

   /*- Call csops with #169 -*/
   syscall (169, process_id, cs->ops,cs->useraddr,cs->usersize);
   return 0;

Got the following output:
PID: 61 -> Executable path: ''....doesnt print the path as expected?

Maybe I missed something...
Posts: 90
Joined: Mon Apr 18, 2016 10:49 pm

Re: SYSCALL #169

Postby morpheus » Tue May 17, 2016 6:27 pm

you did.

As you can see in - ... s_internal

PIDPATH isn't supported. Esser uses IDENT and CDHASH extensively. Those do work.

And if he doesn't release his writeup as promised, I will. But poor guy is feverish with 40 degrees. It's too much for a writeup. Not for tweeting incessantly :-P
Site Admin
Posts: 715
Joined: Thu Apr 11, 2013 6:24 pm

Re: SYSCALL #169

Postby darkknight » Tue May 17, 2016 6:53 pm

AHA!!! Ok kewl. Much thanks...
Posts: 90
Joined: Mon Apr 18, 2016 10:49 pm

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 5 guests