SYSCALL #169

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

SYSCALL #169

Postby darkknight » Tue May 17, 2016 3:49 pm

So about that app that lists the processes and determines whether or not your device jailbroken. Basically comes down to that #169 syscall. Tried the following on iOS 9.0.2:

Code: Select all
#include <unistd.h>   
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/syslimits.h>

#define MAX_CSOPS_BUFFER_LEN 3*PATH_MAX
#define   CS_OPS_PIDPATH      4   /* get executable's pathname */
#define   CS_OPS_CDHASH      5   /* get code directory hash */

static char BUFFER[MAX_CSOPS_BUFFER_LEN];
static uint32_t int_buffer;
static off_t   off_buffer;
static pid_t process_id;

typedef void (^describe_t)(void);

static struct csops_struct{
   const char* description;
   describe_t   describe;
   unsigned int ops;
   void*    useraddr;
   size_t    usersize;
}CSOPS;

int main(int argc, char * argv[])
{
   struct csops_struct* cs = &(struct csops_struct){

      /* the path name for executable. */
      .description  = "Return the executable path name for PID. "
                  "Used by taskgated.",
      .ops        = CS_OPS_PIDPATH,
      .useraddr     = (void*)BUFFER,  // Path for PID returned
      .usersize     = (PATH_MAX-1),
      .describe     = ^{
      fprintf(stdout, "PID: %d -> Executable path: '%s'\n",
               process_id,
               BUFFER);   
      }
   };

   /*- Get the PID -*/
   process_id = atoi(argv[1]);

   /*- Call csops with #169 -*/
   syscall (169, process_id, cs->ops,cs->useraddr,cs->usersize);
   cs->describe();
   
   return 0;
}


Got the following output:
PID: 61 -> Executable path: ''....doesnt print the path as expected?

Maybe I missed something...
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm

Re: SYSCALL #169

Postby morpheus » Tue May 17, 2016 6:27 pm

you did.

As you can see in - http://newosxbook.com/src.jl?tree=xnu&f ... s_internal

PIDPATH isn't supported. Esser uses IDENT and CDHASH extensively. Those do work.

And if he doesn't release his writeup as promised, I will. But poor guy is feverish with 40 degrees. It's too much for a writeup. Not for tweeting incessantly :-P
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: SYSCALL #169

Postby darkknight » Tue May 17, 2016 6:53 pm

AHA!!! Ok kewl. Much thanks...
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests