• Welcome to Jailbreak Central!
  • Do not forget to Subscribe to our YouTube channel for the latest news!
  • You can contact GeoSn0w on Twitter: @FCE365
Hello There, Guest! Login Register

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Tom's Tool Dump #0
Hey y'all, I've been a lurker in this community for eons, and it's about time I contributed something.

What I've got for y'all today are some betas for various tools I've been working on for the past couple months, and have been holding off on publishing until they were all ready.

iksof (iOS Kernel Symbol Offset Finder)
Just another in the long list of offset finders out there. When I first started writing this, the idea was to finally have a nice platform binary, rather than a shell script for finding symbol offsets in an IPSW file's kernelcache. I recently realized that there's actually a few out there already and that I just wasn't looking hard enough. Regardless, this is a thing I made, and I think it has potential

In essence, it tries to get all symbol offsets you could possibly need, and prints them out as macro definitions for you. 

It's open-source and on GitHub here: https://github.com/tomnific/iksof

Let's face it, using Logos to interact with Swift is just plain awful. I mean, I suppose it's better than using raw MobileSubstrate calls, but it's still counter to the purpose of Logos, which is to simplify the hooking process.

Logos++ make hooking Swift just as easy as hooking anything else. Hooking a Swift class looks nearly identical to hooking any other class. And hooking a function - well just look at the before and after:


static void (*orig_ViewController_randomFunction)(void) = NULL;

void hook_ViewController_randomFunction() {
   NSLog(@"Hooked random function");

%ctor {
    %init(ViewController = objc_getClass("HookExampleApp.ViewController"));
    MSHookFunction(MSFindSymbol(NULL, "__T014HookExampleApp14ViewControllerC14randomFunctionyyF"),

%hookswiftf("HookExampleApp.ViewController", void, "__T014HookExampleApp14ViewControllerC14randomFunctionyyF", void)
NSLog(@"Hooked random function");

Like C++ compiles down to C, Logos++ gets translated down to plain logos using a tool called Logos--.

At its current state, it's mostly a proof of concept, but it is entirely useable. However, I know a lot of tweak developers develop on their iDevices, so, unfortunately, this may be difficult for them to integrate into their process, as Logos-- is a Java program.

As you'll see, the different parts of the language handle Swift's name mangling in different ways. Based on user feedback, the language will be changed to support one consistent method of handling it. 

You can find it on GitHub here: https://github.com/tomnific/LogosXX

Xpwnd is perhaps the tool I'm most excited to share (no relation to the xpwn toolsuite). In short, it's a modded version of Xcode that has custom SDKs geared towards both iOS Security Research and Jailbreak development (with Tweak development hopefully coming down the road)

I noticed that most jailbreaks seem to have a "standard library", if you will, of helper utilities (these utilities are found in almost every jailbreak). In addition, things like QiLin, IOKit and some headers from the macOS SDK are also frequently copied over into their own local includes. Instead of repetitively including these source files and libraries, I wanted to make something that lets you include them like any normal standard C library header. This was the genesis of the idea for a Jailbreak SDK 

However, I quickly learned that adding arbitrary SDKs to Xcode is not an easy task and has some unintended side effects. Eventually, I decided it would be much simpler, and safer, if there was simply a second Xcode dedicated to this kind of work. Thus, Xpwnd was born.

There are some kinks that I'm afraid may be inherently unpatchable, but they don't fully inhibit anything and in spite of them, Xpwnd is actually surprisingly stable. 

Quick aside: during the making of Xpwnd, I also managed to figure out how Xcode handles the mythical Sparse SDKs - something that was previously thought to be a killed feature (but I'll post more on that elsewhere in the future).

Right now, I've been focusing on the Jailbreak Development side of Xpwnd, so that's probably where you'll see the most changes coming up. 

Xpwnd is installable with a simple shell script - all that's needed is a vanilla Xcode, about 30 minutes of time, and 40GB of free storage (Xpwnd is only 20GB after the installation). In the README, there's a full list of bugs and how they can be mitigated until a permanent solution is found. 

You can find Xpwnd on GitHub here: https://github.com/tomnific/Xpwnd

TLDR; I'm publishing betas of some stuff I've been working on:
  • iksof - iOS Kernel Symbol Offset Finder tool
  • Logos++ - a superset of Logos that supports Swift
  • Xpwnd - a modded version of Xcode designed to aid each level of the jailbreak stack

Stay tuned,
~ tomnific
[Image: tomnific-jailbreakcentral-signature-scaled.png]

Forum Jump:

Browsing: 1 Guest(s)