Merge branch 'opa334:2.x' into 2.x

Author: wumbomumbo

.github/workflows/main.yml

@@ -100,4 +100,4 @@ jobs:
         with:
           name: Dopamine
           path: |
-            ${{ github.workspace }}/Application/Dopamine.ipa
+            ${{ github.workspace }}/Application/Dopamine.ipa

Application/Dopamine.xcodeproj/project.pbxproj

@@ -2234,7 +2234,7 @@
 					"$(PROJECT_DIR)/Dopamine/Dependencies",
 					"$(PROJECT_DIR)/Dopamine/Resources",
 				);
-				MARKETING_VERSION = 2.4.1;
+				MARKETING_VERSION = 2.4.2;
 				PRODUCT_BUNDLE_IDENTIFIER = com.opa334.Dopamine;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;
@@ -2271,7 +2271,7 @@
 					"$(PROJECT_DIR)/Dopamine/Dependencies",
 					"$(PROJECT_DIR)/Dopamine/Resources",
 				);
-				MARKETING_VERSION = 2.4.1;
+				MARKETING_VERSION = 2.4.2;
 				PRODUCT_BUNDLE_IDENTIFIER = com.opa334.Dopamine;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;

BaseBin/MachOMerger/Sources/MachOMerger/SegmentLoadCommand.swift

@@ -63,7 +63,7 @@ func generateSegmentLoadCommands(infoA: MachOMergeData, infoB: MachOMergeData, r
         for sect in seg.1[0].origCommand.sections {
             var sectLC = section_64()
             _ = withUnsafeMutableBytes(of: &sectLC.sectname) { ptr in
-                strcpy(ptr.baseAddress!, sect.section + (seg.1.count > 1 ? "_1" : ""))
+                strcpy(ptr.baseAddress!, sect.section)
             }
             _ = withUnsafeMutableBytes(of: &sectLC.segname) { ptr in
                 strcpy(ptr.baseAddress!, seg.0)

BaseBin/MachOMerger/Sources/MachOMerger/main.swift

@@ -177,6 +177,11 @@ func collectData(fromMachO machO: MachO) -> MachOMergeData {
 var dataA = collectData(fromMachO: a)
 var dataB = collectData(fromMachO: b)
 
+// Patch out magic of both MachOs
+// Fixes issues with some third party software (e.g. Frida) finding the wrong place and mistaking it for the header
+// Of course the root issue is in third party software, but I guess we can make their life easier
+let magicReplacement = UInt32(0xd0d0d0d0)
+
 /*
  * Now comes the real magic: Merging the MachOs.
  * To do this, the following steps have to be performed:
@@ -193,14 +198,26 @@ for seg in dataA.segments {
         print("Found duplicate segment! [A]")
         exit(-1)
     }
+
+    var data = seg.1
+
+    if seg.0.name == "__TEXT" {
+        data = Data(fromObject:magicReplacement) + data.subdata(in: 4..<data.count)
+    }
 
-    segments.append((seg.0.name, [(isB: false, origCommand: seg.0, data: seg.1, offset: 0)]))
+    segments.append((seg.0.name, [(isB: false, origCommand: seg.0, data: data, offset: 0)]))
 }
 
 var sortingRequired = false
 
 for seg in dataB.segments {
-    let newEntry = [(isB: true, origCommand: seg.0, data: seg.1, offset: 0 as UInt64)]
+    var data = seg.1
+
+    if seg.0.name == "__TEXT" {
+        data = Data(fromObject:magicReplacement) + data.subdata(in: 4..<data.count)
+    }
+
+    let newEntry = [(isB: true, origCommand: seg.0, data: data, offset: 0 as UInt64)]
 
     var found = false
     var new: [(String, [(isB: Bool, origCommand: Segment64LoadCommand, data: Data, offset: UInt64)])] = []

BaseBin/_external/basebin/.version

@@ -1 +1 @@
-2.4.1
+2.4.2

BaseBin/_external/modules/litehook

@@ -248,12 +248,18 @@ int __execve_hook(const char *path, char *const argv[], char *const envp[])
 
 const struct mach_header_64 *get_dyld_mach_header(void)
 {
-	task_dyld_info_data_t dyldInfo;
-	uint32_t count = TASK_DYLD_INFO_COUNT;
-	kern_return_t kr = task_info(mach_task_self_, TASK_DYLD_INFO, (task_info_t)&dyldInfo, &count);
-	if (kr != KERN_SUCCESS) return NULL;
-	struct dyld_all_image_infos *infos = (struct dyld_all_image_infos *)dyldInfo.all_image_info_addr;
-	return (const struct mach_header_64 *)infos->dyldImageLoadAddress;
+	static const struct mach_header_64 *dyldMachHeader = NULL;
+	static dispatch_once_t onceToken;
+	dispatch_once (&onceToken, ^{
+		task_dyld_info_data_t dyldInfo;
+		uint32_t count = TASK_DYLD_INFO_COUNT;
+		kern_return_t kr = task_info(mach_task_self_, TASK_DYLD_INFO, (task_info_t)&dyldInfo, &count);
+		if (kr == KERN_SUCCESS) {
+			struct dyld_all_image_infos *infos = (struct dyld_all_image_infos *)dyldInfo.all_image_info_addr;
+			dyldMachHeader = (const struct mach_header_64 *)infos->dyldImageLoadAddress;
+		}
+	});
+	return dyldMachHeader;
 }
 
 int parse_dyldhook_jbinfo(char **jbRootPathOut, char **bootUUIDOut, char **sandboxExtensionsOut, bool *fullyDebuggedOut)
@@ -317,8 +323,7 @@ __attribute__((constructor)) static void initializer(void)
 	}
 	else {
 		// On iOS 15 there is a way to hook posix_spawn and execve without doing instruction replacements
-		// This is fairly convenient due to instruction replacements being presumed to be the primary trigger for spinlock panics on iOS 15 arm64e
-		// Unfortunately Apple decided to remove these in iOS 16 :( Doesn't matter too much though because spinlock panics are fixed there
+		// Unfortunately Apple decided to remove these in iOS 16 :(
 
 		void **posix_spawn_with_filter = litehook_find_dsc_symbol("/usr/lib/system/libsystem_kernel.dylib", "_posix_spawn_with_filter");
 		void **execve_with_filter      = litehook_find_dsc_symbol("/usr/lib/system/libsystem_kernel.dylib", "_execve_with_filter");
@@ -327,6 +332,12 @@ __attribute__((constructor)) static void initializer(void)
 		*execve_with_filter      = __execve_hook;
 	}
 
+	// Hook the dyld_shared_cache __fcntl to jump to the dyld __fcntl instead
+	// This makes it so that library validation is also bypassed if someone calls fcntl in userspace to attach a signature manually
+	void *dyld___fcntl = litehook_find_symbol(get_dyld_mach_header(), "___fcntl");
+	extern int __fcntl(int fd, int op, ... /* arg */ );
+	litehook_hook_function(__fcntl, dyld___fcntl);
+
 	// Initialize stuff neccessary for sandbox_apply hook
 	gLibSandboxHandle = dlopen("/usr/lib/libsandbox.1.dylib", RTLD_FIRST | RTLD_LOCAL | RTLD_LAZY);
 	sandbox_apply_orig = dlsym(gLibSandboxHandle, "sandbox_apply");