Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential fix for mmap fail with Invalid argument #25

Merged
merged 6 commits into from
Oct 16, 2023
Merged

Potential fix for mmap fail with Invalid argument #25

merged 6 commits into from
Oct 16, 2023

Conversation

HenryQuan
Copy link
Contributor

@HenryQuan HenryQuan commented Oct 14, 2023
edited
Loading

This PR adds a potential fix for mmap error with invalid argument if cryptid 0 indicates the encryption is gone.

The reason of the invalid arguments comes from the offset based on the documentation:

The contents of a file mapping (as opposed to an anonymous
    mapping; see MAP_ANONYMOUS below), are initialized using length
    bytes starting at offset offset in the file (or other object)
    referred to by the file descriptor fd.  offset must be a multiple
    of the page size as returned by sysconf(_SC_PAGE_SIZE).

The offset is now aligned with the page size. Some apps may work because the offset is indeed the page size by chance. It fails for many because it can be larger than the page size, but not a multiple of it.

Additionally, the script for iOS now supports sending to the device directly if the local IP address if provided for faster debugging and testing.

I have only done some testing on iPad OS 16.7. So far, the following apps are working:

  • YouTube
  • Blue Archive (JP & CN)
  • TradingView
  • Brave Browser
  • Tiny Wings

In summary, this PR potentially addresses the following issues:

It is now working with the Rootless jailbreak by palera1n.

@HenryQuan HenryQuan mentioned this pull request Oct 14, 2023
Open
@HenryQuan
Copy link
Contributor Author

HenryQuan commented Oct 15, 2023
edited
Loading

While this works for the main exetuable, it doesn't work for frameworks. For frameworks, the permission flag should be PROT_READ without the PROT_EXEC. However, I am not sure how to detect framework vs the main executable.

One potential solution can be detecting using the ID, I can take a futher look today.

@HenryQuan
Copy link
Contributor Author

HenryQuan commented Oct 15, 2023
edited
Loading

I have added another potential fix for Operation not permitted. However, some games/apps will stuck in memcpy after mremap_encrypted was succesful. I am investigating this issue.

It is stuck at libsystem_platform.dylib`_platform_memmove + 176, ldnp x12, x13, [x1].

Maybe, something like this should be implemented instead.

@HenryQuan
Copy link
Contributor Author

The memcpy issue is now ressolved by updating the alignment of base. However, it is more like a hack because we may not really know the real alignment in the memory.

@HenryQuan HenryQuan mentioned this pull request Oct 15, 2023
Open
@paradiseduo paradiseduo merged commit 6534265 into paradiseduo:main Oct 16, 2023
@paradiseduo
Copy link
Owner

good job,thanks for your work ~~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HenryQuan @paradiseduo