Skip to content

Commit

Permalink
Add a complete set of environment variables (#70)
Browse files Browse the repository at this point in the history
  • Loading branch information
sledgeh4w authored Apr 29, 2024
1 parent a148096 commit eaa7ef6
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 27 deletions.
24 changes: 23 additions & 1 deletion src/chomper/os/ios/const.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,26 @@
# System call numbers in iOS
# Environment variables
ENVIRON_VARS = r"""SHELL=/bin/sh
PWD=/var/root
LOGNAME=root
HOME=/var/root
LS_COLORS=rs=0:di=01
CLICOLOR=
SSH_CONNECTION=127.0.0.1 59540 127.0.0.1 22
TERM=xterm
USER=root
SHLVL=1
PS1=\h:\w \u\$
SSH_CLIENT=127.0.0.1 59540 22
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
MAIL=/var/mail/root
SSH_TTY=/dev/ttys000
_=/usr/bin/env
SBUS_INSERT_LIBRARIES=/usr/lib/substitute-inserter.dylib
__CF_USER_TEXT_ENCODING=0x0:0:0
CFN_USE_HTTP3=0
CFStringDisableROM=1"""

# System call numbers

SYS_GETPID = 0x14
SYS_GETUID = 0x18
Expand Down
45 changes: 19 additions & 26 deletions src/chomper/os/ios/os.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
import os
import uuid
from ctypes import sizeof
from typing import List

from chomper.abc import BaseOs
from chomper.types import Module
from chomper.utils import struct2bytes
from chomper.os.ios import const
from chomper.os.ios.fixup import SystemModuleFixup
from chomper.os.ios.hooks import get_hooks
from chomper.os.ios.loader import MachoLoader
Expand Down Expand Up @@ -39,18 +39,23 @@ def _init_special_flag(self):

self.emu.write_u64(0xFFFFFC104, 0x100)

def _construct_environ(self) -> int:
"""Construct a structure that contains environment variables."""
lines = const.ENVIRON_VARS.split("\n")

size = self.emu.arch.addr_size * (len(lines) + 1)
buffer = self.emu.create_buffer(size)

for index, line in enumerate(lines):
address = buffer + self.emu.arch.addr_size * index
self.emu.write_pointer(address, self.emu.create_string(line))

self.emu.write_pointer(buffer + size - self.emu.arch.addr_size, 0)

return buffer

def _init_program_vars(self):
"""Initialize program variables, works like `__program_vars_init`."""
environ_vars = {
"__CF_USER_TEXT_ENCODING": "0:0",
"CFN_USE_HTTP3": "0",
"CFStringDisableROM": "1",
"HOME": (
f"/Users/Sergey/Library/Developer/CoreSimulator/Devices/{uuid.uuid4()}"
f"/data/Containers/Data/Application/{uuid.uuid4()}"
),
}

argc = self.emu.create_buffer(8)
self.emu.write_int(argc, 0, 8)

Expand All @@ -60,20 +65,8 @@ def _init_program_vars(self):
nx_argv_pointer = self.emu.find_symbol("_NXArgv_pointer")
self.emu.write_pointer(nx_argv_pointer.address, self.emu.create_string(""))

size = self.emu.arch.addr_size * len(environ_vars) + 1
environ_buf = self.emu.create_buffer(size)

offset = 0x0

for key, value in environ_vars.items():
prop_str = self.emu.create_string(f"{key}={value}")
self.emu.write_pointer(environ_buf + offset, prop_str)
offset += self.emu.arch.addr_size

self.emu.write_pointer(environ_buf + offset, 0)

environ = self.emu.create_buffer(8)
self.emu.write_pointer(environ, environ_buf)
self.emu.write_pointer(environ, self._construct_environ())

environ_pointer = self.emu.find_symbol("_environ_pointer")
self.emu.write_pointer(environ_pointer.address, environ)
Expand Down Expand Up @@ -194,7 +187,7 @@ def search_module(self, module_name: str) -> str:

def resolve_modules(self, module_names: List[str]):
"""Load system modules if don't loaded."""
patch = SystemModuleFixup(self.emu)
fixup = SystemModuleFixup(self.emu)

for module_name in module_names:
if self.emu.find_module(module_name):
Expand All @@ -203,7 +196,7 @@ def resolve_modules(self, module_names: List[str]):
module_path = self.search_module(module_name)
module = self.emu.load_module(module_path, exec_objc_init=False)

patch.install(module)
fixup.install(module)

self.init_objc(module)

Expand Down

0 comments on commit eaa7ef6

Please sign in to comment.