From f462ee68ca8cb14936493dd266edad5277433d4f Mon Sep 17 00:00:00 2001 From: James Magahern Date: Tue, 13 Nov 2018 22:39:03 -0800 Subject: [PATCH] Try to not use private entitlements --- .gitmodules | 3 + MessagesBridge.xcodeproj/project.pbxproj | 135 +++++++++++++++++- .../xcschemes/kordophoned.xcscheme | 6 + README.md | 9 ++ agentHook/agentHook.m | 19 +++ agentHook/hookAgent.sh | 19 +++ kordophone/Bridge/MBIMBridge.h | 5 + kordophone/Bridge/MBIMBridge.m | 20 +++ kordophone/Hooking/hooking.h | 12 ++ kordophone/Hooking/hooking.m | 75 ++++++++++ kordophone/kordophone.entitlements | 47 ------ kordophone/main.m | 10 ++ 12 files changed, 309 insertions(+), 51 deletions(-) create mode 100644 agentHook/agentHook.m create mode 100755 agentHook/hookAgent.sh create mode 100644 kordophone/Hooking/hooking.h create mode 100644 kordophone/Hooking/hooking.m delete mode 100644 kordophone/kordophone.entitlements diff --git a/.gitmodules b/.gitmodules index 2d85876..cd77084 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "GCDWebServer"] path = GCDWebServer url = https://github.com/swisspol/GCDWebServer.git +[submodule "logos"] + path = logos + url = git@github.com:theos/logos.git diff --git a/MessagesBridge.xcodeproj/project.pbxproj b/MessagesBridge.xcodeproj/project.pbxproj index 5012574..bddcc17 100644 --- a/MessagesBridge.xcodeproj/project.pbxproj +++ b/MessagesBridge.xcodeproj/project.pbxproj @@ -11,6 +11,8 @@ CD60205C219B623F0024D9C5 /* MBIMMessagesListOperation.m in Sources */ = {isa = PBXBuildFile; fileRef = CD60205B219B623F0024D9C5 /* MBIMMessagesListOperation.m */; }; CD60205F219B674B0024D9C5 /* MBIMConversationListOperation.m in Sources */ = {isa = PBXBuildFile; fileRef = CD60205E219B674B0024D9C5 /* MBIMConversationListOperation.m */; }; CD602062219B68950024D9C5 /* MBIMSendMessageOperation.m in Sources */ = {isa = PBXBuildFile; fileRef = CD602061219B68950024D9C5 /* MBIMSendMessageOperation.m */; }; + CD83E156219BE10A00F4CCEA /* hooking.m in Sources */ = {isa = PBXBuildFile; fileRef = CD83E155219BE10A00F4CCEA /* hooking.m */; }; + CD83E166219BE91600F4CCEA /* agentHook.m in Sources */ = {isa = PBXBuildFile; fileRef = CD83E165219BE91600F4CCEA /* agentHook.m */; }; CDF62335219A895D00690038 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = CDF62334219A895D00690038 /* main.m */; }; CDF62339219A8A5600690038 /* MBIMBridge.h in Sources */ = {isa = PBXBuildFile; fileRef = 1A0C4469219A4BC300F2AC00 /* MBIMBridge.h */; }; CDF6233A219A8A5600690038 /* MBIMBridge.m in Sources */ = {isa = PBXBuildFile; fileRef = 1A0C446A219A4BC300F2AC00 /* MBIMBridge.m */; }; @@ -21,6 +23,13 @@ /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ + CD83E16A219BE9AB00F4CCEA /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 1A0C443F219A38E100F2AC00 /* Project object */; + proxyType = 1; + remoteGlobalIDString = CD83E160219BE91500F4CCEA; + remoteInfo = agentHook; + }; CDF6231D219A869000690038 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = CDF62312219A869000690038 /* GCDWebServer.xcodeproj */; @@ -92,7 +101,6 @@ /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ - 1A0C4455219A38E200F2AC00 /* kordophone.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = kordophone.entitlements; sourceTree = ""; }; 1A0C445D219A458400F2AC00 /* SOAPlugInControllerProtocol.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOAPlugInControllerProtocol.h; sourceTree = ""; }; 1A0C445F219A45B400F2AC00 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.Internal.sdk/System/Library/Frameworks/Foundation.framework; sourceTree = DEVELOPER_DIR; }; 1A0C4461219A45B900F2AC00 /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.Internal.sdk/System/Library/Frameworks/AppKit.framework; sourceTree = DEVELOPER_DIR; }; @@ -114,6 +122,11 @@ CD60205E219B674B0024D9C5 /* MBIMConversationListOperation.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMConversationListOperation.m; sourceTree = ""; }; CD602060219B68950024D9C5 /* MBIMSendMessageOperation.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMSendMessageOperation.h; sourceTree = ""; }; CD602061219B68950024D9C5 /* MBIMSendMessageOperation.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMSendMessageOperation.m; sourceTree = ""; }; + CD83E154219BDBA200F4CCEA /* hooking.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = hooking.h; sourceTree = ""; }; + CD83E155219BE10A00F4CCEA /* hooking.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = hooking.m; sourceTree = ""; }; + CD83E161219BE91500F4CCEA /* libagentHook.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libagentHook.dylib; sourceTree = BUILT_PRODUCTS_DIR; }; + CD83E165219BE91600F4CCEA /* agentHook.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = agentHook.m; sourceTree = ""; }; + CD83E1B5219BF78E00F4CCEA /* hookAgent.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = hookAgent.sh; sourceTree = ""; }; CDF62312219A869000690038 /* GCDWebServer.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = GCDWebServer.xcodeproj; path = GCDWebServer/GCDWebServer.xcodeproj; sourceTree = ""; }; CDF62332219A895D00690038 /* kordophoned */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = kordophoned; sourceTree = BUILT_PRODUCTS_DIR; }; CDF62334219A895D00690038 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; @@ -122,6 +135,13 @@ /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ + CD83E15F219BE91500F4CCEA /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; CDF6232F219A895D00690038 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; @@ -144,6 +164,7 @@ CDF62333219A895D00690038 /* kordophone */, 1A33B439219A5ACD0034485A /* Config Files */, 1A0C445C219A457C00F2AC00 /* Pilfered Headers */, + CD83E162219BE91600F4CCEA /* agentHook */, 1A0C4448219A38E100F2AC00 /* Products */, 1A0C445E219A45B400F2AC00 /* Frameworks */, ); @@ -153,6 +174,7 @@ isa = PBXGroup; children = ( CDF62332219A895D00690038 /* kordophoned */, + CD83E161219BE91500F4CCEA /* libagentHook.dylib */, ); name = Products; sourceTree = ""; @@ -215,6 +237,24 @@ path = Operations; sourceTree = ""; }; + CD83E150219BDB4F00F4CCEA /* Hooking */ = { + isa = PBXGroup; + children = ( + CD83E154219BDBA200F4CCEA /* hooking.h */, + CD83E155219BE10A00F4CCEA /* hooking.m */, + ); + path = Hooking; + sourceTree = ""; + }; + CD83E162219BE91600F4CCEA /* agentHook */ = { + isa = PBXGroup; + children = ( + CD83E1B5219BF78E00F4CCEA /* hookAgent.sh */, + CD83E165219BE91600F4CCEA /* agentHook.m */, + ); + path = agentHook; + sourceTree = ""; + }; CDF62313219A869000690038 /* Products */ = { isa = PBXGroup; children = ( @@ -232,8 +272,8 @@ CDF62333219A895D00690038 /* kordophone */ = { isa = PBXGroup; children = ( + CD83E150219BDB4F00F4CCEA /* Hooking */, 1A0C446D219A4BCD00F2AC00 /* Bridge */, - 1A0C4455219A38E200F2AC00 /* kordophone.entitlements */, CDF62334219A895D00690038 /* main.m */, ); path = kordophone; @@ -241,7 +281,34 @@ }; /* End PBXGroup section */ +/* Begin PBXHeadersBuildPhase section */ + CD83E15D219BE91500F4CCEA /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + /* Begin PBXNativeTarget section */ + CD83E160219BE91500F4CCEA /* agentHook */ = { + isa = PBXNativeTarget; + buildConfigurationList = CD83E167219BE91600F4CCEA /* Build configuration list for PBXNativeTarget "agentHook" */; + buildPhases = ( + CD83E15D219BE91500F4CCEA /* Headers */, + CD83E15E219BE91500F4CCEA /* Sources */, + CD83E15F219BE91500F4CCEA /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = agentHook; + productName = agentHook; + productReference = CD83E161219BE91500F4CCEA /* libagentHook.dylib */; + productType = "com.apple.product-type.library.dynamic"; + }; CDF62331219A895D00690038 /* kordophoned */ = { isa = PBXNativeTarget; buildConfigurationList = CDF62336219A895D00690038 /* Build configuration list for PBXNativeTarget "kordophoned" */; @@ -253,6 +320,7 @@ buildRules = ( ); dependencies = ( + CD83E16B219BE9AB00F4CCEA /* PBXTargetDependency */, CDF6233C219A8A6600690038 /* PBXTargetDependency */, ); name = kordophoned; @@ -269,6 +337,9 @@ LastUpgradeCheck = 1100; ORGANIZATIONNAME = "James Magahern"; TargetAttributes = { + CD83E160219BE91500F4CCEA = { + CreatedOnToolsVersion = 11.0; + }; CDF62331219A895D00690038 = { CreatedOnToolsVersion = 11.0; }; @@ -294,6 +365,7 @@ projectRoot = ""; targets = ( CDF62331219A895D00690038 /* kordophoned */, + CD83E160219BE91500F4CCEA /* agentHook */, ); }; /* End PBXProject section */ @@ -351,11 +423,20 @@ /* End PBXReferenceProxy section */ /* Begin PBXSourcesBuildPhase section */ + CD83E15E219BE91500F4CCEA /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + CD83E166219BE91600F4CCEA /* agentHook.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; CDF6232E219A895D00690038 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( CDF62339219A8A5600690038 /* MBIMBridge.h in Sources */, + CD83E156219BE10A00F4CCEA /* hooking.m in Sources */, CDF6233A219A8A5600690038 /* MBIMBridge.m in Sources */, CDF62335219A895D00690038 /* main.m in Sources */, CD60205C219B623F0024D9C5 /* MBIMMessagesListOperation.m in Sources */, @@ -368,6 +449,11 @@ /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ + CD83E16B219BE9AB00F4CCEA /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = CD83E160219BE91500F4CCEA /* agentHook */; + targetProxy = CD83E16A219BE9AB00F4CCEA /* PBXContainerItemProxy */; + }; CDF6233C219A8A6600690038 /* PBXTargetDependency */ = { isa = PBXTargetDependency; name = "GCDWebServers (Mac)"; @@ -495,11 +581,44 @@ }; name = Release; }; + CD83E168219BE91600F4CCEA /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_MODULES = YES; + CODE_SIGN_STYLE = Automatic; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + EXECUTABLE_PREFIX = lib; + OTHER_LDFLAGS = ( + "-undefined", + dynamic_lookup, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Debug; + }; + CD83E169219BE91600F4CCEA /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_MODULES = YES; + CODE_SIGN_STYLE = Automatic; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + EXECUTABLE_PREFIX = lib; + OTHER_LDFLAGS = ( + "-undefined", + dynamic_lookup, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Release; + }; CDF62337219A895D00690038 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_MODULES = NO; - CODE_SIGN_ENTITLEMENTS = kordophone/kordophone.entitlements; CODE_SIGN_STYLE = Automatic; PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx.internal; @@ -514,7 +633,6 @@ isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_MODULES = NO; - CODE_SIGN_ENTITLEMENTS = kordophone/kordophone.entitlements; CODE_SIGN_STYLE = Automatic; PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx.internal; @@ -537,6 +655,15 @@ defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; + CD83E167219BE91600F4CCEA /* Build configuration list for PBXNativeTarget "agentHook" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + CD83E168219BE91600F4CCEA /* Debug */, + CD83E169219BE91600F4CCEA /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; CDF62336219A895D00690038 /* Build configuration list for PBXNativeTarget "kordophoned" */ = { isa = XCConfigurationList; buildConfigurations = ( diff --git a/MessagesBridge.xcodeproj/xcshareddata/xcschemes/kordophoned.xcscheme b/MessagesBridge.xcodeproj/xcshareddata/xcschemes/kordophoned.xcscheme index c103900..d87e6eb 100644 --- a/MessagesBridge.xcodeproj/xcshareddata/xcschemes/kordophoned.xcscheme +++ b/MessagesBridge.xcodeproj/xcshareddata/xcschemes/kordophoned.xcscheme @@ -61,6 +61,12 @@ ReferencedContainer = "container:MessagesBridge.xcodeproj"> + + + + diff --git a/README.md b/README.md index 8ea8fd8..e657bef 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,12 @@ sudo defaults write /Library/Preferences/com.apple.security.coderequirements Ent ``` Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES. + + +## Building/linking +If you get dyld errors running from the command line, use `install_name_tool` to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is). + `install_name_tool -add_rpath . ./kordophoned` + + +## Running +You need to hook imagent first to bypass entitlements check. Look at `hookAgent.sh` diff --git a/agentHook/agentHook.m b/agentHook/agentHook.m new file mode 100644 index 0000000..354fa51 --- /dev/null +++ b/agentHook/agentHook.m @@ -0,0 +1,19 @@ +#import +#import + +#include + +#define DYLD_INTERPOSE(_replacment,_replacee) \ +__attribute__((used)) static struct{ const void* replacment; const void* replacee; } _interpose_##_replacee \ +__attribute__ ((section ("__DATA,__interpose"))) = { (const void*)(unsigned long)&_replacment, (const void*)(unsigned long)&_replacee }; + + +BOOL IMDAuditTokenTaskHasEntitlement(audit_token_t *auditToken, NSString *entitlement); + +BOOL replacement__IMDAuditTokenTaskHasEntitlement(audit_token_t *auditToken, NSString *entitlement) +{ + // Bypass all entitlement checks + return YES; +} + +DYLD_INTERPOSE(replacement__IMDAuditTokenTaskHasEntitlement, IMDAuditTokenTaskHasEntitlement); diff --git a/agentHook/hookAgent.sh b/agentHook/hookAgent.sh new file mode 100755 index 0000000..5631265 --- /dev/null +++ b/agentHook/hookAgent.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# This script is necessary to circumvent the entitlements check in imagent. +# Might want to wrap this script up in a startup script or something so we make sure this +# happens every time. + +if [[ $# -lt 1 ]]; then + echo "Usage: hookAgent.sh libagentHook.dylib" + exit 0 +fi + +LIB_PATH=$(python -c "import os; print(os.path.realpath('$1'))") +echo "Library path: $LIB_PATH" + +echo "Telling imagent to launch with inserted libraries for uid $EUID" +sudo launchctl debug gui/$EUID/com.apple.imagent --environment DYLD_INSERT_LIBRARIES=$LIB_PATH +launchctl kill SIGKILL gui/501/com.apple.imagent + + diff --git a/kordophone/Bridge/MBIMBridge.h b/kordophone/Bridge/MBIMBridge.h index 679a960..ce00681 100644 --- a/kordophone/Bridge/MBIMBridge.h +++ b/kordophone/Bridge/MBIMBridge.h @@ -8,9 +8,14 @@ #import +// See note in hooking.m about why this was a bad idea +#define HOOK_IMAGENT 0 + NS_ASSUME_NONNULL_BEGIN @interface MBIMBridge : NSObject +@property (nonatomic, assign) const char *dylibPath; + + (instancetype)sharedInstance; - (instancetype)init NS_UNAVAILABLE; diff --git a/kordophone/Bridge/MBIMBridge.m b/kordophone/Bridge/MBIMBridge.m index 5559595..348143c 100644 --- a/kordophone/Bridge/MBIMBridge.m +++ b/kordophone/Bridge/MBIMBridge.m @@ -8,6 +8,7 @@ #import "MBIMBridge.h" #import "MBIMBridgeOperation.h" +#import "hooking.h" #import @@ -55,14 +56,32 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone"; return self; } +- (void)_terminate +{ + // *shrug* + exit(0); +} + #pragma mark - #pragma mark Connection - (void)connect { +#if HOOK_IMAGENT + char *errorString = nil; + BOOL hooked = HookIMAgent(self.dylibPath, &errorString); + if (!hooked) { + NSString *errorNSString = [NSString stringWithUTF8String:errorString]; + NSLog(@"Error hooking imagent: %@", errorNSString); + return; + } +#endif + if (![sDaemonController hasListenerForID: MBIMBridgeToken]) { if (![sDaemonController addListenerID:MBIMBridgeToken capabilities:(kFZListenerCapFileTransfers | kFZListenerCapManageStatus | kFZListenerCapChats | kFZListenerCapMessageHistory | kFZListenerCapIDQueries | kFZListenerCapSendMessages)]) { NSLog(@"Failed to connect to imagent"); + + [self _terminate]; } } } @@ -158,6 +177,7 @@ static NSString *const MBIMBridgeToken = @"net.buzzert.kordophone"; NSLog(@"iMessage account connected: %@", iMessageAccount); } else { NSLog(@"imagent returned no accounts (not entitled?)"); + [self _terminate]; } } diff --git a/kordophone/Hooking/hooking.h b/kordophone/Hooking/hooking.h new file mode 100644 index 0000000..933fa89 --- /dev/null +++ b/kordophone/Hooking/hooking.h @@ -0,0 +1,12 @@ +// +// hooking.h +// MessagesBridge +// +// Created by James Magahern on 11/13/18. +// Copyright © 2018 James Magahern. All rights reserved. +// + +#import + +// Returns success and a populated errorString on error. +BOOL HookIMAgent(const char *hookDylibPath, char **errorString); diff --git a/kordophone/Hooking/hooking.m b/kordophone/Hooking/hooking.m new file mode 100644 index 0000000..3b98af6 --- /dev/null +++ b/kordophone/Hooking/hooking.m @@ -0,0 +1,75 @@ +// +// hooking.c +// kordophoned +// +// Created by James Magahern on 11/13/18. +// Copyright © 2018 James Magahern. All rights reserved. +// + +#include "hooking.h" +#include +#include +#include + +BOOL HookIMAgent(const char *relativeDylibPath, char **errorString) +{ + NSLog(@"Hooking imagent"); + + const char *hookDylibPath = realpath(relativeDylibPath, NULL); + + // See if file is there. + int succ = access(hookDylibPath, R_OK); + if (succ != 0) { + *errorString = "Unable to access hook dylib. Does file exist?"; + return NO; + } + + // Make sure we can load the dylib (filters out codesigning issues) + void *handle = dlopen(hookDylibPath, RTLD_NOW); + if (!handle) { + *errorString = dlerror(); + return NO; + } + + /********* + *********** + PROBABLY DON'T DO THIS + + If other processes start and load agentHook, then they will crash because dyld tries to + interpose a function that doesn't exist. + + A better way (maybe put this in a script or something): + ( But launchctl debug needs to run as root :( ) + + $ launchctl debug gui/501/com.apple.imagent --environment DYLD_INSERT_LIBRARIES=(path to libagentHook.dylib) + + $ launchctl kill SIGKILL gui/501/com.apple.imagent + + // then let it restart... + + **/ + + // Set launchd DYLD_INSERT_LIBRARIES environment variable + const char *systemCommandFormatString = "/bin/launchctl setenv DYLD_INSERT_LIBRARIES %s"; + size_t bufferSize = strlen(systemCommandFormatString) + strlen(hookDylibPath) + 2; + char *systemCommand = (char *)malloc(sizeof(char) * bufferSize); + + sprintf(systemCommand, "/bin/launchctl setenv DYLD_INSERT_LIBRARIES %s", hookDylibPath); + int setEnvSucc = system(systemCommand); + if (setEnvSucc != 0) { + *errorString = "Unable to set launchd environment variable."; + return NO; + } + + NSLog(@"Successfully setup environment variables"); + + // Kill imagent so the new one has the loaded bundle + NSLog(@"Killing imagent..."); + int killAgentSuccess = system("killall imagent"); + + dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.5 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ + system("/bin/launchctl unsetenv DYLD_INSERT_LIBRARIES"); + }); + + return (killAgentSuccess == 0); +} diff --git a/kordophone/kordophone.entitlements b/kordophone/kordophone.entitlements deleted file mode 100644 index d61bb27..0000000 --- a/kordophone/kordophone.entitlements +++ /dev/null @@ -1,47 +0,0 @@ - - - - - com.apple.private.corespotlight.search.internal - - com.apple.private.corespotlight.internal - - com.apple.CommCenter.fine-grained - - spi - - com.apple.accounts.inactive.fullaccess - - com.apple.imagent - - com.apple.private.accounts.allaccounts - - com.apple.private.aps-connection-initiate - - com.apple.ess - com.apple.madrid - - com.apple.private.communicationsfilter - - com.apple.private.ids.idquery-cache - - com.apple.private.ids.remoteurlconnection - - com.apple.private.imcore.imdpersistence.database-access - - com.apple.private.tcc.allow - - kTCCServiceAddressBook - - keychain-access-groups - - appleaccount - InternetAccounts - IMCore - ichat - apple - - com.apple.logd.admin - - - diff --git a/kordophone/main.m b/kordophone/main.m index fde00de..8e90311 100644 --- a/kordophone/main.m +++ b/kordophone/main.m @@ -13,6 +13,16 @@ int main(int argc, const char * argv[]) { @autoreleasepool { MBIMBridge *bridge = [MBIMBridge sharedInstance]; + +#if HOOK_IMAGENT + if (argc < 2) { + fprintf(stderr, "Usage: kordophoned agentHook.dylib\n"); + return 1; + } + + bridge.dylibPath = argv[1]; +#endif + [bridge connect]; BOOL running = YES;