在 setuid iPhone 应用程序中加载 MobileSubstrate
我的 iPod touch (Installer4) 上有一个 root 应用程序,我希望它加载 MobileSubstrate,这样我就可以开始进行调整以修复其错误。我知道根应用程序有一个中间可执行文件,可以在其上放置 6755 权限,而不会导致应用程序崩溃,在安装程序的情况下,它名为 Scythe。我尝试制作一个新的来使用 execve() 加载 MobileSubatrate 但没有成功。该应用程序不会崩溃,它仍然是 root,但 MobileSubatrate 不会加载:/(我知道这一点是因为 Activator 不起作用)。
这是我的 Scythe.c(基于 Icy 中的 Trichlorotrifluacetane.c):
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <dlfcn.h>
int main(int argc, char * argv[], char * envp[]) {
char fullpath[1024];
strncpy(fullpath, argv[0], strlen(argv[0]) - strlen("Scythe"));
strcat(fullpath, "Installer");
char* newArgv[] = { fullpath, NULL };
char* newEnvp[] = { "LD_PRELOAD=/Library/MobileSubstrate/MobileSubstrate.dylib", NULL };
return execve(fullpath, newArgv, newEnvp);
}
如您所见,我研究了如何使用 execve() 加载 dylib,并且找到了 LD_PRELOAD 和 LD_LIBRARY_PATH,但两者都不起作用。而且我没有安装程序的源代码来执行 dlopen("/Library/MobileSubstrate/MobileSubstrate.dylib", RTLD_LAZY) ,无论如何,如果我有它,我就不会问这个问题。
我希望有人能解决这个问题。
I have a root app on my iPod touch (Installer4) and I want it to load MobileSubstrate so I can start making a tweak to fix its bugs. I know that root apps have an intermediate executable to be able to put 6755 permissions on it without the app to crash, in the case of Installer, it's named Scythe. I tried to make a new one to load MobileSubatrate with execve() without success. The app dosen't crash and it's still as root but MobileSubatrate won't load :/ (I know this because Activator doesn't work).
Here is my Scythe.c (based on Trichlorotrifluoroethane.c from Icy) :
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <dlfcn.h>
int main(int argc, char * argv[], char * envp[]) {
char fullpath[1024];
strncpy(fullpath, argv[0], strlen(argv[0]) - strlen("Scythe"));
strcat(fullpath, "Installer");
char* newArgv[] = { fullpath, NULL };
char* newEnvp[] = { "LD_PRELOAD=/Library/MobileSubstrate/MobileSubstrate.dylib", NULL };
return execve(fullpath, newArgv, newEnvp);
}
As you can see, I've researched how to load a dylib with execve() and I've found LD_PRELOAD and LD_LIBRARY_PATH, but both aren't working. And I don't have the source code of Installer to do a dlopen("/Library/MobileSubstrate/MobileSubstrate.dylib", RTLD_LAZY), anyway if I had it I would not be asking this question.
I hope that someone will figure out the problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我完全反对对 Installer 或任何其他 Cydia 替代方案做任何事情。我发布此内容只是为了让人们知道在遇到类似问题时该怎么做。
尽管如此,MobileSubstrate 不会将扩展加载到根应用程序中;而是将扩展加载到根应用程序中。您必须从根应用程序内部
dlopenMobileSubstrate 扩展(就像 Cydia 从其中加载 Activator 一样)。但请注意,这样做风险很高,并且可能会破坏很多东西(就像安装程序一样),所以您通常不应该尝试绕过它。
I completely oppose doing anything regarding Installer or any other Cydia alternative. I am just posting this for people to know what to do when it comes to similar things.
Still, MobileSubstrate does not load extensions into root apps; you'd have to
dlopenthe MobileSubstrate extension from inside your root app (like Cydia loads Activator from inside it).But note that doing so is highly risky and can break a lot of things (as is having Installer, bleh), so you should usually not try to bypass this.