Lib kernel r/w

Related tags

Video libkrw
Overview

libkrw

An attempt at standardising an iOS kernel r/w API.

Background

Under Mach/Darwin/XNU, task ports are an API that, among other things, let you read and write memory of other processes. The idea is that every process has such a task port, even the kernel - referred to as tfp0 (from the task_for_pid(0) call that would historically yield that port).
On macOS this port always been available to root processes in some form, whereas on iOS you were never able to obtain it. But since iOS jailbreaks needed to gain kernel r/w anyway, most of them would use that to defeat this restriction and set up a well-known interface by which root processes could once more obtain tfp0.

Starting with iOS 10.3, Apple began combatting this from a different angle: rather than prevent the lookup or creation of a task port pointing at the kernel's process struct, they would make the interface detect these capabilities and refuse to operate on them. For a long time, bypassing those checks were as simple as swapping out some pointers or creating a second virtual mapping for the same physical memory, but with iOS 14 it seems Apple's had enough: they are now going so far as to panic the kernel if they detect use of a task port whose task->map->pmap == kernel_pmap. This is non-trivial to bypass on A12 and later due to PPL.

On checkra1n we of course patched this back into place as if nothing was amiss, but other jailbreaks don't have this luxury.
Given that any bypass is likely to get patched once it's used publicly, I think the time has come to abstract away the internal workings or kernel r/w and export a new API.

The role of libkrw

Libkrw serves two purposes:

  • Defining a common API (via header file and .tbd linkable)
  • Providing a default drop-in implementation around tfp0

This means that:

  • On any existing jailbreak that supports tfp0, you should be able to install this library and things should just work.
  • On any jailbreak going forward, the jailbreak author(s) would ship their own version of libkrw with a custom implementation, should they choose to conform to this API.

Structure

See include/libkrw.h for function declarations and API specification.

For building against libkrw:
  1. Copy include/libkrw.h and libkrw.tbd to your project.
  2. Compile with -I. -L. -lkrw.
  3. Don't forget the task_for_pid-allow entitlement.
  4. If you're building a deb file, add this to your control:
    Depends: libkrw (>= 1.0.0)
    
For writing your own implementation of libkrw:

Starting with version 1.1.0, libkrw supports a plugin interface so you no longer need to create a package to replace it.

  1. See include/libkrw_plugin.h for documentation.
  2. Implement and export either a function called krw_initializer or kcall_initializer that takes a krw_handlers_t argument.
  3. Install all handlers that you support.
  4. Compile with -Wl,-bundle.
  5. Name it /usr/lib/libkrw/[name].dylib.
  6. Add this to the control of your deb file:
    Depends: libkrw
    
For using the default implementation:

The default implementation resides in src/libkrw_tfp0.c.
It is automatically selected as a fallback when no plugins are present.
If you want to build it yourself, you can do so with:

make all    # builds the dylib and tbd
make deb    # builds the deb packages

The binary release is available from apt.bingner.com.
But you're free to rebuild and host this library wherever you please.

License

MIT.

You might also like...
Lite.AI 🚀🚀🌟  is a user friendly C++ lib of 60+ awesome AI models. YOLOX🔥, YoloV5🔥, YoloV4🔥, DeepLabV3🔥, ArcFace🔥, CosFace🔥, RetinaFace🔥, SSD🔥, etc.
Lite.AI 🚀🚀🌟 is a user friendly C++ lib of 60+ awesome AI models. YOLOX🔥, YoloV5🔥, YoloV4🔥, DeepLabV3🔥, ArcFace🔥, CosFace🔥, RetinaFace🔥, SSD🔥, etc.

Lite.AI 🚀 🚀 🌟 Introduction. Lite.AI 🚀 🚀 🌟 is a simple and user-friendly C++ library of awesome 🔥 🔥 🔥 AI models. It's a collection of personal

Small and dirty header-only library that supports user input with some more advanced features than in the standard lib.

dirty-term Small and dirty header-only library that supports user input with some more advanced features than in the standard lib. This small, lightwe

A headers only high performance C++ middleware framework/lib. See README for details.

# README # hmbdc is an open source headers only C++ framework and library built on top of various real-world tested lockfree algorithms that facilit

a cpp lib for csv reading and writing

CSV Reader and Writer Author : csl E-Mail : [email protected] OverView Comma separated values (CSV, sometimes called character separated values, becau

个人专用 ONEPLUS 5 内核,做了一些基础的反调试修改(从 maps 隐藏特定 lib,最完整最正常的 tracerPid 修改措施)

Linux kernel release 4.x http://kernel.org/ These are the release notes for Linux version 4. Read them carefully, as they tell you what this is al

A lib for parsing lyrics. Support: C++ and others.

A lib for parsing lyrics. Support: C++ and others.

Tiny ANSI C lib for logs

logger.c An ANSI C (C86) lib for logs Easy to use and easy. Build You can build this lib or copy/paste sources files in your project. cd build make

http_parser lib in C for training in my C adventure

HTTP Parser Using #include stdio.h #include "include/http_parser.h" int main(int argc, char **argv) { char response[] = "Content-Type:test\r\nO

Android Dumper Lib From The Memory

LibDumper This Project Is Using For Make You Easy Dump Lib From The Memory Changelog 3.5 : fixing corrupt file after fixing elf format result dump [st

lib release of paper [TopoTag: A Robust and Scalable Topological Fiducial Marker System]
lib release of paper [TopoTag: A Robust and Scalable Topological Fiducial Marker System]

Library release of paper TopoTag: A Robust and Scalable Topological Fiducial Marker System. Project page: https://herohuyongtao.github.io/research/pub

ZSV/lib: a fast CSV parsing library and standalone utility
ZSV/lib: a fast CSV parsing library and standalone utility

Please note: this code is still alpha / pre-production. Everything here should be considered preliminary. If you like ZSVlib, please give it a star! Z

copc-lib provides an easy-to-use interface for reading and creating Cloud Optimized Point Clouds

copc-lib copc-lib is a library which provides an easy-to-use reader and writer interface for COPC point clouds. This project provides a complete inter

APRS-Decoder-Lib

APRS-Decoder-Lib This repository will provide a library to decode and encode APRS messages. Currently the master branch is under heavy development and

APRS-IS-Lib

APRS-IS-Lib This Arduino library will provide an simple interface to the APRS-Tier2 server for ESP32 boards. You can use the library for an APRS-iGate

Yangwebrtc - Webrtc Libary for PC, non-google lib
Yangwebrtc - Webrtc Libary for PC, non-google lib

MetaRTC(yangwebrtc) Overview MetaRTC(yangwebrtc)是一个自主研发的支持Webrtc/Srt/Rtmp的rtc架构,包含多种视音频编解码和处理等。 yangwebrtc为PC版本 metaRTC为嵌入式版本 https://github.com/metar

GnuPlotScripting - A simple C++17 lib that helps you to quickly plot your data with GnuPlot
GnuPlotScripting - A simple C++17 lib that helps you to quickly plot your data with GnuPlot

Easy Creation of GnuPlot Scripts from C++ Table of contents What is it? News Contributors Installation Examples Plot and fit data Ascii matrix data (N

Lib 2d - A c++ library for paths defined by points within the 2d space

#lib_2d A c++ library for anything related to points within the 2d space (using floating point data types) using Catch as testing framework https://gi

Single header lib for JPEG encoding. Public domain. C99. stb style.

tiny_jpeg.h A header-only public domain implementation of Baseline JPEG compression. Features: stb-style header only library. Does not do dynamic allo

WFA2-lib: Wavefront alignment algorithm library v2
WFA2-lib: Wavefront alignment algorithm library v2

WFA2-lib 1. INTRODUCTION 1.1 What is WFA? The wavefront alignment (WFA) algorithm is an exact gap-affine algorithm that takes advantage of homologous

Owner
Siguza
Siguza
Lib kernel r/w

libkrw An attempt at standardising an iOS kernel r/w API. Background Under Mach/Darwin/XNU, task ports are an API that, among other things, let you re

Siguza 161 Aug 30, 2022
The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system

alsa-lib only for termux android Advanced Linux Sound Architecture (ALSA) project The alsa-lib is a library to interface with ALSA in the Linux kernel

null 3 Aug 24, 2022
QtVerbalExpressions - This Qt lib is based off of the C++ VerbalExpressions library. [MIT]

QtVerbalExpressions Qt Regular Expressions made easy This Qt lib is based off of the C++ VerbalExpressions library by whackashoe. Testing if we have a

null 56 Sep 7, 2022
A fast phone number lib for Ruby (binds to Google's C++ libphonenumber)

MiniPhone A Ruby gem which plugs directly into Google's native C++ libphonenumber for extremely fast and robust phone number parsing, validation, and

Ian Ker-Seymer 146 Aug 8, 2022
Single header lib for JPEG encoding. Public domain. C99. stb style.

tiny_jpeg.h A header-only public domain implementation of Baseline JPEG compression. Features: stb-style header only library. Does not do dynamic allo

Sergio Gonzalez 200 Aug 24, 2022
JSON lib for Lua

LuaJsonLib JSON 解析库 API 总览 名称 功能 value = Load(str) 将已编码的 JSON 对象解码为 Lua 对象 value = LoadFromFile(path) 将指定路径文件中已编码的 JSON 对象解码为 Lua 对象 str = Dump(value

Voidmatrix 11 Mar 26, 2021
C++ lib and CLI for playing media files on a Chromecast

castr - a CLI and C++ library to cast media files to Chromecast devices using the built in Default Media Receiver

null 32 Aug 29, 2022
This is another way to bypass the restriction of calling dl functions for system lib.

简介 在Android7.0以及以上的版本中,dlfcn.h头文件中dlopen, dlsym函数已经无法在系统库上使用。 比较常见的规避方法是,先通过maps文件找到so文件对应起始地址,然后通过解析elf 文件,得到函数的偏移量,起始地址加上偏移量就算出函数的真实地址。 具体实现方式是:Noug

Wind 51 Jun 23, 2022
FFVideo - an example FFmpeg lib, and wxWidgets Player with video filters and face detection

An example FFmpeg lib, and wxWidgets Player application with video filters and face detection, it is a no-audio video player intended for video experiments and developers learning how to code media applications.

Blake Senftner 20 Mar 26, 2022
Lite.AI 🚀🚀🌟 is a user-friendly C++ lib for awesome🔥🔥🔥 AI models based on onnxruntime, ncnn or mnn. YOLOX, YoloV5, YoloV4, DeepLabV3, ArcFace, CosFace, Colorization, SSD

Lite.AI ?????? is a user-friendly C++ lib for awesome?????? AI models based on onnxruntime, ncnn or mnn. YOLOX??, YoloV5??, YoloV4??, DeepLabV3??, ArcFace??, CosFace??, Colorization??, SSD??, etc.

Def++ 2.1k Sep 20, 2022