now uses patchfinder64

Kernel64Patcher.c

@@ -0,0 +1,128 @@
+/*
+* Copyright 2020, @Ralph0045
+* gcc Kernel64Patcher.c -o Kernel64Patcher
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "patchfinder64.c"
+
+#define GET_OFFSET(kernel_len, x) (x - (uintptr_t) kernel_buf)
+
+int get_amfi_out_of_my_way_patch(void* kernel_buf,size_t kernel_len) {
+
+    printf("%s: Entering ...\n",__FUNCTION__);
+
+    void* xnu = memmem(kernel_buf,kernel_len,"root:xnu-",9);
+    int kernel_vers = atoi(xnu+9);
+    printf("%s: Kernel-%d inputted\n",__FUNCTION__, kernel_vers);
+
+    void* ent_loc = memmem(kernel_buf,kernel_len,"entitlements too small",22);
+    if(!ent_loc) {
+        printf("%s: Could not find entitlements too small string\n",__FUNCTION__);
+        return -1;
+    }
+    printf("%s: Found entitlements too small str loc at %p\n",__FUNCTION__,GET_OFFSET(kernel_len,ent_loc));
+    addr_t ent_ref = xref64(kernel_buf,0,kernel_len,(addr_t)GET_OFFSET(kernel_len, ent_loc));
+    if(!ent_ref) {
+        printf("%s: Could not find entitlements too small xref\n",__FUNCTION__);
+        return -1;
+    }
+    printf("%s: Found entitlements too small str ref at %p\n",__FUNCTION__,(void*)ent_ref);
+    addr_t next_bl = step64(kernel_buf, ent_ref, 100, INSN_CALL);
+    if(!next_bl) {
+        printf("%s: Could not find next bl\n",__FUNCTION__);
+        return -1;
+    }
+    next_bl = step64(kernel_buf, next_bl+4, 100, INSN_CALL);
+    if(!next_bl) {
+        printf("%s: Could not find next bl\n",__FUNCTION__);
+        return -1;
+    }
+    if(kernel_vers>3789) {
+        next_bl = step64(kernel_buf, next_bl+4, 100, INSN_CALL);
+        if(!next_bl) {
+            printf("%s: Could not find next bl\n",__FUNCTION__);
+            return -1;
+        }
+    }
+    addr_t function = follow_call64(kernel_buf, next_bl);
+    if(!function) {
+        printf("%s: Could not find function bl\n",__FUNCTION__);
+        return -1;
+    }
+    printf("%s: Patching AMFI at %p\n",__FUNCTION__,(void*)function);
+    *(uint32_t *)(kernel_buf + function) = 0x320003E0;
+    *(uint32_t *)(kernel_buf + function + 0x4) = 0xD65F03C0;
+    return 0;
+}
+
+int main(int argc, char **argv) {
+
+    printf("%s: Starting...\n", __FUNCTION__);
+
+    FILE* fp = NULL;
+
+    if(argc < 4){
+        printf("Usage: %s <kernel_in> <kernel_out> <args>\n",argv[0]);
+        printf("\t-a\t\tPatch AMFI\n");
+        return 0;
+    }
+
+    void* kernel_buf;
+    size_t kernel_len;
+
+    fp = fopen(argv[1], "rb");
+    if(!fp) {
+        printf("%s: Error opening %s!\n", __FUNCTION__, argv[1]);
+        return -1;
+    }
+
+    fseek(fp, 0, SEEK_END);
+    kernel_len = ftell(fp);
+    fseek(fp, 0, SEEK_SET);
+
+    kernel_buf = (void*)malloc(kernel_len);
+    if(!kernel_buf) {
+        printf("%s: Out of memory!\n", __FUNCTION__);
+        fclose(fp);
+        return -1;
+    }
+
+    fread(kernel_buf, 1, kernel_len, fp);
+    fclose(fp);
+
+    if(memmem(kernel_buf,kernel_len,"IM4P",4)) {
+        printf("%s: Detected IMG4/IM4P, you have to unpack and decompress it!\n",__FUNCTION__);
+        return -1;
+    }
+
+    for(int i=0;i<argc;i++) {
+        if(strcmp(argv[i], "-a") == 0) {
+            printf("Kernel: Adding AMFI_get_out_of_my_way patch...\n");
+            get_amfi_out_of_my_way_patch(kernel_buf,kernel_len);
+        }
+    }
+
+    /* Write patched kernel */
+    printf("%s: Writing out patched file to %s...\n", __FUNCTION__, argv[2]);
+
+    fp = fopen(argv[2], "wb+");
+    if(!fp) {
+        printf("%s: Unable to open %s!\n", __FUNCTION__, argv[2]);
+        free(kernel_buf);
+        return -1;
+    }
+
+    fwrite(kernel_buf, 1, kernel_len, fp);
+    fflush(fp);
+    fclose(fp);
+
+    free(kernel_buf);
+
+    printf("%s: Quitting...\n", __FUNCTION__);
+
+    return 0;
+}