search

leminlimez / Cowabunga

iOS 14.0-15.7.1 & 16.0-16.1.2 MacDirtyCow ToolBox
GNU General Public License v3.0
1.56k stars 79 forks source link

[Fix Found - Code Changes Needed] Cowabunga still detecting TrollStore even with Force DirtyCow #300

Open core-hacked opened 1 year ago

core-hacked commented 1 year ago

Hello I am on ios 16.2 beta 1 (which is supported by cowabunga/the exploit works. However it still detects trollstore even though I force DirtyCow exploit in settings.

imageimage

leminlimez commented 1 year ago

cowabunga v10.2.0?

core-hacked commented 1 year ago

cowabunga v10.2.0?

Latest version and some before it. Yes

leminlimez commented 1 year ago

it was fixed in v10.2.0

core-hacked commented 1 year ago

it was fixed in v10.2.0

I am on the latest version. It's not (at least for me) Reset all is also broken...

leminlimez commented 1 year ago

untoggle it, save, then retoggle it and save again

it is working on my ip x

core-hacked commented 1 year ago

untoggle it, save, then retoggle it and save again

it is working on my ip x

I restarted, resprung, toggled untoggled, reinstalled Cowabunga etc. i did the most common steps to diagnose/fix the problem. This is something different.

Is there a file or folder which might indicate that trollstore is installed? What does the app actually check for/how does it know?

iP 11 Pro Max -> iOS 16.2 Beta 1

core-hacked commented 1 year ago

Ok I think I have found the problem. Since the exploit works, but the device is on ios 16.2 (beta, but still recognized as 16.2), the lines of code below (if statement), contradict eachother so force MDC is never applied.

if #available(iOS 16.2, *) { 
    UIApplication.shared.alert(title: "Not Supported", body: "This version of iOS is not supported.")
} else { 
    // Force MDC is inside an else, however it doesnt work for 16.2 beta 1, as the above prevents it from executing.
    do {
        if UserDefaults.standard.bool(forKey: "ForceMDC") == true {
            throw "Force MDC"
        }
        // TrollStore method
        try FileManager.default.contentsOfDirectory(at: URL(fileURLWithPath: "/var/mobile/Library/Caches"), includingPropertiesForKeys: nil)
        StatusManager.sharedInstance().setIsMDCMode(false)
    } catch {
        // MDC method
        // grant r/w access
        if #available(iOS 15, *) {
            grant_full_disk_access() { error in
                if (error != nil) {
                    UIApplication.shared.alert(title: "Access Error", body: "Error: \(String(describing: error?.localizedDescription))\nPlease close the app and retry.")
                } else {
                    StatusManager.sharedInstance().setIsMDCMode(true)
                }
            }
        } else {
            UIApplication.shared.alert(title: "MDC Not Supported", body: "Please install via TrollStore")
        }
    }
}

This would need a rewrite/fix. Something like a new toggle in the main menu, "Allow unsupported versions", which would override this for users who are on betas.

I don't know Swift however my programming knowledge leads me to believe that the code below might be correct. (At least the gist of it.) Also the toggle needs to be added to the view etc. but yeah...

// adjust if statement for ios beta users / force unsupported versions toggle. 
if UserDefaults.standard.bool(forKey: "ForceUnsupported") == false && #available(iOS 16.2, *) {
    UIApplication.shared.alert(title: "Not Supported", body: "This version of iOS is not supported.")
} else { 
    do {
        if UserDefaults.standard.bool(forKey: "ForceMDC") == true {
            throw "Force MDC"
        }
        // TrollStore method
        try FileManager.default.contentsOfDirectory(at: URL(fileURLWithPath: "/var/mobile/Library/Caches"), includingPropertiesForKeys: nil)
        StatusManager.sharedInstance().setIsMDCMode(false)
    } catch {
        // MDC method
        // grant r/w access
        if #available(iOS 15, *) {
            grant_full_disk_access() { error in
                if (error != nil) {
                    UIApplication.shared.alert(title: "Access Error", body: "Error: \(String(describing: error?.localizedDescription))\nPlease close the app and retry.")
                } else {
                    StatusManager.sharedInstance().setIsMDCMode(true)
                }
            }
        } else {
            UIApplication.shared.alert(title: "MDC Not Supported", body: "Please install via TrollStore")
        }
    }
}
core-hacked commented 1 year ago

Or maybe instead, just allow it if ForceMDC is on, so no new toggle.

// adjust if statement if ForceMDC is true
if UserDefaults.standard.bool(forKey: "ForceMDC") == false && #available(iOS 16.2, *) {
    UIApplication.shared.alert(title: "Not Supported", body: "This version of iOS is not supported.")
} else { 
    do {
        if UserDefaults.standard.bool(forKey: "ForceMDC") == true {
            throw "Force MDC"
        }
        // TrollStore method
        try FileManager.default.contentsOfDirectory(at: URL(fileURLWithPath: "/var/mobile/Library/Caches"), includingPropertiesForKeys: nil)
        StatusManager.sharedInstance().setIsMDCMode(false)
    } catch {
        // MDC method
        // grant r/w access
        if #available(iOS 15, *) {
            grant_full_disk_access() { error in
                if (error != nil) {
                    UIApplication.shared.alert(title: "Access Error", body: "Error: \(String(describing: error?.localizedDescription))\nPlease close the app and retry.")
                } else {
                    StatusManager.sharedInstance().setIsMDCMode(true)
                }
            }
        } else {
            UIApplication.shared.alert(title: "MDC Not Supported", body: "Please install via TrollStore")
        }
    }
}
mrx-rx commented 1 year ago

Addressed in #301. Code fix implemented.