Closed HenryQuan closed 9 months ago
While this works for the main exetuable, it doesn't work for frameworks. For frameworks, the permission flag should be PROT_READ without the PROT_EXEC. However, I am not sure how to detect framework vs the main executable.
One potential solution can be detecting using the ID, I can take a futher look today.
I have added another potential fix for Operation not permitted. However, some games/apps will stuck in memcpy after mremap_encrypted was succesful. I am investigating this issue.
It is stuck at libsystem_platform.dylib`_platform_memmove + 176, ldnp x12, x13, [x1].
Maybe, something like this should be implemented instead.
The memcpy issue is now ressolved by updating the alignment of base. However, it is more like a hack because we may not really know the real alignment in the memory.
good job,thanks for your work ~~
This PR adds a potential fix for mmap error with invalid argument if
cryptid 0
indicates the encryption is gone.The reason of the invalid arguments comes from the offset based on the documentation:
The offset is now aligned with the page size. Some apps may work because the offset is indeed the page size by chance. It fails for many because it can be larger than the page size, but not a multiple of it.
Additionally, the script for iOS now supports sending to the device directly if the local IP address if provided for faster debugging and testing.
I have only done some testing on iPad OS 16.7. So far, the following apps are working:
In summary, this PR potentially addresses the following issues:
It is now working with the Rootless jailbreak by palera1n.