Open thatmarcel opened 7 months ago
I'm fully willing to help with testing of solutions on my serotonin device and also fully willing to provide further logs from my serotonin device. I Understand developing this without actually physically having the device is unrealistic though.
I think porting the tweak to TrollStore / RootHide / Serotonin should be possible by utilizing the same method the mac-registration-provider uses, without hooking the running identityservicesd
process at all. That said, I don't know whether I'll have the time and motivation to do that any time soon.
Unfortunately the process mac-registration-provider uses cannot be replicated on iOS. The reason for this is twofold:
dlopen()
application binaries without patching themidentityservicesd
does NOT run the NAC algorithm in-process, instead it makes XPC calls to absd
and fairplayd
.However, it is probably possible to come up with something that would work. Since this is TrollStore, you can sign any binary with arbitrary entitlements, right? So you could in theory either create a patched version of identityservicesd
on the fly and give yourself the necessary XPC entitlements, or you could distribute a patched and signed version of identityservicesd
inside the IPA.
What prevents one from dlopen()
ing binaries on iOS? Like, what would you need to patch? And would it not be possible to just mmap
the binary data into memory, mark the memory as rx and execute it? (I know on normal iOS you can't mark pages as rx, but I don't know if jailbreaks can)
iOS dyld is more strict about what binary types it will dlopen()
, the Mach-O header has to be patched to say it is a dylib and the a few other changes like removing the null page.
EDIT: Found the repo: https://github.com/jevinskie/dylibify
This should be doable now with the release of dopamine ( https://ellekit.space/dopamine/ ), as dopamine is a full jailbreak, yes?
According to this comment from @tmcelroy2202, the tweak does not work correctly on setups running Serotonin / RootHide Bootstrap.
A part of this is
launchctl
not working but there also seem to be problems with tweak injection intoidentityservicesd
(I'm not sure whether that is supported at all).Additionally, the app is crashing on launch.
I don't currently have a device running Serotonin / RootHide Bootstrap.