kudzues/vphone-cli
1
0
Fork 0
mirror of https://github.com/Lakr233/vphone-cli.git synced 2026-04-05 04:59:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
08eb9d260f6494549220c3109eafd18da9fa75f4
vphone-cli/sources/FirmwarePatcher/Kernel/Patches/KernelPatchLaunchConstraints.swift
Lakr 08eb9d260f 🐦 iBSS iBEC LLB TXM 
update

update
2026-03-11 04:22:50 +08:00

73 lines
2.8 KiB
Swift
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// KernelPatchLaunchConstraints.swift Launch constraints patches (patches 45).
//
// Stubs _proc_check_launch_constraints with `mov w0, #0; ret` so that
// the AMFI launch-constraint gate always returns 0 (success).
//
// The kernel wrapper for _proc_check_launch_constraints does not embed the
// symbol name string directly. Instead the underlying AMFI function references
// "AMFI: Validation Category info", which is used as the anchor.
//
// Strategy (mirrors Python kernel_patch_launch_constraints.py):
// 1. Find the "AMFI: Validation Category info" string in the binary.
// 2. Find ADRP+ADD references into code.
// 3. Walk backward from each ADRP to locate the enclosing function start.
// 4. Emit `mov w0, #0` at funcStart and `ret` at funcStart+4.
//
// Python source: scripts/patchers/kernel_patch_launch_constraints.py
import Foundation
extension KernelPatcher {
// MARK: - Patches 45: _proc_check_launch_constraints
/// Patches 45: Stub _proc_check_launch_constraints with `mov w0, #0; ret`.
///
/// Returns true when both instructions are emitted, false on any failure.
@discardableResult
func patchLaunchConstraints() -> Bool {
log("\n[4-5] _proc_check_launch_constraints: stub with mov w0,#0; ret")
// Step 1: Locate the anchor string used inside the AMFI function.
guard let strOff = buffer.findString("AMFI: Validation Category info") else {
log(" [-] 'AMFI: Validation Category info' string not found")
return false
}
// Step 2: Find ADRP+ADD references from AMFI code into the string.
let amfiRange = amfiTextRange()
let refs = findStringRefs(strOff, in: amfiRange)
guard !refs.isEmpty else {
log(" [-] no code refs to 'AMFI: Validation Category info'")
return false
}
// Step 3: Walk each reference and find the enclosing function start.
for (adrpOff, _) in refs {
guard let funcStart = findFunctionStart(adrpOff) else { continue }
// Step 4: Emit the two-instruction stub at the function entry point.
let va0 = fileOffsetToVA(funcStart)
let va1 = fileOffsetToVA(funcStart + 4)
emit(
funcStart,
ARM64.movW0_0,
patchID: "launch_constraints_mov",
virtualAddress: va0,
description: "mov w0,#0 [_proc_check_launch_constraints]"
)
emit(
funcStart + 4,
ARM64.ret,
patchID: "launch_constraints_ret",
virtualAddress: va1,
description: "ret [_proc_check_launch_constraints]"
)
return true
}
log(" [-] function start not found for any ref to 'AMFI: Validation Category info'")
return false
}
}
Reference in New Issue View Git Blame Copy Permalink