electra
electra copied to clipboard
Published
20 hours ago •
coolstar
coolstar
app gain root privilege failed
- iOS version:11.2.2
- iDevice model:iPhone 7
- electra version:1.0.2
Hello, I have some problems about running my app with root privileges. It doesn't work like this,
- include that in
main.mand build
#define FLAG_PLATFORMIZE (1 << 1)
void platformize_me() {
void* handle = dlopen("/usr/lib/libjailbreak.dylib", RTLD_LAZY);
if (!handle) return;
// Reset errors
dlerror();
typedef void (*fix_entitle_prt_t)(pid_t pid, uint32_t what);
fix_entitle_prt_t ptr = (fix_entitle_prt_t)dlsym(handle, "jb_oneshot_entitle_now");
const char *dlsym_error = dlerror();
if (dlsym_error) return;
ptr(getpid(), FLAG_PLATFORMIZE);
}
void patch_setuid() {
void* handle = dlopen("/usr/lib/libjailbreak.dylib", RTLD_LAZY);
if (!handle)
return;
// Reset errors
dlerror();
typedef void (*fix_setuid_prt_t)(pid_t pid);
fix_setuid_prt_t ptr = (fix_setuid_prt_t)dlsym(handle, "jb_oneshot_fix_setuid_now");
const char *dlsym_error = dlerror();
if (dlsym_error) return;
ptr(getpid());
}
int main(int argc, char * argv[]) {
@autoreleasepool {
platformize_me();
patch_setuid();
if (!(setuid(0) == 0 && setgid(0) == 0)) exit(EXIT_FAILURE);
return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class]));
}
}
- use "ldid -Sent.plist MyApp" to sign the executable. ent.plist like this:
<dict>
<key>platform-application</key>
<true/>
<key>com.apple.private.skip-library-validation</key>
<true/>
</dict>
- install the app to
/Applicationson iOS and runchmod 6755 MyApp.
However, when I run the app, it will crash at ptr(getpid(), FLAG_PLATFORMIZE)
@coolstar It works by change entitlements like this:
<dict>
<key>platform-application</key>
<true/>
<key>com.apple.private.skip-library-validation</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
</dict>