tealbathingsuit · roothide · Nov 23, 2023 · Nov 23, 2023 · Nov 23, 2023 · Nov 23, 2023
diff --git a/Makefile b/Makefile
@@ -60,7 +60,12 @@ deb-ios-rootful: INSTALL_PREFIX =
 deb-ios-rootless: ARCHITECTURE = iphoneos-arm64
 deb-ios-rootless: INSTALL_PREFIX = /var/jb
 
-deb-ios-rootful deb-ios-rootless: build-ios
+deb-ios-roothide: clean #build roothide last, clean module cache
+deb-ios-roothide: COMMON_OPTIONS += "GCC_PREPROCESSOR_DEFINITIONS='ROOTHIDE=1"
+deb-ios-roothide: ARCHITECTURE = iphoneos-arm64e
+deb-ios-roothide: INSTALL_PREFIX = 
+
+deb-ios-rootful deb-ios-rootless deb-ios-roothide: build-ios
 	@rm -rf work-$(ARCHITECTURE)
 	@mkdir -p $(STAGE_DIR)
 
@@ -108,7 +113,7 @@ deb-ios-rootful deb-ios-rootless: build-ios
 
 	@rm -rf work-$(ARCHITECTURE)
 
-deb-ios: deb-ios-rootful deb-ios-rootless
+deb-ios: deb-ios-rootful deb-ios-rootless deb-ios-roothide
 
 deb-macos: ARCHITECTURE = macos
 deb-macos: build-macos

diff --git a/ellekit.xcodeproj/project.pbxproj b/ellekit.xcodeproj/project.pbxproj
@@ -1225,7 +1225,9 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
+				HEADER_SEARCH_PATHS = "$(PROJECT_DIR)";
 				IPHONEOS_DEPLOYMENT_TARGET = 11.0;
+				LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/roothide";
 				MACOSX_DEPLOYMENT_TARGET = 10.13;
 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
 				MTL_FAST_MATH = YES;
@@ -1280,7 +1282,9 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
+				HEADER_SEARCH_PATHS = "$(PROJECT_DIR)";
 				IPHONEOS_DEPLOYMENT_TARGET = 11.0;
+				LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/roothide";
 				MACOSX_DEPLOYMENT_TARGET = 10.13;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				MTL_FAST_MATH = YES;

diff --git a/ellekit/Languages/C/Hook.swift b/ellekit/Languages/C/Hook.swift
@@ -57,7 +57,7 @@ public func hook(_ stockTarget: UnsafeMutableRawPointer, _ stockReplacement: Uns
 
     print("[*] ellekit: Size of target:", targetSize as Any)
 
-    let branchOffset = (Int(UInt(bitPattern: replacement)) - Int(UInt(bitPattern: target))) / 4
+    let branchOffset = (Int(UInt(bitPattern: replacement)) - Int(UInt(bitPattern: target)))
 
     hooks[target] = replacement
 
@@ -114,7 +114,7 @@ public func hook(_ stockTarget: UnsafeMutableRawPointer, _ stockReplacement: Uns
         print("[*] ellekit: Small branch")
         @InstructionBuilder
         var codeBuilder: [UInt8] {
-            b(branchOffset)
+            b(branchOffset / 4)
         }
         code = codeBuilder
 
@@ -170,7 +170,7 @@ public func hook(_ originalTarget: UnsafeMutableRawPointer, _ originalReplacemen
     let targetSize = findFunctionSize(target) ?? 6
     print("[*] ellekit: Size of target:", targetSize as Any)
 
-    let branchOffset = (Int(UInt(bitPattern: replacement)) - Int(UInt(bitPattern: target))) / 4
+    let branchOffset = (Int(UInt(bitPattern: replacement)) - Int(UInt(bitPattern: target)))
 
     var code = [UInt8]()
 
@@ -202,7 +202,7 @@ public func hook(_ originalTarget: UnsafeMutableRawPointer, _ originalReplacemen
         print("[*] ellekit: Small branch")
         @InstructionBuilder
         var codeBuilder: [UInt8] {
-            b(branchOffset)
+            b(branchOffset / 4)
         }
         code = codeBuilder
     }
@@ -232,6 +232,11 @@ func rawHook(address: UnsafeMutableRawPointer, code: UnsafePointer<UInt8>?, size
     if enforceThreadSafety {
         stopAllThreads()
     }
+    defer {
+        if enforceThreadSafety {
+            resumeAllThreads()
+        }
+    }
 
     let goodSize = Int(size)
     let machAddr = mach_vm_address_t(UInt(bitPattern: address))
@@ -264,9 +269,6 @@ func rawHook(address: UnsafeMutableRawPointer, code: UnsafePointer<UInt8>?, size
     guard err2 == KERN_SUCCESS else {
         return Int(err2)
     }
-    if enforceThreadSafety {
-        resumeAllThreads()
-    }
 
     return 0
 }
diff --git a/ellekitc/include/ellekit.h b/ellekitc/include/ellekit.h
@@ -14,6 +14,12 @@
 
 #import "xpc.h"
 
+#ifdef ROOTHIDE
+#include <roothide/roothide.h>
+#else
+#include <roothide/stub.h>
+#endif
+
 struct sCSRange {
    unsigned long long location;
    unsigned long long length;

diff --git a/injector/injector.c b/injector/injector.c
@@ -11,9 +11,16 @@
 #include <os/log.h>
 #include <mach-o/dyld.h>
 
+#ifdef ROOTHIDE
+#include <roothide/roothide.h>
+#else
+#include <roothide/stub.h>
+#endif
+
 extern void NSLog(CFStringRef, ...);
 
 static bool rootless = false;
+static bool roothide = false;
 
 static int filter_dylib(const struct dirent *entry) {
     char* dot = strrchr(entry->d_name, '.');
@@ -30,10 +37,13 @@ static int isApp(const char* path) {
 #else
 #define TWEAKS_DIRECTORY_ROOTFUL "/usr/lib/TweakInject/"
 #define TWEAKS_DIRECTORY_ROOTLESS "/var/jb/usr/lib/TweakInject/"
+#define TWEAKS_DIRECTORY_ROOTHIDE jbroot("/usr/lib/TweakInject/")
 #define MOBILESAFETY_PATH_ROOTFUL "/usr/lib/ellekit/MobileSafety.dylib"
 #define MOBILESAFETY_PATH_ROOTLESS "/var/jb/usr/lib/ellekit/MobileSafety.dylib"
+#define MOBILESAFETY_PATH_ROOTHIDE jbroot("/usr/lib/ellekit/MobileSafety.dylib")
 #define OLDABI_PATH_ROOTFUL "/usr/lib/ellekit/OldABI.dylib"
 #define OLDABI_PATH_ROOTLESS "/var/jb/usr/lib/ellekit/OldABI.dylib"
+#define OLDABI_PATH_ROOTHIDE jbroot("/usr/lib/ellekit/OldABI.dylib")
 #endif
 
 char* append_str(const char* str, const char* append_str) {
@@ -252,6 +262,8 @@ static void tweaks_iterate(void) {
 
     if (rootless) {
         n = scandir(TWEAKS_DIRECTORY_ROOTLESS, &files, filter_dylib, alphasort2);
+    } else if (roothide) {
+        n = scandir(TWEAKS_DIRECTORY_ROOTHIDE, &files, filter_dylib, alphasort2);
     } else {
         n = scandir(TWEAKS_DIRECTORY_ROOTFUL, &files, filter_dylib, alphasort2);
     }
@@ -266,6 +278,8 @@ static void tweaks_iterate(void) {
             char* full_path;
             if (rootless) {
                 full_path = append_str(TWEAKS_DIRECTORY_ROOTLESS, files[n]->d_name);
+            } else if (roothide) {
+                full_path = append_str(TWEAKS_DIRECTORY_ROOTHIDE, files[n]->d_name);
             } else {
                 full_path = append_str(TWEAKS_DIRECTORY_ROOTFUL, files[n]->d_name);
             }
@@ -293,6 +307,10 @@ static void tweaks_iterate(void) {
                         if (!access(OLDABI_PATH_ROOTLESS, F_OK)) {
                             dlopen(OLDABI_PATH_ROOTLESS, RTLD_LAZY);
                         }
+                    } else if (roothide) {
+                        if (!access(OLDABI_PATH_ROOTHIDE, F_OK)) {
+                            dlopen(OLDABI_PATH_ROOTHIDE, RTLD_LAZY);
+                        }
                     } else {
                         if (!access(OLDABI_PATH_ROOTFUL, F_OK)) {
                             dlopen(OLDABI_PATH_ROOTFUL, RTLD_LAZY);
@@ -332,19 +350,23 @@ static void injection_init(void) {
 
     if (!access("/var/jb/usr/lib/ellekit/libinjector.dylib", F_OK)) {
         rootless = true;
+    } else if (!access(jbroot("/usr/lib/ellekit/libinjector.dylib"), F_OK)) {
+        roothide = true;
     }
 
     if (CFBundleGetMainBundle() && CFBundleGetIdentifier(CFBundleGetMainBundle())) {
         if (CFEqual(CFBundleGetIdentifier(CFBundleGetMainBundle()), CFSTR("com.apple.springboard"))) {
             if (rootless) {
                 dlopen(MOBILESAFETY_PATH_ROOTLESS, RTLD_NOW);
+            } else if (roothide) {
+                dlopen(MOBILESAFETY_PATH_ROOTHIDE, RTLD_NOW);
             } else {
                 dlopen(MOBILESAFETY_PATH_ROOTFUL, RTLD_NOW);
             }
         }
     }
 
-    if (!access("/var/mobile/.eksafemode", F_OK)) {
+    if (!access(jbroot("/var/mobile/.eksafemode"), F_OK)) {
         return;
     }
 #endif

diff --git a/packaging/postinst b/packaging/postinst
@@ -14,7 +14,7 @@ function finish() {
     echo "finish:${f}" >&${cydia[0]}
 }
 
-if [ ! -f /var/jb/.installed_dopamine ] && [ ! -f /var/jb/.installed_fugu15max ] && [ ! -f /.installed_taurine ] && [ ! -f /.installed_odyssey ]; then
+if [ ! -f @INSTALL_PREFIX@/.installed_dopamine ] && [ ! -f @INSTALL_PREFIX@/.installed_fugu15max ] && [ ! -f /.installed_taurine ] && [ ! -f /.installed_odyssey ]; then
     # run loader on non-Dopamine jailbreaks
     @INSTALL_PREFIX@/usr/libexec/ellekit/loader
 fi

diff --git a/roothide/libroothide.tbd b/roothide/libroothide.tbd
@@ -0,0 +1,19 @@
+--- !tapi-tbd
+tbd-version:     4
+targets:         [ arm64-ios, arm64e-ios ]
+uuids:
+  - target:          arm64-ios
+    value:           F3D9D859-0E30-37E9-9DE5-2EA9B478A187
+  - target:          arm64e-ios
+    value:           F7D1DA7D-02AA-3442-A68C-7F7B4EA02D22
+flags:           [ not_app_extension_safe ]
+install-name:    '@loader_path/.jbroot/usr/lib/libroothide.dylib'
+current-version: 0
+compatibility-version: 0
+exports:
+  - targets:         [ arm64-ios, arm64e-ios ]
+    symbols:         [ __Z6jbrootNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE, 
+                       __Z6jbrootP8NSString, __Z6rootfsNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE, 
+                       __Z6rootfsP8NSString, _jbrand, _jbroot, _jbroot_alloc, _jbrootat_alloc, 
+                       _rootfs, _rootfs_alloc ]
+...
diff --git a/roothide/module.modulemap b/roothide/module.modulemap
@@ -0,0 +1,7 @@
+module roothide {
+  header "roothide.h"
+
+  link "roothide"
+
+  export *
+}
diff --git a/roothide/roothide.h b/roothide/roothide.h
@@ -0,0 +1,52 @@
+#ifndef ROOTHIDE_H
+#define ROOTHIDE_H
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wnullability-completeness"
+
+#include <string.h>
+
+#ifdef __cplusplus
+#include <string>
+#endif
+
+#ifdef __OBJC__
+#import <Foundation/NSString.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const char* rootfs_alloc(const char* path);  /* free after use */
+const char* jbroot_alloc(const char* path); /* free after use */
+const char* jbrootat_alloc(int fd, const char* path); /* free after use */
+
+//
+
+/* get the system-wide random value of current jailbreak state */
+unsigned long long jbrand();
+
+/* convert jbroot-based path to rootfs-based path (auto cache) */
+const char* jbroot(const char* path);
+
+/* convert rootfs-based path to jbroot-based path (auto cache) */
+const char* rootfs(const char* path);
+
+#ifdef __OBJC__
+NSString* _Nonnull __attribute__((overloadable)) jbroot(NSString* _Nonnull path);
+NSString* _Nonnull __attribute__((overloadable)) rootfs(NSString* _Nonnull path);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+std::string jbroot(std::string path);
+std::string rootfs(std::string path);
+#endif
+
+#pragma GCC diagnostic pop
+
+#endif /* ROOTHIDE_H */
diff --git a/roothide/stub.h b/roothide/stub.h
@@ -0,0 +1,50 @@
+#ifndef ROOTHIDE_H
+#define ROOTHIDE_H
+
+#pragma message("roothide disabled, using stub functions...")
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
+#pragma GCC diagnostic ignored "-Wnullability-completeness"
+
+#include <string.h>
+
+#ifdef __cplusplus
+#include <string>
+#endif
+
+#ifdef __OBJC__
+#import <Foundation/NSString.h>
+#endif
+
+//stub functions
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static const char* rootfs_alloc(const char* path) { return path ? strdup(path) : path; }
+static const char* jbroot_alloc(const char* path) { return path ? strdup(path) : path; }
+static const char* jbrootat_alloc(int fd, const char* path) { return path ? strdup(path) : path; }
+
+static unsigned long long jbrand() { return 0; }
+static const char* jbroot(const char* path) { return path; }
+static const char* rootfs(const char* path) { return path; }
+
+#ifdef __OBJC__
+static NSString* _Nonnull __attribute__((overloadable)) jbroot(NSString* _Nonnull path) { return path; }
+static NSString* _Nonnull __attribute__((overloadable)) rootfs(NSString* _Nonnull path) { return path; }
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+static std::string jbroot(std::string path) { return path; }
+static std::string rootfs(std::string path) { return path; }
+#endif
+
+#pragma GCC diagnostic pop
+
+#endif /* ROOTHIDE_H */
diff --git a/sb/tweak.swift b/sb/tweak.swift
@@ -46,7 +46,7 @@ extension UIViewController {
             let alert = UIAlertController(title: title, message: message, preferredStyle: .alert)
 
             let exitAction = UIAlertAction(title: "Exit Safe Mode", style: .default, handler: { action in
-                try? FileManager.default.removeItem(atPath: "/var/mobile/.eksafemode")
+                try? FileManager.default.removeItem(atPath: jbroot("/var/mobile/.eksafemode"))
                 exit(0)
             })
 
@@ -85,7 +85,7 @@ func trap(signals: [Int32], action: (@convention(c) (Int32) -> Void)?) {
 }
 
 func handleSBCrash(currentSig: Int32) {
-    FileManager.default.createFile(atPath: "/var/mobile/.eksafemode", contents: Data())
+    FileManager.default.createFile(atPath: jbroot("/var/mobile/.eksafemode"), contents: Data())
     allSignals.forEach {
         signal($0, SIG_DFL)
     }
@@ -109,11 +109,11 @@ public func tweak_entry() {
 
     NSLog("Hello world, SpringBoard!")
 
-    if FileManager.default.fileExists(atPath: "/var/mobile/.eksafemode") {
+    if FileManager.default.fileExists(atPath: jbroot("/var/mobile/.eksafemode")) {
         performHooks()
     } else if checkVolumeUp() {
         tprint("Volume up!!!")
-        FileManager.default.createFile(atPath: "/var/mobile/.eksafemode", contents: Data())
+        FileManager.default.createFile(atPath: jbroot("/var/mobile/.eksafemode"), contents: Data())
         exit(0)
     }