fix #32, khanhduytran0#318

hugeBlack · Jan 25, 2025 · ae56dc6 · ae56dc6
1 parent bf8c051
commit ae56dc6
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 20 deletions.
diff --git a/Makefile b/Makefile
@@ -11,7 +11,7 @@ export CONFIG_COMMIT = $(shell git log --oneline | sed '2,10000000d' | cut -b 1-
 # Build the app
 APPLICATION_NAME = LiveContainer
 
-$(APPLICATION_NAME)_FILES = dyld_bypass_validation.m main.m utils.m LCSharedUtils.m NSUserDefaults.m SecItem.m
+$(APPLICATION_NAME)_FILES = dyld_bypass_validation.m main.m utils.m LCSharedUtils.m NSUserDefaults.m SecItem.m fishhook/fishhook.c
 $(APPLICATION_NAME)_CODESIGN_FLAGS = -Sentitlements.xml
 $(APPLICATION_NAME)_CFLAGS = -fobjc-arc
 $(APPLICATION_NAME)_LDFLAGS = -e _LiveContainerMain -rpath @loader_path/Frameworks

diff --git a/SecItem.m b/SecItem.m
@@ -8,6 +8,7 @@
 #import <Security/Security.h>
 #import "utils.h"
 #import <CommonCrypto/CommonDigest.h>
+#import "fishhook/fishhook.h"
 
 extern void* (*msHookFunction)(void *symbol, void *hook, void **old);
 OSStatus (*orig_SecItemAdd)(CFDictionaryRef attributes, CFTypeRef *result);
@@ -93,8 +94,11 @@ void SecItemGuestHooksInit()  {
         accessGroup = [NSString stringWithFormat:@"%@.com.kdt.livecontainer.shared.%d", groupId, keychainGroupId];
     }
 
-    msHookFunction(&SecItemAdd, (void *)new_SecItemAdd, (void **)&orig_SecItemAdd);
-    msHookFunction(&SecItemCopyMatching, (void *)new_SecItemCopyMatching, (void **)&orig_SecItemCopyMatching);
-    msHookFunction(&SecItemUpdate, (void *)new_SecItemUpdate, (void **)&orig_SecItemUpdate);
-    msHookFunction(&SecItemDelete, (void *)new_SecItemDelete, (void **)&orig_SecItemDelete);
+    struct rebinding rebindings[] = (struct rebinding[]){
+         {"SecItemAdd", (void *)new_SecItemAdd, (void **)&orig_SecItemAdd},
+         {"SecItemCopyMatching", (void *)new_SecItemCopyMatching, (void **)&orig_SecItemCopyMatching},
+         {"SecItemUpdate", (void *)new_SecItemUpdate, (void **)&orig_SecItemUpdate},
+         {"SecItemDelete", (void *)new_SecItemDelete, (void **)&orig_SecItemDelete}
+     };
+     rebind_symbols(rebindings, sizeof(rebindings)/sizeof(struct rebinding));
 }
diff --git a/fishhook b/fishhook
diff --git a/main.m b/main.m
@@ -14,6 +14,7 @@
 #include <sys/mman.h>
 #include <stdlib.h>
 #include "TPRO.h"
+#import "fishhook/fishhook.h"
 #include <mach-o/ldsyms.h>
 
 static int (*appMain)(int, char**);
@@ -25,7 +26,6 @@
 NSBundle* lcMainBundle;
 NSDictionary* guestAppInfo;
 
-void (*msHookFunction)(void *symbol, void *hook, void **old);
 void NUDGuestHooksInit();
 void SecItemGuestHooksInit();
 
@@ -316,16 +316,6 @@ static void overwriteExecPath(NSString *bundlePath) {
         }
     }
 
-    void* cydiaSubstrateHandle = 0;
-    // use app's own CydiaSubstrate if app have one
-    NSString* appCydiaSubstratePath = [NSString stringWithFormat:@"%@/Frameworks/CydiaSubstrate.framework/CydiaSubstrate", appBundle.bundleURL.path];
-    if([fm fileExistsAtPath:appCydiaSubstratePath]) {
-        cydiaSubstrateHandle = dlopen(appCydiaSubstratePath.UTF8String, RTLD_LAZY | RTLD_GLOBAL);
-    } else {
-        cydiaSubstrateHandle = dlopen("@rpath/CydiaSubstrate.framework/CydiaSubstrate", RTLD_LAZY | RTLD_LOCAL);
-    }
-    msHookFunction = dlsym(cydiaSubstrateHandle, "MSHookFunction");
-
     // Overwrite @executable_path
     const char *appExecPath = appBundle.executablePath.UTF8String;
     *path = appExecPath;
@@ -428,10 +418,13 @@ static void overwriteExecPath(NSString *bundlePath) {
     // hook NSUserDefault before running libraries' initializers
     NUDGuestHooksInit();
     SecItemGuestHooksInit();
-
     // Preload executable to bypass RT_NOLOAD
     uint32_t appIndex = _dyld_image_count();
     appMainImageIndex = appIndex;
+
+    // hook dlsym to solve RTLD_MAIN_ONLY
+    rebind_symbols((struct rebinding[1]){{"dlsym", (void *)new_dlsym, (void **)&orig_dlsym}},1);
+
     void *appHandle = dlopen(*path, RTLD_LAZY|RTLD_GLOBAL|RTLD_FIRST);
     appExecutableHandle = appHandle;
     const char *dlerr = dlerror();
@@ -446,8 +439,6 @@ static void overwriteExecPath(NSString *bundlePath) {
         *path = oldPath;
         return appError;
     }
-    // hook dlsym to solve RTLD_MAIN_ONLY
-    msHookFunction(&dlsym, (void *)new_dlsym, (void **)&orig_dlsym);
 
     // Fix dynamic properties of some apps
     [NSUserDefaults performSelector:@selector(initialize)];