chore: log more info in kpf

escape/objcLogger.h

@@ -15,5 +15,11 @@
     [[LogHelper sharedInstance] logWithFormat:fmt, __VA_ARGS__]
 #define LOG(msg) \
     [[LogHelper sharedInstance] logMessage:msg]
+#define LOG_FMT_CONSOLE(fmt, ...) \
+do { \
+    usleep(500); \
+    [[LogHelper sharedInstance] logWithFormat:fmt, __VA_ARGS__]; \
+    NSLog(fmt, __VA_ARGS__); \
+} while(0)
 
 #endif /* objcLogger_h */

escape/post_exploitation/kpf.m

@@ -178,7 +178,7 @@ u64 find_proc_set_ucred_function(struct kfd* kfd) {
         uint8_t *str;
         str = boyermoore_horspool_memmem(buffer, 0x1000, target, matching_size);
         if (str) {
-            printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
+            LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
             uint64_t bof = bof64((u64)kfd, str - buffer + textexec_text_addr + current_offset);
             return bof;
         }
@@ -200,7 +200,7 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) {
         uint8_t *str;
         str = boyermoore_horspool_memmem(buffer, 0x1000, str_target, strlen(str_target));
         if (str) {
-            printf("[KPF_DEBUG] 0x%llx\n", str - buffer + searching_addr + current_offset - kfd->info.kernel.kernel_slide);
+            LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + searching_addr + current_offset - kfd->info.kernel.kernel_slide);
             str_addr = str - buffer + searching_addr + current_offset;
             break;
         }
@@ -248,7 +248,7 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) {
         current_offset += 0x1000;
     }
     if (!trust_cache_runtime_init) {
-        LOG(@"[-] failed to find trustcahr_runtime_init");
+        LOG(@"[-] failed to find trustcache_runtime_init");
         return 0;
     }
     uint64_t code = 0;
@@ -257,13 +257,13 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) {
     uint32_t ldr_code = (code >> 32) & 0xFFFFFFFF;
     uint64_t page_addr = 0, page_offset = 0, reg = 0;
     DISASM_ADRP(adrp_code, &page_addr, &reg);
-    printf("[KPF_DEBUG] page=0x%llx reg=0x%llx\n", page_addr, reg);
+    LOG_FMT_CONSOLE(@"[KPF_DEBUG] page=0x%llx reg=0x%llx", page_addr, reg);
     DISASM_ADD(ldr_code, &page_offset, &reg, &reg);
-    printf("[KPF_DEBUG] pageoff=0x%llx reg=0x%llx reg=0x%llx\n", page_offset, reg, reg);
+    LOG_FMT_CONSOLE(@"[KPF_DEBUG] pageoff=0x%llx reg=0x%llx reg=0x%llx", page_offset, reg, reg);
     uint64_t addr = (((trust_cache_runtime_init-0x64) & 0xfffffffffffff000) + page_offset + page_addr);
     uint64_t data = 0;
     kread((u64)kfd, addr, &data, 8);
-    printf("[KPF_DEBUG] data=0x%llx\n", data);
+    LOG_FMT_CONSOLE(@"[KPF_DEBUG] data=0x%llx", data);
 
     return data + 0x20;
 }
@@ -280,7 +280,7 @@ uint64_t find_proc_updatecsflags(struct kfd *kfd) {
         uint8_t *str;
         str = boyermoore_horspool_memmem(buffer, 0x1000, target, matching_size);
         if (str) {
-            printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
+            LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
             uint64_t bof = bof64((u64)kfd, str - buffer + textexec_text_addr + current_offset);
             return bof;
         }
@@ -304,7 +304,7 @@ uint64_t find_container_initwithcapacity(struct kfd *kfd) {
             uint64_t code = 0;
             kread((u64)kfd, str - buffer + textexec_text_addr + current_offset - 0x8, &code, 8);
             if ((code & 0xFFFFFFFF) == 0xF9001260) {
-                printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
+                LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide);
                 return str - buffer + textexec_text_addr + current_offset - 0x4C;
             }
         }