diff --git a/escape/objcLogger.h b/escape/objcLogger.h index fbdab85..b35afbc 100644 --- a/escape/objcLogger.h +++ b/escape/objcLogger.h @@ -15,5 +15,11 @@ [[LogHelper sharedInstance] logWithFormat:fmt, __VA_ARGS__] #define LOG(msg) \ [[LogHelper sharedInstance] logMessage:msg] +#define LOG_FMT_CONSOLE(fmt, ...) \ +do { \ + usleep(500); \ + [[LogHelper sharedInstance] logWithFormat:fmt, __VA_ARGS__]; \ + NSLog(fmt, __VA_ARGS__); \ +} while(0) #endif /* objcLogger_h */ diff --git a/escape/post_exploitation/kpf.m b/escape/post_exploitation/kpf.m index f9fcd7d..84e528e 100644 --- a/escape/post_exploitation/kpf.m +++ b/escape/post_exploitation/kpf.m @@ -178,7 +178,7 @@ u64 find_proc_set_ucred_function(struct kfd* kfd) { uint8_t *str; str = boyermoore_horspool_memmem(buffer, 0x1000, target, matching_size); if (str) { - printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); uint64_t bof = bof64((u64)kfd, str - buffer + textexec_text_addr + current_offset); return bof; } @@ -200,7 +200,7 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) { uint8_t *str; str = boyermoore_horspool_memmem(buffer, 0x1000, str_target, strlen(str_target)); if (str) { - printf("[KPF_DEBUG] 0x%llx\n", str - buffer + searching_addr + current_offset - kfd->info.kernel.kernel_slide); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + searching_addr + current_offset - kfd->info.kernel.kernel_slide); str_addr = str - buffer + searching_addr + current_offset; break; } @@ -248,7 +248,7 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) { current_offset += 0x1000; } if (!trust_cache_runtime_init) { - LOG(@"[-] failed to find trustcahr_runtime_init"); + LOG(@"[-] failed to find trustcache_runtime_init"); return 0; } uint64_t code = 0; @@ -257,13 +257,13 @@ uint64_t find_trustcaches_addr(struct kfd *kfd) { uint32_t ldr_code = (code >> 32) & 0xFFFFFFFF; uint64_t page_addr = 0, page_offset = 0, reg = 0; DISASM_ADRP(adrp_code, &page_addr, ®); - printf("[KPF_DEBUG] page=0x%llx reg=0x%llx\n", page_addr, reg); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] page=0x%llx reg=0x%llx", page_addr, reg); DISASM_ADD(ldr_code, &page_offset, ®, ®); - printf("[KPF_DEBUG] pageoff=0x%llx reg=0x%llx reg=0x%llx\n", page_offset, reg, reg); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] pageoff=0x%llx reg=0x%llx reg=0x%llx", page_offset, reg, reg); uint64_t addr = (((trust_cache_runtime_init-0x64) & 0xfffffffffffff000) + page_offset + page_addr); uint64_t data = 0; kread((u64)kfd, addr, &data, 8); - printf("[KPF_DEBUG] data=0x%llx\n", data); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] data=0x%llx", data); return data + 0x20; } @@ -280,7 +280,7 @@ uint64_t find_proc_updatecsflags(struct kfd *kfd) { uint8_t *str; str = boyermoore_horspool_memmem(buffer, 0x1000, target, matching_size); if (str) { - printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); uint64_t bof = bof64((u64)kfd, str - buffer + textexec_text_addr + current_offset); return bof; } @@ -304,7 +304,7 @@ uint64_t find_container_initwithcapacity(struct kfd *kfd) { uint64_t code = 0; kread((u64)kfd, str - buffer + textexec_text_addr + current_offset - 0x8, &code, 8); if ((code & 0xFFFFFFFF) == 0xF9001260) { - printf("[KPF_DEBUG] 0x%llx\n", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); + LOG_FMT_CONSOLE(@"[KPF_DEBUG] 0x%llx", str - buffer + textexec_text_addr + current_offset - kfd->info.kernel.kernel_slide); return str - buffer + textexec_text_addr + current_offset - 0x4C; } }