6.0rc2

PureKFD.xcodeproj/xcshareddata/xcschemes/purekfd.xcscheme

@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "1610"
+   version = "1.7">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES"
+      buildArchitectures = "Automatic">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "656C14A82C2D32D60017F279"
+               BuildableName = "PureKFD.app"
+               BlueprintName = "PureKFD"
+               ReferencedContainer = "container:PureKFD.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      shouldAutocreateTestPlan = "YES">
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "656C14A82C2D32D60017F279"
+            BuildableName = "PureKFD.app"
+            BlueprintName = "PureKFD"
+            ReferencedContainer = "container:PureKFD.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "656C14A82C2D32D60017F279"
+            BuildableName = "PureKFD.app"
+            BlueprintName = "PureKFD"
+            ReferencedContainer = "container:PureKFD.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>

purekfd/Backend/Exploit/SparseRestore.swift → PureKFD/Backend/Exploit/SparseRestore.swift

@@ -96,7 +96,7 @@ class SparseRestore: NSObject {
                     sparseRestoreAppInfo.append(SparseRestoreAppInfo(bundleID: _info.bundleID, path: _info.path, container: _info.container))
                 }
                 if sparseRestoreAppInfo.isEmpty,
-                   forcefulMode {
+                   !forcefulMode {
                     let minimuxer_logs = ((try? String(contentsOf: backupPath.appendingPathComponent("minimuxer.log"), encoding: .utf8)) ?? "").lowercased()
                     if minimuxer_logs.contains("failed to create heartbeat"),
                        !minimuxer_logs.contains("success!") {
@@ -162,6 +162,8 @@ class SparseRestore: NSObject {
     @objc public static func endExploit(_ json: [String:String]) -> String? {
         let result = restore(json)
         try? exploitLog.write(to: URL.documents.appendingPathComponent("exploitlog.txt"), atomically: true, encoding: String.Encoding.utf8)
+        log(exploitLog)
+        log("done")
         return result
     }
 
@@ -174,14 +176,6 @@ class SparseRestore: NSObject {
 
             start_emotional_damage("127.0.0.1:51820")
 
-            setvbuf(stdout, nil, _IOLBF, 0)
-            setvbuf(stderr, nil, _IONBF, 0)
-
-            Task.detached {
-                dup2(sparseRestoreLogPipe.fileHandleForWriting.fileDescriptor, fileno(stdout))
-                dup2(sparseRestoreLogPipe.fileHandleForWriting.fileDescriptor, fileno(stderr))
-            }
-
             let key = URL.documents.appendingPathComponent("imported/PairingFile")
             if let contents = try? String(contentsOf: key),
                !contents.isEmpty {
@@ -235,43 +229,30 @@ class SparseRestore: NSObject {
                 if backupInfo.isEmpty {
                     return "No files to write?"
                 }
-                if !forcefulMode, backupInfo.contains(where: { $0.contains("/containers/Bundle/") }) {
-                    return "A tweak is enabled that attempts to write to a container, please enable the required setting to use it and only continue if you know what you are doing (if you do not know what the required setting is then you should not use the tweak)"
-                }
+
+                var backupDirs: [String] = []
                 for file in backupInfo.indices {
                     let filePath = backupInfo[file]
                     do {
                         let fileContents = try Data(contentsOf: tempBackupDir.appendingPathComponent(filePath))
-                        //backupFiles.append(ConcreteFile(path: "", domain: "SysContainerDomain-../../../../../../../..\(file)", contents: ))
                         let to = URL(fileURLWithPath: filePath)
                         var basePath = "var"
                         if #available(iOS 17.0, *) {
                             basePath = to.path.hasPrefix("/var/mobile/") ? "var/mobile" : "var"
                         }
-                        let containerFile = to.path.contains("/containers/Bundle/")
-                        if containerFile {
-                            let testURL = URL.documents.appendingPathComponent("container.txt")
-                            if let numStr = try? String(contentsOf: testURL),
-                               let num = Int(numStr) {
-                                if num > file {
-                                    continue
-                                }
-                            }
-                            if !(file == backupInfo.count-1) {
-                                try? "\(file+1)".write(to: testURL, atomically: true, encoding: .utf8)
-                            }
-                        }
                         let folderPath = to.deletingLastPathComponent().path.replacingOccurrences(of: "//private/var", with: "/var").replacingOccurrences(of: "/private/var", with: "/var")
                         let targetPath = to.path.replacingOccurrences(of: "//private/var", with: "/var").replacingOccurrences(of: "/private/var", with: "/var")
 
                         backupFiles += [
-                            ConcreteFile(path: "Library/Preferences/temp\(containerFile ? "" : String(Int(file)))", domain: "RootDomain", contents: fileContents, inode: containerFile ? 0 : UInt64(file)),
-                            Directory(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/backup\(folderPath)", owner: containerFile ? 33 : 501, group: containerFile ? 33 : 501),
-                            ConcreteFile(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/backup\(targetPath)", contents: Data(), owner: containerFile ? 33 : 501, group: containerFile ? 33 : 501, inode: containerFile ? 0 : UInt64(file)),
-                            ConcreteFile(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/.backup.i/var/root/Library/Preferences/temp\(containerFile ? "" : String(Int(file)))", contents: Data())
+                            ConcreteFile(path: "Library/Preferences/temp\(file)", domain: "RootDomain", contents: fileContents, inode: UInt64(file)),
+                            ConcreteFile(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/backup\(targetPath)", contents: Data(), owner: 501, group: 501, inode: UInt64(file)),
+                            ConcreteFile(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/.backup.i/var/root/Library/Preferences/temp\(file)", contents: Data())
                         ]
-                        if containerFile {
-                            break
+                        if !backupDirs.contains(folderPath) {
+                            backupFiles += [
+                                Directory(path: "", domain: "SysContainerDomain-../../../../../../../../\(basePath)/backup\(folderPath)", owner: 501, group: 501),
+                            ]
+                            backupDirs.append(folderPath)
                         }
                     } catch {}
                 }
@@ -314,7 +295,7 @@ class SparseRestore: NSObject {
 
                 sparseRestoreLogPipe.fileHandleForReading.readabilityHandler = nil
 
-                if varMobile {
+                if varMobile || result == 0 {
                     return "Restore successful, but a tweak has written to /var/mobile so setup bypass has been disabled, in setup please select 'continue with partial setup', failure to do so WILL RESULT IN BOOTLOOP"
                 } else {
                     return nil

purekfd/Backend/ExploitHandler.swift → PureKFD/Backend/ExploitHandler.swift

@@ -75,7 +75,7 @@ struct Exploit {
 var exploitLog = ""
 
 class ExploitHandler {
-    #if !os(macOS)
+    #if NO_SPARSE && !os(macOS)
     public static var exploits: [Exploit] = [
         // Exploit/KFD.swift
         Exploit(
@@ -97,7 +97,7 @@ class ExploitHandler {
             start_exploit: true,
             end_exploit: true
         ),
-        //
+        // Exploit/MDC.swift
         Exploit(
             name: "MDC",
             compat: "14.0-15.7.2, 16.0-16.1.2",
@@ -107,7 +107,58 @@ class ExploitHandler {
             handler: MDC.self,
             unsandboxOnStart: true
         ),
-        //
+        // Exploit/DirectWrite.swift
+        Exploit(
+            name: "Direct Write",
+            compat: "*",
+            cpu_compat: "*",
+            description: "Direct Writes",
+            stability_rating: 10,
+            handler: DirectWrite.self
+        ),
+        // Exploit/VirtualEnviorment.swift
+        Exploit(
+            name: "Virtual Enviorment",
+            compat: "*",
+            cpu_compat: "*",
+            description: "Virtual Enviorment",
+            stability_rating: 10,
+            handler: VirtualEnviorment.self
+        )
+    ]
+    #elseif !os(macOS)
+    public static var exploits: [Exploit] = [
+        // Exploit/KFD.swift
+        Exploit(
+            name: "KFD",
+            compat: "*-16.6.1",
+            cpu_compat: "A12+, M1+",
+            description: "KFD",
+            stability_rating: 5,
+            settings: [
+                "puaf method":"landa,smith,physpuppet",
+                "puaf pages":"16,32,64,128,256,512,1024,2048,3072,3584,4096",
+                "kread method":"sem_open,kqueue_workloop_ctl",
+                "kwrite method":"sem_open,dup",
+                "use static headroom":"Bool",
+                "use static headroom_static headroom":"16,128,192,256,384,512,768,1024,1536,2048,4096,65536"
+            ],
+            handler: KFD.self,
+            protected_folder_access: true,
+            start_exploit: true,
+            end_exploit: true
+        ),
+        // Exploit/MDC.swift
+        Exploit(
+            name: "MDC",
+            compat: "14.0-15.7.2, 16.0-16.1.2",
+            cpu_compat: "*",
+            description: "MDC 1",
+            stability_rating: 10,
+            handler: MDC.self,
+            unsandboxOnStart: true
+        ),
+        // Exploit/SparseRestore.swift
         Exploit(
             name: "SparseRestore",
             compat: "*",
@@ -124,7 +175,7 @@ class ExploitHandler {
             end_exploit: true,
             reboot: true
         ),
-        //
+        // Exploit/DirectWrite.swift
         Exploit(
             name: "Direct Write",
             compat: "*",
@@ -133,7 +184,7 @@ class ExploitHandler {
             stability_rating: 10,
             handler: DirectWrite.self
         ),
-        // DEBUG MODE
+        // Exploit/VirtualEnviorment.swift
         Exploit(
             name: "Virtual Enviorment",
             compat: "*",
@@ -356,16 +407,17 @@ class ExploitHandler {
         let exploit = exploits[exploitIndex]
 
         if exploit.end_exploit {
-            let selector = NSSelectorFromString("endExploit")
+            let selector = NSSelectorFromString("endExploit:")
             if exploit.handler.responds(to: selector) {
                 let methodIMP: IMP = exploit.handler.method(for: selector)!
                 typealias EndExploitFunc = @convention(c) (AnyObject, Selector, [String: String]) -> String?
                 let function = unsafeBitCast(methodIMP, to: EndExploitFunc.self)
                 return function(exploit.handler, selector, json)
             } else {
-                print("Exploit handler does not implement endExploit()")
+                log("Exploit handler does not implement endExploit()")
             }
         }
+        log("no end")
         return nil
     }
 

PureKFD/Info.plist

@@ -32,7 +32,7 @@
 		<dict>
 			<key>UTTypeConformsTo</key>
 			<array>
-				<string>public.text</string>
+				<string>public.data</string>
 			</array>
 			<key>UTTypeDescription</key>
 			<string>Mobile Device Pairing File</string>
@@ -51,7 +51,7 @@
 		<dict>
 			<key>UTTypeConformsTo</key>
 			<array>
-				<string>public.zip-archive</string>
+				<string>public.data</string>
 			</array>
 			<key>UTTypeDescription</key>
 			<string>PureKFD Tweak</string>

PureKFD/Main.swift

@@ -63,7 +63,7 @@ struct ContentView: View {
                     .tabItem({Label("Installed", systemImage: "square.and.arrow.down")})
                     .tag(2)
                     .accentColor(accentColor)
-            }
+            }.environment(\.horizontalSizeClass, .compact)
         }.onChange(of: selectedTab) { newValue in
             if installing {
                 selectedTab = 2

purekfd/Views/InstalledView.swift → PureKFD/Views/InstalledView.swift

@@ -247,7 +247,7 @@ struct InstalledView: View {
             }.sheet(isPresented: $showErrorSheet) {
                 ErrorInfoPageView(pkg: $selectedPkg, repo: .constant(nil)).accentColor(accentColor)
             }
-        }
+        }.navigationViewStyle(.stack)
     }
 
     func findFileOrFolder(_ url: URL, _ names: [String]) -> [URL] {
@@ -300,6 +300,7 @@ struct InstalledView: View {
                                         }
                                     }
                                     var temp_tweak = tweak.0
+                                    try? fm.moveItem(at: temp_tweak.pkgpath.appendingPathComponent("overwrite"), to: temp_tweak.pkgpath.appendingPathComponent("Overwrite")) // fix common issue
                                     temp_tweak.repo = nil
                                     temp_tweak.installed = true
                                     let configJsonPath = pkg_dir.appendingPathComponent(config_filename).path