diff options
| author | spv420 <spv@spv.sh> | 2022-07-30 23:32:19 -0400 |
|---|---|---|
| committer | spv420 <spv@spv.sh> | 2022-07-30 23:32:19 -0400 |
| commit | 630aecdb5082b7aabf38c4d5594fb236bebcceff (patch) | |
| tree | dd65f68e2d342a53bd4cfa59d0a8fcd149376be2 /work/ehwgr.js | |
| parent | e35a04268fb48fac634ca123a58584a26b513831 (diff) | |
hell
Diffstat (limited to 'work/ehwgr.js')
| -rw-r--r-- | work/ehwgr.js | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/work/ehwgr.js b/work/ehwgr.js new file mode 100644 index 0000000..a574904 --- /dev/null +++ b/work/ehwgr.js @@ -0,0 +1,53 @@ + + + /* + var port_addr = shit_heap(4); + var kr = bootstrap_look_up(bootstrap_port, "com.apple.SystemConfiguration.configd", port_addr); + + scall("printf", "%d (%s) %x %x\n", kr, mach_error_string(kr), port_addr, read_u32(port_addr)); + printf("where u at\n"); +// kr = vm_write(read_u32(port_addr), 0x41414141, port_addr & (~0xfff), 4); + scall("printf", "%d (%s)\n", kr, mach_error_string(kr)); + + var child_threadptr = shit_heap(4); + printf("where u at\n"); + var child_thread; + printf("where u at\n"); + var thread_state = shit_heap(0x1000); + printf("where u at\n"); + var port = read_u32(port_addr); + printf("where u at\n"); + kr = thread_create(port, child_threadptr); + scall("printf", "%d (%s)\n", kr, mach_error_string(kr)); + printf("where u at\n"); + child_thread = read_u32(child_thread); + printf("where u at\n"); + kr = calls4arg("thread_set_state", child_thread, ARM_THREAD_STATE, thread_state, ARM_THREAD_STATE_COUNT); + scall("printf", "%d (%s)\n", kr, mach_error_string(kr)); + printf("where u at\n"); + kr = calls4arg("thread_resume", child_thread, 0, 0, 0); + scall("printf", "%d (%s)\n", kr, mach_error_string(kr)); + printf("where u at\n");*/ + + kCFBooleanFalse = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFBooleanFalse"); + kCFBooleanTrue = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFBooleanTrue"); + kCFPreferencesAnyUser = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFPreferencesAnyUser"); + kCFPreferencesCurrentHost = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFPreferencesCurrentHost"); + printf("%x\n", kCFBooleanFalse); + +// setuid(read_u32(getpwnam("_timed") + 8)); + setuid(501); + printf("%d\n", getuid()); +// call4arg(0, 0, 0, 0, 0); + + CFPreferencesSetValue(__CFStringMakeConstantString("Active"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timezone.auto"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost)); + CFPreferencesSynchronize(__CFStringMakeConstantString('com.apple.timezone.auto'), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost)); + CFPreferencesSetValue(__CFStringMakeConstantString("TMAutomaticTimeOnlyEnabled"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timed"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost)); + CFPreferencesSetValue(__CFStringMakeConstantString("TMAutomaticTimeZoneEnabled"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timed"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost)); + CFPreferencesSynchronize(__CFStringMakeConstantString('com.apple.timed'), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost)); + + return; + + csbypass(); + + return;
\ No newline at end of file |