Seth/vue-after-free_TanKanTZBuild
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Refactor jb checks into shared helper

Browse Source
This commit is contained in:
nRanzo
2026-02-08 11:43:15 +01:00
parent 11ae12edc0
commit aad00e2485
4 changed files with 34 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/download0/check-jailbroken.ts
+28
View File
@@ -0,0 +1,28 @@
import { fn, BigInt } from 'download0/types'
export function checkJailbroken (): boolean {
fn.register(24, 'getuid', [], 'bigint')
fn.register(23, 'setuid', ['number'], 'bigint')
const uidBefore = fn.getuid()
const uidBeforeVal = uidBefore instanceof BigInt ? uidBefore.lo : uidBefore
log('UID before setuid: ' + uidBeforeVal)
log('Attempting setuid(0)...')
try {
const setuidResult = fn.setuid(0)
const setuidRet = setuidResult instanceof BigInt ? setuidResult.lo : setuidResult
log('setuid returned: ' + setuidRet)
} catch (e) {
log('setuid threw exception: ' + (e as Error).toString())
}
const uidAfter = fn.getuid()
const uidAfterVal = uidAfter instanceof BigInt ? uidAfter.lo : uidAfter
log('UID after setuid: ' + uidAfterVal)
const jailbroken = uidAfterVal === 0
log(jailbroken ? 'Already jailbroken' : 'Not jailbroken')
return jailbroken
}
src/download0/loader.ts
+2 -36
View File
@@ -4,6 +4,7 @@ import { fn, mem, BigInt, utils } from 'download0/types'
import { sysctlbyname } from 'download0/kernel'
import { lapse } from 'download0/lapse'
import { binloader_init } from 'download0/binloader'
import { checkJailbroken } from 'download0/check-jailbroken'
// Load binloader first (just defines the function, doesn't execute)
@@ -30,42 +31,7 @@ const audio = new jsmaf.AudioClip()
audio.volume = 0.5 // 50% volume
audio.open('file://../download0/sfx/bgm.wav')
function isJailbroken () {
// Register syscalls
fn.register(24, 'getuid', [], 'bigint')
fn.register(23, 'setuid', ['number'], 'bigint')
// Get current UID
const uid_before = fn.getuid()
const uid_before_val = (uid_before instanceof BigInt) ? uid_before.lo : uid_before
log('UID before setuid: ' + uid_before_val)
// Try to set UID to 0 (root) - catch EPERM if not jailbroken
log('Attempting setuid(0)...')
try {
const setuid_result = fn.setuid(0)
const setuid_ret = (setuid_result instanceof BigInt) ? setuid_result.lo : setuid_result
log('setuid returned: ' + setuid_ret)
} catch (e) {
log('setuid threw exception: ' + (e as Error).toString())
}
// Get UID after setuid attempt
const uid_after = fn.getuid()
const uid_after_val = (uid_after instanceof BigInt) ? uid_after.lo : uid_after
log('UID after setuid: ' + uid_after_val)
if (uid_after_val === 0) {
log('already jailbroke')
return true
} else {
log('not jailbroken')
return false
}
}
const is_jailbroken = isJailbroken()
const is_jailbroken = checkJailbroken()
// Check if exploit has completed successfully
function is_exploit_complete () {
src/download0/payload_host.ts
+2 -33
View File
@@ -2,6 +2,7 @@ import { fn, mem, BigInt } from 'download0/types'
import { binloader_init } from 'download0/binloader'
import { libc_addr } from 'download0/userland'
import { lang, useImageText, textImageBase } from 'download0/languages'
import { checkJailbroken } from 'download0/check-jailbroken'
(function () {
if (typeof libc_addr === 'undefined') {
@@ -16,39 +17,7 @@ import { lang, useImageText, textImageBase } from 'download0/languages'
audio.volume = 0.5 // 50% volume
audio.open('file://../download0/sfx/bgm.wav')
function isJailbroken () {
fn.register(24, 'getuid', [], 'bigint')
fn.register(23, 'setuid', ['number'], 'bigint')
const uid_before = fn.getuid()
const uid_before_val = (uid_before instanceof BigInt) ? uid_before.lo : uid_before
log('UID before setuid: ' + uid_before_val)
log('Attempting setuid(0)...')
try {
const setuid_result = fn.setuid(0)
const setuid_ret = (setuid_result instanceof BigInt) ? setuid_result.lo : setuid_result
log('setuid returned: ' + setuid_ret)
} catch (e) {
const error_msg = (e as Error).toString()
log('setuid threw exception: ' + error_msg)
}
const uid_after = fn.getuid()
const uid_after_val = (uid_after instanceof BigInt) ? uid_after.lo : uid_after
log('UID after setuid: ' + uid_after_val)
if (uid_after_val === 0) {
log('Already jailbroken')
return true
} else {
log('Not jailbroken')
return false
}
}
is_jailbroken = isJailbroken()
is_jailbroken = checkJailbroken()
jsmaf.root.children.length = 0
src/download0/stats-tracker.ts
+2 -37
View File
@@ -1,45 +1,10 @@
import { fn, mem, BigInt } from 'download0/types'
import { checkJailbroken } from 'download0/check-jailbroken'
// Statistics tracker using syscalls for direct file I/O
// Register read syscall if not already registered
function isJailbroken () {
// Register syscalls
fn.register(24, 'getuid', [], 'bigint')
fn.register(23, 'setuid', ['number'], 'bigint')
// Get current UID
const uid_before = fn.getuid()
const uid_before_val = uid_before.lo
log('UID before setuid: ' + uid_before_val)
// Try to set UID to 0 (root) - catch EPERM if not jailbroken
log('Attempting setuid(0)...')
try {
const setuid_result = fn.setuid(0)
const setuid_ret = setuid_result.lo
log('setuid returned: ' + setuid_ret)
} catch (e) {
const error_msg = (e as Error).toString()
log('setuid threw exception: ' + error_msg)
}
// Get UID after setuid attempt
const uid_after = fn.getuid()
const uid_after_val = uid_after.lo
log('UID after setuid: ' + uid_after_val)
if (uid_after_val === 0) {
log('already jailbroken')
return true
} else {
log('not jailbroken')
return false
}
}
export const stats = {
total: 0,
success: 0,
@@ -98,7 +63,7 @@ export const stats = {
fn.register(0x4, 'write', ['bigint', 'bigint', 'number'], 'bigint')
fn.register(0x5, 'open', ['string', 'number', 'number'], 'bigint')
fn.register(0x6, 'close', ['bigint'], 'bigint')
this.filepath = isJailbroken() ? '/mnt/sandbox/download/CUSA00960/stats.json' : '/download0/stats.json'
this.filepath = checkJailbroken() ? '/mnt/sandbox/download/CUSA00960/stats.json' : '/download0/stats.json'
const data = JSON.stringify({
total: this.total,