mdc v14

AltStore/MDCExploit/MDCExploits.swift

@@ -16,16 +16,26 @@ func patch3AppLimit(completion: @escaping (PatchResult) -> ()) {
         if let error = error {
             completion(.failure(PatchError.NoFDA(msg: "Failed to get full disk access: \(error)")))
         }
-        DispatchQueue.global(qos: .userInitiated).async {
-            print("This is run on a background queue")
-            if !patch_installd() {
-                completion(.failure(PatchError.FailedPatchd))
-            }
+//        DispatchQueue.global(qos: .userInitiated).async {
+        print("This is run on a background queue")
+        if !patch_installd() {
+            completion(.failure(PatchError.FailedPatchd))
         }
+//        }
         completion(.success)
     }
 }
 
+func bootTime() -> Date? {
+    var tv = timeval()
+    var tvSize = MemoryLayout<timeval>.size
+    let err = sysctlbyname("kern.boottime", &tv, &tvSize, nil, 0);
+    guard err == 0, tvSize == MemoryLayout<timeval>.size else {
+        return nil
+    }
+    return Date(timeIntervalSince1970: Double(tv.tv_sec) + Double(tv.tv_usec) / 1_000_000.0)
+}
+
 enum WhitelistPatchResult {
     case success, failure
 }

AltStore/MDCExploit/grant_full_disk_access.m

@@ -580,35 +580,31 @@ static NSData* make_patch_installd(void* executableMap, size_t executableLength)
 }
 
 bool patch_installd() {
-    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0), ^{
-        const char* targetPath = "/usr/libexec/installd";
-        int fd = open(targetPath, O_RDONLY | O_CLOEXEC);
-        off_t targetLength = lseek(fd, 0, SEEK_END);
-        lseek(fd, 0, SEEK_SET);
-        void* targetMap = mmap(nil, targetLength, PROT_READ, MAP_SHARED, fd, 0);
+  const char* targetPath = "/usr/libexec/installd";
+  int fd = open(targetPath, O_RDONLY | O_CLOEXEC);
+  off_t targetLength = lseek(fd, 0, SEEK_END);
+  lseek(fd, 0, SEEK_SET);
+  void* targetMap = mmap(nil, targetLength, PROT_READ, MAP_SHARED, fd, 0);
 
-        NSData* originalData = [NSData dataWithBytes:targetMap length:targetLength];
-        NSData* sourceData = make_patch_installd(targetMap, targetLength);
-        if (!sourceData) {
-          NSLog(@"can't patchfind");
-//            return ;
-        }
+  NSData* originalData = [NSData dataWithBytes:targetMap length:targetLength];
+  NSData* sourceData = make_patch_installd(targetMap, targetLength);
+  if (!sourceData) {
+    NSLog(@"can't patchfind");
+    return false;
+  }
 
-        if (!overwrite_file(fd, sourceData)) {
-          overwrite_file(fd, originalData);
-          munmap(targetMap, targetLength);
-          NSLog(@"can't overwrite");
-//            return ;
-        }
-        munmap(targetMap, targetLength);
-        xpc_crasher("com.apple.mobile.installd");
-        sleep(1);
+  if (!overwrite_file(fd, sourceData)) {
+    overwrite_file(fd, originalData);
+    munmap(targetMap, targetLength);
+    NSLog(@"can't overwrite");
+    return false;
+  }
+  munmap(targetMap, targetLength);
+  xpc_crasher("com.apple.mobile.installd");
+  sleep(1);
 
-        // TODO(zhuowei): for now we revert it once installd starts
-        // so the change will only last until when this installd exits
-//        overwrite_file(fd, originalData);
-        NSLog(@"patched");
-//        return;
-    });
-    return true;
+  // TODO(zhuowei): for now we revert it once installd starts
+  // so the change will only last until when this installd exits
+//  overwrite_file(fd, originalData);
+  return true;
 }