Fix LiveFS patch for Big Sur & Monterey (silly me)

plooshi · Dec 3, 2024 · 2fec32c · 2fec32c
1 parent 644cf14
commit 2fec32c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/RealRoot.xcodeproj/project.pbxproj b/RealRoot.xcodeproj/project.pbxproj
@@ -362,7 +362,7 @@
 				MODULE_NAME = dev.ploosh.RealRoot;
 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
-				MODULE_VERSION = 1.0.2;
+				MODULE_VERSION = 1.0.3;
 				OTHER_CFLAGS = (
 					"-mmmx",
 					"-msse",
@@ -411,7 +411,7 @@
 				MODULE_NAME = dev.ploosh.RealRoot;
 				MODULE_START = "$(PRODUCT_NAME)_kern_start";
 				MODULE_STOP = "$(PRODUCT_NAME)_kern_stop";
-				MODULE_VERSION = 1.0.2;
+				MODULE_VERSION = 1.0.3;
 				OTHER_CFLAGS = (
 					"-mmmx",
 					"-msse",

diff --git a/RealRoot/kern_realroot.cpp b/RealRoot/kern_realroot.cpp
@@ -101,22 +101,27 @@ void PatchAPFS(KernelPatcher &patcher, size_t index, mach_vm_address_t address,
 	size_t offset = 0;
 	switch (getKernelVersion()) {
 		case BigSur:
-			offset = 0x9;
+			offset = 0x10;
+			break;
 		case Monterey:
 			offset = 0x12;
+			break;
 		default:
 			offset = 0x15;
+			break;
 	}
 	mach_vm_address_t patchPoint = apfs_vfsop_mount + dataOffset + offset;
 	if (*(uint8_t *)(patchPoint + 1) == 0x85) { // jne
 		// replace entire call w/ nop
 		for (int i = 0; i < 6; i++) {
 			*(uint8_t *)(patchPoint + i) = 0x90;
 		}
-	} else {
+	} else if (*(uint8_t *)(patchPoint + 1) == 0x84) {
 		// force jump
 		*(uint8_t *)(patchPoint) = 0x90;
 		*(uint8_t *)(patchPoint + 1) = 0xe9;
+	} else {
+		panic("LiveFS patch has a bad offset!!!");
 	}
 	MachInfo::setKernelWriting(false, KernelPatcher::kernelWriteLock);
 }

diff --git a/RealRoot/kern_realroot.hpp b/RealRoot/kern_realroot.hpp
@@ -75,7 +75,7 @@ const uint8_t apfsVfsopMountMaskMonterey[] = {
 
 const uint8_t apfsVfsopMountOrigBigSur[] = {
     0xe9, 0x00, 0x00, 0x00, 0x00, // jmp
-    0x48, 0x8b, 0x80, 0x00, 0x00, 0x00, 0x00, // mov rax, qword ptr [rXX+_V2]
+    0x48, 0x8b, 0x80, 0x00, 0x00, 0x00, 0x00, // mov rax, qword ptr [rax+_V2]
     0xf6, 0x40, 0x38, 0x20, // test byte [rax+_V3], 0x20
     0x0f, 0x84, 0x00, 0x00, 0x00, 0x00, // j(n)e
     0xb0, 0x01 // mov al, 0x1