fix booting 18.0b1

include/payload/payload.h

@@ -100,6 +100,7 @@ int overwrite_main(int argc, char* argv[]);
 void reload_launchd_env(void);
 void perform_reboot3(xpc_object_t peer, xpc_object_t xreply, xpc_object_t request, struct paleinfo* pinfo_p);
 void runcmd(xpc_object_t xrequest, xpc_object_t xreply, struct paleinfo* __unused pinfo);
+int bootscreend_main(void);
 ssize_t write_fdout(int fd, void* buf, size_t len);
 _Noreturn void _panic(char* fmt, ...);
 extern bool panic_did_enter;

include/payload_dylib/common.h

@@ -38,7 +38,6 @@ extern void (*MSHookFunction_p)(void *symbol, void *replace, void **result);
 void initSpawnHooks(void);
 void InitDaemonHooks(void);
 void InitXPCHooks(void);
-int bootscreend_main(void);
 void load_bootstrapped_jailbreak_env(void);
 int bootscreend_draw_image(const char* image_path);
 const char* set_tweakloader_path(const char* path);

plooshInit.xcodeproj/project.pbxproj

@@ -18,8 +18,6 @@
 		01AFD25E2C10A15D00C66591 /* dyn.c in Sources */ = {isa = PBXBuildFile; fileRef = 01AFD2542C10A15D00C66591 /* dyn.c */; };
 		01AFD25F2C10A15D00C66591 /* Makefile in Sources */ = {isa = PBXBuildFile; fileRef = 01AFD25B2C10A15D00C66591 /* Makefile */; };
 		01AFD2612C10A21800C66591 /* libdobby.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 01AFD2602C10A21800C66591 /* libdobby.a */; };
-		01AFD2632C10A26500C66591 /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01AFD2622C10A26500C66591 /* CoreGraphics.framework */; };
-		01AFD2652C10A26F00C66591 /* ImageIO.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01AFD2642C10A26E00C66591 /* ImageIO.framework */; };
 		01BA09A12C0988DD00D2B63F /* load.c in Sources */ = {isa = PBXBuildFile; fileRef = 015DD6BE2BA5992E003E3587 /* load.c */; };
 		01BA09A22C0988E000D2B63F /* bootstrap.c in Sources */ = {isa = PBXBuildFile; fileRef = 015DD6C02BA5992E003E3587 /* bootstrap.c */; };
 		01BA09A32C0988E200D2B63F /* xpc_helper.c in Sources */ = {isa = PBXBuildFile; fileRef = 015DD6BF2BA5992E003E3587 /* xpc_helper.c */; };
@@ -78,16 +76,13 @@
 		01E427442BA1E8A9008BC989 /* prebootpath.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D52A2B5C80DA007845B6 /* prebootpath.c */; };
 		01E427452BA1E8AB008BC989 /* strflags.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D52B2B5C80DA007845B6 /* strflags.c */; };
 		01E427462BA1E8DB008BC989 /* liblibjailbreak.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E4273D2BA1E848008BC989 /* liblibjailbreak.a */; };
-		01E427472BA1E8F2008BC989 /* bootscreend.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6952B5C80DA007845B6 /* bootscreend.c */; };
 		01E427482BA1E8F6008BC989 /* platform.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6A12B5C80DA007845B6 /* platform.c */; };
 		01E427492BA1E8F9008BC989 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6A32B5C80DA007845B6 /* main.c */; };
 		01E4274A2BA1E8FD008BC989 /* crashreporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 01683B582B8C679500A7A2EA /* crashreporter.m */; };
 		01E4274B2BA1E901008BC989 /* daemon.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6A52B5C80DA007845B6 /* daemon.c */; };
 		01E4274C2BA1E903008BC989 /* pspawn.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6A62B5C80DA007845B6 /* pspawn.c */; };
 		01E4274D2BA1E906008BC989 /* xpc.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6A72B5C80DA007845B6 /* xpc.c */; };
-		01E4274E2BA1E921008BC989 /* IOMobileFramebuffer.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 01D3D5EE2B5C80DA007845B6 /* IOMobileFramebuffer.tbd */; };
 		01E4274F2BA1E933008BC989 /* IOKit.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E4271B2BA1E38F008BC989 /* IOKit.tbd */; };
-		01E427512BA1EACF008BC989 /* IOSurface.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E427502BA1EACF008BC989 /* IOSurface.framework */; platformFilters = (ios, maccatalyst, macos, tvos, xros, ); };
 		01E4275E2BA1EB29008BC989 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E4275D2BA1EB29008BC989 /* Foundation.framework */; platformFilters = (ios, maccatalyst, macos, tvos, watchos, xros, ); };
 		01E427602BA1EB2E008BC989 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E4275F2BA1EB2E008BC989 /* CoreFoundation.framework */; platformFilters = (ios, maccatalyst, macos, tvos, watchos, xros, ); };
 		01E427612BA1EB3A008BC989 /* IOKit.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E4271B2BA1E38F008BC989 /* IOKit.tbd */; };
@@ -149,6 +144,11 @@
 		01E427E42BA1F421008BC989 /* multi.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D64E2B5C80DA007845B6 /* multi.c */; };
 		01E427E52BA1F423008BC989 /* macho.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D64D2B5C80DA007845B6 /* macho.c */; };
 		01E427E62BA1F426008BC989 /* pe.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D64C2B5C80DA007845B6 /* pe.c */; };
+		01F2C6142C4C40D1007E932C /* bootscreend.c in Sources */ = {isa = PBXBuildFile; fileRef = 01D3D6952B5C80DA007845B6 /* bootscreend.c */; };
+		01F2C6152C4C410D007E932C /* IOSurface.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01E427502BA1EACF008BC989 /* IOSurface.framework */; };
+		01F2C6172C4C4118007E932C /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01F2C6162C4C4118007E932C /* CoreGraphics.framework */; };
+		01F2C6192C4C411B007E932C /* ImageIO.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 01F2C6182C4C411B007E932C /* ImageIO.framework */; };
+		01F2C61A2C4C4126007E932C /* IOMobileFramebuffer.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 01D3D5EE2B5C80DA007845B6 /* IOMobileFramebuffer.tbd */; };
 		01FE46A92C1AD335005E6E9D /* runcmd.c in Sources */ = {isa = PBXBuildFile; fileRef = 01FE46A82C1AD335005E6E9D /* runcmd.c */; };
 /* End PBXBuildFile section */
 
@@ -558,6 +558,8 @@
 		01E427952BA1EE94008BC989 /* libsystemhook.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libsystemhook.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
 		01E427AD2BA1EECA008BC989 /* libuniversalhooks.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libuniversalhooks.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
 		01E427D32BA1F29F008BC989 /* patch_dyld-test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "patch_dyld-test"; sourceTree = BUILT_PRODUCTS_DIR; };
+		01F2C6162C4C4118007E932C /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.2.sdk/System/Library/Frameworks/CoreGraphics.framework; sourceTree = DEVELOPER_DIR; };
+		01F2C6182C4C411B007E932C /* ImageIO.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ImageIO.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.2.sdk/System/Library/Frameworks/ImageIO.framework; sourceTree = DEVELOPER_DIR; };
 		01FE46A82C1AD335005E6E9D /* runcmd.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = runcmd.c; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
@@ -589,11 +591,7 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				01AFD2652C10A26F00C66591 /* ImageIO.framework in Frameworks */,
-				01AFD2632C10A26500C66591 /* CoreGraphics.framework in Frameworks */,
-				01E427512BA1EACF008BC989 /* IOSurface.framework in Frameworks */,
 				01E4274F2BA1E933008BC989 /* IOKit.tbd in Frameworks */,
-				01E4274E2BA1E921008BC989 /* IOMobileFramebuffer.tbd in Frameworks */,
 				01E427462BA1E8DB008BC989 /* liblibjailbreak.a in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -609,6 +607,10 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				01F2C61A2C4C4126007E932C /* IOMobileFramebuffer.tbd in Frameworks */,
+				01F2C6192C4C411B007E932C /* ImageIO.framework in Frameworks */,
+				01F2C6172C4C4118007E932C /* CoreGraphics.framework in Frameworks */,
+				01F2C6152C4C410D007E932C /* IOSurface.framework in Frameworks */,
 				01E427672BA1EB7A008BC989 /* liblibjailbreak.a in Frameworks */,
 				01E427642BA1EB59008BC989 /* APFS.tbd in Frameworks */,
 				01E427632BA1EB4F008BC989 /* Security.framework in Frameworks */,
@@ -1047,6 +1049,7 @@
 				01AFD25D2C10A15D00C66591 /* libroot */,
 				01D3D4B12B5C80D9007845B6 /* pinfo.c */,
 				01D3D4E02B5C80D9007845B6 /* Makefile */,
+				01D3D6952B5C80DA007845B6 /* bootscreend.c */,
 				01D3D4E12B5C80DA007845B6 /* jailbreakd */,
 				01D3D4F22B5C80DA007845B6 /* main.c */,
 				01D3D4F32B5C80DA007845B6 /* .gitignore */,
@@ -1315,7 +1318,6 @@
 		01D3D6942B5C80DA007845B6 /* payload_dylib */ = {
 			isa = PBXGroup;
 			children = (
-				01D3D6952B5C80DA007845B6 /* bootscreend.c */,
 				01D3D6A02B5C80DA007845B6 /* Makefile */,
 				01D3D6A12B5C80DA007845B6 /* platform.c */,
 				01683B582B8C679500A7A2EA /* crashreporter.m */,
@@ -1485,6 +1487,8 @@
 		01E4271A2BA1E38F008BC989 /* Frameworks */ = {
 			isa = PBXGroup;
 			children = (
+				01F2C6182C4C411B007E932C /* ImageIO.framework */,
+				01F2C6162C4C4118007E932C /* CoreGraphics.framework */,
 				01AFD2642C10A26E00C66591 /* ImageIO.framework */,
 				01AFD2622C10A26500C66591 /* CoreGraphics.framework */,
 				01AFD2602C10A21800C66591 /* libdobby.a */,
@@ -1890,7 +1894,6 @@
 				01E427482BA1E8F6008BC989 /* platform.c in Sources */,
 				01E4274B2BA1E901008BC989 /* daemon.c in Sources */,
 				01E4274C2BA1E903008BC989 /* pspawn.c in Sources */,
-				01E427472BA1E8F2008BC989 /* bootscreend.c in Sources */,
 				01E4274D2BA1E906008BC989 /* xpc.c in Sources */,
 				01E4274A2BA1E8FD008BC989 /* crashreporter.m in Sources */,
 				01E427492BA1E8F9008BC989 /* main.c in Sources */,
@@ -1947,6 +1950,7 @@
 				01E427722BA1EC1B008BC989 /* runcmd.c in Sources */,
 				01E427732BA1EC1D008BC989 /* platform.c in Sources */,
 				01E4277F2BA1EC45008BC989 /* bootstrap.c in Sources */,
+				01F2C6142C4C40D1007E932C /* bootscreend.c in Sources */,
 				01E4276A2BA1EC07008BC989 /* obliterate.c in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;

src/payload/Makefile

@@ -6,7 +6,8 @@ LDFLAGS += -Wl,-sectcreate,__TEXT,__info_plist,Info.plist
 OBJDIR = obj
 C_SRC = $(wildcard *.c)
 LIBS = -framework CoreFoundation ../libs/IOKit.tbd -framework Foundation
-LIBS += -framework Security
+LIBS += -framework Security ../libs/IOMobileFramebuffer.tbd
+LIBS += -framework CoreGraphics -framework ImageIO -framework IOSurface
 LIBS += ../libs/APFS.tbd ../libjailbreak/libjailbreak.a
 OBJS = $(patsubst %,$(OBJDIR)/%,$(C_SRC:.c=.c.o))
 

src/payload_dylib/bootscreend.c → src/payload/bootscreend.c

@@ -17,10 +17,12 @@
 #include <sys/param.h>
 #include <CoreGraphics/CoreGraphics.h>
 #include <ImageIO/ImageIO.h>
+#include <sys/sysctl.h>
 
 #define WHITE 0xffffffff
 #define BLACK 0x00000000
 static void *base = NULL;
+IOSurfaceRef buffer;
 static int bytesPerRow = 0;
 static int height = 0;
 static int width = 0;
@@ -63,7 +65,6 @@ static int init_display(void) {
     }
     IOMobileFramebufferDisplaySize size;
     IOMobileFramebufferGetDisplaySize(display, &size);
-    IOSurfaceRef buffer;
     IOMobileFramebufferGetLayerDefaultSurface(display, 0, &buffer);
     bsd_printf("got display %p\n", display);
     width = size.width;
@@ -83,15 +84,8 @@ static int init_display(void) {
     bsd_printf("locked buffer\n");
     base = IOSurfaceGetBaseAddress(buffer);
     bsd_printf("got base address at: %p\n", base);
-    bytesPerRow = IOSurfaceGetBytesPerRow(buffer);
+    bytesPerRow = (int)IOSurfaceGetBytesPerRow(buffer);
     bsd_printf("got bytes per row: %d\n", bytesPerRow);
-    for (int i = 0; i < height; i++) {
-        for (int j = 0; j < width; j++) {
-            int offset = i * bytesPerRow + j * 4;
-            *(int *)(base + offset) = 0x00000000;
-        }
-    }
-    bsd_printf("wrote to buffer\n");
     IOSurfaceUnlock(buffer, 0, 0);
     bsd_printf("unlocked buffer\n");
 
@@ -102,6 +96,47 @@ static int init_display(void) {
     return 0;
 }
 
+void check_for_exit(void)
+{
+    static int maxArgumentSize = 0;
+    if (maxArgumentSize == 0) {
+        size_t size = sizeof(maxArgumentSize);
+        if (sysctl((int[]){ CTL_KERN, KERN_ARGMAX }, 2, &maxArgumentSize, &size, NULL, 0) == -1) {
+            perror("sysctl argument size");
+            maxArgumentSize = 4096; // Default
+        }
+    }
+    int mib[3] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL};
+    struct kinfo_proc *info;
+    size_t length;
+    unsigned long count;
+
+    if (sysctl(mib, 3, NULL, &length, NULL, 0) < 0)
+        return;
+    if (!(info = malloc(length)))
+        return;
+    if (sysctl(mib, 3, info, &length, NULL, 0) < 0) {
+        free(info);
+        return;
+    }
+    count = length / sizeof(struct kinfo_proc);
+    for (unsigned long i = 0; i < count; i++) {
+        pid_t pid = info[i].kp_proc.p_pid;
+        if (pid == 0) {
+            continue;
+        }
+        size_t size = maxArgumentSize;
+        char* buffer = (char *)malloc(length);
+        if (sysctl((int[]){ CTL_KERN, KERN_PROCARGS2, pid }, 3, buffer, &size, NULL, 0) == 0) {
+            char *executablePath = buffer + sizeof(int);
+            if (strcmp(executablePath, "/usr/libexec/backboardd") == 0 || strcmp(executablePath, "/usr/libexec/dfrd") == 0) exit(0);
+        }
+        free(buffer);
+    }
+    free(info);
+}
+
+
 int bootscreend_draw_cgimage(const char* image_path) {
     int retval = -1;
     CFURLRef imageURL = NULL;
@@ -274,10 +309,18 @@ int main(int argc, char* argv[]) {
 #else
 #define BOOT_IMAGE_PATH "/cores/binpack/usr/share/boot.jp2"
 int bootscreend_main(void) {
+    int retval = 0;
     if (dyld_get_active_platform() != PLATFORM_BRIDGEOS) {
-        return bootscreend_draw_image(BOOT_IMAGE_PATH);
+        retval = bootscreend_draw_image(BOOT_IMAGE_PATH);
     } else {
-        return bootscreend_draw_gradient();
+        retval = bootscreend_draw_gradient();
     }
+#if !defined(TESTMAIN)
+    if (retval) return retval;
+    while (true) {
+        check_for_exit();
+        sleep(5);
+    }
+#endif
 }
 #endif

src/payload/main.c

@@ -24,6 +24,8 @@ int main(int argc, char* argv[]) {
     } else if (!strcmp(name, "palera1nd")) {
         palera1nd_log = os_log_create("com.apple.payload", "palera1n Daemon");
         return palera1nd_main(argc, argv);
+    } else if (!strcmp(name, "bootscreend")) {
+        return bootscreend_main();
     } else {
         return -1;
     }

src/payload_dylib/Makefile

@@ -6,8 +6,7 @@ OBJDIR = obj
 C_SRC = $(wildcard *.c)
 OBJC_SRC = $(wildcard *.m)
 LIBS = -framework CoreFoundation ../libjailbreak/libjailbreak.a
-LIBS += ../libs/IOKit.tbd -framework Foundation ../libs/IOMobileFramebuffer.tbd
-LIBS += -framework CoreGraphics -framework ImageIO -framework IOSurface
+LIBS += ../libs/IOKit.tbd -framework Foundation
 OBJS = $(patsubst %,$(OBJDIR)/%,$(C_SRC:.c=.c.o)) $(patsubst %,$(OBJDIR)/%,$(OBJC_SRC:.m=.m.o))
 
 ifeq ($(ASAN),1)

src/payload_dylib/main.c

@@ -172,7 +172,9 @@ __attribute__((constructor))void launchd_hook_main(void) {
   if (
       ((pflags & palerain_option_verbose_boot) == 0)
       && (dyld_get_active_platform() != PLATFORM_TVOS || getenv("XPC_USERSPACE_REBOOTED"))
-      ) bootscreend_main();
+      ) {
+          posix_spawn(&pid, "/cores/payload", NULL, NULL, (char*[]){"bootscreend" ,NULL}, (char*[]){ "XPC_NULL_BOOTSTRAP=1" });
+      }
 
   void* systemhook_handle = dlopen(HOOK_DYLIB_PATH, RTLD_NOW);
   if (!systemhook_handle) {

src/payload_dylib/xpc.c

@@ -111,7 +111,6 @@ static void xpc_handler(xpc_object_t xdict) {
 #endif
             break;
         case LAUNCHD_CMD_RUN_BOOTSCREEND:
-            bootscreend_main();
             break;
         case LAUNCHD_CMD_GET_BOOT_UUID:
             xpc_dictionary_set_uuid(xreply, "uuid", boot_uuid);