opa334 / choma Goto Github PK

I try to set an arbitrary TeamID so I can inject a dylib to an arbitrary app with opainject. I updatedAppStoreCodeDirectory.h with a Code Directory from the target app but when I use opainject, the kernel complains about the signature. Is there any step I am missing?

I use insert_dylib and ct_bypass to inject some apps. Some can start normally, but some software will crash. For example, this log. I tried to change other frameworks that inject it, and the same is true.

Hello, do you have any complete open source projects that use this technique? I would like to use them as a reference and then develop similar functionality.

Hi everyone!

It may be a dumb question, but how can i check that CVE-2023-41991 exploitation is successful on a 'hello world' binary that i compiled in xcode? I mean codesign tool gives me "none" flag and when i try to run it on iphone, it just gets kill by the terminal..

thanks

Hello @opa334 ,

I am sorry to bother you. Is it possible to install an IPA after applying ct_bypass to the app bundle inside. I was trying to do this but got Failed to verify code signature of /var/ ... (and the extracted payload path). I applied the ct_bypass to it before so I don't understand why the signature is invalid. Shouldn't ct_bypass sign the binary?

If it is possible, can you please point me to the right direction?

P.S. So basically the question is, how to install IPA without TrollStore but instead applying the CoreTrust bug to it manually and installing using Sideloadly or Filza for example?

Thanks in advance,
Ivan Nikolskiy (@enty8080)

I have used several applications that use this technology. They stop the target application before injecting it and then inject it. Is the injection tool they use also opinject? Or there are other injection tools.

Hi everyone!
I compiled ct_bypass for arm64e, but when i'm trying to bypass it prints:

CoreTrust bypass eta s0n!!
Found 1 MachO slice.
File size 0x2131e0 bytes, MachO slice count 1.
Error: failed to find a valid, preferred macho.
Error: failed to extract preferred slice!

It checks cpusubtype as 0x80000002 and cannot find slice.
I checked macho with otool and it prints:

ct_bypass_arm64e:
Mach header
      magic  cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777228          2  0x80           2    20       1968 0x00200085