Add iOS 16.7.2(arm64e) sandbox escape support

lara.xcodeproj/project.pbxproj

@@ -374,7 +374,7 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = arm64e;
+				ARCHS = arm64;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
@@ -439,7 +439,7 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = arm64e;
+				ARCHS = arm64;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
@@ -496,7 +496,7 @@
 		CC1C8B452F71DF9C00206982 /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				ARCHS = arm64e;
+				ARCHS = arm64;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = YES;
 				CODE_SIGN_STYLE = Automatic;
@@ -548,7 +548,7 @@
 		CC1C8B462F71DF9C00206982 /* Release */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				ARCHS = arm64e;
+				ARCHS = arm64;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = YES;
 				CODE_SIGN_STYLE = Automatic;

lara/classes/laramgr.swift

@@ -12,6 +12,44 @@ import notify
 import UIKit
 import WebKit
 
+private func loadMutablePropertyListDictionary(from url: URL) throws -> NSMutableDictionary {
+    let data = try Data(contentsOf: url)
+    var format = PropertyListSerialization.PropertyListFormat.binary
+    let plist = try PropertyListSerialization.propertyList(
+        from: data,
+        options: [.mutableContainersAndLeaves],
+        format: &format
+    )
+    guard let dict = plist as? NSMutableDictionary else {
+        throw "Property list root is not a dictionary."
+    }
+    return dict
+}
+
+private func clearImmutableForOverwriteIfNeeded(path: String) -> String? {
+    let majorVersion = ProcessInfo.processInfo.operatingSystemVersion.majorVersion
+    guard majorVersion == 16 else { return nil }
+
+    let fm = FileManager.default
+    guard let attributes = try? fm.attributesOfItem(atPath: path) else { return nil }
+
+    var updates: [FileAttributeKey: Any] = [:]
+    if (attributes[.immutable] as? NSNumber)?.boolValue == true {
+        updates[.immutable] = false
+    }
+    if (attributes[.appendOnly] as? NSNumber)?.boolValue == true {
+        updates[.appendOnly] = false
+    }
+    guard !updates.isEmpty else { return nil }
+
+    do {
+        try fm.setAttributes(updates, ofItemAtPath: path)
+        return nil
+    } catch {
+        return "clear immutable failed: \(error.localizedDescription)"
+    }
+}
+
 final class laramgr: ObservableObject {
     @Published var log: String = ""
     @Published var hasOffsets: Bool = false
@@ -326,9 +364,11 @@ final class laramgr: ObservableObject {
     }
 
     private func sbxoverwrite(path: String, data: Data) -> (ok: Bool, message: String) {
+        let immutableMessage = clearImmutableForOverwriteIfNeeded(path: path)
         let fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0o644)
         if fd == -1 {
-            return (false, "sbx open failed: errno=\(errno) \(String(cString: strerror(errno)))")
+            let prefix = immutableMessage.map { "\($0), " } ?? ""
+            return (false, "\(prefix)sbx open failed: errno=\(errno) \(String(cString: strerror(errno)))")
         }
         defer { close(fd) }
 
@@ -346,6 +386,10 @@ final class laramgr: ObservableObject {
         if !wroteAll {
             return (false, "sbx write failed: errno=\(errno) \(String(cString: strerror(errno)))")
         }
+
+        if ftruncate(fd, off_t(total)) != 0 {
+            return (false, "sbx truncate failed: errno=\(errno) \(String(cString: strerror(errno)))")
+        }
 
         return (true, "ok (\(total) bytes)")
     }
@@ -577,11 +621,7 @@ final class laramgr: ObservableObject {
             if !fm.fileExists(atPath: path) {
                 if !force { return (false, "file at \(path) does not exist or couldn't be found") }
             } else {
-                if let dictfromplist = NSMutableDictionary(contentsOf: URL(fileURLWithPath: path)) {
-                    dict = dictfromplist
-                } else {
-                    return (false, "could not convert plist at \(path) to readable data")
-                }
+                dict = try loadMutablePropertyListDictionary(from: URL(fileURLWithPath: path))
             }
             if let value = key.value {
                 dict[key.key] = value
@@ -611,14 +651,11 @@ final class laramgr: ObservableObject {
         do {
             let fm = FileManager.default
             if fm.fileExists(atPath: path) {
-                if let dict = NSDictionary(contentsOf: URL(fileURLWithPath: path)) {
-                    if let value = dict[key] {
-                        return (true, "success", value)
-                    } else {
-                        return (false, "key \(key) not found", nil)
-                    }
+                let dict = try loadMutablePropertyListDictionary(from: URL(fileURLWithPath: path))
+                if let value = dict[key] {
+                    return (true, "success", value)
                 } else {
-                    return(false, "could not convert plist at \(path) to readable data", nil)
+                    return (false, "key \(key) not found", nil)
                 }
             } else {
                 return (false, "file at \(path) does not exist or couldn't be found", nil)

lara/funcs/fetchkcache.swift

@@ -19,14 +19,16 @@ func larakcpath() -> String? {
 
 func fetchkcache() -> Bool {
     guard ds_is_ready(),
+          ds_get_our_proc() != 0,
+          ds_get_our_task() != 0,
           off_proc_p_fd != 0,
           off_filedesc_fd_ofiles != 0,
           off_fileproc_fp_glob != 0,
           off_fileglob_fg_data != 0,
           off_vnode_v_data != 0,
           off_namecache_nc_vp != 0,
           off_namecache_nc_child_tqe_next != 0 else {
-        globallogger.log("(fetchkcache) exploit or offsets not ready")
+        globallogger.log("(fetchkcache) exploit, self proc/task, or offsets not ready")
         return false
     }
 

lara/funcs/isunsupported.swift

@@ -32,7 +32,7 @@ func hasmie() -> Bool {
 func isunsupported() -> Bool {
     let v = ProcessInfo.processInfo.operatingSystemVersion
 
-    if v.majorVersion < 17 {
+    if v.majorVersion < 16 {
         return true
     }