Add kuaishou example

examples/algorithms/bangbang.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.ceair.b2m/ceair_iOS_branch"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.ceair.b2m/ceair_iOS_branch")
 
 
 def main():

examples/algorithms/dewu.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.siwuai.duapp/5.61.4/DUApp"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.siwuai.duapp/5.61.4/DUApp")
 
 
 def main():

examples/algorithms/ijm.py → examples/algorithms/ijiami.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.csair.MBP/CSMBP-AppStore-Package"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.csair.MBP/CSMBP-AppStore-Package")
 
 
 def hook_retval(retval):

examples/algorithms/kuaishou.py

@@ -0,0 +1,95 @@
+import os
+
+from chomper import Chomper
+from chomper.const import ARCH_ARM64, OS_IOS
+from chomper.objc import ObjcRuntime
+
+base_path = os.path.abspath(os.path.dirname(__file__))
+
+rootfs_path = os.path.join(base_path, "../../rootfs/ios")
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.jiangjia.gif/gifCommonFramework")
+
+
+def hook_ksecurity_perf_report_sg_perf_report(uc, address, size, user_data):
+    pass
+
+
+def main():
+    if not os.path.exists(module_path):
+        print(
+            "Binary doesn't exist, please download "
+            "from 'https://sourceforge.net/projects/chomper-emu/files/'"
+        )
+        return
+
+    emu = Chomper(
+        arch=ARCH_ARM64,
+        os_type=OS_IOS,
+        rootfs_path=rootfs_path,
+    )
+    objc = ObjcRuntime(emu)
+
+    emu.load_module(module_path)
+
+    guard_manager_class = objc.find_class("KWOpenSecurityGuardManager")
+    guard_param_context_class = objc.find_class("KWOpenSecurityGuardParamContext")
+    signature_component_class = objc.find_class("KWOpenSecureSignatureComponent")
+    perf_report_class = objc.find_class("KSecurityPerfReport")
+
+    # Auth file
+    auth_file = "video_yh_loading_icon.kss"
+
+    # Forward file accesses
+    emu.os.forward_path(
+        f"{os.path.dirname(emu.os.executable_path)}/{auth_file}",
+        os.path.join(module_path, "..", auth_file)
+    )
+
+    # Diable data report
+    emu.add_interceptor(
+        perf_report_class.get_instance_method("sgPerfReport:message:errorCode:").implementation,
+        hook_ksecurity_perf_report_sg_perf_report,
+    )
+
+    with objc.autorelease_pool():
+        # Initialize
+        manager = guard_manager_class.call_method("getInstance")
+        manager.call_method("initSDK")
+        manager.call_method("setIsInitialize:", 1)
+
+        component = signature_component_class.call_method("alloc")
+        component.call_method("init")
+
+        # Sign
+        app_key = objc.create_ns_string("d7b7d042-d4f2-4012-be60-d97ff2429c17")
+        input_str = objc.create_ns_data(b"test")
+        wbindex_key = objc.create_ns_string("lD6We1E8i")
+        sdk_id = objc.create_ns_string("")
+        sdk_name = objc.create_ns_string("")
+        ztconfig_file_path = objc.create_ns_string("")
+
+        context = guard_param_context_class.call_method(
+            "createParamContextWithAppKey:paramDict:requestType:input:wbindexKey:bInnerInvoke:sdkid:sdkName:ztconfigFilePath:",
+            app_key,
+            0,
+            1,
+            input_str,
+            wbindex_key,
+            0,
+            sdk_id,
+            sdk_name,
+            ztconfig_file_path,
+        )
+
+        component.call_method("atlasSignPlus:", context)
+
+        output = context.call_method("output")
+        data_bytes = output.call_method("bytes")
+        data_length = output.call_method("length")
+
+        result = emu.read_bytes(data_bytes, data_length).decode("utf-8")
+        emu.logger.info("Result: %s", result)
+
+
+if __name__ == "__main__":
+    main()

examples/algorithms/wtoken.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.csair.MBP/CSMBP-AppStore-Package"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.csair.MBP/CSMBP-AppStore-Package")
 
 
 def main():
@@ -40,10 +39,10 @@ def main():
         # Sign
         data = objc.create_ns_data(b'{"biClassId":["2","3","4"]}')
 
-        wtoken = objc.msg_send(ali_tiger_tally_instance, "vmpSign:", data)
-        wtoken_str = emu.read_string(objc.msg_send(wtoken, "UTF8String"))
+        result = objc.msg_send(ali_tiger_tally_instance, "vmpSign:", data)
+        result_str = emu.read_string(objc.msg_send(result, "UTF8String"))
 
-        emu.logger.info("wtoken: %s", wtoken_str)
+        emu.logger.info("Result: %s", result_str)
 
 
 if __name__ == "__main__":

examples/algorithms/xhs.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.xingin.discover/8.74/discover"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.xingin.discover/8.74/discover")
 
 
 def main():
@@ -45,6 +44,7 @@ def main():
 
         result = ti_tiny_class.call_method("signWithMethod:url:payload:", method, url, payload)
         result_str = emu.read_string(result.call_method("description").call_method("UTF8String"))
+
         emu.logger.info("Sign result: %s", result_str)
 
 

examples/algorithms/zhihu.py

@@ -4,11 +4,10 @@
 from chomper.const import ARCH_ARM64, OS_IOS
 from chomper.objc import ObjcRuntime
 
-binary_path = "examples/binaries/ios/com.zhihu.ios/osee2unifiedRelease"
-
 base_path = os.path.abspath(os.path.dirname(__file__))
+
 rootfs_path = os.path.join(base_path, "../../rootfs/ios")
-module_path = os.path.join(base_path, "../..", binary_path)
+module_path = os.path.join(base_path, "../../examples/binaries/ios/com.zhihu.ios/osee2unifiedRelease")
 
 
 def main():

src/chomper/os/android/const.py

@@ -55,5 +55,6 @@
 ENOENT = 2
 EBADF = 9
 EACCES = 13
+EFAULT = 14
 EEXIST = 17
 ENOTDIR = 20

src/chomper/os/android/structs.py

@@ -15,6 +15,9 @@ def from_time_ns(cls, time_ns: int) -> "Timespec":
             tv_nsec=time_ns % (10**9),
         )
 
+    def to_seconds(self) -> float:
+        return float(self.tv_sec) + float(self.tv_nsec) / 1e9
+
 
 class Stat64(ctypes.Structure):
     _fields_ = [

src/chomper/os/android/syscall.py

@@ -18,6 +18,7 @@
     SyscallError.ENOENT: (const.ENOENT, "ENOENT"),
     SyscallError.EBADF: (const.EBADF, "EBADF"),
     SyscallError.EACCES: (const.EACCES, "EACCES"),
+    SyscallError.EFAULT: (const.EFAULT, "EFAULT"),
     SyscallError.EEXIST: (const.EEXIST, "EEXIST"),
     SyscallError.ENOTDIR: (const.ENOTDIR, "ENOTDIR"),
 }

src/chomper/os/ios/const.py

@@ -52,6 +52,8 @@
 SYS_SOCKETPAIR = 0x87
 SYS_MKDIR = 0x88
 SYS_RMDIR = 0x89
+SYS_UTIMES = 0x8A
+SYS_FUTIMES = 0x8B
 SYS_ADJTIME = 0x8C
 SYS_PREAD = 0x99
 SYS_PWRITE = 0x9A
@@ -62,6 +64,7 @@
 SYS_SETRLIMIT = 0xC3
 SYS_MMAP = 0xC5
 SYS_LSEEK = 0xC7
+SYS_FTRUNCATE = 0xC9
 SYS_SYSCTL = 0xCA
 SYS_OPEN_DPROTECTED_NP = 0xD8
 SYS_GETATTRLIST = 0xDC
@@ -112,6 +115,7 @@
 SYS_GUARDED_OPEN_NP = 0x1B9
 SYS_GUARDED_CLOSE_NP = 0x1BA
 SYS_GETATTRLISTBULK = 0x1CD
+SYS_CLONEFILEAT = 0x1CE
 SYS_OPENAT = 0x1CF
 SYS_OPENAT_NOCANCEL = 0x1D0
 SYS_RENAMEAT = 0x1D1
@@ -163,6 +167,7 @@
 KERNELRPC_MACH_PORT_REQUEST_NOTIFICATION_TRAP = -0x4D
 MACH_TIMEBASE_INFO_TRAP = -0x59
 MK_TIMER_CREATE_TRAP = -0x5B
+MK_TIMER_ARM = -0x5D
 
 # CTL Types
 
@@ -226,6 +231,7 @@
 ENOENT = 2
 EBADF = 9
 EACCES = 13
+EFAULT = 14
 EEXIST = 17
 ENOTDIR = 20
 

src/chomper/os/ios/ios.py

@@ -2,6 +2,7 @@
 import os
 import plistlib
 import random
+import shutil
 import sys
 import time
 import uuid
@@ -340,6 +341,18 @@ def getdirentries(self, fd: int, offset: int) -> Optional[bytes]:
         )
         return struct_to_bytes(st)
 
+    @log_call
+    def clonefileat(
+        self, src_dir_fd: int, src_path: str, dst_dir_fd: int, dst_path: str
+    ):
+        src_path = self._resolve_dir_fd(src_dir_fd, src_path)
+        dst_path = self._resolve_dir_fd(dst_dir_fd, dst_path)
+
+        real_src_path = self._get_real_path(src_path)
+        real_dst_path = self._get_real_path(dst_path)
+
+        shutil.copy2(real_src_path, real_dst_path)
+
     def _setup_tls(self):
         """Initialize thread local storage (TLS)."""
         errno_ptr = self.emu.create_buffer(0x8)

src/chomper/os/ios/structs.py

@@ -27,6 +27,9 @@ def from_time_ns(cls, time_ns: int) -> "Timespec":
             tv_nsec=time_ns % (10**9),
         )
 
+    def to_seconds(self) -> float:
+        return float(self.tv_sec) + float(self.tv_nsec) / 1e9
+
 
 class Stat64(ctypes.Structure):
     _fields_ = [