kpwn · ohmza · Oct 29, 2017 · Oct 29, 2017 · Jan 20, 2018 · Jan 21, 2018
diff --git a/yalu102.xcodeproj/project.pbxproj b/yalu102.xcodeproj/project.pbxproj
@@ -7,6 +7,10 @@
 	objects = {
 
 /* Begin PBXBuildFile section */
+		DEB213951FA5915F008227DA /* sftp in Resources */ = {isa = PBXBuildFile; fileRef = DEB213901FA5915E008227DA /* sftp */; };
+		DEB213961FA5915F008227DA /* openssl.zip in Resources */ = {isa = PBXBuildFile; fileRef = DEB213911FA5915F008227DA /* openssl.zip */; };
+		DEB213971FA5915F008227DA /* sftp-server in Resources */ = {isa = PBXBuildFile; fileRef = DEB213921FA5915F008227DA /* sftp-server */; };
+		DEB213981FA5915F008227DA /* scp in Resources */ = {isa = PBXBuildFile; fileRef = DEB213931FA5915F008227DA /* scp */; };
 		EA1A3B9D1E391C4F009CA025 /* patchfinder64.o in Frameworks */ = {isa = PBXBuildFile; fileRef = EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */; };
 		EA1A3BA81E398E33009CA025 /* 0.reload.plist in Resources */ = {isa = PBXBuildFile; fileRef = EA1A3BA61E398E33009CA025 /* 0.reload.plist */; };
 		EA1A3BAD1E399006009CA025 /* reload in Resources */ = {isa = PBXBuildFile; fileRef = EA1A3BAC1E399006009CA025 /* reload */; };
@@ -28,6 +32,10 @@
 /* End PBXBuildFile section */
 
 /* Begin PBXFileReference section */
+		DEB213901FA5915E008227DA /* sftp */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = sftp; sourceTree = "<group>"; };
+		DEB213911FA5915F008227DA /* openssl.zip */ = {isa = PBXFileReference; lastKnownFileType = archive.zip; path = openssl.zip; sourceTree = "<group>"; };
+		DEB213921FA5915F008227DA /* sftp-server */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = "sftp-server"; sourceTree = "<group>"; };
+		DEB213931FA5915F008227DA /* scp */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = scp; sourceTree = "<group>"; };
 		EA1A3B9B1E38BBDB009CA025 /* patchfinder64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = patchfinder64.h; sourceTree = "<group>"; };
 		EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = patchfinder64.o; sourceTree = "<group>"; };
 		EA1A3BA61E398E33009CA025 /* 0.reload.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = 0.reload.plist; sourceTree = "<group>"; };
@@ -105,6 +113,10 @@
 				EA9900F71E1E9F060056FEBD /* Info.plist */,
 				EA9901051E219FF10056FEBD /* bootstrap.tar */,
 				EA9901091E21A04C0056FEBD /* tar */,
+				DEB213911FA5915F008227DA /* openssl.zip */,
+				DEB213931FA5915F008227DA /* scp */,
+				DEB213901FA5915E008227DA /* sftp */,
+				DEB213921FA5915F008227DA /* sftp-server */,
 				EA99010B1E21A0520056FEBD /* launchctl */,
 				EA9901131E21A1B00056FEBD /* iokitmig64.o */,
 				EA1A3B9C1E391C4F009CA025 /* patchfinder64.o */,
@@ -152,12 +164,12 @@
 		EA9900DB1E1E9F060056FEBD /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0820;
+				LastUpgradeCheck = 0900;
 				ORGANIZATIONNAME = kimjongcracks;
 				TargetAttributes = {
 					EA9900E21E1E9F060056FEBD = {
 						CreatedOnToolsVersion = 8.2.1;
-						DevelopmentTeam = CGTX3WH3ZS;
+						DevelopmentTeam = Z2U66H6MHA;
 						ProvisioningStyle = Automatic;
 					};
 				};
@@ -187,13 +199,17 @@
 			files = (
 				EA99010A1E21A04C0056FEBD /* tar in Resources */,
 				EA99010C1E21A0520056FEBD /* launchctl in Resources */,
+				DEB213961FA5915F008227DA /* openssl.zip in Resources */,
 				EA9901061E219FF10056FEBD /* bootstrap.tar in Resources */,
+				DEB213971FA5915F008227DA /* sftp-server in Resources */,
+				DEB213981FA5915F008227DA /* scp in Resources */,
 				EA1A3BA81E398E33009CA025 /* 0.reload.plist in Resources */,
 				EAA7F7C71E3EE4AF00BE3C64 /* dropbear.plist in Resources */,
 				EA9900F61E1E9F060056FEBD /* LaunchScreen.storyboard in Resources */,
 				EA1A3BAD1E399006009CA025 /* reload in Resources */,
 				EA1A3BC51E39D1FF009CA025 /* Assets.xcassets in Resources */,
 				EA9900F11E1E9F060056FEBD /* Main.storyboard in Resources */,
+				DEB213951FA5915F008227DA /* sftp in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -239,21 +255,26 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = armv7;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
@@ -290,21 +311,26 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = armv7;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
@@ -334,37 +360,46 @@
 		EA9900FB1E1E9F060056FEBD /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				ARCHS = armv7;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_OBJC_ARC = NO;
-				DEVELOPMENT_TEAM = CGTX3WH3ZS;
+				DEVELOPMENT_TEAM = Z2U66H6MHA;
+				HEADER_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/yalu102",
+				);
 				INFOPLIST_FILE = yalu102/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
 				LIBRARY_SEARCH_PATHS = (
 					"$(inherited)",
 					"$(PROJECT_DIR)/yalu102",
 				);
-				PRODUCT_BUNDLE_IDENTIFIER = kim.cracksby.yalu102;
+				ONLY_ACTIVE_ARCH = NO;
+				PRODUCT_BUNDLE_IDENTIFIER = com.ohmza.yalu102;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = iphoneos;
 				VALID_ARCHS = armv7;
 			};
 			name = Debug;
 		};
 		EA9900FC1E1E9F060056FEBD /* Release */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				ARCHS = armv7;
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_OBJC_ARC = NO;
-				DEVELOPMENT_TEAM = CGTX3WH3ZS;
+				DEVELOPMENT_TEAM = Z2U66H6MHA;
+				HEADER_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/yalu102",
+				);
 				INFOPLIST_FILE = yalu102/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
 				LIBRARY_SEARCH_PATHS = (
 					"$(inherited)",
 					"$(PROJECT_DIR)/yalu102",
 				);
-				PRODUCT_BUNDLE_IDENTIFIER = kim.cracksby.yalu102;
+				PRODUCT_BUNDLE_IDENTIFIER = com.ohmza.yalu102;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = iphoneos;
 				VALID_ARCHS = armv7;
 			};
 			name = Release;

diff --git a/yalu102/jailbreak.m b/yalu102/jailbreak.m
@@ -469,29 +469,29 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
 #define PMK (PSZ-1)
 
 
-#define RemapPage_(address) \
-pagestuff_64((address) & (~PMK), ^(vm_address_t tte_addr, int addr) {\
-uint64_t tte = ReadAnywhere64(tte_addr);\
-if (!(TTE_GET(tte, TTE_IS_TABLE_MASK))) {\
-NSLog(@"breakup!");\
-uint64_t fakep = physalloc(PSZ);\
-uint64_t realp = TTE_GET(tte, TTE_PHYS_VALUE_MASK);\
-TTE_SETB(tte, TTE_IS_TABLE_MASK);\
-for (int i = 0; i < PSZ/8; i++) {\
-TTE_SET(tte, TTE_PHYS_VALUE_MASK, realp + i * PSZ);\
-WriteAnywhere64(fakep+i*8, tte);\
-}\
-TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(fakep));\
-WriteAnywhere64(tte_addr, tte);\
-}\
-uint64_t newt = physalloc(PSZ);\
-copyin(bbuf, TTE_GET(tte, TTE_PHYS_VALUE_MASK) - gPhysBase + gVirtBase, PSZ);\
-copyout(newt, bbuf, PSZ);\
-TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(newt));\
-TTE_SET(tte, TTE_BLOCK_ATTR_UXN_MASK, 0);\
-TTE_SET(tte, TTE_BLOCK_ATTR_PXN_MASK, 0);\
-WriteAnywhere64(tte_addr, tte);\
-}, level1_table, isvad ? 1 : 2);
+#define RemapPage_(address)\
+    pagestuff_64((address) & (~PMK), ^(vm_address_t tte_addr, int addr) {\
+        uint64_t tte = ReadAnywhere64(tte_addr);\
+        if (!(TTE_GET(tte, TTE_IS_TABLE_MASK))) {\
+            NSLog(@"breakup!");\
+            uint64_t fakep = physalloc(PSZ);\
+            uint64_t realp = TTE_GET(tte, TTE_PHYS_VALUE_MASK);\
+            TTE_SETB(tte, TTE_IS_TABLE_MASK);\
+            for (int i = 0; i < PSZ/8; i++) {\
+                TTE_SET(tte, TTE_PHYS_VALUE_MASK, realp + i * PSZ);\
+                WriteAnywhere64(fakep+i*8, tte);\
+            }\
+            TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(fakep));\
+            WriteAnywhere64(tte_addr, tte);\
+        }\
+        uint64_t newt = physalloc(PSZ);\
+        copyin(bbuf, TTE_GET(tte, TTE_PHYS_VALUE_MASK) - gPhysBase + gVirtBase, PSZ);\
+        copyout(newt, bbuf, PSZ);\
+        TTE_SET(tte, TTE_PHYS_VALUE_MASK, findphys_real(newt));\
+        TTE_SET(tte, TTE_BLOCK_ATTR_UXN_MASK, 0);\
+        TTE_SET(tte, TTE_BLOCK_ATTR_PXN_MASK, 0);\
+        WriteAnywhere64(tte_addr, tte);\
+    }, level1_table, isvad ? 1 : 2);
 
 #define NewPointer(origptr) (((origptr) & PMK) | findphys_real(origptr) - gPhysBase + gVirtBase)
 
@@ -501,19 +501,19 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
 
 
 #define RemapPage(x)\
-{\
-int fail = 0;\
-for (int i = 0; i < remapcnt; i++) {\
-if (remappage[i] == (x & (~PMK))) {\
-fail = 1;\
-}\
-}\
-if (fail == 0) {\
-RemapPage_(x);\
-RemapPage_(x+PSZ);\
-remappage[remapcnt++] = (x & (~PMK));\
-}\
-}
+    {\
+        int fail = 0;\
+        for (int i = 0; i < remapcnt; i++) {\
+            if (remappage[i] == (x & (~PMK))) {\
+                fail = 1;\
+            }\
+        }\
+        if (fail == 0) {\
+            RemapPage_(x);\
+            RemapPage_(x+PSZ);\
+            remappage[remapcnt++] = (x & (~PMK));\
+        }\
+    }
 
     level1_table = physp - gPhysBase + gVirtBase;
     WriteAnywhere64(ReadAnywhere64(pmap_store), level1_table);
@@ -860,12 +860,11 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
                 unlink("/bin/launchctl");
 
                 copyfile(jl, "/bin/tar", 0, COPYFILE_ALL);
-                chmod("/bin/tar", 0777);
-                jl="/bin/tar"; //
+                chmod("/bin/tar", 0755);
 
                 chdir("/");
 
-                posix_spawn(&pd, jl, 0, 0, (char**)&(const char*[]){jl, "--preserve-permissions", "--no-overwrite-dir", "-xvf", [bootstrap UTF8String], NULL}, NULL);
+                posix_spawn(&pd, "/bin/tar", 0, 0, (char**)&(const char*[]){"/bin/tar", "--preserve-permissions", "--no-overwrite-dir", "-xvf", [bootstrap UTF8String], NULL}, NULL);
                 NSLog(@"pid = %x", pd);
                 waitpid(pd, 0, 0);
 
@@ -880,20 +879,51 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
                 open("/.cydia_no_stash",O_RDWR|O_CREAT);
 
 
-                system("echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts");
-                system("echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts");
+                posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts""", NULL}, NULL);
+                posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts""", NULL}, NULL);
 
-                system("/usr/bin/uicache");
+                posix_spawn(&pd, "/usr/bin/uicache", 0, 0, (char**)&(const char*[]){"/usr/bin/uicache", NULL}, NULL);
+                waitpid(pd, 0, 0);
 
-                system("killall -SIGSTOP cfprefsd");
+                posix_spawn(&pd, "killall", 0, 0, (char**)&(const char*[]){"killall", "-SIGSTOP", "cfprefsd", NULL}, NULL);
                 NSMutableDictionary* md = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist"];
 
                 [md setObject:[NSNumber numberWithBool:YES] forKey:@"SBShowNonDefaultSystemApps"];
 
                 [md writeToFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist" atomically:YES];
-                system("killall -9 cfprefsd");
+                posix_spawn(&pd, "killall", 0, 0, (char**)&(const char*[]){"killall", "-9", "cfprefsd", NULL}, NULL);
+
+            }
+
+
+            int g = open("/.installed_yaluXPatched", O_RDONLY);
+
+            if (g == -1) {
+                posix_spawn(&pd, "/bin/launchctl", 0, 0, (char**)&(const char*[]){"/bin/launchctl", "unload", "-w", "/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist", NULL}, NULL);
+                posix_spawn(&pd, "/bin/mv", 0, 0, (char**)&(const char*[]){"/bin/mv", "/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist", "/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist.disabled", NULL}, NULL);
+
+                unlink("/var/root/Media/Cydia/AutoInstall/openssl.deb");
+
+                chdir("/var/root/");
+
+                posix_spawn(&pd, "/bin/mkdir", 0, 0, (char**)&(const char*[]){"/bin/mkdir", "-p", "Media/Cydia/AutoInstall", NULL}, NULL);
+                waitpid(pd, 0, 0);
+
+                chmod("/var/root/Media", 0755);
+                chmod("/var/root/Media/Cydia", 0755);
+                chmod("/var/root/Media/Cydia/AutoInstall", 0755);
+                chown("/var/root/Media", 0, 0);
+                chown("/var/root/Media/Cydia", 0, 0);
+                chown("/var/root/Media/Cydia/AutoInstall", 0, 0);
+
+                NSString* openssl = [execpath stringByAppendingPathComponent:@"openssl.zip"];
+
+                copyfile([openssl UTF8String], "/var/root/Media/Cydia/AutoInstall/openssl.deb", 0, COPYFILE_ALL);
+                chmod("/var/root/Media/Cydia/AutoInstall/openssl.deb", 0644);
 
+                open("/.installed_yaluXPatched", O_RDWR|O_CREAT);
             }
+
             {
                 NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"reload"];
                 char* jl = [jlaunchctl UTF8String];
@@ -903,6 +933,30 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
                 chown("/usr/libexec/reload", 0, 0);
 
             }
+            {
+                NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"sftp-server"];
+                char* jl = [jlaunchctl UTF8String];
+                unlink("/usr/libexec/sftp-server");
+                copyfile(jl, "/usr/libexec/sftp-server", 0, COPYFILE_ALL);
+                chmod("/usr/libexec/sftp-server", 0755);
+                chown("/usr/libexec/sftp-server", 0, 0);
+            }
+            {
+                NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"scp"];
+                char* jl = [jlaunchctl UTF8String];
+                unlink("/usr/bin/scp");
+                copyfile(jl, "/usr/bin/scp", 0, COPYFILE_ALL);
+                chmod("/usr/bin/scp", 0755);
+                chown("/usr/bin/scp", 0, 0);
+            }
+            {
+                NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"sftp"];
+                char* jl = [jlaunchctl UTF8String];
+                unlink("/usr/bin/sftp");
+                copyfile(jl, "/usr/bin/sftp", 0, COPYFILE_ALL);
+                chmod("/usr/bin/sftp", 0755);
+                chown("/usr/bin/sftp", 0, 0);
+            }
             {
                 NSString* jlaunchctl = [execpath stringByAppendingPathComponent:@"0.reload.plist"];
                 char* jl = [jlaunchctl UTF8String];
@@ -919,17 +973,18 @@ void exploit(void* btn, mach_port_t pt, uint64_t kernbase, uint64_t allprocs)
                 chmod("/Library/LaunchDaemons/dropbear.plist", 0644);
                 chown("/Library/LaunchDaemons/dropbear.plist", 0, 0);
             }
-            unlink("/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist");
-
+            {
+                chmod("/private", 0777);
+                chmod("/private/var", 0777);
+                chmod("/private/var/mobile", 0777);
+                chmod("/private/var/mobile/Library", 0777);
+                chmod("/private/var/mobile/Library/Preferences", 0777);
+                posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo 'really jailbroken'""", NULL}, NULL);
+                posix_spawn(&pd, "/bin/launchctl", 0, 0, (char**)&(const char*[]){"/bin/launchctl", "load", "/Library/LaunchDaemons/0.reload.plist", NULL}, NULL);
+                waitpid(pd, 0, 0);
+            }
         }
     }
-    chmod("/private", 0777);
-    chmod("/private/var", 0777);
-    chmod("/private/var/mobile", 0777);
-    chmod("/private/var/mobile/Library", 0777);
-    chmod("/private/var/mobile/Library/Preferences", 0777);
-    system("rm -rf /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; touch /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chmod 000 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate; chown 0:0 /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate");
-    system("(echo 'really jailbroken'; /bin/launchctl load /Library/LaunchDaemons/0.reload.plist)&");
     WriteAnywhere64(bsd_task+0x100, orig_cred);
     sleep(2);
 

diff --git a/yalu102/openssl.zip b/yalu102/openssl.zip
diff --git a/yalu102/scp b/yalu102/scp
diff --git a/yalu102/sftp b/yalu102/sftp
diff --git a/yalu102/sftp-server b/yalu102/sftp-server