When the MacDirtyCow exploit for iOS 15.X-16.1.2 devices first made its appearance, developers quickly took advantage of the newfangled ability to read and write to kernel memory.
One of the first and most prominent add-ons to take advantage of MacDirtyCow was WDBFontOverwrite, an app that could modify Lock Screen and system fonts without a jailbreak. But a new development promises to make this feature available to those using newer firmware.
Enter KFDFontOverwrite, a fork of the WDBFontOverwrite app for MacDirtyCow that has been reworked to be compatible with the new kernel file descriptor (kfd) exploit that works on firmware up to and including iOS 16.5 (and 16.6 beta 1).
As noted on the project’s GitHub page, KFDFontOverwrite requires kfd offsets to be used, but if you’ve been following along, then you know that some developers, such as tihmstar, have released tools that can help you find those. The developer explains how this works in a /r/jailbreak post:
KFDFontOverwrite is an app that allows you to overwrite fonts on iOS ported to use the kfd kernel read/write primitives and xsf1re’s fork, which further built on them.
This needs kfd offsets found in dynamic_info.h. If you don’t see your device + iOS combination or crash when kopening, please refer to lrdsnow’s kfd-offsets repository, add them to dynamic_info, and change the 4 + 0x8 to 0x10. then build with Xcode.
If you don’t have xcode, please wait or open a PR with your dynamic_info.h, don’t duplicate. I will collate them together and push IPAs when I’m free.
I’m waiting for a unified dynamic_info.h file to come out with every device/iOS combination (it will be monstrously long)
Given the need to find your own offsets, it doesn’t seem to be as user-friendly as WBDFontOverwrite, but it’s still a fantastic achievement nevertheless, as there isn’t currently a jailbreak for A12 and newer devices running any firmware newer than iOS 15.4.1 (Dopamine). Having said that, here’s a way to make system modifications without a jailbreak, and it looks promising.
While iOS 16’s Lock Screen already allows for custom fonts, KFDFontOverwrite is vastly more flexible in that it allows you to change system fonts and choose from a greater list of font families.
It’s worth noting that many developers are now working to bring MacDirtyCow-centric add-ons to kfd-vulnerable devices, so it’s possible that we’ll be seeing a lot more of this as time goes on. Some projects include Cowabunga and the Misaka package manager app, but there are others as well.
At some point, kfd could be useful in developing a jailbreak, however that isn’t likely until someone releases a PPL bypass. It’s unknown if or when that might happen, but much of the community is starting to prepare their devices in anticipation for one.
Are you excited to see more add-ons coming to non-jailbroken devices by way of kfd? Let us know why or why not in the comments section down below.