From 7b6d860bc1084d69c40c839c2bf4192f0dfb7fb0 Mon Sep 17 00:00:00 2001
From: 0x0L <0x0L@users.noreply.github.com>
Date: Wed, 5 Oct 2016 00:57:54 +0200
Subject: [PATCH] Update RSBypass.m

---
 RSBypass/RSBypass/RSBypass.m | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/RSBypass/RSBypass/RSBypass.m b/RSBypass/RSBypass/RSBypass.m
index 99f4378..9135886 100644
--- a/RSBypass/RSBypass/RSBypass.m
+++ b/RSBypass/RSBypass/RSBypass.m
@@ -9,12 +9,13 @@
 
 // These numbers come from otool -lv
 const DWORD  segStart = 0x001000;
-const size_t segLen   = 0x0135b000;
+const size_t segLen   = 0x013ce000;
 
 // Could be made more general to bypass all signature checks
 // including ini files...
 // For the time being only patches the sig verif of sng files
-const char*  hint     = "\x0f\x84\xc6\x0a\x00\x00";
+//const char*  hint     = "\x0f\x84\xc6\x0a\x00\x00";
+const char*  hint     = "\x84\xdb\x0f\x84\xde\x0a\x00\x00";
 
 
 bool bCompare(const BYTE* pData, const BYTE * bMask, const char* szMask) {
@@ -35,23 +36,25 @@ bool bCompare(const BYTE* pData, const BYTE * bMask, const char* szMask) {
 @implementation RSBypass
 +(void)load
 {
+//    NSLog(@"RSBypass: load()");
+
     void* ptr = FindPattern(segStart, segLen,
-                            (BYTE*)hint, "xxxxxx");
+                            (BYTE*)hint, "xxxxxxxx");
     if (ptr) {
-
+        
         long page_size = sysconf(_SC_PAGESIZE);
         void* page_start = (long)ptr & -page_size;
-
+        
 //        NSLog(@"Removing memory protection");
         mprotect(page_start, page_size, PROT_READ | PROT_WRITE | PROT_EXEC);
-
+        
 //        NSLog(@"RSInjector: Bypassing signature check at %p", ptr);
-        memset(ptr, 0x90, 6);
-        msync(ptr, 6, MS_SYNC);
-
+        memset(ptr, 0x90, 8);
+        msync(ptr, 8, MS_SYNC);
+        
         // Restoring memory protection
         mprotect(page_start, page_size, PROT_READ | PROT_EXEC);
-
+        
     }
 }
 @end