From 023d77b59d383e39411268af39233d589d2d55e6 Mon Sep 17 00:00:00 2001
From: Cryptiiiic <liamwqs@gmail.com>
Date: Fri, 24 May 2024 12:38:08 -0700
Subject: [PATCH] Fix a9 iPads

---
 src/ibootpatchfinder64_iOS14.cpp | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/ibootpatchfinder64_iOS14.cpp b/src/ibootpatchfinder64_iOS14.cpp
index 8413816..4875c08 100644
--- a/src/ibootpatchfinder64_iOS14.cpp
+++ b/src/ibootpatchfinder64_iOS14.cpp
@@ -88,18 +88,20 @@ std::vector<patch> ibootpatchfinder64_iOS14::get_sigcheck_patch(){
         patches.push_back({img4interposercallbackret2 - 4, "\x00\x00\x80\xD2" /*mov x0, 0*/, 4});
     } else {
         patches.push_back({img4interposercallbackret - 4, "\x00\x00\x80\xD2" /*mov x0, 0*/, 4});
-        while(--iter3 != insn::b) continue;
-        if(--iter3 != insn::ldp) {
-            while(--iter3 != insn::b) continue;
-            if(--iter3 != insn::ldp) {
-                reterror("img4interposercallback couldn't find branch for ret2!");
-            } else {
-                while(--iter3 != insn::mov) continue;
-                loc_t img4interposercallbackmovx20 = iter3().pc();
-                debug("img4interposercallbackmovx20=%p", img4interposercallbackmovx20);
-                patches.push_back({img4interposercallbackmovx20, "\x00\x00\x80\xD2" /*mov x0, 0*/, 4});
-            }
+        int i = 0;
+        for(; i < 100; i++) {
+          while(--iter3 != insn::b) continue;
+          if(--iter3 == insn::ldp) {
+            break;
+          }
+        }
+        if(i == 99) {
+            reterror("img4interposercallback couldn't find branch for ret2!");
         }
+        while(--iter3 != insn::mov) continue;
+        loc_t img4interposercallbackmovx20 = iter3().pc();
+        debug("img4interposercallbackmovx20=%p", img4interposercallbackmovx20);
+        patches.push_back({img4interposercallbackmovx20, "\x00\x00\x80\xD2" /*mov x0, 0*/, 4});
     }
     return patches;
 }