]> git.saurik.com Git - veency.git/blobdiff - Tweak.mm
Fixed an obvious typo in libvncserver's clipping.
[veency.git] / Tweak.mm
index c3898efbb54f8206bcc758f63f1eab6e6def0052..1b99b5ba467d52588cd634d3746c20bf01ecaf6c 100644 (file)
--- a/Tweak.mm
+++ b/Tweak.mm
@@ -1,42 +1,28 @@
 /* Veency - VNC Remote Access Server for iPhoneOS
- * Copyright (C) 2008-2010  Jay Freeman (saurik)
+ * Copyright (C) 2008-2012  Jay Freeman (saurik)
 */
 
+/* GNU Affero General Public License, Version 3 {{{ */
 /*
- *        Redistribution and use in source and binary
- * forms, with or without modification, are permitted
- * provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer in the documentation
- *    and/or other materials provided with the
- *    distribution.
- * 3. The name of the author may not be used to endorse
- *    or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
- * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+**/
+/* }}} */
 
 #define _trace() \
     fprintf(stderr, "_trace()@%s:%u[%s]\n", __FILE__, __LINE__, __FUNCTION__)
+#define _likely(expr) \
+    __builtin_expect(expr, 1)
 #define _unlikely(expr) \
     __builtin_expect(expr, 0)
 
 #include <rfb/rfb.h>
 #include <rfb/keysym.h>
 
-#include <mach/mach_port.h>
+#include <mach/mach.h>
+#include <mach/mach_time.h>
+
 #include <sys/mman.h>
+#include <sys/sysctl.h>
 
-#import <QuartzCore/CAWindowServer.h>
-#import <QuartzCore/CAWindowServerDisplay.h>
+#undef assert
 
+#include <CoreFoundation/CFUserNotification.h>
 #import <CoreGraphics/CGGeometry.h>
 #import <GraphicsServices/GraphicsServices.h>
 #import <Foundation/Foundation.h>
-#import <IOMobileFramebuffer/IOMobileFramebuffer.h>
-#import <IOKit/IOKitLib.h>
 #import <UIKit/UIKit.h>
 
-#import <SpringBoard/SBAlertItemsController.h>
-#import <SpringBoard/SBDismissOnlyAlertItem.h>
-#import <SpringBoard/SBStatusBarController.h>
+#include <IOKit/hid/IOHIDEventTypes.h>
+#include <IOKit/hidsystem/IOHIDUsageTables.h>
+
+extern "C" {
+#include "SpringBoardAccess.h"
+}
+
+MSClassHook(BKAccessibility)
+MSClassHook(UIApplication)
+
+@interface UIApplication (Apple)
+- (void) addStatusBarImageNamed:(NSString *)name;
+- (void) removeStatusBarImageNamed:(NSString *)name;
+@end
+
+@interface CAWindowServerDisplay : NSObject
+- (mach_port_t) clientPortAtPosition:(CGPoint)position;
+- (unsigned) contextIdAtPosition:(CGPoint)position;
+- (mach_port_t) taskPortOfContextId:(unsigned)context;
+@end
+
+@interface CAWindowServer : NSObject
++ (CAWindowServer *) serverIfRunning;
+- (NSArray *) displays;
+@end
+
+@interface UIModalView : UIView
+- (id) addButtonWithTitle:(NSString *)title;
+- (void) setBodyText:(NSString *)text;
+- (void) setDelegate:(id)delegate;
+- (void) setTitle:(NSString *)title;
+@end
+
+@interface SBAlertItem : NSObject
+- (void) dismiss;
+- (UIModalView *) alertSheet;
+@end
+
+@interface SBAlertItemsController : NSObject
++ (SBAlertItemsController *) sharedInstance;
+- (void) activateAlertItem:(SBAlertItem *)item;
+@end
+
+@interface SBStatusBarController : NSObject
++ (SBStatusBarController *) sharedStatusBarController;
+- (void) addStatusBarItem:(NSString *)item;
+- (void) removeStatusBarItem:(NSString *)item;
+@end
+
+@interface BKHIDClientConnectionManager : NSObject
+- () clientForTaskPort:(mach_port_t)port;
+@end
+
+@interface BKAccessibility : NSObject
++ (BKHIDClientConnectionManager *) _eventRoutingClientConnectionManager;
+@end
+
+typedef void *CoreSurfaceBufferRef;
+
+extern CFStringRef kCoreSurfaceBufferGlobal;
+extern CFStringRef kCoreSurfaceBufferMemoryRegion;
+extern CFStringRef kCoreSurfaceBufferPitch;
+extern CFStringRef kCoreSurfaceBufferWidth;
+extern CFStringRef kCoreSurfaceBufferHeight;
+extern CFStringRef kCoreSurfaceBufferPixelFormat;
+extern CFStringRef kCoreSurfaceBufferAllocSize;
+
+extern "C" CoreSurfaceBufferRef CoreSurfaceBufferCreate(CFDictionaryRef dict);
+extern "C" int CoreSurfaceBufferLock(CoreSurfaceBufferRef surface, unsigned int lockType);
+extern "C" int CoreSurfaceBufferUnlock(CoreSurfaceBufferRef surface);
+extern "C" void *CoreSurfaceBufferGetBaseAddress(CoreSurfaceBufferRef surface);
 
 extern "C" void CoreSurfaceBufferFlushProcessorCaches(CoreSurfaceBufferRef buffer);
 
+typedef void *CoreSurfaceAcceleratorRef;
+
+extern "C" int CoreSurfaceAcceleratorCreate(CFAllocatorRef allocator, void *type, CoreSurfaceAcceleratorRef *accel);
+extern "C" unsigned int CoreSurfaceAcceleratorTransferSurface(CoreSurfaceAcceleratorRef accelerator, CoreSurfaceBufferRef dest, CoreSurfaceBufferRef src, CFDictionaryRef options/*, void *, void *, void **/);
+
+typedef void *IOMobileFramebufferRef;
+
+extern "C" kern_return_t IOMobileFramebufferSwapSetLayer(
+    IOMobileFramebufferRef fb,
+    int layer,
+    CoreSurfaceBufferRef buffer,
+    CGRect bounds,
+    CGRect frame,
+    int flags
+);
+
+extern "C" void IOMobileFramebufferGetDisplaySize(IOMobileFramebufferRef connect, CGSize *size);
+extern "C" void IOMobileFramebufferIsMainDisplay(IOMobileFramebufferRef connect, int *main);
+
+typedef CFTypeRef IOHIDEventRef;
+typedef CFTypeRef IOHIDEventSystemClientRef;
+typedef CFTypeRef IOHIDEventSystemConnectionRef;
+
+extern "C" {
+    IOHIDEventRef IOHIDEventCreateKeyboardEvent(CFAllocatorRef allocator, uint64_t time, uint16_t page, uint16_t usage, Boolean down, IOHIDEventOptionBits flags);
+
+    IOHIDEventRef IOHIDEventCreateDigitizerEvent(CFAllocatorRef allocator, uint64_t timeStamp, IOHIDDigitizerTransducerType type, uint32_t index, uint32_t identity, uint32_t eventMask, uint32_t buttonMask, IOHIDFloat x, IOHIDFloat y, IOHIDFloat z, IOHIDFloat tipPressure, IOHIDFloat barrelPressure, Boolean range, Boolean touch, IOOptionBits options);
+    IOHIDEventRef IOHIDEventCreateDigitizerFingerEvent(CFAllocatorRef allocator, uint64_t timeStamp, uint32_t index, uint32_t identity, uint32_t eventMask, IOHIDFloat x, IOHIDFloat y, IOHIDFloat z, IOHIDFloat tipPressure, IOHIDFloat twist, Boolean range, Boolean touch, IOOptionBits options);
+
+    IOHIDEventSystemClientRef IOHIDEventSystemClientCreate(CFAllocatorRef allocator);
+
+    void IOHIDEventAppendEvent(IOHIDEventRef parent, IOHIDEventRef child);
+    void IOHIDEventSetIntegerValue(IOHIDEventRef event, IOHIDEventField field, int value);
+    void IOHIDEventSetSenderID(IOHIDEventRef event, uint64_t sender);
+
+    void IOHIDEventSystemClientDispatchEvent(IOHIDEventSystemClientRef client, IOHIDEventRef event);
+    void IOHIDEventSystemConnectionDispatchEvent(IOHIDEventSystemConnectionRef connection, IOHIDEventRef event);
+}
+
 static size_t width_;
 static size_t height_;
+static NSUInteger ratio_ = 0;
 
 static const size_t BytesPerPixel = 4;
 static const size_t BitsPerSample = 8;
@@ -85,6 +180,14 @@ static unsigned clients_;
 static CFMessagePortRef ashikase_;
 static bool cursor_;
 
+static rfbPixel *black_;
+
+static void VNCBlack() {
+    if (_unlikely(black_ == NULL))
+        black_ = reinterpret_cast<rfbPixel *>(mmap(NULL, sizeof(rfbPixel) * width_ * height_, PROT_READ, MAP_ANON | MAP_PRIVATE | MAP_NOCACHE, VM_FLAGS_PURGABLE, 0));
+    screen_->frameBuffer = reinterpret_cast<char *>(black_);
+}
+
 static bool Ashikase(bool always) {
     if (!always && !cursor_)
         return false;
@@ -134,18 +237,45 @@ static void AshikaseSetEnabled(bool enabled, bool always) {
         AshikaseSendEvent(x_, y_);
 }
 
+MSClassHook(SBAlertItem)
 MSClassHook(SBAlertItemsController)
 MSClassHook(SBStatusBarController)
 
-@class VNCAlertItem;
+@interface VNCAlertItem : SBAlertItem
+@end
+
 static Class $VNCAlertItem;
 
-static rfbNewClientAction action_ = RFB_CLIENT_ON_HOLD;
+static NSString *DialogTitle(@"Remote Access Request");
+static NSString *DialogFormat(@"Accept connection from\n%s?\n\nVeency VNC Server\nby Jay Freeman (saurik)\nsaurik@saurik.com\nhttp://www.saurik.com/\n\nSet a VNC password in Settings!");
+static NSString *DialogAccept(@"Accept");
+static NSString *DialogReject(@"Reject");
+
+static volatile rfbNewClientAction action_ = RFB_CLIENT_ON_HOLD;
 static NSCondition *condition_;
 static NSLock *lock_;
 
 static rfbClientPtr client_;
 
+static void VNCSetup();
+static void VNCEnabled();
+
+float (*$GSMainScreenScaleFactor)();
+
+static void OnUserNotification(CFUserNotificationRef notification, CFOptionFlags flags) {
+    [condition_ lock];
+
+    if ((flags & 0x3) == 1)
+        action_ = RFB_CLIENT_ACCEPT;
+    else
+        action_ = RFB_CLIENT_REFUSE;
+
+    [condition_ signal];
+    [condition_ unlock];
+
+    CFRelease(notification);
+}
+
 @interface VNCBridge : NSObject {
 }
 
@@ -158,18 +288,73 @@ static rfbClientPtr client_;
 @implementation VNCBridge
 
 + (void) askForConnection {
-    [[$SBAlertItemsController sharedInstance] activateAlertItem:[[[$VNCAlertItem alloc] init] autorelease]];
+    if ($VNCAlertItem != nil) {
+        [[$SBAlertItemsController sharedInstance] activateAlertItem:[[[$VNCAlertItem alloc] init] autorelease]];
+        return;
+    }
+
+    SInt32 error;
+    CFUserNotificationRef notification(CFUserNotificationCreate(kCFAllocatorDefault, 0, kCFUserNotificationPlainAlertLevel, &error, (CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
+        DialogTitle, kCFUserNotificationAlertHeaderKey,
+        [NSString stringWithFormat:DialogFormat, client_->host], kCFUserNotificationAlertMessageKey,
+        DialogAccept, kCFUserNotificationAlternateButtonTitleKey,
+        DialogReject, kCFUserNotificationDefaultButtonTitleKey,
+    nil]));
+
+    if (error != 0) {
+        CFRelease(notification);
+        notification = NULL;
+    }
+
+    if (notification == NULL) {
+        [condition_ lock];
+        action_ = RFB_CLIENT_REFUSE;
+        [condition_ signal];
+        [condition_ unlock];
+        return;
+    }
+
+    CFRunLoopSourceRef source(CFUserNotificationCreateRunLoopSource(kCFAllocatorDefault, notification, &OnUserNotification, 0));
+    CFRunLoopAddSource(CFRunLoopGetCurrent(), source, kCFRunLoopDefaultMode);
 }
 
 + (void) removeStatusBarItem {
     AshikaseSetEnabled(false, false);
-    [[$SBStatusBarController sharedStatusBarController] removeStatusBarItem:@"Veency"];
+
+    if (SBA_available())
+        SBA_removeStatusBarImage(const_cast<char *>("Veency"));
+    else if ($SBStatusBarController != nil)
+        [[$SBStatusBarController sharedStatusBarController] removeStatusBarItem:@"Veency"];
+    else if (UIApplication *app = [$UIApplication sharedApplication])
+        [app removeStatusBarImageNamed:@"Veency"];
 }
 
 + (void) registerClient {
+    // XXX: this could find a better home
+    if (ratio_ == 0) {
+        if ($GSMainScreenScaleFactor == NULL)
+            ratio_ = 1.0f;
+        else
+            ratio_ = $GSMainScreenScaleFactor();
+    }
+
     ++clients_;
     AshikaseSetEnabled(true, false);
-    [[$SBStatusBarController sharedStatusBarController] addStatusBarItem:@"Veency"];
+
+    if (SBA_available())
+        SBA_addStatusBarImage(const_cast<char *>("Veency"));
+    else if ($SBStatusBarController != nil)
+        [[$SBStatusBarController sharedStatusBarController] addStatusBarItem:@"Veency"];
+    else if (UIApplication *app = [$UIApplication sharedApplication])
+        [app addStatusBarImageNamed:@"Veency"];
+}
+
++ (void) performSetup:(NSThread *)thread {
+    NSAutoreleasePool *pool([[NSAutoreleasePool alloc] init]);
+    [thread autorelease];
+    VNCSetup();
+    VNCEnabled();
+    [pool release];
 }
 
 @end
@@ -199,10 +384,10 @@ MSInstanceMessage2(void, VNCAlertItem, alertSheet,buttonClicked, id, sheet, int,
 MSInstanceMessage2(void, VNCAlertItem, configure,requirePasscodeForActions, BOOL, configure, BOOL, require) {
     UIModalView *sheet([self alertSheet]);
     [sheet setDelegate:self];
-    [sheet setTitle:@"Remote Access Request"];
-    [sheet setBodyText:[NSString stringWithFormat:@"Accept connection from\n%s?\n\nVeency VNC Server\nby Jay Freeman (saurik)\nsaurik@saurik.com\nhttp://www.saurik.com/\n\nSet a VNC password in Settings!", client_->host]];
-    [sheet addButtonWithTitle:@"Accept"];
-    [sheet addButtonWithTitle:@"Reject"];
+    [sheet setTitle:DialogTitle];
+    [sheet setBodyText:[NSString stringWithFormat:DialogFormat, client_->host]];
+    [sheet addButtonWithTitle:DialogAccept];
+    [sheet addButtonWithTitle:DialogReject];
 }
 
 MSInstanceMessage0(void, VNCAlertItem, performUnlockAction) {
@@ -269,15 +454,39 @@ static rfbBool VNCCheck(rfbClientPtr client, const char *data, int size) {
     }
 }
 
+static bool iPad1_;
+
+struct VeencyEvent {
+    struct GSEventRecord record;
+    struct {
+        struct GSEventRecordInfo info;
+        struct GSPathInfo path;
+    } data;
+};
+
+static void VNCPointerOld(int buttons, int x, int y, CGPoint location, int diff, bool twas, bool tis);
+static void VNCPointerNew(int buttons, int x, int y, CGPoint location, int diff, bool twas, bool tis);
+
 static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
+    if (ratio_ == 0)
+        return;
+
     CGPoint location = {x, y};
 
-    if (Level_ == 2) {
+    if (width_ > height_) {
         int t(x);
         x = height_ - 1 - y;
         y = t;
+
+        if (!iPad1_) {
+            x = height_ - 1 - x;
+            y = width_ - 1 - y;
+        }
     }
 
+    x /= ratio_;
+    y /= ratio_;
+
     x_ = x; y_ = y;
     int diff = buttons_ ^ buttons;
     bool twas((buttons_ & 0x1) != 0);
@@ -291,6 +500,13 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
         return;
     }
 
+    if (kCFCoreFoundationVersionNumber >= 800)
+        return VNCPointerNew(buttons, x, y, location, diff, twas, tis);
+    else
+        return VNCPointerOld(buttons, x, y, location, diff, twas, tis);
+}
+
+static void VNCPointerOld(int buttons, int x, int y, CGPoint location, int diff, bool twas, bool tis) {
     mach_port_t purple(0);
 
     if ((diff & 0x10) != 0) {
@@ -298,7 +514,7 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
 
         memset(&record, 0, sizeof(record));
 
-        record.type = (buttons & 0x4) != 0 ?
+        record.type = (buttons & 0x10) != 0 ?
             GSEventTypeHeadsetButtonDown :
             GSEventTypeHeadsetButtonUp;
 
@@ -313,7 +529,7 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
 
         memset(&record, 0, sizeof(record));
 
-        record.type = (buttons & 0x4) != 0 ?
+        record.type = (buttons & 0x04) != 0 ?
             GSEventTypeMenuButtonDown :
             GSEventTypeMenuButtonUp;
 
@@ -328,7 +544,7 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
 
         memset(&record, 0, sizeof(record));
 
-        record.type = (buttons & 0x2) != 0 ?
+        record.type = (buttons & 0x02) != 0 ?
             GSEventTypeLockButtonDown :
             GSEventTypeLockButtonUp;
 
@@ -339,13 +555,7 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
     }
 
     if (twas != tis || tis) {
-        struct {
-            struct GSEventRecord record;
-            struct {
-                struct GSEventRecordInfo info;
-                struct GSPathInfo path;
-            } data;
-        } event;
+        struct VeencyEvent event;
 
         memset(&event, 0, sizeof(event));
 
@@ -364,7 +574,10 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
         event.data.info.handInfo.x34 = 0x1;
         event.data.info.handInfo.x38 = tis ? 0x1 : 0x0;
 
-        event.data.info.pathPositions = 1;
+        if (Level_ < 3)
+            event.data.info.pathPositions = 1;
+        else
+            event.data.info.x52 = 1;
 
         event.data.path.x00 = 0x01;
         event.data.path.x01 = 0x02;
@@ -394,10 +607,169 @@ static void VNCPointer(int buttons, int x, int y, rfbClientPtr client) {
         mach_port_deallocate(mach_task_self(), purple);
 }
 
+static void VNCSetSender(IOHIDEventRef event) {
+    IOHIDEventSetSenderID(event, 0xDEFACEDBEEFFECE5);
+}
+
+static void VNCSendHIDEvent(IOHIDEventRef event) {
+    static IOHIDEventSystemClientRef client_(NULL);
+    if (client_ == NULL)
+        client_ = IOHIDEventSystemClientCreate(kCFAllocatorDefault);
+
+    VNCSetSender(event);
+    IOHIDEventSystemClientDispatchEvent(client_, event);
+    CFRelease(event);
+}
+
+static void VNCPointerNew(int buttons, int x, int y, CGPoint location, int diff, bool twas, bool tis) {
+    if ((diff & 0x10) != 0)
+        VNCSendHIDEvent(IOHIDEventCreateKeyboardEvent(kCFAllocatorDefault, mach_absolute_time(), kHIDPage_Telephony, kHIDUsage_Tfon_Flash, (buttons & 0x10) != 0, 0));
+    if ((diff & 0x04) != 0)
+        VNCSendHIDEvent(IOHIDEventCreateKeyboardEvent(kCFAllocatorDefault, mach_absolute_time(), kHIDPage_Consumer, kHIDUsage_Csmr_Menu, (buttons & 0x04) != 0, 0));
+    if ((diff & 0x02) != 0)
+        VNCSendHIDEvent(IOHIDEventCreateKeyboardEvent(kCFAllocatorDefault, mach_absolute_time(), kHIDPage_Consumer, kHIDUsage_Csmr_Power, (buttons & 0x02) != 0, 0));
+
+    uint32_t handm;
+    uint32_t fingerm;
+
+    if (twas == 0 && tis == 1) {
+        handm = kIOHIDDigitizerEventRange | kIOHIDDigitizerEventTouch | kIOHIDDigitizerEventIdentity;
+        fingerm = kIOHIDDigitizerEventRange | kIOHIDDigitizerEventTouch;
+    } else if (twas == 1 && tis == 1) {
+        handm = kIOHIDDigitizerEventPosition;
+        fingerm = kIOHIDDigitizerEventPosition;
+    } else if (twas == 1 && tis == 0) {
+        handm = kIOHIDDigitizerEventRange | kIOHIDDigitizerEventTouch | kIOHIDDigitizerEventIdentity | kIOHIDDigitizerEventPosition;
+        fingerm = kIOHIDDigitizerEventRange | kIOHIDDigitizerEventTouch;
+    } else return;
+
+    CAWindowServer *server([CAWindowServer serverIfRunning]);
+    if (server == nil)
+        return;
+
+    CAWindowServerDisplay *display([[server displays] objectAtIndex:0]);
+    if (display == nil)
+        return;
+
+    unsigned context([display contextIdAtPosition:CGPointMake(x, y)]);
+    mach_port_t port([display taskPortOfContextId:context]);
+    if (port == MACH_PORT_NULL)
+        return;
+
+    IOHIDEventSystemConnectionRef connection([[$BKAccessibility _eventRoutingClientConnectionManager] clientForTaskPort:port]);
+    if (connection == NULL)
+        return;
+
+    // XXX: I guess this isn't ambiguous, and it works
+    IOHIDFloat xf(x);
+    IOHIDFloat yf(y);
+
+    IOHIDEventRef hand(IOHIDEventCreateDigitizerEvent(kCFAllocatorDefault, mach_absolute_time(), kIOHIDDigitizerTransducerTypeHand, 1<<22, 1, handm, 0, xf, yf, 0, 0, 0, 0, 0, 0));
+    IOHIDEventSetIntegerValue(hand, kIOHIDEventFieldIsBuiltIn, true);
+    IOHIDEventSetIntegerValue(hand, kIOHIDEventFieldDigitizerIsDisplayIntegrated, true);
+
+    IOHIDEventRef finger(IOHIDEventCreateDigitizerFingerEvent(kCFAllocatorDefault, mach_absolute_time(), 3, 2, fingerm, xf, yf, 0, 0, 0, tis, tis, 0));
+    IOHIDEventAppendEvent(hand, finger);
+    CFRelease(finger);
+
+    VNCSetSender(hand);
+    IOHIDEventSystemConnectionDispatchEvent(connection, hand);
+    CFRelease(hand);
+}
+
 GSEventRef (*$GSEventCreateKeyEvent)(int, CGPoint, CFStringRef, CFStringRef, id, UniChar, short, short);
 GSEventRef (*$GSCreateSyntheticKeyEvent)(UniChar, BOOL, BOOL);
 
+static void VNCKeyboardNew(rfbBool down, rfbKeySym key, rfbClientPtr client) {
+    //NSLog(@"VNC d:%u k:%04x", down, key);
+
+    uint16_t usage;
+
+    switch (key) {
+        case XK_exclam: case XK_1: usage = kHIDUsage_Keyboard1; break;
+        case XK_at: case XK_2: usage = kHIDUsage_Keyboard2; break;
+        case XK_numbersign: case XK_3: usage = kHIDUsage_Keyboard3; break;
+        case XK_dollar: case XK_4: usage = kHIDUsage_Keyboard4; break;
+        case XK_percent: case XK_5: usage = kHIDUsage_Keyboard5; break;
+        case XK_asciicircum: case XK_6: usage = kHIDUsage_Keyboard6; break;
+        case XK_ampersand: case XK_7: usage = kHIDUsage_Keyboard7; break;
+        case XK_asterisk: case XK_8: usage = kHIDUsage_Keyboard8; break;
+        case XK_parenleft: case XK_9: usage = kHIDUsage_Keyboard9; break;
+        case XK_parenright: case XK_0: usage = kHIDUsage_Keyboard0; break;
+
+        case XK_A: case XK_a: usage = kHIDUsage_KeyboardA; break;
+        case XK_B: case XK_b: usage = kHIDUsage_KeyboardB; break;
+        case XK_C: case XK_c: usage = kHIDUsage_KeyboardC; break;
+        case XK_D: case XK_d: usage = kHIDUsage_KeyboardD; break;
+        case XK_E: case XK_e: usage = kHIDUsage_KeyboardE; break;
+        case XK_F: case XK_f: usage = kHIDUsage_KeyboardF; break;
+        case XK_G: case XK_g: usage = kHIDUsage_KeyboardG; break;
+        case XK_H: case XK_h: usage = kHIDUsage_KeyboardH; break;
+        case XK_I: case XK_i: usage = kHIDUsage_KeyboardI; break;
+        case XK_J: case XK_j: usage = kHIDUsage_KeyboardJ; break;
+        case XK_K: case XK_k: usage = kHIDUsage_KeyboardK; break;
+        case XK_L: case XK_l: usage = kHIDUsage_KeyboardL; break;
+        case XK_M: case XK_m: usage = kHIDUsage_KeyboardM; break;
+        case XK_N: case XK_n: usage = kHIDUsage_KeyboardN; break;
+        case XK_O: case XK_o: usage = kHIDUsage_KeyboardO; break;
+        case XK_P: case XK_p: usage = kHIDUsage_KeyboardP; break;
+        case XK_Q: case XK_q: usage = kHIDUsage_KeyboardQ; break;
+        case XK_R: case XK_r: usage = kHIDUsage_KeyboardR; break;
+        case XK_S: case XK_s: usage = kHIDUsage_KeyboardS; break;
+        case XK_T: case XK_t: usage = kHIDUsage_KeyboardT; break;
+        case XK_U: case XK_u: usage = kHIDUsage_KeyboardU; break;
+        case XK_V: case XK_v: usage = kHIDUsage_KeyboardV; break;
+        case XK_W: case XK_w: usage = kHIDUsage_KeyboardW; break;
+        case XK_X: case XK_x: usage = kHIDUsage_KeyboardX; break;
+        case XK_Y: case XK_y: usage = kHIDUsage_KeyboardY; break;
+        case XK_Z: case XK_z: usage = kHIDUsage_KeyboardZ; break;
+
+        case XK_underscore: case XK_minus: usage = kHIDUsage_KeyboardHyphen; break;
+        case XK_plus: case XK_equal: usage = kHIDUsage_KeyboardEqualSign; break;
+        case XK_braceleft: case XK_bracketleft: usage = kHIDUsage_KeyboardOpenBracket; break;
+        case XK_braceright: case XK_bracketright: usage = kHIDUsage_KeyboardCloseBracket; break;
+        case XK_bar: case XK_backslash: usage = kHIDUsage_KeyboardBackslash; break;
+        case XK_colon: case XK_semicolon: usage = kHIDUsage_KeyboardSemicolon; break;
+        case XK_quotedbl: case XK_apostrophe: usage = kHIDUsage_KeyboardQuote; break;
+        case XK_asciitilde: case XK_grave: usage = kHIDUsage_KeyboardGraveAccentAndTilde; break;
+        case XK_less: case XK_comma: usage = kHIDUsage_KeyboardComma; break;
+        case XK_greater: case XK_period: usage = kHIDUsage_KeyboardPeriod; break;
+        case XK_question: case XK_slash: usage = kHIDUsage_KeyboardSlash; break;
+
+        case XK_Return: usage = kHIDUsage_KeyboardReturnOrEnter; break;
+        case XK_BackSpace: usage = kHIDUsage_KeyboardDeleteOrBackspace; break;
+        case XK_Tab: usage = kHIDUsage_KeyboardTab; break;
+        case XK_space: usage = kHIDUsage_KeyboardSpacebar; break;
+
+        case XK_Shift_L: usage = kHIDUsage_KeyboardLeftShift; break;
+        case XK_Shift_R: usage = kHIDUsage_KeyboardRightShift; break;
+        case XK_Control_L: usage = kHIDUsage_KeyboardLeftControl; break;
+        case XK_Control_R: usage = kHIDUsage_KeyboardRightControl; break;
+        case XK_Meta_L: usage = kHIDUsage_KeyboardLeftAlt; break;
+        case XK_Meta_R: usage = kHIDUsage_KeyboardRightAlt; break;
+        case XK_Alt_L: usage = kHIDUsage_KeyboardLeftGUI; break;
+        case XK_Alt_R: usage = kHIDUsage_KeyboardRightGUI; break;
+
+        case XK_Up: usage = kHIDUsage_KeyboardUpArrow; break;
+        case XK_Down: usage = kHIDUsage_KeyboardDownArrow; break;
+        case XK_Left: usage = kHIDUsage_KeyboardLeftArrow; break;
+        case XK_Right: usage = kHIDUsage_KeyboardRightArrow; break;
+
+        case XK_Home: case XK_Begin: usage = kHIDUsage_KeyboardHome; break;
+        case XK_End: usage = kHIDUsage_KeyboardEnd; break;
+        case XK_Page_Up: usage = kHIDUsage_KeyboardPageUp; break;
+        case XK_Page_Down: usage = kHIDUsage_KeyboardPageDown; break;
+
+        default: return;
+    }
+
+    VNCSendHIDEvent(IOHIDEventCreateKeyboardEvent(kCFAllocatorDefault, mach_absolute_time(), kHIDPage_KeyboardOrKeypad, usage, down, 0));
+}
+
 static void VNCKeyboard(rfbBool down, rfbKeySym key, rfbClientPtr client) {
+    if (kCFCoreFoundationVersionNumber >= 800)
+        return VNCKeyboardNew(down, key, client);
+
     if (!down)
         return;
 
@@ -488,6 +860,12 @@ static rfbNewClientAction VNCClient(rfbClientPtr client) {
     return action;
 }
 
+extern "C" bool GSSystemHasCapability(NSString *);
+
+static CFTypeRef (*$GSSystemCopyCapability)(CFStringRef);
+static CFTypeRef (*$GSSystemGetCapability)(CFStringRef);
+static BOOL (*$MGGetBoolAnswer)(CFStringRef);
+
 static void VNCSetup() {
     rfbLogEnable(false);
 
@@ -511,15 +889,44 @@ static void VNCSetup() {
     screen_->serverFormat.greenShift = BitsPerSample * 1;
     screen_->serverFormat.blueShift = BitsPerSample * 0;
 
-    buffer_ = CoreSurfaceBufferCreate((CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
-        @"PurpleEDRAM", kCoreSurfaceBufferMemoryRegion,
-        [NSNumber numberWithBool:YES], kCoreSurfaceBufferGlobal,
-        [NSNumber numberWithInt:(width_ * BytesPerPixel)], kCoreSurfaceBufferPitch,
-        [NSNumber numberWithInt:width_], kCoreSurfaceBufferWidth,
-        [NSNumber numberWithInt:height_], kCoreSurfaceBufferHeight,
-        [NSNumber numberWithInt:'BGRA'], kCoreSurfaceBufferPixelFormat,
-        [NSNumber numberWithInt:(width_ * height_ * BytesPerPixel)], kCoreSurfaceBufferAllocSize,
-    nil]);
+    $GSSystemCopyCapability = reinterpret_cast<CFTypeRef (*)(CFStringRef)>(dlsym(RTLD_DEFAULT, "GSSystemCopyCapability"));
+    $GSSystemGetCapability = reinterpret_cast<CFTypeRef (*)(CFStringRef)>(dlsym(RTLD_DEFAULT, "GSSystemGetCapability"));
+    $MGGetBoolAnswer = reinterpret_cast<BOOL (*)(CFStringRef)>(dlsym(RTLD_DEFAULT, "MGGetBoolAnswer"));
+
+    CFTypeRef opengles2;
+
+    if ($GSSystemCopyCapability != NULL) {
+        opengles2 = (*$GSSystemCopyCapability)(CFSTR("opengles-2"));
+    } else if ($GSSystemGetCapability != NULL) {
+        opengles2 = (*$GSSystemGetCapability)(CFSTR("opengles-2"));
+        if (opengles2 != NULL)
+            CFRetain(opengles2);
+    } else if ($MGGetBoolAnswer != NULL) {
+        opengles2 = $MGGetBoolAnswer(CFSTR("opengles-2")) ? kCFBooleanTrue : kCFBooleanFalse;
+        CFRetain(opengles2);
+    } else
+        opengles2 = NULL;
+
+    bool accelerated(opengles2 != NULL && [(NSNumber *)opengles2 boolValue]);
+
+    if (accelerated)
+        CoreSurfaceAcceleratorCreate(NULL, NULL, &accelerator_);
+
+    if (opengles2 != NULL)
+        CFRelease(opengles2);
+
+    if (accelerator_ != NULL)
+        buffer_ = CoreSurfaceBufferCreate((CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
+            @"PurpleEDRAM", kCoreSurfaceBufferMemoryRegion,
+            [NSNumber numberWithBool:YES], kCoreSurfaceBufferGlobal,
+            [NSNumber numberWithInt:(width_ * BytesPerPixel)], kCoreSurfaceBufferPitch,
+            [NSNumber numberWithInt:width_], kCoreSurfaceBufferWidth,
+            [NSNumber numberWithInt:height_], kCoreSurfaceBufferHeight,
+            [NSNumber numberWithInt:'BGRA'], kCoreSurfaceBufferPixelFormat,
+            [NSNumber numberWithInt:(width_ * height_ * BytesPerPixel)], kCoreSurfaceBufferAllocSize,
+        nil]);
+    else
+        VNCBlack();
 
     //screen_->frameBuffer = reinterpret_cast<char *>(mmap(NULL, sizeof(rfbPixel) * width_ * height_, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_NOCACHE, VM_FLAGS_PURGABLE, 0));
 
@@ -537,6 +944,9 @@ static void VNCSetup() {
 }
 
 static void VNCEnabled() {
+    if (screen_ == NULL)
+        return;
+
     [lock_ lock];
 
     bool enabled(true);
@@ -568,53 +978,101 @@ static void VNCNotifyEnabled(
     VNCEnabled();
 }
 
-MSHook(kern_return_t, IOMobileFramebufferSwapSetLayer,
-    IOMobileFramebufferRef fb,
-    int layer,
-    CoreSurfaceBufferRef buffer,
-    CGRect bounds,
-    CGRect frame,
-    int flags
-) {
-    if (_unlikely(screen_ == NULL)) {
+void (*$IOMobileFramebufferIsMainDisplay)(IOMobileFramebufferRef, int *);
+
+static IOMobileFramebufferRef main_;
+static CoreSurfaceBufferRef layer_;
+
+static void OnLayer(IOMobileFramebufferRef fb, CoreSurfaceBufferRef layer) {
+    if (_unlikely(width_ == 0 || height_ == 0)) {
         CGSize size;
         IOMobileFramebufferGetDisplaySize(fb, &size);
 
         width_ = size.width;
         height_ = size.height;
 
-        NSAutoreleasePool *pool([[NSAutoreleasePool alloc] init]);
-        VNCSetup();
-        VNCEnabled();
-        [pool release];
+        if (width_ == 0 || height_ == 0)
+            return;
+
+        NSThread *thread([NSThread alloc]);
+
+        [thread
+            initWithTarget:[VNCBridge class]
+            selector:@selector(performSetup:)
+            object:thread
+        ];
+
+        [thread start];
     } else if (_unlikely(clients_ != 0)) {
-        if (buffer == NULL) {
-            //CoreSurfaceBufferLock(buffer_, 3);
-            memset(screen_->frameBuffer, 0, sizeof(rfbPixel) * width_ * height_);
-            //CoreSurfaceBufferUnlock(buffer_);
+        if (layer == NULL) {
+            if (accelerator_ != NULL)
+                memset(screen_->frameBuffer, 0, sizeof(rfbPixel) * width_ * height_);
+            else
+                VNCBlack();
         } else {
-            //CoreSurfaceBufferLock(buffer_, 3);
-            //CoreSurfaceBufferLock(buffer, 2);
+            if (accelerator_ != NULL)
+                CoreSurfaceAcceleratorTransferSurface(accelerator_, layer, buffer_, options_);
+            else {
+                CoreSurfaceBufferLock(layer, 2);
+                rfbPixel *data(reinterpret_cast<rfbPixel *>(CoreSurfaceBufferGetBaseAddress(layer)));
 
-            //rfbPixel *data(reinterpret_cast<rfbPixel *>(CoreSurfaceBufferGetBaseAddress(buffer)));
+                CoreSurfaceBufferFlushProcessorCaches(layer);
 
-            /*rfbPixel corner(data[0]);
-            data[0] = 0;
-            data[0] = corner;*/
+                /*rfbPixel corner(data[0]);
+                data[0] = 0;
+                data[0] = corner;*/
 
-            CoreSurfaceAcceleratorTransferSurface(accelerator_, buffer, buffer_, options_);
-
-            //CoreSurfaceBufferUnlock(buffer);
-            //CoreSurfaceBufferUnlock(buffer_);
+                screen_->frameBuffer = const_cast<char *>(reinterpret_cast<volatile char *>(data));
+                CoreSurfaceBufferUnlock(layer);
+            }
         }
 
-        //CoreSurfaceBufferFlushProcessorCaches(buffer);
         rfbMarkRectAsModified(screen_, 0, 0, width_, height_);
     }
+}
+
+static bool wait_ = false;
+
+MSHook(kern_return_t, IOMobileFramebufferSwapSetLayer,
+    IOMobileFramebufferRef fb,
+    int layer,
+    CoreSurfaceBufferRef buffer,
+    CGRect bounds,
+    CGRect frame,
+    int flags
+) {
+    int main(false);
+
+    if (_unlikely(buffer == NULL))
+        main = fb == main_;
+    else if (_unlikely(fb == NULL))
+        main = false;
+    else if ($IOMobileFramebufferIsMainDisplay == NULL)
+        main = true;
+    else
+        (*$IOMobileFramebufferIsMainDisplay)(fb, &main);
+
+    if (_likely(main)) {
+        main_ = fb;
+        if (wait_)
+            layer_ = buffer;
+        else
+            OnLayer(fb, buffer);
+    }
 
     return _IOMobileFramebufferSwapSetLayer(fb, layer, buffer, bounds, frame, flags);
 }
 
+// XXX: beg rpetrich for the type of this function
+extern "C" void *IOMobileFramebufferSwapWait(IOMobileFramebufferRef, void *, unsigned);
+
+MSHook(void *, IOMobileFramebufferSwapWait, IOMobileFramebufferRef fb, void *arg1, unsigned flags) {
+    void *value(_IOMobileFramebufferSwapWait(fb, arg1, flags));
+    if (fb == main_)
+        OnLayer(fb, layer_);
+    return value;
+}
+
 MSHook(void, rfbRegisterSecurityHandler, rfbSecurityHandler *handler) {
     NSAutoreleasePool *pool([[NSAutoreleasePool alloc] init]);
 
@@ -634,30 +1092,45 @@ static void dlset(Type_ &function, const char *name) {
 MSInitialize {
     NSAutoreleasePool *pool([[NSAutoreleasePool alloc] init]);
 
-    MSHookSymbol(GSTakePurpleSystemEventPort, "GSGetPurpleSystemEventPort");
+    MSHookSymbol(GSTakePurpleSystemEventPort, "_GSGetPurpleSystemEventPort");
     if (GSTakePurpleSystemEventPort == NULL) {
-        MSHookSymbol(GSTakePurpleSystemEventPort, "GSCopyPurpleSystemEventPort");
+        MSHookSymbol(GSTakePurpleSystemEventPort, "_GSCopyPurpleSystemEventPort");
         PurpleAllocated = true;
     }
 
-    if (dlsym(RTLD_DEFAULT, "GSKeyboardCreate") != NULL)
+    if (dlsym(RTLD_DEFAULT, "GSLibraryCopyGenerationInfoValueForKey") != NULL)
+        Level_ = 3;
+    else if (dlsym(RTLD_DEFAULT, "GSKeyboardCreate") != NULL)
         Level_ = 2;
     else if (dlsym(RTLD_DEFAULT, "GSEventGetWindowContextId") != NULL)
         Level_ = 1;
     else
         Level_ = 0;
 
+    size_t size;
+    sysctlbyname("hw.machine", NULL, &size, NULL, 0);
+    char machine[size];
+    sysctlbyname("hw.machine", machine, &size, NULL, 0);
+    iPad1_ = strcmp(machine, "iPad1,1") == 0;
+
+    dlset($GSMainScreenScaleFactor, "GSMainScreenScaleFactor");
     dlset($GSEventCreateKeyEvent, "GSEventCreateKeyEvent");
     dlset($GSCreateSyntheticKeyEvent, "_GSCreateSyntheticKeyEvent");
+    dlset($IOMobileFramebufferIsMainDisplay, "IOMobileFramebufferIsMainDisplay");
 
     MSHookFunction(&IOMobileFramebufferSwapSetLayer, MSHake(IOMobileFramebufferSwapSetLayer));
     MSHookFunction(&rfbRegisterSecurityHandler, MSHake(rfbRegisterSecurityHandler));
 
-    $VNCAlertItem = objc_allocateClassPair(objc_getClass("SBAlertItem"), "VNCAlertItem", 0);
-    MSAddMessage2(VNCAlertItem, "v@:@i", alertSheet,buttonClicked);
-    MSAddMessage2(VNCAlertItem, "v@:cc", configure,requirePasscodeForActions);
-    MSAddMessage0(VNCAlertItem, "v@:", performUnlockAction);
-    objc_registerClassPair($VNCAlertItem);
+    if (wait_)
+        MSHookFunction(&IOMobileFramebufferSwapWait, MSHake(IOMobileFramebufferSwapWait));
+
+    if ($SBAlertItem != nil) {
+        $VNCAlertItem = objc_allocateClassPair($SBAlertItem, "VNCAlertItem", 0);
+        MSAddMessage2(VNCAlertItem, "v@:@i", alertSheet,buttonClicked);
+        MSAddMessage2(VNCAlertItem, "v@:cc", configure,requirePasscodeForActions);
+        MSAddMessage0(VNCAlertItem, "v@:", performUnlockAction);
+        objc_registerClassPair($VNCAlertItem);
+    }
 
     CFNotificationCenterAddObserver(
         CFNotificationCenterGetDarwinNotifyCenter(),
@@ -683,8 +1156,6 @@ MSInitialize {
 
     cfEvent_ = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reinterpret_cast<UInt8 *>(&event_), sizeof(event_), kCFAllocatorNull);
 
-    CoreSurfaceAcceleratorCreate(NULL, NULL, &accelerator_);
-
     options_ = (CFDictionaryRef) [[NSDictionary dictionaryWithObjectsAndKeys:
     nil] retain];