A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.
Home Page: https://racecondition.win
License: Other
Credits
Offset finder: Sem Voigtländer
UI: iSn0w
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
dlsym:
0x18084ef90
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
aslr slide (ignore this):
0x140c000
JavaScriptCore base:
0x187a6d000
ModelIO base:
0xfffffffffebf4000
CoreAudio base:
0x183fc3000
disablePrimitiveGigacage:
0x18854aa90
g_gigacageBasePtrs:
0x1b1d58000
g_typedArrayPoisons:
0x1b3311728
startOfFixedExecutableMemoryPool:
0x1b33110b8
endOfFixedExecutableMemoryPool:
0x1b33110c0
jitWriteSeparateHeapsFunction:
0x1b33110c8
useFastPermisionsJITCopy:
0x1b1d54018
ptr_stack_check_guard:
0x1b326bef8
longjmp:
0x180b12778
callbacks:
0x1b33116a0
Sent from my iPhone
Could you rebuild the ipa with support for iOS 11.1.2. I want to test the webkit exploit but don't want to upgrade.
It would be really great if you share source code too.
Thanks.
Hi I dont see anything for 64bit only 32bit just thought I'll let you know unless I'm wrong
//iphone 5S
offsets["iPhone 5S"][11.31] = {
padding: 0x18,
vtable: 0,
disableprimitivegigacage: 0x18851a7d4,
callbacks: 0x1b3199698,
g_gigacagebaseptrs: 0x1b1bec000,
g_typedarraypoisons: 0x1b3199720,
longjmp: 0x180b12778,
dlsym: 0x18084ef90,
startfixedmempool: 0x1b31990b8,
endfixedmempool: 0x1b31990c0,
jit_writeseperateheaps_func: 0x1b31990c8,
usefastpermissions_jitcopy: 0x1b1be8018,
ptr_stack_check_guard: 0x1b30f1ef8,
modelio_popx8: 0,
coreaudio_popx2: 0,
linkcode_gadget: 0
};
offsets["iPhone 5S"][11.3] = offsets["iPhone 5S"][11.31];
closed
No offsets for this? Offset apps only supports up to 11.4.1 so I can’t get them myself.
Hi, I've been testing your jailbreakme solution on an iPhone 8. Everything works fine, empty_list payload works fine and loads (seen on the console of Xcode connecting over USB). I'm trying to connect to my iPhone via SSH but I always get the refused connection message. I don't know if it's because of the limitations of the exploit or if I'm doing something wrong.
Also I'm wondering if it's possible to create a WebKit exploit based on Electra 11.3.1 Jailbreak now that is out.
Thanks in advance.
Tried web solution after lmao reading the wenetafuckoff code lol, but since it said it supported 8+ gave it a try, and it gave an error saying “missing offset for 8+, please report back”. I have 256 GB Rose Gold iPhone 8+. Maybe cheesecake has it already as he’s using the non-dev exploit for Houdini with limited success.
Dyld Shared Cache Slide (ignore):
0x3974000
disablePrimitiveGigacage:
0x18854ca8c
callbacks:
0x1b35c96a0
g_gigacageBasePtrs:
0x1b1f64000
g_typedArrayPoisons:
0x1b35c9728
longjmp:
0x180b126e8
startOfExecutableMemoryPool:
0x1b35c90b8
endOfExecutableMemoryPool:
0x1b35c90c0
jitWriteSeperateHeapsFunction:
0x1b35c90c8
useFastPermissionsJITCopy:
0x1b1f60018
stack_check_guard:
0x1b3522ef8
LinkCode Gadget:
0x187bf2fb4
Hope this helps
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
