mtjailed / jailbreakme Goto Github PK

View Code? Open in Web Editor NEW

89.0 9.0 20.0 17.87 MB

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Home Page: https://racecondition.win

License: Other

HTML 1.39% JavaScript 94.34% CSS 0.41% Python 3.45% PHP 0.41%

jailbreakme's Introduction

Jailbreak Me 13.37

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Created by Sem Voigtländer

Please read RULES.md as well

Support

8.4.1 & 9.3 up to 9.3.3 & 11.3.1 (64-bit)
3.1.2 up to 4.0.1 & 8.4.1 and 9.1 up to 9.3.4 (32-bit)

How it works

Using ModularJS various modules are loaded at runtime.

These modules can be divided into the following stages:

1. Identification

Uses an information leakage (not vulnerability) in WebGL to detect the GPU of the victim device
Uses the browser agent to define what browser and firmware to exploit
Uses size and resolution constraints to detect the specific victim device
Uses various debugging information about the hardware environment using window.performance or window.navigator
Uses benchmarking algorithms and hashing to identify and track the victim device.

2. Eligibility

Using the identification information the victim is checked against various constraints, such as whether the victim is a mobile device or a desktop.

3. Strategy selection

Based on the eligibility constraints and identity the exploit strategy will be selected for the victim device and loaded.

4. Payload retrieval

The strategy will load the payload(s) for the victim device, on iOS this can be for example Cydia, on desktops for example a remote administration tool.
The payload is aligned so it can be used later when the exploit has created an executable region.

5. Exploitation

The exploit is started and carefully sets up read/write primitives in the browser memory.
Once r/w is gained an executable region is created and the payload is aligned / copied into it.
The exploit jumps to the shellcode and starts executing it

6. Post-Exploitation

Various tools and capabilities could be setup after successful completion of the exploit, such as a telnet client to gain a shell on the victim from the browser.

Credits

5aelo
Niklas B
Tihmstar
Luca Todesco
KJC Research
Comex
PanguTeam
Ian Beer
Argp
Evad3rs
Jonathan Levin (For the jailbreak toolkit)
Lokihardt (For being able to pwn browsers within a wink)
Sem Voigtländer (just a techie)
(@wwwtyro) https://github.com/wwwtyro/cryptico

jailbreakme's People

Contributors

Stargazers

Watchers

jailbreakme's Issues

ios 11.4.1 iphone 6 offsets.

Credits
Offset finder: Sem Voigtländer
UI: iSn0w

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

dlsym:
0x18084ef90

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

aslr slide (ignore this):
0x140c000

JavaScriptCore base:
0x187a6d000

ModelIO base:
0xfffffffffebf4000

CoreAudio base:
0x183fc3000

disablePrimitiveGigacage:
0x18854aa90

g_gigacageBasePtrs:
0x1b1d58000

g_typedArrayPoisons:
0x1b3311728

startOfFixedExecutableMemoryPool:
0x1b33110b8

endOfFixedExecutableMemoryPool:
0x1b33110c0

jitWriteSeparateHeapsFunction:
0x1b33110c8

useFastPermisionsJITCopy:
0x1b1d54018

ptr_stack_check_guard:
0x1b326bef8

longjmp:
0x180b12778

callbacks:
0x1b33116a0

Sent from my iPhone

offsets missing for the Iphone SE

Tried web solution after lmao reading the wenetafuckoff code lol, but since it said it supported 8+ gave it a try, and it gave an error saying “missing offset for 8+, please report back”. I have 256 GB Rose Gold iPhone 8+. Maybe cheesecake has it already as he’s using the non-dev exploit for Houdini with limited success.

iPhone X 12.0.1?

No offsets for this? Offset apps only supports up to 11.4.1 so I can’t get them myself.

Trying SSH access

Hi, I've been testing your jailbreakme solution on an iPhone 8. Everything works fine, empty_list payload works fine and loads (seen on the console of Xcode connecting over USB). I'm trying to connect to my iPhone via SSH but I always get the refused connection message. I don't know if it's because of the limitations of the exploit or if I'm doing something wrong.

Also I'm wondering if it's possible to create a WebKit exploit based on Electra 11.3.1 Jailbreak now that is out.

Thanks in advance.

add offset for iphone 5s

//iphone 5S
offsets["iPhone 5S"][11.31] = {
padding: 0x18,
vtable: 0,
disableprimitivegigacage: 0x18851a7d4,
callbacks: 0x1b3199698,
g_gigacagebaseptrs: 0x1b1bec000,
g_typedarraypoisons: 0x1b3199720,
longjmp: 0x180b12778,
dlsym: 0x18084ef90,
startfixedmempool: 0x1b31990b8,
endfixedmempool: 0x1b31990c0,
jit_writeseperateheaps_func: 0x1b31990c8,
usefastpermissions_jitcopy: 0x1b1be8018,
ptr_stack_check_guard: 0x1b30f1ef8,
modelio_popx8: 0,
coreaudio_popx2: 0,
linkcode_gadget: 0
};
offsets["iPhone 5S"][11.3] = offsets["iPhone 5S"][11.31];

There is no ios 9.x for 64bit

Hi I dont see anything for 64bit only 32bit just thought I'll let you know unless I'm wrong

iPhone 7 iOS 11.4.1 missing offsets

Dyld Shared Cache Slide (ignore):
0x3974000

disablePrimitiveGigacage:
0x18854ca8c

callbacks:
0x1b35c96a0

g_gigacageBasePtrs:
0x1b1f64000

g_typedArrayPoisons:
0x1b35c9728

longjmp:
0x180b126e8

startOfExecutableMemoryPool:
0x1b35c90b8

endOfExecutableMemoryPool:
0x1b35c90c0

jitWriteSeperateHeapsFunction:
0x1b35c90c8

useFastPermissionsJITCopy:
0x1b1f60018

stack_check_guard:
0x1b3522ef8

LinkCode Gadget:
0x187bf2fb4

Hope this helps

UFOFinder on iOS 11.1.2

Could you rebuild the ipa with support for iOS 11.1.2. I want to test the webkit exploit but don't want to upgrade.

It would be really great if you share source code too.

Thanks.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

mtjailed / jailbreakme Goto Github PK

jailbreakme's Introduction

Jailbreak Me 13.37

Support

How it works

1. Identification

2. Eligibility

3. Strategy selection

4. Payload retrieval

5. Exploitation

6. Post-Exploitation

Credits

jailbreakme's People

Contributors

Stargazers

Watchers

Forkers

jailbreakme's Issues

Recommend Projects

Recommend Topics

Recommend Org