Giter VIP home page Giter VIP logo

freya15's People

Contributors

pwned4ever avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

satyamisme 34306 h0ahuynh bb33bb mighel881 wyf378830

freya15's Issues

iPhone 7 - 15.5 - crash?

thanks for this,

so i tried this project using manual offset for iphone 7 on ios 15.5:

        off_kalloc_data_external = 0xFFFFFFF0071D4040;
        off_kfree_data_external = 0xFFFFFFF0071D4BA8;
	off_add_x0_x0_0x40_ret = 0xFFFFFFF005C2AEC0;
        off_empty_kdata_page = 0xFFFFFFF007820000 + 0x100;
        off_trustcache = 0xFFFFFFF0078B6570;
        off_gphysbase = 0xFFFFFFF00714E5C0;
        off_gphyssize = 0xFFFFFFF00714E5C8;
        off_pmap_enter_options_addr = 0xFFFFFFF0072C7BD0;
        off_allproc = 0xFFFFFFF007896198; //done
	off_pmap_find_phys = 0xFFFFFFF0072CEAE4;
        off_ml_phys_read_data = 0xFFFFFFF0072DFEB4;
        off_ml_phys_write_data = 0xFFFFFFF0072E011C;
       off_zm_fix_addr_kalloc = 0xFFFFFFF0071373E0;

2023-11-17 17 18 52

EDIT:
seem on ios15.5 :
off_p_name = 0x381;
now device it crash on : newplatformize(getpid());

[i] iPhone 7 offsets selected for iPhone 7 iOS 15.5
[puaf_init]: method_name = smith
[krkw_init]: method_name = kread_IOSurface
[krkw_init]: method_name = kwrite_IOSurface
[i] Still root? uid: 0, gid: 0
[*] Unsandboxing pid 327
[*] Sandboxing pid 327 with slot at 0xffffffe406f525b0
Printing description of pid:
(pid_t) pid = 327
Printing description of proc:
(uint64_t) proc = 18446744005714501480
Printing description of off_p_pid:
(uint32_t) off_p_pid = 104
Printing description of where:
(uint64_t) where = 18446744005714501584
Printing description of where:
(uint64_t) where = 18446744005714501584
Printing description of out:
(uint32_t) out = 1
Printing description of _kfd:
(uint64_t) _kfd = 4309743984
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of uaddr:
(void *) uaddr = 0x000000016f852c64
Printing description of size:
(u64) size = 4
Printing description of kfd:
(u64) kfd = 4309743984
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of uaddr:
(void *) uaddr = 0x000000016f852c64
Printing description of size:
(u64) size = 4
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 4530292060
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 9014512, surface_id = 1)
Printing description of backup:
(u64) backup = 6165965856
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 12129796096
Printing description of objectStorage:
(iosurface_obj *) objectStorage = 0x000000010e03c000
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of backup:
(u64) backup = 18446743965388162128
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 12129796096
Printing description of objectStorage:
(iosurface_obj *) objectStorage = 0x000000010e03c000
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of backup:
(u64) backup = 18446743965388162128
Printing description of read32:
(u32) read32 = 2
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of read32:
(u32) read32 = 0
Printing description of c:
(io_connect_t) c = 15115
Printing description of surface_id:
-8.622435e+15
Printing description of output:
(uint32_t *) output = 0x000000016f852b4c
Printing description of *(output):
(uint32_t) *output = 0
Printing description of kr:
eeeiekk1Mp3ttC1
Printing description of args[0]:
(uint64_t) [0] = 6165965808
Printing description of output:
(uint32_t *) output = 0x000000016f852b4c
Printing description of *(output):
(uint32_t) *output = 0
Printing description of kr:
(kern_return_t) kr = 1
Printing description of args[0]:
<nil>
Printing description of args[0]:
(uint64_t) [0] = 28
Printing description of outsize:
(uint32_t) outsize = 1
Printing description of out:
(uint64_t) out = 6165965600
Printing description of out:
<nil>
Printing description of out:
<nil>
Printing description of kr:
(kern_return_t) kr = 1

last update, crash on sandbox step, for sure offset is wrong on ios 15.5 :

[*] Unsandboxing pid 314
[*] before kwrite unsandbox_slot 
[*] Sandboxing pid 314 with slot at 0xffffffe4d1640c90
[*] before kwrite sandbox_slot 
[*] after kwrite64 on sandbox

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.