Giter VIP home page Giter VIP logo

freya15's Issues

iPhone 7 - 15.5 - crash?

thanks for this,

so i tried this project using manual offset for iphone 7 on ios 15.5:

        off_kalloc_data_external = 0xFFFFFFF0071D4040;
        off_kfree_data_external = 0xFFFFFFF0071D4BA8;
	off_add_x0_x0_0x40_ret = 0xFFFFFFF005C2AEC0;
        off_empty_kdata_page = 0xFFFFFFF007820000 + 0x100;
        off_trustcache = 0xFFFFFFF0078B6570;
        off_gphysbase = 0xFFFFFFF00714E5C0;
        off_gphyssize = 0xFFFFFFF00714E5C8;
        off_pmap_enter_options_addr = 0xFFFFFFF0072C7BD0;
        off_allproc = 0xFFFFFFF007896198; //done
	off_pmap_find_phys = 0xFFFFFFF0072CEAE4;
        off_ml_phys_read_data = 0xFFFFFFF0072DFEB4;
        off_ml_phys_write_data = 0xFFFFFFF0072E011C;
       off_zm_fix_addr_kalloc = 0xFFFFFFF0071373E0;

2023-11-17 17 18 52

EDIT:
seem on ios15.5 :
off_p_name = 0x381;
now device it crash on : newplatformize(getpid());

[i] iPhone 7 offsets selected for iPhone 7 iOS 15.5
[puaf_init]: method_name = smith
[krkw_init]: method_name = kread_IOSurface
[krkw_init]: method_name = kwrite_IOSurface
[i] Still root? uid: 0, gid: 0
[*] Unsandboxing pid 327
[*] Sandboxing pid 327 with slot at 0xffffffe406f525b0
Printing description of pid:
(pid_t) pid = 327
Printing description of proc:
(uint64_t) proc = 18446744005714501480
Printing description of off_p_pid:
(uint32_t) off_p_pid = 104
Printing description of where:
(uint64_t) where = 18446744005714501584
Printing description of where:
(uint64_t) where = 18446744005714501584
Printing description of out:
(uint32_t) out = 1
Printing description of _kfd:
(uint64_t) _kfd = 4309743984
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of uaddr:
(void *) uaddr = 0x000000016f852c64
Printing description of size:
(u64) size = 4
Printing description of kfd:
(u64) kfd = 4309743984
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of uaddr:
(void *) uaddr = 0x000000016f852c64
Printing description of size:
(u64) size = 4
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 4530292060
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 9014512, surface_id = 1)
Printing description of backup:
(u64) backup = 6165965856
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 12129796096
Printing description of objectStorage:
(iosurface_obj *) objectStorage = 0x000000010e03c000
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of backup:
(u64) backup = 18446743965388162128
Printing description of kfd:
(kfd *) kfd = 0x0000000100e17970
Printing description of kaddr:
(u64) kaddr = 18446744005714501584
Printing description of iosurface_uaddr:
(u64) iosurface_uaddr = 12129796096
Printing description of objectStorage:
(iosurface_obj *) objectStorage = 0x000000010e03c000
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of backup:
(u64) backup = 18446743965388162128
Printing description of read32:
(u32) read32 = 2
Printing description of krwObject:
(iosurface_obj) krwObject = (port = 15115, surface_id = 28)
Printing description of read32:
(u32) read32 = 0
Printing description of c:
(io_connect_t) c = 15115
Printing description of surface_id:
-8.622435e+15
Printing description of output:
(uint32_t *) output = 0x000000016f852b4c
Printing description of *(output):
(uint32_t) *output = 0
Printing description of kr:
eeeiekk1Mp3ttC1
Printing description of args[0]:
(uint64_t) [0] = 6165965808
Printing description of output:
(uint32_t *) output = 0x000000016f852b4c
Printing description of *(output):
(uint32_t) *output = 0
Printing description of kr:
(kern_return_t) kr = 1
Printing description of args[0]:
<nil>
Printing description of args[0]:
(uint64_t) [0] = 28
Printing description of outsize:
(uint32_t) outsize = 1
Printing description of out:
(uint64_t) out = 6165965600
Printing description of out:
<nil>
Printing description of out:
<nil>
Printing description of kr:
(kern_return_t) kr = 1

last update, crash on sandbox step, for sure offset is wrong on ios 15.5 :

[*] Unsandboxing pid 314
[*] before kwrite unsandbox_slot 
[*] Sandboxing pid 314 with slot at 0xffffffe4d1640c90
[*] before kwrite sandbox_slot 
[*] after kwrite64 on sandbox

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.