iOS 11.1.2 kernel exploit and PoC local kernel debugger by @i41nbeer

This is my attempt to learn more about the iOS kernel and exploit development. I'll try keep at it and add bits as I learn more.

• Adds support for iPad mini 2 wifi
• Adds support for iPhone6 (actually shares symbols with iPod6g)
• Adds temoporary root
• Reads /etc/master.passwd as PoC

I wouldn't have even gotten started if not for @cji. I recommend anyone wanting to start exploring this PoC read his blog post

The technique for getting root was taken from the work done by:

• Abraham Masri @cheesecakeufo https://gist.github.com/iabem97/d11e61afa7a0d0a9f2b5a1e42ee505d8
• @benjibobs https://github.com/benjibobs/async_wake

Used a bunch of the functions from patchfinder64.c by xerub

And the work by stek29 helped me understand the trust_cache and I used some of his work to get my trust_cache injection working. Ninjapawn did a lot of work as that I referenced, especially around remount RW.

• xerub: https://github.com/xerub/extra_recipe
• ninjapawn: https://github.com/ninjaprawn/async_awake-fun
• stek29: https://github.com/stek29/async_awake-fun

I've tried to comment the above work with my understanding and what I've learned in the process. If I've got something fundamentaly wrong please let me know!