Вернись!
иПхоне 12.1.2 : Успешно Укоренился
Показать корень файла: https://github.com/ux0rdev/ux0rJail
13.x : В обход Аппле Файловая система охрана ешение проблемы с ожиданием паники в ядре ...
Файл журнала:
D platform: iPhone8,1 16C101
+ created 1024 pipes
+ created 8000 ports
+ sprayed 16646144 bytes to 1016 pipes in kalloc.16384
+ created 3564 vouchers
+ sprayed 315752448 bytes to 8 ports in kalloc.1024
+ stashed voucher pointer in thread
...........................................................................................................................................................................
+ sprayed 357924864 bytes of OOL ports to 4 ports in kalloc.32768
+ recovered voucher port 0x2e8207 for freed voucher
+ adding references to the freed voucher to change the OOL port pointer
+ receiving the OOL ports will leak port 0x1ec003
+ received voucher port 0x2e8207 in OOL ports
+ voucher overlapped at offset 0x7ca0
+ received fake port 0x971b
+ port is at pipe index 169
+ got ip_requests at 0xffffffe0066c60a0
+ fake port is at offset 12600
+ base port is at 0xffffffe006a07138
+ kernel_task is at 0xffffffe00050d680
+ done! port 0x971b is tfp0
Noncereboot Baslatiliyor...
D found kernel slide 0x0000000002800000
slide: 0x0000000002800000
got user client: 0x980f
Found port: 0xffffffe006a051b8
Found addr: 0xffffffe005f0ed40
Found vtab: 0xfffffff009665da8
Created fake_vtable at ffffffe0000c8000
Copied some of the vtable over
Created fake_client at ffffffe0000cc000
Copied the user client over
Wrote the `add x0, x0, #0x40; ret;` gadget over getExternalTrapForIndexour proc is at 0xffffffe00693e7b0
kern proc is at 0xfffffff009e6c988
D UID: 0