iPhone9,4 v0rtex Error

[ScknCbt]

2017-12-26 20:59:23.083732+0100 v0rtexNonce[303:36003] uid isn't 0 2017-12-26 20:59:23.084208+0100 v0rtexNonce[303:36003] Darwin Kernel Version 16.5.0: Thu Feb 23 23:22:55 PST 2017; root:xnu-3789.52.2~7/RELEASE_ARM64_T8010 2017-12-26 20:59:23.084238+0100 v0rtexNonce[303:36003] loading offsets for iPhone9,4 - 14E304 2017-12-26 20:59:23.084250+0100 v0rtexNonce[303:36003] test offset x0x0x10gadget: fffffff0064ff0a8 2017-12-26 20:59:23.084371+0100 v0rtexNonce[303:36003] service: 650b 2017-12-26 20:59:23.084448+0100 v0rtexNonce[303:36003] client: 660b, (os/kern) successful 2017-12-26 20:59:23.084562+0100 v0rtexNonce[303:36003] newSurface: (os/kern) successful 2017-12-26 20:59:23.088450+0100 v0rtexNonce[303:36003] realport: 6703 2017-12-26 20:59:23.088465+0100 v0rtexNonce[303:36003] port: 106803 2017-12-26 20:59:23.088489+0100 v0rtexNonce[303:36003] mach_port_insert_right: (os/kern) successful 2017-12-26 20:59:23.088513+0100 v0rtexNonce[303:36003] mach_ports_register: (os/kern) successful 2017-12-26 20:59:23.088535+0100 v0rtexNonce[303:36003] herp derp 2017-12-26 20:59:23.189651+0100 v0rtexNonce[303:36003] mach_ports_register: (os/kern) successful 2017-12-26 20:59:23.385279+0100 v0rtexNonce[303:36003] mach_port_get_context: 0x300011fb00000011, (os/kern) successful 2017-12-26 20:59:23.385492+0100 v0rtexNonce[303:36003] setValue(4603): (os/kern) successful 2017-12-26 20:59:23.385546+0100 v0rtexNonce[303:36003] mach_port_request_notification: 0, (os/kern) successful 2017-12-26 20:59:23.385607+0100 v0rtexNonce[303:36003] getValue(4603): 0x1010 bytes, (os/kern) successful 2017-12-26 20:59:23.385627+0100 v0rtexNonce[303:36003] Failed to leak realport pointer 2017-12-26 20:59:23.391715+0100 v0rtexNonce[303:36003] Failed to get kernel task 2017-12-26 20:59:23.417544+0100 v0rtexNonce[303:36003] Reading var failed 2017-12-26 20:59:23.417608+0100 v0rtexNonce[303:36003] current generator:

[eXqusic]

Offsets were just updated so it might work now. Let us know if it does.

[ScknCbt]

This is the new version

2017-12-26 22:41:56.805419+0100 v0rtexNonce[239:4411] uid isn't 0 2017-12-26 22:41:56.807405+0100 v0rtexNonce[239:4411] Darwin Kernel Version 16.5.0: Thu Feb 23 23:22:55 PST 2017; root:xnu-3789.52.2~7/RELEASE_ARM64_T8010 2017-12-26 22:41:56.807508+0100 v0rtexNonce[239:4411] loading offsets for iPhone9,4 - 14E304 2017-12-26 22:41:56.807523+0100 v0rtexNonce[239:4411] test offset x0x0x10gadget: fffffff0063c9398 2017-12-26 22:41:56.807666+0100 v0rtexNonce[239:4411] service: 650b 2017-12-26 22:41:56.807771+0100 v0rtexNonce[239:4411] client: 660b, (os/kern) successful 2017-12-26 22:41:56.807882+0100 v0rtexNonce[239:4411] newSurface: (os/kern) successful 2017-12-26 22:41:56.811265+0100 v0rtexNonce[239:4411] realport: 6703 2017-12-26 22:41:56.811294+0100 v0rtexNonce[239:4411] port: 106803 2017-12-26 22:41:56.811348+0100 v0rtexNonce[239:4411] mach_port_insert_right: (os/kern) successful 2017-12-26 22:41:56.811376+0100 v0rtexNonce[239:4411] mach_ports_register: (os/kern) successful 2017-12-26 22:41:56.811431+0100 v0rtexNonce[239:4411] herp derp 2017-12-26 22:41:56.923688+0100 v0rtexNonce[239:4411] mach_ports_register: (os/kern) successful 2017-12-26 22:41:57.133830+0100 v0rtexNonce[239:4411] mach_port_get_context: 0x300001a900000011, (os/kern) successful 2017-12-26 22:41:57.143981+0100 v0rtexNonce[239:4411] setValue(425): (os/kern) successful 2017-12-26 22:41:57.144055+0100 v0rtexNonce[239:4411] mach_port_request_notification: 0, (os/kern) successful 2017-12-26 22:41:57.144123+0100 v0rtexNonce[239:4411] getValue(425): 0x1010 bytes, (os/kern) successful 2017-12-26 22:41:57.144187+0100 v0rtexNonce[239:4411] Failed to leak realport pointer 2017-12-26 22:41:57.149913+0100 v0rtexNonce[239:4411] Failed to get kernel task 2017-12-26 22:41:57.172902+0100 v0rtexNonce[239:4411] Reading var failed 2017-12-26 22:41:57.172974+0100 v0rtexNonce[239:4411] current generator:

[ghost]

what happens when you open the app? does it reboot? does it show kernel exploit failed???

[arx8x]

It takes a lot of tries. That's all I can say

[eXqusic]

@arx8x it seems to be only happening on iPhone 7 and 7Plus though..

[arx8x]

The exploit was just updated. Re-compile or use the latest release

[eXqusic]

@arx8x May I ask what exactly was changed? Im asking cause the only way I can compile is by borrowing a friends laptop and I dont want to start annoying him haha

[arx8x]

The exploit itself. It was a little outdated. I've also included a new zip in the release section. If you can't compile, download it and sideload with impactor

[eXqusic]

Okay thank you, that helps so much for the compiled version too!

[eXqusic]

Sorry but it seems to not work at all now, it just opens and doesnt say if it failed or anything. It does say that current generator is -unavailable- or does that just mean its failed?

[arx8x]

Try setting a generator. It seems to have worked

[arx8x]

If it didn't reboot or say it failed, it worked

[eXqusic]

@arx8x But it doesnt say what its current generator is -unavailable- so wouldnt that mean it failed..?

[ghost]

@arx8x , when launching the app it shows. 'Current generator' -unavailable- after pressing the empty area I can set my nonce, it also shows then on the current generator.

But when I launch futurerestore and start with restoring to 11.1.2 it says,devicenonce does not match apticket nonce.

It looks like the nonce resets when futurerestore pushes the iphone in recovery mode..

[ScknCbt]

@forzabatur your have also a iPhone9,4 ?

[ScknCbt]

@arx8x now i can set the generator after i try 5 times make a restart and start again

2017-12-27 04:06:41.468672+0100 v0rtexNonce[228:4448] uid isn't 0 2017-12-27 04:06:41.470702+0100 v0rtexNonce[228:4448] Darwin Kernel Version 16.5.0: Thu Feb 23 23:22:55 PST 2017; root:xnu-3789.52.2~7/RELEASE_ARM64_T8010 2017-12-27 04:06:41.470735+0100 v0rtexNonce[228:4448] loading offsets for iPhone9,4 - 14E304 2017-12-27 04:06:41.470745+0100 v0rtexNonce[228:4448] test offset x0x0x10gadget: fffffff0063c9398 2017-12-27 04:06:41.470810+0100 v0rtexNonce[228:4448] service: 650b 2017-12-27 04:06:41.470908+0100 v0rtexNonce[228:4448] client: 660b, (os/kern) successful 2017-12-27 04:06:41.471013+0100 v0rtexNonce[228:4448] newSurface: (os/kern) successful 2017-12-27 04:06:41.471035+0100 v0rtexNonce[228:4448] realport: 6703, (os/kern) successful 2017-12-27 04:06:41.474971+0100 v0rtexNonce[228:4448] port: 106803 2017-12-27 04:06:41.475026+0100 v0rtexNonce[228:4448] mach_port_insert_right: (os/kern) successful 2017-12-27 04:06:41.475049+0100 v0rtexNonce[228:4448] mach_ports_register: (os/kern) successful 2017-12-27 04:06:41.475072+0100 v0rtexNonce[228:4448] herp derp 2017-12-27 04:06:41.576249+0100 v0rtexNonce[228:4448] mach_ports_register: (os/kern) successful 2017-12-27 04:06:41.789749+0100 v0rtexNonce[228:4448] mach_port_get_context: 0x100000a400000000, (os/kern) successful 2017-12-27 04:06:41.789895+0100 v0rtexNonce[228:4448] reallocate_buf: (os/kern) successful 2017-12-27 04:06:41.789929+0100 v0rtexNonce[228:4448] mach_port_request_notification(realport): 0, (os/kern) successful 2017-12-27 04:06:41.789989+0100 v0rtexNonce[228:4448] getValue(164): 0x1010 bytes, (os/kern) successful 2017-12-27 04:06:41.790022+0100 v0rtexNonce[228:4448] realport addr: 0xffffffe0068cae98 2017-12-27 04:06:41.790035+0100 v0rtexNonce[228:4448] mach_port_request_notification(fakeport): 6807, (os/kern) successful 2017-12-27 04:06:41.790073+0100 v0rtexNonce[228:4448] getValue(164): 0x1010 bytes, (os/kern) successful 2017-12-27 04:06:41.790083+0100 v0rtexNonce[228:4448] fakeport addr: 0xffffffe004e84dc8 2017-12-27 04:06:41.790189+0100 v0rtexNonce[228:4448] reallocate_buf: (os/kern) successful 2017-12-27 04:06:41.790231+0100 v0rtexNonce[228:4448] itk_space: 0xffffffe0005dc480 2017-12-27 04:06:41.790247+0100 v0rtexNonce[228:4448] self_task: 0xffffffe005eb9fe0 2017-12-27 04:06:41.790260+0100 v0rtexNonce[228:4448] IOSurfaceRootUserClient port: 0xffffffe0068c8bd0 2017-12-27 04:06:41.790274+0100 v0rtexNonce[228:4448] IOSurfaceRootUserClient addr: 0xffffffe00515ba00 2017-12-27 04:06:41.790290+0100 v0rtexNonce[228:4448] IOSurfaceRootUserClient vtab: 0xfffffff01f04a238 2017-12-27 04:06:41.790308+0100 v0rtexNonce[228:4448] slide: 0x0000000018200000 2017-12-27 04:06:41.790319+0100 v0rtexNonce[228:4448] mach_ports_register: (os/kern) successful 2017-12-27 04:06:41.790333+0100 v0rtexNonce[228:4448] zone_map: 0xfffffff11c88a8a0 2017-12-27 04:06:41.791725+0100 v0rtexNonce[228:4448] reallocate_buf: (os/kern) successful 2017-12-27 04:06:41.791765+0100 v0rtexNonce[228:4448] mach_vm_remap: (os/kern) successful 2017-12-27 04:06:41.791774+0100 v0rtexNonce[228:4448] shmem_addr: 0x00000001005f0000 2017-12-27 04:06:41.791781+0100 v0rtexNonce[228:4448] vtab addr: 0xffffffe004e84000 2017-12-27 04:06:41.791795+0100 v0rtexNonce[228:4448] fakeobj addr: 0xffffffe004e84600 2017-12-27 04:06:41.791807+0100 v0rtexNonce[228:4448] kernel_task addr: 0xffffffe000621fe0, success 2017-12-27 04:06:41.791815+0100 v0rtexNonce[228:4448] kernproc addr: 0xfffffff01f7e5478, success 2017-12-27 04:06:41.791822+0100 v0rtexNonce[228:4448] kern_ucred: 0xffffffe00083def0, success 2017-12-27 04:06:41.791830+0100 v0rtexNonce[228:4448] self_proc: 0xffffffe005d4d4a8, success 2017-12-27 04:06:41.791837+0100 v0rtexNonce[228:4448] self_ucred: 0xffffffe00083d440, success 2017-12-27 04:06:41.791845+0100 v0rtexNonce[228:4448] stole the kernel's cr_label 2017-12-27 04:06:41.791861+0100 v0rtexNonce[228:4448] uid: 0 2017-12-27 04:06:41.791869+0100 v0rtexNonce[228:4448] realhost: 6907 (host: a03) 2017-12-27 04:06:41.791875+0100 v0rtexNonce[228:4448] zm_task addr: 0xffffffe004e846a0 2017-12-27 04:06:41.791882+0100 v0rtexNonce[228:4448] km_task addr: 0xffffffe004e84780 2017-12-27 04:06:41.791888+0100 v0rtexNonce[228:4448] kernel_map: 0xfffffff11c88a780, success 2017-12-27 04:06:41.791895+0100 v0rtexNonce[228:4448] ipc_space_kernel: 0xffffffe0005de010, success 2017-12-27 04:06:41.791902+0100 v0rtexNonce[228:4448] zm_range: 0xffffffe000530000-0xffffffe018530000, success 2017-12-27 04:06:41.791909+0100 v0rtexNonce[228:4448] zm_port addr: 0xffffffe0027943f0 2017-12-27 04:06:41.791915+0100 v0rtexNonce[228:4448] km_port addr: 0xffffffe002794150 2017-12-27 04:06:41.791922+0100 v0rtexNonce[228:4448] copyin: success 2017-12-27 04:06:41.792008+0100 v0rtexNonce[228:4448] mach_ports_lookup: (os/kern) successful 2017-12-27 04:06:41.792027+0100 v0rtexNonce[228:4448] zone_map port: 6a07 2017-12-27 04:06:41.792035+0100 v0rtexNonce[228:4448] kernel_map port: 6b07 2017-12-27 04:06:41.792044+0100 v0rtexNonce[228:4448] mach_ports_register: (os/kern) successful 2017-12-27 04:06:41.792063+0100 v0rtexNonce[228:4448] mach_vm_remap: (os/kern) successful 2017-12-27 04:06:41.792069+0100 v0rtexNonce[228:4448] remap_addr: 0xffffffe000001fe0 2017-12-27 04:06:41.792087+0100 v0rtexNonce[228:4448] mach_vm_wire: (os/kern) successful 2017-12-27 04:06:41.792094+0100 v0rtexNonce[228:4448] newport: 0xffffffe002797db0 2017-12-27 04:06:41.792150+0100 v0rtexNonce[228:4448] copyin: success 2017-12-27 04:06:41.792179+0100 v0rtexNonce[228:4448] kernel_task: 6c07, (os/kern) successful 2017-12-27 04:06:41.798115+0100 v0rtexNonce[228:4448] kernel_task: 0x6c07 2017-12-27 04:06:41.798163+0100 v0rtexNonce[228:4448] Reading kernel header... 2017-12-27 04:06:41.798194+0100 v0rtexNonce[228:4448] Found TEXT.cstring section at 0xfffffff01f21f7d8 2017-12-27 04:06:41.798386+0100 v0rtexNonce[228:4448] Found DATA.data section at 0xfffffff01f73c000 2017-12-27 04:06:41.798942+0100 v0rtexNonce[228:4448] Found string "little-endian?" at 0xfffffff01f25bc4f 2017-12-27 04:06:41.799035+0100 v0rtexNonce[228:4448] Found gOFVariables at 0xfffffff01f76b6b0 2017-12-27 04:06:41.799069+0100 v0rtexNonce[228:4448] Successfully patched permissions for variable "com.apple.System.boot-nonce" 2017-12-27 04:06:41.799216+0100 v0rtexNonce[228:4448] current generator: 0xfa66c64ca08243d3 2017-12-27 04:06:45.240582+0100 v0rtexNonce[228:4448] [MC] System group container for systemgroup.com.apple.configurationprofiles path is /private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles 2017-12-27 04:06:45.242057+0100 v0rtexNonce[228:4448] [MC] Reading from private effective user settings.

[ghost]

Yes I have iphone 9,4