search

bazad / memctl

An iOS kernel introspection tool.
https://bazad.github.io/2017/09/live-kernel-introspection-ios/
MIT License
226 stars 29 forks source link

Add support for iOS 11.3.1 on the iPhone 5S #6

Closed nezetic closed 6 years ago

nezetic commented 6 years ago

I modified strategy 6 JOP chain a little bit, because MOV_X8_X3__BR_X9 was not found on my iPhone 5S (and it seems quite difficult to stumble upon). I don't have an iPhone 8, but proposed gadgets are also present in iPhone10,1 11.3.1 15E302 kernelcache.

Very nice tool btw 👍 

memctl> kc _current_task
setting up kernel function call...
0xfffffff119fac000
memctl> kc __ZN18IOMemoryDescriptor16withAddressRangeEyyjP4task 0x104000000 0x4000 0x110003 0xfffffff119fac000
0xfffffff11aec0e80
memctl> lc 0xfffffff11aec0e80
IOGeneralMemoryDescriptor
memctl> kc _get_bsdtask_info 0xfffffff119fac000
0xfffffff11b2a5860
memctl> kc _proc_pid 0xfffffff11b2a5860
0xe3
bazad commented 6 years ago

Thanks for extending call strategy 6 to the iPhone 5s! I added some updates to the documentation (comment changes only); if it looks good to you I'll merge.

nezetic commented 6 years ago

Looks good! Happy I didn't break iPhone 8 support :sweat_smile: