Kernel Panic on iPhone5,2 iOS 9.3.2

[iTommy258]

My iPhone 5,2 gets a Kernel Panic after pressing the button and it reboots. I can include the crashlogs if you want to. Thank you for your work.

[Xernium]

Okay I am not the one who did the support for the iPhone 5,2 but it seems since I fixed up the exploit for 9.2.x there are complications.

Can you please try the old build? https://github.com/ganoninc/trident-kloader-updated/blob/master/build/Trident-Kloader-1.2-compiled-by-junmatsuzawa.ipa

And yes a crashlog would be useful, I suggest uploading it to pastebin and posting the link here. I Only joined this project a few days ago so I was not involved in supporting the 5,2 but I promise ill look into it when I have the time

[iTommy258]

I already tried the old build and the xcode project. Here is the crashlog: http://pastebin.com/sqnXZYi7

Thanks for your help.

[Xernium]

I will push an updated offset list later, and release a new build, which hopefully solves your issue

[iTommy258]

Okay, thats awesome. I test it as soon as you release. Can i simply put the device in idevicediagnostics and simply restore it to iOS 8.4.1 via OdysseussOTA 2?

[Xernium]

you don't need idevicediagnostics and yea you can use odysseusOTA2, but 8.4.1 is not jailbreakable (well it is but its not untethered for the iPhone5,2) Don't you have any other blobs?

[iTommy258]

Unfortunately not, its a replacement iPhone 5. I just want to have it on the lowest Version possible because i want it as collectors item and i have devices on all Major Firmwares except iOS 8. After you pushed the patch, could you maybe help me with installing 8.4.1?

[Xernium]

sure, and I found the issue, the iPhone 5,2 is missing 2 offsets and Idk why, will try to get them after I'm done downloading all the ipsw's

[iTommy258]

Thats awesome. Thank you so much. You saved my day :)

[Xernium]

Look in the build directory, I pushed a new build. Test and report back. Thanks

[iTommy258]

still panics. log is here: http://pastebin.com/aBx2X0QP

[iTommy258]

Do you need something else from me? Other Panic logs?

[EGYbkgo9449]

5,3 has the same issue, I've solved it but I've ran into another one Will send the updates once I solve all the issues :)

[iTommy258]

Thats very awesome. I am excited to have my 5 back on iOS 8. Thank you!

[EGYbkgo9449]

Me too #lol You're welcome but there is an issue that I wasn't able to fix :( But I'll keep trying :)

[iTommy258]

Nice! If you need some help from me, simply just ask. I'll be there

[EGYbkgo9449]

Okay thx :)

[iTommy258]

Where is the issue located? Is it something with the offsets? I can add try to add the offsets for my own and check it later. I am not a pro or something like that but i maybe could try it.

[iTommy258]

I am sitting in school and started googeling, and i found something maybe interesting if the fault is on offsets side. Check that: iPhone5,2 (N42AP), iOS 9.3.2 (Frisco 13F69) versus iPad3,2 (J2AP), iOS 9.3.2 (Eagle 13E238). Maybe its just nonsense but maybe not.

[Xernium]

Yes the different builds tend to cause a headache for me too You can't really find out the build from the version only, and the offsets are different at one spot If you have a fix to share, fork this repo, commit some the fix and open a pull request (merge req) and I'll accept it The list features A LOT of builds that don't work (yet) So no wonder there are problems

Am 17.01.2017 um 11:09 schrieb Tom K. notifications@github.com:

I am sitting in school and started googeling, and i found something maybe interesting if the fault is on offsets side. Check that: iPhone5,2 (N42AP), iOS 9.3.2 (Frisco 13F69) versus iPad3,2 (J2AP), iOS 9.3.2 (Eagle 13E238). Maybe its just nonsense but maybe not.

― You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[iTommy258]

Yea. I would try to create a fix for the 5,2 9.3.2 but I am not sure if I can make it. It looks kinda complicated and i never did that before. Can you maybe notify me if you fixed the 5,2 for 9.3.2?

[Xernium]

will do. got a to of school stuff in the next days so will try to do it this weekend

[iTommy258]

Okay, thats awesome!

[Xernium]

you will need something like iDA or Hopper to get firmware offsets, which luckily I have, I just need to download ALL firmwares I want offsets from...

[EGYbkgo9449]

Guys the kernel panic issue is in the first line of the CVE 4656

After fixing it, this line gives me an assertion failure: assert(read_primitive(kernel_base) == 0xfeedface)

[iTommy258]

Does this mean, that you fixed it?

[EGYbkgo9449]

The kernel panic yes, but the whole app still doesn't work

[Xernium]

Tell me why it does work on the other fw versions then... I don't get it, and I haven't messed with the exploit other than

return *(uint32_t *)(data+36) & 0xFFF00000 + 0x1000; to return (*(uint32_t *)(data+36) & 0xFFF00000) + 0x1000;

which worked for some reason with some builds, Idk why though

[EGYbkgo9449]

It's not about the build versions, the iPhone 5 & 5C (5,1 ----> 5,4) r different from the other 32bit devices

[iTommy258]

Does that mean, that the problem isn't the kloader? Its the OG Trident exploit, am i right?

[Xernium]

It appears so but I don't have time to look at it today, EGYbkgo9449 if you can fix it, or you have anything to contribute be sure to do a pull req, ill gladly merge it

[EGYbkgo9449]

Yep, that's right 👍

[EGYbkgo9449]

@Djsn0wfall I'm trying my best, and sure once I fix it I'll push the files 😉

[ganoninc]

@iTommy258

assert(read_primitive(kernel_base) == 0xfeedface)

This is related to the original Trident Exploit.

A lot of assertions are evaluated before reaching the Kloader.

Kloader is launched once we gained the root access.

[iTommy258]

This sounds very awesome!

[iTommy258]

Anything new for that issue?

[Xernium]

not yet but it seems its the same issue that bugs the iPad3,3 iPhone5,1 and iPhone5,3 too

[iTommy258]

Is it because of the A6 chip? (if i annoy with that questions, please tell me) but i want to know as much as possible about that because i love that topic :)

[EGYbkgo9449]

Yep, If there is any dev who'd like to help me, tweet me on "Twitter.com/SpRay_BestTube" :)

[iTommy258]

Okay, that's awesome. I don't know any devs with that knowledge but I hope it will work soon. If you need a tester for something (even the littlest modification in a beta or teste build) feel free to ask me. I don't have something to do in my Life except sleeping 6 hours in school, playing CS:GO and Play around with one of my 20 iOS devices :D

[Xernium]

@iTommy258 are you ready to try something experimental? If yes contact me on twitter via DM https://twitter.com/DjSn0wfall

[EGYbkgo9449]

The new update doesn't work, I've already tested that before, I've got a new fix but this panic appears at the end (another issue):

http://pastebin.com/vZKTbhMC

[EGYbkgo9449]

I've said everything IK about this issue in here:

https://github.com/benjamin-42/Trident/issues/62

[iTommy258]

I can't test new builds for 9.3.2 anymore. I jailbroke my 5,2 on 9.3.2 and used kDFU App to get back to iOS 8.4.1. Ended in recovery. I have another iPhone 5,2 on iOS 9.3.4 if you want to test me something for it.