jakeajames
commented
5 years ago What device is it? A12 is not supported. If not A12: What kind of crash? App crash or kernel panic? Send logs?
Open Ret70 opened 5 years ago
jakeajames
commented
5 years ago What device is it? A12 is not supported. If not A12: What kind of crash? App crash or kernel panic? Send logs?
Ret70
commented
5 years ago Not A12. It is kernel panic.
crash line at here:
uint64_t ents = Kernel_Execute(Find_osunserializexml(), (uint64_t)new_entitlements + offsetof(CS_GenericBlob, data), 0, 0, 0, 0, 0, 0);
Kernel_Execute() crash line:
uint64_t returnval = IOConnectTrap6(UserClient, 0, (uint64_t)(x1), (uint64_t)(x2), (uint64_t)(x3), (uint64_t)(x4), (uint64_t)(x5), (uint64_t)(x6));
UserClient has a value. x1,x2,x3,x4,x5,x6 all 0;
Kernel_Execute has been initialized.
jakeajames
commented
5 years ago This is an iPad Mini 2? Now that I think, OSUnserializeXML is broken in there and idk why. I'll probably see how unc0ver does it. For now, you can skip adding entitlements.
Hi,Jake James I copy one dylib to my app bundle, it signed by ldid2. Then i use bypassCodeSign() to bypass all codesign checks for it. Like this:
bypassCodeSign(path_of_dylib_at_bundle);It just crash and no return. I try sign the dylib with a legit cert, but It still crash.OSVersion: iOS12.1