Offset missing on 6s plus, 10.0

[judge2020]

I read the issue posting guidelines. This is an issue regarding the actual Yalu process.

Device model: iPhone 8,2
Device info: iPhone 6s Plus on iOS 10.0
Method of install: Both impactor and manual build
Certificate: Paid developer account personal team

Issue:

When opening yalu I see a strange message detailing that the app is not compatible with 64-bit devices. Strange because the app was exclusively built for 64-bit devices.

When dismissing the notification and then clicking "go" it then hangs there. I can still go to app switcher and close Yalu, however, the jailbreak does not complete.

[judge2020]

Looks like the offset is missing for the 6s plus 10.0. Is there a way I could find an offset myself or should I wait for someone else to contribute it?

sysname: Darwin
nodename: huntes-iPhone
release: 16.0.0
version: Darwin Kernel Version 16.0.0: Wed Jul 27 19:44:34 PDT 2016; root:xnu-3789.1.4.2.1~2/RELEASE_ARM64_S8000
machine: iPhone8,2
--> missing offset, prob crashing

Thanks for any help.

[Mila432]

Strange because the app was exclusively built for 64-bit devices.

no the project was build for armv7

all offsets are there why would anyone use ios beta ..

[judge2020]

Oh ok, I recently received this phone from a relative so I wasn't aware it was on beta 4. Which offset is the 6s plus 10.0 I should try to see if it works on beta 4?

[OothecaPickle]

I'll find the correct offsets right now.

[OothecaPickle]

Sorry it's taking so long; in school right now.

[judge2020]

No that's completely fine. Take your time.

[OothecaPickle]

But, I have opened a decompressed iOS 10 beta 4 kernelcache in Hopper, so I should be done soon. :)

[OothecaPickle]

Use this exploit.c: https://gist.github.com/OothecaPickleGNUrmsTUXFSF/c19f947ff3cb3c94445b071666ad8eda

[OothecaPickle]

Let me know if this works. :)

[judge2020]

2017-02-13 17:43:22.113904 yalu102[813:199138] found corruption 38103

or 38203

btw, i put that into offsets.c, not exploit.c. this is off of the main branch.

[OothecaPickle]

Did it work? ; you edited your comment.

[OothecaPickle]

Try my fork: https://github.com/OothecaPickleGNUrmsTUXFSF/yalu102

[judge2020]

Any time while trying the offsets the debug log is "corruption found 19103"

[jtv7]

It means the offsets are incorrect. Send me the kernel and I'll give the correct offsets. Also, this issue should be closed because its not an issue with yalu itself.

[jtv7]

Nevermind, your offsets were correct.

This issue should be closed then, especially because the OP is using a beta.

[OothecaPickle]

@jtv7 Could this be an issue with hard-coded offsets, though?

[jtv7]

@OothecaPickleGNUrmsTUXFSF I doubt it, especially because it works on such a large range of iOS versions. The OP might be building something incorrectly.

[OothecaPickle]

Alright, thanks. :)

[judge2020]

sorry for this then. thanks for all the help.

[judge2020]

Sorry this is such an old issue, I made a screen cap of trying to do this https://youtu.be/8l6y5QDGwYQ.

[OothecaPickle]

@judge2020 is this device still on iOS 10 beta 4? if so i have something for you to try. :)

[judge2020]

Darn @OothecaPickle, sorry. Updated to 11.0.

[OothecaPickle]

@judge2020 oh, never mind then :(