A12z 16.3 not working on misaka 100.0.0

[Mehranullah2017]

A12z 16.3 not working on misaka 100.0.0 may be works on 101.0.0

[camenling]

They were so busy that they were not willing to add the offset even if it was provided to them. I have use Cluckabunga to overwrite mounted Tips with https://github.com/opa334/TrollStore/releases/latest/download/PersistenceHelper_Embedded, and install trollstore myself. Try to do this by yourself. What u need to change: fileglobfg_ops 0x0 -> 0x28 proc__p_fdfd_ofiles 0x0 -> 0xf8 taskthreadsnext <-> thread__task_threads__next for A12x/z

[khoald92vn]

They were so busy that they were not willing to add the offset even if it was provided to them. I have use Cluckabunga to overwrite mounted Tips with https://github.com/opa334/TrollStore/releases/latest/download/PersistenceHelper_Embedded, and install trollstore myself. Try to do this by yourself. What u need to change: fileglobfg_ops 0x0 -> 0x28 proc__p_fdfd_ofiles 0x0 -> 0xf8 taskthreadsnext <-> thread__task_threads__next for A12x/z

Could you explain more detail where and how to change offsets?

[camenling]

Sure, For my ipad: A12X 16.3.1 First: Use offset finder to get offset https://github.com/c22dev/OffsetFinder IPSW can be downloaded at https://ipsw.me

It‘s easy to do this. Or found offset in github someone submit

This is what i got:

{
        .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8120",
        **.fileglob__fg_ops = 0x0**,
        .fileglob__fg_data = 0x40 - 8,
        .fileops__fo_kqfilter = 0x30,
        // .fileproc__fp_iocount = 0x0000,
        // .fileproc__fp_vflags = 0x0004,
        // .fileproc__fp_flags = 0x0008,
        // .fileproc__fp_guard_attrs = 0x000a,
        // .fileproc__fp_glob = 0x0010,
        // .fileproc__fp_guard = 0x0018,
        // .fileproc__object_size = 0x0020,
        .fileproc_guard__fpg_guard = 0x8,
        .kqworkloop__kqwl_state = 0x10,
        .kqworkloop__kqwl_p = 0x18,
        .kqworkloop__kqwl_owner = 0xd0,
        .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18,
        .kqworkloop__object_size = 0x108,
        .pmap__tte = 0x0,
        .pmap__ttep = 0x8,
        .proc__p_list__le_next = 0x0,
        .proc__p_list__le_prev = 0x8,
        .proc__p_pid = 0x60,
        .proc__p_fd__fd_ofiles = 0x0,
        .proc__object_size = 0x538,
        .pseminfo__psem_usecount = 0x04,
        .pseminfo__psem_uid = 0x0c,
        .pseminfo__psem_gid = 0x10,
        .pseminfo__psem_name = 0x14,
        .pseminfo__psem_semobject = 0x38,
        // .psemnode__pinfo = 0x0000,
        // .psemnode__padding = 0x0008,
        // .psemnode__object_size = 0x0010,
        .semaphore__owner = 0x28,
        .specinfo__si_rdev = 0x18,
        .task__map = 0x28,
        .task__threads__next = 0x80 - 0x28,
        .task__threads__prev = 0x80 - 0x28 + 8,
        .task__itk_space = 0x300,
        .task__object_size = 0x648,
        .thread__task_threads__next = 0x380 - 0x18,
        .thread__task_threads__prev = 0x380 - 0x18 + 8,
        .thread__map = 0x380,
        .thread__thread_id = 0x420,
        .thread__object_size = 0x4c8,
        .uthread__object_size = 0xfffffffffffffb38,
        .vm_map_entry__links__prev = 0x00,
        .vm_map_entry__links__next = 0x08,
        .vm_map_entry__links__start = 0x10,
        .vm_map_entry__links__end = 0x18,
        .vm_map_entry__store__entry__rbe_left = 0x20,
        .vm_map_entry__store__entry__rbe_right = 0x28,
        .vm_map_entry__store__entry__rbe_parent = 0x30,
        .vnode__v_un__vu_specinfo = 0x78,
        ._vm_map__hdr__links__prev = 0x00 + 0x8,
        ._vm_map__hdr__links__next = 0x08 + 0x8,
        ._vm_map__hdr__links__start = 0x10 + 0x8,
        ._vm_map__hdr__links__end = 0x18 + 0x8,
        ._vm_map__hdr__nentries = 0x30,
        ._vm_map__hdr__rb_head_store__rbh_root = 0x38,
        ._vm_map__pmap = 0x40,
        ._vm_map__hint = 0x90 + 0x08,
        ._vm_map__hole_hint = 0x90 + 0x10,
        ._vm_map__holes_list = 0x90 + 0x18,
        ._vm_map__object_size = 0x0,
        .kernelcache__kernel_base = 0xfffffff007004000,
        .kernelcache__cdevsw = 0xfffffff00a321190,
        .kernelcache__gPhysBase = 0xfffffff007853fd8,
        .kernelcache__gPhysSize = 0xfffffff007853fd8 + 8,
        .kernelcache__gVirtBase = 0xfffffff0078521b8,
        .kernelcache__perfmon_devices = 0xfffffff00a35c390,
        .kernelcache__perfmon_dev_open = 0xfffffff007ecce7c,
        .kernelcache__ptov_table = 0xfffffff0078073d0,
        .kernelcache__vm_first_phys_ppnum = 0xfffffff00a35b800,
        .kernelcache__vm_pages = 0xfffffff007804090,
        .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806390,
        .kernelcache__vm_page_array_ending_addr = 0xfffffff00a35b7f8,
        .kernelcache__vn_kqfilter = 0xfffffff007f1cea4,
    },

Then: Change some offsets which are wrong:

`//. .fileglob__fg_ops = 0x0, ??? =>
.fileglob__fg_ops = 0x28,
//  .proc__p_fd__fd_ofiles = 0x0,  // ???
.proc__p_fd__fd_ofiles = 0xf8,

// I think  "task__threads__next" "thread__task_threads__next" is nothing use.
// .task__threads__next = 0x80 - 0x28, // ???
.task__threads__next = 0x380 - 0x18, // ???
//.thread__task_threads__next = 0x380 - 0x18, // ???
.thread__task_threads__next = 0x80 - 0x28,`

At Last: Add all offsets to the "libkfd/info/dynamic_info"

Such as:

// For my ipad a12x 16.3.1 work correctly
    {
        .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan  4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020",
        .build_version = "20D67",
        .device_id = "iPad8,3",
        .fileglob__fg_ops = 0x28,
        .fileglob__fg_data = 0x40 - 8,
        .fileops__fo_kqfilter = 0x30,
        // .fileproc__fp_iocount = 0x0000,
        // .fileproc__fp_vflags = 0x0004,
        // .fileproc__fp_flags = 0x0008,
        // .fileproc__fp_guard_attrs = 0x000a,
        // .fileproc__fp_glob = 0x0010,
        // .fileproc__fp_guard = 0x0018,
        // .fileproc__object_size = 0x0020,
        .fileproc_guard__fpg_guard = 0x8,
        .kqworkloop__kqwl_state = 0x10,
        .kqworkloop__kqwl_p = 0x18,
        .kqworkloop__kqwl_owner = 0xd0,
        .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18,
        .kqworkloop__object_size = 0x108,
        .pmap__tte = 0x0,
        .pmap__ttep = 0x8,
        .proc__p_list__le_next = 0x0,
        .proc__p_list__le_prev = 0x8,
        .proc__p_pid = 0x60,
        .proc__p_fd__fd_ofiles = 0xf8,
        .proc__object_size = 0x538,
        .pseminfo__psem_usecount = 0x04,
        .pseminfo__psem_uid = 0x0c,
        .pseminfo__psem_gid = 0x10,
        .pseminfo__psem_name = 0x14,
        .pseminfo__psem_semobject = 0x38,
        // .psemnode__pinfo = 0x0000,
        // .psemnode__padding = 0x0008,
        // .psemnode__object_size = 0x0010,
        .semaphore__owner = 0x28,
        .specinfo__si_rdev = 0x18,
        .task__map = 0x28,
        // .task__threads__next = 0x80 - 0x28, ?????
        .task__threads__next = 0x368 - 0x18,
        .task__threads__prev = 0x80 - 0x28 + 8,
        .task__itk_space = 0x300,
        .task__object_size = 0x628,
        // .thread__task_threads__next = 0x368 - 0x18, ?????
        .thread__task_threads__next = 0x80 - 0x28,
        .thread__task_threads__prev = 0x368 - 0x18 + 8,
        .thread__map = 0x368,
        .thread__thread_id = 0x400,
        .thread__object_size = 0x4a8,
        .uthread__object_size = 0xfffffffffffffb58,
        .vm_map_entry__links__prev = 0x00,
        .vm_map_entry__links__next = 0x08,
        .vm_map_entry__links__start = 0x10,
        .vm_map_entry__links__end = 0x18,
        .vm_map_entry__store__entry__rbe_left = 0x20,
        .vm_map_entry__store__entry__rbe_right = 0x28,
        .vm_map_entry__store__entry__rbe_parent = 0x30,
        .vnode__v_un__vu_specinfo = 0x78,
        ._vm_map__hdr__links__prev = 0x00 + 0x10,
        ._vm_map__hdr__links__next = 0x08 + 0x10,
        ._vm_map__hdr__links__start = 0x10 + 0x10,
        ._vm_map__hdr__links__end = 0x18 + 0x10,
        ._vm_map__hdr__nentries = 0x30,
        ._vm_map__hdr__rb_head_store__rbh_root = 0x38,
        ._vm_map__pmap = 0x40,
        ._vm_map__hint = 0x90 + 0x08,
        ._vm_map__hole_hint = 0x90 + 0x10,
        ._vm_map__holes_list = 0x90 + 0x18,
        ._vm_map__object_size = 0x0,
        .kernelcache__kernel_base = 0xfffffff007004000,
        .kernelcache__cdevsw = 0xfffffff00a2b9178,
        .kernelcache__gPhysBase = 0xfffffff007853d48,
        .kernelcache__gPhysSize = 0xfffffff007853d48 + 8,
        .kernelcache__gVirtBase = 0xfffffff007851f28,
        .kernelcache__perfmon_devices = 0xfffffff00a2f4380,
        .kernelcache__perfmon_dev_open = 0xfffffff007ec7398,
        .kernelcache__ptov_table = 0xfffffff007807288,
        .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800,
        .kernelcache__vm_pages = 0xfffffff0078040c0,
        .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248,
        .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8,
        .kernelcache__vn_kqfilter = 0xfffffff007f19a20,
    },

You can use this offset directly if u are the same as me(ipad pro 2018, a12x, 16.3.1)

BTW, the eaiest project for u to install trollstore is Purekfd beta Now, because lrdsnow had keep the exploit open source. You dont need to write any code but modify dynamic_info.h

[camenling]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

[Mehranullah2017]

You have youtube channel? Any beginner guide for this🙂

[poland4000]

Many thanks for the tutorial, I will be trying once I get mac os VM for building the app. Misaka dev is pretty busy but reason for not adding a12x/z support was constant harrassment, unfortunate the actions of a few individuals will ruin it for all of us.

Mehranullah2017 you are gonna need xcode, download on macos or macos VM and will need to edit the files in purekfd to include the offsets, then build the ipa.

[Mehranullah2017]

https://ipsw.me/download/iPad8,11/20D47 this is my ipad can you make offset for it i am beginner I am waiting from long time tired of altstore refreshing after 7 days

[Mehranullah2017]

Many thanks for the tutorial, I will be trying once I get mac os VM for building the app. Misaka dev is pretty busy but reason for not adding a12x/z support was constant harrassment, unfortunate the actions of a few individuals will ruin it for all of us.

Mehranullah2017 you are gonna need xcode, download on macos or macos VM and will need to edit the files in purekfd to include the offsets, then build the ipa.

Very simplified explanation by @camenling but unfortunately i have no macbook and my current HP laptop is very slow only 4gb ram

[poland4000]

oh, you have the exact same ipad and version im using, ill be making the offsets though it may take some time, as I have no mac I have to set up mac os in virtual box first, may be 6-12 hours from now

[giovannidirenzo]

@camenling what about 15.7.2? offsetfinder says that only supports ios 16. do i have to use libpatchfinder alone?

[khoald92vn]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

[camenling]

@camenling what about 15.7.2? offsetfinder says that only supports ios 16. do i have to use libpatchfinder alone?

no idea about this. misaka says it work. maybe u can try.

[camenling]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

[camenling]

force restart after got this notify. and then open tips

[Mehranullah2017]

@camenling can you make for us? No macbook 💻☺️ https://ipsw.me/download/iPad8,11/20D47

[Mehranullah2017]

![Uploading 80ADA0A4-5617-4354-B038-B2CDB6D55D20.png…]()

[giovannidirenzo]

@camenling what about 15.7.2? offsetfinder says that only supports ios 16. do i have to use libpatchfinder alone?

no idea about this. misaka says it work. maybe u can try.

yes, that's what it says but i think the offset are missing, that's the problem, i can't get libpatchfinder to work

[khoald92vn]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

Mine cannot install troll store. It says like screenshot :((

[poland4000]

guess it will be a while once im able to test.

[camenling]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

Mine cannot install troll store. It says like screenshot :((

maybe u can try “hide home bar” works or not at first

[camenling]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

Mine cannot install troll store. It says like screenshot :((

it must be not iPad8,3

[khoald92vn]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

Mine cannot install troll store. It says like screenshot :((

it must be not iPad8,3

Mine is ipad8,1 or ipad8,2 (wifi only)

[camenling]

Upload two pictures to prove I'm not bullshit. Restart always for my ipad when i use misaka 100.0.0

Could you share your Purekfd app? Because I"m not using Macbook so I cannot build purekfd for my own. And you are using the same ipad, the same version with me. Thank you so much.

i use simplekfd before because exploit is not supported in purekfd before, u can use this if any help for u.

Mine cannot install troll store. It says like screenshot :((

it must be not iPad8,3

Mine is ipad8,1 or ipad8,2 (wifi only)

Just Settings -> uncheck Device ID Check & IOS Build Check, and try again

[LeeeMooo]

I have use Cluckabunga to overwrite mounted Tips with https://github.com/opa334/TrollStore/releases/latest/download/PersistenceHelper_Embedded,

@camenling how did you replace it? there is no file management in Cluckabunga at all

[camenling]

I have use Cluckabunga to overwrite mounted Tips with https://github.com/opa334/TrollStore/releases/latest/download/PersistenceHelper_Embedded,

@camenling how did you replace it? there is no file management in Cluckabunga at all

I have submitted a version of simplekfd that supports installing trollstore, you can use this one