search

userlandkernel / jailbreakme-unified

Framework for iOS browser exploitation to kernel privileges and rootfs remount
https://racecondition.win
Other
86 stars 26 forks source link

offset 8+ #5

Closed hoanmaster321 closed 5 years ago

hoanmaster321 commented 5 years ago

Credits Offset finder: Sem Voigtländer UI: iSn0w

aslr slide (ignore this): 0x14798000

JavaScriptCore base: 0x188174000

ModelIO base: 0xffffffffeb868000

CoreAudio base: 0x1842af000

disablePrimitiveGiga­cage: 0x1881cbf54

g_gigacageBasePtrs: 0x1b8918000

jitWriteSeparateHeap­sFunction: 0x1babad0d0

useFastPermisionsJIT­Copy: 0x1b891c018

ptr_stack_check_guar­d: 0x1baaf6a18

dlsym: 0x180923d64

longjmp: 0x180adc630

callbacks: 0x1b891c1a8

McGamezZPlayer commented 5 years ago

Just gonna say this, but you can put those into the offsets file if you know how to.

hoanmaster321 commented 5 years ago

Yes but i add offset , website say no support

hoanmaster321 commented 5 years ago 
    vtable: 0x1c6c19058,
    disableprimitivegigacage: 0x1881cbf54,
    g_gigacagebaseptrs: 0x1b8918000,
    g_typedarraypoisons: kOFFUnknown,
    startfixedmempool: kOFFUnknown,
    endfixedmempool: kOFFUnknown,
    jit_writeseperateheaps_func: 0x1babad0d0,
    usefastpermissions_jitcopy: 0x1b891c018,
    ptr_stack_check_guard: 0x1baaf6a18,
    dlsym: 0x180923d64,
    longjmp: 0x180adc630,
    callbacks: 0x1b891c1a8,
    modelio_popx8: kOFFUnknown,
    linkcode_gadget: kOFFUnknown
userlandkernel commented 5 years ago

Which iOS version is this abour?

hoanmaster321 commented 5 years ago

Which iOS version is this abour?

Ios 12.0.1 (16A404) 8+

userlandkernel commented 5 years ago

Thanks, they're there now.