This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[+] Entered shellcode | |
[+] UID: 0, GID: 0 | |
[DIR]: . | |
[DIR]: .. | |
[DIR]: adm | |
[DIR]: app_tmp | |
[DIR]: data | |
[DIR]: dev | |
[DIR]: eap_user | |
[DIR]: eap_vsh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void inject_trusts(int pathc, const char *paths[]) | |
{ | |
printf("[+] injecting into trust cache...\n"); | |
extern uint64_t g_kern_base; | |
static uint64_t tc = 0; | |
if (tc == 0) { | |
/* loaded_trust_caches | |
iPhone11,2-4-6: 0xFFFFFFF008F702C8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void inject_trusts(int pathc, const char *paths[]) | |
{ | |
printf("[+] injecting into trust cache...\n"); | |
extern uint64_t g_kern_base; | |
static uint64_t tc = 0; | |
if (tc == 0) { | |
// loaded_trust_caches: 0xFFFFFFF008F702C8 | |
tc = g_kern_base + (0xFFFFFFF008F702C8 - 0xFFFFFFF007004000); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/Makefile b/Makefile | |
index 96e99b7..4884309 100644 | |
--- a/Makefile | |
+++ b/Makefile | |
@@ -43,6 +43,10 @@ arm64: | |
gobjcopy -O binary -j .text bin/checkm8_arm64.o bin/checkm8_arm64.bin | |
rm bin/checkm8_arm64.o | |
+ xcrun -sdk iphoneos clang src/checkm8_nopaddingcorruption_arm64.S -target arm64-apple-darwin -Wall -o bin/checkm8_nopaddingcorruption_arm64.o | |
+ gobjcopy -O binary -j .text bin/checkm8_nopaddingcorruption_arm64.o bin/checkm8_nopaddingcorruption_arm64.bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// exploit.c | |
// extra_time | |
// | |
// Created by Jake James on 2/8/20. | |
// Copyright © 2020 Jake James. All rights reserved. | |
// | |
#include "exploit.h" | |
#include "IOAccelerator_stuff.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// exploit.c | |
// extra_time | |
// | |
// Created by Jake James on 2/8/20. | |
// Copyright © 2020 Jake James. All rights reserved. | |
// | |
#include "exploit.h" | |
#include "IOAccelerator_stuff.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define WIN32_LEAN_AND_MEAN | |
#define VC_EXTRA_LEAN | |
#define NOGDICAPMASKS //CC_ * , LC_*, PC_*, CP_*, TC_*, RC_ | |
//#define NOVIRTUALKEYCODES //VK_ * | |
//#define NOWINMESSAGES //WM_ * , EM_*, LB_*, CB_* | |
//#define NOWINSTYLES //WS_ * , CS_*, ES_*, LBS_*, SBS_*, CBS_* | |
#define NOSYSMETRICS //SM_ * | |
#define NOMENUS //MF_ * | |
#define NOICONS //IDI_ * |