Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] unc0ver Version: 3.0.0~b46
- [*] Darwin Kernel Version 18.2.0: Mon Nov 12 20:31:59 PST 2018; root:xnu-4903.232.2~1/RELEASE_ARM64_S5L8960X
- [*] Bundled Resources Version: 1.0~b6
- [*] STATUS: Jailbreak
- [*] STATUS: Exploiting (1/37)
- [*] Loading preferences...
- [*] Successfully loaded preferences.
- [*] STATUS: Exploiting (2/37)
- [*] Exploiting kernel_task...
- [*] page size: 0x1000, (os/kern) successful
- [*] client: 5b0f, (os/kern) successful
- [*] surface ID: 0x1a
- [*] fakeport: 0x10507c000
- [*] got gc at 5 -- breaking
- [*] port: 225f17
- [*] WE REALLY POSTED UP ON THIS BLOCK
- [*] faketask: 0x101801e00
- [*] got ikmq_base: 0xfffffff057058900
- [*] ikm_header: 0xfffffff057058988
- [*] port_addr: 0xfffffff05994b760
- [*] itk_space: 0xfffffff056eb9850
- [*] ourtask: 0xfffffff058d4c000
- [*] found kernel_base: 0xfffffff00f004000
- [*] kernel slide: 0x8000000
- [*] kernel base: 0xfffffff00f004000
- [*] read kernel base value: feedfacf
- [*] got ikmq_base: 0xfffffff057058900
- [*] ikm_next: 0xfffffff05759b400
- [*] ikm_header: 0xfffffff05759b488
- [*] port_addr: 0xfffffff055a258f0
- [*] realhost: 0xfffffff010870778
- [*] got ourproc: 0xfffffff057777000
- [*] got kernproc: 0xfffffff0108b5b00
- [*] got kerntask: 0xfffffff055a3d840
- [*] got kernel vm map: 0xfffffff05464c6b0
- [*] ipc_space_kernel: 0xfffffff055a20fc0
- [*] got kernel base: 100000cfeedfacf
- [*] kernel_task_buf: 0xfffffff008ee1000
- [*] kernel_port_buf: 0xfffffff008f17000
- [*] orig_ucred: 0xfffffff056ea9d00
- [*] kern_ucred: 0xfffffff055d19560
- [*] setuid: 0, uid: 0
- [*] setuid: 0, uid: 501
- [*] tfp0: 0x203b0b
- [*] kernel_base: 0xfffffff00f004000
- [*] kernel_slide: 0x0000000008000000
- [*] Successfully exploited kernel_task.
- [*] STATUS: Exploiting (3/37)
- [*] Initializing patchfinder64...
- [*] Detected monolithic kernel.
- [*] Successfully initialized patchfinder64.
- [*] STATUS: Exploiting (4/37)
- [*] Finding offsets...
- [*] trustcache = 0xfffffff0088f6068 + 0x0000000008000000
- [*] OSBoolean_True = 0xfffffff0088ff9a0 + 0x0000000008000000
- [*] osunserializexml = 0xfffffff007bf5f48 + 0x0000000008000000
- [*] smalloc = 0xfffffff00856bb28 + 0x0000000008000000
- [*] add_x0_x0_0x40_ret = 0xfffffff007a4a39c + 0x0000000008000000
- [*] zone_map_ref = 0xfffffff008872948 + 0x0000000008000000
- [*] vfs_context_current = 0xfffffff0077b7358 + 0x0000000008000000
- [*] vnode_lookup = 0xfffffff007788390 + 0x0000000008000000
- [*] vnode_put = 0xfffffff00777f0e4 + 0x0000000008000000
- [*] kernel_task = 0xfffffff008872200 + 0x0000000008000000
- [*] shenanigans = 0xfffffff008903ce0 + 0x0000000008000000
- [*] lck_mtx_lock = 0xfffffff00773e698 + 0x0000000008000000
- [*] lck_mtx_unlock = 0xfffffff00773ef3c + 0x0000000008000000
- [*] vnode_get_snapshot = 0xfffffff0077ada44 + 0x0000000008000000
- [*] fs_lookup_snapshot_metadata_by_name_and_return_name = 0xfffffff0084594f0 + 0x0000000008000000
- [*] apfs_jhash_getvnode = 0xfffffff00849a4ac + 0x0000000008000000
- [*] Successfully found offsets.
- [*] STATUS: Exploiting (5/37)
- [*] Deinitializing patchfinder64...
- [*] Successfully deinitialized patchfinder64.
- [*] STATUS: Exploiting (6/37)
- [*] Escaping Sandbox...
- [*] kCFCoreFoundationVersionNumber: 1561.000000
- [*] offsets selected for iOS 12.0 or above
- [*] kernproc = 0xfffffff0108b5b00
- [*] myProcAddr = 0xfffffff057777000
- [*] kernel_proc_struct_addr = 0xfffffff0108b5b00
- [*] kernel_ucred_struct_addr = 0xfffffff055d19560
- [*] kernelCredAddr = 0xfffffff055d19560
- [*] Shenanigans = 0xfffffff055d19560
- [*] orig_creds = 0xfffffff056ea9d00
- [*] myOriginalCredAddr = 0xfffffff056ea9d00
- [*] task_struct_addr = 0xfffffff058d4c000
- [*] Successfully escaped Sandbox.
- [*] STATUS: Exploiting (7/37)
- [*] Setting HSP4 as TFP0...
- [*] kernel_task_kaddr = 0xfffffff055a3d840
- [*] proc_struct_addr = 0xfffffff057777000
- [*] task_addr = 0xfffffff058d4c000
- [*] itk_space = 0xfffffff056eb9850
- [*] is_table = 0xfffffff0af01f000
- [*] port_addr = 0xfffffff057447b90
- [*] task self: 0xfffffff057447b90
- [*] port_addr = 0xfffffff059949000
- [*] port_addr = 0xfffffff0599491f8
- [*] remapped_task_addr = 0xfffffff0586b9840
- [*] port_addr = 0xfffffff008f17000
- [*] port_kaddr = 0xfffffff008f17000
- [*] port_addr = 0xfffffff008f17000
- [*] port_addr = 0xfffffff055a25998
- [*] Will set all_image_info_addr to: 0xfffffff00f004000
- [*] Setting all_image_info_addr...
- [*] Will set all_image_info_size to: 0x0000000008000000
- [*] Setting all_image_info_size...
- [*] Successfully set HSP4 as TFP0.
- [*] STATUS: Exploiting (8/37)
- [*] Unexporting kernel task port...
- [*] port_addr = 0xfffffff055a258f0
- [*] old host type: 0x80000003
- [*] Successfully unexported kernel task port.
- [*] STATUS: Exploiting (9/37)
- [*] Writing a test file to UserFS...
- [*] Successfully wrote a test file to UserFS.
- [*] STATUS: Exploiting (10/37)
- [*] Initializing kexecute...
- [*] got user client: 0x203307
- [*] port_addr = 0xfffffff05994bd48
- [*] Successfully initialized kexecute.
- [*] STATUS: Exploiting (11/37)
- [*] STATUS: Exploiting (12/37)
- [*] Unlocking nvram...
- [*] port_addr = 0xfffffff056f758b0
- [*] IODTNVRAM obj at 0xfffffff055a08720
- [*] vm_kernel_page_size: 1000
- [*] allocated address: fffffff0af103000
- [*] address to wire: fffffff0af104000
- [*] port_addr = 0xfffffff055a25998
- [*] port_addr = 0xfffffff0599492a0
- [*] Unlocked nvram
- [*] Successfully unlocked nvram.
- [*] runCommandv(1151) command: /usr/sbin/nvram "-p"
- [*] runCommandv(1151): com.apple.System.tz0-size 0x600000
- [*] runCommandv(1151): boot-args
- [*] runCommandv(1151): obliteration handle_message: Obliteration Complete%0a
- [*] runCommandv(1151): backlight-level 1556
- [*] runCommandv(1151): com.apple.System.boot-nonce 0x1111111111111111
- [*] runCommandv(1151): com.apple.System.sep.art 0%82%01%01%02%01%000%81%d9%02%03%06%ab%90%04%14C%befh;%cb%9e%1f%f8c%92%83%8ekw 8%ab%a6o%04%14%1a%e6E%c1/3%f7%bd%feLQ%99>%d9%81L%84%14w%b9%04%001%81%a3%c0%03%03L%d4%c2%03%03.~%c3%03%03%1d%0f%c8%05f%b4%80%b80%c9%05$%aaV5q%ca%05HlNgW%cb%06%00%99%96%cb%90y%cc%06%00%dc%caW%fb%86%cd%05[%bb%f7%adj%ce%06%00%8fU;%83%c7%cf%05x+U;%0b%d0%05%19%c5%f7%a4G%d1%05)S%d5%08%91%d2%06%00%802%fd?G%d3%06%00%fdih%b0R%d4%06%00%d6%aa%d4%dd%8c%d5%05pilu%b5%d6%05c%0e%e0%d2%89%d7%06%00%b2$%b4%a9U%d8%05B%a6%0e%cc%c5%d9%06%00%b1%fa%8e%1c%82%da%06%00%8a%c1p%f6%fc%db%04%012%072%04 %82{%16l%fb%1cB%be%19%ca9_6%1df%b8Z%18%83%fdYg%a8%d6E%f3*%dd%e5%11%a7%97
- [*] runCommandv(1151): com.apple.System.fp-state %00%00%00%00R%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
- [*] runCommandv(1151): auto-boot true
- [*] runCommandv(1151): oblit-begins OblitType: ObliterateDataPartition. Reason: unknown
- [*] runCommandv(1151) completed with exit status 0
- [*] runCommandv(1152) command: /usr/sbin/nvram "com.apple.System.boot-nonce"
- [*] runCommandv(1152): com.apple.System.boot-nonce 0x1111111111111111
- [*] runCommandv(1152) completed with exit status 0
- [*] runCommandv(1153) command: /usr/sbin/nvram "-p"
- [*] runCommandv(1153): com.apple.System.tz0-size 0x600000
- [*] runCommandv(1153): boot-args
- [*] runCommandv(1153): obliteration handle_message: Obliteration Complete%0a
- [*] runCommandv(1153): backlight-level 1556
- [*] runCommandv(1153): com.apple.System.boot-nonce 0x1111111111111111
- [*] runCommandv(1153): com.apple.System.sep.art 0%82%01%01%02%01%000%81%d9%02%03%06%ab%90%04%14C%befh;%cb%9e%1f%f8c%92%83%8ekw 8%ab%a6o%04%14%1a%e6E%c1/3%f7%bd%feLQ%99>%d9%81L%84%14w%b9%04%001%81%a3%c0%03%03L%d4%c2%03%03.~%c3%03%03%1d%0f%c8%05f%b4%80%b80%c9%05$%aaV5q%ca%05HlNgW%cb%06%00%99%96%cb%90y%cc%06%00%dc%caW%fb%86%cd%05[%bb%f7%adj%ce%06%00%8fU;%83%c7%cf%05x+U;%0b%d0%05%19%c5%f7%a4G%d1%05)S%d5%08%91%d2%06%00%802%fd?G%d3%06%00%fdih%b0R%d4%06%00%d6%aa%d4%dd%8c%d5%05pilu%b5%d6%05c%0e%e0%d2%89%d7%06%00%b2$%b4%a9U%d8%05B%a6%0e%cc%c5%d9%06%00%b1%fa%8e%1c%82%da%06%00%8a%c1p%f6%fc%db%04%012%072%04 %82{%16l%fb%1cB%be%19%ca9_6%1df%b8Z%18%83%fdYg%a8%d6E%f3*%dd%e5%11%a7%97
- [*] runCommandv(1153): com.apple.System.fp-state %00%00%00%00R%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
- [*] runCommandv(1153): auto-boot true
- [*] runCommandv(1153): oblit-begins OblitType: ObliterateDataPartition. Reason: unknown
- [*] runCommandv(1153) completed with exit status 0
- [*] Locking nvram...
- [*] Locked nvram
- [*] Successfully locked nvram.
- [*] STATUS: Exploiting (13/37)
- [*] Logging slide...
- [*] Successfully logged slide.
- [*] STATUS: Exploiting (14/37)
- [*] Logging ECID...
- [*] modifyPlist: Will modify plist: /var/mobile/Containers/Data/Application/38CA42F0-17E7-4B48-B4A0-CC0C8B5152BF/Library/Preferences/science.xnu.undecimus.plist
- [*] modifyPlist: Success
- [*] Successfully logged ECID.
- [*] STATUS: Exploiting (15/37)
- [*] Enabling Auto Updates...
- [*] modifyPlist: Will modify plist: /var/mobile/Library/Preferences/com.apple.Preferences.plist
- [*] modifyPlist: Writing to file: /var/mobile/Library/Preferences/com.apple.Preferences.plist
- [*] modifyPlist: Success
- [*] STATUS: Exploiting (16/37)
- [*] Remounting RootFS...
- fs_snapshot_list: Invalid argument
- [*] runCommandv(1154) command: /sbin/mount
- [*] runCommandv(1154): com.apple.os.update-43BE66683BCB9E1FF86392838E6B772038ABA66F@/dev/disk0s1s1 on / (apfs, local, nosuid, read-only, journaled, noatime)
- [*] runCommandv(1154): devfs on /dev (devfs, local, nosuid, nobrowse)
- [*] runCommandv(1154): /dev/disk0s1s2 on /private/var (apfs, local, nodev, nosuid, journaled, noatime, protect)
- [*] runCommandv(1154) completed with exit status 0
- [*] Clearing dev vnode's si_flags...
- [*] zone_map_ref: fffffff010872948
- [*] zone_map: fffffff05464c598
- [*] zm_range: 0xfffffff055800000 - 0xfffffff06b02d000 (read 0x20, exp 0x20)
- [*] devVnode = 0xfffffff056233960
- [*] v_specinfo = 0xfffffff056235128
- [*] si_flags = 0x0
- [*] Successfully cleared dev vnode's si_flags.
- [*] Mounting RootFS...
- [*] runCommandv(1155) command: /sbin/mount_apfs "/dev/disk0s1s1" "/private/var/tmp/jb/mnt1"
- [*] procStructAddr = 0xfffffff056dcd3f8
- [*] orig_creds = 0xfffffff056ea9520
- [*] runCommandv(1155) completed with exit status 0
- [*] runCommandv(1156) command: /sbin/mount
- [*] runCommandv(1156): com.apple.os.update-43BE66683BCB9E1FF86392838E6B772038ABA66F@/dev/disk0s1s1 on / (apfs, local, nosuid, read-only, journaled, noatime)
- [*] runCommandv(1156): devfs on /dev (devfs, local, nosuid, nobrowse)
- [*] runCommandv(1156): /dev/disk0s1s2 on /private/var (apfs, local, nodev, nosuid, journaled, noatime, protect)
- [*] runCommandv(1156): /dev/disk0s1s1 on /private/var/tmp/jb/mnt1 (apfs, local, nosuid, journaled, noatime)
- [*] runCommandv(1156) completed with exit status 0
- [*] Successfully mounted RootFS.
- [*] Renaming system snapshot...
- [*] Snapshots on newly mounted RootFS:
- [*] orig-fs
- [*] com.apple.os.update-43BE66683BCB9E1FF86392838E6B772038ABA66F
- [*] rvpp_ptr = 0xfffffff009ada000
- [*] sdvpp_ptr = 0xfffffff009adc000
- [*] ndp_buf = 0xfffffff009aef000
- [*] vfs_context = 0xfffffff059052288
- [*] sdvpp = 0xfffffff057506b40
- [*] sdvpp_v_mount = 0xfffffff055f16400
- [*] sdvpp_v_mount_mnt_data = 0xfffffff000ada000
- [*] snap_meta_ptr = 0xfffffff009af0000
- [*] old_name_ptr = 0xfffffff009f7b000
- [*] ndp_old_name_len = 0x3c
- [*] ndp_old_name = 0xfffffff009aef048
- [*] snap_meta = 0xfffffff059af3700
- [*] snap_vnode = 0xfffffff057944a50
- [*] system_snapshot_vnode = 0xfffffff057944a50
- [*] system_snapshot_vnode_v_data = 0xfffffff058447780
- [*] system_snapshot_vnode_v_data_flag = 0x40
- [*] __assert(17:fs_snapshot_rename(rootfd, systemSnapshot, origfs, 0) == ERR_SUCCESS)@JailbreakViewController.m:1177[jailbreak]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
