Public Pastes
daily pastebin goal
60%
SHARE
TWEET

Untitled

a guest Dec 17th, 2017 186 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // iPhone 6s Plus - 10.3.1
  2. #define FEEDFACF 0x1B5
  3. #define OFFSET_ZONE_MAP 0xFFFFFFF007548478 // search string \"zone_init: kmem_suballoc failed\" then xref twice
  4. #define OFFSET_KERNEL_MAP 0xFFFFFFF0075A4050 // _kernel_map (exports)
  5. #define OFFSET_KERNEL_TASK 0xFFFFFFF0075A4048 // _kernel_task (exports)
  6. #define OFFSET_REALHOST 0xFFFFFFF00752ABA0 // qword to right of _host_priv_self (add x0,x0)
  7. #define OFFSET_BZERO 0xFFFFFFF007081F80 // _bzero (exports)
  8. #define OFFSET_BCOPY 0xFFFFFFF007081DC0 // _obvcopy (exports)
  9. #define OFFSET_COPYIN 0xFFFFFFF007180720 // _copyin (exports)
  10. #define OFFSET_COPYOUT 0xFFFFFFF007180914 // _copyout (exports)
  11. #define OFFSET_IPC_PORT_ALLOC_SPECIAL 0xFFFFFFF007099EFC //string \"ipc_host_init\" then xref twice (1st sub)
  12. #define OFFSET_IPC_KOBJECT_SET 0xFFFFFFF0070AD154 //string \"ipc_host_init\" then xref twice (2nd sub)
  13. #define OFFSET_IPC_PORT_MAKE_SEND 0xFFFFFFF007099A20 //string \"ipc_host_init\" then xref twice (3rd sub)
  14. #define OFFSET_IOSURFACEROOTUSERCLIENT_VTAB 0xFFFFFFF0060740F2 // (IOSurface + 0x1030) (use radare2)
  15. #define OFFSET_ROP_ADD_X0_X0_0x10 0xfffffff006465174 //rop gadget (use radare2)
  16.  
  17. // iPhone 6 Plus - 10.3.1
  18. #define FEEDFACF 0x1B5
  19. #define OFFSET_ZONE_MAP 0xFFFFFFF007558478 // search string \"zone_init: kmem_suballoc failed\" then xref twice
  20. #define OFFSET_KERNEL_MAP 0xFFFFFFF0075B4050 // _kernel_map (exports)
  21. #define OFFSET_KERNEL_TASK 0xFFFFFFF0075B4048 // _kernel_task (exports)
  22. #define OFFSET_REALHOST 0xFFFFFFF00753ABA0 // qword to right of _host_priv_self (add x0,x0)
  23. #define OFFSET_BZERO 0xFFFFFFF00708DF80 // _bzero (exports)
  24. #define OFFSET_BCOPY 0xFFFFFFF00708DDC0 // _obvcopy (exports)
  25. #define OFFSET_COPYIN 0xFFFFFFF00718D3A8 // _copyin (exports)
  26. #define OFFSET_COPYOUT 0xFFFFFFF00718D59C // _copyout (exports)
  27. #define OFFSET_IPC_PORT_ALLOC_SPECIAL 0xFFFFFFF0070A611C //string \"ipc_host_init\" then xref twice (1st sub)
  28. #define OFFSET_IPC_KOBJECT_SET 0xFFFFFFF0070B9374 //string \"ipc_host_init\" then xref twice (2nd sub)
  29. #define OFFSET_IPC_PORT_MAKE_SEND 0xFFFFFFF0070A5C40 //string \"ipc_host_init\" then xref twice (3rd sub)
  30. #define OFFSET_IOSURFACEROOTUSERCLIENT_VTAB 0xFFFFFFF006EEE1B8 // (IOSurface + 0x1030) (use radare2)
  31. #define OFFSET_ROP_ADD_X0_X0_0x10 0xfffffff0064b5174 //rop gadget (use radare2)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top