Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] executing main
- [*] Untether attempt no. 2
- [*] leaking kernelbase...
- [*] kernelbase=0x8b201000
- [*] System="Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28Marijuan_ARM_S5L8940X"
- [*] Loaded offsets.json (filesize=309)
- [*] Found 16 jssytok_t elements in offsets.json
- [*] Parsed offsets.json
- [*] Found offsets in offsets.json
- [*] Loaded offsets:
- 0x31812c
- 0x31a934
- 0x1e170
- 0xd9848
- 0x403428
- 0xc76b4
- 0xd984a
- 0xc73e8
- 0x455844
- 0x3f6454
- 0xc7440
- 0x45717c
- 0xa4
- [*] initialized variables
- [-] Running insert_payload thread
- [*] SYS_open_extended fd=12
- [*] Got payload ptr: 0xa10614fc
- [*] Running exploit
- [*] Reading at kernelbase=0xfeedface
- [*] pipe test succeded
- [*] write test succeded
- [*] kernel pmap store @ 0x8b612028
- [*] kernel pmap tte is at VA 0x8c470000 PA 0x81270000
- [*] Every page is actually writable
- [*] pmap test succeded
- [*] Looking for pid: 312
- [*] Found my process (312): 0x816ff760
- [*] Found launchd (1): 0x80575950
- [*] Found kernel task (0): 0x8b652e40
- [*] Initial special port: 0x0000010b
- [*] Special port HACKED: 0x00002403 (PROOF: 0, 0!)
- [*] Snatched credentials: 0x8ba09554
- [*] Got tfp0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
