IOSurface exploit
License: MIT License
IOSurface exploit.
Gets tfp0, works on all devices on 10.3.3 or lower.
Offsets included only for iPod 6G and and iPhone 5/5c on 10.3.3 though.
With Xcode:
make
Without Xcode/macOS you'll at least want to point IGCC and STRIP to tools that can handle Mach-O's and build for iOS. You might also have to adjust ARCH and IGCC_FLAGS.
Here.
Someone could write a small guide on how to compile the ipa with Xcode? I would be very grateful
when i start it on my iphone 6s it says
2017-12-09 04:02:29.812068+0300 qwer[251:5489] service: e03
2017-12-09 04:02:29.813420+0300 qwer[251:5489] client: 1503, (os/kern) successful
2017-12-09 04:02:29.813760+0300 qwer[251:5489] newSurface: (os/kern) successful
2017-12-09 04:02:29.818553+0300 qwer[251:5489] realport: 1603
2017-12-09 04:02:29.818719+0300 qwer[251:5489] port: 101703
2017-12-09 04:02:29.818867+0300 qwer[251:5489] mach_port_insert_right: (os/kern) successful
2017-12-09 04:02:29.819038+0300 qwer[251:5489] mach_ports_register: (os/kern) successful
2017-12-09 04:02:29.819252+0300 qwer[251:5489] herp derp
2017-12-09 04:02:29.920514+0300 qwer[251:5489] mach_ports_register: (os/kern) successful
2017-12-09 04:02:29.937891+0300 qwer[251:5489] mach_zone_force_gc: (os/kern) successful
2017-12-09 04:02:30.227082+0300 qwer[251:5489] mach_port_get_context: 0x300002ff00000011, (os/kern) successful
2017-12-09 04:02:30.227658+0300 qwer[251:5489] setValue(767): (os/kern) successful
2017-12-09 04:02:30.227984+0300 qwer[251:5489] mach_port_request_notification: 0, (os/kern) successful
2017-12-09 04:02:30.228318+0300 qwer[251:5489] getValue(767): 0x1010 bytes, (os/kern) successful
2017-12-09 04:02:30.228608+0300 qwer[251:5489] Failed to leak realport pointer
Hi! Thanks for awersome project! I have some troubles. I've tried to compile your code via XCode, but linker has error
That's log:
Ld /Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Products/Debug/vert normal x86_64
cd /Users/user/XcodeProjects/vert
export MACOSX_DEPLOYMENT_TARGET=10.13
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -arch x86_64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk -L/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Products/Debug -F/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Products/Debug -filelist /Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/vert.LinkFileList -mmacosx-version-min=10.13 -Xlinker -object_path_lto -Xlinker /Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/vert_lto.o -Xlinker -export_dynamic -Xlinker -no_deduplicate -fobjc-arc -fobjc-link-runtime -Xlinker -dependency_info -Xlinker /Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/vert_dependency_info.dat -o /Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Products/Debug/vert
duplicate symbol _v0rtex in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
duplicate symbol _IOSURFACE_SET_VALUE in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
duplicate symbol _IOSURFACE_GET_VALUE in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
duplicate symbol _IOSURFACE_DELETE_VALUE in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
duplicate symbol _CRF_MAC_ENFORCE in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
duplicate symbol _IOSURFACE_CREATE_SURFACE in:
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/v0rtex.o
/Users/user/Library/Developer/Xcode/DerivedData/vert-covhzykdkdvdkeeamfapcddanggw/Build/Intermediates.noindex/vert.build/Debug/vert.build/Objects-normal/x86_64/main.o
ld: 6 duplicate symbols for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
can you help me?
Hello, Siguza.
According to the information on the internet, you and tihmstar have ported v0rtex to 32bit devices. Are you planing to open source the 32bit port of v0rtex?
Happy Winter Holidays :)
`[*] Welcome to Saigon
[INFO]: machine: iPhone6,1
[INFO]: build: 14D27
[INFO]: sysname: Darwin
[INFO]: nodename: iPhone
[INFO]: release: 16.3.0
[INFO]: version: Darwin Kernel Version 16.3.0: Thu Dec 15 22:41:46 PST 2016; root:xnu-3789.42.2~1/RELEASE_ARM64_S5L8960X
[INFO]: machine: iPhone6,1
[INFO]: Detected RELEASE_ARM64_S5L8960X
2017-12-09 20:15:37.905739 Saigon[227:5003] service: 630f
2017-12-09 20:15:37.909739 Saigon[227:5003] client: 640b, (os/kern) successful
2017-12-09 20:15:37.910463 Saigon[227:5003] newSurface: (os/kern) successful
2017-12-09 20:15:37.931396 Saigon[227:5003] realport: 6503
2017-12-09 20:15:37.931550 Saigon[227:5003] port: 106603
2017-12-09 20:15:37.932140 Saigon[227:5003] mach_port_insert_right: (os/kern) successful
2017-12-09 20:15:37.932455 Saigon[227:5003] mach_ports_register: (os/kern) successful
2017-12-09 20:15:37.932801 Saigon[227:5003] herp derp
2017-12-09 20:15:38.038461 Saigon[227:5003] mach_ports_register: (os/kern) successful
2017-12-09 20:15:38.073670 Saigon[227:5003] mach_zone_force_gc: (os/kern) successful
2017-12-09 20:15:38.837326 Saigon[227:5003] mach_port_get_context: 0x200000b000000000, (os/kern) successful
2017-12-09 20:15:38.837681 Saigon[227:5003] setValue(176): (os/kern) successful
2017-12-09 20:15:38.838034 Saigon[227:5003] mach_port_request_notification: 0, (os/kern) successful
2017-12-09 20:15:38.838366 Saigon[227:5003] getValue(176): 0x1010 bytes, (os/kern) successful
2017-12-09 20:15:38.838445 Saigon[227:5003] realport addr: 0xfffffff11b62ff40
2017-12-09 20:15:38.838760 Saigon[227:5003] setValue(176): (os/kern) successful
2017-12-09 20:15:38.838966 Saigon[227:5003] itk_space: 0xfffffff11ad3c3f0
2017-12-09 20:15:38.839105 Saigon[227:5003] is_task: 0xfffffff11ae3a000
2017-12-09 20:15:38.839251 Saigon[227:5003] self_proc: 0xfffffff11a430c18
2017-12-09 20:15:38.839295 Saigon[227:5003] self_ucred: 0xfffffff11b61b480
2017-12-09 20:15:38.839327 Saigon[227:5003] IOSurfaceRootUserClient port: 0xfffffff11b1af738
2017-12-09 20:15:38.839422 Saigon[227:5003] IOSurfaceRootUserClient addr: 0xfffffff11aca1a00
2017-12-09 20:15:38.839492 Saigon[227:5003] IOSurfaceRootUserClient vtab: 0xfffffff01752ca20
2017-12-09 20:15:38.839523 Saigon[227:5003] slide: 0x10639ca8
[*] starting Triple Fetch
invocation_size: 85, shm_size: 8000
mapped shm port at: 1014b0000
[INFO]: shm_port: 640f - shm_size: 8000
started flipper thread
flipper arg: 0x1014b0040
original_q1: 0x41412279766d2240
replacement_q1: 0x41414179766d2240
original_q2: 0x0120204020414141
original_q3: 0x6573730022000000
replacement_q3: 0x0000000022414141
mapped fixed addr
found at: 1938cbe2c
target selector address: 1921807f2
stack pivot: 192354b78
found mach_msg epilogue gadget: 192279080
found mach_msg gadget: 19227900c
found at: 1921af944
[INFO]: Sent exploit message [0]
[INFO]: Sent exploit message [1]
[INFO]: Sent exploit message [2]
[INFO]: Sent exploit message [3]
[INFO]: Sent exploit message [4]
[INFO]: Sent exploit message [5]
[INFO]: Sent exploit message [6]
[INFO]: Sent exploit message [7]
[INFO]: Sent exploit message [8]
[INFO]: Sent exploit message [9]
[INFO]: Got task port message
[INFO]: task port: 1407`
So using make only creates the ipa, how can i actually debug it?
I downloaded your git and complie file v0rtex.m
"xcrun -sdk iphoneos gcc v0rtex.m" -> This error :
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.0.sdk/usr/include/sys/cdefs.h:761:2: error: Unsupported architecture
#error Unsupported architecture
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.