Siguza/cl0ver

Unsupported device: iPad Air 1 (J71AP) / iOS 9.0.2 (13A452)

HiddenUnkn0wn opened this issue · 24 comments

Hmm... that's even further below the kernel text base... have you tried in airplane mode? :/

That was in airplane mode

Want me to post other ones?

Yes, the one above is not usable I'm afraid.
I can't say for sure, but I think I'm seeing a trend of "too-low" values with iPads here...

I'm moving some information by @brymonster from issue #17 here:
It is basically confirmed now that your config values should be:

0xffffff800453e000
0xffffff80044f7168

But also see my comment over at issue 30, as J71AP and J72AP will most likely have the same kernel.

For @brymonster and your broken config: I'm not sure you're getting notifications here, but if you do, try running this:

echo -e '0xffffff800453e000\n0xffffff80044f7168' >/etc/cl0ver/config.txt;

Thank u. sorry for making a mess posting in the wrong issue.
ran the echo cmd.
double checked the config values.
./clover crashes my device. doesnt seem it got finish.. but idk.
output.txt
output 2.txt

@brymonster Then delete the file /etc/cl0ver/offsets.dat and try running ./clover dump instead (this is likely to crash, you'll have to try a couple of times probably).

I'm experimenting with a new technique... could you try dumping with this build please?

do u need the panic log from this as well?
newbuild dump.txt

Okay, @TwentyFour-24 got through on another model of the iPad Air. Could you try any see if maybe these offsets work for you?

I'm sorry @Siguza for taking so long I've been extremely busy. I will start trying the offsets

The offsets did not work for me it still shows the same unsupported device/os combination when i do ./cl0ver slide and ./cl0ver. i used the offsets in the chart you put next to iPad air. Do you want me to do a dump?

Well no, they sure won't work alone, but maybe together with the config values I posted previously:

0xffffff800453e000
0xffffff80044f7168

I'm sorry for asking such a stupid question but how would I go about putting to use the config values

Create a text file at /etc/cl0ver/config.txt and fill it with what I posted.

[] Installing host_special_port(4) patch... [src/lib/exploit.c:114 patch_host_special_port_4]
[
] Kernel task address: 0xffffff8000891b60 [src/lib/exploit.c:130 patch_host_special_port_4]
[] Kernel task port address: 0xffffff8000880b80 [src/lib/exploit.c:139 patch_host_special_port_4]
[
] Successfully installed patch [src/lib/exploit.c:168 patch_host_special_port_4]

It worked thanks! :)

Should I also try those offsets?

@brymonster if you have the same device and iOS version, they're bound to work.

@HiddenUnkn0wn 209b82f Merged. :)

This should be resolved, so I'm closing this ticket.

ok ill run it as soon as i have time.
slide? dump? whats recommended?

./cl0ver, no arguments.

[] TODO: fix ROP to return 0 [src/lib/exploit.c:100 get_kernel_task]
[
] Got kernel task [src/lib/exploit.c:107 get_kernel_task]
[] Installing host_special_port(4) patch... [src/lib/exploit.c:114 patch_host_special_port_4]
[
] Kernel task address: 0xffffff8117830b60 [src/lib/exploit.c:130 patch_host_special_port_4]
[] Kernel task port address: 0xffffff811781fb80 [src/lib/exploit.c:139 patch_host_special_port_4]
[
] Successfully installed patch [src/lib/exploit.c:168 patch_host_special_port_4]
thank you. your the man.
..now to update to 10.2

Hallo i have Unsupported device: iPad Air 2 (J82AP) / iOS 9.0.2 (13A452) I have Jailbreak, I want to use Prometheus And upgrade to ios 10 or 11, I have a problem with no danger Enable tfp0 on iOS 9 Jailbreak. Where to profit offset for the Ipad Air 2 cellular. iPad Air 2 (J82AP)
thank you veru much for help me. sorry my engli