/memctl-physmem-core

A memctl core that uses the physmem exploit.

Primary LanguageCMIT LicenseMIT

memctl-physmem-core

memctl-physmem-core is a memctl core for macOS up to version 10.12.1 that leverages the physmem vulnerability to access the kernel task port. It will not work on macOS 10.12.2 or newer.

Building

To build memctl using this core:

$ git clone https://github.com/bazad/memctl
$ cd memctl
$ git clone https://github.com/bazad/memctl-physmem-core
$ ln -s memctl-physmem-core core
$ cd memctl-physmem-core
$ make MACOSX_DEPLOYMENT_TARGET=10.12.1
$ cd ..
$ make ARCH=x86_64 SDK=macosx

Running

You can run memctl without any arguments to drop into a REPL:

$ bin/memctl
memctl> fc AppleMobileFileIntegrity
setting up kernel function call...
0xffffff803485d0a0
memctl> 

License

memctl-physmem-core is released under the MIT license.