Offset missing on 6s plus, 10.0

Question

Offset missing on 6s plus, 10.0

judge2020 opened this issue 8 years ago · 23 comments

judge2020 commented 8 years ago

I read the issue posting guidelines. This is an issue regarding the actual Yalu process.

Device model: iPhone 8,2
Device info: iPhone 6s Plus on iOS 10.0
Method of install: Both impactor and manual build
Certificate: Paid developer account personal team

Issue:

~~When opening yalu I see a strange message detailing that the app is not compatible with 64-bit devices. Strange because the app was exclusively built for 64-bit devices.~~

When dismissing the notification and then clicking "go" it then hangs there. I can still go to app switcher and close Yalu, however, the jailbreak does not complete.

Answer 1 · 2017-02-13T14:21:26.000Z

Looks like the offset is missing for the 6s plus 10.0. Is there a way I could find an offset myself or should I wait for someone else to contribute it?

sysname: Darwin
nodename: huntes-iPhone
release: 16.0.0
version: Darwin Kernel Version 16.0.0: Wed Jul 27 19:44:34 PDT 2016; root:xnu-3789.1.4.2.1~2/RELEASE_ARM64_S8000
machine: iPhone8,2
--> missing offset, prob crashing

Thanks for any help.

Answer 2 · 2017-02-13T15:02:54.000Z

Strange because the app was exclusively built for 64-bit devices.

no the project was build for armv7

all offsets are there why would anyone use ios beta ..

Answer 3 · 2017-02-13T15:55:53.000Z

Oh ok, I recently received this phone from a relative so I wasn't aware it was on beta 4. Which offset is the 6s plus 10.0 I should try to see if it works on beta 4?

Answer 4 · 2017-02-13T16:49:17.000Z

I'll find the correct offsets right now.

Answer 5 · 2017-02-13T17:52:31.000Z

Sorry it's taking so long; in school right now.

Answer 6 · 2017-02-13T17:52:47.000Z

No that's completely fine. Take your time.

Answer 7 · 2017-02-13T17:54:55.000Z

But, I have opened a decompressed iOS 10 beta 4 kernelcache in Hopper, so I should be done soon. :)

Answer 8 · 2017-02-13T18:15:44.000Z

Use this exploit.c: https://gist.github.com/OothecaPickleGNUrmsTUXFSF/c19f947ff3cb3c94445b071666ad8eda

Answer 9 · 2017-02-13T19:06:34.000Z

Let me know if this works. :)

Answer 10 · 2017-02-13T22:43:46.000Z

2017-02-13 17:43:22.113904 yalu102[813:199138] found corruption 38103

or 38203

btw, i put that into offsets.c, not exploit.c. this is off of the main branch.

Answer 11 · 2017-02-13T23:01:20.000Z

Did it work? ; you edited your comment.

Answer 12 · 2017-02-13T23:41:42.000Z

Try my fork: https://github.com/OothecaPickleGNUrmsTUXFSF/yalu102

Answer 13 · 2017-02-15T00:27:16.000Z

Any time while trying the offsets the debug log is "corruption found 19103"

Answer 14 · 2017-02-15T02:54:58.000Z

It means the offsets are incorrect. Send me the kernel and I'll give the correct offsets. Also, this issue should be closed because its not an issue with yalu itself.

Answer 15 · 2017-02-15T03:29:10.000Z

Nevermind, your offsets were correct.

This issue should be closed then, especially because the OP is using a beta.

Answer 16 · 2017-02-15T03:32:43.000Z

@jtv7 Could this be an issue with hard-coded offsets, though?

Answer 17 · 2017-02-15T03:37:14.000Z

@OothecaPickleGNUrmsTUXFSF I doubt it, especially because it works on such a large range of iOS versions. The OP might be building something incorrectly.

Answer 18 · 2017-02-15T03:38:39.000Z

Alright, thanks. :)

Answer 19 · 2017-02-15T18:23:15.000Z

sorry for this then. thanks for all the help.

Answer 20 · 2017-03-23T12:14:43.000Z

Sorry this is such an old issue, I made a screen cap of trying to do this https://youtu.be/8l6y5QDGwYQ.

Answer 21 · 2017-06-12T05:18:04.000Z

@judge2020 is this device still on iOS 10 beta 4? if so i have something for you to try. :)

Answer 22 · 2017-06-12T10:55:34.000Z

Darn @OothecaPickle, sorry. Updated to 11.0.

Answer 23 · 2017-06-12T13:22:55.000Z

@judge2020 oh, never mind then :(