Make the exploit work on i6S and make it slightly faster on others

[sbingner]

On i6S the gc detection threshold is not hit before memory exhaustion. This fixes that by making it more intelligent and more sensitive.

[PsychoTea]

Could you remove the LOG message on ln243? Thanks

[timwr]

@sbinger what version of the iPhone 6S did you test this on? On 11.0.3 I can only get as far as this:

Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[main] log works
Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[get_offsets] kernel: Darwin Kernel Version 17.0.0: Fri Sep  1 14:59:17 PDT 2017; root:xnu-4570.2.5~167/RELEASE_ARM64_S8000
Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[exploit] page size: 0x4000, (os/kern) successful
Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[exploit] client: 1407, (os/kern) successful
Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[exploit] surface ID: 0x8
Apr  2 17:23:15 iPhone-6S hellotest[204] <Notice>: LOG[exploit] total pipes created: 1280
Apr  2 17:23:16 iPhone-6S hellotest[204] <Notice>: LOG[trigger_gc_please] got gc at 18 -- breaking
Apr  2 17:23:17 iPhone-6S hellotest[204] <Notice>: LOG[exploit] port: 101607
Apr  2 17:23:17 iPhone-6S hellotest[204] <Notice>: LOG[exploit] WE REALLY POSTED UP ON THIS BLOCK -- part 1 of #alwaysstayposted
Apr  2 17:23:17 iPhone-6S hellotest[204] <Notice>: LOG[exploit] getting responses...
Apr  2 17:23:36 iPhone-6S hellotest[204] <Notice>: LOG[exploit] failed to find the target voucher :-(

That said I'm not sure I've got the offsets correct...

[timwr]

To be honest, async_wake works pretty reliably, I think I'll just stick to that < 11.2