yalu102
yalu102 copied to clipboard
kpwn
Apple Mach-O Linker Error
I read the issue posting guidelines.
Hello people, after fixing issues with IOKit (I had to change stuff like #import <IOKit/IOKitlib.h> to #import "IOKit/IOKitlib.h") I am now encountering 27 errors called Mach-O linker error, i.e ""_whole_dump" referenced from: Jailbreak.o in _exploit"
Now, i have already gone through all the issues with Mach-O in them, and have had no luck. I have changed the architechture to arm64 and all the other things mentioned with no luck at all.
@P0siti0n45 I am trying to modify and tweak the jailbreak so the precompiled IPA isn't going to be of much use
Attempting (Take note of the operative word "attempting") to make it fully untethered.
And I should also mention that I did have trouble when importing IOKit I had trouble so I just dragged the folder (Not a .framework) into the frameworks folder of xcode
I'll send you mine, you will need to change paths probably but it compiles
Anything new @bob-2017 @uspasojevic96 let me know as soon as possible also @uspasojevic96 is yours a untethered as then fully untethered version of Yalu102?
Untethering doesn't work like that. You make a Cydia package that pre-patches the kernel and runs the exploit on each boot
Hello @uspasojevic96 , sorry for the late response, i got a bit caught up in life. If you could send me your copy that would be GREAT. Thanks
Hey so @bob-2017 do you have something like a bootrom exploit to patch the Kernel upon boot?
Also @uspaojevic96 would you please send us your copy of Yalu102 and the source code and compiled IPA and is it a fully untethered? Even if it's not I'd still like to have it to look at please and use thanks!
@bob-2017 @uspasojevic96 @king4q No one here has an idea of what they're talking about. You, the bob guy, if you can't add headers to a project you clearly don't even know what an untether is. And just so you know you don't have to modify (or "tweak") the application for an untether. You clearly have no idea of what your talking about
I know what am i talking about, there needs to be exploit that can be ran during boot, meaning that there needs to be some sort of injection into kernel when its jailbroken, but that is impossible due to Apple having enhanced protection for kernelspace, the way this exploit works is by manipulating hanging pointer bug until you have enough hanging pointers from IPC, the offsets are needed so it can be decided where they start
@jakeajames When I make stuff in c++ and i import the headers, IT IMPORTS. When I do the same in python with librarys, IT IMPORTS. When I do it in swift with frameworks, IT IMPORTS. Now, with objective-C, I am not saying that I am amazing at it but I have got a decent knowledge and I can learn fast. If I made a mistake, THEN SO BE IT. I am a human, and humans make mistakes. And I do know what an untether is, it is when a jailbroken device can power off and on at will without losing the jailbreak. This bit here:
struct load_command* lc = vmk+1;
for (int k=0; k < vmk->ncmds; k++) {
if (lc->cmd == LC_SEGMENT_64) {
struct segment_command_64* sg = lc;
NSLog(@"seg: %s", sg->segname);
if (sg->vmaddr < min) {
min = sg->vmaddr;
}
if (sg->vmaddr + sg->vmsize > max) {
max = sg->vmaddr+sg->vmsize;
}
}
lc = ((char*)lc) + lc->cmdsize;
}
NSLog(@"%llx - %llx", min, max);
char* kdump = malloc(max-min);
Is the bit that creates the pointers, isn't it?
The malloc(max-min) at the end allocates the pointers between the maximum and minimum memory addresses (i.e. between 0x00000 and 0x0F67A).
So don't say that I don't know what I am talking about because I do have a decent knowledge about it
@bob-2017 keep up the good work hope you do this and make it more stable for Air 2 users and iPad mini 4 users
Any way I can get a copy of that copy, I'm getting the linker error too @bob-2017 @uspasojevic96
Oh and also seeing that Ian beer made that exploit, everything should be much easier