Skip to content

Instantly share code, notes, and snippets.

@devbug

devbug/offsets.c

Forked from uroboro/offsets.c
Last active December 19, 2016 05:11
Download ZIP

Revisions

  1. devbug revised this gist Dec 19, 2016. 1 changed file with 12 additions and 12 deletions.
    24 changes: 12 additions & 12 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -133,21 +133,21 @@ void init_offsets() {

    #pragma mark - iDevice

    # define check_iOS_AP(v, name) \
    if (strstr(u.version, #name)) { \
    printf("device %s matched\n", u.machine); \
    init_iOS_ ## v ## name(); \
    return; \
    }

    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64")) {
    init_arm64_10_1_1();

    # define check_iOS_10_1_1_AP(name) \
    if (strstr(u.version, #name)) { \
    printf("device %s matched\n", u.machine); \
    init_iOS_10_1_1 ## name(); \
    return; \
    }

    check_iOS_10_1_1_AP(_S5L8960X);
    check_iOS_10_1_1_AP(_T7000);
    check_iOS_10_1_1_AP(_T7001);
    check_iOS_10_1_1_AP(_S8000);
    check_iOS_10_1_1_AP(_T8010);
    check_iOS_AP(10_1_1, _S5L8960X);
    check_iOS_AP(10_1_1, _T7000);
    check_iOS_AP(10_1_1, _T7001);
    check_iOS_AP(10_1_1, _S8000);
    check_iOS_AP(10_1_1, _T8010);
    }

    printf("don't recognize this platform\n");
  2. devbug revised this gist Dec 19, 2016. 1 changed file with 18 additions and 18 deletions.
    36 changes: 18 additions & 18 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -35,7 +35,7 @@ uint64_t struct_ipc_port_ip_kobject_offset;

    #pragma mark - arm64

    void init_arm64() {
    void init_arm64_10_1_1() {
    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    @@ -82,23 +82,23 @@ void init_macos_10_12_1() {

    #pragma mark - iOS

    #define init_iOS_S5L8960X() { \
    #define init_iOS_10_1_1_S5L8960X() { \
    allproc_offset = 0x5a4128; \
    kernproc_offset = 0x5aa0e0; \
    }
    #define init_iOS_T7000() { \
    #define init_iOS_10_1_1_T7000() { \
    allproc_offset = 0x5b4168; \
    kernproc_offset = 0x5ba0e0; \
    }
    #define init_iOS_T7001() { \
    #define init_iOS_10_1_1_T7001() { \
    allproc_offset = 0x5b4228; \
    kernproc_offset = 0x5ba0e0; \
    }
    #define init_iOS_S8000() { \
    #define init_iOS_10_1_1_S8000() { \
    allproc_offset = 0x5a4148; \
    kernproc_offset = 0x5aa0e0; \
    }
    #define init_iOS_T8010() { \
    #define init_iOS_10_1_1_T8010() { \
    allproc_offset = 0x5ec178; \
    kernproc_offset = 0x5f20e0; \
    }
    @@ -120,8 +120,8 @@ void init_offsets() {
    if (err == -1) {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_arm64();
    init_iOS_S5L8960X();
    init_arm64_10_1_1();
    init_iOS_10_1_1_S5L8960X();
    return;
    }

    @@ -134,24 +134,24 @@ void init_offsets() {
    #pragma mark - iDevice

    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64")) {
    init_arm64();
    init_arm64_10_1_1();

    # define check_iOS_AP(name) \
    # define check_iOS_10_1_1_AP(name) \
    if (strstr(u.version, #name)) { \
    printf("device %s matched\n", u.machine); \
    init_iOS ## name(); \
    init_iOS_10_1_1 ## name(); \
    return; \
    }

    check_iOS_AP(_S5L8960X);
    check_iOS_AP(_T7000);
    check_iOS_AP(_T7001);
    check_iOS_AP(_S8000);
    check_iOS_AP(_T8010);
    check_iOS_10_1_1_AP(_S5L8960X);
    check_iOS_10_1_1_AP(_T7000);
    check_iOS_10_1_1_AP(_T7001);
    check_iOS_10_1_1_AP(_S8000);
    check_iOS_10_1_1_AP(_T8010);
    }

    printf("don't recognize this platform\n");
    unknown_build();
    init_arm64();
    init_iOS_S5L8960X();
    init_arm64_10_1_1();
    init_iOS_10_1_1_S5L8960X();
    }
  3. devbug revised this gist Dec 19, 2016. 1 changed file with 6 additions and 6 deletions.
    12 changes: 6 additions & 6 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -136,18 +136,18 @@ void init_offsets() {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64")) {
    init_arm64();

    # define checkAP(name) \
    # define check_iOS_AP(name) \
    if (strstr(u.version, #name)) { \
    printf("device %s matched\n", u.machine); \
    init_iOS ## name(); \
    return; \
    }

    checkAP(_S5L8960X);
    checkAP(_T7000);
    checkAP(_T7001);
    checkAP(_S8000);
    checkAP(_T8010);
    check_iOS_AP(_S5L8960X);
    check_iOS_AP(_T7000);
    check_iOS_AP(_T7001);
    check_iOS_AP(_S8000);
    check_iOS_AP(_T8010);
    }

    printf("don't recognize this platform\n");
  4. devbug revised this gist Dec 19, 2016. 1 changed file with 11 additions and 24 deletions.
    35 changes: 11 additions & 24 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -136,31 +136,18 @@ void init_offsets() {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64")) {
    init_arm64();

    if (strstr(u.version, "_S5L8960X")) {
    printf("device %s matched\n", u.machine);
    init_iOS_S5L8960X();
    return;
    }
    else if (strstr(u.version, "_T7000")) {
    printf("device %s matched\n", u.machine);
    init_iOS_T7000();
    return;
    }
    else if (strstr(u.version, "_T7001")) {
    printf("device %s matched\n", u.machine);
    init_iOS_T7001();
    return;
    }
    else if (strstr(u.version, "_S8000")) {
    printf("device %s matched\n", u.machine);
    init_iOS_S8000();
    return;
    }
    else if (strstr(u.version, "_T8010")) {
    printf("device %s matched\n", u.machine);
    init_iOS_T8010();
    return;
    # define checkAP(name) \
    if (strstr(u.version, #name)) { \
    printf("device %s matched\n", u.machine); \
    init_iOS ## name(); \
    return; \
    }

    checkAP(_S5L8960X);
    checkAP(_T7000);
    checkAP(_T7001);
    checkAP(_S8000);
    checkAP(_T8010);
    }

    printf("don't recognize this platform\n");
  5. devbug revised this gist Dec 19, 2016. 1 changed file with 34 additions and 31 deletions.
    65 changes: 34 additions & 31 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -82,25 +82,25 @@ void init_macos_10_12_1() {

    #pragma mark - iOS

    void init_iOS_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    #define init_iOS_S5L8960X() { \
    allproc_offset = 0x5a4128; \
    kernproc_offset = 0x5aa0e0; \
    }
    void init_iOS_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    #define init_iOS_T7000() { \
    allproc_offset = 0x5b4168; \
    kernproc_offset = 0x5ba0e0; \
    }
    void init_iOS_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    #define init_iOS_T7001() { \
    allproc_offset = 0x5b4228; \
    kernproc_offset = 0x5ba0e0; \
    }
    void init_iOS_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    #define init_iOS_S8000() { \
    allproc_offset = 0x5a4148; \
    kernproc_offset = 0x5aa0e0; \
    }
    void init_iOS_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    #define init_iOS_T8010() { \
    allproc_offset = 0x5ec178; \
    kernproc_offset = 0x5f20e0; \
    }

    //here end
    @@ -115,7 +115,6 @@ void unknown_build() {
    #pragma mark - init_offsets

    void init_offsets() {
    void (*initializer)(void) = NULL;
    struct utsname u = { 0 };
    int err = uname(&u);
    if (err == -1) {
    @@ -138,30 +137,34 @@ void init_offsets() {
    init_arm64();

    if (strstr(u.version, "_S5L8960X")) {
    initializer = init_iOS_S5L8960X;
    printf("device %s matched\n", u.machine);
    init_iOS_S5L8960X();
    return;
    }
    else if (strstr(u.version, "_T7000")) {
    initializer = init_iOS_T7000;
    printf("device %s matched\n", u.machine);
    init_iOS_T7000();
    return;
    }
    else if (strstr(u.version, "_T7001")) {
    initializer = init_iOS_T7001;
    printf("device %s matched\n", u.machine);
    init_iOS_T7001();
    return;
    }
    else if (strstr(u.version, "_S8000")) {
    initializer = init_iOS_S8000;
    printf("device %s matched\n", u.machine);
    init_iOS_S8000();
    return;
    }
    else if (strstr(u.version, "_T8010")) {
    initializer = init_iOS_T8010;
    printf("device %s matched\n", u.machine);
    init_iOS_T8010();
    return;
    }
    }

    if (initializer == NULL) {
    printf("don't recognize this platform\n");
    unknown_build();
    init_arm64();
    init_iOS_S5L8960X();
    }
    else {
    printf("device %s matched\n", u.machine);
    initializer();
    }
    printf("don't recognize this platform\n");
    unknown_build();
    init_arm64();
    init_iOS_S5L8960X();
    }
  6. devbug revised this gist Dec 19, 2016. 1 changed file with 44 additions and 406 deletions.
    450 changes: 44 additions & 406 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -55,201 +55,52 @@ void init_arm64() {
    struct_ipc_port_ip_kobject_offset = 0x68;
    }

    #pragma mark - iPhone
    #pragma mark - macOS

    void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone6_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_2_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_3_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_4_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_macos_10_12_1() {
    printf("setting offsets for MacOS 10.12.1\n");
    allproc_offset = 0x8bb490;
    kernproc_offset = 0x8BA7D8;

    #pragma mark - iPod
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0xe8;
    struct_proc_p_comm_offset = 0x2e4;

    void init_iPod7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    struct_kauth_cred_cr_ref_offset = 0x10;

    #pragma mark - iPad
    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    void init_iPad4_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_5_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_6_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_7_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_7_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_7_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_9_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_9_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_9_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_1_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_2_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_3_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_3_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x18;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_3_S5L8960X() {

    #pragma mark - iOS

    void init_iOS_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_4_T7000() {
    void init_iOS_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_4_T7001() {
    void init_iOS_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_3_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_4_S8000() {
    void init_iOS_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_7_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_8_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    void init_iOS_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }

    //here end
    @@ -271,7 +122,7 @@ void init_offsets() {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_arm64();
    init_iPad4_3_S5L8960X();
    init_iOS_S5L8960X();
    return;
    }

    @@ -281,246 +132,33 @@ void init_offsets() {
    printf("version: %s\n", u.version);
    printf("machine: %s\n", u.machine);

    init_arm64();

    #pragma mark - iPhone

    if (strstr(u.machine, "iPhone6,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPhone6_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPhone6,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPhone6_2_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPhone7_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPhone7_1_S8000;
    }
    }

    else if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPhone7_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPhone7_2_S8000;
    }
    }

    else if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPhone8_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPhone8_1_S8000;
    }
    }

    else if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPhone8_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPhone8_2_S8000;
    }
    }

    else if (strstr(u.machine, "iPhone8,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPhone8_4_S8000;
    }
    }

    else if (strstr(u.machine, "iPhone9,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    initializer = init_iPhone9_1_T8010;
    }
    }

    else if (strstr(u.machine, "iPhone9,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    initializer = init_iPhone9_2_T8010;
    }
    }

    else if (strstr(u.machine, "iPhone9,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    initializer = init_iPhone9_3_T8010;
    }
    }

    else if (strstr(u.machine, "iPhone9,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    initializer = init_iPhone9_4_T8010;
    }
    }

    #pragma mark - iPod

    else if (strstr(u.machine, "iPod7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPod7_1_T7000;
    }
    }
    #pragma mark - iDevice

    #pragma mark - iPad

    else if (strstr(u.machine, "iPad4,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_2_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_3_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_4_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,5")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_5_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,6")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_6_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,7")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad4_7_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad4_7_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_7_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad4_8_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad4_8_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_8_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,9")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad4_9_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad4_9_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_9_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_1_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_2_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_2_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_3_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_3_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_3_S5L8960X;
    }
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64")) {
    init_arm64();

    else if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_4_T7000;
    if (strstr(u.version, "_S5L8960X")) {
    initializer = init_iOS_S5L8960X;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_4_T7001;
    else if (strstr(u.version, "_T7000")) {
    initializer = init_iOS_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_4_S5L8960X;
    else if (strstr(u.version, "_T7001")) {
    initializer = init_iOS_T7001;
    }
    }

    else if (strstr(u.machine, "iPad6,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPad6_3_S8000;
    else if (strstr(u.version, "_S8000")) {
    initializer = init_iOS_S8000;
    }
    }

    else if (strstr(u.machine, "iPad6,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPad6_4_S8000;
    }
    }

    else if (strstr(u.machine, "iPad6,7")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPad6_7_S8000;
    }
    }

    else if (strstr(u.machine, "iPad6,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPad6_8_S8000;
    else if (strstr(u.version, "_T8010")) {
    initializer = init_iOS_T8010;
    }
    }

    if (initializer == NULL) {
    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X();
    init_arm64();
    init_iOS_S5L8960X();
    }
    else {
    printf("device %s matched\n", u.machine);
  7. devbug revised this gist Dec 19, 2016. No changes.
  8. devbug revised this gist Dec 19, 2016. 1 changed file with 272 additions and 124 deletions.
    396 changes: 272 additions & 124 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -3,7 +3,7 @@
    #include <strings.h>
    #include <sys/utsname.h>

    //#include "offsets.h"
    #include "offsets.h"

    // offsets from the main kernel 0xfeedfacf
    uint64_t allproc_offset;
    @@ -41,17 +41,17 @@ void init_arm64() {
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }

    @@ -61,6 +61,10 @@ void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone6_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    @@ -101,6 +105,10 @@ void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_2_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_3_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    @@ -119,6 +127,14 @@ void init_iPod7_1_T7000() {

    #pragma mark - iPad

    void init_iPad4_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    @@ -127,6 +143,50 @@ void init_iPad4_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_5_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_6_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_7_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_7_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_7_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_8_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_9_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_9_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad4_9_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    @@ -139,7 +199,27 @@ void init_iPad5_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_4_S5L8960X() {
    void init_iPad5_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_2_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_2_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_3_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_3_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    @@ -151,6 +231,10 @@ void init_iPad5_4_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_3_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    @@ -159,6 +243,10 @@ void init_iPad6_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_7_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_8_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    @@ -176,206 +264,266 @@ void unknown_build() {
    #pragma mark - init_offsets

    void init_offsets() {
    void (*initializer)(void) = NULL;
    struct utsname u = { 0 };
    int err = uname(&u);
    if (err == -1) {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_arm64();
    init_iPad4_3_S5L8960X();
    return;
    }

    printf("sysname: %s\n", u.sysname);
    printf("nodename: %s\n", u.nodename);
    printf("release: %s\n", u.release);
    printf("version: %s\n", u.version);
    printf("machine: %s\n", u.machine);

    init_arm64();

    #pragma mark - iPhone

    if (strstr(u.machine, "iPhone6,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPhone6,1 matched\n");
    init_iPhone6_1_S5L8960X();
    return;
    initializer = init_iPhone6_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPhone6,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPhone6_2_S5L8960X;
    }
    }
    if (strstr(u.machine, "iPhone7,1")) {

    else if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_T7000();
    return;
    initializer = init_iPhone7_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_S8000();
    return;
    initializer = init_iPhone7_1_S8000;
    }
    }
    if (strstr(u.machine, "iPhone7,2")) {

    else if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_T7000();
    return;
    initializer = init_iPhone7_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_S8000();
    return;
    initializer = init_iPhone7_2_S8000;
    }
    }
    if (strstr(u.machine, "iPhone8,1")) {

    else if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_T7000();
    return;
    initializer = init_iPhone8_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_S8000();
    return;
    initializer = init_iPhone8_1_S8000;
    }
    }
    if (strstr(u.machine, "iPhone8,2")) {

    else if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_T7000();
    return;
    initializer = init_iPhone8_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_S8000();
    return;
    initializer = init_iPhone8_2_S8000;
    }
    }
    if (strstr(u.machine, "iPhone8,4")) {

    else if (strstr(u.machine, "iPhone8,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,4 matched\n");
    init_iPhone8_4_S8000();
    return;
    initializer = init_iPhone8_4_S8000;
    }
    }
    if (strstr(u.machine, "iPhone9,1")) {

    else if (strstr(u.machine, "iPhone9,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,1 matched\n");
    init_iPhone9_1_T8010();
    return;
    initializer = init_iPhone9_1_T8010;
    }
    }
    if (strstr(u.machine, "iPhone9,3")) {

    else if (strstr(u.machine, "iPhone9,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,3 matched\n");
    init_iPhone9_3_T8010();
    return;
    initializer = init_iPhone9_2_T8010;
    }
    }
    if (strstr(u.machine, "iPhone9,4")) {

    else if (strstr(u.machine, "iPhone9,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,4 matched\n");
    init_iPhone9_4_T8010();
    return;
    initializer = init_iPhone9_3_T8010;
    }
    }


    else if (strstr(u.machine, "iPhone9,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    initializer = init_iPhone9_4_T8010;
    }
    }

    #pragma mark - iPod
    if (strstr(u.machine, "iPod7,1")) {

    else if (strstr(u.machine, "iPod7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPod7,1 matched\n");
    init_iPod7_1_T7000();
    return;
    initializer = init_iPod7_1_T7000;
    }
    }

    #pragma mark - iPad

    if (strstr(u.machine, "iPad4,3")) {

    else if (strstr(u.machine, "iPad4,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_2_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,3 matched\n");
    init_iPad4_3_S5L8960X();
    return;
    initializer = init_iPad4_3_S5L8960X;
    }
    }

    if (strstr(u.machine, "iPad4,4")) {

    else if (strstr(u.machine, "iPad4,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_4_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,5")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,4 matched\n");
    init_iPad4_4_S5L8960X();
    return;
    initializer = init_iPad4_5_S5L8960X;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {

    else if (strstr(u.machine, "iPad4,6")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_6_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad4,7")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7000();
    return;
    initializer = init_iPad4_7_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7001();
    return;
    initializer = init_iPad4_7_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_S5L8960X();
    return;
    initializer = init_iPad4_7_S5L8960X;
    }
    }
    if (strstr(u.machine, "iPad5,4")) {

    else if (strstr(u.machine, "iPad4,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7000();
    return;
    initializer = init_iPad4_8_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7001();
    return;
    initializer = init_iPad4_8_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_S5L8960X();
    return;
    initializer = init_iPad4_8_S5L8960X;
    }
    }

    if (strstr(u.machine, "iPad6,3")) {

    else if (strstr(u.machine, "iPad4,9")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad4_9_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad4_9_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad4_9_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_1_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_1_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_1_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_2_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_2_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_2_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_3_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_3_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_3_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    initializer = init_iPad5_4_T7000;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    initializer = init_iPad5_4_T7001;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    initializer = init_iPad5_4_S5L8960X;
    }
    }

    else if (strstr(u.machine, "iPad6,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,3 matched\n");
    init_iPad6_3_S8000();
    return;
    initializer = init_iPad6_3_S8000;
    }
    }

    if (strstr(u.machine, "iPad6,4")) {

    else if (strstr(u.machine, "iPad6,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    initializer = init_iPad6_4_S8000;
    }
    }

    else if (strstr(u.machine, "iPad6,7")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,4 matched\n");
    init_iPad6_4_S8000();
    return;
    initializer = init_iPad6_7_S8000;
    }
    }
    if (strstr(u.machine, "iPad6,8")) {

    else if (strstr(u.machine, "iPad6,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,8 matched\n");
    init_iPad6_8_S8000();
    return;
    initializer = init_iPad6_8_S8000;
    }
    }

    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X(); // this won't work!

    if (initializer == NULL) {
    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X();
    }
    else {
    printf("device %s matched\n", u.machine);
    initializer();
    }
    }
  9. @uroboro uroboro revised this gist Dec 18, 2016. 1 changed file with 22 additions and 22 deletions.
    44 changes: 22 additions & 22 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -57,58 +57,58 @@ void init_arm64() {

    #pragma mark - iPhone

    void init_iPhone8_1_S8000() {
    allproc_offset = 0x5a4148;
    void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_4_S8000() {
    void init_iPhone7_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone9_4_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone8_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_2_T7000() {
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    void init_iPhone8_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    void init_iPhone8_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_1_S8000() {
    void init_iPhone8_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_2_S8000() {
    void init_iPhone8_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_3_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone9_4_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }

    #pragma mark - iPod

  10. @uroboro uroboro revised this gist Dec 18, 2016. 1 changed file with 12 additions and 0 deletions.
    12 changes: 12 additions & 0 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -123,6 +123,10 @@ void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad4_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    @@ -303,6 +307,14 @@ void init_offsets() {
    }
    }

    if (strstr(u.machine, "iPad4,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,4 matched\n");
    init_iPad4_4_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,1 matched\n");
  11. @uroboro uroboro revised this gist Dec 18, 2016. 1 changed file with 294 additions and 712 deletions.
    1,006 changes: 294 additions & 712 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -3,7 +3,7 @@
    #include <strings.h>
    #include <sys/utsname.h>

    #include "offsets.h"
    //#include "offsets.h"

    // offsets from the main kernel 0xfeedfacf
    uint64_t allproc_offset;
    @@ -32,756 +32,338 @@ uint64_t struct_ipc_space_is_table_offset;

    // offsets in struct ipc_port
    uint64_t struct_ipc_port_ip_kobject_offset;
    //here
    void init_iPad5_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    #pragma mark - arm64

    void init_arm64() {
    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_1_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;
    #pragma mark - iPhone

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad6_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_4_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone9_4_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPhone8_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone7_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad6_8_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPad5_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPhone7_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone9_3_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;
    }
    void init_iPad6_3_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;
    #pragma mark - iPod

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPod7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_4_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;
    #pragma mark - iPad

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPod7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPad5_1_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPad5_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPhone7_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    void init_iPad5_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad5_4_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad5_4_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;
    }
    void init_iPad6_3_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }
    void init_iPad6_8_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;
    }

    //here end
    void unknown_build() {
    printf("This is an unknown kernel build - the offsets are likely to be incorrect and it's very unlikely this exploit will work\n");
    printf("You need to find these two kernel symbols:\n");
    printf(" allproc\n");
    printf(" kernproc\n\n");
    printf("and update the code\n");
    printf("This is an unknown kernel build - the offsets are likely to be incorrect and it's very unlikely this exploit will work\n");
    printf("You need to find these two kernel symbols:\n");
    printf(" allproc\n");
    printf(" kernproc\n\n");
    printf("and update the code\n");
    }

    void init_offsets() {
    struct utsname u = { 0 };
    int err = uname(&u);
    if (err == -1) {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_iPad4_3_S5L8960X();
    return;
    }

    printf("sysname: %s\n", u.sysname);
    printf("nodename: %s\n", u.nodename);
    printf("release: %s\n", u.release);
    printf("version: %s\n", u.version);
    printf("machine: %s\n", u.machine);

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7001();
    return;
    }
    }
    #pragma mark - init_offsets

    if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad4,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,3 matched\n");
    init_iPad4_3_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,4 matched\n");
    init_iPhone8_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,4 matched\n");
    init_iPad6_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,4 matched\n");
    init_iPhone9_4_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone6,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPhone6,1 matched\n");
    init_iPhone6_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,8 matched\n");
    init_iPad6_8_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,1 matched\n");
    init_iPhone9_1_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,3 matched\n");
    init_iPhone9_3_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,3 matched\n");
    init_iPad6_3_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7001();
    return;
    }
    }

    if (strstr(u.machine, "iPod7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPod7,1 matched\n");
    init_iPod7_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_S8000();
    return;
    }
    }



    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X(); // this won't work!
    void init_offsets() {
    struct utsname u = { 0 };
    int err = uname(&u);
    if (err == -1) {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_iPad4_3_S5L8960X();
    return;
    }

    printf("sysname: %s\n", u.sysname);
    printf("nodename: %s\n", u.nodename);
    printf("release: %s\n", u.release);
    printf("version: %s\n", u.version);
    printf("machine: %s\n", u.machine);

    init_arm64();

    #pragma mark - iPhone

    if (strstr(u.machine, "iPhone6,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPhone6,1 matched\n");
    init_iPhone6_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,4 matched\n");
    init_iPhone8_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,1 matched\n");
    init_iPhone9_1_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,3 matched\n");
    init_iPhone9_3_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,4 matched\n");
    init_iPhone9_4_T8010();
    return;
    }
    }

    #pragma mark - iPod

    if (strstr(u.machine, "iPod7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPod7,1 matched\n");
    init_iPod7_1_T7000();
    return;
    }
    }

    #pragma mark - iPad

    if (strstr(u.machine, "iPad4,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,3 matched\n");
    init_iPad4_3_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7001();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7000();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7001();
    return;
    }
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,3 matched\n");
    init_iPad6_3_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,4 matched\n");
    init_iPad6_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,8 matched\n");
    init_iPad6_8_S8000();
    return;
    }
    }

    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X(); // this won't work!
    }
  12. @invalid-email-address Anonymous created this gist Dec 18, 2016.
    787 changes: 787 additions & 0 deletions offsets.c
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,787 @@
    #include <stdio.h>
    #include <stdlib.h>
    #include <strings.h>
    #include <sys/utsname.h>

    #include "offsets.h"

    // offsets from the main kernel 0xfeedfacf
    uint64_t allproc_offset;
    uint64_t kernproc_offset;

    // offsets in struct proc
    uint64_t struct_proc_p_pid_offset;
    uint64_t struct_proc_task_offset;
    uint64_t struct_proc_p_uthlist_offset;
    uint64_t struct_proc_p_ucred_offset;
    uint64_t struct_proc_p_comm_offset;

    // offsets in struct kauth_cred
    uint64_t struct_kauth_cred_cr_ref_offset;

    // offsets in struct uthread
    uint64_t struct_uthread_uu_ucred_offset;
    uint64_t struct_uthread_uu_list_offset;

    // offsets in struct task
    uint64_t struct_task_ref_count_offset;
    uint64_t struct_task_itk_space_offset;

    // offsets in struct ipc_space
    uint64_t struct_ipc_space_is_table_offset;

    // offsets in struct ipc_port
    uint64_t struct_ipc_port_ip_kobject_offset;
    //here
    void init_iPad5_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_1_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad4_3_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad6_4_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone7_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_4_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone9_4_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone7_2_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone6_1_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad6_8_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone9_1_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_4_S5L8960X() {
    allproc_offset = 0x5a4128;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone9_3_T8010() {
    allproc_offset = 0x5ec178;
    kernproc_offset = 0x5f20e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad6_3_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPad5_4_T7001() {
    allproc_offset = 0x5b4228;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPod7_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_2_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone8_1_T7000() {
    allproc_offset = 0x5b4168;
    kernproc_offset = 0x5ba0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }
    void init_iPhone7_1_S8000() {
    allproc_offset = 0x5a4148;
    kernproc_offset = 0x5aa0e0;

    struct_proc_p_pid_offset = 0x10;
    struct_proc_task_offset = 0x18;
    struct_proc_p_uthlist_offset = 0x98;
    struct_proc_p_ucred_offset = 0x100;
    struct_proc_p_comm_offset = 0x26c;

    struct_kauth_cred_cr_ref_offset = 0x10;

    struct_uthread_uu_ucred_offset = 0x168;
    struct_uthread_uu_list_offset = 0x170;

    struct_task_ref_count_offset = 0x10;
    struct_task_itk_space_offset = 0x300;

    struct_ipc_space_is_table_offset = 0x20;

    struct_ipc_port_ip_kobject_offset = 0x68;
    }

    //here end
    void unknown_build() {
    printf("This is an unknown kernel build - the offsets are likely to be incorrect and it's very unlikely this exploit will work\n");
    printf("You need to find these two kernel symbols:\n");
    printf(" allproc\n");
    printf(" kernproc\n\n");
    printf("and update the code\n");
    }

    void init_offsets() {
    struct utsname u = { 0 };
    int err = uname(&u);
    if (err == -1) {
    printf("uname failed - what platform is this?\n");
    printf("there's no way this will work, but trying anyway!\n");
    init_iPad4_3_S5L8960X();
    return;
    }

    printf("sysname: %s\n", u.sysname);
    printf("nodename: %s\n", u.nodename);
    printf("release: %s\n", u.release);
    printf("version: %s\n", u.version);
    printf("machine: %s\n", u.machine);

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7001();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad4,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad4,3 matched\n");
    init_iPad4_3_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,1 matched\n");
    init_iPad5_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,4 matched\n");
    init_iPhone8_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,4 matched\n");
    init_iPad6_4_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,4 matched\n");
    init_iPhone9_4_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone7,2 matched\n");
    init_iPhone7_2_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone6,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPhone6,1 matched\n");
    init_iPhone6_1_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,8")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,8 matched\n");
    init_iPad6_8_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,1 matched\n");
    init_iPhone9_1_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S5L8960X")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_S5L8960X();
    return;
    }
    }

    if (strstr(u.machine, "iPhone9,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T8010")) {
    printf("device iPhone9,3 matched\n");
    init_iPhone9_3_T8010();
    return;
    }
    }

    if (strstr(u.machine, "iPad6,3")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPad6,3 matched\n");
    init_iPad6_3_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPad5,4")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7001")) {
    printf("device iPad5,4 matched\n");
    init_iPad5_4_T7001();
    return;
    }
    }

    if (strstr(u.machine, "iPod7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPod7,1 matched\n");
    init_iPod7_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,2")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone8,2 matched\n");
    init_iPhone8_2_S8000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone8,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_T7000")) {
    printf("device iPhone8,1 matched\n");
    init_iPhone8_1_T7000();
    return;
    }
    }

    if (strstr(u.machine, "iPhone7,1")) {
    if (strstr(u.version, "root:xnu-3789.22.3~1/RELEASE_ARM64_S8000")) {
    printf("device iPhone7,1 matched\n");
    init_iPhone7_1_S8000();
    return;
    }
    }



    printf("don't recognize this platform\n");
    unknown_build();
    init_iPad4_3_S5L8960X(); // this won't work!
    }