Last active
March 1, 2023 05:45
-
-
Save Cryptiiiic/ca5834b4567b6958c29fa7ca695d2875 to your computer and use it in GitHub Desktop.
Revisions
-
Cryptiiiic revised this gist
Jun 3, 2018 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,4 +12,7 @@ It should take you to this.  6. Now take the address we are at, in this example it's 0xFFFFFFF006FFA3C0, and add 0x10 to it. The final offset will be, in my example 0xFFFFFFF006FFA3D0. 0xFFFFFFF006FFA3D0 is the kaslr_shift address. 7. Run `nm kernelcache.dec | grep -E "__ZNK12OSSerializer9serializeEP11OSSerialize|__ZNK8OSString12getMetaClassEv| _copyout$| _copyin$| _copyin$"`  This will get us `osserializer_serialize`(0xfffffff0074dc3c8), `get_metaclass`(0xfffffff0074de4e4), `copyin`(0xfffffff0071a7090), and `copyout`(0xfffffff0071a72b4) addresses. -
Jun 3, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,10 +6,10 @@ This should take you to `com.apple.AGXG5P:__cstring` section.  3. Double click on the first text:FFFFFFF... 4. Scroll down all the way until you see something like this.  5. Double click on unk_FFFFFFF... which is located at the second ADRP. It should take you to this.  6. Now take the address we are at, in this example it's 0xFFFFFFF006FFA3C0, and add 0x10 to it. The final offset will be, in my example 0xFFFFFFF006FFA3D0. 0xFFFFFFF006FFA3D0 is the kaslr_shift address. -
Jun 3, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,10 +6,10 @@ This should take you to `com.apple.AGXG5P:__cstring` section.  3. Double click on the first text:FFFFFFF... 4. Scroll down all the way until you see something like this.  5. Double click on unk_FFFFFFF... which is located at the second ADRP. It should take you to this. ![]() 6. Now take the address we are at, in this example it's 0xFFFFFFF006FFA3C0, and add 0x10 to it. The final offset will be, in my example 0xFFFFFFF006FFA3D0. 0xFFFFFFF006FFA3D0 is the kaslr_shift address. -
Jun 3, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,15 @@ 1. Open Terminal and run `nm kernelcache.dec | grep _kernproc`  In this example, 0xfffffff0075d50a0 is our kernproc address.(iPhone6S on 11.3.1) 2. Drag your kernelcache.dec into ida and stringsearch for `fStampMapping[kAGXHostMemoryTimestamp]` This should take you to `com.apple.AGXG5P:__cstring` section.  3. Double click on the first text:FFFFFFF... 4. Scroll down all the way until you see something like this.  5. Double click on unk_FFFFFFF... which is located at the second ADRP. It should take you to this.  6. Now take the address we are at, in this example it's 0xFFFFFFF006FFA3C0, and add 0x10 to it. The final offset will be, in my example 0xFFFFFFF006FFA3D0. 0xFFFFFFF006FFA3D0 is the kaslr_shift address.