diff options
| author | spv420 <spv@spv.sh> | 2022-07-31 18:11:05 -0400 |
|---|---|---|
| committer | spv420 <spv@spv.sh> | 2022-07-31 18:11:05 -0400 |
| commit | 000af43d54977892bfdfee42542bfefe7e195a31 (patch) | |
| tree | 3ba3dbfba2da2a44f681ecb8c67cc7a15c3110f2 /README.md | |
| parent | 7f884f85821cc08df2aa8ae11ebd37fa258f2f47 (diff) | |
yahtzee
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -18,6 +18,19 @@ the exploit to get arbitrary mem write should work on < iOS 12 as well (i think), but the ROP chain's gadget addresses are currently hardcoded to one
build.
+inside the `boot-args` nvram variable, `p0laris_options` is a variable you can
+set that is JSON deserialized & used as an object in `stage3` and `stage4`.
+
+keep `p0laris_options` as the last boot-arg, or it will be parsed incorrectly.
+
+example:
+
+`debug=0x1 -v p0laris_options='{"sleep_spin":true}'`
+
+don't do:
+
+`p0laris_options='{"sleep_spin":true}' debug=0x1 -v`
+
### current install steps
- procure an `iPhone4,1` on `9.3.6 (13G37)`
- jailbreak with p0laris (or Phoenix if you're old fashioned)
|