QiLin doubt:

Used for discussing the various tools in the book as well as encouraging members to share tools

QiLin doubt:

Postby jshenton » Wed Jan 17, 2018 4:06 pm

Hello,

I am having an issue while trying to implement QiLin on Clarity. Site says I have to call
Code: Select all
int initQiLin (mach_port_t TFP0, uint64_t KernelBase);
in order to initialize QiLin. Where do I getTFP0 and KernelBase from async_wake.

Thank you very much for your help in advanced!
jshenton
 
Posts: 2
Joined: Wed Jan 17, 2018 4:04 pm

Re: QiLin doubt:

Postby morpheus » Wed Jan 17, 2018 6:54 pm

- the TFP0 is *EXACTLY* the whole point of async_wake. it's the send right to kernel task port
- The kernel base is the kernel original address (0xffffffff8000..something I forget but use jtool -l) and add the slide.
morpheus
Site Admin
 
Posts: 738
Joined: Thu Apr 11, 2013 6:24 pm

Re: QiLin doubt:

Postby jshenton » Wed Jan 17, 2018 7:21 pm

Should work now! I guess after adding this and some more code, Clarity will be ready.
jshenton
 
Posts: 2
Joined: Wed Jan 17, 2018 4:04 pm

Re: QiLin doubt:

Postby carllivitt » Tue Jan 23, 2018 12:19 pm

What's the best way to get the kaslr slide? Does QiLin have a feature to calculate it? if not, can you point at a resource that would help me implement it? I'd like to expand https://github.com/BishopFox/bfinject to more than just App Store apps, and QiLin looks like it could help with that.
carllivitt
 
Posts: 1
Joined: Tue Jan 23, 2018 7:08 am


Return to Tools

Who is online

Users browsing this forum: Bing [Bot] and 2 guests

cron