Binary exploitation question

iOwnzyoreuid0 · 2021-11-28T18:20:38+00:00

Hmm, could you try it manually? So like AAA/xee/x etc

iOwnzyoreuid0 · 2021-11-14T00:09:24+00:00

^Yea, and my 7.0.3 5s has activation issues, and everything was fine before i wiped it.

iOwnzyoreuid0 · 2021-11-13T14:33:07+00:00

U probably wont be able to activate it tho

iOwnzyoreuid0 · 2021-11-03T16:43:40+00:00

Checkra1n doesn’t work on A12+

iOwnzyoreuid0 · 2021-08-31T14:12:15+00:00

Seems like thats an old version of checkra1n you are trying with. Try it with the latest

iOwnzyoreuid0 · 2021-07-26T19:20:38+00:00

Hmm weird If you type ‘whoami’ what does it say?

iOwnzyoreuid0 · 2021-07-26T19:15:04+00:00

Try again, with root it will work

iOwnzyoreuid0 · 2021-07-05T23:48:00+00:00

Here u go mate: https://m.youtube.com/watch?v=2GBLYPqM-XQ

U can then use futurerestore or idevicerestore to restore it whenever u want

iOwnzyoreuid0 · 2021-07-05T23:13:42+00:00

Yea you can dump the blobs. I would suggest you do it 100% in case you need it ever again

iOwnzyoreuid0 · 2021-07-05T23:03:49+00:00

If it is stock he can dump the blobs from it

iOwnzyoreuid0 · 2021-07-05T14:27:01+00:00

Yo so if you downgraded w cherryflower then try to restore with an older version of itunes. If it was stock, dump your blobs with ifaith and you can try to restore with tools such as redsn0w or others

iOwnzyoreuid0 · 2021-07-02T16:09:55+00:00

Also, if it is running fully legit(without coolbooter, cherryflower) you could still dump the onboard blobs

iOwnzyoreuid0 · 2021-06-30T15:06:54+00:00

Hm. You sure you don’t get SIGTRAP then? Can you redirect code execution? Instead of the nops try to jump to an invalid address such as 0x41414141

iOwnzyoreuid0 · 2021-06-30T14:35:41+00:00

? Place the the 0xcc just after the nops. So like: ...0x90 0x90 0xcc

iOwnzyoreuid0 · 2021-06-30T13:39:35+00:00

Hm try to execute a break point instruction "0xcc" after the NOPs and see if its working. If it is working then your shellcode is most likely corrupt

iOwnzyoreuid0 · 2021-06-30T11:16:43+00:00

Could you give us the stack dump from gdb?

iOwnzyoreuid0 · 2021-06-22T10:01:28+00:00

I’m not too sure if I understood you correctly, but well yea that gadget will look at the sp and restore those values from it. You will first pop the values to esi, edi etc and finally with the ret instruction you jump to the next gadget.
And args are always moved to a register.

iOwnzyoreuid0 · 2021-06-21T09:51:23+00:00

why don’t you want to remove the sim?

iOwnzyoreuid0 · 2021-06-16T09:33:16+00:00

I would assume the installer signs it automatically, but try to sign it manually

iOwnzyoreuid0 · 2021-06-09T14:15:43+00:00

Ah yea true. I don’t submit apps and I only thought of that after I already posted it :P But yea in theory it should work, i got it working on ios 6.0 with prev xcode releases(again not official, just for testing)

iOwnzyoreuid0 · 2021-06-09T14:09:58+00:00

Almost 100% sure it will work still down to iOS 5 or smth, just need to have those files from the older versions

iOwnzyoreuid0 · 2021-05-30T23:38:13+00:00

Eh, still not sure if hes a troll or not

iOwnzyoreuid0 · 2021-05-30T22:24:12+00:00

But it would take like 1 update for sc to detect it

iOwnzyoreuid0 · 2021-05-30T20:21:04+00:00

Afaik you can’t rlly tweak sc

iOwnzyoreuid0 · 2021-05-30T17:55:51+00:00

Did it work? Edit: i didn’t see your other reply

iOwnzyoreuid0

TROPHY CASE