p0up0u @_p0up0u_ Twitter profile

Pinned Tweet

p0up0u

@_p0up0u_

1 year

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices:

GitHub - felix-pb/kfd: kfd, short for kernel file descriptor, is a project to read and write kernel...

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices. - felix-pb/kfd

github.com

31

123

453

Last Seen Profiles

@bokeplokalmalam

@UmerFShoukat

@azcentral

@ramramosATM

@bokeplokalmalam

@UnitedCenter

@sienengelis

@timari_12

@__U__U__oo0

@meowm1ngi

@BokepViralMesu9

@sujeethsign

@bigrussiankitty

@vampyaivy

@310Dicc

@FOX10Phoenix

@Publius_3

@BokepViralMesu9

@bokeplokalmalam

@bilgin_ve

@ivye_m

@GondeckDeagan

@aanikcx

@coercaodobem

@waahedye

@penyukastw21

@roikamiskiya

@BinorRaja

@sf_toma

@zptk1t

@pandoraAMP

@scholarathlete

@M_line_Music

@vatean35442

@adin_alea

@dove_quail_guy

p0up0u

@_p0up0u_

1 year

@i41nbeer @NedWilliamson @LinusHenze @tihmstar (might be of interest to you)

2

3

43

p0up0u

@_p0up0u_

1 year

@has000oon I don't really look at what is going on in the jailbreak community, so I don't know if this is the first public kernel read/write exploit for iOS 16. If it is, then it could be useful but it's only the first piece of the puzzle! (PAC and PPL bypasses are not included)

5

3

32

p0up0u

@_p0up0u_

1 year

@Little_34306 I tested the second exploit (Smith) on the very first public and developer betas of iOS 17 and it worked. I don't know in which beta it was fixed.

2

3

11

p0up0u

@_p0up0u_

1 year

@dedbeddedbed Yeah, that's because 16.1.2 isn't in the list of versions I tested. You might want to try removing `assert_false("unsupported osversion");` in the function info_init() in info.h, and replace it with `kfd->info.env.vid = 0;` instead. If you're lucky, the offsets will be the same!

2

0

9

p0up0u

@_p0up0u_

1 year

@dedbeddedbed In that case, the offsets are not the same! If you're not comfortable retrieving them from the XNU source code, you will have to wait for other people to offer pull requests which add support for the other versions that can be supported!

1

6

p0up0u

@_p0up0u_

1 year

@tihmstar @AppleUpdatei @i41nbeer @NedWilliamson @LinusHenze Yes, you can DM me and I'll give you more details! :)

0

4

p0up0u

@_p0up0u_

1 year

@Little_34306 If you trigger the assertion on line 93 in smith.h, then it has been fixed already. If you get a kernel panic, then it's a good sign but you'll need to adjust some offsets!

1

0

5

p0up0u

@_p0up0u_

1 year

@Little_34306 You will also need to change the default case in info_init() to remove assert_false("unsupported osversion");

2

0

3

p0up0u

@_p0up0u_

1 year

@AppleUpdatei @tihmstar @i41nbeer @NedWilliamson @LinusHenze Yes, but with a bit of work. You will need to find certain offsets in the XNU source code (easy). And if you want to support the "better kernel read/write primitive" through the fake perfmon device, you will need to find a few static addresses from the kernelcache (tedious).

1

0