From 95213b4955190d15945af6482f0be928504fb2be Mon Sep 17 00:00:00 2001 From: jakeajames Date: Thu, 19 Mar 2020 12:10:03 +0100 Subject: [PATCH] iOS 13 offsets --- offsets.m | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 3 deletions(-) diff --git a/offsets.m b/offsets.m index 38d7744..61618a8 100644 --- a/offsets.m +++ b/offsets.m @@ -104,7 +104,12 @@ 0x28, // KSTRUCT_OFFSET_TASK_NEXT, 0x30, // KSTRUCT_OFFSET_TASK_PREV, 0x300, // KSTRUCT_OFFSET_TASK_ITK_SPACE + +#if __arm64e__ + 0x368, // KSTRUCT_OFFSET_TASK_BSD_INFO, +#else 0x358, // KSTRUCT_OFFSET_TASK_BSD_INFO, +#endif 0x0, // KSTRUCT_OFFSET_IPC_PORT_IO_BITS, 0x4, // KSTRUCT_OFFSET_IPC_PORT_IO_REFERENCES, @@ -135,6 +140,50 @@ 0x7c, // KFREE_ADDR_OFFSET }; +int _kstruct_offsets_13_0[] = { + 0xb, // KSTRUCT_OFFSET_TASK_LCK_MTX_TYPE, + 0x10, // KSTRUCT_OFFSET_TASK_REF_COUNT, + 0x14, // KSTRUCT_OFFSET_TASK_ACTIVE, + 0x28, // KSTRUCT_OFFSET_TASK_VM_MAP, + 0x30, // KSTRUCT_OFFSET_TASK_NEXT, + 0x38, // KSTRUCT_OFFSET_TASK_PREV, + 0x320, // KSTRUCT_OFFSET_TASK_ITK_SPACE + +#if __arm64e__ + 0x388, // KSTRUCT_OFFSET_TASK_BSD_INFO, +#else + 0x380, // KSTRUCT_OFFSET_TASK_BSD_INFO, +#endif + + 0x0, // KSTRUCT_OFFSET_IPC_PORT_IO_BITS, + 0x4, // KSTRUCT_OFFSET_IPC_PORT_IO_REFERENCES, + 0x40, // KSTRUCT_OFFSET_IPC_PORT_IKMQ_BASE, + 0x50, // KSTRUCT_OFFSET_IPC_PORT_MSG_COUNT, + 0x60, // KSTRUCT_OFFSET_IPC_PORT_IP_RECEIVER, + 0x68, // KSTRUCT_OFFSET_IPC_PORT_IP_KOBJECT, + 0x88, // KSTRUCT_OFFSET_IPC_PORT_IP_PREMSG, + 0x90, // KSTRUCT_OFFSET_IPC_PORT_IP_CONTEXT, + 0xa0, // KSTRUCT_OFFSET_IPC_PORT_IP_SRIGHTS, + + 0x68, // KSTRUCT_OFFSET_PROC_PID, + 0x108, // KSTRUCT_OFFSET_PROC_P_FD + + 0x0, // KSTRUCT_OFFSET_FILEDESC_FD_OFILES + + 0x16, // KSTRUCT_OFFSET_FILEPROC_F_FGLOB + + 0x38, // KSTRUCT_OFFSET_FILEGLOB_FG_DATA + + 0x10, // KSTRUCT_OFFSET_SOCKET_SO_PCB + + 0x10, // KSTRUCT_OFFSET_PIPE_BUFFER + + 0x14, // KSTRUCT_OFFSET_IPC_SPACE_IS_TABLE_SIZE + 0x20, // KSTRUCT_OFFSET_IPC_SPACE_IS_TABLE + + 0x7c, // KFREE_ADDR_OFFSET +}; + int _koffset(enum _kstruct_offset offset) { if (_offsets == NULL) { printf("need to call offsets_init() prior to querying offsets\n"); @@ -144,7 +193,35 @@ int _koffset(enum _kstruct_offset offset) { } void _offsets_init() { - if (SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(@"12.0")) { + if (SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(@"13.0")) { + printf("[i] offsets selected for iOS 13.0 or above\n"); + _offsets = _kstruct_offsets_12_0; + + // other struct offsets + off_p_pid = 0x68; + off_task = 0x10; + off_p_uid = 0x2c; + off_p_gid = 0x30; + off_p_ruid = 0x34; + off_p_rgid = 0x38; + off_p_ucred = 0x100; + off_p_fd = 0x108; + off_p_csflags = 0x298; + off_p_comm = 0x258; + off_p_textvp = 0x238; + off_p_textoff = 0x240; + off_p_cputype = 0x2b0; + off_p_cpu_subtype = 0x2b4; + off_itk_space = 0x320; + off_csb_platform_binary = 0xa8; + off_csb_platform_path = 0xac; +#if __arm64e__ + off_t_flags = 0x3d8; +#else + off_t_flags = 0x3d0; +#endif + } + else if (SYSTEM_VERSION_GREATER_THAN_OR_EQUAL_TO(@"12.0")) { printf("[i] offsets selected for iOS 12.0 or above\n"); _offsets = _kstruct_offsets_12_0; @@ -162,13 +239,12 @@ void _offsets_init() { off_p_textvp = 0x230; off_p_textoff = 0x238; off_p_cputype = 0x2a8; - off_p_cpu_subtype = 0x2ac; // ?? + off_p_cpu_subtype = 0x2ac; off_itk_space = 0x300; off_csb_platform_binary = 0xa8; off_csb_platform_path = 0xac; #if __arm64e__ off_t_flags = 0x400; - _offsets[7] = 0x368; #else off_t_flags = 0x390; #endif