benjamin-42 / trident Goto Github PK

i've had a look around and seen the amount of versions you have for ipad, but no support for mini 1.
ive seen tutorials on youtube on how to add support, but im on a windows machine and cant do that (i dont want do go through the hassle of virtual machines). anyway if you can make this happen, great, but in the meen time im just going to wait.

i want to include 9.3.2 for iPad 3,3 in Xcode to trident that was in closed issues but i don't know how to add it.

any chance ?

I wrote a Similar issue to the developers of Trident-kloader. I maybe think that you are able to fix the issue with Trident that the other Developers can include their kloader and i can get my 5 back to iOS 8.4.1 and make it kinda faster. Anyways, i include my Kernel Panic under that link: http://pastebin.com/jpYFBZbT . If you need some more informations, simply just ask.

Please, test it. On my iPad 3.3 with 9.3.2 - it's work fine.

find_OSSSerializer_serialize(): 0x318264
find_OSSymbol_getMetaClass(): 0x31aa6c
find_calend_gettime(): 0x1e170
find_bufattr_cpx(): 0xd9848
find_clock_ops(): 0x403428
find_copyin(): 0xc76b4
find_bx_lr(): 0xd984a
find_write_gadget(): 0xc73e8
find_vm_kernel_addrperm(): 0x455844
find_kernel_pmap(): 0x3f6454
find_flush_dcache(): 0xbc260
find_invalidate_tlb(): 0xc7440
find_task_for_pid(): 0x2fcd80
find_setreuid(): 0x2a985c
find_pid_check(): 0x14
find_posix_check(): 0x3e
find_mac_proc_check(): 0x1e6

I tried like 3 days in a row to set-up a VM on Mac OS X Yosemite but the latest version of Xcode is not supported.
A iPA file would be awesome so I could use it with Cydia Impactor.

Is there any difference between iPhone5,1(GSM) and iPhone 5,2(GLOBAL) with respect to finding the correct offsets? or is it a easier fix, possibly just editing the project source to add the 5,1 identifier so the app will pick it up and execute?

ios9.3beta

Tested on iPhone 5,2. iOS 9.3.X failed, but iOS 9.2.X works well.

The offsets for the instructions that need to be patched should also be abstracted. For example; the iPhone 5,2 9.3.1 is at an offset of 0x16, whereas the iPad 3,1 9.3.4 is at 0x14. This may also be present in other devices / firmware.

Perhaps implement a find_patch_task_for_pid_offsets(unsigned patch_number); function?

Example:

u_int32_t find_task_for_pid_patch_offsets(unsigned patch_number) {
    switch (patch_number) {
        case 1:
            switch (target_environment) {
                case iPhone52_iOS931: return 0x16;
                default: return 0x14;
            }
        case 2:
            switch (target_environment) {
                default: return 0x3e;
            }
        case 3:
            switch (target_environment) {
                default: return 0x1e6;
            }
        default: abort();
    }

}

Also, the only reason I have the case 2 and case 3 is incase there's any difference for those instructions too. The first instruction might be the only one. If so you can leave those out and just return 0x3e and 0x1e6 respectively.

Update: This is also the same with patch_setruid(). The offsets are different.
Update update: There also seems to be some issues with the pmap patch? Is the pmap patch dependent on any offsets other than the kernel_pmap base itself?

Any release dates for iPod 5,1 on iOS 9.3.1? I really need jailbreak because my phone is running very slow, and its boring because i dont apps like "Barrel" and "iFile" and i wanna install jailbreak apps :( , i mainly got the iPod because i thought jailbreak was already released for it... then i found out that jailbreak was only available for 64bit iOS devices :'(

Yo, can anyone confirm that this will soon be out? And in .ipa form? Because i dont have a mac and i cant use xcode to install it. My device is a iPod 5,1 (5th genegration) and i am running iOS 9.3.1 btw pls and thx! :)

iPhone41_iOS932: return 0x455848; should actually be returning 0x455844.

I think it might affect some of the other offsets too? Tested on my iPhone 4S running iOS 9.3.2.

Any luck with finding offsets for this device?

Surprisingly enough, the same offsets for iPhone5,1 9.3.3 actually work with iPad3,4!!!

Offsets:

0x31f13c
0x3219fc
0x1eeac
0xdea48
0x40b428
0xcb7dc
0xdea4a
0xcb508
0x45d978
0x3fe454
0xcb560
0x45f2c8
0xa4

Can you add support for the Wifi only iPad 3rd Gen on iOS 9.3.3.

Could help to add Support for IPad2 IOS 9.2.1 ?

I compiled and run it in my iphone4s (ios 9.3.2), it displayed that "w00t root". now I want to install openssh or cydia, who can help me?

Can someone add it?

For example, after the exploit you cannot attach the Xcode debugger (lldb) to any process.

This limits the debug capabilities while the device is rooted (reboot to solve).

I've tried to insert the iOS 9.2.1 offsets for iPhone 4S into the project. The app installs, but once pressing YOLO the display shows strange colors (see the attached picture) and the device reboots.
The offsets I've inserted are these:

find_OSSSerializer_serialize(): 0x3107fc
find_OSSymbol_getMetaClass(): 0x312f18
find_calend_gettime(): 0x1de60
find_bufattr_cpx(): 0xd8750
find_clock_ops(): 0x3fc3dc
find_copyin(): 0xc6754
find_bx_lr(): 0xd8752
find_write_gadget(): 0xc6488
find_vm_kernel_addrperm(): 0x44e840
find_kernel_pmap(): 0x3ef444
find_flush_dcache(): 0xbb760
find_invalidate_tlb(): 0xc64e0
find_task_for_pid(): 0x2f56c4
find_setreuid(): 0x2a3bc4

^

bump

An iPod touch 5th generation running iOS 9.3.3 would work, could you stop the device/version detector from disallowing me from jailbreaking on that version?

App just freezes, sadly D:

So I installed Trident on my device it says that it is not supported. I have a iphone 4s 9.2.1 (13D15), Is there any way to allow it to be supported on my device? Thank you, I am not much experienced within this field but do have enough knowledge to get the job done.

Hey everyone,

I tried adding support for my old iPad at 9.2 today but when I press yolo the device just panics and reboots.

These are my offsets:

find_OSSerializer_serialize(): 0x3106fc
find_OSSymbol_getMetaClass(): 0x312e18
find_calend_gettime(): 0x1de84
find_bufattr_cpx(): 0xd8750
find_clock_ops(): 0x3fc3dc
find_copyin(): 0xc6754
find_bx_lr(); 0xd8752
find_write_gadget(): 0xc6488
find_vm_kernel_addrperm(): 0x44e840
find_kernel_pmap(): 0x3ef444
find_flush_dcache(): 0xbb710
find_invalidate_tlb(): 0xc64e0
find_task_for_pid(): 0x2f55b4
find_setreuid(): 0x2a3ab4

My fork can be found here: https://github.com/270899colin/Trident/tree/master/Trident

Hey there,

I was wondering if it would be possible to add support for an iphone 4s on ios 9.1?

Thanks!

Jan

I can see that support for downgrading iOS 9.1-9.3.4 is becoming available to an increasing number of devices, which is great for 32 bit users.
Being on 9.2.1 on my 4S, I would downgrade to 8.4.1 because iOS 9 is just slow on the 4S without bringing much, I've been sorry for a year to have upgraded. But for starters I wouldn't want to be stuck on 8.4.1 and only be able to upgrade to the unjailbroken 9.3.5 when iOS 8 would truly be obsolete or when an iOS 9.1-9.3.4 32 bit jailbreak would appear, particularly as I have iOS 9.2.1-9.3.4 SHSH blobs.
I appreciate the work put in so far for jailbreaking iOS 9.1 - 9.3.4 on 32 bit but as it appears that Trident has been used since iOS 7 could you also make it work on the yet-to-be-jailbroken 8.4.1?
Thank you all for your great work!

Hello, can the iPod touch 5 on 9.3.3 run the 9.3.2 exploit or not ? Because I have Xcode but I don't want to brick my iPod, so do you think it will works on it ?

I like this tools
When to support the iphone5,3 ios 9.3

this is a Sad story
I'd like to test out for you.
please

iPad 2,4 iOS 9.2.1 xcode 8.2.1
Trident installs on iPad but it stops after pressing YOLO and goes light blue:
payload ptr: 0x9b23b97c
kr: 0x0
Assertion failed: (read_primitive(kernel_base) == 0xfeedface), function exploit, file /Users/administrator/Desktop/Trident-master26.1.17/Trident/exploit.c, line 434.
(lldb)

this is highlighted red: assert(read_primitive(kernel_base) == 0xfeedface); with the tag "Thread 1: signal SIGABRT"

Trident app seems to crash to home screen on iPhone 5,2 on iOS 9.2. Some kernel panics too. Error log: pastebin.com/DQWVuKR9

Not all that sure how to find the device offsets, anyone know?

Hey, I've tried it with iPhone 5,3 9.3.2 but it just reboots and nothing happens, tried to change the offsets cuz I think some of them were wrong but it did the same thing !!!

offsetfinder.c is missing the offsets for the following device combination for vm_kernel_addrperm, setreuid, pid_check, posix_check, and mac_proc_check.

I read another closed issue,but...any hope for that one?It's so strange that higher version (9.3.4) supported and lower one not :(
Anyway, best regards and good luck with the project!

Sir,I'm a beginner, and have an iPad 3 running iOS 9.3.4, can u please guide me, thanks in advance

Hei i got an problem with the ipa. The App says that isn´t supported, but in the description of the Trident says that is supported. My iPad is the iPad2,4 (K93AAP), iOS 9.3.1 (Eagle 13E238).

Thanks a lot 👍

Hi, I tried the new offsets with Trident for my iPad 2,1 9.1, and the application just reboots my iPad. I think there might be something wrong with the offsets. Thanks!

plz add this device also, thanx in advance

iPad2,5 P105AP (iPadMini) IOS 9.3.2

Thanks

Hi Benjamin,

Great work on the Trident implementation 👍

I'd though I'd post these here instead of a pull request, as adding them to offsetfinder.c doesn't work OTB.

find_OSSerializer_serialize: 0x319450
find_OSSymbol_getMetaClass: 0x31bc3c
find_calend_gettime: 0x1db34
find_bufattr_cpx: 0xd97d0
find_clock_ops: 0x4053cc
find_copyin: 0xc7754
find_bx_lr: 0xd97d2
find_write_gadget: 0xc7488
find_vm_kernel_addrperm: 0x457030
find_kernel_pmap: 0x3f8444
find_flush_dcache: 0xbcb7c
find_invalidate_tlb: 0xc74e0
find_task_for_pid: 0x2fe034
find_setreuid: 0x2aa31c
find_pid_check: 0x16
find_posix_check: 0x40
find_mac_proc_check: 0x224

However, these values won't work without another modification! The new_branch value in patch_setreuid presumes that the branch exists at offset 0xe031 - in this particular kernel, it actually is present at 0xe03e.

You wouldn't believe what I have had to wade through to get a semi-working kernel dump! I had to take lots of seperate chunks of 0x18000 bytes in size (with Siguza's implementation) and stitch them together as the kernel seems very sensitive to using a read primative! However, with your task_for_pid patch, this issue goes away, and a proper kernel dump can be made with ios-kern-utils!! Thanks so much!

Hello,

Is there someone with an iPhone 4S on iOS 9.2 who could check if my offsets are right?

https://github.com/ganoninc/Trident/tree/ganoninc-iPhone41_IOS920

Thanks

Can you add support for the iPad 3,1 iOS 9.2.1?

So iPad 3,2, iOS 9.3.2 is supported but i need 3,3 9.3.2 support.
Any chance you could add that?

Could you Help to compile IPA for IPad2,2 ios9.2.1?
Thanks a lot