sh-3.2# ssh 192.168.6.86
The authenticity of host '192.168.6.86 (192.168.6.86)' can't be established.
ECDSA key fingerprint is SHA256:vAgxhpd74EcNS0cEvmN37RLtAwrI9kNP6xxzgt/TKkI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.6.86' (ECDSA) to the list of known hosts.
[email protected]'s password:
[319] Jun 18 09:24:30 lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
[319] Jun 18 09:24:30 lastlog_openseek: /var/log/lastlog is not a file or directory!
zsh: failed to load module `zsh/zle': dlopen(/usr/local/lib/zsh/5.0.8/zsh/zle.so, 9): image not found
[i] OSIRIS Jailbreak Initialized.
by GeoSn0w (@FCE365)
Thanks to Ian Beer, Jonathan Levin and Hacker Fantastic
[i] Initializing multi_path exploit by Ian Beer!.
[i] Offsets selected for iOS 11.0 to 11.2.6
rlim.cur: 256
rlim.max: 9223372036854775807
rlim.cur: 10240
rlim.max: 9223372036854775807
[i] Allocating early sockets
[i] Trying to force a 16MB aligned 0x800 kalloc on to freelist
0/6...
1/6...
2/6...
3/6...
4/6...
5/6...
6/6...
1697 1698
[i] Waiting for early mptcp gc...
[i] Trying first free
doing partial overwrite with target value: 0000000000000000, length 3
err: -1
[i] Waiting for mptcp gc...
[i] trying to refill ****************
[i] Hopefully we got a pipe buffer in there... now freeing one of them
[i] Trying second free
doing partial overwrite with target value: 0000000000000000, length 3
err: -1
[i] Waiting for second mptcp gc...
[i] Checking....
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[i] Full read
[!] Found an unexpected value: deadbeef000007a8
[!] Found an unexpected value: ffffffe00e000228
[!] Found an unexpected value: 0000000000000000
[!] Found an unexpected value: 0000000000000000
[!] Found an unexpected value: 0000000000000000
[!] Found an unexpected value: 0000000000000000
[!] Found an unexpected value: 0000000000000000
[!] This should be the empty prealloc message
+00000000 deadbeef000007a8
+00000008 4242424242424242
+00000010 4242424242424242
+00000018 ffffffe00e000228
+00000020 0000000000000000
+00000028 0000000000000000
+00000030 0000000000000000
+00000038 0000000000000000
+00000040 4242424242424242
+00000048 4242424242424242
+00000050 0000000000000000
+00000058 4242424242424242
+00000060 4242424242424242
+00000068 4242424242424242
+00000070 4242424242424242
+00000078 4242424242424242
+00000080 4242424242424242
+00000088 4242424242424242
+00000090 4242424242424242
+00000098 4242424242424242
+000000a0 4242424242424242
+000000a8 4242424242424242
+000000b0 4242424242424242
+000000b8 4242424242424242
+000000c0 4242424242424242
+000000c8 4242424242424242
+000000d0 4242424242424242
+000000d8 4242424242424242
+000000e0 4242424242424242
+000000e8 4242424242424242
+000000f0 4242424242424242
+000000f8 4242424242424242
+00000100 4242424242424242
+00000108 4242424242424242
+00000110 4242424242424242
+00000118 4242424242424242
+00000120 4242424242424242
+00000128 4242424242424242
+00000130 4242424242424242
+00000138 4242424242424242
+00000140 4242424242424242
+00000148 4242424242424242
+00000150 4242424242424242
+00000158 4242424242424242
+00000160 4242424242424242
+00000168 4242424242424242
+00000170 4242424242424242
+00000178 4242424242424242
+00000180 4242424242424242
+00000188 4242424242424242
+00000190 4242424242424242
+00000198 4242424242424242
+000001a0 4242424242424242
+000001a8 4242424242424242
+000001b0 4242424242424242
+000001b8 4242424242424242
+000001c0 4242424242424242
+000001c8 4242424242424242
+000001d0 4242424242424242
+000001d8 4242424242424242
+000001e0 4242424242424242
+000001e8 4242424242424242
+000001f0 4242424242424242
+000001f8 4242424242424242
+00000200 4242424242424242
+00000208 4242424242424242
+00000210 4242424242424242
+00000218 4242424242424242
+00000220 4242424242424242
+00000228 4242424242424242
+00000230 4242424242424242
+00000238 4242424242424242
+00000240 4242424242424242
+00000248 4242424242424242
+00000250 4242424242424242
+00000258 4242424242424242
+00000260 4242424242424242
+00000268 4242424242424242
+00000270 4242424242424242
+00000278 4242424242424242
+00000280 4242424242424242
+00000288 4242424242424242
+00000290 4242424242424242
+00000298 4242424242424242
+000002a0 4242424242424242
+000002a8 4242424242424242
+000002b0 4242424242424242
+000002b8 4242424242424242
+000002c0 4242424242424242
+000002c8 4242424242424242
+000002d0 4242424242424242
+000002d8 4242424242424242
+000002e0 4242424242424242
+000002e8 4242424242424242
+000002f0 4242424242424242
+000002f8 4242424242424242
+00000300 4242424242424242
+00000308 4242424242424242
+00000310 4242424242424242
+00000318 4242424242424242
+00000320 4242424242424242
+00000328 4242424242424242
+00000330 4242424242424242
+00000338 4242424242424242
+00000340 4242424242424242
+00000348 4242424242424242
+00000350 4242424242424242
+00000358 4242424242424242
+00000360 4242424242424242
+00000368 4242424242424242
+00000370 4242424242424242
+00000378 4242424242424242
+00000380 4242424242424242
+00000388 4242424242424242
+00000390 4242424242424242
+00000398 4242424242424242
+000003a0 4242424242424242
+000003a8 4242424242424242
+000003b0 4242424242424242
+000003b8 4242424242424242
+000003c0 4242424242424242
+000003c8 4242424242424242
+000003d0 4242424242424242
+000003d8 4242424242424242
+000003e0 4242424242424242
+000003e8 4242424242424242
+000003f0 4242424242424242
+000003f8 4242424242424242
+00000400 4242424242424242
+00000408 4242424242424242
+00000410 4242424242424242
+00000418 4242424242424242
+00000420 4242424242424242
+00000428 4242424242424242
+00000430 4242424242424242
+00000438 4242424242424242
+00000440 4242424242424242
+00000448 4242424242424242
+00000450 4242424242424242
+00000458 4242424242424242
+00000460 4242424242424242
+00000468 4242424242424242
+00000470 4242424242424242
+00000478 4242424242424242
+00000480 4242424242424242
+00000488 4242424242424242
+00000490 4242424242424242
+00000498 4242424242424242
+000004a0 4242424242424242
+000004a8 4242424242424242
+000004b0 4242424242424242
+000004b8 4242424242424242
+000004c0 4242424242424242
+000004c8 4242424242424242
+000004d0 4242424242424242
+000004d8 4242424242424242
+000004e0 4242424242424242
+000004e8 4242424242424242
+000004f0 4242424242424242
+000004f8 4242424242424242
+00000500 4242424242424242
+00000508 4242424242424242
+00000510 4242424242424242
+00000518 4242424242424242
+00000520 4242424242424242
+00000528 4242424242424242
+00000530 4242424242424242
+00000538 4242424242424242
+00000540 4242424242424242
+00000548 4242424242424242
+00000550 4242424242424242
+00000558 4242424242424242
+00000560 4242424242424242
+00000568 4242424242424242
+00000570 4242424242424242
+00000578 4242424242424242
+00000580 4242424242424242
+00000588 4242424242424242
+00000590 4242424242424242
+00000598 4242424242424242
+000005a0 4242424242424242
+000005a8 4242424242424242
+000005b0 4242424242424242
+000005b8 4242424242424242
+000005c0 4242424242424242
+000005c8 4242424242424242
+000005d0 4242424242424242
+000005d8 4242424242424242
+000005e0 4242424242424242
+000005e8 4242424242424242
+000005f0 4242424242424242
+000005f8 4242424242424242
+00000600 4242424242424242
+00000608 4242424242424242
+00000610 4242424242424242
+00000618 4242424242424242
+00000620 4242424242424242
+00000628 4242424242424242
+00000630 4242424242424242
+00000638 4242424242424242
+00000640 4242424242424242
+00000648 4242424242424242
+00000650 4242424242424242
+00000658 4242424242424242
+00000660 4242424242424242
+00000668 4242424242424242
+00000670 4242424242424242
+00000678 4242424242424242
+00000680 4242424242424242
+00000688 4242424242424242
+00000690 4242424242424242
+00000698 4242424242424242
+000006a0 4242424242424242
+000006a8 4242424242424242
+000006b0 4242424242424242
+000006b8 4242424242424242
+000006c0 4242424242424242
+000006c8 4242424242424242
+000006d0 4242424242424242
+000006d8 4242424242424242
+000006e0 4242424242424242
+000006e8 4242424242424242
+000006f0 4242424242424242
+000006f8 4242424242424242
+00000700 4242424242424242
+00000708 4242424242424242
+00000710 4242424242424242
+00000718 4242424242424242
+00000720 4242424242424242
+00000728 4242424242424242
+00000730 4242424242424242
+00000738 4242424242424242
+00000740 4242424242424242
+00000748 4242424242424242
+00000750 4242424242424242
+00000758 4242424242424242
+00000760 4242424242424242
+00000768 4242424242424242
+00000770 4242424242424242
+00000778 4242424242424242
+00000780 4242424242424242
+00000788 4242424242424242
+00000790 4242424242424242
+00000798 4242424242424242
+000007a0 4242424242424242
+000007a8 4242424242424242
+000007b0 4242424242424242
+000007b8 4242424242424242
+000007c0 4242424242424242
+000007c8 4242424242424242
+000007d0 4242424242424242
+000007d8 4242424242424242
+000007e0 4242424242424242
+000007e8 4242424242424242
+000007f0 4242424242424242
+000007f8 00adbeefdeadbeef
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
catch_exception_raise_state_identity
thread: 1303
receive_prealloc_msg: (os/kern) successful
received prealloc message via an exception with this thread port: 1303
set context
message was sent
found replacer port
pipe buf and prealloc message are at ffffffe00e000000
catch_exception_raise_state_identity
thread: ddc203
receive_prealloc_msg: (os/kern) successful
read val via pid_for_task: 000007a8
000007a8
read val via pid_for_task: 008a5f10
read val via pid_for_task: ffffffe0
ipc_space_kernel: ffffffe0008a5f10
host port is on third page
WE OUT THERE
first port is at ffffffe0008bc000
read val via pid_for_task: 80000000
read val via pid_for_task: 80000000
read val via pid_for_task: 80000001
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000000
read val via pid_for_task: 80000002
read val via pid_for_task: 01ae80e0
read val via pid_for_task: ffffffe0
read val via pid_for_task: 014edc70
read val via pid_for_task: ffffffe0
read val via pid_for_task: 00000021
task isn't the kernel task
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000001
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000000
read val via pid_for_task: 80000001
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000000
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000000
read val via pid_for_task: 80000000
read val via pid_for_task: 8000001c
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000001
read val via pid_for_task: 8000001c
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 8000001a
read val via pid_for_task: 80000019
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000001
read val via pid_for_task: 80000014
read val via pid_for_task: 80000005
read val via pid_for_task: 80000004
read val via pid_for_task: 80000011
read val via pid_for_task: 80000003
read val via pid_for_task: 80000006
read val via pid_for_task: 80000007
read val via pid_for_task: 80000002
read val via pid_for_task: 008f3610
read val via pid_for_task: ffffffe0
read val via pid_for_task: 10c6c550
read val via pid_for_task: fffffff0
read val via pid_for_task: 00000000
read val via pid_for_task: 0c889e80
read val via pid_for_task: fffffff1
[i] Kernel map:fffffff10c889e80
[i] tfp0: ddc203
kernel read via second tfp0 port worked?
0x0000000000420000
0x0000000000000000
0xfffffff10c8b1c40
0xfffffff10c8b1c90
clearing premsg from port ffffffe0029eae98
[i] Clearing kmsg from port ffffffe00dfd8348
[i] Going to try to clear up the pipes now
clearing pipebuf: ffffffe00e0ae338
clearing pipebuf: ffffffe00e0ae3f0
[i] Current uid=0x1f5 euid=0x1f5 gid=0x1f5 egid=0x1f5
Got root? uid=0x0 euid=0x0 gid=0x1f5 egid=0x1f5
[i] Walking kernel memory for magic address
[i] Kernel magic is at 0xfffffff010604000
[i] KASLR slide 0x9744398
[i] Walking kernel memory for magic address
[i] Kernel magic is at 0xfffffff010604000
[i] KASLR slide 0x9744398
Here - Kernel Base: 0xfffffff010604000
Compressed Size: 15385299, Uncompressed: 30982144. Unknown (CRC?): 0x3597ab22, Unknown 1: 0x1
2018-06-18 09:22:48.580873+0800 multi_path[264:6301] STATUS: Loading symbols...
64-bit2018-06-18 09:22:48.581605+0800 multi_path[264:6301] STATUS: Adding symbol _kernproc at address 0xfffffff0076740a0
2018-06-18 09:22:48.581646+0800 multi_path[264:6301] STATUS: INDEX 0
2018-06-18 09:22:48.581769+0800 multi_path[264:6301] STATUS: Adding symbol _rootvnode at address 0xfffffff007674088
2018-06-18 09:22:48.581778+0800 multi_path[264:6301] STATUS: INDEX 1
2018-06-18 09:22:48.581941+0800 multi_path[264:6301] STATUS: Got 64-bit kernel. Great
2018-06-18 09:22:48.581978+0800 multi_path[264:6301] STATUS: Loaded The QiLin Toolkit for Darwin 17.3.0 Darwin Kernel Version 17.3.0: Mon Nov 6 21:19:18 PST 2017; root:xnu-4570.32.1~1/RELEASE_ARM64_T8010 iPhone9,2 - iPhone
2018-06-18 09:22:48.582009+0800 multi_path[264:6301] STATUS: Adding symbol _kernproc at address 0xfffffff0075dd0a0
2018-06-18 09:22:48.582032+0800 multi_path[264:6301] STATUS: INDEX 2
2018-06-18 09:22:48.582040+0800 multi_path[264:6301] STATUS: Adding symbol _rootvnode at address 0xfffffff0075dd088
2018-06-18 09:22:48.582053+0800 multi_path[264:6301] STATUS: INDEX 3
2018-06-18 09:22:48.582059+0800 multi_path[264:6301] STATUS: Adding symbol _vfs_rootnode at address 0xfffffff0071ff700
2018-06-18 09:22:48.582067+0800 multi_path[264:6301] STATUS: INDEX 4
SH2:
looking for me..
2018-06-18 09:22:48.582104+0800 multi_path[264:6301] Symbol _kernproc for iPhone9,2, 11.2.1 - 0xfffffff0076740a0 + 0x9600000
KernCredAddr : 0xffffffe000b7a010
Got AMFI: PID 219@0xffffffe00553b8e0, Task: 0xffffffe005367610
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe00553bb88): 0x79
-- process CS Flags @0xffffffe00553bb88 set to 0x22000005 (RC: 4)
VNODE INFO :
My blob is @0xffffffe0054ff480
BLOB CS FLAGS: 0x3000024
BLOB CS FLAGS NOW: 0x23000025
2018-06-18 09:22:48.582672+0800 multi_path[264:6301] DEBUG: Found multi_path (264) @0xffffffe001b58510. DAMN! Is this what processes look like in the kernel?!
procCredAddr of PID 264: 0xffffffe0059d5680
2018-06-18 09:22:48.582700+0800 multi_path[264:6301] DEBUG: SH2: MAC LABEL @0xffffffe002b161a0:
2018-06-18 09:22:48.582710+0800 multi_path[264:6301] STATUS: No one can contain Shai Hulud @0xffffffe002b161b0..
2018-06-18 09:22:48.582718+0800 multi_path[264:6301] Platformizing me...
Using cached me @0xffffffe001b58510
2018-06-18 09:22:48.582726+0800 multi_path[264:6301] STATUS: Platformizing process at address 0xffffffe001b58510
PID platformized : 264
2018-06-18 09:22:48.582742+0800 multi_path[264:6301] Flicking on task @0xffffffe005edbb78 t->flags to have TF_PLATFORM (0x401)..
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe001b587b8): 0x0
-- process CS Flags @0xffffffe001b587b8 set to 0x24004001 (RC: 4)
VNODE INFO :
My blob is @0xffffffe005f97000
BLOB CS FLAGS: 0x5000020
BLOB CS FLAGS NOW: 0x25004021
[i] Borrowing entitlements...
2018-06-18 09:22:50.794176+0800 multi_path[264:6301] STATUS: Spawned /usr/bin/sysdiagnose -u (null)... as PID : 266
sysdiagnose version 3.0 (510)
The case is Companion only
Enter TIME SENSITIVE phase
Executing container: tailspin...
Executing container: spindump...
KILL TO SD : 0
will process list
2018-06-18 09:22:53.808816+0800 multi_path[264:6301] Symbol _kernproc for iPhone9,2, 11.2.1 - 0xfffffff0076740a0 + 0x9600000
KernCredAddr : 0xffffffe000b7a010
Got AMFI: PID 219@0xffffffe00553b8e0, Task: 0xffffffe005367610
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe00553bb88): 0x0
-- process CS Flags @0xffffffe00553bb88 set to 0x22000005 (RC: 4)
VNODE INFO :
My blob is @0xffffffe0054ff480
BLOB CS FLAGS: 0x23000025
BLOB CS FLAGS NOW: 0x23000025
2018-06-18 09:22:53.809444+0800 multi_path[264:6301] DEBUG: Found sysdiagnose (266) @0xffffffe005538c30. DAMN! Is this what processes look like in the kernel?!
PID 266 PROC STRUCT IS AT ffffffe005538c30. CREDS (0xffffffe005538d30) are 0xffffffe0059d5950
got cred addr ffffffe0059d5950
2018-06-18 09:22:53.809464+0800 multi_path[264:6301] Symbol _kernproc for iPhone9,2, 11.2.1 - 0xfffffff0076740a0 + 0x9600000
KernCredAddr : 0xffffffe000b7a010
Got AMFI: PID 219@0xffffffe00553b8e0, Task: 0xffffffe005367610
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe00553bb88): 0x0
-- process CS Flags @0xffffffe00553bb88 set to 0x22000005 (RC: 4)
VNODE INFO :
My blob is @0xffffffe0054ff480
BLOB CS FLAGS: 0x23000025
BLOB CS FLAGS NOW: 0x23000025
2018-06-18 09:22:53.810257+0800 multi_path[264:6301] DEBUG: Found multi_path (264) @0xffffffe001b58510. DAMN! Is this what processes look like in the kernel?!
Restoring creds from address 0xffffffe0059d5950 to process at 0xffffffe001b58510
procCredAddr of PID 264: 0xffffffe0059d5680
Executing container: tailspin-history...
Executing container: processesInfo...
Executing container: systemInfo...
[i] Drop Kicking AMFID...
2018-06-18 09:22:58.812899+0800 multi_path[264:6301] STATUS: i_can_haz_task_for_pid_in_user_mode, AAPL. UP YOURS
2018-06-18 09:22:58.813069+0800 multi_path[264:6301] STATUS: Got AMFId's port - let's castrate this bastard
SET EXCEPTION HANDLER
2018-06-18 09:22:58.813470+0800 multi_path[264:6301] STATUS: patched AMFI @0x100da8150
2018-06-18 09:22:58.813526+0800 multi_path[264:6301] got amfi!
Executing container: powermetrics...
Executing container: smcdiagnose...
Enter LOG GENERATION & LOG COPYING phases
Executing container: Panics...
Executing container: process crashes and spins...
Executing container: HCI...
Executing container: internalLogs...
Executing container: logs/Bluetooth/CoreCapture...
Executing container: logs/Bluetooth/CoreCapture...
Executing container: MobileInstallation...
Executing container: MobileContainerManager...
Executing container: Utility...
Executing container: Networking...
Executing container: MobileActivation...
Executing container: MobileLockdown...
Executing container: MobileBackup...
Executing container: itunesstored...
Executing container: appinstallation...
Executing container: LaunchServices...
Executing container: AppConduit...
Executing container: Accounts...
Executing container: process proxied device logs...
Executing container: ProtectedCloudStorage...
Executing container: AVConference...
Executing container: Siri...
Executing container: ATVUpdateLog...
Executing container: AccessibilityPrefs...
Executing container: parsecd...
Executing container: keyboard cache...
Executing container: CloudKitBookmarks...
Executing container: demod...
Executing container: WatchConnectivity...
Executing container: SystemVersion...
Executing container: stackshots...
Executing container: ioreg...
2018-06-18 09:23:00.991322+0800 multi_path[264:6301] STATUS: Attempting to remount rootFS...
2018-06-18 09:23:00.991366+0800 multi_path[264:6301] Symbol _rootvnode for iPhone9,2, 11.2.1 - 0xfffffff007674088 + 0x9600000
Actual vnode address is 0xffffffe0014923a0
2018-06-18 09:23:00.991392+0800 multi_path[264:6301] DEBUG: OFFSET OF v_mount: 0xd8
2018-06-18 09:23:00.991404+0800 multi_path[264:6301] DEBUG: Mount flags (0xffffffe000fb1400 + 0x70) : 1480d009
2018-06-18 09:23:00.993136+0800 multi_path[264:6301] STATUS: Mounted / as read write :-)
Executing container: suggestToolTasks...
Executing container: brctl...
Executing container: brctl...
Executing container: nightshift...
Executing container: logs/StoreServices...
Executing container: logs/StoreServices...
Executing container: /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/IN_PROGRESS_sysdiagnose_2018.06.18_09-22-50+0800_iPhone_OS_iPhone_15C153.tmp/logs/AWD...
Executing container: logs/AWD...
Executing container: /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/IN_PROGRESS_sysdiagnose_2018.06.18_09-22-50+0800_iPhone_OS_iPhone_15C153.tmp/logs/CoreMedia...
Executing container: logs/CoreMedia/...
Executing container: /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/IN_PROGRESS_sysdiagnose_2018.06.18_09-22-50+0800_iPhone_OS_iPhone_15C153.tmp/logs/powerlogs...
Executing container: logs/powerlogs/...
Executing container: /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/IN_PROGRESS_sysdiagnose_2018.06.18_09-22-50+0800_iPhone_OS_iPhone_15C153.tmp/WiFi...
Move file : /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/tar to /jb/tar - RC :0
Move file : /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/sh to /jb/sh - RC :0
Move file : /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/bash to /jb/bin/bash - RC :0
Move file : /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/binpack64-256.tar to /jb/binpack64-256.tar - RC :0
2018-06-18 09:23:05.355549+0800 multi_path[264:6301] stat on /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/su: No such file or directory
Move file : /var/containers/Bundle/Application/2A6A038F-CA24-4C2C-897E-E9DC4AA816EB/multi_path.app/su to /jb/su - RC :-1
Using cached me @0xffffffe001b58510
Before - My UID: 0 (kernel: 0), My GID: 501 (kernel: 0)
current CS Flags: 0x0
AFTER: 0x20004005
After - My UID: 0 (kernel: 0), My GID: 501 (kernel: 0)
TASK: 0xddc10f, Thread: 0x110000 - CODE: 0xe22c07/0x110000, flavor: 1
2018-06-18 09:23:05.375129+0800 multi_path[264:7036] Got request - kr: 0 - FileName (@0x16f1f8558): /jb/tar
Got Header with 18 Load commands
GOT BLOB, MAGIC: 0xfade0cc0, offset: 24, type: 0
CD Blob magic: 0x20cdefa
CD Hash:
d1 21 b2 de 17 78 56 31 83 08 72 38 c4 67 53 16 .!...xV1..r8.gS.
17 6f 15 9d 30 71 99 1d 85 82 cf 8c 28 bd 4b b9 .o..0q......(.K.
2018-06-18 09:23:05.378403+0800 multi_path[264:7036] DEBUG: writing cdhash (ffffffd1 21 ffffffb2... ) to 0x16f1f84c4 - kr 0
will resume at 0x100da7000
set state 0 - Cnt: 68
2018-06-18 09:23:05.391630+0800 multi_path[264:6301] STATUS: Spawned /jb/tar -C /jb... as PID : 303
amfidebilitate
./._bin
bin/
bin/._cat
bin/cat
bin/._launchctl
bin/launchctl
bin/._pwd
bin/pwd
bin/._sleep
bin/sleep
bin/._stty
bin/stty
bin/._date
bin/date
bin/._bash
bin/bash
bin/._kill
bin/kill
bin/._sh
bin/sh
bin/._dd
bin/dd
bin/._mkdir
bin/mkdir
bin/._hostname
bin/hostname
bin/._rmdir
bin/rmdir
bin/._mv
bin/mv
bin/._ln
bin/ln
bin/._ls
bin/ls
bin/._cp
bin/cp
bin/._sync
bin/sync
bin/._zsh
bin/zsh
bin/._chmod
bin/chmod
bin/._rm
bin/rm
default.ent
./._etc
etc/
etc/._ssl
etc/ssl
etc/._zshrc
etc/zshrc
etc/._dropbear
etc/dropbear/
etc/._profile
etc/profile
etc/._apt
etc/apt/
etc/._alternatives
etc/alternatives/
etc/._dpkg
etc/dpkg/
etc/._motd
etc/motd
etc/dpkg/._dselect.cfg.d
etc/dpkg/dselect.cfg.d/
etc/dpkg/._dpkg.cfg.d
etc/dpkg/dpkg.cfg.d/
etc/alternatives/._README
etc/alternatives/README
etc/apt/._sources.list.d
etc/apt/sources.list.d/
etc/apt/._trusted.gpg.d
etc/apt/trusted.gpg.d/
etc/apt/trusted.gpg.d/._zodttd.gpg
etc/apt/trusted.gpg.d/zodttd.gpg
etc/apt/trusted.gpg.d/._bigboss.gpg
etc/apt/trusted.gpg.d/bigboss.gpg
etc/apt/trusted.gpg.d/._modmyi.gpg
etc/apt/trusted.gpg.d/modmyi.gpg
etc/apt/trusted.gpg.d/._saurik.gpg
etc/apt/trusted.gpg.d/saurik.gpg
etc/apt/sources.list.d/._cydia.list
etc/apt/sources.list.d/cydia.list
etc/apt/sources.list.d/._saurik.list
etc/apt/sources.list.d/saurik.list
./._makeMeAtHome.sh
makeMeAtHome.sh
removeMe.sh
./._sbin
sbin/
sbin/._md5
sbin/md5
sbin/._ping
sbin/ping
sbin/._shutdown
sbin/shutdown
sbin/._ifconfig
sbin/ifconfig
sbin/umount
sbin/._kextunload
sbin/kextunload
sbin/._mknod
sbin/mknod
sbin/._dmesg
sbin/dmesg
./._usr
usr/
usr/._bin
usr/bin/
usr/._sbin
usr/sbin/
usr/._local
usr/local/
usr/._share
usr/share/
usr/share/._terminfo
usr/share/terminfo/
usr/share/terminfo/._61
usr/share/terminfo/61/
usr/share/terminfo/._73
usr/share/terminfo/73/
usr/share/terminfo/._6c
usr/share/terminfo/6c/
usr/share/terminfo/._76
usr/share/terminfo/76/
usr/share/terminfo/._78
usr/share/terminfo/78/
usr/share/terminfo/78/._xterm-256color
usr/share/terminfo/78/xterm-256color
usr/share/terminfo/76/._vt100-putty
usr/share/terminfo/76/vt100-putty
usr/share/terminfo/76/._vt100-nav-w
usr/share/terminfo/76/vt100-nav-w
usr/share/terminfo/76/._vt100-s
usr/share/terminfo/76/vt100-s
usr/share/terminfo/76/._vt100+
usr/share/terminfo/76/vt100+
usr/share/terminfo/76/._vt100nam
usr/share/terminfo/76/vt100nam
usr/share/terminfo/76/._vt100-vb
usr/share/terminfo/76/vt100-vb
usr/share/terminfo/76/._vt100+enq
usr/share/terminfo/76/vt100+enq
usr/share/terminfo/76/._vt100-s-top
usr/share/terminfo/76/vt100-s-top
usr/share/terminfo/76/._vt100-nam-w
usr/share/terminfo/76/vt100-nam-w
usr/share/terminfo/76/._vt100+fnkeys
usr/share/terminfo/76/vt100+fnkeys
usr/share/terminfo/76/._vt100-w
usr/share/terminfo/76/vt100-w
usr/share/terminfo/76/._vt100
usr/share/terminfo/76/vt100
usr/share/terminfo/76/._vt100-w-nav
usr/share/terminfo/76/vt100-w-nav
usr/share/terminfo/76/._vt100-bot-s
usr/share/terminfo/76/vt100-bot-s
usr/share/terminfo/76/._vt100-w-nam
usr/share/terminfo/76/vt100-w-nam
usr/share/terminfo/76/._vt100+pfkeys
usr/share/terminfo/76/vt100+pfkeys
usr/share/terminfo/76/._vt100-top-s
usr/share/terminfo/76/vt100-top-s
usr/share/terminfo/76/._vt100-nav
usr/share/terminfo/76/vt100-nav
usr/share/terminfo/76/._vt100-nam
usr/share/terminfo/76/vt100-nam
usr/share/terminfo/76/._vt100-bm-o
usr/share/terminfo/76/vt100-bm-o
usr/share/terminfo/76/._vt100+keypad
usr/share/terminfo/76/vt100+keypad
usr/share/terminfo/76/._vt100-am
usr/share/terminfo/76/vt100-am
usr/share/terminfo/76/._vt100-s-bot
usr/share/terminfo/76/vt100-s-bot
usr/share/terminfo/76/._vt100-w-am
usr/share/terminfo/76/vt100-w-am
usr/share/terminfo/76/._vt100-bm
usr/share/terminfo/76/vt100-bm
usr/share/terminfo/6c/._linux-lat
usr/share/terminfo/6c/linux-lat
usr/share/terminfo/6c/._linux-koi8r
usr/share/terminfo/6c/linux-koi8r
usr/share/terminfo/6c/._linux-vt
usr/share/terminfo/6c/linux-vt
usr/share/terminfo/6c/._linux-basic
usr/share/terminfo/6c/linux-basic
usr/share/terminfo/6c/._linux
usr/share/terminfo/6c/linux
usr/share/terminfo/6c/._linux-c-nc
usr/share/terminfo/6c/linux-c-nc
usr/share/terminfo/6c/._linux2.6.26
usr/share/terminfo/6c/linux2.6.26
usr/share/terminfo/6c/._linux-c
usr/share/terminfo/6c/linux-c
usr/share/terminfo/6c/._linux-m
usr/share/terminfo/6c/linux-m
usr/share/terminfo/6c/._linux-nic
usr/share/terminfo/6c/linux-nic
usr/share/terminfo/6c/._linux-koi8
usr/share/terminfo/6c/linux-koi8
usr/share/terminfo/73/._screen-16color
usr/share/terminfo/73/screen-16color
usr/share/terminfo/73/._screen2
usr/share/terminfo/73/screen2
usr/share/terminfo/73/._screen3
usr/share/terminfo/73/screen3
usr/share/terminfo/73/._screen-16color-bce-s
usr/share/terminfo/73/screen-16color-bce-s
usr/share/terminfo/73/._screen-256color-bce
usr/share/terminfo/73/screen-256color-bce
usr/share/terminfo/73/._screen.rxvt
usr/share/terminfo/73/screen.rxvt
usr/share/terminfo/73/._screen.xterm-r6
usr/share/terminfo/73/screen.xterm-r6
usr/share/terminfo/73/._screen-w
usr/share/terminfo/73/screen-w
usr/share/terminfo/73/._screen.xterm-xfree86
usr/share/terminfo/73/screen.xterm-xfree86
usr/share/terminfo/73/._screen-16color-s
usr/share/terminfo/73/screen-16color-s
usr/share/terminfo/73/._screen.linux
usr/share/terminfo/73/screen.linux
usr/share/terminfo/73/._screen-256color-bce-s
usr/share/terminfo/73/screen-256color-bce-s
usr/share/terminfo/73/._screen
usr/share/terminfo/73/screen
usr/share/terminfo/73/._screen-bce
usr/share/terminfo/73/screen-bce
usr/share/terminfo/73/._screen-256color-s
usr/share/terminfo/73/screen-256color-s
usr/share/terminfo/73/._screen.mlterm
usr/share/terminfo/73/screen.mlterm
usr/share/terminfo/73/._screen-s
usr/share/terminfo/73/screen-s
usr/share/terminfo/73/._screen.teraterm
usr/share/terminfo/73/screen.teraterm
usr/share/terminfo/73/._screen-16color-bce
usr/share/terminfo/73/screen-16color-bce
usr/share/terminfo/73/._screen.xterm-new
usr/share/terminfo/73/screen.xterm-new
usr/share/terminfo/73/._screen-256color
usr/share/terminfo/73/screen-256color
usr/share/terminfo/73/._screen+fkeys
usr/share/terminfo/73/screen+fkeys
usr/share/terminfo/61/._ansi80x50-mono
usr/share/terminfo/61/ansi80x50-mono
usr/share/terminfo/61/._ansi+idl1
usr/share/terminfo/61/ansi+idl1
usr/share/terminfo/61/._ansil
usr/share/terminfo/61/ansil
usr/share/terminfo/61/._ansi+idc
usr/share/terminfo/61/ansi+idc
usr/share/terminfo/61/._ansiw
usr/share/terminfo/61/ansiw
usr/share/terminfo/61/._ansi80x30
usr/share/terminfo/61/ansi80x30
usr/share/terminfo/61/._ansi-mono
usr/share/terminfo/61/ansi-mono
usr/share/terminfo/61/._ansi+pp
usr/share/terminfo/61/ansi+pp
usr/share/terminfo/61/._ansi+idl
usr/share/terminfo/61/ansi+idl
usr/share/terminfo/61/._ansil-mono
usr/share/terminfo/61/ansil-mono
usr/share/terminfo/61/._ansi80x30-mono
usr/share/terminfo/61/ansi80x30-mono
usr/share/terminfo/61/._ansi80x25-raw
usr/share/terminfo/61/ansi80x25-raw
usr/share/terminfo/61/._ansi+csr
usr/share/terminfo/61/ansi+csr
usr/share/terminfo/61/._ansi-generic
usr/share/terminfo/61/ansi-generic
usr/share/terminfo/61/._ansi+sgr
usr/share/terminfo/61/ansi+sgr
usr/share/terminfo/61/._ansi+cup
usr/share/terminfo/61/ansi+cup
usr/share/terminfo/61/._ansi-emx
usr/share/terminfo/61/ansi-emx
usr/share/terminfo/61/._ansi+sgrbold
usr/share/terminfo/61/ansi+sgrbold
usr/share/terminfo/61/._ansi+sgrul
usr/share/terminfo/61/ansi+sgrul
usr/share/terminfo/61/._ansi80x60-mono
usr/share/terminfo/61/ansi80x60-mono
usr/share/terminfo/61/._ansi+sgrso
usr/share/terminfo/61/ansi+sgrso
usr/share/terminfo/61/._ansi
usr/share/terminfo/61/ansi
usr/share/terminfo/61/._ansi-color-2-emx
usr/share/terminfo/61/ansi-color-2-emx
usr/share/terminfo/61/._ansis-mono
usr/share/terminfo/61/ansis-mono
usr/share/terminfo/61/._ansi-color-3-emx
usr/share/terminfo/61/ansi-color-3-emx
usr/share/terminfo/61/._ansisysk
usr/share/terminfo/61/ansisysk
usr/share/terminfo/61/._ansi43m
usr/share/terminfo/61/ansi43m
usr/share/terminfo/61/._ansi-mtabs
usr/share/terminfo/61/ansi-mtabs
usr/share/terminfo/61/._ansi+sgrdim
usr/share/terminfo/61/ansi+sgrdim
usr/share/terminfo/61/._ansi80x25
usr/share/terminfo/61/ansi80x25
usr/share/terminfo/61/._ansi+erase
usr/share/terminfo/61/ansi+erase
usr/share/terminfo/61/._ansi+rep
usr/share/terminfo/61/ansi+rep
usr/share/terminfo/61/._ansis
usr/share/terminfo/61/ansis
usr/share/terminfo/61/._ansi80x50
usr/share/terminfo/61/ansi80x50
usr/share/terminfo/61/._ansi+tabs
usr/share/terminfo/61/ansi+tabs
usr/share/terminfo/61/._ansi+local1
usr/share/terminfo/61/ansi+local1
usr/share/terminfo/61/._ansi80x60
usr/share/terminfo/61/ansi80x60
usr/share/terminfo/61/._ansi+rca
usr/share/terminfo/61/ansi+rca
usr/share/terminfo/61/._ansi-mini
usr/share/terminfo/61/ansi-mini
usr/share/terminfo/61/._ansi+enq
usr/share/terminfo/61/ansi+enq
usr/share/terminfo/61/._ansi-nt
usr/share/terminfo/61/ansi-nt
usr/share/terminfo/61/._ansi77
usr/share/terminfo/61/ansi77
usr/share/terminfo/61/._ansi-mr
usr/share/terminfo/61/ansi-mr
usr/share/terminfo/61/._ansi80x43-mono
usr/share/terminfo/61/ansi80x43-mono
usr/share/terminfo/61/._ansi.sys
usr/share/terminfo/61/ansi.sys
usr/share/terminfo/61/._ansi.sys-old
usr/share/terminfo/61/ansi.sys-old
usr/share/terminfo/61/._ansi.sysk
usr/share/terminfo/61/ansi.sysk
usr/share/terminfo/61/._ansi80x25-mono
usr/share/terminfo/61/ansi80x25-mono
usr/share/terminfo/61/._ansi+inittabs
usr/share/terminfo/61/ansi+inittabs
usr/share/terminfo/61/._ansi+local
usr/share/terminfo/61/ansi+local
usr/share/terminfo/61/._ansi-m
usr/share/terminfo/61/ansi-m
usr/share/terminfo/61/._ansi80x43
usr/share/terminfo/61/ansi80x43
usr/share/terminfo/61/._ansi+arrows
usr/share/terminfo/61/ansi+arrows
usr/local/._bin
usr/local/bin/
usr/local/._lib
usr/local/lib/
usr/local/lib/._zsh
usr/local/lib/zsh/
usr/local/lib/zsh/._5.0.8
usr/local/lib/zsh/5.0.8/
usr/local/lib/zsh/5.0.8/._zsh
usr/local/lib/zsh/5.0.8/zsh/
usr/local/lib/zsh/5.0.8/zsh/._termcap.so
usr/local/lib/zsh/5.0.8/zsh/termcap.so
usr/local/lib/zsh/5.0.8/zsh/._zleparameter.so
usr/local/lib/zsh/5.0.8/zsh/zleparameter.so
usr/local/lib/zsh/5.0.8/zsh/._example.so
usr/local/lib/zsh/5.0.8/zsh/example.so
usr/local/lib/zsh/5.0.8/zsh/._tcp.so
usr/local/lib/zsh/5.0.8/zsh/tcp.so
usr/local/lib/zsh/5.0.8/zsh/._newuser.so
usr/local/lib/zsh/5.0.8/zsh/newuser.so
usr/local/lib/zsh/5.0.8/zsh/._deltochar.so
usr/local/lib/zsh/5.0.8/zsh/deltochar.so
usr/local/lib/zsh/5.0.8/zsh/._complete.so
usr/local/lib/zsh/5.0.8/zsh/complete.so
usr/local/lib/zsh/5.0.8/zsh/._mapfile.so
usr/local/lib/zsh/5.0.8/zsh/mapfile.so
usr/local/lib/zsh/5.0.8/zsh/._stat.so
usr/local/lib/zsh/5.0.8/zsh/stat.so
usr/local/lib/zsh/5.0.8/zsh/._compctl.so
usr/local/lib/zsh/5.0.8/zsh/compctl.so
usr/local/lib/zsh/5.0.8/zsh/._zselect.so
usr/local/lib/zsh/5.0.8/zsh/zselect.so
usr/local/lib/zsh/5.0.8/zsh/._parameter.so
usr/local/lib/zsh/5.0.8/zsh/parameter.so
usr/local/lib/zsh/5.0.8/zsh/._datetime.so
usr/local/lib/zsh/5.0.8/zsh/datetime.so
usr/local/lib/zsh/5.0.8/zsh/._socket.so
usr/local/lib/zsh/5.0.8/zsh/socket.so
usr/local/lib/zsh/5.0.8/zsh/._terminfo.so
usr/local/lib/zsh/5.0.8/zsh/terminfo.so
usr/local/lib/zsh/5.0.8/zsh/._clone.so
usr/local/lib/zsh/5.0.8/zsh/clone.so
usr/local/lib/zsh/5.0.8/zsh/._regex.so
usr/local/lib/zsh/5.0.8/zsh/regex.so
usr/local/lib/zsh/5.0.8/zsh/._attr.so
usr/local/lib/zsh/5.0.8/zsh/attr.so
usr/local/lib/zsh/5.0.8/zsh/._curses.so
usr/local/lib/zsh/5.0.8/zsh/curses.so
usr/local/lib/zsh/5.0.8/zsh/._files.so
usr/local/lib/zsh/5.0.8/zsh/files.so
usr/local/lib/zsh/5.0.8/zsh/._system.so
usr/local/lib/zsh/5.0.8/zsh/system.so
usr/local/lib/zsh/5.0.8/zsh/._zpty.so
usr/local/lib/zsh/5.0.8/zsh/zpty.so
usr/local/lib/zsh/5.0.8/zsh/._zle.so
usr/local/lib/zsh/5.0.8/zsh/zle.so
usr/local/lib/zsh/5.0.8/zsh/._mathfunc.so
usr/local/lib/zsh/5.0.8/zsh/mathfunc.so
usr/local/lib/zsh/5.0.8/zsh/._zutil.so
usr/local/lib/zsh/5.0.8/zsh/zutil.so
usr/local/lib/zsh/5.0.8/zsh/._complist.so
usr/local/lib/zsh/5.0.8/zsh/complist.so
usr/local/lib/zsh/5.0.8/zsh/._zftp.so
usr/local/lib/zsh/5.0.8/zsh/zftp.so
usr/local/lib/zsh/5.0.8/zsh/._cap.so
usr/local/lib/zsh/5.0.8/zsh/cap.so
usr/local/lib/zsh/5.0.8/zsh/._computil.so
usr/local/lib/zsh/5.0.8/zsh/computil.so
usr/local/lib/zsh/5.0.8/zsh/._zprof.so
usr/local/lib/zsh/5.0.8/zsh/zprof.so
usr/local/lib/zsh/5.0.8/zsh/._langinfo.so
usr/local/lib/zsh/5.0.8/zsh/langinfo.so
usr/local/bin/._wget
usr/local/bin/wget
usr/local/bin/._dbclient
usr/local/bin/dbclient
usr/local/bin/qilin.o
usr/local/bin/shaihulud.c
usr/local/bin/._filemon
usr/local/bin/filemon
usr/local/bin/._dropbear
usr/local/bin/dropbear
usr/local/bin/shaihulud
usr/local/bin/procexp
usr/local/bin/jtool
usr/local/bin/._dropbearkey
usr/local/bin/dropbearkey
usr/local/bin/jlutil
usr/local/bin/joker
usr/local/bin/._dropbearconvert
usr/local/bin/dropbearconvert
usr/local/bin/._dropbear.orig
usr/local/bin/dropbear.orig
usr/local/bin/procexp.ent
usr/sbin/._joreg
usr/sbin/joreg
usr/sbin/._ioreg
usr/sbin/ioreg
usr/sbin/._sysctl
usr/sbin/sysctl
usr/sbin/._taskpolicy
usr/sbin/taskpolicy
usr/sbin/._netstat
usr/sbin/netstat
usr/sbin/._ltop
usr/sbin/ltop
usr/sbin/._chown
usr/sbin/chown
usr/sbin/._kextstat
usr/sbin/kextstat
usr/bin/._tee
usr/bin/tee
usr/bin/._split
usr/bin/split
usr/bin/._vim
usr/bin/vim
usr/bin/._hexdump
usr/bin/hexdump
usr/bin/._lsmp
usr/bin/lsmp
usr/bin/._vm_stat
usr/bin/vm_stat
usr/bin/._syslog
usr/bin/syslog
usr/bin/._du
usr/bin/du
usr/bin/._fs_usage
usr/bin/fs_usage
usr/bin/._renice
usr/bin/renice
usr/bin/._xxd
usr/bin/xxd
usr/bin/._sc_usage
usr/bin/sc_usage
usr/bin/._less
usr/bin/less
usr/bin/._sed
usr/bin/sed
usr/bin/._nano
usr/bin/nano
usr/bin/._tset
usr/bin/tset
usr/bin/._seq
usr/bin/seq
usr/bin/._uname
usr/bin/uname
usr/bin/._uicache
usr/bin/uicache
usr/bin/._reset
usr/bin/reset
usr/bin/._wc
usr/bin/wc
usr/bin/._gzip
usr/bin/gzip
usr/bin/._printf
usr/bin/printf
usr/bin/._tail
usr/bin/tail
usr/bin/._grep
usr/bin/grep
usr/bin/._script
usr/bin/script
usr/bin/._more
usr/bin/more
usr/bin/._time
usr/bin/time
usr/bin/._plconvert
usr/bin/plconvert
usr/bin/._head
usr/bin/head
usr/bin/._clear
usr/bin/clear
usr/bin/._killall
usr/bin/killall
usr/bin/._stat
usr/bin/stat
usr/bin/._sqlite3
usr/bin/sqlite3
usr/bin/._screen
usr/bin/screen
usr/bin/._arch
usr/bin/arch
usr/bin/._cut
usr/bin/cut
usr/bin/._xargs
usr/bin/xargs
usr/bin/._what
usr/bin/what
usr/bin/._chflags
usr/bin/chflags
usr/bin/._id
usr/bin/id
usr/bin/._find
usr/bin/find
usr/bin/._scp
usr/bin/scp
usr/bin/._true
usr/bin/true
usr/bin/._hostinfo
usr/bin/hostinfo
usr/bin/._tar
usr/bin/tar
usr/bin/._false
usr/bin/false
usr/bin/login
usr/bin/._which
usr/bin/which
usr/bin/._passwd
usr/bin/passwd
usr/bin/._nohup
usr/bin/nohup
usr/bin/w
usr/bin/._gunzip
usr/bin/gunzip
TASK: 0xddc10f, Thread: 0x110000 - CODE: 0xddc50b/0x110000, flavor: 1
2018-06-18 09:23:07.380951+0800 multi_path[264:7036] Got request - kr: 0 - FileName (@0x16f1f8558): /jb/usr/local/bin/dropbear
Got Header with 18 Load commands
GOT BLOB, MAGIC: 0xfade0cc0, offset: 24, type: 0
CD Blob magic: 0x20cdefa
CD Hash:
57 ee e0 fb a2 fe 2f ea a4 4a d9 f2 d7 fb 67 04 W...../..J....g.
51 6e 53 b5 44 68 7a 0a 54 07 24 7b b4 cf d2 6b QnS.Dhz.T.${...k
2018-06-18 09:23:07.383307+0800 multi_path[264:7036] DEBUG: writing cdhash (57 ffffffee ffffffe0... ) to 0x16f1f84c4 - kr 0
will resume at 0x100da7000
set state 0 - Cnt: 68
2018-06-18 09:23:07.403288+0800 multi_path[264:6301] STATUS: Spawned /jb/usr/local/bin/dropbear -R --shell... as PID : 304
***** Launching amfidebilitate******
default shell: /jb/bin/sh
[306] Jun 18 09:23:07 Running in background
Executing container: /WiFi...
Executing container: basebandMeta...
TASK: 0xddc10f, Thread: 0x110000 - CODE: 0xe22907/0x110000, flavor: 1
2018-06-18 09:23:09.387214+0800 multi_path[264:7036] Got request - kr: 0 - FileName (@0x16f1f8558): /jb/amfidebilitate
Got Header with 20 Load commands
GOT BLOB, MAGIC: 0xfade0cc0, offset: 24, type: 0
CD Blob magic: 0x20cdefa
CD Hash:
55 43 cb 80 ec 7b 51 eb 2c e2 52 ef df 3c a5 cc UC...{Q.,.R..<..
00 db 71 29 f6 20 cc e6 93 fb d8 8d dc 4b 1e eb ..q). .......K..
2018-06-18 09:23:09.388974+0800 multi_path[264:7036] DEBUG: writing cdhash (55 43 ffffffcb... ) to 0x16f1f84c4 - kr 0
will resume at 0x100da7000
set state 0 - Cnt: 68
2018-06-18 09:23:09.410575+0800 multi_path[264:6301] STATUS: Spawned /jb/amfidebilitate (null)... as PID : 305
AMFIDEB PID: 305
2018-06-18 09:23:09.411373+0800 multi_path[264:6301] Symbol _kernproc for iPhone9,2, 11.2.1 - 0xfffffff0076740a0 + 0x9600000
KernCredAddr : 0xffffffe000b7a010
Got AMFI: PID 219@0xffffffe00553b8e0, Task: 0xffffffe005367610
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe00553bb88): 0x0
-- process CS Flags @0xffffffe00553bb88 set to 0x22000005 (RC: 4)
VNODE INFO :
My blob is @0xffffffe0054ff480
BLOB CS FLAGS: 0x23000025
BLOB CS FLAGS NOW: 0x23000025
2018-06-18 09:23:09.417655+0800 multi_path[264:6301] DEBUG: Found amfidebilitate (305) @0xffffffe00e3174d0. DAMN! Is this what processes look like in the kernel?!
WILL USE SHA-256
2018-06-18 09:23:09.443 amfidebilitate[305:7303] THIS IS AMFIDEBILITATE - Compiled on Apr 11 2018/20:15:28
Executing container: basebandMeta...
Executing container: microstackshots...
Executing container: nightshift...
Executing container: CKKSCTL...
Executing container: /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/IN_PROGRESS_sysdiagnose_2018.06.18_09-22-50+0800_iPhone_OS_iPhone_15C153.tmp/Locale...
Executing container: Locale...
Executing container: timezonedb...
Enter OSLOG ARCHIVE COLLECTION phase
Executing container: logarchive summary...
Executing container: logarchive...
amfideb is now 0xffffffe00e3174d0 - platformizing
2018-06-18 09:23:11.418875+0800 multi_path[264:6301] STATUS: Platformizing process at address 0xffffffe00e3174d0
PID platformized : 305
2018-06-18 09:23:11.419131+0800 multi_path[264:6301] Flicking on task @0xffffffe0043ac0e0 t->flags to have TF_PLATFORM (0x401)..
CSFLAGS at offset 2a8
-- Current CS Flags of process (@0xffffffe00e317778): 0x0
-- process CS Flags @0xffffffe00e317778 set to 0x24004001 (RC: 4)
VNODE INFO :
My blob is @0xffffffe0054fedc0
BLOB CS FLAGS: 0x1000020
BLOB CS FLAGS NOW: 0x25004021
RETRIEVED BLOB: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.system-task-ports</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
<key>platform-application</key>
<true/>
</dict>
</plist>
2018-06-18 09:23:12.446 amfidebilitate[305:7303] DEBUG: Using task_for_pid. Please make sure you've platformized me..
2018-06-18 09:23:12.447 amfidebilitate[305:7303] GOT AMFID (PID 219)'s PORT 3587
2018-06-18 09:23:12.447 amfidebilitate[305:7303] Got AMFId's port (0xe03) - Let's castrate this bastard
2018-06-18 09:23:12.447 amfidebilitate[305:7303] Getting region info:
2018-06-18 09:23:12.447 amfidebilitate[305:7303] Set exception handler:
SET EXCEPTION HANDLER
2018-06-18 09:23:12.448 amfidebilitate[305:7303] DEBUG: Original address of MVSACI: 0x454d41524542494c
2018-06-18 09:23:12.448 amfidebilitate[305:7303] DEBUG: NOW SET TO 184103da4
2018-06-18 09:23:12.448 amfidebilitate[305:7303] HERE STILL
2018-06-18 09:23:12.448 amfidebilitate[305:7303] patched AMFI through port 0xe03 @0x100da8150 to Faulting addr: 0x454d41524542494c
2018-06-18 09:23:12.448 amfidebilitate[305:7303] TRY AGAIN : 0x454d41524542494c
2018-06-18 09:23:13.535146+0800 multi_path[264:6301] STATUS: Disabling Auto Updates
2018-06-18 09:23:13.535237+0800 multi_path[264:6301] STATUS: Found mesu.apple.com in /etc/hosts - not doing anything
2018-06-18 09:23:13.535246+0800 multi_path[264:6301] STATUS: Also nuking any downloaded updates, just to be safe...
TASK: 0xe03, Thread: 0x110000 - CODE: 0x1503/0x110000, flavor: 1
2018-06-18 09:23:13.537 amfidebilitate[305:7481] DEBUG: Got request - kr: 0 - FileName (@0x16f1f8558): /jb/bin/rm (fileNameSize : 512)
2018-06-18 09:23:13.537 amfidebilitate[305:7481] GOT BLOB, MAGIC: 0xfade0c02, offset: 24, type: 0
CD Blob magic: 0xfade0c02 (CodeDir: 0xfade0c02)
2018-06-18 09:23:13.537 amfidebilitate[305:7481] DEBUG: written cdhash for algorithm 256 (0xb7 0xfd 0x47...0xd) to 0x16f1f84c4 - kr 0
will resume at 0x100da7000
set state 0 - Cnt: 68
2018-06-18 09:23:13.538729+0800 multi_path[264:6301] STATUS: Spawned /jb/bin/rm -fR /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdateDocumentation/*... as PID : 311
2018-06-18 09:23:13.542919+0800 multi_path[264:6301] PID 311 - STATUS: 0x0 SIGNAL 0x0
2018-06-18 09:23:13.543418+0800 multi_path[264:6301] STATUS: Spawned /jb/bin/rm -fR /var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate/*... as PID : 312
2018-06-18 09:23:13.547506+0800 multi_path[264:6301] PID 312 - STATUS: 0x0 SIGNAL 0x0
Done executing OSLogArchive container.
Completed all phases. Wrapping up.
2018-06-18 09:24:16.450306+0800 multi_path[264:6301] SecTaskLoadEntitlements failed error=22 cs_flags=24005000, pid=264
2018-06-18 09:24:16.450412+0800 multi_path[264:6301] SecTaskCopyDebugDescription: multi_path[264]/0#-1 LF=0
[316] Jun 18 09:24:23 Child connection from 192.168.6.120:53002
Loading /etc/dropbear/dropbear_ecdsa_host_key as a hostkey
[316] Jun 18 09:24:24 Generated hostkey /etc/dropbear/dropbear_ecdsa_host_key, fingerprint is md5 cf:30:b1:57:5a:6a:a8:ad:12:53:da:fc:07:26:37:93
[316] Jun 18 09:24:30 Password auth succeeded for 'root' from 192.168.6.120:53002
TASK: 0xe03, Thread: 0x110000 - CODE: 0x1503/0x110000, flavor: 1
2018-06-18 09:24:30.954 amfidebilitate[305:7481] DEBUG: Got request - kr: 0 - FileName (@0x16f1f8558): /jb/bin/sh (fileNameSize : 512)
2018-06-18 09:24:30.957 amfidebilitate[305:7481] GOT BLOB, MAGIC: 0xfade0c02, offset: 24, type: 0
CD Blob magic: 0xfade0c02 (CodeDir: 0xfade0c02)
2018-06-18 09:24:30.958 amfidebilitate[305:7481] DEBUG: written cdhash for algorithm 256 (0xe0 0x4f 0xa6...0x55) to 0x16f1f84c4 - kr 0
will resume at 0x100da7000
set state 0 - Cnt: 68
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent