Comments (22)
Hi how you running exploit ?
from ziva.
I added the files to yalu102 as Luca suggested, triggering main() when the app opens. I feel like ziVA might be running in the sandbox but I'm not completely sure. (I'm pretty new to iOS exploitation; I'm just playing around with it and I don't really know much.)
P.S. I've also created a project with triple_fetch and ziVA; I have gotten triple_fetch to work but I'm not 100% sure how to implement ziVA.
from ziva.
ziVA requires a sandbox escape, and I’m fairly sure Yalu doesn’t contain one. You would need triple_fetch, ziVA, and Yalu’s KPP bypass.
from ziva.
Do you have any ideas on how I should implement Yalu? Again, I don't have any experience in iOS exploits, so I will take any advice.
from ziva.
Neither do I. I’m just going off of what people like S1guza have said.
from ziva.
I got the absolute same problem with my triple_fetch combined ziVA exploit. I posted my issue 9 days ago but @doadam has a job and doesn't have time for explaining dummies to fix dummy problems lol. Anyway I saw you are asking how to use ziVa exploit with triple_fetch. Here is how I made it work: First my device is iPhone7,1 (6+) so it is not supported by official ziVA, so I've downloaded @Mila432's offsets.m commit. Then I downloaded the project, unzipped to my MacOS Sierra's desktop then replaced the offsets.m file. After that I easily build it with terminal app by cd and make. Then I downloaded triple_fetch project from bugs.chromium.org. Then I copied the executable and pasted to the triple_fetch's nsxpc2pc/pocs location, I just renamed the ziVA exploit to hello_world and replaced with the original one. Then I launched the triple_fetch project from Xcode and installed to my iPhone, It automatically launched the app and the debug window showed up in Xcode, after some reboots to get the triple_fetch exploit work i runned to ziVA exploit by simply pressing the exec bundles button on the nsxpc2pc app on my iPhone. Then I checked the debug panel in my Xcode and got the same error code you got. Here is my issue link:
#5
from ziva.
Do you know exactly what ziVA does? It says kernel exploit but what does that do? Gain root access?
from ziva.
Actually I don't know because I didn't get it to work.
from ziva.
I was trying to enable tfp0 to downgrade don't care about jailbreak for 10.3 it is slower than 10.2
from ziva.
from ziva.
How did you get the ziVA poc to output in the xcode debugger? I'm not getting any output from ziVA itself, just the nsxpc2pc app.
from ziva.
Oh sorry I forgot to mention about that. I got debug process in only @Mila432's ziVA exploit fork. But don't forget to change the offsets, because Mila closed his pull request so it is not included in his/her fork.
from ziva.
And no triple_fetch has nothing to do with tfp0. In order to enable tfp0 on 10.3 siguza has wrote an article about it. Because there is some changes in tfp0 in 10.3 than 10.2
from ziva.
Run ziVA with a sandbox bypass: http://github.com/coffeebreakerz/CheekiJailbreeki (not jailbreak)
from ziva.
Coffeebreakerz are fake i won't use any tools created by them.
from ziva.
Plus if this project was working why nobody posted it in r/jailbreak?
from ziva.
Can you send me the ziva binary that you used? I can't seem to get the debug log.
from ziva.
I'm on a trip sorry. You should do it on your own, this is the best way to learn, experience by yourself!
from ziva.
I don't think the 5s has an AppleAVEDriver kext. I don't see it in iOS 10.1.1 or 10.2.
from ziva.
@arinc9 "Coffeebreakerz are fake i won't use any tools created by them."
You're a complete idiot. triple_fetch needs to be modified to run ziVA correctly. And CheekiJailbreeki is the ONLY project which does that right now. Try it yourself, everything is open-source
There are posts in /r/jailbreak but they get downvoted by idiots like you
from ziva.
Does anyone know where in the filesystem AppleAVEDriver is stored? I've opened the ipsw for both ip5s and ip6s on 10.2.1 but cant seem to find it.
from ziva.
It is a kernel extension (driver), you have to extract it from the kernel cache.
You can use img4tool to decompress the kernelcache and then user joker to extract kexts from it.
from ziva.
Related Issues (8)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ziva.