iOS Jailbreak (iPhone, iPad, iPod Touch, Apple TV)

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/jailbreak by /u/LinixGuy on 2024-02-04 20:43:26.

PoC code in github for iOS was unfinished and had some mistakes, so i fixed it and managed to cause panic. Im not smart enough to gain kr/kw but it may be possible.

Panic log:

"bug_type":"210","timestamp":"2024-02-04 21:13:02.00 +0200","os_version":"iPhone OS 17.0 (21A329)","roots_installed":0,"incident_id":""} { "build" : "iPhone OS 17.0 (21A329)", "product" : "iPhone15,3", "socId" : "8120", "socRevision" : "11", "incident" : "", "crashReporterKey" : "", "kernel" : "Darwin Kernel Version 23.0.0: Thu Aug 24 20:19:01 PDT 2023; root:xnu-10002.2.11~1/RELEASE_ARM64_T8120", "date" : "2024-02-04 21:13:02.73 +0200", "panicString" : "panic(cpu 3 caller 0xfffffff05b1e61ec): Kernel data abort. at pc 0xfffffff05ae2c828, lr 0xe5b7fff05ae2c798 (saved state: 0xffffffe0bf41f350)\n\t x0: 0xfffffff05d029148 x1: 0x000ac3c100020104 x2: 0x0000000000000000 x3: 0xffffffeffd611962\n\t x4: 0x0000000000000000 x5: 0x0000000100000000 x6: 0x0000000000000000 x7: 0x0000000004660005\n\t x8: 0xfffffff05d029000 x9: 0x0000000000000002 x10: 0x0000000000000000 x11: 0xffffffe5f93711d0\n\t x12: 0x0002000110000968 x13: 0x0002000010000938 x14: 0x0002000110000968 x15: 0x0002000100000000\n\t x16: 0x0000000000000001 x17: 0xffffffeffd60c380 x18: 0x0000000000000000 x19: 0xffffffe5f93711c0\n\t x20: 0x000000000000ffff x21: 0xffffffe51139dc5c x22: 0xffffffe51139dc10 x23: 0x0000000000000020\n\t x24: 0x0000000000000001 x25: 0x0000000000000001 x26: 0xffffffe51139dc00 x27: 0xffffffe5f651c200\n\t x28: 0x0000000000000005 fp: 0xffffffe0bf41f710 lr: 0xe5b7fff05ae2c798 sp: 0xffffffe0bf41f6a0\n\t pc: 0xfffffff05ae2c828 cpsr: 0x20401208 esr: 0x96000006 far: 0x0000000000000000\n\nDebugger message: panic\nMemory ID: 0x1\nOS release type: User\nOS version: 21A329\nKernel version: Darwin Kernel Version 23.0.0: Thu Aug 24 20:19:01 PDT 2023; root:xnu-10002.2.11~1/RELEASE_ARM64_T8120\nFileset Kernelcache UUID: C8C6ACD018E5C2436DB9FA054767FAC0\nKernel UUID: 27B171C7-EDE8-3A20-83D0-EBC48D2B41D4\nBoot session UUID: CAA344A6-E1AA-4E11-A15F-40FD60EF2D38\niBoot version: iBoot-10151.2.12\nsecure boot?: YES\nroots installed: 0\nPaniclog version: 14\nDebug Header address: 0xfffffff039dfd000\nDebug Header entry count: 3\nTXM load address: 0xfffffff049d9c000\nTXM UUID: C2A58795-4D93-38DE-BA19-BCA795F16BAF\nDebug Header kernelcache load address: 0xfffffff059d9c000\nDebug Header kernelcache UUID: C8C6ACD0-18E5-C243-6DB9-FA054767FAC0\nSPTM load address: 0xfffffff039d9c000\nSPTM UUID: 28639227-D100-37C6-B42A-E3896A352057\nKernelCache slide: 0x0000000032d98000\nKernelCache base: 0xfffffff059d9c000\nKernel slide: 0x0000000032da0000\nKernel text base: 0xfffffff059da4000\nKernel text exec slide: 0x0000000033aac000\nKernel text exec base: 0xfffffff05aab0000\nmach_absolute_time: 0x503274287\nEpoch Time: sec usec\n Boot : 0x65bfde29 0x000a413a\n Sleep : 0x00000000 0x00000000\n Wake : 0x00000000 0x00000000\n Calendar: 0x65bfe1a3 0x0006e1c6\n\nZone info:\n Zone map: 0xffffffe2f5904000 - 0xffffffe8f5904000\n . VM : 0xffffffe2f5904000 - 0xffffffe3dbf68000\n . RO : 0xffffffe3dc000000 - 0xffffffe42a000000\n . GEN0 : 0xffffffe42a000000 - 0xffffffe5102b0000\n . GEN1 : 0xffffffe5102b0000 - 0xffffffe5f6560000\n . GEN2 : 0xffffffe5f6560000 - 0xffffffe6dc810000\n . GEN3 : 0xffffffe6dc810000 - 0xffffffe7c2ac0000\n . DATA : 0xffffffe7c2ac0000 - 0xffffffe8f5904000\n Metadata: 0xffffffeffd730000 - 0xffffffeffef30000\n Bitmaps : 0xffffffeffef30000 - 0xffffffeffff5c000\n Extra : 0 - 0\n\nCORE 0 recently retired instr at 0xfffffff05ac29be0\nCORE 1 recently retired instr at 0xfffffff05ac29be0\nCORE 2 recently retired instr at 0xfffffff05ac29be0\nCORE 3 recently retired instr at 0xfffffff05ac28698\nCORE 4 recently retired instr at 0xfffffff05ac29be0\nCORE 5 recently retired instr at 0xfffffff05ac29be0\nTPIDRx_ELy = {1: 0xffffffe5f8af8a40 0: 0x0000000000000003 0ro: 0x00000001ff963820 }\nCORE 0: PC=0xfffffff05ab1dd04, LR=0xfffffff05ab1dd04, FP=0xffffffe0bf4bbef0\nCORE 1: PC=0xfffffff05ab1dd04, LR=0xfffffff05ab1dd04, FP=0xffffffe0bf42bef0\nCORE 2: PC=0xfffffff05ab1dd04, LR=0xfffffff05ab1dd04, FP=0xffffffe0bf59fef0\nCORE 3 is the one that panicked. Check the full backtrace for details.\nCORE 4: PC=0xfffffff05ab1dd08, LR=0xfffffff05ab1dd04, FP=0xffffffe0bec87ef0\nCORE 5: PC=0xfffffff05ab1dd08, LR=0xfffffff05ab1dd04, FP=0xffffffe0bf05fef0\nCompressor Info: 6% of compressed pages limit (OK) and 3% of segments limit (OK) with 1 swapfiles and OK swap space\nPanicked task 0xffffffe5f001ac50: 0 pages, 1 threads: pid 398: test\nPanicked thread: 0xffffffe5f8af8a40, backtrace: 0xffffffe0bf41ea40, tid: 6141\n\t\t lr: 0xfffffff05aaeba60 fp: 0xffffffe0bf41eab0\n\t\t lr: 0xfffffff05ac2f298 fp: 0xffffffe0bf41ead0\n\t\t lr: 0xfffffff05ac22f30 fp: 0xffffffe0bf41eb40\n\t\t lr: 0xfffffff05ac217e8 fp: 0xffffffe0bf41ec40\n\t\t lr: 0xfffffff05aab4660 fp: 0xffffffe0bf41ec50\n\t\t lr: 0xfffffff05aaeb410 fp: 0xffffffe0bf41f010\n\t\t lr: 0xfffffff05b1dcc08 fp: 0xffffffe0bf41f030\n\t\t lr: 0xfffffff05b1e61ec fp: 0xffffffe0bf41f1b0\n\t\t lr: 0xfffffff05ac22e28 fp: 0xffffffe0bf41f230\n\t\t lr: 0xfffffff05ac2182c fp: 0xffffffe0bf41f330\n\t\t lr: 0xfffffff05aab4660 fp: 0xffffffe0bf41f340\n\t\t lr: 0xfffffff05ae2c798 fp: 0xffffffe0bf41f710\n\t\t lr: 0xfffffff05aefb0fc fp: 0xffffffe0bf41f790\n\t\t lr: 0xfffffff05af7d04c fp: 0xffffffe0bf41f820\n\t\t lr: 0xfffffff05af7d670 fp: 0xffffffe0bf41f860\n\t\t lr: 0xfffffff05aee31e8 fp: 0xffffffe0bf41f900\n\t\t lr: 0xfffffff05aee4374 fp: 0xffffffe0bf41f9d0\n\t\t lr: 0xfffffff05aee4a78 fp: 0xffffffe0bf41fa50\n\t\t lr: 0xfffffff05af09d6c fp: 0xffffffe0bf41fb60\n\t\t lr: 0xfffffff05ab3bf28 fp: 0xffffffe0bf41fcb0\n\t\t lr: 0xfffffff05ab40320 fp: 0xffffffe0bf41fce0\n\t\t lr: 0xfffffff05aae24a4 fp: 0xffffffe0bf41fd40\n\t\t lr: 0xfffffff05aab4afc fp: 0xffffffe0bf41fd50\n\t\t lr: 0xfffffff05ac21658 fp: 0xffffffe0bf41fd70\n\t\t lr: 0xfffffff05af08ddc fp: 0xffffffe0bf41fd80\n\t\t lr: 0xfffffff05b033c64 fp: 0xffffffe0bf41fe10\n\t\t lr: 0xfffffff05ac21930 fp: 0xffffffe0bf41ff10\n\t\t lr: 0xfffffff05aab4660 fp: 0xffffffe0bf41ff20\n\nlast started kext at 382436208: com.apple.driver.AppleIDAMInterface\t1 (addr 0xfffffff05a10b840, size 3112)