Instantly share code, notes, and snippets.

@stek29 /0info.md
Last active Oct 7, 2018

Embed
What would you like to do?
UntetherHomeDepot offsets

Update

I was tired of waiting so I've just crawled kernelcaches for all avaliable devices and made one big offsets.json containing all offsets. However, they are untested. They *should* work, but refer to table below if you're afraid of bootloops.


MESSAGE TO jk9357 OR WHOEVER IS MAINTAINING WALL.SUPPLIES

Some offsets are wrong/missing on wall.supplies.

Wrong clock_ops is most common issue, offset should be:

  • iPhone5,(2,3,4) 13E233 and 13E237: not 0x403428 but 0x40b428
  • iPhone5,(2,3,4) 13B143: not 0x40c5a0 but 0x40c3cc
  • iPhone5,4 13D15 and 13C75: not 0x4035a0 but 0x4033dc

Also, for iPad3,(1,2,3) on 13B143 OSSerializer::serialize offset is missing -- pages for them contain 12 numbers instead of 13.


Note

Devices on same chipset tend to have the same kernel (iPhone5,1-5,4 for example, or even iPod5 and iPad Mini) Also, 9.3.4 and 9.3.3 have same kernel pretty often. Keep that in mind when looking through table.

Table

Device 9.3.4 13G35 9.3.3 13G34 9.3.2 13F69 9.3.1 13E238 9.3 13E237 9.2.1 13D15 9.2 13C75 9.1 13B143
iPhone 5c (Global) (5,4) horatiohno horatiohno horatiohno horatiohno ? Noah Little ? ?
iPhone 5c (GSM) (5,3) 4ppleCracker Cooper Gordon ? OothecaPickle ? ? ? ?
iPhone 5 (Global) (5,2) deepfriedfilth StormJ lukee_gd_ horatiohno ? d j ? ?
iPhone 5 (GSM) (5,1) deepfriedfilth StormJ ? ? ? ? ? ?
iPhone 4S (4,1) tihmstar letinmore Amirpasha stek29 ? tihmstar ? ?
iPod Touch 5 (5,1) erten50 ? Emilio Robles Emilio Robles ? Earnest Wilson III ? ?
iPad 4 (Global) (3,6) ? ? ? ? ? ? ? ?
iPad 4 (GSM) (3,5) ? ? ? ? ? ? ? ?
iPad 4 (WiFi) (3,4) ? ssmicel Anon ? ? ? ? ?
iPad 3 (GSM) (3,3) ? ? stek29 ? ? ? ? ?
iPad 3 (CDMA) (3,2) ? ? ? ? ? ? ? ?
iPad 3 (WiFi) (3,1) ? ? ? ? ? ? ? ?
iPad Mini (Global) (2,7) ? ? ? ? ? ? ? ?
iPad Mini (GSM) (2,6) ? ? ? ? ? ? ? ?
iPad Mini (WiFi) (2,5) matteyeux ? OothecaPickle MrMagicMadMax ? ? ? ?
iPad 2 (Mid 2012) (2,4) ? ? ? ? ? ? ? ?
iPad 2 (CDMA) (2,3) ? ? ? ? ? ? ? ?
iPad 2 (GSM) (2,2) ? leonhartsq ? danfr1d ? ? ? ?
iPad 2 (WiFi) (2,1) horatiohno horatiohno horatiohno horatiohno ? 4ppleCracker ? ?
{
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:06 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8940X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:06 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8942X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:07 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8950X":
["0x317768","0x319ea0","0x1ebac","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb7d","0x0","0x0","0x8001fbad","0x8001fbcd"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:08 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8945X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:08 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8955X":
["0x317768","0x319ea0","0x1ebac","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457210","0x98","0x8001fb7d","0x0","0x0","0x8001fbad","0x8001fbcd"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:05 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8945X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8940X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8942X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8950X":
["0x31fd1c","0x322460","0x1e76c","0xde9fc","0x40c3cc","0xcb87c","0xde9fe","0xcb5a8","0x45e154","0x3ff444","0xcb600","0x45fa40","0x98","0x8001f73d","0x0","0x0","0x8001f76d","0x8001f78d"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8955X":
["0x31fd1c","0x322460","0x1e76c","0xde9fc","0x40c3cc","0xcb87c","0xde9fe","0xcb5a8","0x45e154","0x3ff444","0xcb600","0x45fa40","0x98","0x8001f73d","0x0","0x0","0x8001f76d","0x8001f78d"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8942X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8955X":
["0x317868","0x319fa0","0x1eb88","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb59","0x0","0x0","0x8001fb89","0x8001fba9"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:37 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8945X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:37 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8950X":
["0x317868","0x319fa0","0x1eb88","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb59","0x0","0x0","0x8001fb89","0x8001fba9"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:38 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8940X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:51 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8955X":
["0x31ef50","0x321810","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8940X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8945X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:53 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8942X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:54 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8950X":
["0x31ef50","0x321810","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58","0x321818","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:05 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8942X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8945X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8955X":
["0x31ef58","0x321818","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:07 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8940X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:19 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8955X":
["0x31f13c","0x3219fc","0x1eeac","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe7d","0x0","0x0","0x8001fead","0x8001fecd"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:20 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8945X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8940X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8942X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8950X":
["0x31f13c","0x3219fc","0x1eeac","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe7d","0x0","0x0","0x8001fead","0x8001fecd"]
}
@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 22, 2017

Please contact me sending your kernelcache*, iOS version and iDevice info, or with offsets you've found already so I can update this file.

* /System/Library/Caches/com.apple.kernelcaches/kernelcache

Or follow this tutorial

Or install SHOFF from https://stek29.rocks/cyrepo, run it in terminal as root, and.. that's all :)

Owner

stek29 commented Aug 22, 2017

Please contact me sending your kernelcache*, iOS version and iDevice info, or with offsets you've found already so I can update this file.

* /System/Library/Caches/com.apple.kernelcaches/kernelcache

Or follow this tutorial

Or install SHOFF from https://stek29.rocks/cyrepo, run it in terminal as root, and.. that's all :)

@deepfriedfilth

This comment has been minimized.

Show comment
Hide comment
@deepfriedfilth

deepfriedfilth Aug 23, 2017

Great tutorial! (Much more concise than mine, which now references yours for finding the last 5 offsets ;p) ..offsets for iPhone5,2 9.3.3 included near the bottom of that gist.

deepfriedfilth commented Aug 23, 2017

Great tutorial! (Much more concise than mine, which now references yours for finding the last 5 offsets ;p) ..offsets for iPhone5,2 9.3.3 included near the bottom of that gist.

@rhcp011235

This comment has been minimized.

Show comment
Hide comment
@rhcp011235

rhcp011235 Aug 23, 2017

Kudos to the first person that will automate this process ;)

rhcp011235 commented Aug 23, 2017

Kudos to the first person that will automate this process ;)

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29
Owner

stek29 commented Aug 23, 2017

@rhcp011235 doing it ;)

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 24, 2017

I can't get the iPhone 5,3 9.3.1 to work.

http://imgur.com/2UPvfJs
http://imgur.com/V3P1edp

Thoughts?

jailbre4ker commented Aug 24, 2017

I can't get the iPhone 5,3 9.3.1 to work.

http://imgur.com/2UPvfJs
http://imgur.com/V3P1edp

Thoughts?

@rhcp011235

This comment has been minimized.

Show comment
Hide comment
@rhcp011235

rhcp011235 commented Aug 24, 2017

@stek29 https://github.com/jndok/OF32/ Found this on twitter

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 24, 2017

@jailbre4ker oh crap, looks like betterhomedepot used uname -a.
Try changing Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:54 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8950X to System from log.

@rhcp011235 yeah, great thing. Haven't tested yet.

Owner

stek29 commented Aug 24, 2017

@jailbre4ker oh crap, looks like betterhomedepot used uname -a.
Try changing Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:54 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8950X to System from log.

@rhcp011235 yeah, great thing. Haven't tested yet.

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 24, 2017

@stek29 Ok, so I tried that, and more stuff happened, but now it just crashes at random places in the process. Here's the log for my last 8 attempts. https://ghostbin.com/paste/mn3xy

jailbre4ker commented Aug 24, 2017

@stek29 Ok, so I tried that, and more stuff happened, but now it just crashes at random places in the process. Here's the log for my last 8 attempts. https://ghostbin.com/paste/mn3xy

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 24, 2017

I removed my password like Tihmstar said in his tweet, and it worked! Only issue I'm having is I get a buttload of errors that result in half-installed packages whenever I try to uninstall tweaks. Any way to fix that, or is it a known bug?

jailbre4ker commented Aug 24, 2017

I removed my password like Tihmstar said in his tweet, and it worked! Only issue I'm having is I get a buttload of errors that result in half-installed packages whenever I try to uninstall tweaks. Any way to fix that, or is it a known bug?

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 24, 2017

I apologize for my continued spamming, but it would appear that the untether messes up the root partition. Could be a permissions issue? All I know is Cydia cannot install, uninstall, or reinstall packages when you boot with the untether. This applies to no substrate mode and safe mode as well. Filza throws errors when you try to alter the root. Cydia Eraser fails as well. I just think something is wrong with the root. Enabled passcode (lol) and rejailbroke with Home Depot and everything was fine.

jailbre4ker commented Aug 24, 2017

I apologize for my continued spamming, but it would appear that the untether messes up the root partition. Could be a permissions issue? All I know is Cydia cannot install, uninstall, or reinstall packages when you boot with the untether. This applies to no substrate mode and safe mode as well. Filza throws errors when you try to alter the root. Cydia Eraser fails as well. I just think something is wrong with the root. Enabled passcode (lol) and rejailbroke with Home Depot and everything was fine.

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 25, 2017

@jailbre4ker Idk, I haven't looked into how untether works. Try asking tihmstar.
I'd suggest you to check if / is mounted as rw

Owner

stek29 commented Aug 25, 2017

@jailbre4ker Idk, I haven't looked into how untether works. Try asking tihmstar.
I'd suggest you to check if / is mounted as rw

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 25, 2017

Any ideas on how to disable the untether for version 1.2?

jailbre4ker commented Aug 25, 2017

Any ideas on how to disable the untether for version 1.2?

@shidevil

This comment has been minimized.

Show comment
Hide comment
@shidevil

shidevil Aug 25, 2017

@stek29 running ./xpwntool kernelcache.release.j71 kernel.dec -k 332888462e8603ed3d4df7b6281cda8ff0d5e30eb3893cffadd5f5b503d449c4 -iv 52fbc9152526f1b42539fc7dc15793b7

will give me kernel.dec: data

it isn't a mach-o file. this is wrong right? the key and IV are definitely correct based on https://www.theiphonewiki.com/wiki/Dillon_13D15_(iPad4,1)

shidevil commented Aug 25, 2017

@stek29 running ./xpwntool kernelcache.release.j71 kernel.dec -k 332888462e8603ed3d4df7b6281cda8ff0d5e30eb3893cffadd5f5b503d449c4 -iv 52fbc9152526f1b42539fc7dc15793b7

will give me kernel.dec: data

it isn't a mach-o file. this is wrong right? the key and IV are definitely correct based on https://www.theiphonewiki.com/wiki/Dillon_13D15_(iPad4,1)

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 25, 2017

@jailbre4ker make empty offsets.json?

@shidevil yup, it should be a mach-o file. idk, you can try kcache.

Owner

stek29 commented Aug 25, 2017

@jailbre4ker make empty offsets.json?

@shidevil yup, it should be a mach-o file. idk, you can try kcache.

@shidevil

This comment has been minimized.

Show comment
Hide comment
@shidevil

shidevil Aug 25, 2017

@stek29 tried kcache. Shows that it doesn't support IM4P image.

"This tool doesn't support IM4P files"

Will check and see how to go about it.

shidevil commented Aug 25, 2017

@stek29 tried kcache. Shows that it doesn't support IM4P image.

"This tool doesn't support IM4P files"

Will check and see how to go about it.

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 25, 2017

@stek29 The problem is I am unable to alter my root. Filza, MTerminal, and Cydia all fail.

jailbre4ker commented Aug 25, 2017

@stek29 The problem is I am unable to alter my root. Filza, MTerminal, and Cydia all fail.

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 25, 2017

@shidevil oh, so it's IMG4... fuck.
Iirc Morpheus's joker can do this, and there are other tools, check iphonewiki

@jailbre4ker mount / -o rw,remount ? (or /sbin/mount, I've never done this on iOS)

Owner

stek29 commented Aug 25, 2017

@shidevil oh, so it's IMG4... fuck.
Iirc Morpheus's joker can do this, and there are other tools, check iphonewiki

@jailbre4ker mount / -o rw,remount ? (or /sbin/mount, I've never done this on iOS)

@jailbre4ker

This comment has been minimized.

Show comment
Hide comment
@jailbre4ker

jailbre4ker Aug 25, 2017

@stek29 That didn't work unfortunately. I found 2 other Reddit users who are in the same pickle I am.

jailbre4ker commented Aug 25, 2017

@stek29 That didn't work unfortunately. I found 2 other Reddit users who are in the same pickle I am.

@shidevil

This comment has been minimized.

Show comment
Hide comment
@shidevil

shidevil Aug 26, 2017

@stek29 will try the joker tool. I tried the decrypt0r but it didn't work. Hope the joker tool can do a full kernel dump as I read that it only identify syscall and Mach.

shidevil commented Aug 26, 2017

@stek29 will try the joker tool. I tried the decrypt0r but it didn't work. Hope the joker tool can do a full kernel dump as I read that it only identify syscall and Mach.

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 26, 2017

@shidevil Maybe. But I can't understand how are iPad4,1 and UntetheredHomeDepot are related since iPad Air is 64 bit.

Owner

stek29 commented Aug 26, 2017

@shidevil Maybe. But I can't understand how are iPad4,1 and UntetheredHomeDepot are related since iPad Air is 64 bit.

@shidevil

This comment has been minimized.

Show comment
Hide comment
@shidevil

shidevil Aug 26, 2017

Uh I understand. Just read that it's for 32bit. Thank you

shidevil commented Aug 26, 2017

Uh I understand. Just read that it's for 32bit. Thank you

@leuldereje

This comment has been minimized.

Show comment
Hide comment
@leuldereje

leuldereje Aug 31, 2017

@stek29 Hey there are lots of working offsets in this thread if it is still the same for the untether HomeDepot
https://www.reddit.com/r/jailbreak/comments/5re6jr/discussion_offsets_for_home_depot/

leuldereje commented Aug 31, 2017

@stek29 Hey there are lots of working offsets in this thread if it is still the same for the untether HomeDepot
https://www.reddit.com/r/jailbreak/comments/5re6jr/discussion_offsets_for_home_depot/

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Aug 31, 2017

@leuldereje no, there are 5 additional offsets :(

Owner

stek29 commented Aug 31, 2017

@leuldereje no, there are 5 additional offsets :(

@leuldereje

This comment has been minimized.

Show comment
Hide comment
@leuldereje

leuldereje Sep 1, 2017

@stek29 Ok, and I just want to add the offset for iPad 4 on ios 9.3 (saying this coz it is not in your offset list) w/c is https://www.reddit.com/r/jailbreak/comments/5rbgct/request_ipad_4_offsets_ios_93/ddyej1z/

leuldereje commented Sep 1, 2017

@stek29 Ok, and I just want to add the offset for iPad 4 on ios 9.3 (saying this coz it is not in your offset list) w/c is https://www.reddit.com/r/jailbreak/comments/5rbgct/request_ipad_4_offsets_ios_93/ddyej1z/

@tihmstar

This comment has been minimized.

Show comment
Hide comment
@tihmstar

tihmstar Sep 3, 2017

Here are the offsets for 9.2.1 iPhone4,1
{ "Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:38 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8940X": ["0x3107fc", "0x312f18", "0x1de60", "0xd8750", "0x3fc3dc", "0xc6754", "0xd8752", "0xc6488", "0x44e840", "0x3ef444", "0xc64e0", "0x450128", "0x98", "0x8001ee35", "0x0", "0x0", "0x8001ee61", "0x8001ee81" ] }

tihmstar commented Sep 3, 2017

Here are the offsets for 9.2.1 iPhone4,1
{ "Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:38 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8940X": ["0x3107fc", "0x312f18", "0x1de60", "0xd8750", "0x3fc3dc", "0xc6754", "0xd8752", "0xc6488", "0x44e840", "0x3ef444", "0xc64e0", "0x450128", "0x98", "0x8001ee35", "0x0", "0x0", "0x8001ee61", "0x8001ee81" ] }

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Sep 3, 2017

@leuldereje http://wall.supplies/offsets/iPad3,X-9.3 where X in {4,5,6}

@tihmstar Added, thanks.

Owner

stek29 commented Sep 3, 2017

@leuldereje http://wall.supplies/offsets/iPad3,X-9.3 where X in {4,5,6}

@tihmstar Added, thanks.

@francischetti

This comment has been minimized.

Show comment
Hide comment
@francischetti

francischetti Sep 10, 2017

I searched for offsets on my iphone 4S- iOS 9.1, but unfortunately my last 5 offsets were not compatible with the UntetherHomeDepot jailbreak :/ (I rebooted it for more than 20 times)..... Still waiting for someone to find them for me :'(

francischetti commented Sep 10, 2017

I searched for offsets on my iphone 4S- iOS 9.1, but unfortunately my last 5 offsets were not compatible with the UntetherHomeDepot jailbreak :/ (I rebooted it for more than 20 times)..... Still waiting for someone to find them for me :'(

@Aflaungos

This comment has been minimized.

Show comment
Hide comment
@Aflaungos

Aflaungos Sep 10, 2017

OFFSETS FOR IPAD 2,4 9.2.1: {
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8942X":
["0x3107fc",
"0x312f18",
"0x1de60",
"0xd8750",
"0x3fc3dc",
"0xc6754",
"0xd8752",
"0xc6488",
"0x44e840",
"0x3ef444",
"0xc64e0",
"0x450128",
"0x98",
"0x8001ee35",
"0x0",
"0x0",
"0x8001ee61",
"0x8001ee81"
]
}
THESE WORKED FOR ME!

Aflaungos commented Sep 10, 2017

OFFSETS FOR IPAD 2,4 9.2.1: {
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8942X":
["0x3107fc",
"0x312f18",
"0x1de60",
"0xd8750",
"0x3fc3dc",
"0xc6754",
"0xd8752",
"0xc6488",
"0x44e840",
"0x3ef444",
"0xc64e0",
"0x450128",
"0x98",
"0x8001ee35",
"0x0",
"0x0",
"0x8001ee61",
"0x8001ee81"
]
}
THESE WORKED FOR ME!

@Aflaungos

This comment has been minimized.

Show comment
Hide comment
@Aflaungos

Aflaungos Sep 11, 2017

IT MAY FLASH SCREEN, BUT AT SECOND ATTEMPT IT WORKS

Aflaungos commented Sep 11, 2017

IT MAY FLASH SCREEN, BUT AT SECOND ATTEMPT IT WORKS

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 13, 2017

iPhone 5,2 (9.3.4) Works flawlessly

ghost commented Sep 13, 2017

iPhone 5,2 (9.3.4) Works flawlessly

@WORMSTweaker

This comment has been minimized.

Show comment
Hide comment
@WORMSTweaker

WORMSTweaker Sep 21, 2017

Kay I guess it worked the second time I did it. Somehow it fucked up my jailbreak,couldn't launch any cydia installed app, and I couldn't install or uninstall anything without removing cydia,so I had to restore completely. This time it worked perfectly.

EDIT: I have some iPad3,1 offsets, tested successfully
9.3.2:
{ "Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8945X": ["0x318264", "0x31aa6c", "0x1e170", "0xd9848", "0x403428", "0xc76b4", "0xd984a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f145", "0x0", "0x0", "0x8001f171", "0x8001f191" ] }

9.3.3:
{ "Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:20 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8945X": ["0x318388", "0x31ab90", "0x1e200", "0xd9838", "0x403428", "0xc76b4", "0xd983a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f1d5", "0x0", "0x0", "0x8001f201", "0x8001f221" ] }

WORMSTweaker commented Sep 21, 2017

Kay I guess it worked the second time I did it. Somehow it fucked up my jailbreak,couldn't launch any cydia installed app, and I couldn't install or uninstall anything without removing cydia,so I had to restore completely. This time it worked perfectly.

EDIT: I have some iPad3,1 offsets, tested successfully
9.3.2:
{ "Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8945X": ["0x318264", "0x31aa6c", "0x1e170", "0xd9848", "0x403428", "0xc76b4", "0xd984a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f145", "0x0", "0x0", "0x8001f171", "0x8001f191" ] }

9.3.3:
{ "Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:20 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8945X": ["0x318388", "0x31ab90", "0x1e200", "0xd9838", "0x403428", "0xc76b4", "0xd983a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f1d5", "0x0", "0x0", "0x8001f201", "0x8001f221" ] }

@societyblind

This comment has been minimized.

Show comment
Hide comment
@societyblind

societyblind Dec 6, 2017

This guide made finding and applying the offset a breeze.
The only problem I had was [because of previous attempts] the reboot loop protection was engaged and it wasn't even trying. Delete /var/logs/untetherhomedepotLoopProtection.txt to allow it to try again.

OFFSETS FOR IPHONE 5,1 9.3.2: {
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58",
"0x321818",
"0x1ee6c",
"0xdea48",
"0x40b428",
"0xcb7dc",
"0xdea4a",
"0xcb508",
"0x45d978",
"0x3fe454",
"0xcb560",
"0x45f2c8",
"0xa4",
"0x8001fe3d",
"0x0",
"0x0",
"0x8001fe6d",
"0x8001fe8d"
]
}

societyblind commented Dec 6, 2017

This guide made finding and applying the offset a breeze.
The only problem I had was [because of previous attempts] the reboot loop protection was engaged and it wasn't even trying. Delete /var/logs/untetherhomedepotLoopProtection.txt to allow it to try again.

OFFSETS FOR IPHONE 5,1 9.3.2: {
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58",
"0x321818",
"0x1ee6c",
"0xdea48",
"0x40b428",
"0xcb7dc",
"0xdea4a",
"0xcb508",
"0x45d978",
"0x3fe454",
"0xcb560",
"0x45f2c8",
"0xa4",
"0x8001fe3d",
"0x0",
"0x0",
"0x8001fe6d",
"0x8001fe8d"
]
}

@esauvisky

This comment has been minimized.

Show comment
Hide comment
@esauvisky

esauvisky Apr 19, 2018

I found the missing offsets for iPad2,1 on 9.3! 😁

{
  "Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8940X":
   ["0x31812c",
    "0x31a934",
    "0x1e170",
    "0xd9848",
    "0x403428",
    "0xc76b4",
    "0xd984a",
    "0xc73e8",
    "0x455844",
    "0x3f6454",
    "0xc7440",
    "0x45717c",
    "0xa4",
    "0x8001f145",
    "0x0",
    "0x0",
    "0x8001f171",
    "0x8001f191"
  ]
}

esauvisky commented Apr 19, 2018

I found the missing offsets for iPad2,1 on 9.3! 😁

{
  "Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8940X":
   ["0x31812c",
    "0x31a934",
    "0x1e170",
    "0xd9848",
    "0x403428",
    "0xc76b4",
    "0xd984a",
    "0xc73e8",
    "0x455844",
    "0x3f6454",
    "0xc7440",
    "0x45717c",
    "0xa4",
    "0x8001f145",
    "0x0",
    "0x0",
    "0x8001f171",
    "0x8001f191"
  ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment