Skip to content

Instantly share code, notes, and snippets.

@stek29
Last active January 22, 2024 22:06
Show Gist options
  • Save stek29/52b14b851089895fa66fde383d1bdbe5 to your computer and use it in GitHub Desktop.
Save stek29/52b14b851089895fa66fde383d1bdbe5 to your computer and use it in GitHub Desktop.
UntetherHomeDepot offsets

Update

I was tired of waiting so I've just crawled kernelcaches for all avaliable devices and made one big offsets.json containing all offsets. However, they are untested. They *should* work, but refer to table below if you're afraid of bootloops.


MESSAGE TO jk9357 OR WHOEVER IS MAINTAINING WALL.SUPPLIES

Some offsets are wrong/missing on wall.supplies.

Wrong clock_ops is most common issue, offset should be:

  • iPhone5,(2,3,4) 13E233 and 13E237: not 0x403428 but 0x40b428
  • iPhone5,(2,3,4) 13B143: not 0x40c5a0 but 0x40c3cc
  • iPhone5,4 13D15 and 13C75: not 0x4035a0 but 0x4033dc

Also, for iPad3,(1,2,3) on 13B143 OSSerializer::serialize offset is missing -- pages for them contain 12 numbers instead of 13.


Note

Devices on same chipset tend to have the same kernel (iPhone5,1-5,4 for example, or even iPod5 and iPad Mini) Also, 9.3.4 and 9.3.3 have same kernel pretty often. Keep that in mind when looking through table.

Table

Device 9.3.4 13G35 9.3.3 13G34 9.3.2 13F69 9.3.1 13E238 9.3 13E237 9.2.1 13D15 9.2 13C75 9.1 13B143
iPhone 5c (Global) (5,4) horatiohno horatiohno horatiohno horatiohno ? Noah Little ? ?
iPhone 5c (GSM) (5,3) 4ppleCracker Cooper Gordon ? OothecaPickle ? ? ? ?
iPhone 5 (Global) (5,2) deepfriedfilth StormJ lukee_gd_ horatiohno ? d j ? ?
iPhone 5 (GSM) (5,1) deepfriedfilth StormJ ? ? ? ? ? ?
iPhone 4S (4,1) tihmstar letinmore Amirpasha stek29 ? tihmstar ? ?
iPod Touch 5 (5,1) erten50 ? Emilio Robles Emilio Robles ? Earnest Wilson III ? ?
iPad 4 (Global) (3,6) ? ? ? ? ? ? ? ?
iPad 4 (GSM) (3,5) ? ? ? ? ? ? ? ?
iPad 4 (WiFi) (3,4) ? ssmicel Anon ? ? ? ? ?
iPad 3 (GSM) (3,3) ? ? stek29 ? ? ? ? ?
iPad 3 (CDMA) (3,2) ? ? ? ? ? ? ? ?
iPad 3 (WiFi) (3,1) ? ? ? ? ? ? ? ?
iPad Mini (Global) (2,7) ? ? ? ? ? ? ? ?
iPad Mini (GSM) (2,6) ? ? ? ? ? ? ? ?
iPad Mini (WiFi) (2,5) matteyeux ? OothecaPickle MrMagicMadMax ? ? ? ?
iPad 2 (Mid 2012) (2,4) ? ? ? ? ? ? ? ?
iPad 2 (CDMA) (2,3) ? ? ? ? ? ? ? ?
iPad 2 (GSM) (2,2) ? leonhartsq ? danfr1d ? ? ? ?
iPad 2 (WiFi) (2,1) horatiohno horatiohno horatiohno horatiohno ? 4ppleCracker ? ?
{
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:06 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8940X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:06 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8942X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:07 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8950X":
["0x317768","0x319ea0","0x1ebac","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb7d","0x0","0x0","0x8001fbad","0x8001fbcd"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:08 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8945X":
["0x3106fc","0x312e18","0x1de84","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee59","0x0","0x0","0x8001ee85","0x8001eea5"],
"Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:08 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8955X":
["0x317768","0x319ea0","0x1ebac","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457210","0x98","0x8001fb7d","0x0","0x0","0x8001fbad","0x8001fbcd"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:05 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8945X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8940X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8942X":
["0x319450","0x31bc3c","0x1db34","0xd97d0","0x4053cc","0xc7754","0xd97d2","0xc7488","0x457030","0x3f8444","0xc74e0","0x458904","0x98","0x8001eb09","0x0","0x0","0x8001eb35","0x8001eb55"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8950X":
["0x31fd1c","0x322460","0x1e76c","0xde9fc","0x40c3cc","0xcb87c","0xde9fe","0xcb5a8","0x45e154","0x3ff444","0xcb600","0x45fa40","0x98","0x8001f73d","0x0","0x0","0x8001f76d","0x8001f78d"],
"Darwin Kernel Version 15.0.0: Fri Oct 2 14:07:07 PDT 2015; root:xnu-3248.10.42~4/RELEASE_ARM_S5L8955X":
["0x31fd1c","0x322460","0x1e76c","0xde9fc","0x40c3cc","0xcb87c","0xde9fe","0xcb5a8","0x45e154","0x3ff444","0xcb600","0x45fa40","0x98","0x8001f73d","0x0","0x0","0x8001f76d","0x8001f78d"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8942X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:36 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8955X":
["0x317868","0x319fa0","0x1eb88","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb59","0x0","0x0","0x8001fb89","0x8001fba9"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:37 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8945X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:37 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8950X":
["0x317868","0x319fa0","0x1eb88","0xdd9dc","0x4033dc","0xca87c","0xdd9de","0xca5a8","0x455964","0x3f6444","0xca600","0x457264","0x98","0x8001fb59","0x0","0x0","0x8001fb89","0x8001fba9"],
"Darwin Kernel Version 15.0.0: Wed Dec 9 22:19:38 PST 2015; root:xnu-3248.31.3~2/RELEASE_ARM_S5L8940X":
["0x3107fc","0x312f18","0x1de60","0xd8750","0x3fc3dc","0xc6754","0xd8752","0xc6488","0x44e840","0x3ef444","0xc64e0","0x450128","0x98","0x8001ee35","0x0","0x0","0x8001ee61","0x8001ee81"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:51 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8955X":
["0x31ef50","0x321810","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8940X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8945X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:53 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8942X":
["0x31812c","0x31a934","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:54 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8950X":
["0x31ef50","0x321810","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58","0x321818","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:05 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8942X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8945X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8955X":
["0x31ef58","0x321818","0x1ee6c","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe3d","0x0","0x0","0x8001fe6d","0x8001fe8d"],
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:07 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8940X":
["0x318264","0x31aa6c","0x1e170","0xd9848","0x403428","0xc76b4","0xd984a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f145","0x0","0x0","0x8001f171","0x8001f191"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:19 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8955X":
["0x31f13c","0x3219fc","0x1eeac","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe7d","0x0","0x0","0x8001fead","0x8001fecd"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:20 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8945X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8940X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8942X":
["0x318388","0x31ab90","0x1e200","0xd9838","0x403428","0xc76b4","0xd983a","0xc73e8","0x455844","0x3f6454","0xc7440","0x45717c","0xa4","0x8001f1d5","0x0","0x0","0x8001f201","0x8001f221"],
"Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:21 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8950X":
["0x31f13c","0x3219fc","0x1eeac","0xdea48","0x40b428","0xcb7dc","0xdea4a","0xcb508","0x45d978","0x3fe454","0xcb560","0x45f2c8","0xa4","0x8001fe7d","0x0","0x0","0x8001fead","0x8001fecd"]
}
@WORMSTweaker
Copy link

WORMSTweaker commented Sep 21, 2017

Kay I guess it worked the second time I did it. Somehow it fucked up my jailbreak,couldn't launch any cydia installed app, and I couldn't install or uninstall anything without removing cydia,so I had to restore completely. This time it worked perfectly.

EDIT: I have some iPad3,1 offsets, tested successfully
9.3.2:
{ "Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:06 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8945X": ["0x318264", "0x31aa6c", "0x1e170", "0xd9848", "0x403428", "0xc76b4", "0xd984a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f145", "0x0", "0x0", "0x8001f171", "0x8001f191" ] }

9.3.3:
{ "Darwin Kernel Version 15.6.0: Mon Jun 20 20:10:20 PDT 2016; root:xnu-3248.60.9~1/RELEASE_ARM_S5L8945X": ["0x318388", "0x31ab90", "0x1e200", "0xd9838", "0x403428", "0xc76b4", "0xd983a", "0xc73e8", "0x455844", "0x3f6454", "0xc7440", "0x45717c", "0xa4", "0x8001f1d5", "0x0", "0x0", "0x8001f201", "0x8001f221" ] }

@societyblind
Copy link

This guide made finding and applying the offset a breeze.
The only problem I had was [because of previous attempts] the reboot loop protection was engaged and it wasn't even trying. Delete /var/logs/untetherhomedepotLoopProtection.txt to allow it to try again.

OFFSETS FOR IPHONE 5,1 9.3.2: {
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58",
"0x321818",
"0x1ee6c",
"0xdea48",
"0x40b428",
"0xcb7dc",
"0xdea4a",
"0xcb508",
"0x45d978",
"0x3fe454",
"0xcb560",
"0x45f2c8",
"0xa4",
"0x8001fe3d",
"0x0",
"0x0",
"0x8001fe6d",
"0x8001fe8d"
]
}

@esauvisky
Copy link

I found the missing offsets for iPad2,1 on 9.3! 😁

{
  "Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:52 PST 2016; root:xnu-3248.41.4~28/RELEASE_ARM_S5L8940X":
   ["0x31812c",
    "0x31a934",
    "0x1e170",
    "0xd9848",
    "0x403428",
    "0xc76b4",
    "0xd984a",
    "0xc73e8",
    "0x455844",
    "0x3f6454",
    "0xc7440",
    "0x45717c",
    "0xa4",
    "0x8001f145",
    "0x0",
    "0x0",
    "0x8001f171",
    "0x8001f191"
  ]
}

@stx3plus1
Copy link

I may be late but I personally find this untether quite cool, and got iPhone5,2 13G75 (9.2) offsets working on my iPhone 5. Here they are for anyone still interested!

{
    "Darwin Kernel Version 15.0.0: Fri Nov 13 16:08:07 PST 2015; root:xnu-3248.21.2~1/RELEASE_ARM_S5L8950X":
     ["0x317768",
      "0x319ea0",
      "0x1ebac",
      "0xdd9dc",
      "0x4033dc",
      "0xca87c",
      "0xdd9de",
      "0xca5a8",
      "0x455964",
      "0x3f6444",
      "0xca600",
      "0x457264",
      "0x98",
      "0x8001fb7d",
      "0x0",
      "0x0",
      "0x8001fbad",
      "0x8001fbcd"
    ]
}

@kshanPH
Copy link

kshanPH commented Jan 1, 2024

Can anyone help me, i need to jailbreak my ipad beacause i downgrade it to ios 8.4.1 and i want to jailbreak it and home depot are always saying «no offset found on ipad 2/1» and now i need offset to jaulbreak it please help me

@Bulletbling
Copy link

Can anyone help me, i need to jailbreak my ipad beacause i downgrade it to ios 8.4.1 and i want to jailbreak it and home depot are always saying «no offset found on ipad 2/1» and now i need offset to jaulbreak it please help me

Same. I have an iPad 2,1 on 8.4.1 and the offsets cannot be found anywhere. I've searched quite a bit. I found them for the iPad2,2 on 8.4.1, but not my iPad2,1 (I tried the 2,2 ones since I thought they were the same and it didn't work on multiple attempts).

@deepfriedfilth
Copy link

deepfriedfilth commented Jan 9, 2024

@kshanPH @Bulletbling have you tried the A5 offsets from here?

Edit: Otherwise the same dev has released a patch for A5x devices here, which is likely already baked into Legacy-iOS-Kit

@Bulletbling
Copy link

@kshanPH @Bulletbling have you tried the A5 offsets from here?

Edit: Otherwise the same dev has released a patch for A5x devices here, which is likely already baked into Legacy-iOS-Kit

I have not found that in my searching. I looked all up and down reddit for offsets and found nothing. Maybe because my keywords were iPad 2,1 and iOS 8.4.1, rather than using A5. Instead of installing home depot, I ended up installing etason. And the 8.4.1 JB is baked into the iOS downgrader tool but the dev stated it was unreliable. I do not know if the same applies to the newly named iOS toolkit that I'm not sure if I used or not. I had to use Ubuntu to use the iOS downgrader repo.

@kshanPH
Copy link

kshanPH commented Jan 11, 2024

What did you do to turn your ipad into ios 8.4.1??

@deepfriedfilth
Copy link

@kshanPH IIRC iOS 8.4.1 OTA firmware is "perma-signed" by Apple for select devices so you can achieve this using a tool such as futurerestore±gui or the aforementioned Legacy-iOS-Kit.

Legacy-iOS-Kit Wiki
Restore 32-bit device

@kshanPH
Copy link

kshanPH commented Jan 13, 2024

Did you know other offset for home depot for ios 8.4.1 ipad2/1??

@deepfriedfilth
Copy link

@kshanPH Did you read my comment above?

Here's a direct link to the aforementioned A5 8.4.1 offsets that you can try adding yourself when prompted for custom offsets..
I'd opt for patching HomeDepot .ipa using ohd though

Otherwise, maybe try daibutsu?

@kshanPH
Copy link

kshanPH commented Jan 16, 2024

I tried A5 offset on home depot but it always crash, the i install daibutsu and when i open it it said unsupported. Please help me.

@kshanPH
Copy link

kshanPH commented Jan 22, 2024

Hi everyone there's another problem my ipad got black screen and It don't restart because it's power button is broken.Can anyone teach me how to drain the battery faster without turning on?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment