I was tired of waiting so I've just crawled kernelcaches for all avaliable devices and made one big offsets.json containing all offsets. However, they are untested. They *should* work, but refer to table below if you're afraid of bootloops.
Wrong clock_ops is most common issue, offset should be:
- iPhone5,(2,3,4) 13E233 and 13E237: not 0x403428 but 0x40b428
- iPhone5,(2,3,4) 13B143: not 0x40c5a0 but 0x40c3cc
- iPhone5,4 13D15 and 13C75: not 0x4035a0 but 0x4033dc
Also, for iPad3,(1,2,3) on 13B143 OSSerializer::serialize
offset is missing -- pages for them contain 12 numbers instead of 13.
Devices on same chipset tend to have the same kernel (iPhone5,1-5,4 for example, or even iPod5 and iPad Mini) Also, 9.3.4 and 9.3.3 have same kernel pretty often. Keep that in mind when looking through table.
Device | 9.3.4 13G35 | 9.3.3 13G34 | 9.3.2 13F69 | 9.3.1 13E238 | 9.3 13E237 | 9.2.1 13D15 | 9.2 13C75 | 9.1 13B143 |
---|---|---|---|---|---|---|---|---|
iPhone 5c (Global) (5,4) | horatiohno | horatiohno | horatiohno | horatiohno | ? | Noah Little | ? | ? |
iPhone 5c (GSM) (5,3) | 4ppleCracker | Cooper Gordon | ? | OothecaPickle | ? | ? | ? | ? |
iPhone 5 (Global) (5,2) | deepfriedfilth | StormJ | lukee_gd_ | horatiohno | ? | d j | ? | ? |
iPhone 5 (GSM) (5,1) | deepfriedfilth | StormJ | ? | ? | ? | ? | ? | ? |
iPhone 4S (4,1) | tihmstar | letinmore | Amirpasha | stek29 | ? | tihmstar | ? | ? |
iPod Touch 5 (5,1) | erten50 | ? | Emilio Robles | Emilio Robles | ? | Earnest Wilson III | ? | ? |
iPad 4 (Global) (3,6) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad 4 (GSM) (3,5) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad 4 (WiFi) (3,4) | ? | ssmicel | Anon | ? | ? | ? | ? | ? |
iPad 3 (GSM) (3,3) | ? | ? | stek29 | ? | ? | ? | ? | ? |
iPad 3 (CDMA) (3,2) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad 3 (WiFi) (3,1) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad Mini (Global) (2,7) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad Mini (GSM) (2,6) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad Mini (WiFi) (2,5) | matteyeux | ? | OothecaPickle | MrMagicMadMax | ? | ? | ? | ? |
iPad 2 (Mid 2012) (2,4) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad 2 (CDMA) (2,3) | ? | ? | ? | ? | ? | ? | ? | ? |
iPad 2 (GSM) (2,2) | ? | leonhartsq | ? | danfr1d | ? | ? | ? | ? |
iPad 2 (WiFi) (2,1) | horatiohno | horatiohno | horatiohno | horatiohno | ? | 4ppleCracker | ? | ? |
This guide made finding and applying the offset a breeze.
The only problem I had was [because of previous attempts] the reboot loop protection was engaged and it wasn't even trying. Delete /var/logs/untetherhomedepotLoopProtection.txt to allow it to try again.
OFFSETS FOR IPHONE 5,1 9.3.2: {
"Darwin Kernel Version 15.5.0: Mon Apr 18 16:44:04 PDT 2016; root:xnu-3248.50.21~4/RELEASE_ARM_S5L8950X":
["0x31ef58",
"0x321818",
"0x1ee6c",
"0xdea48",
"0x40b428",
"0xcb7dc",
"0xdea4a",
"0xcb508",
"0x45d978",
"0x3fe454",
"0xcb560",
"0x45f2c8",
"0xa4",
"0x8001fe3d",
"0x0",
"0x0",
"0x8001fe6d",
"0x8001fe8d"
]
}