Aidan Sacco
Aidan Sacco
I added the files to yalu102 as Luca suggested, triggering main() when the app opens. I feel like ziVA might be running in the sandbox but I'm not completely sure....
Do you have any ideas on how I should implement Yalu? Again, I don't have any experience in iOS exploits, so I will take any advice.
Do you know exactly what ziVA does? It says kernel exploit but what does that do? Gain root access?
Doesn't triple_fetch get tfp0? If so, you might be able to modify nonceenabler and run it as a poc.
How did you get the ziVA poc to output in the xcode debugger? I'm not getting any output from ziVA itself, just the nsxpc2pc app.
Can you send me the ziva binary that you used? I can't seem to get the debug log.
Does anyone know where in the filesystem AppleAVEDriver is stored? I've opened the ipsw for both ip5s and ip6s on 10.2.1 but cant seem to find it.