p0tools icon indicating copy to clipboard operation
p0tools copied to clipboard
verified publisher icon googleprojectzero

iOSOnMac does not work out of the box: Child exited with status 5

Open rainbowcardiod opened this issue 1 year ago • 0 comments

./runner main does all the steps but fails with

[*] Sending SIGCONT to continue child
[*] Child exited with status 5

However, I am able to run the main program with a manual trick: after the program has been spawned in paused mode, keep runner paused (using a getc() after the posix_spawn), and do the following with lldb:

  1. attach to the target program (main)
  2. break set -n xpc_copy_entitlements_for_self, continue and hit the breakpoint
  3. get the address of my_xpc_copy_entitlements_for_self
  4. re write $pc 0x100dce000 -- where the address is from step 2
  5. continue and detach

rainbowcardiod avatar Feb 01 '25 04:02 rainbowcardiod