Fix for iPhone 6? #2
Comments
|
A few things i've picked up from experience doing trial and error. Although idk if my case is specific to iPhone 6. If executing Yalu102 and trying to jailbreak fails or reboots for you, try this: I've also found the Dissident tweak to greatly delay the inevitable daily kernel panic when using apps heavily. Again, idk if this issue is from RAM or 32bit apps, etc. since no one has commented on it. But i'm willing to provide more panic logs if someone needs them. http://cydia.saurik.com/package/org.thebigboss.dissident/ With Dissident installed, the jailbreak with stay stable on the device a lot longer than without it for some reason unknown. In my case, i need to have one app set to "Foreground" in individual settings (my case is YouTube, Skype). You only need to keep one of these apps open in the foreground while keeping open and playing your usual suspect app/game that would case a kernel panic. Also, it's really certain apps such as snapchat, games, tweaks that will case the kernel panic although the device does panic occasionally on random without use. For example, using a tweak like Video Pane 2 with a pip video playing and an app/game in the background will eventually most likely lead to panic as well, at least in my case. |
|
I don't have an iPhone6 on 10.x. If you are interested in testing, let me know. |
|
Hi xerub! i'd be more than happy to help test with what i can right now, while on vacation atm |
|
I've got an iPhone 6 on 10.2 here if you need any testing |
|
I've got an SE on 10.2 and would be happy to test too. |
|
iPhone SE is stable under yalu102; testing on that device is not needed. Only 4K devices have problems with yalu102 |
|
Ah okay. |
|
Finding offsets and testing is gonna be a pain. So I suppose we should support only devices that have problems with yalu102 (the 6s stub is there for the sole reason that I do have that device and can test -- otherwise it's very happy with yalu102). What I'm saying is, we need to prioritize. Once the KPP bypass code is up, I'll let you know and then do some testing. In the meantime, perhaps some you could help me with the offsets. Just follow the pattern for 6s. Thanks! |
|
@xerub I am ready to test whatever you have ready to throw at us. Currently jailbroken on my iPhone 6 on yalu102! Whenever support comes out lmk and I would be happy to test it for you :) |
|
What bout the iPad Air ? |
|
iPad Air 2 here. This device needs a fix more than ever. Happy to test for you :) |
|
you guys are missing the entire point of what this is, what yalu102 is, and why this has nothing to do with iphone 6 issues on yalu102. i'm sure the issues can be solved, but this won't help at all. |
|
kpwn: A bit ot but you have the word "incomplete" in your Yalu description |
|
@kpwn |
|
In the meantime would it help if some of us copied over their kernel panics from settings > privacy > diagnostics/usage? |
|
@kpwn the issues with yalu102 are pretty much universal on all 4K devices; seems to do with bad page table handling or just with bad patches in yalu102. I was hoping that we'd maybe be able to use extra_recipe instead of yalu102, with newer patches since it is still under active development. I am aware both extra_recipe and yalu102 use the same mach voucher vulnerability; it's simply a matter now of the fact that extra_recipe is a project that is under active development, so we could possibly get new patches here that would make 4K devices more stable |
|
@metarebel the problem definitely extends to the 6+ and the iPod touch 6 as well. See: https://www.reddit.com/r/jailbreak/comments/6dc1zj/discussion_stability_or_lack_of_yalu102/ |
|
'I was hoping that we'd maybe be able to use extra_recipe instead of yalu102' -> completely unnecessary. if you haven't noticed, this uses:
Kernel exploit strategy is irrelevant for iPhone 6 stability. And regardless he yalu102 kernel exploit is way more reliable than this exploit, 16k or 4k. And this being actively maintained is absolutely no difference for all intents and purposes. Hell, @coolstar, as these are opensource projects, technically speaking they can be under development and maintained by anyone, including yourself. If you really care about these issues, maybe actually debugging em and sending a pull request would be a better strategy than reddit posts. |
|
@kpwn do you have any suggestions on how to start debugging this issue? I don't really have much of an idea of where to start, as most of the kernel-level development I've done has just been device drivers on x86_64 (where debugging is as simple as connecting over ethernet or USB EHCI). Don't have much experience with arm64 or dumping/patching the kernel on iOS. And yes, I know that the exploit strategy is irrelevant. However, a new set of patches could fix the problems with iPhone 6 (which would be needed to get this to even run on iPhone 6, as the binary blob would need to be replaced) |
|
guys, no need to fight. I haven't had much success with mach-portal binary blob on the 6s. Either I got one offset wrong, or something else is at fault. Either way, I have no desire nor the time to debug a KPP bypass which is already known and public. That said, I might port it here, either by rewriting it or lifting code off yalu102 -- much easier/nicer with dynamic offsets; that of course depends on how much spare time I get. That said, yalu102 will always be more reliable in terms of initial kernel exploit -- something that plagues extra_recipe, much to the frustration of everybody. |
|
fwiw the kpp bypass used on mach_portal is slightly different and not working in 10.2. but the core concept and shellcode stays the same |
|
Ok, I pushed support for iPhone8,1 (6s) and iPad5,4 (Air2). SSH-only with no SB patches for now. Whoever feels masochistic, give it a try. Support for other devices can be added in offsets.m |
|
Change the Valid Architectures to (only) arm64.
|
|
@K0guma change the "Architectures" to only arm64 |
|
@xerub testing here on iPhone 6S, it appears most of the time (when it doesn't reboot), it fails here: https://github.com/xerub/extra_recipe/blob/master/extra_recipe/jailbreak.c#L558 Is this just part of the low success rate (and need to keep retrying?) or something wrong on iPhone 6S? (tried about 80 times and it either rebooted or returned there) |
|
@coolstar Unfortunately, yes. That means the "interesting" ports are not contiguous. Just reboot the phone, leave it for a couple of minutes, start extra_recipe, then wait for more several seconds and hit go. It's a hit and miss, probably miss most of the time... You can play with the value here: https://github.com/xerub/extra_recipe/blob/master/extra_recipe/jailbreak.c#L514 Also, clone the repo again. If your 6s is a Samsung, it will surely panic later, even if the exploit succeeds. You need to tweak AGXCommandQueue_vtable: a different offset needs to be used and there's no easy way to tell which version I am running. The new offset is commented out, but easy to spot. The 6s is for testing anyway, since yalu102 is extremely stable on 6s, so I won't put too much effort into that. Btw, If it says "failed, reboot" you should really reboot. Even if it eventually succeeds by re-trying, it probably smashed at some point something wrong in the kernel and it won't be stable. |
|
@K0guma this thread is not about compiling extra_recipe, so please don't hijack it. You have been warned! Hint: just plug in the device and hit Run, it'll pick up arm64 |
|
sorry |
|
Support for pretty much anything arm64 up to iOS 10.2 can be added in dex.plist, just follow the pattern (there is already support for iPhone7,2). |
This is most likely only a fix for iPhone 7 users, but can iPhone 6 users get some love with these new exploits as well? Yalu is truely unstable with daily kernel panics from myself, as well as others. Are the kernel panics between devices related?
Is the issue being looked at or is the Yalu102 project as final as it gets for 6 users. just asking (: Please see kpwn/yalu102#454
kpwn/yalu102#464
The text was updated successfully, but these errors were encountered: