Justin Sherman
@jsherma100
Followers
3K
Following
996
Media
23
Statuses
140
Security reseacher
Joined November 2018
15.2 🥳 Bad success rate due to recent mitigations tho
69
109
670
I just updated the part of the writeup about zalloc gc/refill flow to include content about partially-populated chunks. I also fixed something which was incorrect
5
5
56
Writeup finished, thank you to everyone that gave me feedback 🙂
jsherman212.github.io
During the last two weeks of my summer (as of writing, summer 2021), I decided to try and take a crack at iOS 14 kernel exploitation with the IOMobileFramebuffer OOB pointer read (CVE-2021-30807)....
This semester I decided to do an independent study, which is a semester-long project that counts for credits like a class would. My project is a kernel exploit for CVE-2021-30807 + a writeup. I just finished the exploit and popped 14.6 and 14.7 on my phones, writeup eta son
34
185
722
Wtf do I have to do to get my airpods to charge past 80% -.-
2
0
14
This semester I decided to do an independent study, which is a semester-long project that counts for credits like a class would. My project is a kernel exploit for CVE-2021-30807 + a writeup. I just finished the exploit and popped 14.6 and 14.7 on my phones, writeup eta son
27
104
636
15.0 support for xnuspy is done, and xnuspy_ctl.h now lives inside include/xnuspy/ so I don't have to juggle two copies of enums/macros/constants between kernel/user code. Pls let me know if there's any issues since I only have two phones I was able to update to iOS 15
1
2
46
Appreciate it!! xnuspy update day is never painless but this eases it a lot. Should have official 15.x support done by this weekend or next weekend
I have updated xnuspy for iOS 15 over on my GitHub fork, and of course have opened a PR to @jsherma100. Please check it out and let me know if you run into any bugs/issues -- it's a brilliant tool! https://t.co/8b4KC8605N
https://t.co/BiEk7VTg2S
1
0
20
Great writeup not just because of the bug but because the whole explanation and introduction before
finally found the time to do a writeup this week @
0
2
15
finally found the time to do a writeup this week @
2
27
130
Updated @_bazad's KTRW for 14.x and wrote patchfinders for the offsets it needs (aka no more hunting for offsets yourself and putting them in a text file, the pongo module will get them automatically) @ https://t.co/wZfAb8P546
6
41
157
14.5 really broke the patchfinders which were the most annoying to write 🤣
4
9
165
Finally got a cve for this, first cve!!! CVE-2021-30656 and xnuspy will be updated in either a couple days or a couple weeks if 14.5 happened to break it
5
7
93
@RolfRolles @byte_how IDA Freeware will come bundled with a free x64 decompiler soon.
12
185
591
I binged attack on titan this week and nothing I've ever seen even comes close; this show is worth watching just for the masterpiece that's the second half of season 3 alone. Fuckin pumped for the last 2 episodes
1
0
1
Also I re-worked the way shared mappings are handled so now you can hook kernel functions from dynamic libraries (e.g. jailbreak tweaks) without panicking
0
0
7
annoyed by the lack of libc for xnuspy kernel hooks? so was I, so I added bzero, snprintf, strcmp, strncmp, strlen, strstr, strnstr, strchr, strrchr, memset, memmem, memchr, memrchr, memmove, and memcmp to the list of functions retrievable through XNUSPY_CACHE_READ
1
1
16