├── .gitignore ├── LICENSE ├── README.md ├── Shared ├── envbuf.c ├── envbuf.h ├── hook_common.h ├── hook_common.m ├── include │ ├── IOKit.h │ ├── sandbox.h │ ├── substrate.h │ ├── xpc │ │ ├── activity.h │ │ ├── availability.h │ │ ├── base.h │ │ ├── connection.h │ │ ├── debug.h │ │ ├── endpoint.h │ │ ├── private.h │ │ └── xpc.h │ └── zstd.h └── libellekit.tbd ├── jailbreakd ├── Server.swift ├── Trustcache │ ├── JBDTCPage.h │ ├── JBDTCPage.m │ ├── trustcache.h │ ├── trustcache.m │ └── trustcache_structs.h ├── entitlements.plist ├── include │ ├── Bridge.h │ ├── Launch.h │ └── krw_remote.h └── main.m ├── kfd.xcodeproj ├── project.pbxproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ │ ├── IDEWorkspaceChecks.plist │ │ └── swiftpm │ │ └── Package.resolved └── xcshareddata │ └── xcschemes │ ├── jailbreakd.xcscheme │ └── kfd.xcscheme ├── kfd ├── Assets.xcassets │ ├── AccentColor.colorset │ │ └── Contents.json │ ├── AppIcon.appiconset │ │ └── Contents.json │ └── Contents.json ├── ContentView.swift ├── Exploit │ ├── intermediate.m │ ├── kfd-Bridging-Header.h │ ├── kfd-bridge.h │ ├── libkfd.h │ ├── libkfd.m │ ├── libkfd │ │ ├── common.h │ │ ├── info.h │ │ ├── info │ │ │ ├── dynamic_types │ │ │ │ ├── IOSurface.h │ │ │ │ ├── kqworkloop.h │ │ │ │ ├── proc.h │ │ │ │ ├── task.h │ │ │ │ ├── thread.h │ │ │ │ ├── uthread.h │ │ │ │ └── vm_map.h │ │ │ └── static_types │ │ │ │ ├── fileglob.h │ │ │ │ ├── fileops.h │ │ │ │ ├── fileproc.h │ │ │ │ ├── fileproc_guard.h │ │ │ │ ├── ipc_entry.h │ │ │ │ ├── ipc_port.h │ │ │ │ ├── ipc_space.h │ │ │ │ ├── miscellaneous_types.h │ │ │ │ ├── pmap.h │ │ │ │ ├── pseminfo.h │ │ │ │ ├── psemnode.h │ │ │ │ ├── semaphore.h │ │ │ │ ├── vm_map_copy.h │ │ │ │ ├── vm_map_entry.h │ │ │ │ ├── vm_named_entry.h │ │ │ │ ├── vm_object.h │ │ │ │ └── vm_page.h │ │ ├── krkw.h │ │ ├── krkw │ │ │ ├── IOSurface_shared.h │ │ │ ├── kread │ │ │ │ ├── kread_IOSurface.h │ │ │ │ ├── kread_kqueue_workloop_ctl.h │ │ │ │ └── kread_sem_open.h │ │ │ └── kwrite │ │ │ │ ├── kwrite_IOSurface.h │ │ │ │ ├── kwrite_dup.h │ │ │ │ └── kwrite_sem_open.h │ │ ├── perf.h │ │ ├── puaf.h │ │ └── puaf │ │ │ ├── physpuppet.h │ │ │ └── smith.h │ └── mineekpf.h ├── Info.plist ├── Preview Content │ └── Preview Assets.xcassets │ │ └── Contents.json ├── Resources │ ├── CydiaSubstrate.framework │ │ ├── .this_is_ellekit_not_substrate │ │ └── CydiaSubstrate │ ├── bootstrap-iphoneos-arm64.tar.zst │ ├── opainject │ └── testexec ├── Utilities │ ├── Bootstrapper.swift │ ├── Jailbreak.swift │ ├── KPF.swift │ ├── kalloc.h │ ├── kalloc.m │ ├── pmap.m │ ├── pplrw.h │ ├── pplrw.m │ ├── pte.h │ ├── stable_kcall.m │ └── zstd_wrapper.m ├── kc.img4 ├── kcall_handoff.swift ├── kfd.entitlements ├── kfdApp.swift └── template.tc ├── launchdhook ├── hooks.h ├── ipc_hook.m ├── main.m ├── spawn_hook.m └── swift_stub.swift ├── libjailbreak ├── StringError.swift ├── boot_info.h ├── boot_info.m ├── cdhash.h ├── cdhash.m ├── csblob.h ├── jailbreakd.h ├── jailbreakd.m ├── jb_utils.h ├── jb_utils.m └── libjailbreak.h └── writeups ├── exploiting-puafs.md ├── figures ├── exploiting-puafs-figure1.png ├── exploiting-puafs-figure2.png ├── physpuppet-figure1.png ├── physpuppet-figure2.png ├── physpuppet-figure3.png ├── physpuppet-figure4.png ├── physpuppet-figure5.png ├── physpuppet-figure6.png ├── smith-figure1.png ├── smith-figure2.png ├── smith-figure3.png └── smith-figure4.png ├── physpuppet.md └── smith.md /.gitignore: -------------------------------------------------------------------------------- 1 | macos_kfd 2 | .DS_Store 3 | xcuserdata 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/README.md -------------------------------------------------------------------------------- /Shared/envbuf.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/envbuf.c -------------------------------------------------------------------------------- /Shared/envbuf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/envbuf.h -------------------------------------------------------------------------------- /Shared/hook_common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/hook_common.h -------------------------------------------------------------------------------- /Shared/hook_common.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/hook_common.m -------------------------------------------------------------------------------- /Shared/include/IOKit.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/IOKit.h -------------------------------------------------------------------------------- /Shared/include/sandbox.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/sandbox.h -------------------------------------------------------------------------------- /Shared/include/substrate.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/substrate.h -------------------------------------------------------------------------------- /Shared/include/xpc/activity.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/activity.h -------------------------------------------------------------------------------- /Shared/include/xpc/availability.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/availability.h -------------------------------------------------------------------------------- /Shared/include/xpc/base.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/base.h -------------------------------------------------------------------------------- /Shared/include/xpc/connection.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/connection.h -------------------------------------------------------------------------------- /Shared/include/xpc/debug.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/debug.h -------------------------------------------------------------------------------- /Shared/include/xpc/endpoint.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/endpoint.h -------------------------------------------------------------------------------- /Shared/include/xpc/private.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/private.h -------------------------------------------------------------------------------- /Shared/include/xpc/xpc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/xpc/xpc.h -------------------------------------------------------------------------------- /Shared/include/zstd.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/include/zstd.h -------------------------------------------------------------------------------- /Shared/libellekit.tbd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/Shared/libellekit.tbd -------------------------------------------------------------------------------- /jailbreakd/Server.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Server.swift -------------------------------------------------------------------------------- /jailbreakd/Trustcache/JBDTCPage.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Trustcache/JBDTCPage.h -------------------------------------------------------------------------------- /jailbreakd/Trustcache/JBDTCPage.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Trustcache/JBDTCPage.m -------------------------------------------------------------------------------- /jailbreakd/Trustcache/trustcache.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Trustcache/trustcache.h -------------------------------------------------------------------------------- /jailbreakd/Trustcache/trustcache.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Trustcache/trustcache.m -------------------------------------------------------------------------------- /jailbreakd/Trustcache/trustcache_structs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/Trustcache/trustcache_structs.h -------------------------------------------------------------------------------- /jailbreakd/entitlements.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/entitlements.plist -------------------------------------------------------------------------------- /jailbreakd/include/Bridge.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/include/Bridge.h -------------------------------------------------------------------------------- /jailbreakd/include/Launch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/include/Launch.h -------------------------------------------------------------------------------- /jailbreakd/include/krw_remote.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/include/krw_remote.h -------------------------------------------------------------------------------- /jailbreakd/main.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/jailbreakd/main.m -------------------------------------------------------------------------------- /kfd.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/project.pbxproj -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/project.xcworkspace/contents.xcworkspacedata -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved -------------------------------------------------------------------------------- /kfd.xcodeproj/xcshareddata/xcschemes/jailbreakd.xcscheme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/xcshareddata/xcschemes/jailbreakd.xcscheme -------------------------------------------------------------------------------- /kfd.xcodeproj/xcshareddata/xcschemes/kfd.xcscheme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd.xcodeproj/xcshareddata/xcschemes/kfd.xcscheme -------------------------------------------------------------------------------- /kfd/Assets.xcassets/AccentColor.colorset/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Assets.xcassets/AccentColor.colorset/Contents.json -------------------------------------------------------------------------------- /kfd/Assets.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Assets.xcassets/AppIcon.appiconset/Contents.json -------------------------------------------------------------------------------- /kfd/Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Assets.xcassets/Contents.json -------------------------------------------------------------------------------- /kfd/ContentView.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/ContentView.swift -------------------------------------------------------------------------------- /kfd/Exploit/intermediate.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/intermediate.m -------------------------------------------------------------------------------- /kfd/Exploit/kfd-Bridging-Header.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/kfd-Bridging-Header.h -------------------------------------------------------------------------------- /kfd/Exploit/kfd-bridge.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/kfd-bridge.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd.m -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/common.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/IOSurface.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/IOSurface.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/kqworkloop.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/kqworkloop.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/proc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/proc.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/task.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/task.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/thread.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/thread.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/uthread.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/uthread.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/dynamic_types/vm_map.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/dynamic_types/vm_map.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/fileglob.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/fileglob.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/fileops.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/fileops.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/fileproc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/fileproc.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/fileproc_guard.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/fileproc_guard.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/ipc_entry.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/ipc_entry.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/ipc_port.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/ipc_port.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/ipc_space.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/ipc_space.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/miscellaneous_types.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/miscellaneous_types.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/pmap.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/pmap.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/pseminfo.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/pseminfo.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/psemnode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/psemnode.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/semaphore.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/semaphore.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/vm_map_copy.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/vm_map_copy.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/vm_map_entry.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/vm_map_entry.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/vm_named_entry.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/vm_named_entry.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/vm_object.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/vm_object.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/info/static_types/vm_page.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/info/static_types/vm_page.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/IOSurface_shared.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/IOSurface_shared.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kread/kread_IOSurface.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kread/kread_IOSurface.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kread/kread_sem_open.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kread/kread_sem_open.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kwrite/kwrite_IOSurface.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kwrite/kwrite_IOSurface.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kwrite/kwrite_dup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kwrite/kwrite_dup.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/krkw/kwrite/kwrite_sem_open.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/krkw/kwrite/kwrite_sem_open.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/perf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/perf.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/puaf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/puaf.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/puaf/physpuppet.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/puaf/physpuppet.h -------------------------------------------------------------------------------- /kfd/Exploit/libkfd/puaf/smith.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/libkfd/puaf/smith.h -------------------------------------------------------------------------------- /kfd/Exploit/mineekpf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Exploit/mineekpf.h -------------------------------------------------------------------------------- /kfd/Info.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Info.plist -------------------------------------------------------------------------------- /kfd/Preview Content/Preview Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Preview Content/Preview Assets.xcassets/Contents.json -------------------------------------------------------------------------------- /kfd/Resources/CydiaSubstrate.framework/.this_is_ellekit_not_substrate: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kfd/Resources/CydiaSubstrate.framework/CydiaSubstrate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Resources/CydiaSubstrate.framework/CydiaSubstrate -------------------------------------------------------------------------------- /kfd/Resources/bootstrap-iphoneos-arm64.tar.zst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Resources/bootstrap-iphoneos-arm64.tar.zst -------------------------------------------------------------------------------- /kfd/Resources/opainject: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Resources/opainject -------------------------------------------------------------------------------- /kfd/Resources/testexec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Resources/testexec -------------------------------------------------------------------------------- /kfd/Utilities/Bootstrapper.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/Bootstrapper.swift -------------------------------------------------------------------------------- /kfd/Utilities/Jailbreak.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/Jailbreak.swift -------------------------------------------------------------------------------- /kfd/Utilities/KPF.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/KPF.swift -------------------------------------------------------------------------------- /kfd/Utilities/kalloc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/kalloc.h -------------------------------------------------------------------------------- /kfd/Utilities/kalloc.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/kalloc.m -------------------------------------------------------------------------------- /kfd/Utilities/pmap.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/pmap.m -------------------------------------------------------------------------------- /kfd/Utilities/pplrw.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/pplrw.h -------------------------------------------------------------------------------- /kfd/Utilities/pplrw.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/pplrw.m -------------------------------------------------------------------------------- /kfd/Utilities/pte.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/pte.h -------------------------------------------------------------------------------- /kfd/Utilities/stable_kcall.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/stable_kcall.m -------------------------------------------------------------------------------- /kfd/Utilities/zstd_wrapper.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/Utilities/zstd_wrapper.m -------------------------------------------------------------------------------- /kfd/kc.img4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/kc.img4 -------------------------------------------------------------------------------- /kfd/kcall_handoff.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/kcall_handoff.swift -------------------------------------------------------------------------------- /kfd/kfd.entitlements: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/kfd.entitlements -------------------------------------------------------------------------------- /kfd/kfdApp.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/kfdApp.swift -------------------------------------------------------------------------------- /kfd/template.tc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/kfd/template.tc -------------------------------------------------------------------------------- /launchdhook/hooks.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/launchdhook/hooks.h -------------------------------------------------------------------------------- /launchdhook/ipc_hook.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/launchdhook/ipc_hook.m -------------------------------------------------------------------------------- /launchdhook/main.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/launchdhook/main.m -------------------------------------------------------------------------------- /launchdhook/spawn_hook.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/launchdhook/spawn_hook.m -------------------------------------------------------------------------------- /launchdhook/swift_stub.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/launchdhook/swift_stub.swift -------------------------------------------------------------------------------- /libjailbreak/StringError.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/StringError.swift -------------------------------------------------------------------------------- /libjailbreak/boot_info.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/boot_info.h -------------------------------------------------------------------------------- /libjailbreak/boot_info.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/boot_info.m -------------------------------------------------------------------------------- /libjailbreak/cdhash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/cdhash.h -------------------------------------------------------------------------------- /libjailbreak/cdhash.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/cdhash.m -------------------------------------------------------------------------------- /libjailbreak/csblob.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/csblob.h -------------------------------------------------------------------------------- /libjailbreak/jailbreakd.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/jailbreakd.h -------------------------------------------------------------------------------- /libjailbreak/jailbreakd.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/jailbreakd.m -------------------------------------------------------------------------------- /libjailbreak/jb_utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/jb_utils.h -------------------------------------------------------------------------------- /libjailbreak/jb_utils.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/jb_utils.m -------------------------------------------------------------------------------- /libjailbreak/libjailbreak.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/libjailbreak/libjailbreak.h -------------------------------------------------------------------------------- /writeups/exploiting-puafs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/exploiting-puafs.md -------------------------------------------------------------------------------- /writeups/figures/exploiting-puafs-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/exploiting-puafs-figure1.png -------------------------------------------------------------------------------- /writeups/figures/exploiting-puafs-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/exploiting-puafs-figure2.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure1.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure2.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure3.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure4.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure5.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/physpuppet-figure6.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/smith-figure1.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/smith-figure2.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/smith-figure3.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/figures/smith-figure4.png -------------------------------------------------------------------------------- /writeups/physpuppet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/physpuppet.md -------------------------------------------------------------------------------- /writeups/smith.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tealbathingsuit/kfd-on-crack/HEAD/writeups/smith.md --------------------------------------------------------------------------------