Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tihmstar/treadm1ll
You don't need to be as fast as lightspeed, but a run on a treadm1ll surely doesn't hurt.
https://github.com/tihmstar/treadm1ll
Last synced: 15 days ago
JSON representation
You don't need to be as fast as lightspeed, but a run on a treadm1ll surely doesn't hurt.
- Host: GitHub
- URL: https://github.com/tihmstar/treadm1ll
- Owner: tihmstar
- Created: 2019-01-29T16:56:42.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-23T14:44:04.000Z (almost 5 years ago)
- Last Synced: 2024-07-31T14:08:29.763Z (4 months ago)
- Language: C
- Homepage:
- Size: 33.2 KB
- Stars: 51
- Watchers: 9
- Forks: 12
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# treadm1ll
You don't need to be as fast as [lightspeed](https://www.synacktiv.com/posts/exploit/lightspeed-a-race-for-an-iosmacos-sandbox-escape.html), but a run on a treadm1ll surely doesn't hurt.
---
Since i'm now busy with other stuff and likely not gonna come back to this
here is my unfinished exploit:
- works up to 11.4.1
- gets you tfp0
- incomplete/missing cleanup, will probably panic on exit
Offsets hardcoded for:
```Darwin Kernel Version 17.4.0: Fri Dec 8 19:35:52 PST 2017; root:xnu-4570.40.9~1/RELEASE_ARM64_S5L8960X```
Get your own if you wanna run it on something else ;)
PS: exploit uses userland derefs, so it won't work with PAN
only for phones with headphone jack
---
A great writeup by Luca Moro (johncool) on the bug can be found here:
[https://www.synacktiv.com/posts/exploit/lightspeed-a-race-for-an-iosmacos-sandbox-escape.html](https://www.synacktiv.com/posts/exploit/lightspeed-a-race-for-an-iosmacos-sandbox-escape.html)