Skip to content

fork kfund, short for my fun with kfd exploit. For TrollStarTE aka TrollStore & ESign+ installer

License

Notifications You must be signed in to change notification settings

thuthuatjb/TrollStarTE

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Info

TrollStarTE is a reworked version based on TrollStar with changed UI and added ESign+ installation feature.

Preview

Original readme

kfund (Post-Exploitation)

kfund, short for my fun with kfd exploit. Original by @wh1te4ever, modify for TrollStore installation and called TrollStar by 34306 (me) and straight-tamago

What are the supported OS versions and devices?

Probably iOS 16.0 to 16.6.1 on all iOS/iPadOS (arm64/arm64e/M1/M2 supported)

What you can do with this?

Install TrollStore Helper to Tips


Preview

kfd

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices. It leverages various vulnerabilities that can be exploited to obtain dangling PTEs, which will be referred to as a PUAF primitive, short for "physical use-after-free". Then, it reallocates certain kernel objects inside those physical pages and manipulates them directly from user space through the dangling PTEs in order to achieve a KRKW primitive, short for "kernel read/write". The exploit code is fully contained in a library, libkfd, but the project also contains simple executable wrappers for iOS and macOS.

How to build and run kfd on an iPhone?

In Xcode, open the root folder of the project and connect your iOS device.

  • To build the project, select Product > Build (⌘B).
  • To run the project, select Product > Run (⌘R), then click on the "kopen" button in the app.

Where to find detailed write-ups for the exploits?

This README presented a high-level overview of the kfd project. Once a PUAF primitive has been achieved, the rest of the exploit is generic. Therefore, I have hoisted the common part of the exploits in a dedicated write-up:

In addition, I have split the vulnerability-specific part of the exploits used to achieve the PUAF primitive into distinct write-ups, listed below in chronological order of discovery:

However, please note that these write-ups have been written for an audience that is already familiar with the XNU virtual memory system.

About

fork kfund, short for my fun with kfd exploit. For TrollStarTE aka TrollStore & ESign+ installer

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 75.1%
  • Objective-C 23.7%
  • Swift 1.2%