Revision as of 12:33, 18 August 2013
For the patches applied together with a jailbreak, most groups rely on a list of patches generated by comex. See https://github.com/comex/datautils0/blob/master/make_kernel_patchfile.c
See also saurik's comment for a list of "the 'best practice' patches that jailbreaks install by default" on ycombinator.
Kernel Offsets
(Initial list copied from Unthredera1n source code.)
Offsets
iOS 4.3.4 - 8K2
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
KERNEL_AMFI_BINARY_CACHE
|
0x80355394
|
0x80706394
|
0x80618394
|
0x80688394
|
0x80759394
|
KERNEL_CS_ENFORCEMENT_DISABLE
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
KERNEL_DEBUG_ENABLED
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
KERNEL_FLUSH_DCACHE
|
0x80063504
|
0x80063504
|
0x80063504
|
0x80063504
|
0x80063504
|
KERNEL_FLUSH_ICACHE
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
KERNEL_IOLOG
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
KERNEL_NX_ENABLE
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
KERNEL_PROC_ENFORCE
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
KERNEL_SANDBOX
|
0x80366CA6
|
0x807EACA6
|
0x80939CA6
|
0x80809CA6
|
0x80966CA6
|
KERNEL_SYSCALL0
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
KERNEL_SYSCALL0_VALUE
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
KERNEL_TASK_FOR_PID
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
KERNEL_VM_MAP_ENTER
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
KERNEL_VM_MAP_PROTECT
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
iOS 4.3.5 - 8L1
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
KERNEL_AMFI_BINARY_CACHE
|
0x80355394
|
0x80706394
|
0x80618394
|
0x80688394
|
0x80759394
|
KERNEL_CS_ENFORCEMENT_DISABLE
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
0x8027EB5C
|
KERNEL_DEBUG_ENABLED
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
0x802D427C
|
KERNEL_FLUSH_DCACHE
|
0x80063504
|
0x80063504
|
0x80063504
|
0x80063504
|
0x80063504
|
KERNEL_FLUSH_ICACHE
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
0x800636F4
|
KERNEL_IOLOG
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
0x801CBE65
|
KERNEL_NX_ENABLE
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
0x8027F304
|
KERNEL_PROC_ENFORCE
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
0x8029C1E4
|
KERNEL_SANDBOX
|
0x80366CA6
|
0x807EACA6
|
0x80939CA6
|
0x80809CA6
|
0x80966CA6
|
KERNEL_SYSCALL0
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
0x802926EC
|
KERNEL_SYSCALL0_VALUE
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
0x8018246D
|
KERNEL_TASK_FOR_PID
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
0x801A7DF6
|
KERNEL_VM_MAP_ENTER
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
0x80043FC8
|
KERNEL_VM_MAP_PROTECT
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
0x8004115E
|
iOS 5.0 - 9A334
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
n92ap
|
KERNEL_CS_ENFORCEMENT
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
KERNEL_FLUSH_DCACHE
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
KERNEL_FLUSH_ICACHE
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
KERNEL_IOLOG
|
0x80203EDD
|
0x80203EDD
|
0x80203EDD
|
0x80203EDD
|
0x80203EDD
|
0x80203EDD
|
KERNEL_NX_ENABLE
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
KERNEL_PE_DEBUGGER
|
0x80241704
|
0x80241700
|
0x80241704
|
0x80241700
|
0x80241704
|
0x80241704
|
KERNEL_SYSCALL0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
KERNEL_SYSCALL0_VALUE
|
0x801B2F79
|
0x801B2F79
|
0x801B2F79
|
0x801B2F79
|
0x801B2F79
|
0x801B2F79
|
KERNEL_TASK_FOR_PID0
|
0x801DFAA4
|
0x801DFAA4
|
0x801DFAA4
|
0x801DFAA4
|
0x801DFAA4
|
0x801DFAA4
|
KERNEL_VM_ENTER
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
iOS 5.0.1 - 9A405
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
n92ap
|
KERNEL_CS_ENFORCEMENT
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
0x80045738
|
KERNEL_FLUSH_DCACHE
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
0x800719C4
|
KERNEL_FLUSH_ICACHE
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
0x80071AC4
|
KERNEL_IOLOG
|
0x80203F7D
|
0x80203F7D
|
0x80203F7D
|
0x80203F7D
|
0x80203F7D
|
0x80203F7D
|
KERNEL_NX_ENABLE
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
KERNEL_PE_DEBUGGER
|
0x802417A4
|
0x802417A0
|
0x802417A4
|
0x802417A0
|
0x802417A4
|
0x802417A4
|
KERNEL_SYSCALL0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
KERNEL_SYSCALL0_VALUE
|
0x801B3015
|
0x801B3015
|
0x801B3015
|
0x801B3015
|
0x801B3015
|
0x801B3015
|
KERNEL_TASK_FOR_PID0
|
0x801DFB40
|
0x801DFB40
|
0x801DFB40
|
0x801DFB40
|
0x801DFB40
|
0x801DFB40
|
KERNEL_VM_ENTER
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
0x800497D4
|
iOS 5.1 - 9B176
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
n92ap
|
KERNEL_AMFI
|
|
|
|
|
|
0x805D6718
|
KERNEL_AMFI_KILL
|
|
|
|
|
|
0x805D62F2
|
KERNEL_CS_ENFORCEMENT
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
KERNEL_FLUSH_DCACHE
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
KERNEL_FLUSH_ICACHE
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
KERNEL_IOLOG
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
KERNEL_NX_ENABLE
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
0x802BAB84
|
KERNEL_PE_DEBUGGER
|
0x8024220C
|
0x80242208
|
0x8024220C
|
0x80242208
|
0x8024220C
|
0x8024220C
|
KERNEL_SANDBOX
|
|
|
|
|
|
0x805EE61E
|
KERNEL_SYSCALL0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
0x802CCBB0
|
KERNEL_SYSCALL0_VALUE
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
KERNEL_TASK_FOR_PID0
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
KERNEL_VM_ENTER
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
iOS 5.1.1 - 9B206
Symbol
|
k48ap
|
n18ap
|
n81ap
|
n88ap
|
n90ap
|
n92ap
|
KERNEL_CS_ENFORCEMENT
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
0x80045874
|
KERNEL_FLUSH_DCACHE
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
0x80072204
|
KERNEL_FLUSH_ICACHE
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
0x80072304
|
KERNEL_IOLOG
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
0x802049DD
|
KERNEL_NX_ENABLE
|
0x802BBB84
|
0x802BBB84
|
0x802BBB84
|
0x802BBB84
|
0x802BBB84
|
0x802BBB84
|
KERNEL_PE_DEBUGGER
|
0x8024220C
|
0x80242208
|
0x8024220C
|
0x80242208
|
0x8024220C
|
0x8024220C
|
KERNEL_SYSCALL0
|
0x802CDBB0
|
0x802CDBB0
|
0x802CDBB0
|
0x802CDBB0
|
0x802CDBB0
|
0x802CDBB0
|
KERNEL_SYSCALL0_VALUE
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
0x801B3AA5
|
KERNEL_TASK_FOR_PID0
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
0x801E05B4
|
KERNEL_VM_ENTER
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
0x8004992C
|
iOS 5.1.1b - 9B208
Symbol
|
n90ap
|
KERNEL_CS_ENFORCEMENT
|
0x80045874
|
KERNEL_FLUSH_DCACHE
|
0x80072204
|
KERNEL_FLUSH_ICACHE
|
0x80072304
|
KERNEL_IOLOG
|
0x802049DD
|
KERNEL_NX_ENABLE
|
0x802BBB84
|
KERNEL_PE_DEBUGGER
|
0x8024220C
|
KERNEL_SYSCALL0
|
0x802CDBB0
|
KERNEL_SYSCALL0_VALUE
|
0x801B3AA5
|
KERNEL_TASK_FOR_PID0
|
0x801E05B4
|
KERNEL_VM_ENTER
|
0x8004992C
|
References