hgsp4 patch

From The iPhone Wiki
Revision as of 19:11, 31 March 2018 by Bellis1000 (talk | contribs) (hgsp4 enabled jailbreaks)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A hgsp4 patch (or host_get_special_port(4) patch) is a kernel patch that enables any executable running as root to access the kernel task by calling host_get_special_port for host special port 4 (hence the name). This host special port is usually unused, and the kernel task port must be “mounted” there by an exploit.[1][2] It is thus recommended that host special port 4 be used solely for the kernel task port.[3]

The hgsp4 route is equivalent to the tfp0 route, and tools that rely on tfp0 can be recompiled to use hgsp4 instead.[4] In a tweet, tihmstar confirmed that this applies to kloader too.[5]

Example code

The following example C program calls host_get_special_port and, on success, returns a positive integer that can be checked using echo $? in bash after running the test program:

#include <mach/mach.h>

int main(void) {
    mach_port_t kernel_task = 0;
    if (!host_get_special_port(mach_host_self(), HOST_LOCAL_NODE, 4, &kernel_task)) return -1;
    return kernel_task;
}

-1 is returned on error. 0 is returned if no hgsp4 patch is enabled.

hgsp4 enabled jailbreaks

Jailbreaks known to enable hgsp4 include:

See also

References