first commit?

g0blin.xcodeproj/project.pbxproj

@@ -7,6 +7,27 @@
 	objects = {
 
 /* Begin PBXBuildFile section */
+		327748392011FF7C00B538DA /* motd in Resources */ = {isa = PBXBuildFile; fileRef = 327748382011FF7C00B538DA /* motd */; };
+		32AFC552200DB5CC00352702 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC551200DB5CC00352702 /* AppDelegate.m */; };
+		32AFC555200DB5CC00352702 /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC554200DB5CC00352702 /* ViewController.m */; };
+		32AFC558200DB5CC00352702 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 32AFC556200DB5CC00352702 /* Main.storyboard */; };
+		32AFC55A200DB5CC00352702 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 32AFC559200DB5CC00352702 /* Assets.xcassets */; };
+		32AFC55D200DB5CC00352702 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC55C200DB5CC00352702 /* main.m */; };
+		32AFC563200DB5FD00352702 /* kpp.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402611FF375E600C9325F /* kpp.m */; };
+		32AFC565200DB60400352702 /* kernel.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9402661FF376E400C9325F /* kernel.m */; };
+		32AFC566200DB60700352702 /* remount.m in Sources */ = {isa = PBXBuildFile; fileRef = EE9828BE1FF3E2C40085B633 /* remount.m */; };
+		32AFC569200DB69B00352702 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 32AFC568200DB69B00352702 /* IOKit.framework */; };
+		32AFC56B200DB6B900352702 /* launchctl in Resources */ = {isa = PBXBuildFile; fileRef = EE9828C61FF4187F0085B633 /* launchctl */; };
+		32AFC56C200DB6BC00352702 /* reload in Resources */ = {isa = PBXBuildFile; fileRef = EE9828C71FF4187F0085B633 /* reload */; };
+		32AFC56D200DB6C000352702 /* 0.reload.plist in Resources */ = {isa = PBXBuildFile; fileRef = EE9828C51FF4187F0085B633 /* 0.reload.plist */; };
+		32AFC56F200DC2C200352702 /* bootstrap.tar in Resources */ = {isa = PBXBuildFile; fileRef = 32AFC56E200DC2B800352702 /* bootstrap.tar */; };
+		32AFC570200DC2CF00352702 /* dropbear.plist in Resources */ = {isa = PBXBuildFile; fileRef = EEE1C5101FF5D3FE00A77E2C /* dropbear.plist */; };
+		32AFC573200DC48900352702 /* patchfinder64.c in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC571200DC48800352702 /* patchfinder64.c */; };
+		32AFC576200DC58A00352702 /* bootstrap.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC575200DC58A00352702 /* bootstrap.m */; };
+		32AFC578200F183400352702 /* tar in Resources */ = {isa = PBXBuildFile; fileRef = 32AFC577200F182C00352702 /* tar */; };
+		32AFC57A200F2FBF00352702 /* binpack64-256.tar in Resources */ = {isa = PBXBuildFile; fileRef = 32AFC579200F2DC100352702 /* binpack64-256.tar */; };
+		32AFC5832010A77100352702 /* v0rtex2.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC5822010A56B00352702 /* v0rtex2.m */; };
+		32AFC5842010A77400352702 /* offsets2.m in Sources */ = {isa = PBXBuildFile; fileRef = 32AFC5802010A56B00352702 /* offsets2.m */; };
 		EE0A1C281FF8891A001030DB /* SettingsController.m in Sources */ = {isa = PBXBuildFile; fileRef = EE0A1C271FF8891A001030DB /* SettingsController.m */; };
 		EE1C60E41FFACA3600D30AAC /* bootstrap.tar in Resources */ = {isa = PBXBuildFile; fileRef = EE1C60E31FFACA3500D30AAC /* bootstrap.tar */; };
 		EE7DA0F42008751B002A63FC /* y0nkers.m4v in Resources */ = {isa = PBXBuildFile; fileRef = EE7DA0F32008751B002A63FC /* y0nkers.m4v */; };
@@ -32,6 +53,29 @@
 /* End PBXBuildFile section */
 
 /* Begin PBXFileReference section */
+		327748382011FF7C00B538DA /* motd */ = {isa = PBXFileReference; lastKnownFileType = text; path = motd; sourceTree = "<group>"; };
+		32AFC54E200DB5CC00352702 /* g0blinTV.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = g0blinTV.app; sourceTree = BUILT_PRODUCTS_DIR; };
+		32AFC550200DB5CC00352702 /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = "<group>"; };
+		32AFC551200DB5CC00352702 /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = "<group>"; };
+		32AFC553200DB5CC00352702 /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ViewController.h; sourceTree = "<group>"; };
+		32AFC554200DB5CC00352702 /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ViewController.m; sourceTree = "<group>"; };
+		32AFC557200DB5CC00352702 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; };
+		32AFC559200DB5CC00352702 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
+		32AFC55B200DB5CC00352702 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+		32AFC55C200DB5CC00352702 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
+		32AFC568200DB69B00352702 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = g0blinTV/IOKit.framework; sourceTree = "<group>"; };
+		32AFC56E200DC2B800352702 /* bootstrap.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = bootstrap.tar; sourceTree = "<group>"; };
+		32AFC571200DC48800352702 /* patchfinder64.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = patchfinder64.c; path = g0blin/patchfinder64.c; sourceTree = SOURCE_ROOT; };
+		32AFC572200DC48800352702 /* patchfinder64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = patchfinder64.h; path = g0blin/patchfinder64.h; sourceTree = SOURCE_ROOT; };
+		32AFC574200DC58A00352702 /* bootstrap.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = bootstrap.h; sourceTree = "<group>"; };
+		32AFC575200DC58A00352702 /* bootstrap.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = bootstrap.m; sourceTree = "<group>"; };
+		32AFC577200F182C00352702 /* tar */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = tar; sourceTree = "<group>"; };
+		32AFC579200F2DC100352702 /* binpack64-256.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = "binpack64-256.tar"; sourceTree = "<group>"; };
+		32AFC57E2010A56B00352702 /* common2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = common2.h; sourceTree = "<group>"; };
+		32AFC57F2010A56B00352702 /* offsets2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = offsets2.h; sourceTree = "<group>"; };
+		32AFC5802010A56B00352702 /* offsets2.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = offsets2.m; sourceTree = "<group>"; };
+		32AFC5812010A56B00352702 /* v0rtex2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = v0rtex2.h; sourceTree = "<group>"; };
+		32AFC5822010A56B00352702 /* v0rtex2.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = v0rtex2.m; sourceTree = "<group>"; };
 		EE0A1C261FF8891A001030DB /* SettingsController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SettingsController.h; sourceTree = "<group>"; };
 		EE0A1C271FF8891A001030DB /* SettingsController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SettingsController.m; sourceTree = "<group>"; };
 		EE1C60E31FFACA3500D30AAC /* bootstrap.tar */ = {isa = PBXFileReference; lastKnownFileType = archive.tar; path = bootstrap.tar; sourceTree = "<group>"; };
@@ -71,6 +115,14 @@
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
+		32AFC54B200DB5CC00352702 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				32AFC569200DB69B00352702 /* IOKit.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		EE9402381FF33CAE00C9325F /* Frameworks */ = {
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
@@ -82,10 +134,47 @@
 /* End PBXFrameworksBuildPhase section */
 
 /* Begin PBXGroup section */
+		32AFC54F200DB5CC00352702 /* g0blinTV */ = {
+			isa = PBXGroup;
+			children = (
+				32AFC57D2010A56B00352702 /* NewV0rtex */,
+				32AFC579200F2DC100352702 /* binpack64-256.tar */,
+				32AFC577200F182C00352702 /* tar */,
+				32AFC574200DC58A00352702 /* bootstrap.h */,
+				32AFC575200DC58A00352702 /* bootstrap.m */,
+				327748382011FF7C00B538DA /* motd */,
+				32AFC571200DC48800352702 /* patchfinder64.c */,
+				32AFC572200DC48800352702 /* patchfinder64.h */,
+				32AFC56E200DC2B800352702 /* bootstrap.tar */,
+				32AFC550200DB5CC00352702 /* AppDelegate.h */,
+				32AFC551200DB5CC00352702 /* AppDelegate.m */,
+				32AFC553200DB5CC00352702 /* ViewController.h */,
+				32AFC554200DB5CC00352702 /* ViewController.m */,
+				32AFC556200DB5CC00352702 /* Main.storyboard */,
+				32AFC559200DB5CC00352702 /* Assets.xcassets */,
+				32AFC55B200DB5CC00352702 /* Info.plist */,
+				32AFC55C200DB5CC00352702 /* main.m */,
+			);
+			path = g0blinTV;
+			sourceTree = "<group>";
+		};
+		32AFC57D2010A56B00352702 /* NewV0rtex */ = {
+			isa = PBXGroup;
+			children = (
+				32AFC57E2010A56B00352702 /* common2.h */,
+				32AFC57F2010A56B00352702 /* offsets2.h */,
+				32AFC5802010A56B00352702 /* offsets2.m */,
+				32AFC5812010A56B00352702 /* v0rtex2.h */,
+				32AFC5822010A56B00352702 /* v0rtex2.m */,
+			);
+			path = NewV0rtex;
+			sourceTree = "<group>";
+		};
 		EE9402321FF33CAE00C9325F = {
 			isa = PBXGroup;
 			children = (
 				EE94023D1FF33CAE00C9325F /* g0blin */,
+				32AFC54F200DB5CC00352702 /* g0blinTV */,
 				EE94023C1FF33CAE00C9325F /* Products */,
 				EE94025C1FF3453200C9325F /* Frameworks */,
 			);
@@ -95,6 +184,7 @@
 			isa = PBXGroup;
 			children = (
 				EE94023B1FF33CAE00C9325F /* g0blin.app */,
+				32AFC54E200DB5CC00352702 /* g0blinTV.app */,
 			);
 			name = Products;
 			sourceTree = "<group>";
@@ -138,6 +228,7 @@
 		EE94025C1FF3453200C9325F /* Frameworks */ = {
 			isa = PBXGroup;
 			children = (
+				32AFC568200DB69B00352702 /* IOKit.framework */,
 				EE94025D1FF3453200C9325F /* IOKit.framework */,
 			);
 			name = Frameworks;
@@ -159,6 +250,23 @@
 /* End PBXGroup section */
 
 /* Begin PBXNativeTarget section */
+		32AFC54D200DB5CC00352702 /* g0blinTV */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 32AFC560200DB5CC00352702 /* Build configuration list for PBXNativeTarget "g0blinTV" */;
+			buildPhases = (
+				32AFC54A200DB5CC00352702 /* Sources */,
+				32AFC54B200DB5CC00352702 /* Frameworks */,
+				32AFC54C200DB5CC00352702 /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = g0blinTV;
+			productName = g0blinTV;
+			productReference = 32AFC54E200DB5CC00352702 /* g0blinTV.app */;
+			productType = "com.apple.product-type.application";
+		};
 		EE94023A1FF33CAE00C9325F /* g0blin */ = {
 			isa = PBXNativeTarget;
 			buildConfigurationList = EE9402511FF33CAE00C9325F /* Build configuration list for PBXNativeTarget "g0blin" */;
@@ -185,6 +293,10 @@
 				LastUpgradeCheck = 0900;
 				ORGANIZATIONNAME = Sticktron;
 				TargetAttributes = {
+					32AFC54D200DB5CC00352702 = {
+						CreatedOnToolsVersion = 9.0;
+						ProvisioningStyle = Automatic;
+					};
 					EE94023A1FF33CAE00C9325F = {
 						CreatedOnToolsVersion = 9.0;
 						ProvisioningStyle = Automatic;
@@ -205,11 +317,29 @@
 			projectRoot = "";
 			targets = (
 				EE94023A1FF33CAE00C9325F /* g0blin */,
+				32AFC54D200DB5CC00352702 /* g0blinTV */,
 			);
 		};
 /* End PBXProject section */
 
 /* Begin PBXResourcesBuildPhase section */
+		32AFC54C200DB5CC00352702 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				32AFC55A200DB5CC00352702 /* Assets.xcassets in Resources */,
+				32AFC578200F183400352702 /* tar in Resources */,
+				32AFC558200DB5CC00352702 /* Main.storyboard in Resources */,
+				32AFC56B200DB6B900352702 /* launchctl in Resources */,
+				32AFC56F200DC2C200352702 /* bootstrap.tar in Resources */,
+				32AFC57A200F2FBF00352702 /* binpack64-256.tar in Resources */,
+				327748392011FF7C00B538DA /* motd in Resources */,
+				32AFC56C200DB6BC00352702 /* reload in Resources */,
+				32AFC570200DC2CF00352702 /* dropbear.plist in Resources */,
+				32AFC56D200DB6C000352702 /* 0.reload.plist in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		EE9402391FF33CAE00C9325F /* Resources */ = {
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
@@ -230,6 +360,23 @@
 /* End PBXResourcesBuildPhase section */
 
 /* Begin PBXSourcesBuildPhase section */
+		32AFC54A200DB5CC00352702 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				32AFC5842010A77400352702 /* offsets2.m in Sources */,
+				32AFC576200DC58A00352702 /* bootstrap.m in Sources */,
+				32AFC566200DB60700352702 /* remount.m in Sources */,
+				32AFC555200DB5CC00352702 /* ViewController.m in Sources */,
+				32AFC5832010A77100352702 /* v0rtex2.m in Sources */,
+				32AFC565200DB60400352702 /* kernel.m in Sources */,
+				32AFC563200DB5FD00352702 /* kpp.m in Sources */,
+				32AFC55D200DB5CC00352702 /* main.m in Sources */,
+				32AFC573200DC48900352702 /* patchfinder64.c in Sources */,
+				32AFC552200DB5CC00352702 /* AppDelegate.m in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		EE9402371FF33CAE00C9325F /* Sources */ = {
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
@@ -251,6 +398,14 @@
 /* End PBXSourcesBuildPhase section */
 
 /* Begin PBXVariantGroup section */
+		32AFC556200DB5CC00352702 /* Main.storyboard */ = {
+			isa = PBXVariantGroup;
+			children = (
+				32AFC557200DB5CC00352702 /* Base */,
+			);
+			name = Main.storyboard;
+			sourceTree = "<group>";
+		};
 		EE9402441FF33CAE00C9325F /* Main.storyboard */ = {
 			isa = PBXVariantGroup;
 			children = (
@@ -270,6 +425,52 @@
 /* End PBXVariantGroup section */
 
 /* Begin XCBuildConfiguration section */
+		32AFC55E200DB5CC00352702 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = YES;
+				ASSETCATALOG_COMPILER_APPICON_NAME = "App Icon & Top Shelf Image";
+				ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage;
+				CODE_SIGN_STYLE = Automatic;
+				DEVELOPMENT_TEAM = DRS5893MPG;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/g0blinTV",
+				);
+				HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/g0blinTV/**";
+				INFOPLIST_FILE = g0blinTV/Info.plist;
+				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
+				PRODUCT_BUNDLE_IDENTIFIER = com.nito.g0blinTV;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = appletvos;
+				TARGETED_DEVICE_FAMILY = 3;
+				TVOS_DEPLOYMENT_TARGET = 10.1;
+			};
+			name = Debug;
+		};
+		32AFC55F200DB5CC00352702 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = YES;
+				ASSETCATALOG_COMPILER_APPICON_NAME = "App Icon & Top Shelf Image";
+				ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage;
+				CODE_SIGN_STYLE = Automatic;
+				DEVELOPMENT_TEAM = DRS5893MPG;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"$(PROJECT_DIR)/g0blinTV",
+				);
+				HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/g0blinTV/**";
+				INFOPLIST_FILE = g0blinTV/Info.plist;
+				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
+				PRODUCT_BUNDLE_IDENTIFIER = com.nito.g0blinTV;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SDKROOT = appletvos;
+				TARGETED_DEVICE_FAMILY = 3;
+				TVOS_DEPLOYMENT_TARGET = 10.1;
+			};
+			name = Release;
+		};
 		EE94024F1FF33CAE00C9325F /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
@@ -405,6 +606,15 @@
 /* End XCBuildConfiguration section */
 
 /* Begin XCConfigurationList section */
+		32AFC560200DB5CC00352702 /* Build configuration list for PBXNativeTarget "g0blinTV" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				32AFC55E200DB5CC00352702 /* Debug */,
+				32AFC55F200DB5CC00352702 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
 		EE9402361FF33CAE00C9325F /* Build configuration list for PBXProject "g0blin" */ = {
 			isa = XCConfigurationList;
 			buildConfigurations = (

g0blin/dropbear.plist

@@ -11,8 +11,6 @@
 		<string>/usr/local/bin/dropbear</string>
 		<string>-F</string>
 		<string>-R</string>
-		<string>-p</string>
-		<string>2222</string>
 	</array>
 	<key>RunAtLoad</key>
 	<true/>

g0blin/kpp.h

@@ -382,6 +382,9 @@ uint32_t kx5(uint64_t fptr, uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_
 //------------------------------------------------------------------------------
 // From Tihmstar
 //------------------------------------------------------------------------------
+
+/*
+
 struct mac_policy_ops{
     uint64_t mpo_audit_check_postselect;
     uint64_t mpo_audit_check_preselect;
@@ -769,8 +772,345 @@ struct mac_policy_ops{
     uint64_t mpo_vnode_notify_setutimes;
     uint64_t mpo_vnode_notify_truncate;
 };
+*/
 
-
+struct mac_policy_ops {
+    uint64_t mpo_audit_check_postselect;
+    uint64_t mpo_audit_check_preselect;
+    uint64_t mpo_bpfdesc_label_associate;
+    uint64_t mpo_bpfdesc_label_destroy;
+    uint64_t mpo_bpfdesc_label_init;
+    uint64_t mpo_bpfdesc_check_receive;
+    uint64_t mpo_cred_check_label_update_execve;
+    uint64_t mpo_cred_check_label_update;
+    uint64_t mpo_cred_check_visible;
+    uint64_t mpo_cred_label_associate_fork;
+    uint64_t mpo_cred_label_associate_kernel;
+    uint64_t mpo_cred_label_associate;
+    uint64_t mpo_cred_label_associate_user;
+    uint64_t mpo_cred_label_destroy;
+    uint64_t mpo_cred_label_externalize_audit;
+    uint64_t mpo_cred_label_externalize;
+    uint64_t mpo_cred_label_init;
+    uint64_t mpo_cred_label_internalize;
+    uint64_t mpo_cred_label_update_execve;
+    uint64_t mpo_cred_label_update;
+    uint64_t mpo_devfs_label_associate_device;
+    uint64_t mpo_devfs_label_associate_directory;
+    uint64_t mpo_devfs_label_copy;
+    uint64_t mpo_devfs_label_destroy;
+    uint64_t mpo_devfs_label_init;
+    uint64_t mpo_devfs_label_update;
+    uint64_t mpo_file_check_change_offset;
+    uint64_t mpo_file_check_create;
+    uint64_t mpo_file_check_dup;
+    uint64_t mpo_file_check_fcntl;
+    uint64_t mpo_file_check_get_offset;
+    uint64_t mpo_file_check_get;
+    uint64_t mpo_file_check_inherit;
+    uint64_t mpo_file_check_ioctl;
+    uint64_t mpo_file_check_lock;
+    uint64_t mpo_file_check_mmap_downgrade;
+    uint64_t mpo_file_check_mmap;
+    uint64_t mpo_file_check_receive;
+    uint64_t mpo_file_check_set;
+    uint64_t mpo_file_label_init;
+    uint64_t mpo_file_label_destroy;
+    uint64_t mpo_file_label_associate;
+    uint64_t mpo_ifnet_check_label_update;
+    uint64_t mpo_ifnet_check_transmit;
+    uint64_t mpo_ifnet_label_associate;
+    uint64_t mpo_ifnet_label_copy;
+    uint64_t mpo_ifnet_label_destroy;
+    uint64_t mpo_ifnet_label_externalize;
+    uint64_t mpo_ifnet_label_init;
+    uint64_t mpo_ifnet_label_internalize;
+    uint64_t mpo_ifnet_label_update;
+    uint64_t mpo_ifnet_label_recycle;
+    uint64_t mpo_inpcb_check_deliver;
+    uint64_t mpo_inpcb_label_associate;
+    uint64_t mpo_inpcb_label_destroy;
+    uint64_t mpo_inpcb_label_init;
+    uint64_t mpo_inpcb_label_recycle;
+    uint64_t mpo_inpcb_label_update;
+    uint64_t mpo_iokit_check_device;
+    uint64_t mpo_ipq_label_associate;
+    uint64_t mpo_ipq_label_compare;
+    uint64_t mpo_ipq_label_destroy;
+    uint64_t mpo_ipq_label_init;
+    uint64_t mpo_ipq_label_update;
+    uint64_t mpo_file_check_library_validation;
+    uint64_t mpo_vnode_notify_setacl;
+    uint64_t mpo_vnode_notify_setattrlist;
+    uint64_t mpo_vnode_notify_setextattr;
+    uint64_t mpo_vnode_notify_setflags;
+    uint64_t mpo_vnode_notify_setmode;
+    uint64_t mpo_vnode_notify_setowner;
+    uint64_t mpo_vnode_notify_setutimes;
+    uint64_t mpo_vnode_notify_truncate;
+    uint64_t mpo_mbuf_label_associate_bpfdesc;
+    uint64_t mpo_mbuf_label_associate_ifnet;
+    uint64_t mpo_mbuf_label_associate_inpcb;
+    uint64_t mpo_mbuf_label_associate_ipq;
+    uint64_t mpo_mbuf_label_associate_linklayer;
+    uint64_t mpo_mbuf_label_associate_multicast_encap;
+    uint64_t mpo_mbuf_label_associate_netlayer;
+    uint64_t mpo_mbuf_label_associate_socket;
+    uint64_t mpo_mbuf_label_copy;
+    uint64_t mpo_mbuf_label_destroy;
+    uint64_t mpo_mbuf_label_init;
+    uint64_t mpo_mount_check_fsctl;
+    uint64_t mpo_mount_check_getattr;
+    uint64_t mpo_mount_check_label_update;
+    uint64_t mpo_mount_check_mount;
+    uint64_t mpo_mount_check_remount;
+    uint64_t mpo_mount_check_setattr;
+    uint64_t mpo_mount_check_stat;
+    uint64_t mpo_mount_check_umount;
+    uint64_t mpo_mount_label_associate;
+    uint64_t mpo_mount_label_destroy;
+    uint64_t mpo_mount_label_externalize;
+    uint64_t mpo_mount_label_init;
+    uint64_t mpo_mount_label_internalize;
+    uint64_t mpo_netinet_fragment;
+    uint64_t mpo_netinet_icmp_reply;
+    uint64_t mpo_netinet_tcp_reply;
+    uint64_t mpo_pipe_check_ioctl;
+    uint64_t mpo_pipe_check_kqfilter;
+    uint64_t mpo_pipe_check_label_update;
+    uint64_t mpo_pipe_check_read;
+    uint64_t mpo_pipe_check_select;
+    uint64_t mpo_pipe_check_stat;
+    uint64_t mpo_pipe_check_write;
+    uint64_t mpo_pipe_label_associate;
+    uint64_t mpo_pipe_label_copy;
+    uint64_t mpo_pipe_label_destroy;
+    uint64_t mpo_pipe_label_externalize;
+    uint64_t mpo_pipe_label_init;
+    uint64_t mpo_pipe_label_internalize;
+    uint64_t mpo_pipe_label_update;
+    uint64_t mpo_policy_destroy;
+    uint64_t mpo_policy_init;
+    uint64_t mpo_policy_initbsd;
+    uint64_t mpo_policy_syscall;
+    uint64_t mpo_system_check_sysctlbyname;
+    uint64_t mpo_proc_check_inherit_ipc_ports;
+    uint64_t mpo_vnode_check_rename;
+    uint64_t mpo_kext_check_query;
+    uint64_t mpo_iokit_check_nvram_get;
+    uint64_t mpo_iokit_check_nvram_set;
+    uint64_t mpo_iokit_check_nvram_delete;
+    uint64_t mpo_proc_check_expose_task;
+    uint64_t mpo_proc_check_set_host_special_port;
+    uint64_t mpo_proc_check_set_host_exception_port;
+    uint64_t mpo_exc_action_check_exception_send;
+    uint64_t mpo_exc_action_label_associate;
+    uint64_t mpo_exc_action_label_copy;
+    uint64_t mpo_exc_action_label_destroy;
+    uint64_t mpo_exc_action_label_init;
+    uint64_t mpo_exc_action_label_update;
+    uint64_t mpo_reserved1;
+    uint64_t mpo_reserved2;
+    uint64_t mpo_reserved3;
+    uint64_t mpo_reserved4;
+    uint64_t mpo_reserved5;
+    uint64_t mpo_reserved6;
+    uint64_t mpo_posixsem_check_create;
+    uint64_t mpo_posixsem_check_open;
+    uint64_t mpo_posixsem_check_post;
+    uint64_t mpo_posixsem_check_unlink;
+    uint64_t mpo_posixsem_check_wait;
+    uint64_t mpo_posixsem_label_associate;
+    uint64_t mpo_posixsem_label_destroy;
+    uint64_t mpo_posixsem_label_init;
+    uint64_t mpo_posixshm_check_create;
+    uint64_t mpo_posixshm_check_mmap;
+    uint64_t mpo_posixshm_check_open;
+    uint64_t mpo_posixshm_check_stat;
+    uint64_t mpo_posixshm_check_truncate;
+    uint64_t mpo_posixshm_check_unlink;
+    uint64_t mpo_posixshm_label_associate;
+    uint64_t mpo_posixshm_label_destroy;
+    uint64_t mpo_posixshm_label_init;
+    uint64_t mpo_proc_check_debug;
+    uint64_t mpo_proc_check_fork;
+    uint64_t mpo_proc_check_get_task_name;
+    uint64_t mpo_proc_check_get_task;
+    uint64_t mpo_proc_check_getaudit;
+    uint64_t mpo_proc_check_getauid;
+    uint64_t mpo_proc_check_getlcid;
+    uint64_t mpo_proc_check_mprotect;
+    uint64_t mpo_proc_check_sched;
+    uint64_t mpo_proc_check_setaudit;
+    uint64_t mpo_proc_check_setauid;
+    uint64_t mpo_proc_check_setlcid;
+    uint64_t mpo_proc_check_signal;
+    uint64_t mpo_proc_check_wait;
+    uint64_t mpo_proc_label_destroy;
+    uint64_t mpo_proc_label_init;
+    uint64_t mpo_socket_check_accept;
+    uint64_t mpo_socket_check_accepted;
+    uint64_t mpo_socket_check_bind;
+    uint64_t mpo_socket_check_connect;
+    uint64_t mpo_socket_check_create;
+    uint64_t mpo_socket_check_deliver;
+    uint64_t mpo_socket_check_kqfilter;
+    uint64_t mpo_socket_check_label_update;
+    uint64_t mpo_socket_check_listen;
+    uint64_t mpo_socket_check_receive;
+    uint64_t mpo_socket_check_received;
+    uint64_t mpo_socket_check_select;
+    uint64_t mpo_socket_check_send;
+    uint64_t mpo_socket_check_stat;
+    uint64_t mpo_socket_check_setsockopt;
+    uint64_t mpo_socket_check_getsockopt;
+    uint64_t mpo_socket_label_associate_accept;
+    uint64_t mpo_socket_label_associate;
+    uint64_t mpo_socket_label_copy;
+    uint64_t mpo_socket_label_destroy;
+    uint64_t mpo_socket_label_externalize;
+    uint64_t mpo_socket_label_init;
+    uint64_t mpo_socket_label_internalize;
+    uint64_t mpo_socket_label_update;
+    uint64_t mpo_socketpeer_label_associate_mbuf;
+    uint64_t mpo_socketpeer_label_associate_socket;
+    uint64_t mpo_socketpeer_label_destroy;
+    uint64_t mpo_socketpeer_label_externalize;
+    uint64_t mpo_socketpeer_label_init;
+    uint64_t mpo_system_check_acct;
+    uint64_t mpo_system_check_audit;
+    uint64_t mpo_system_check_auditctl;
+    uint64_t mpo_system_check_auditon;
+    uint64_t mpo_system_check_host_priv;
+    uint64_t mpo_system_check_nfsd;
+    uint64_t mpo_system_check_reboot;
+    uint64_t mpo_system_check_settime;
+    uint64_t mpo_system_check_swapoff;
+    uint64_t mpo_system_check_swapon;
+    uint64_t mpo_reserved7;
+    uint64_t mpo_sysvmsg_label_associate;
+    uint64_t mpo_sysvmsg_label_destroy;
+    uint64_t mpo_sysvmsg_label_init;
+    uint64_t mpo_sysvmsg_label_recycle;
+    uint64_t mpo_sysvmsq_check_enqueue;
+    uint64_t mpo_sysvmsq_check_msgrcv;
+    uint64_t mpo_sysvmsq_check_msgrmid;
+    uint64_t mpo_sysvmsq_check_msqctl;
+    uint64_t mpo_sysvmsq_check_msqget;
+    uint64_t mpo_sysvmsq_check_msqrcv;
+    uint64_t mpo_sysvmsq_check_msqsnd;
+    uint64_t mpo_sysvmsq_label_associate;
+    uint64_t mpo_sysvmsq_label_destroy;
+    uint64_t mpo_sysvmsq_label_init;
+    uint64_t mpo_sysvmsq_label_recycle;
+    uint64_t mpo_sysvsem_check_semctl;
+    uint64_t mpo_sysvsem_check_semget;
+    uint64_t mpo_sysvsem_check_semop;
+    uint64_t mpo_sysvsem_label_associate;
+    uint64_t mpo_sysvsem_label_destroy;
+    uint64_t mpo_sysvsem_label_init;
+    uint64_t mpo_sysvsem_label_recycle;
+    uint64_t mpo_sysvshm_check_shmat;
+    uint64_t mpo_sysvshm_check_shmctl;
+    uint64_t mpo_sysvshm_check_shmdt;
+    uint64_t mpo_sysvshm_check_shmget;
+    uint64_t mpo_sysvshm_label_associate;
+    uint64_t mpo_sysvshm_label_destroy;
+    uint64_t mpo_sysvshm_label_init;
+    uint64_t mpo_sysvshm_label_recycle;
+    uint64_t mpo_reserved8;
+    uint64_t mpo_mount_check_snapshot_revert;
+    uint64_t mpo_vnode_check_getattr;
+    uint64_t mpo_mount_check_snapshot_create;
+    uint64_t mpo_mount_check_snapshot_delete;
+    uint64_t mpo_vnode_check_clone;
+    uint64_t mpo_proc_check_get_cs_info;
+    uint64_t mpo_proc_check_set_cs_info;
+    uint64_t mpo_iokit_check_hid_control;
+    uint64_t mpo_vnode_check_access;
+    uint64_t mpo_vnode_check_chdir;
+    uint64_t mpo_vnode_check_chroot;
+    uint64_t mpo_vnode_check_create;
+    uint64_t mpo_vnode_check_deleteextattr;
+    uint64_t mpo_vnode_check_exchangedata;
+    uint64_t mpo_vnode_check_exec;
+    uint64_t mpo_vnode_check_getattrlist;
+    uint64_t mpo_vnode_check_getextattr;
+    uint64_t mpo_vnode_check_ioctl;
+    uint64_t mpo_vnode_check_kqfilter;
+    uint64_t mpo_vnode_check_label_update;
+    uint64_t mpo_vnode_check_link;
+    uint64_t mpo_vnode_check_listextattr;
+    uint64_t mpo_vnode_check_lookup;
+    uint64_t mpo_vnode_check_open;
+    uint64_t mpo_vnode_check_read;
+    uint64_t mpo_vnode_check_readdir;
+    uint64_t mpo_vnode_check_readlink;
+    uint64_t mpo_vnode_check_rename_from;
+    uint64_t mpo_vnode_check_rename_to;
+    uint64_t mpo_vnode_check_revoke;
+    uint64_t mpo_vnode_check_select;
+    uint64_t mpo_vnode_check_setattrlist;
+    uint64_t mpo_vnode_check_setextattr;
+    uint64_t mpo_vnode_check_setflags;
+    uint64_t mpo_vnode_check_setmode;
+    uint64_t mpo_vnode_check_setowner;
+    uint64_t mpo_vnode_check_setutimes;
+    uint64_t mpo_vnode_check_stat;
+    uint64_t mpo_vnode_check_truncate;
+    uint64_t mpo_vnode_check_unlink;
+    uint64_t mpo_vnode_check_write;
+    uint64_t mpo_vnode_label_associate_devfs;
+    uint64_t mpo_vnode_label_associate_extattr;
+    uint64_t mpo_vnode_label_associate_file;
+    uint64_t mpo_vnode_label_associate_pipe;
+    uint64_t mpo_vnode_label_associate_posixsem;
+    uint64_t mpo_vnode_label_associate_posixshm;
+    uint64_t mpo_vnode_label_associate_singlelabel;
+    uint64_t mpo_vnode_label_associate_socket;
+    uint64_t mpo_vnode_label_copy;
+    uint64_t mpo_vnode_label_destroy;
+    uint64_t mpo_vnode_label_externalize_audit;
+    uint64_t mpo_vnode_label_externalize;
+    uint64_t mpo_vnode_label_init;
+    uint64_t mpo_vnode_label_internalize;
+    uint64_t mpo_vnode_label_recycle;
+    uint64_t mpo_vnode_label_store;
+    uint64_t mpo_vnode_label_update_extattr;
+    uint64_t mpo_vnode_label_update;
+    uint64_t mpo_vnode_notify_create;
+    uint64_t mpo_vnode_check_signature;
+    uint64_t mpo_vnode_check_uipc_bind;
+    uint64_t mpo_vnode_check_uipc_connect;
+    uint64_t mpo_proc_check_run_cs_invalid;
+    uint64_t mpo_proc_check_suspend_resume;
+    uint64_t mpo_thread_userret;
+    uint64_t mpo_iokit_check_set_properties;
+    uint64_t mpo_system_check_chud;
+    uint64_t mpo_vnode_check_searchfs;
+    uint64_t mpo_priv_check;
+    uint64_t mpo_priv_grant;
+    uint64_t mpo_proc_check_map_anon;
+    uint64_t mpo_vnode_check_fsgetpath;
+    uint64_t mpo_iokit_check_open;
+    uint64_t mpo_proc_check_ledger;
+    uint64_t mpo_vnode_notify_rename;
+    uint64_t mpo_vnode_check_setacl;
+    uint64_t mpo_vnode_notify_deleteextattr;
+    uint64_t mpo_system_check_kas_info;
+    uint64_t mpo_proc_check_cpumon;
+    uint64_t mpo_vnode_notify_open;
+    uint64_t mpo_system_check_info;
+    uint64_t mpo_pty_notify_grant;
+    uint64_t mpo_pty_notify_close;
+    uint64_t mpo_vnode_find_sigs;
+    uint64_t mpo_kext_check_load;
+    uint64_t mpo_kext_check_unload;
+    uint64_t mpo_proc_check_proc_info;
+    uint64_t mpo_vnode_notify_link;
+    uint64_t mpo_iokit_check_filter_properties;
+    uint64_t mpo_iokit_check_get_property;
+};
 
 kern_return_t mach_vm_read_overwrite(vm_map_t target_task, mach_vm_address_t address, mach_vm_size_t size, mach_vm_address_t data, mach_vm_size_t *outsize);
 kern_return_t mach_vm_write(vm_map_t target_task, mach_vm_address_t address, vm_offset_t data, mach_msg_type_number_t dataCnt);

g0blin/kpp.m

@@ -300,9 +300,10 @@ remappage[remapcnt++] = (x & (~PMK));\
     WriteAnywhere64(ReadAnywhere64(pmap_store), level1_table);
 
     uint64_t shtramp = kernbase + ((const struct mach_header *)find_mh())->sizeofcmds + sizeof(struct mach_header_64);
+    LOG("before first remap");
     RemapPage(cpacr_addr);
     WriteAnywhere32(NewPointer(cpacr_addr), 0x94000000 | (((shtramp - cpacr_addr)/4) & 0x3FFFFFF));
-
+    LOG("before second remap");
     RemapPage(shtramp);
     WriteAnywhere32(NewPointer(shtramp), 0x58000041);
     WriteAnywhere32(NewPointer(shtramp)+4, 0xd61f0020);
@@ -310,15 +311,16 @@ remappage[remapcnt++] = (x & (~PMK));\
 
     uint64_t lwvm_write = find_lwvm_mapio_patch();
     uint64_t lwvm_value = find_lwvm_mapio_newj();
+    LOG("before third remap");
     RemapPage(lwvm_write);
     WriteAnywhere64(NewPointer(lwvm_write), lwvm_value);
     
     uint64_t kernvers = find_str("Darwin Kernel Version");
     uint64_t release = find_str("RELEASE_ARM");
-
+    LOG("before fourth remap");
     RemapPage(kernvers-4);
     WriteAnywhere32(NewPointer(kernvers-4), 1);
-
+    LOG("before fifth remap");
     RemapPage(release);
     if (NewPointer(release) == (NewPointer(release+11) - 11)) {
         copyout(NewPointer(release), "MarijuanARM", 11); /* marijuanarm */
@@ -393,9 +395,9 @@ remappage[remapcnt++] = (x & (~PMK));\
     }
     
     {
-        /*
-         sandbox
-         */
+     
+        // sandbox
+     
 
         uint64_t sbops = find_sbops();
         uint64_t sbops_end = sbops + sizeof(struct mac_policy_ops) + PMK;
@@ -446,8 +448,28 @@ remappage[remapcnt++] = (x & (~PMK));\
 
         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_notify_create)), 0);
         
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_signal)),0);
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_wait)),0);
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_suspend_resume)),0);
+       /*
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_debug)), 0);
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_expose_task)), 0);
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_get_task_name)), 0);
+        WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_proc_check_get_task)), 0);
+         WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_vnode_check_revoke)), 0);
+        */
+        //WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_file_check_ioctl)),0);
+       // WriteAnywhere64(NewPointer(sbops+offsetof(struct mac_policy_ops, mpo_policy_syscall)),0);
+        //mpo_file_check_ioctl
+        //mpo_proc_check_suspend_resume
+        //mpo_proc_check_wait
+       //look into this one mpo_iokit_check_hid_control
+        //mpo_policy_syscall
+        //mpo_proc_check_proc_info
+        
         // mpo_cred_check_label_update_execve - tihmstar
         // WARNING - has to patched like this or Widgets (and javascript?) fail.
+      
         {
             uint64_t off = find_sandbox_label_update_execve();
             
@@ -461,6 +483,7 @@ remappage[remapcnt++] = (x & (~PMK));\
             RemapPage(off);
             WriteAnywhere32(NewPointer(off), INSN_NOP);
         }
+       
     }
     
     {

g0blin/offsets.m

@@ -50,6 +50,202 @@ kern_return_t init_offsets()
     sysctl(version_prop, 2, osversion, &version_prop_len, NULL, 0);
     LOG("version: %s", osversion);
     
+    // Apple TV 4 (2015)
+    if(!strcmp(device, "AppleTV5,3"))
+    {
+        // 10.2.2
+        if(!strcmp(osversion, "14W756"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007558478;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075b4050;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075b4048;
+            OFFSET_REALHOST                        = 0xfffffff00753aba0;
+            OFFSET_BZERO                           = 0xfffffff00708df80;
+            OFFSET_BCOPY                           = 0xfffffff00708ddc0;
+            OFFSET_COPYIN                          = 0xfffffff00718d028;
+            OFFSET_COPYOUT                         = 0xfffffff00718d21c;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075b40b0;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff00739aa04;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff007374d90;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a60b4;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b938c;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5bd8;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f11678;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff006935398;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00744db90;
+            //OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff00666a09c;
+            
+            
+        }
+        // 10.2.1
+        if(!strcmp(osversion, "14W585a"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007558478;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075b4050;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075b4048;
+            OFFSET_REALHOST                        = 0xfffffff00753aba0;
+            OFFSET_BZERO                           = 0xfffffff00708df80;
+            OFFSET_BCOPY                           = 0xfffffff00708ddc0;
+            OFFSET_COPYIN                          = 0xfffffff00718d37c;
+            OFFSET_COPYOUT                         = 0xfffffff00718d570;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075b40b0;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff00739aab4;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff007374e6c;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a60b4;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b938c;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5bd8;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f15678;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00693a398;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00744dc40;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff00666e09c;
+            
+            
+        }
+        // 10.2
+        if(!strcmp(osversion, "14W265"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007558478;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075b4050;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075b4048;
+            OFFSET_REALHOST                        = 0xfffffff00753aba0;
+            OFFSET_BZERO                           = 0xfffffff00708df80;
+            OFFSET_BCOPY                           = 0xfffffff00708ddc0;
+            OFFSET_COPYIN                          = 0xfffffff00718d3a8;
+            OFFSET_COPYOUT                         = 0xfffffff00718d59c;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075b40b0;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff00739a78c;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff007374b2c;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a611c;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b9374;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5c40;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f15678;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00693d398;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00744d6ac;
+            //OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff00667109c;
+            
+            
+        }
+        // 10.1.1
+        if(!strcmp(osversion, "14U712a"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007566360;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075c2058;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075c2050;
+            OFFSET_REALHOST                        = 0xfffffff007548a98;
+            OFFSET_BZERO                           = 0xfffffff00708e140;
+            OFFSET_BCOPY                           = 0xfffffff00708df80;
+            OFFSET_COPYIN                          = 0xfffffff00718f76c;
+            OFFSET_COPYOUT                         = 0xfffffff00718f974;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075c20b8;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff0073a4940;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff00737e6d4;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a6200;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b98a0;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5d44;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f1c960;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00697e29c;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00745b100;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff0066b30b4;
+            
+            
+        }
+        // 10.1
+        if(!strcmp(osversion, "14U593"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007566360;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075c2058;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075c2050;
+            OFFSET_REALHOST                        = 0xfffffff007548a98;
+            OFFSET_BZERO                           = 0xfffffff00708e140;
+            OFFSET_BCOPY                           = 0xfffffff00708df80;
+            OFFSET_COPYIN                          = 0xfffffff00718f748;
+            OFFSET_COPYOUT                         = 0xfffffff00718f950;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075c20b8;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff0073a491c;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff00737e6b0;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a6200;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b987c;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5d44;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f1c960;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00697e29c;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00745b0dc;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff0066b30b4;
+            
+            
+        }
+        // 10.0.1
+        if(!strcmp(osversion, "14U100"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007562160;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075be058;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075be050;
+            OFFSET_REALHOST                        = 0xfffffff007544898;
+            OFFSET_BZERO                           = 0xfffffff00708a140;
+            OFFSET_BCOPY                           = 0xfffffff007089f80;
+            OFFSET_COPYIN                          = 0xfffffff00718baf8;
+            OFFSET_COPYOUT                         = 0xfffffff00718bd00;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075be0b8;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff0073a0d48;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff00737ab58;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a1bf0;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b4e10;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a18a4;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f1c7a0;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00698629c;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff007456cb8;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff0066bb0b4;
+            
+            
+        }
+        // 10.0.1
+        if(!strcmp(osversion, "14U71"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff007562160;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075be058;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075be050;
+            OFFSET_REALHOST                        = 0xfffffff007544898;
+            OFFSET_BZERO                           = 0xfffffff00708a140;
+            OFFSET_BCOPY                           = 0xfffffff007089f80;
+            OFFSET_COPYIN                          = 0xfffffff00718baf8;
+            OFFSET_COPYOUT                         = 0xfffffff00718bd00;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075be0b8;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff0073a0d48;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff00737ab58;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a1bf0;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b4e10;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a18a4;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f1c7a0;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff00698629c;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff007456cb8;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff0066bb0b4;
+            
+            
+        }
+        // 10.0
+        if(!strcmp(osversion, "14T330"))
+        {
+            OFFSET_ZONE_MAP                        = 0xfffffff00755e160;
+            OFFSET_KERNEL_MAP                      = 0xfffffff0075ba058;
+            OFFSET_KERNEL_TASK                     = 0xfffffff0075ba050;
+            OFFSET_REALHOST                        = 0xfffffff007540898;
+            OFFSET_BZERO                           = 0xfffffff00708a140;
+            OFFSET_BCOPY                           = 0xfffffff007089f80;
+            OFFSET_COPYIN                          = 0xfffffff00718ae90;
+            OFFSET_COPYOUT                         = 0xfffffff00718b098;
+            OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075ba0b8;
+            //OFFSET_CHGPROCCNT                      = 0xfffffff00739f8c8;
+            //OFFSET_KAUTH_CRED_REF                  = 0xfffffff007379a90;
+            OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a16ec;
+            OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b47b0;
+            OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a13a0;
+            OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f1c720;
+            OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff0066d30a8;
+            OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff007455748;
+           // OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff0066bb0b4;
+            
+            
+        }
+    }
     
     // iPhone 6
     if(!strcmp(device, "iPhone7,2"))

g0blin/patchfinder64.c

@@ -418,7 +418,7 @@ follow_cbz(const uint8_t *buf, addr_t cbz)
 #include <unistd.h>
 #include <mach-o/loader.h>
 
-#ifdef __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__
+#ifdef __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__
 #include <mach/mach.h>
 size_t kread(uint64_t where, void *p, size_t size);
 #endif
@@ -457,14 +457,14 @@ init_patchfinder(task_t taskfp0, addr_t base, const char *filename)
     
     init_kernel(taskfp0);
 
-#ifdef __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__
+#ifdef __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__
 #define close(f)
     rv = tfp0_kread(base, buf, sizeof(buf));
     if (rv != sizeof(buf)) {
         printf("failed kread, got size: %zu \n", rv);
         return -1;
     }
-#else	/* __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__ */
+#else	/* __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__ */
     printf("this code right here has run ............. \n");
     int fd = open(filename, O_RDONLY);
     if (fd < 0) {
@@ -479,7 +479,7 @@ init_patchfinder(task_t taskfp0, addr_t base, const char *filename)
         printf("failed at buf read, got rv: %d \n", rv);
         return -1;
     }
-#endif	/* __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__ */
+#endif	/* __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__ */
 
     if (!MACHO(buf)) {
         close(fd);
@@ -554,7 +554,7 @@ init_patchfinder(task_t taskfp0, addr_t base, const char *filename)
     pstring_base -= kerndumpbase;
     kernel_size = max - min;
 
-#ifdef __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__
+#ifdef __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__
     kernel = malloc(kernel_size);
     if (!kernel) {
         printf("failed to malloc kern \n");
@@ -573,7 +573,7 @@ init_patchfinder(task_t taskfp0, addr_t base, const char *filename)
 
     (void)filename;
 #undef close
-#else	/* __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__ */
+#else	/* __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__ */
     kernel = calloc(1, kernel_size);
     if (!kernel) {
         close(fd);
@@ -606,7 +606,7 @@ init_patchfinder(task_t taskfp0, addr_t base, const char *filename)
     close(fd);
 
     (void)base;
-#endif	/* __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__ */
+#endif	/* __ENVIRONMENT_TV_OS_VERSION_MIN_REQUIRED__ */
     return 0;
 }
 

g0blin/pte_stuff.h

@@ -70,7 +70,7 @@ void checkvad() {
         uname(&u);
         host_page_size(mach_host_self(), &sz);
         printf("[INFO]: checkvad: %lx %x\n", sz, getpagesize());
-        if (strstr(u.machine, "iPad5,") == u.machine) {
+        if (strstr(u.machine, "AppleTV5,") == u.machine) {
             sz = 4096; // this is 4k but host_page_size lies to us
         }
         assert(sz);

g0blin/remount.m

@@ -16,7 +16,9 @@
 #define KSTRUCT_OFFSET_VNODE_V_UN       0xd8
 
 kern_return_t do_remount(uint64_t slide) {
-    uint64_t _rootnode = OFFSET_ROOT_MOUNT_V_NODE + slide;
+    //uint64_t _rootnode = OFFSET_ROOT_MOUNT_V_NODE + slide;
+    
+    uint64_t _rootnode = 0xfffffff0075b40b0 + slide;
     uint64_t rootfs_vnode = rk64(_rootnode);
     
     // read flags

g0blinTV/AppDelegate.h

@@ -0,0 +1,17 @@
+//
+//  AppDelegate.h
+//  g0blinTV
+//
+//  Created by Kevin Bradley on 1/15/18.
+//  Copyright © 2018 Sticktron. All rights reserved.
+//
+
+#import <UIKit/UIKit.h>
+
+@interface AppDelegate : UIResponder <UIApplicationDelegate>
+
+@property (strong, nonatomic) UIWindow *window;
+
+
+@end
+

g0blinTV/AppDelegate.m

@@ -0,0 +1,51 @@
+//
+//  AppDelegate.m
+//  g0blinTV
+//
+//  Created by Kevin Bradley on 1/15/18.
+//  Copyright © 2018 Sticktron. All rights reserved.
+//
+
+#import "AppDelegate.h"
+
+@interface AppDelegate ()
+
+@end
+
+@implementation AppDelegate
+
+
+- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
+    // Override point for customization after application launch.
+    return YES;
+}
+
+
+- (void)applicationWillResignActive:(UIApplication *)application {
+    // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state.
+    // Use this method to pause ongoing tasks, disable timers, and throttle down OpenGL ES frame rates. Games should use this method to pause the game.
+}
+
+
+- (void)applicationDidEnterBackground:(UIApplication *)application {
+    // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later.
+    // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits.
+}
+
+
+- (void)applicationWillEnterForeground:(UIApplication *)application {
+    // Called as part of the transition from the background to the active state; here you can undo many of the changes made on entering the background.
+}
+
+
+- (void)applicationDidBecomeActive:(UIApplication *)application {
+    // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface.
+}
+
+
+- (void)applicationWillTerminate:(UIApplication *)application {
+    // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:.
+}
+
+
+@end

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Back.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Back.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Contents.json

@@ -0,0 +1,17 @@
+{
+  "layers" : [
+    {
+      "filename" : "Front.imagestacklayer"
+    },
+    {
+      "filename" : "Middle.imagestacklayer"
+    },
+    {
+      "filename" : "Back.imagestacklayer"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Front.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Front.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Middle.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon - App Store.imagestack/Middle.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Back.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Back.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Contents.json

@@ -0,0 +1,17 @@
+{
+  "layers" : [
+    {
+      "filename" : "Front.imagestacklayer"
+    },
+    {
+      "filename" : "Middle.imagestacklayer"
+    },
+    {
+      "filename" : "Back.imagestacklayer"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Front.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Front.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Front.imagestacklayer/g0blin.imageset/Contents.json

@@ -0,0 +1,20 @@
+{
+  "images" : [
+    {
+      "idiom" : "universal",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "universal",
+      "scale" : "2x"
+    },
+    {
+      "idiom" : "universal",
+      "scale" : "3x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Middle.imagestacklayer/Content.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/App Icon.imagestack/Middle.imagestacklayer/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/Contents.json

@@ -0,0 +1,32 @@
+{
+  "assets" : [
+    {
+      "size" : "1280x768",
+      "idiom" : "tv",
+      "filename" : "App Icon - App Store.imagestack",
+      "role" : "primary-app-icon"
+    },
+    {
+      "size" : "400x240",
+      "idiom" : "tv",
+      "filename" : "App Icon.imagestack",
+      "role" : "primary-app-icon"
+    },
+    {
+      "size" : "2320x720",
+      "idiom" : "tv",
+      "filename" : "Top Shelf Image Wide.imageset",
+      "role" : "top-shelf-image-wide"
+    },
+    {
+      "size" : "1920x720",
+      "idiom" : "tv",
+      "filename" : "Top Shelf Image.imageset",
+      "role" : "top-shelf-image"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/Top Shelf Image Wide.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/App Icon & Top Shelf Image.brandassets/Top Shelf Image.imageset/Contents.json

@@ -0,0 +1,16 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/Image.imageset/Contents.json

@@ -0,0 +1,17 @@
+{
+  "images" : [
+    {
+      "idiom" : "tv",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "tv",
+      "filename" : "back-1.png",
+      "scale" : "2x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/LaunchImage.launchimage/Contents.json

@@ -0,0 +1,22 @@
+{
+  "images" : [
+    {
+      "orientation" : "landscape",
+      "idiom" : "tv",
+      "extent" : "full-screen",
+      "minimum-system-version" : "11.0",
+      "scale" : "2x"
+    },
+    {
+      "orientation" : "landscape",
+      "idiom" : "tv",
+      "extent" : "full-screen",
+      "minimum-system-version" : "9.0",
+      "scale" : "1x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Assets.xcassets/logo.imageset/Contents.json

@@ -0,0 +1,22 @@
+{
+  "images" : [
+    {
+      "idiom" : "universal",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "universal",
+      "filename" : "g0blin@2x.png",
+      "scale" : "2x"
+    },
+    {
+      "idiom" : "universal",
+      "filename" : "g0blin@3x.png",
+      "scale" : "3x"
+    }
+  ],
+  "info" : {
+    "version" : 1,
+    "author" : "xcode"
+  }
+}

g0blinTV/Base.lproj/Main.storyboard

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder.AppleTV.Storyboard" version="3.0" toolsVersion="13196" targetRuntime="AppleTV" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="BYZ-38-t0r">
+    <device id="appleTV" orientation="landscape">
+        <adaptation id="light"/>
+    </device>
+    <dependencies>
+        <deployment identifier="tvOS"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="13173"/>
+        <capability name="Safe area layout guides" minToolsVersion="9.0"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <scenes>
+        <!--View Controller-->
+        <scene sceneID="tne-QT-ifu">
+            <objects>
+                <viewController id="BYZ-38-t0r" customClass="ViewController" sceneMemberID="viewController">
+                    <layoutGuides>
+                        <viewControllerLayoutGuide type="top" id="y3c-jy-aDJ"/>
+                        <viewControllerLayoutGuide type="bottom" id="wfy-db-euE"/>
+                    </layoutGuides>
+                    <view key="view" contentMode="scaleToFill" id="8bC-Xf-vdC">
+                        <rect key="frame" x="0.0" y="0.0" width="1920" height="1080"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <subviews>
+                            <textView clipsSubviews="YES" multipleTouchEnabled="YES" userInteractionEnabled="NO" contentMode="scaleToFill" fixedFrame="YES" misplaced="YES" editable="NO" text="Console" textAlignment="natural" selectable="NO" translatesAutoresizingMaskIntoConstraints="NO" id="JaC-A2-sE1">
+                                <rect key="frame" x="110" y="546" width="1700" height="424"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                                <color key="backgroundColor" cocoaTouchSystemColor="darkTextColor"/>
+                                <color key="textColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                                <fontDescription key="fontDescription" style="UICTFontTextStyleHeadline"/>
+                                <textInputTraits key="textInputTraits" autocapitalizationType="sentences"/>
+                            </textView>
+                            <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" misplaced="YES" text="10.2.2 tvOS jailbreak v0rtex + yalu102 + nitoTV" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="GuE-5Q-JV5">
+                                <rect key="frame" x="110" y="343" width="1700" height="46"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                                <fontDescription key="fontDescription" style="UICTFontTextStyleHeadline"/>
+                                <nil key="textColor"/>
+                                <nil key="highlightedColor"/>
+                            </label>
+                            <button opaque="NO" contentMode="scaleToFill" fixedFrame="YES" misplaced="YES" contentHorizontalAlignment="center" contentVerticalAlignment="center" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="g15-vN-6SI" customClass="FocusedButton">
+                                <rect key="frame" x="184" y="422" width="1548" height="86"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                                <inset key="contentEdgeInsets" minX="40" minY="20" maxX="40" maxY="20"/>
+                                <state key="normal" title="jailbreak"/>
+                                <connections>
+                                    <action selector="go:" destination="BYZ-38-t0r" eventType="primaryActionTriggered" id="OZM-75-baP"/>
+                                </connections>
+                            </button>
+                            <imageView userInteractionEnabled="NO" contentMode="scaleAspectFit" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" misplaced="YES" image="logo" translatesAutoresizingMaskIntoConstraints="NO" id="vPs-uR-xKu">
+                                <rect key="frame" x="110" y="60" width="1700" height="270"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                            </imageView>
+                            <label opaque="NO" userInteractionEnabled="NO" contentMode="left" horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" misplaced="YES" text="original by sticktron ported by nitoTV" textAlignment="center" lineBreakMode="tailTruncation" baselineAdjustment="alignBaselines" adjustsFontSizeToFit="NO" translatesAutoresizingMaskIntoConstraints="NO" id="evU-Lb-C8O">
+                                <rect key="frame" x="110" y="1007" width="1700" height="46"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                                <fontDescription key="fontDescription" style="UICTFontTextStyleHeadline"/>
+                                <color key="textColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                                <nil key="highlightedColor"/>
+                            </label>
+                        </subviews>
+                        <color key="backgroundColor" red="0.12984204290000001" green="0.12984612579999999" blue="0.12984395030000001" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
+                        <viewLayoutGuide key="safeArea" id="wu6-TO-1qx"/>
+                    </view>
+                    <connections>
+                        <outlet property="consoleView" destination="JaC-A2-sE1" id="SPm-j0-ivp"/>
+                        <outlet property="goButton" destination="g15-vN-6SI" id="mH1-wS-mct"/>
+                        <outlet property="reinstallBootstrapLabel" destination="GuE-5Q-JV5" id="FS8-Ap-1Ka"/>
+                    </connections>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="dkx-z0-nzr" sceneMemberID="firstResponder"/>
+            </objects>
+        </scene>
+    </scenes>
+    <resources>
+        <image name="logo" width="180" height="44"/>
+    </resources>
+</document>

g0blinTV/Info.plist

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>LSRequiresIPhoneOS</key>
+	<true/>
+	<key>UIMainStoryboardFile</key>
+	<string>Main</string>
+	<key>UIRequiredDeviceCapabilities</key>
+	<array>
+		<string>arm64</string>
+	</array>
+	<key>UIUserInterfaceStyle</key>
+	<string>Automatic</string>
+</dict>
+</plist>

g0blinTV/NewV0rtex/common2.h

@@ -0,0 +1,25 @@
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <stdint.h>             // uint*_t
+#include <Foundation/Foundation.h>
+
+#define LOG(str, args...) do { NSLog(@str "\n", ##args); } while(0)
+#ifdef __LP64__
+#   define ADDR                 "0x%016llx"
+#   define MACH_HEADER_MAGIC    MH_MAGIC_64
+#   define MACH_LC_SEGMENT      LC_SEGMENT_64
+    typedef struct mach_header_64 mach_hdr_t;
+    typedef struct segment_command_64 mach_seg_t;
+    typedef uint64_t kptr_t;
+#else
+#   define ADDR                 "0x%08x"
+#   define MACH_HEADER_MAGIC    MH_MAGIC
+#   define MACH_LC_SEGMENT      LC_SEGMENT
+    typedef struct mach_header mach_hdr_t;
+    typedef struct segment_command mach_seg_t;
+    typedef uint32_t kptr_t;
+#endif
+typedef struct load_command mach_lc_t;
+
+#endif

g0blinTV/NewV0rtex/offsets2.h

@@ -0,0 +1,48 @@
+#ifndef OFFSETS_H
+#define OFFSETS_H
+
+#include "common2.h"             // kptr_t
+
+typedef struct
+{
+    const char *version;
+    kptr_t base;
+    // Structure offsets
+    kptr_t sizeof_task;
+    kptr_t task_itk_self;
+    kptr_t task_itk_registered;
+    kptr_t task_bsd_info;
+    kptr_t proc_ucred;
+#ifdef __LP64__
+    kptr_t vm_map_hdr;
+#endif
+    kptr_t ipc_space_is_task;
+    kptr_t realhost_special;
+    kptr_t iouserclient_ipc;
+    kptr_t vtab_get_retain_count;
+    kptr_t vtab_get_external_trap_for_index;
+    // Data
+    kptr_t zone_map;
+    kptr_t kernel_map;
+    kptr_t kernel_task;
+    kptr_t realhost;
+    // Code
+    kptr_t copyin;
+    kptr_t copyout;
+    kptr_t chgproccnt;
+    kptr_t kauth_cred_ref;
+    kptr_t ipc_port_alloc_special;
+    kptr_t ipc_kobject_set;
+    kptr_t ipc_port_make_send;
+    kptr_t osserializer_serialize;
+    kptr_t root_user_surface_vtab;
+#ifdef __LP64__
+    kptr_t rop_ldr_x0_x0_0x10;
+#else
+    kptr_t rop_ldr_r0_r0_0xc;
+#endif
+} offsets_t;
+
+offsets_t* get_offsets(void);
+
+#endif

g0blinTV/NewV0rtex/offsets2.m

@@ -0,0 +1,137 @@
+#include <errno.h>
+#include <string.h>             // strcmp, strerror
+#include <sys/utsname.h>        // uname
+
+#include <sys/sysctl.h>
+
+#include "common2.h"             // LOG, kptr_t
+#include "offsets2.h"
+
+static offsets_t *offsets[] =
+{
+    // XXX: A few offsets are still in v0rtex.m because they're used in structs,
+    //      so moving them here will require rewriting of those parts.
+#ifdef __LP64__
+    &(offsets_t){
+        .version = "Darwin Kernel Version 16.7.0: Thu Jun 15 18:33:36 PDT 2017; root:xnu-3789.70.16~4/RELEASE_ARM64_T7000",
+        .base                               = 0xfffffff007004000,
+        .sizeof_task                        = 0x550,
+        .task_itk_self                      = 0xd8,
+        .task_itk_registered                = 0x2e8,
+        .task_bsd_info                      = 0x360,
+        .proc_ucred                         = 0x100,
+        .vm_map_hdr                         = 0x10,
+        .ipc_space_is_task                  = 0x28,
+        .realhost_special                   = 0x10,
+        .iouserclient_ipc                   = 0x9c,
+        .vtab_get_retain_count              = 0x3,
+        .vtab_get_external_trap_for_index   = 0xb7,
+        .zone_map                           = 0xfffffff007558478,
+        .kernel_map                         = 0xfffffff0075b4050,
+        .kernel_task                        = 0xfffffff0075b4048,
+        .realhost                           = 0xfffffff00753aba0,
+        .copyin                             = 0xfffffff00718d028,
+        .copyout                            = 0xfffffff00718d21c,
+        .chgproccnt                         = 0xfffffff00739aa04,
+        .kauth_cred_ref                     = 0xfffffff007374d90,
+        .ipc_port_alloc_special             = 0xfffffff0070a60b4,
+        .ipc_kobject_set                    = 0xfffffff0070b938c,
+        .ipc_port_make_send                 = 0xfffffff0070a5bd8,
+        .osserializer_serialize             = 0xfffffff00744db90,
+        .rop_ldr_x0_x0_0x10                 = 0xfffffff00722a41c,
+        .root_user_surface_vtab             = 0xfffffff000000000, //replace
+        
+        /*
+         OFFSET_ZONE_MAP                        = 0xfffffff007558478;
+         OFFSET_KERNEL_MAP                      = 0xfffffff0075b4050;
+         OFFSET_KERNEL_TASK                     = 0xfffffff0075b4048;
+         OFFSET_REALHOST                        = 0xfffffff00753aba0;
+         OFFSET_BZERO                           = 0xfffffff00708df80;
+         OFFSET_BCOPY                           = 0xfffffff00708ddc0;
+         OFFSET_COPYIN                          = 0xfffffff00718d028;
+         OFFSET_COPYOUT                         = 0xfffffff00718d21c;
+         OFFSET_ROOT_MOUNT_V_NODE               = 0xfffffff0075b40b0;
+         //OFFSET_CHGPROCCNT                      = 0xfffffff00739aa04;
+         //OFFSET_KAUTH_CRED_REF                  = 0xfffffff007374d90;
+         OFFSET_IPC_PORT_ALLOC_SPECIAL          = 0xfffffff0070a60b4;
+         OFFSET_IPC_KOBJECT_SET                 = 0xfffffff0070b938c;
+         OFFSET_IPC_PORT_MAKE_SEND              = 0xfffffff0070a5bd8;
+         OFFSET_IOSURFACEROOTUSERCLIENT_VTAB    = 0xfffffff006f11678;
+         OFFSET_ROP_ADD_X0_X0_0x10              = 0xfffffff006935398;
+         OFFSET_OSSERIALIZER_SERIALIZE          = 0xfffffff00744db90;
+         //OFFSET_ROP_LDR_X0_X0_0x10              = 0xfffffff00666a09c;
+         
+         */
+        
+    },
+#else
+    &(offsets_t){
+        .version = "Darwin Kernel Version 16.7.0: Thu Jun 15 18:33:36 PDT 2017; root:xnu-3789.70.16~4/RELEASE_ARM_S5L8950X",
+        .base                               = 0x80001000,
+        .sizeof_task                        = 0x3b0,
+        .task_itk_self                      = 0x9c,
+        .task_itk_registered                = 0x1dc,
+        .task_bsd_info                      = 0x22c,
+        .proc_ucred                         = 0x98,
+        .ipc_space_is_task                  = 0x18,
+        .realhost_special                   = 0x8,
+        .iouserclient_ipc                   = 0x5c,
+        .vtab_get_retain_count              = 0x3,
+        .vtab_get_external_trap_for_index   = 0xe1,
+        .zone_map                           = 0x804188e0,
+        .kernel_map                         = 0x80456034,
+        .kernel_task                        = 0x80456030,
+        .realhost                           = 0x80404150,
+        .copyin                             = 0x80007b9c,
+        .copyout                            = 0x80007c74,
+        .chgproccnt                         = 0x8027cc17,
+        .kauth_cred_ref                     = 0x8025e78b,
+        .ipc_port_alloc_special             = 0x80019035,
+        .ipc_kobject_set                    = 0x800290b7,
+        .ipc_port_make_send                 = 0x80018c55,
+        .osserializer_serialize             = 0x8030687d,
+        .rop_ldr_r0_r0_0xc                  = 0x802d1d45,
+        .root_user_surface_vtab             = 0xfffffff000000000, //replace
+    },
+#endif
+    NULL,
+};
+
+offsets_t* get_offsets(void)
+{
+    kern_return_t error = KERN_SUCCESS;
+    
+    //read device id
+    int d_prop[2] = {CTL_HW, HW_MACHINE};
+    char device[20];
+    size_t d_prop_len = sizeof(device);
+    //sysctl(d_prop, 2, NULL, &d_prop_len, NULL, 0);
+    sysctl(d_prop, 2, device, &d_prop_len, NULL, 0);
+    LOG("device: %s", device);
+    
+    int version_prop[2] = {CTL_KERN, KERN_OSVERSION};
+    char osversion[20];
+    size_t version_prop_len = sizeof(osversion);
+    //sysctl(version_prop, 2, NULL, &version_prop_len, NULL, 0);
+    sysctl(version_prop, 2, osversion, &version_prop_len, NULL, 0);
+    LOG("version: %s", osversion);
+    struct utsname u;
+    if(uname(&u) != 0)
+    {
+        LOG("uname: %s", strerror(errno));
+        return 0;
+    }
+
+    // TODO: load from file
+
+    for(size_t i = 0; offsets[i] != 0; ++i)
+    {
+    //    if(strcmp(u.version, offsets[i]->version) == 0)
+      //  {
+            return offsets[i];
+        //}
+    }
+
+    LOG("Failed to get offsets for kernel version: %s", u.version);
+    return NULL;
+}

g0blinTV/NewV0rtex/v0rtex2.h

@@ -0,0 +1,14 @@
+#ifndef V0RTEX_H
+#define V0RTEX_H
+
+#include <mach/mach.h>
+
+#include "common2.h"
+#include "offsets2.h"
+
+typedef kern_return_t (*v0rtex_cb_t)(task_t tfp0, kptr_t kbase, void *data);
+
+//kern_return_t v0rtex(offsets_t *off, v0rtex_cb_t callback, void *cb_data);
+kern_return_t v0rtex(offsets_t *off, task_t *tfp0, kptr_t *kslide, kptr_t *kernucred);
+
+#endif

g0blinTV/ViewController.h

@@ -0,0 +1,26 @@
+//
+//  ViewController.h
+//  g0blinTV
+//
+//  Created by Kevin Bradley on 1/15/18.
+//  Copyright © 2018 Sticktron. All rights reserved.
+//
+
+#import <UIKit/UIKit.h>
+
+//IB_DESIGNABLE
+
+@interface FocusedButton : UIButton
+
+@property(nonatomic, strong) UIColor *focusColor;
+@property(nonatomic, strong) UIColor *unfocusedColor;
+
+- (void)buttonColors:(UIColor *)focusedColor andUnfocused:(UIColor *)unfocusedColor;
+
+@end
+
+@interface ViewController : UIViewController
+
+
+@end
+

g0blinTV/ViewController.m

@@ -0,0 +1,305 @@
+//
+//  ViewController.m
+//  g0blinTV
+//
+//  Created by Kevin Bradley on 1/15/18.
+//  Copyright © 2018 Sticktron. All rights reserved.
+//
+
+#import "ViewController.h"
+
+#include "v0rtex2.h"
+#include "common2.h"
+#include "offsets2.h"
+#include "kernel.h"
+#include "kpp.h"
+#include "remount.h"
+#include "bootstrap.h"
+#include <sys/utsname.h>
+#import <AVFoundation/AVFoundation.h>
+#import <AVKit/AVKit.h>
+
+
+#define GRAPE [UIColor colorWithRed:0.5 green:0 blue:1 alpha:1]
+
+@implementation FocusedButton
+
+- (instancetype)initWithCoder:(NSCoder *)coder
+{
+    self = [super initWithCoder:coder];
+    if (self) {
+        self.layer.cornerRadius = 5;
+        self.backgroundColor = [UIColor lightGrayColor];
+        self.focusColor = [UIColor redColor];
+        self.unfocusedColor = [UIColor lightGrayColor];
+    }
+    return self;
+}
+
+- (void)buttonColors:(UIColor *)focusedColor andUnfocused:(UIColor *)unfocusedColor {
+    
+    self.focusColor = focusedColor;
+    self.unfocusedColor = unfocusedColor;
+    self.backgroundColor = unfocusedColor;
+}
+
+- (void)didUpdateFocusInContext:(UIFocusUpdateContext *)context withAnimationCoordinator:(UIFocusAnimationCoordinator *)coordinator {
+    
+    [coordinator addCoordinatedAnimations:^{
+        
+        if (self.focused) {
+            
+            self.backgroundColor = self.focusColor;
+            self.transform = CGAffineTransformMakeScale(1.1, 1.1);
+            self.layer.shadowColor = [UIColor blackColor].CGColor;
+            self.layer.shadowOffset = CGSizeMake(0, 27);
+            self.layer.shadowOpacity = 0.25;
+            self.layer.shadowRadius = 10;
+            self.clipsToBounds = NO;
+            
+        }
+        else {
+            
+            self.transform = CGAffineTransformIdentity;
+            self.backgroundColor = self.unfocusedColor;
+            self.clipsToBounds = YES;
+        }
+        
+    } completion:nil];
+}
+
+
+@end
+
+
+@interface ViewController ()
+{
+    BOOL _force;
+}
+@property (weak, nonatomic) IBOutlet UIImageView *logoView;
+@property (weak, nonatomic) IBOutlet FocusedButton *goButton;
+@property (weak, nonatomic) IBOutlet UITextView *consoleView;
+@property (weak, nonatomic) IBOutlet UIButton *settingsButton;
+@property (weak, nonatomic) IBOutlet UILabel *reinstallBootstrapLabel;
+@end
+
+
+static task_t tfp0;
+static uint64_t kslide;
+static uint64_t kbase;
+static uint64_t kcred;
+
+BOOL respringNeeded;
+BOOL fun;
+AVPlayer *player;
+AVPlayerViewController *cont;
+
+
+@implementation ViewController
+
+- (void)viewDidLoad {
+    [super viewDidLoad];
+    // Do any additional setup after loading the view, typically from a nib.
+    
+    [self.goButton buttonColors:GRAPE
+                       andUnfocused:[UIColor whiteColor]];
+    
+    //self.consoleView.layer.cornerRadius = 6;
+    self.consoleView.text = nil;
+    self.consoleView.editable = false;
+    self.consoleView.userInteractionEnabled = true;
+    self.consoleView.layoutManager.allowsNonContiguousLayout = NO;
+    self.goButton.layer.cornerRadius = 16;
+    
+    self.reinstallBootstrapLabel.hidden = YES;
+    
+    
+    // print kernel version
+    struct utsname u;
+    uname(&u);
+    [self log:[NSString stringWithFormat:@"%s \n", u.version]];
+    
+    // abort if already jailbroken
+    if (strstr(u.version, "MarijuanARM")) {
+        self.goButton.enabled = NO;
+        self.goButton.backgroundColor = UIColor.darkGrayColor;
+        [self.goButton setTitle:@"jailbroke yo!" forState:UIControlStateDisabled];
+    }
+    
+    // try to load offsets for device
+ /*
+    if (init_offsets() == KERN_SUCCESS) {
+        [self log:@"Ready. \n"];
+    } else {
+        self.goButton.enabled = NO;
+        self.goButton.backgroundColor = UIColor.darkGrayColor;
+        [self.goButton setTitle:@"device not supported" forState:UIControlStateDisabled];
+    }
+    */
+    // fun
+    UITapGestureRecognizer *doubleTap = [[UITapGestureRecognizer alloc] initWithTarget:self action:@selector(fun:)];
+    doubleTap.delaysTouchesBegan = YES;
+    doubleTap.numberOfTapsRequired = 3;
+    [self.logoView addGestureRecognizer:doubleTap];
+    self.logoView.userInteractionEnabled = YES;
+}
+
+- (void)didReceiveMemoryWarning {
+    [super didReceiveMemoryWarning];
+    // Dispose of any resources that can be recreated.
+}
+
+- (void)log:(NSString *)text {
+    
+    dispatch_async(dispatch_get_main_queue(), ^{
+        [UIView setAnimationsEnabled:NO];
+        
+        self.consoleView.text = [NSString stringWithFormat:@"%@%@ \n", self.consoleView.text, text];
+        [self.consoleView scrollRangeToVisible:NSMakeRange([self.consoleView.text length], 0)];
+        
+        [UIView setAnimationsEnabled:YES];
+    });
+  
+}
+
+- (IBAction)prepareForUnwind:(UIStoryboardSegue *)segue {
+    //segue exit marker
+    
+    //SettingsController *settingsController = segue.sourceViewController;
+    //self.reinstallBootstrapLabel.hidden = !settingsController.reinstallBootstrapSwitch.on;
+}
+
+- (IBAction)go:(UIButton *)sender {
+    
+    
+    dispatch_async(dispatch_get_main_queue(), ^{
+        
+        [self.consoleView.layoutManager ensureLayoutForTextContainer:self.consoleView.textContainer];
+    });
+    
+    
+    if (respringNeeded == YES) {
+        [self restart];
+        return;
+    }
+    
+    self.goButton.enabled = NO;
+    self.goButton.backgroundColor = UIColor.darkGrayColor;
+    [self.goButton setTitle:@"jailbreaking" forState:UIControlStateDisabled];
+    
+    [self log:@"exploiting kernel"];
+    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{
+        
+        offsets_t *off = get_offsets();
+        if (off)
+        {
+            kern_return_t ret = v0rtex(off, &tfp0, &kslide, &kcred);
+            if (ret != KERN_SUCCESS) {
+                self.goButton.enabled = YES;
+                self.goButton.backgroundColor = GRAPE;
+                [self.goButton setTitle:@"try again" forState:UIControlStateNormal];
+                
+                [self log:@"ERROR: exploit failed \n"];
+                return;
+            }
+            LOG("v0rtex was successful");
+            
+            LOG("tfp0 -> %x", tfp0);
+            LOG("slide -> 0x%llx", kslide);
+            kbase = kslide + 0xFFFFFFF007004000;
+            LOG("kern base -> 0x%llx", kbase);
+            LOG("kern cred -> 0x%llx", kcred);
+            
+            [self bypassKPP];
+        }
+        
+  
+    });
+}
+
+- (void)bypassKPP {
+    [self log:@"pwning kernel"];
+    
+    if (do_kpp(1, 0, kbase, kslide, tfp0) == KERN_SUCCESS) {
+        LOG("you down with kpp? yeah you know me");
+        [self remount];
+    } else {
+        [self log:@"ERROR: kpp bypass failed \n"];
+    }
+}
+
+- (void)remount {
+    [self log:@"remounting"];
+    
+    if (do_remount(kslide) == KERN_SUCCESS) {
+        [self bootstrap];
+    } else {
+        [self log:@"ERROR: failed to remount system partition \n"];
+    }
+}
+
+- (void)didUpdateFocusInContext:(UIFocusUpdateContext *)context withAnimationCoordinator:(UIFocusAnimationCoordinator *)coordinator
+{
+    if (context.nextFocusedView == self.goButton)
+    {
+        // set background color
+        self.goButton.backgroundColor = [UIColor redColor];
+    }
+    
+}
+
+- (void)bootstrap {
+    [self log:@"bootstrapping"];
+    
+    _force = NO;
+    if (self.reinstallBootstrapLabel.hidden == NO) {
+        _force = YES;
+        [self log:@"(forcing reinstall)"];
+    }
+    
+    if (do_bootstrap(_force) == KERN_SUCCESS) {
+        [self finish];
+    } else {
+        [self log:@"ERROR: failed to bootstrap \n"];
+    }
+}
+
+- (void)finish {
+    [self log:@"device is now jailbroken!"];
+    [self log:@""];
+    [self log:@"SSH server is ready on port 2222"];
+    [self log:@"change your root/mobile passwords"];
+    [self log:@""];
+    [self log:@"respring to load tweaks"];
+    
+    sleep(2);
+    
+    LOG("reloading daemons...");
+    pid_t pid;
+    posix_spawn(&pid, "/bin/launchctl", 0, 0, (char**)&(const char*[]){"/bin/launchctl", "load", "/Library/LaunchDaemons/0.reload.plist", NULL}, NULL);
+    waitpid(pid, 0, 0);
+    
+    sleep(2);
+    
+    respringNeeded = YES;
+    [self.goButton setTitle:@"respring" forState:UIControlStateNormal];
+    self.goButton.enabled = YES;
+}
+
+- (void)restart {
+    
+    RunCmd("/usr/libexec/substrate");
+    LOG("Running uicache...");
+    
+    //pid_t pd;
+    //const char* args[] = { "PineBoard", "HeadBoard", "lsd", NULL };
+    //posix_spawn(&pid, "/jb/usr/bin/killall", NULL, NULL, (char* const*)args, NULL);
+    //posix_spawn(&pd, "/usr/bin/uicache", 0, 0, (char**)&(const char*[]){"/usr/bin/uicache", NULL}, NULL);
+    //waitpid(pd, 0, 0);
+    RunCmd("/usr/bin/uicache");
+}
+
+
+
+
+@end

g0blinTV/bootstrap.h

@@ -0,0 +1,19 @@
+//
+//  bootstrap.h
+//  g0blin
+//
+//  Created by Sticktron on 2017-12-27.
+//  Copyright © 2017 xerub. All rights reserved.
+//  Copyright © 2017 qwertyoruiop. All rights reserved.
+//
+
+#ifndef bootstrap_h
+#define bootstrap_h
+
+#include <stdio.h>
+#include <mach/mach.h>
+
+kern_return_t do_bootstrap(bool force);
+int RunCmd(const char *cmd);
+
+#endif /* bootstrap_h */

g0blinTV/bootstrap.m

@@ -0,0 +1,192 @@
+//
+//  bootstrap.m
+//  g0blin
+//
+//  Created by Sticktron on 2017-12-27.
+//  Copyright © 2017 xerub. All rights reserved.
+//  Copyright © 2017 qwertyoruiop. All rights reserved.
+//
+
+#include "common.h"
+#include <sys/spawn.h>
+#include <sys/stat.h>
+#include <copyfile.h>
+#include <mach-o/dyld.h>
+#include <stdint.h>
+#include <spawn.h>
+#include <sys/wait.h>
+
+extern char **environ;
+
+int RunCmd(const char *cmd)
+{
+    pid_t pid;
+    char *argv[] = {"sh", "-c", (char*)cmd, NULL};
+    int status;
+    fprintf(stderr, "Run command: %s\n", cmd);
+    status = posix_spawn(&pid, "/usr/bin/bash", NULL, NULL, argv, environ);
+    if (status == 0) {
+         printf("Child pid: %i\n", pid);
+        if (waitpid(pid, &status, 0) != -1) {
+               printf("Child exited with status %i\n", status);
+            
+        } else {
+            perror("waitpid");
+        }
+    } else {
+        printf("posix_spawn: %s\n", strerror(status));
+    }
+    return status;
+}
+
+
+
+kern_return_t do_bootstrap(bool force) {
+    
+    char path[256];
+    uint32_t size = sizeof(path);
+    _NSGetExecutablePath(path, &size);
+    char *pt = realpath(path, 0);
+    pid_t pd = 0;
+    NSString* execpath = [[NSString stringWithUTF8String:pt] stringByDeletingLastPathComponent];
+    
+    int f = open("/.installed_g0blin_rc0", O_RDONLY);
+    if (f == -1 || force) {
+        LOG("installing bootstrap...");
+        
+        NSString *bundlePath = [[NSBundle mainBundle] bundlePath];
+        NSLog(@"bundlePath: %@", bundlePath);
+        NSString *tarPath = [[NSBundle mainBundle] pathForResource:@"tar" ofType:nil];
+        NSLog(@"tar path: %@", tarPath);
+        NSError *theError = nil;
+        NSArray *pathArray = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:@"/bin" error:&theError];
+        NSString* bootstrap = [execpath stringByAppendingPathComponent:@"bootstrap.tar"];
+        NSString* bintools = [execpath stringByAppendingPathComponent:@"binpack64-256.tar"];
+        NSString* tar = [execpath stringByAppendingPathComponent:@"tar"];
+        NSString* launchctl = [execpath stringByAppendingPathComponent:@"launchctl"];
+        NSString* motd = [execpath stringByAppendingPathComponent:@"motd"];
+        unlink("/bin/tar");
+        unlink("/bin/launchctl");
+        unlink("/private/etc/motd");
+        
+        copyfile([tar UTF8String], "/bin/tar", 0, COPYFILE_ALL);
+        chmod("/bin/tar", 0755);
+        pathArray = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:@"/bin" error:&theError];
+        //mkdir("/jb", 0755);
+        
+        chdir("/");
+
+       // posix_spawn(&pd, "/bin/tar", 0, 0, (char**)&(const char*[]){"/bin/tar", "--preserve-permissions", "-k", "-xvf", [bootstrap UTF8String], NULL}, NULL);
+         posix_spawn(&pd, "/bin/tar", 0, 0, (char**)&(const char*[]){"/bin/tar", "--preserve-permissions","-xvf", [bootstrap UTF8String], NULL}, NULL);
+        waitpid(pd, 0, 0);
+        LOG("bootstrap unpacked");
+        copyfile([motd UTF8String], "/private/etc/motd", 0, COPYFILE_ALL);
+        chmod("/private/etc/motd", 0755);
+        /*
+        mkdir("/jb", 0755);
+        NSString *theCommand = [NSString stringWithFormat:@"/usr/bin/tar fxp %@ -C /jb", bintools];
+       */
+        LOG("extracting jons bootstrap to root... caution!");
+        //testing
+        NSString *theCommand = [NSString stringWithFormat:@"/usr/bin/tar fxpk %@ -C /", bintools];
+        RunCmd([theCommand UTF8String]);
+        
+        
+        copyfile([launchctl UTF8String], "/bin/launchctl", 0, COPYFILE_ALL);
+        chmod("/bin/launchctl", 0755);
+        //chown("-R", <#uid_t#>, <#gid_t#>)
+        unlink(".installed_g0blin");
+    
+        open("/.installed_g0blin_rc0", O_RDWR|O_CREAT);
+        
+        
+        //open("/.cydia_no_stash", O_RDWR|O_CREAT);
+        
+        
+        // run nito install scripts
+        {
+            char *name = "/var/lib/dpkg/info/mobilesubstrate.extrainst_";
+            RunCmd(name);
+            RunCmd("/usr/libexec/substrate");
+            RunCmd("/usr/libexec/nito/firmware.sh");
+            //posix_spawn(&pd, name, 0, 0, (char**)&(const char*[]){name, NULL}, NULL);
+            //waitpid(pd, 0, 0);
+            //RunCmd(@")
+        }
+        LOG("ran nitoTV extrainst scripts");
+        
+        // block some Apple IPs
+        posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts""", NULL}, NULL);
+        posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts""", NULL}, NULL);
+        posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 mesu.apple.com' >> /etc/hosts""", NULL}, NULL);
+        posix_spawn(&pd, "/bin/bash", 0, 0, (char**)&(const char*[]){"/bin/bash", "-c", """echo '127.0.0.1 appldnld.apple.com' >> /etc/hosts""", NULL}, NULL);
+        LOG("modified hosts file");
+       
+        /*
+        // set SBShowNonDefaultSystemApps = YES so we can see Cydia (TODO: set via cfprefsd instead?)
+        posix_spawn(&pd, "killall", 0, 0, (char**)&(const char*[]){"killall", "-SIGSTOP", "cfprefsd", NULL}, NULL);
+        NSMutableDictionary *plist = [[NSMutableDictionary alloc] initWithContentsOfFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist"];
+        [plist setObject:[NSNumber numberWithBool:YES] forKey:@"SBShowNonDefaultSystemApps"];
+        [plist writeToFile:@"/var/mobile/Library/Preferences/com.apple.springboard.plist" atomically:YES];
+        posix_spawn(&pd, "killall", 0, 0, (char**)&(const char*[]){"killall", "-9", "cfprefsd", NULL}, NULL);
+        LOG("modified com.apple.springboard.plist");
+        */
+        // rebuild icon cache
+       // LOG("uicache...");
+        //posix_spawn(&pd, "/usr/bin/uicache", 0, 0, (char**)&(const char*[]){"/usr/bin/uicache", NULL}, NULL);
+        //waitpid(pd, 0, 0);
+        
+        LOG("finished installing bootstrap");
+    }
+    LOG("bootstrap ready");
+    
+    // copy reload
+    NSString *reload = [execpath stringByAppendingPathComponent:@"reload"];
+    unlink("/usr/libexec/reload");
+    copyfile([reload UTF8String], "/usr/libexec/reload", 0, COPYFILE_ALL);
+    chmod("/usr/libexec/reload", 0755);
+    chown("/usr/libexec/reload", 0, 0);
+    
+    // copy 0.reload.plist
+    NSString *reloadPlist = [execpath stringByAppendingPathComponent:@"0.reload.plist"];
+    unlink("/Library/LaunchDaemons/0.reload.plist");
+    copyfile([reloadPlist UTF8String], "/Library/LaunchDaemons/0.reload.plist", 0, COPYFILE_ALL);
+    chmod("/Library/LaunchDaemons/0.reload.plist", 0644);
+    chown("/Library/LaunchDaemons/0.reload.plist", 0, 0);
+    
+    // copy dropbear.plist
+    NSString *dropbearPlist = [execpath stringByAppendingPathComponent:@"dropbear.plist"];
+    unlink("/Library/LaunchDaemons/dropbear.plist");
+    copyfile([dropbearPlist UTF8String], "/Library/LaunchDaemons/dropbear.plist", 0, COPYFILE_ALL);
+    chmod("/Library/LaunchDaemons/dropbear.plist", 0644);
+    chown("/Library/LaunchDaemons/dropbear.plist", 0, 0);
+    chmod("/etc/dropbear", 0755);
+    //RunCmd("/usr/bin/chown -R root:wheel /usr/local/bin");
+    //RunCmd("/usr/bin/chown -R root:wheel /usr/local/bin");
+    //RunCmd("/usr/bin/chown -R root:wheel /private/etc/dropbear");
+    //RunCmd("/usr/bin/chown -R root:wheel /private/etc/profile.d");
+    //RunCmd("/usr/bin/chown -R root:wheel /private/etc/profile");
+    // stop SU daemon
+    unlink("/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist");
+    
+    // update permissions
+    chmod("/private", 0777);
+    chmod("/private/var", 0777);
+    chmod("/private/var/mobile", 0777);
+    chmod("/private/var/mobile/Library", 0777);
+    chmod("/private/var/mobile/Library/Preferences", 0777);
+
+    // kill OTA updater
+    pid_t pid;
+    unlink("/var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate");
+    posix_spawn(&pid, "touch", 0, 0, (char**)&(const char*[]){"touch", "/var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate", NULL}, NULL);
+    chmod("/var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate", 000);
+    chown("/var/MobileAsset/Assets/com_apple_MobileAsset_SoftwareUpdate", 0, 0);
+    LOG("killed OTA updater");
+    
+    //RunCmd("/usr/local/bin/dropbear -F -R -p 22 &");
+    //RunCmd("/jb/usr/local/bin/dropbear -R --shell /jb/bin/bash");
+    LOG("bootstrapped");
+        
+    return KERN_SUCCESS; // TODO: handle errors?
+}

g0blinTV/main.m

@@ -0,0 +1,16 @@
+//
+//  main.m
+//  g0blinTV
+//
+//  Created by Kevin Bradley on 1/15/18.
+//  Copyright © 2018 Sticktron. All rights reserved.
+//
+
+#import <UIKit/UIKit.h>
+#import "AppDelegate.h"
+
+int main(int argc, char * argv[]) {
+    @autoreleasepool {
+        return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class]));
+    }
+}

g0blinTV/motd

@@ -0,0 +1,10 @@
+************************************************************************************
+
+g0blin 1.0 has liberated your Apple TV! Enjoy!
+
+To share your experience: <insert website here>
+
+To get rid of this message: rm /etc/motd :-(
+
+************************************************************************************
+

g0blinTV/patchfinder64.h

@@ -0,0 +1,47 @@
+//
+//  patchfinder64.h
+//  extra_recipe
+//
+//  Copyright © 2017 xerub. All rights reserved.
+//  Modified by Sticktron.
+//
+
+#ifndef PATCHFINDER64_H_
+#define PATCHFINDER64_H_
+
+#import "common.h"
+#import <mach/mach.h>
+
+int init_patchfinder(task_t tfp0, uint64_t base, const char *filename);
+void term_kernel(void);
+
+enum { SearchInCore, SearchInPrelink };
+
+uint64_t find_register_value(uint64_t where, int reg);
+uint64_t find_reference(uint64_t to, int n, int prelink);
+uint64_t find_strref(const char *string, int n, int prelink);
+uint64_t find_gPhysBase(void);
+uint64_t find_kernel_pmap(void);
+uint64_t find_amfiret(void);
+uint64_t find_ret_0(void);
+uint64_t find_amfi_memcmpstub(void);
+uint64_t find_sbops(void);
+uint64_t find_lwvm_mapio_patch(void);
+uint64_t find_lwvm_mapio_newj(void);
+
+uint64_t find_entry(void);
+const unsigned char *find_mh(void);
+
+uint64_t find_cpacr_write(void);
+uint64_t find_str(const char *string);
+uint64_t find_amfiops(void);
+uint64_t find_sysbootnonce(void);
+uint64_t find_trustcache(void);
+uint64_t find_amficache(void);
+
+uint64_t find_allproc(void);
+
+uint64_t find_sandbox_label_update_execve(void);
+
+
+#endif