I successfully run the exploit, upon initializing, app/device crashes.
To Reproduce:
Steps to reproduce the behavior:
- Tap 'Run Exploit'
- Tap 'Fetch KernelCache'
- Tap 'Initialize VFS' or 'Initialize System'
- Crashes Immediately
Expected behavior:
[A successful initialization process without any crashing]
Screenshots:
[Screen recording of the issue ](https://drive.google.com/file/d/1bCZUcQ9JeWDSyy1ChWLQwVhDlna1mfSi/view?usp=drivesdk)
Device Info:
- Device: ``[iPhone 16]`
- Chip:
[A18]
- iOS Version: `iOS 26.0.1 (23A355)
- Jailbroken before?
[No - First attempt on this device]
- Lara version / commit:
[v0.2]
Logs:
lara started: 2026-06-26 08:27:40
(utils) darksword not ready
(rc) Unable to find process: youtube
(utils) T1SZ_BOOT: 0x0
(utils) TASK_TNEXT_OFFSET: 0x50
(utils) THREAD_MUPCB_OFFSET: 0x108
(utils) PROC_PID_OFFSET: 0x60
(offs) initialized offsets
xpf dict failed, continuing without offsets: Set "translation" failed on "kernelSymbol.cpu_ttep" ([src/common.c:53] Failed assert in xpf_find_pmap_bootstrap: pmap_asid_plru_stringAddr)
(offs) kernel: Darwin Kernel Version 25.0.0: Thu Sep 25 15:05:36 PDT 2025; root:xnu-12377.2.9~1/RELEASE_ARM64_T8140
(offs) kernbase: 0xfffffff007004000
(offs) kernentry: 0xfffffff00afb4000
(offs) allproc: 0x42f6a18
(offs) kernproc: 0xca8d80
(offs) rootvnode: 0x42f7090
(offs) procsize: 0x748
(offs) t1szboot: 0x0
Additional context:
[This is my first time jailbreaking any device, besides using tweaks like KSign. I also tried setting T1SZ_BOOT to 0x11(original value), 0x13 and 0x19, neither work and give the same result.]
Pre-submission checklist:
I successfully run the exploit, upon initializing, app/device crashes.
To Reproduce:
Steps to reproduce the behavior:
Expected behavior:
[A successful initialization process without any crashing]Screenshots:
[Screen recording of the issue ](https://drive.google.com/file/d/1bCZUcQ9JeWDSyy1ChWLQwVhDlna1mfSi/view?usp=drivesdk)Device Info:
[A18][No - First attempt on this device][v0.2]Logs:
Additional context:
[This is my first time jailbreaking any device, besides using tweaks like KSign. I also tried setting T1SZ_BOOT to 0x11(original value), 0x13 and 0x19, neither work and give the same result.]Pre-submission checklist: