Also, what exactly does the DEADCAFE value means in order to downgrade? Sorry but I'm kind out of the circle
OK, so at the beginning of the exploit, this "test value" is simply 0.
After some hacks and mechanics, some of the kernel pages are swapped out with pointers to a function.
This function sets "test value" to 0xDEADCAFE and is called by the kernel itself
The program then restores everything and prints the "test value".
If the kernel called the function, "test value" is now 0xDEADCAFE instead of 0x00000000!
This is important because the function was called via the kernel.
Please correct me if I am wrong.