This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idc | |
def define_func(addr, name): | |
idc.MakeCode(addr) | |
idc.MakeFunction(addr) | |
idc.MakeNameEx(addr, name, idc.SN_NOWARN) | |
print("%s @ %s" % (name, hex(addr))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import json | |
import re | |
kslide = 0x0 | |
if len(sys.argv) < 2: | |
print("Usage: PanicParser.py [file path]") | |
exit() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct IOExternalMethodArguments | |
{ | |
uint32_t version; | |
uint32_t selector; | |
uint64_t asyncWakePort; | |
uint64_t asyncReference; | |
uint32_t asyncReferenceCount; | |
const uint64_t *scalarInput; | |
uint32_t scalarInputCount; | |
const void *structureInput; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dump of iOS MACF policy operations | |
335 operations total | |
Only 148 present | |
AMFI.kext holds 18, Sandbox.kext holds 130 | |
Data dumped from iPhone9,3 running iOS 12.1.2 | |
AMFI policy: | |
operation mpo_cred_check_label_update_execve (6) is present |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args) | |
{ | |
void *v_mount; // x0 | |
__int64 fs_private; // x19 | |
snap_info_args_struct *oldsnap_info; // x8 | |
__int64 oldname_len; // x20 | |
unsigned __int8 *oldname; // x21 | |
snap_info_args_struct *newsnap_info; // x8 | |
unsigned __int64 namelen; // x22 | |
unsigned __int8 *newname; // x23 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib"); | |
inject_trust("/jb/amfid_payload.dylib"); | |
uint32_t amfid_pid = get_pid_for_name("amfid"); | |
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide); | |
VAL_CHECK(osbool_val); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idaapi | |
import idautils | |
import idc | |
content = "" | |
with open("/path/to/joker/file", "r") as f: | |
content = f.readlines() | |
for line in content: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
r = mkdir("/tmp/bash", 0700); | |
if(r != 0) | |
{ | |
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno)); | |
goto out; | |
} | |
pid_t pid = fork(); | |
if(pid == -1) | |
{ | |
NSLog(@"fork: %s", strerror(errno)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
lang=text | |
# See if language arg is given | |
if [ "$#" -eq "1" ]; then | |
lang=$1 | |
fi | |
echo "Using language: $lang" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Global Variables | |
KernelSlide = 0x0 | |
## Helper Functions | |
def isHex(val): | |
try: | |
int(val, 16) | |
return True |
NewerOlder