Skip to content

Instantly share code, notes, and snippets.

View JJTech0130's full-sized avatar

JJTech JJTech0130

548 followers · 127 following
View GitHub Profile
@JJTech0130
JJTech0130 / psem.swift
Last active February 24, 2024 14:25
Pure Swift raw syscall to retrieve the name of a semaphore
import Foundation
struct psem_fdinfo {
struct proc_fileinfo {
var fi_openflags: UInt32
var fi_status: UInt32
var fi_offset: Int64
var fi_type: Int32
var fi_guardflags: UInt32
}
@JJTech0130
JJTech0130 / PhysPuppet.swift
Created February 17, 2024 03:29
trying to come up with a port of https://github.com/felix-pb/kfd/blob/main/kfd/libkfd/puaf/physpuppet.h in pure Swift
import Foundation
let ARM_PGBYTES: UInt64 = 4096
let physpuppet_vmne_size: UInt64 = ARM_PGBYTES * 2 + 1
let physpuppet_vme_offset = UInt(ARM_PGBYTES)
let physpuppet_vme_size = UInt(ARM_PGBYTES * 2)
func mach_task_self() -> task_t {
return mach_task_self_
}
@JJTech0130
JJTech0130 / calculate_ota_offsets.py
Last active February 2, 2024 04:20
import requests
from rich import print
from rich.progress import track, Progress
from rich.prompt import Prompt
from rich.console import Console
from rich.table import Table
import zipfile
import os
import threading
import io
@JJTech0130
JJTech0130 / facetime_web_log_inject.js
Created November 7, 2023 02:23
var objs = []; // we'll store the object references in this array
function walkTheObject( obj ) {
var keys = Object.keys( obj ); // get all own property names of the object
// Check if 'info' and 'error' keys are present (meaning it is probably the object we want)
if (keys.indexOf("info") > -1 && keys.indexOf("error") > -1) {
function test(strings, ...values) {
let str = '';
strings.forEach((string, i) => {
@JJTech0130
JJTech0130 / snap_circuits_led_mc_keyboard.bas
Created July 7, 2023 23:48
PICAXE program to use Snap Circuits keyboard (U26) with LED MC (U29)
; calling convention
symbol arg1 = b0
symbol arg2 = b1
symbol arg3 = b2
;symbol arg1w = w3
symbol shift_out_current_mask = b3
symbol shift_out_temp = b4
symbol main_last = b5
@JJTech0130
JJTech0130 / itml.py
Last active June 9, 2023 20:08
Parse Apple's ITML into proper HTML
from lxml import etree
import requests
OVERRIDE_CSS = """
/* Custom injected CSS */
.VBoxView {
display: flex;
flex-direction: column;
}
@JJTech0130
JJTech0130 / frida-log-hook.js
Last active April 26, 2023 23:15
var m = 'libsystem_trace.dylib';
// bool os_log_type_enabled(os_log_t oslog, os_log_type_t type);
var isEnabledFunc = Module.findExportByName(m, 'os_log_type_enabled');
// _os_log_impl(void *dso, os_log_t log, os_log_type_t type, const char *format, uint8_t *buf, unsigned int size);
var logFunc = Module.findExportByName(m, '_os_log_impl');
Interceptor.attach(isEnabledFunc, {
onLeave: function (ret) {
// console.log('log_enabled', ret);
ret.replace(0x1);
@JJTech0130
JJTech0130 / memorymap.rs
Created February 21, 2023 22:43
use std::{alloc::Layout, mem, ops::{Deref, DerefMut}};
use crate::pager::Pagable;
pub struct MemoryMap(Vec<u8>);
impl MemoryMap {
fn page_round(size: usize) -> usize {
Layout::from_size_align(size, Vec::<u8>::page_size()).unwrap().size()
}
@JJTech0130
JJTech0130 / mac_changer.sh
Last active April 17, 2023 20:46
Quick script to change your MAC address
# Make sure the script is run as root
# Otherwise, try to run it with sudo
if [ $EUID -ne 0 ]; then
echo "This script must be run as root"
sudo $0
exit $? # Exit with the same exit code as sudo
fi
# Look for .mac files in the current folder
shopt -s nullglob
@JJTech0130
JJTech0130 / gsa.py
Last active December 27, 2022 22:04
Grand Slam Authentication (WIP)
import srp
import plistlib as plist
from base64 import b64encode, b64decode
import requests
import json
import pbkdf2
import hashlib
# Constants
DEBUG = True # Allows using a proxy for debugging (disables SSL verification)