Minimal dynamic library with one function in it.
#include <stdio.h>
void hello(const char *name) {
printf("hello %s\n", name);
}
[Description] | |
An XPC misconfiguration vulnerability in CoreCode MacUpdater before | |
2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by abusing XPC misconfiguration along with crafting malicious .pkg files | |
[VulnerabilityType Other] | |
CWE-269 | |
[Vendor of Product] | |
CoreCode |
#include <stdio.h> | |
#include <stdint.h> | |
#include <mach-o/loader.h> | |
#include <mach-o/dyld.h> | |
#include <mach-o/dyld_images.h> | |
#include <mach-o/nlist.h> | |
#include <mach/mach_vm.h> | |
#include <mach/mach_error.h> | |
#include <stdlib.h> |
Minimal dynamic library with one function in it.
#include <stdio.h>
void hello(const char *name) {
printf("hello %s\n", name);
}
// gcc pid_for_bundle.m -o pid_for_bundle -framework Foundation -framework AppKit | |
#import <Foundation/Foundation.h> | |
#import <AppKit/AppKit.h> | |
int main(int argc, const char **argv) { | |
if (argc != 2) { | |
printf("missing bundle identifier\n"); | |
printf("usage: %s com.example.name\n", argv[0]); | |
exit(-1); | |
} |
# .github/workflows/generate.yml | |
name: generate pdf | |
on: [push] | |
jobs: | |
generate: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: sudo apt-get install pandoc texlive-latex-base texlive-fonts-recommended texlive-fonts-extra texlive-latex-extra | |
- run: pip install weasyprint |
var Base = Process.getModuleByName("Base"); | |
var baseAddress = Base.base; | |
var jumpingAddress = ptr("0x50c20").add(baseAddress); | |
Memory.patchCode(jumpingAddress, 4, code => { | |
console.log("patchin first"); | |
const writer = new Arm64Writer(code, { pc: jumpingAddress }); | |
writer.putNop(); | |
}); | |
console.log("disassd", Instruction.parse(jumpingAddress)); |
let Pointer = Process.pointerSize; | |
let syms = Process.enumerateModules()[0].enumerateSymbols(); | |
let PCLNTAB = "runtime.pclntab" | |
let GOBUILDID = "go.buildid" | |
let GOROOTC = "runtime.defaultGOROOT.str" | |
let BUILDVERSIONC = "runtime.buildVersion.str" | |
let FIRSTMODULEDATAC = "runtime.firstmoduledata" | |
let GOSTRING = "go.string.*" |
package frida | |
/* | |
#include <frida-core.h> | |
#include <stdlib.h> | |
typedef struct _usb_device_data { | |
FridaDeviceManager *manager; | |
gint timeout; | |
GCancellable *cancellable; |
/* | |
1. First we need to obtain the aslr value address. | |
In case we are dealing with the first module we can use something like | |
var base = Process.enumerateModules()[0].base.sub(ptr('0x100000000')); | |
If we want it by the name, we can use var base = Module.findBaseAddress("name").base.sub(ptr('0x100000000')); | |
2. Get the address of the function/method we want to replace | |
3. Replace it using the Interceptor.replace in format |
ObjC.choose(ObjC.classes.UIAlertController, { | |
onMatch: function(instance) { | |
ObjC.schedule(ObjC.mainQueue, function() { | |
instance.dismissViewControllerAnimated_completion_(true, ptr(0x0)); | |
}) | |
}, | |
onComplete: function(){} | |
}) |