SYS_exit
SYS_read
SYS_write
SYS_open
SYS_close
SYS_link
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/sbin/dtrace -s | |
#pragma D option flowindent | |
/* monitor file open */ | |
syscall::open:entry | |
{ | |
printf("%s %s", execname, copyinstr(arg0)); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <fcntl.h> | |
#include <sys/types.h> | |
#include <sys/stat.h> | |
#include <sys/syscall.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# gdbGetStrippedSymbols.sh | |
# @author Dominik Hadl (@dominikhadl) | |
# @description This script automates the setup of gdb on a stripped applicaiton adds symbols. It uses objc-symbols to get the symbols, | |
# then SymTabCreator and finally creates a command that is automatically loaded into gdb on start. | |
# @license Licensed under WTFPL license (see http://www.wtfpl.net/txt/copying/ for full license). | |
# @dependencies | |
# 1. objc-symbols | |
# 2. SymTabCreator | |
# 3. gdb (really non-obvious) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
======== dyld by Proteas ======== | |
seg name: __PAGEZERO | |
seg name: __TEXT | |
seg name: __DATA | |
seg name: __LINKEDIT | |
ImageLoader=72, ImageLoaderMachO=120, ImageLoaderMachOClassic=144, ImageLoaderMachOCompressed=128 | |
notifySingle(state=10, image=/bin/ls) | |
addMappedRange(0x100000000->0x10000A000) for ls | |
sSharedCacheSlide=0x57333000, loadedAddress=0x7fffc7333000, preferedLoadAddress=0x7fff70000000 | |
addRootImage(0x7fdce1f01eb0, /bin/ls) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*** ent-list-17E262-iPhone11,2.json 2020-05-25 11:16:14.000000000 +0800 | |
--- ent-list-17F75-iPhone11,2.json 2020-05-25 11:02:29.000000000 +0800 | |
*************** | |
*** 389,394 **** | |
--- 389,395 ---- | |
"com.apple.developer.default-data-protection", | |
+ "com.apple.developer.exposure-notification", | |
"com.apple.developer.extension-host.photo-editing", | |
*************** | |
*** 820,826 **** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
all: driver exp | |
driver: dummymod.c | |
cc -D_KERNEL -m64 -xmodel=kernel -c dummymod.c | |
/usr/bin/ld -r -o dummy dummymod.o | |
exp: | |
cc -o hexp hexpl.c -lsched -m64 -lkstat | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/sbin/dtrace -C -s | |
/* | |
requirement: disable SIP | |
*/ | |
#pragma D option quiet | |
BEGIN { | |
printf("vm_kernel_slide: 0x%p\n", (`vm_kernel_slide)); | |
printf("vm_kernel_base: 0x%p\n", (`vm_kernel_base)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# DeCrypt - v1.2 (2013-02-05) | |
# - v1.1 (2008-10-21) | |
# - v1.2 (2013-02-05) | |
# FloydianSlip, Proteas | |
# | |
# Heavily based on xcrack | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/mac_policy_ops.c b/mac_policy_ops.c | |
index 798bd29..bb3c425 100644 | |
--- a/mac_policy_ops.c | |
+++ b/mac_policy_ops.c | |
@@ -2,10 +2,10 @@ struct mac_policy_ops | |
{ | |
mpo_audit_check_postselect_t *mpo_audit_check_postselect; | |
mpo_audit_check_preselect_t *mpo_audit_check_preselect; | |
- mpo_bpfdesc_label_associate_t *mpo_bpfdesc_label_associate; | |
- mpo_bpfdesc_label_destroy_t *mpo_bpfdesc_label_destroy; |
OlderNewer