Skip to content

Instantly share code, notes, and snippets.

Ben Sparkes PsychoTea

View GitHub Profile
View mac_policies.txt
Dump of iOS MACF policy operations
335 operations total
Only 148 present
AMFI.kext holds 18, Sandbox.kext holds 130
Data dumped from iPhone9,3 running iOS 12.1.2
AMFI policy:
operation mpo_cred_check_label_update_execve (6) is present
View apfs_fs_snapshot_rename.c
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args)
{
void *v_mount; // x0
__int64 fs_private; // x19
snap_info_args_struct *oldsnap_info; // x8
__int64 oldname_len; // x20
unsigned __int8 *oldname; // x21
snap_info_args_struct *newsnap_info; // x8
unsigned __int64 namelen; // x22
unsigned __int8 *newname; // x23
@PsychoTea
PsychoTea / amfid.c
Created Feb 18, 2019
amfid_payload w/ task_for_pid-allow patch
View amfid.c
{
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib");
inject_trust("/jb/amfid_payload.dylib");
uint32_t amfid_pid = get_pid_for_name("amfid");
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide);
VAL_CHECK(osbool_val);
@PsychoTea
PsychoTea / ImportJokerFile.py
Created Nov 17, 2018
Import a Joker helper file into IDA
View ImportJokerFile.py
import idaapi
import idautils
import idc
content = ""
with open("/path/to/joker/file", "r") as f:
content = f.readlines()
for line in content:
View netcat_shell_stuff.c
r = mkdir("/tmp/bash", 0700);
if(r != 0)
{
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno));
goto out;
}
pid_t pid = fork();
if(pid == -1)
{
NSLog(@"fork: %s", strerror(errno));
@PsychoTea
PsychoTea / ghost.sh
Created Jul 19, 2018
A script which takes input from STDIN and creates a pastie on ghostbin.com
View ghost.sh
#!/bin/bash
lang=text
# See if language arg is given
if [ "$#" -eq "1" ]; then
lang=$1
fi
echo "Using language: $lang"
@PsychoTea
PsychoTea / KernelHelper.py
Created Feb 28, 2018
A small python3 helper for dealing with kernel slides and basic hexadecimal arithmetic
View KernelHelper.py
## Global Variables
KernelSlide = 0x0
## Helper Functions
def isHex(val):
try:
int(val, 16)
return True
@PsychoTea
PsychoTea / PanicParser.py
Created Feb 28, 2018
Parses an iOS .ips panic log and gives useful stack trace output
View PanicParser.py
import sys
import json
if len(sys.argv) < 2:
print("Usage: PanicParser.py [file path]")
exit()
filePath = sys.argv[1]
fileData = ""
@PsychoTea
PsychoTea / BuildIPA.sh
Created Jan 5, 2018
Builds an iOS app IPA from the first found .xcarchive file in the current directory
View BuildIPA.sh
## Builds an IPA from the first found .xcarchive file in the current directory
currDir=$(dirname $0)
archiveName=$(ls $currDir | grep -m1 .xcarchive)
appName=$(echo "${archiveName%% *}")
echo Building an IPA for $appName...
archivePath=$currDir/$archiveName
View keybase.md

Keybase proof

I hereby claim:

  • I am psychotea on github.
  • I am psychotea (https://keybase.io/psychotea) on keybase.
  • I have a public key ASChk3b2bHn9s4W3FEv3bpHC9D-_NgC4dDdKyGout3tOWQo

To claim this, I am signing this object:

You can’t perform that action at this time.