View ImportR2File.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idc | |
def define_func(addr, name): | |
idc.MakeCode(addr) | |
idc.MakeFunction(addr) | |
idc.MakeNameEx(addr, name, idc.SN_NOWARN) | |
print("%s @ %s" % (name, hex(addr))) |
View PanicParser.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import json | |
import re | |
kslide = 0x0 | |
if len(sys.argv) < 2: | |
print("Usage: PanicParser.py [file path]") | |
exit() |
View IOExternalMethodArguments.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct IOExternalMethodArguments | |
{ | |
uint32_t version; | |
uint32_t selector; | |
uint64_t asyncWakePort; | |
uint64_t asyncReference; | |
uint32_t asyncReferenceCount; | |
const uint64_t *scalarInput; | |
uint32_t scalarInputCount; | |
const void *structureInput; |
View mac_policies.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dump of iOS MACF policy operations | |
335 operations total | |
Only 148 present | |
AMFI.kext holds 18, Sandbox.kext holds 130 | |
Data dumped from iPhone9,3 running iOS 12.1.2 | |
AMFI policy: | |
operation mpo_cred_check_label_update_execve (6) is present |
View apfs_fs_snapshot_rename.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args) | |
{ | |
void *v_mount; // x0 | |
__int64 fs_private; // x19 | |
snap_info_args_struct *oldsnap_info; // x8 | |
__int64 oldname_len; // x20 | |
unsigned __int8 *oldname; // x21 | |
snap_info_args_struct *newsnap_info; // x8 | |
unsigned __int64 namelen; // x22 | |
unsigned __int8 *newname; // x23 |
View amfid.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib"); | |
inject_trust("/jb/amfid_payload.dylib"); | |
uint32_t amfid_pid = get_pid_for_name("amfid"); | |
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide); | |
VAL_CHECK(osbool_val); |
View ImportJokerFile.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idaapi | |
import idautils | |
import idc | |
content = "" | |
with open("/path/to/joker/file", "r") as f: | |
content = f.readlines() | |
for line in content: |
View netcat_shell_stuff.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
r = mkdir("/tmp/bash", 0700); | |
if(r != 0) | |
{ | |
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno)); | |
goto out; | |
} | |
pid_t pid = fork(); | |
if(pid == -1) | |
{ | |
NSLog(@"fork: %s", strerror(errno)); |
View ghost.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
lang=text | |
# See if language arg is given | |
if [ "$#" -eq "1" ]; then | |
lang=$1 | |
fi | |
echo "Using language: $lang" |
View KernelHelper.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Global Variables | |
KernelSlide = 0x0 | |
## Helper Functions | |
def isHex(val): | |
try: | |
int(val, 16) | |
return True |
NewerOlder