Keybase proof
I hereby claim:
- I am psychotea on github.
- I am psychotea (https://keybase.io/psychotea) on keybase.
- I have a public key ASChk3b2bHn9s4W3FEv3bpHC9D-_NgC4dDdKyGout3tOWQo
To claim this, I am signing this object:
PsychoTea
/ mac_policies.txt
Created Apr 18, 2019
View mac_policies.txt
| Dump of iOS MACF policy operations | |
| 335 operations total | |
| Only 148 present | |
| AMFI.kext holds 18, Sandbox.kext holds 130 | |
| Data dumped from iPhone9,3 running iOS 12.1.2 | |
| AMFI policy: | |
| operation mpo_cred_check_label_update_execve (6) is present |
PsychoTea
/ apfs_fs_snapshot_rename.c
Created Apr 17, 2019
View apfs_fs_snapshot_rename.c
| signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args) | |
| { | |
| void *v_mount; // x0 | |
| __int64 fs_private; // x19 | |
| snap_info_args_struct *oldsnap_info; // x8 | |
| __int64 oldname_len; // x20 | |
| unsigned __int8 *oldname; // x21 | |
| snap_info_args_struct *newsnap_info; // x8 | |
| unsigned __int64 namelen; // x22 | |
| unsigned __int8 *newname; // x23 |
View amfid.c
| { | |
| COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib"); | |
| inject_trust("/jb/amfid_payload.dylib"); | |
| uint32_t amfid_pid = get_pid_for_name("amfid"); | |
| uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide); | |
| VAL_CHECK(osbool_val); |
View ImportJokerFile.py
| import idaapi | |
| import idautils | |
| import idc | |
| content = "" | |
| with open("/path/to/joker/file", "r") as f: | |
| content = f.readlines() | |
| for line in content: |
View netcat_shell_stuff.c
| r = mkdir("/tmp/bash", 0700); | |
| if(r != 0) | |
| { | |
| NSLog(@"Failed to create /tmp/bash: %s", strerror(errno)); | |
| goto out; | |
| } | |
| pid_t pid = fork(); | |
| if(pid == -1) | |
| { | |
| NSLog(@"fork: %s", strerror(errno)); |
View ghost.sh
| #!/bin/bash | |
| lang=text | |
| # See if language arg is given | |
| if [ "$#" -eq "1" ]; then | |
| lang=$1 | |
| fi | |
| echo "Using language: $lang" |
PsychoTea
/ KernelHelper.py
Created Feb 28, 2018
A small python3 helper for dealing with kernel slides and basic hexadecimal arithmetic
View KernelHelper.py
| ## Global Variables | |
| KernelSlide = 0x0 | |
| ## Helper Functions | |
| def isHex(val): | |
| try: | |
| int(val, 16) | |
| return True |
PsychoTea
/ PanicParser.py
Created Feb 28, 2018
Parses an iOS .ips panic log and gives useful stack trace output
View PanicParser.py
| import sys | |
| import json | |
| if len(sys.argv) < 2: | |
| print("Usage: PanicParser.py [file path]") | |
| exit() | |
| filePath = sys.argv[1] | |
| fileData = "" |
PsychoTea
/ BuildIPA.sh
Created Jan 5, 2018
Builds an iOS app IPA from the first found .xcarchive file in the current directory
View BuildIPA.sh
| ## Builds an IPA from the first found .xcarchive file in the current directory | |
| currDir=$(dirname $0) | |
| archiveName=$(ls $currDir | grep -m1 .xcarchive) | |
| appName=$(echo "${archiveName%% *}") | |
| echo Building an IPA for $appName... | |
| archivePath=$currDir/$archiveName |
PsychoTea
/ keybase.md
Created Dec 22, 2017
View keybase.md