I hereby claim:
- I am psychotea on github.
- I am psychotea (https://keybase.io/psychotea) on keybase.
- I have a public key ASChk3b2bHn9s4W3FEv3bpHC9D-_NgC4dDdKyGout3tOWQo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
## Builds an IPA from the first found .xcarchive file in the current directory | |
currDir=$(dirname $0) | |
archiveName=$(ls $currDir | grep -m1 .xcarchive) | |
appName=$(echo "${archiveName%% *}") | |
echo Building an IPA for $appName... | |
archivePath=$currDir/$archiveName |
import sys | |
import json | |
import re | |
kslide = 0x0 | |
if len(sys.argv) < 2: | |
print("Usage: PanicParser.py [file path]") | |
exit() |
## Global Variables | |
KernelSlide = 0x0 | |
## Helper Functions | |
def isHex(val): | |
try: | |
int(val, 16) | |
return True |
#!/bin/bash | |
lang=text | |
# See if language arg is given | |
if [ "$#" -eq "1" ]; then | |
lang=$1 | |
fi | |
echo "Using language: $lang" |
r = mkdir("/tmp/bash", 0700); | |
if(r != 0) | |
{ | |
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno)); | |
goto out; | |
} | |
pid_t pid = fork(); | |
if(pid == -1) | |
{ | |
NSLog(@"fork: %s", strerror(errno)); |
import idaapi | |
import idautils | |
import idc | |
content = "" | |
with open("/path/to/joker/file", "r") as f: | |
content = f.readlines() | |
for line in content: |
{ | |
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib"); | |
inject_trust("/jb/amfid_payload.dylib"); | |
uint32_t amfid_pid = get_pid_for_name("amfid"); | |
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide); | |
VAL_CHECK(osbool_val); |
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args) | |
{ | |
void *v_mount; // x0 | |
__int64 fs_private; // x19 | |
snap_info_args_struct *oldsnap_info; // x8 | |
__int64 oldname_len; // x20 | |
unsigned __int8 *oldname; // x21 | |
snap_info_args_struct *newsnap_info; // x8 | |
unsigned __int64 namelen; // x22 | |
unsigned __int8 *newname; // x23 |
Dump of iOS MACF policy operations | |
335 operations total | |
Only 148 present | |
AMFI.kext holds 18, Sandbox.kext holds 130 | |
Data dumped from iPhone9,3 running iOS 12.1.2 | |
AMFI policy: | |
operation mpo_cred_check_label_update_execve (6) is present |