Skip to content

Instantly share code, notes, and snippets.

View PsychoTea's full-sized avatar

Ben Sparkes PsychoTea

View GitHub Profile
import idc
def define_func(addr, name):
idc.MakeCode(addr)
idc.MakeFunction(addr)
idc.MakeNameEx(addr, name, idc.SN_NOWARN)
print("%s @ %s" % (name, hex(addr)))
@PsychoTea
PsychoTea / PanicParser.py
Last active June 11, 2023 19:54
A collection of useful iOS-related scripts
import sys
import json
import re
kslide = 0x0
if len(sys.argv) < 2:
print("Usage: PanicParser.py [file path]")
exit()
struct IOExternalMethodArguments
{
uint32_t version;
uint32_t selector;
uint64_t asyncWakePort;
uint64_t asyncReference;
uint32_t asyncReferenceCount;
const uint64_t *scalarInput;
uint32_t scalarInputCount;
const void *structureInput;
Dump of iOS MACF policy operations
335 operations total
Only 148 present
AMFI.kext holds 18, Sandbox.kext holds 130
Data dumped from iPhone9,3 running iOS 12.1.2
AMFI policy:
operation mpo_cred_check_label_update_execve (6) is present
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args)
{
void *v_mount; // x0
__int64 fs_private; // x19
snap_info_args_struct *oldsnap_info; // x8
__int64 oldname_len; // x20
unsigned __int8 *oldname; // x21
snap_info_args_struct *newsnap_info; // x8
unsigned __int64 namelen; // x22
unsigned __int8 *newname; // x23
@PsychoTea
PsychoTea / amfid.c
Created February 18, 2019 01:23
amfid_payload w/ task_for_pid-allow patch
{
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib");
inject_trust("/jb/amfid_payload.dylib");
uint32_t amfid_pid = get_pid_for_name("amfid");
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide);
VAL_CHECK(osbool_val);
@PsychoTea
PsychoTea / ImportJokerFile.py
Created November 17, 2018 15:52
Import a Joker helper file into IDA
import idaapi
import idautils
import idc
content = ""
with open("/path/to/joker/file", "r") as f:
content = f.readlines()
for line in content:
@PsychoTea
PsychoTea / netcat_shell_stuff.c
Created August 12, 2018 19:18
// TODO: use this
r = mkdir("/tmp/bash", 0700);
if(r != 0)
{
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno));
goto out;
}
pid_t pid = fork();
if(pid == -1)
{
NSLog(@"fork: %s", strerror(errno));
@PsychoTea
PsychoTea / ghost.sh
Created July 19, 2018 08:38
A script which takes input from STDIN and creates a pastie on ghostbin.com
#!/bin/bash
lang=text
# See if language arg is given
if [ "$#" -eq "1" ]; then
lang=$1
fi
echo "Using language: $lang"
@PsychoTea
PsychoTea / KernelHelper.py
Created February 28, 2018 18:46
A small python3 helper for dealing with kernel slides and basic hexadecimal arithmetic
## Global Variables
KernelSlide = 0x0
## Helper Functions
def isHex(val):
try:
int(val, 16)
return True