Siguza Siguza

## storagealert.sh
#!/bin/bash

# Setup:
# 0. Have a mail server set up, or something that provides `sendmail` with proper sender permissions.
# 1. Adjust the $drive, $buckets, $from and $to variables below to suit your needs.
# 2. Create /var/local/storagealert/$drive.txt and write 0 to it.
# 3. Put this script at /etc/cron.hourly/storagealert with chmod 0755.

set -e;

## phoenix.c
// Bugs by NSO Group / Ian Beer.
// Exploit by Siguza & tihmstar.
// Thanks also to Max Bazaliy.

#include <stdint.h>             // uint32_t, uint64_t
#include <stdio.h>              // fprintf, stderr
#include <string.h>             // memcpy, memset, strncmp
#include <unistd.h>             // getpid
#include <mach/mach.h>
#include <stdlib.h>

## assym.c
#include <fcntl.h>
#include <stdio.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <mach-o/loader.h>
#include <mach-o/nlist.h>

int main(int argc, const char **argv)
{
    if(argc != 2)

## pallas.sh
#!/usr/bin/env zsh

set -e;
set +m; # Job control would've been nice, but manual round robin it is, sigh.

if [ -z "${ZSH_VERSION+x}" ]; then
    echo 'Try again with zsh.';
    exit 1;
fi;

## FullScreen.m
// This is a patch for the macOS version of Graveyard Keeper (might work for arbitrary apps, but zero guarantees).
// The game completely fails to support fullscreen, yet runs beautifully with it if you force it to.
// So this patch simply brings back the functionality of the little green button in the window's upper left corner.
// I have sadly not found a way to automatically inject this by means of a Steam interface - if you do, please let me know!
// For the rest, you should probably be an advanced user to use this. No support or warranty.
// Compile and inject with:

// clang -shared -o FullScreen.dylib FullScreen.m -Wall -O3 -framework AppKit
// DYLD_INSERT_LIBRARIES=/path/to/FullScreen.dylib /path/to/Graveyard\ Keeper

## JBdetection.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              17 stars
            
          
                Siguza
                / JBdetection.md
            
            
              Created
              March 18, 2018 03:19
            
          
    Thoughts on jailbreak detection

The controversy of jailbreak detection has been brought up multiple times in my Twitter feed, so in order to not have to repeat myself, I'll write my thoughts down here.

One day I'll hopefully get round to set up a realistic blog and then I'll move this there, but for now I'll just dump it here on GitHub.
Motivation

Hi. I'm Siguza, and among other things I write exploits for a hobby and help make jailbreaks. One of the reasons I do that is because I believe we should have the ability to run whatever we want on our iDevices, just as we do with laptops and desktop computers. Now, a lot of app developers however seem to despise jailbreaks, and try to make their apps refuse service on jailbroken devices. I think that firstly sucks big time, and secondly always misses the point. From what I gathered, the two arguments for using jailbreak detection seem to be:

"J


## PayPalPhishing.md

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              3 stars
            
          
                Siguza
                / PayPalPhishing.md
            
            
              Created
              February 15, 2018 15:02
            
          
    Analysing some PayPal phishing

Not long ago I tweeted about some PayPal phishing mails I got, which appeared to use hacked websites for their cause, and of which all traces were gone 24h after my initial recon.

Well, I got another such mail:
Return-Path: <rcp133066@jmenviro.com>
X-Original-To: Contact@siguza.net
Delivered-To: siguza@siguza.net
Received: from linuxhosting09.rediff.com (host152-150.mxout.rediffmailpro.com [119.252.152.150])


## dsc_syms.c
// Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c

## dpkg_merge.c
// Siguza
// Treat as public domain.

#include <ctype.h>              // isspace
#include <stdlib.h>             // malloc, free,
#include <string.h>             // strlen, strncmp, strstr

// Turn delimiter tokens into null terminators and
// create array of pointers to each new string.
static void destructive_split(char *str, const char *delim, char ***out, size_t *outlen)

## zIVA_tfp0.md

      
              1 file
            
          
              2 forks
            
          
              5 comments
            
          
              9 stars
            
          
                Siguza
                / zIVA_tfp0.md
            
            
              Last active
              April 22, 2021 23:38
            
          
    Sadly I don't have a dev device on iOS 10, but for anyone playing around with zIVA caring about the kernel task port:
Starting with iOS 10.3 (and macOS 10.12.4), Apple changed convert_port_to_locked_task (and a few other port-to-something conversion functions) to blacklist the kernel task by means of a direct check. As a result, you can still obtain the kernel task port, but almost all APIs will simply treat it like MACH_PORT_NULL, thus rendering it useless. The check is a simple pointer comparison though, so it can be circumvented by just remapping the task struct at an additional virtual address and creating a new port from that with a ROP equivalent of:
vm_map_remap(
    kernel_map,
    &remap_addr,
    sizeof(task_t),
    0,

VM_FLAGS_ANYWHERE | VM_FLAGS_RETURN_DATA_ADDR,
	#!/bin/bash

	# Setup:
	# 0. Have a mail server set up, or something that provides `sendmail` with proper sender permissions.
	# 1. Adjust the $drive, $buckets, $from and $to variables below to suit your needs.
	# 2. Create /var/local/storagealert/$drive.txt and write 0 to it.
	# 3. Put this script at /etc/cron.hourly/storagealert with chmod 0755.

	set -e;
	// Bugs by NSO Group / Ian Beer.
	// Exploit by Siguza & tihmstar.
	// Thanks also to Max Bazaliy.

	#include <stdint.h> // uint32_t, uint64_t
	#include <stdio.h> // fprintf, stderr
	#include <string.h> // memcpy, memset, strncmp
	#include <unistd.h> // getpid
	#include <mach/mach.h>
	#include <stdlib.h>
	#include <fcntl.h>
	#include <stdio.h>
	#include <sys/mman.h>
	#include <sys/stat.h>
	#include <mach-o/loader.h>
	#include <mach-o/nlist.h>

	int main(int argc, const char **argv)
	{
	if(argc != 2)
	#!/usr/bin/env zsh

	set -e;
	set +m; # Job control would've been nice, but manual round robin it is, sigh.

	if [ -z "${ZSH_VERSION+x}" ]; then
	echo 'Try again with zsh.';
	exit 1;
	fi;
	// This is a patch for the macOS version of Graveyard Keeper (might work for arbitrary apps, but zero guarantees).
	// The game completely fails to support fullscreen, yet runs beautifully with it if you force it to.
	// So this patch simply brings back the functionality of the little green button in the window's upper left corner.
	// I have sadly not found a way to automatically inject this by means of a Steam interface - if you do, please let me know!
	// For the rest, you should probably be an advanced user to use this. No support or warranty.
	// Compile and inject with:

	// clang -shared -o FullScreen.dylib FullScreen.m -Wall -O3 -framework AppKit
	// DYLD_INSERT_LIBRARIES=/path/to/FullScreen.dylib /path/to/Graveyard\ Keeper
	// Siguza
	// Treat as public domain.

	#include <ctype.h> // isspace
	#include <stdlib.h> // malloc, free,
	#include <string.h> // strlen, strncmp, strstr

	// Turn delimiter tokens into null terminators and
	// create array of pointers to each new string.
	static void destructive_split(char str, const char delim, char **out, size_t outlen)