Skip to content

Instantly share code, notes, and snippets.

View Siguza's full-sized avatar

Siguza Siguza

1.9k followers · 0 following
View GitHub Profile
@Siguza
Siguza / zIVA_tfp0.md
Last active April 22, 2021 23:38

Sadly I don't have a dev device on iOS 10, but for anyone playing around with zIVA caring about the kernel task port:

Starting with iOS 10.3 (and macOS 10.12.4), Apple changed convert_port_to_locked_task (and a few other port-to-something conversion functions) to blacklist the kernel task by means of a direct check. As a result, you can still obtain the kernel task port, but almost all APIs will simply treat it like MACH_PORT_NULL, thus rendering it useless. The check is a simple pointer comparison though, so it can be circumvented by just remapping the task struct at an additional virtual address and creating a new port from that with a ROP equivalent of:

vm_map_remap(
    kernel_map,
    &remap_addr,
    sizeof(task_t),
    0,

VM_FLAGS_ANYWHERE | VM_FLAGS_RETURN_DATA_ADDR,

@Siguza
Siguza / dpkg_merge.c
Created October 6, 2017 09:19
// Siguza
// Treat as public domain.
#include <ctype.h> // isspace
#include <stdlib.h> // malloc, free,
#include <string.h> // strlen, strncmp, strstr
// Turn delimiter tokens into null terminators and
// create array of pointers to each new string.
static void destructive_split(char *str, const char *delim, char ***out, size_t *outlen)
@Siguza
Siguza / PayPalPhishing.md
Created February 15, 2018 15:02

Analysing some PayPal phishing

Not long ago I tweeted about some PayPal phishing mails I got, which appeared to use hacked websites for their cause, and of which all traces were gone 24h after my initial recon.
Well, I got another such mail:

Return-Path: <rcp133066@jmenviro.com>
X-Original-To: Contact@siguza.net
Delivered-To: siguza@siguza.net
Received: from linuxhosting09.rediff.com (host152-150.mxout.rediffmailpro.com [119.252.152.150])
@Siguza
Siguza / FullScreen.m
Last active April 22, 2021 23:38
// This is a patch for the macOS version of Graveyard Keeper (might work for arbitrary apps, but zero guarantees).
// The game completely fails to support fullscreen, yet runs beautifully with it if you force it to.
// So this patch simply brings back the functionality of the little green button in the window's upper left corner.
// I have sadly not found a way to automatically inject this by means of a Steam interface - if you do, please let me know!
// For the rest, you should probably be an advanced user to use this. No support or warranty.
// Compile and inject with:
// clang -shared -o FullScreen.dylib FullScreen.m -Wall -O3 -framework AppKit
// DYLD_INSERT_LIBRARIES=/path/to/FullScreen.dylib /path/to/Graveyard\ Keeper
@Siguza
Siguza / RealDarkStackOverflow.user.js
Created October 25, 2015 13:22 — forked from Tiny-Giant/RealDarkStackOverflow.user.js
// ==UserScript==
// @name Stack Overflow Real Dark
// @namespace http://github.com/TinyGiant/
// @description Real dark styling for Stack Overflow and some Stack Exchange sites
// @author @TinyGiant
// @run-at document-start
// @version 1.0.1.0
// @include /^https?:\/\/.*\.?stack(overflow|exchange).com/.*$/
// ==/UserScript==