Skip to content

Instantly share code, notes, and snippets.

View ay-kay's full-sized avatar

Andreas Kurtz ay-kay

26 followers · 12 following
View GitHub Profile
@ay-kay
ay-kay / keybase.md
Created October 15, 2017 11:48

hKRib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgEWC559TTMHZRpLt5vsa6QYbHfVd+/36aRKyyxvAr7mAKp3BheWxvYWTFAzh7ImJvZHkiOnsia2V5Ijp7ImVsZGVzdF9raWQiOiIwMTAxY2U1YzY5MDY2ZjVmMDg1YzM0NDU1NDVmMWI4YmYxYTdlMzhhMDI2NDYxMmQ1M2ZkMmVkNDM2Zjg5MzNmMmE2ODBhIiwiaG9zdCI6ImtleWJhc2UuaW8iLCJraWQiOiIwMTIwMTE2MGI5ZTdkNGQzMzA3NjUxYTRiYjc5YmVjNmJhNDE4NmM3N2Q1NzdlZmY3ZTlhNDRhY2IyYzZmMDJiZWU2MDBhIiwidWlkIjoiNDcxNTA5ZTFhOWZkYjVkYmYzMzBjYzkxN2YwNTM0MDAiLCJ1c2VybmFtZSI6ImF5a2F5In0sIm1lcmtsZV9yb290Ijp7ImN0aW1lIjoxNTA4MDY4MDQxLCJoYXNoIjoiOWYxMGU1MGI3ZWMzZDE1YzEwNmVhNDNlYmI3NzE0ZGUxYjg0YTFhYWI2NjE4NGQ0Mzg4NGE1MzRkODEzOTAyYTQ4OTZhYTA3ZTRmOTg3ZWY5MGE1Yjk3NjMxNGVhMWY3MjdmMThhZTMxZDAzZjViOTBmNmUzMGZhZGUxMGQwY2UiLCJoYXNoX21ldGEiOiJiNWU4ZmQ4NDA1NTIxMTc4ZjE1MjAyMTQxNzYwNDUyNGY1MmMwNmYzNDRhZjExNjkyNTIwMzVjZjZlNzU1NTY5Iiwic2Vxbm8iOjE1ODA2MDd9LCJzZXJ2aWNlIjp7Im5hbWUiOiJnaXRodWIiLCJ1c2VybmFtZSI6ImF5LWtheSJ9LCJ0eXBlIjoid2ViX3NlcnZpY2VfYmluZGluZyIsInZlcnNpb24iOjF9LCJjbGllbnQiOnsibmFtZSI6ImtleWJhc2UuaW8gZ28gY2xpZW50IiwidmVyc2lvbiI6IjEuMC4zMyJ9LCJjdGltZSI6

@ay-kay
ay-kay / screen.m
Last active August 30, 2017 15:36
Determine screen recording status in iOS 11
if (@available(iOS 11.0, *)) {
[[NSNotificationCenter defaultCenter] addObserver:self
selector:@selector(capturedChange)
name:UIScreenCapturedDidChangeNotification object:nil];
}
..
@ay-kay
ay-kay / YiSpecter_issues.md
Last active October 21, 2015 15:19
YiSpecter targeting non-jailbroken devices

In @PaloAltoNtwks recent report on YiSpecter it is said that "NoIcon (..) is the main malicious component of YiSpecter". In order to being able to invoke the private MobileInstallation API, NoIcon claims the required private entitlement key com.apple.private.mobileinstall.allowedSPI. This can be seen from the provided samples.

Entitlements of the app bundle:

$ codesign -d --entitlements :- "Payload/NoIcon.app/"
Executable=./Trojan_iPhoneOS_YiSpecter_samples/Payload/NoIcon.app/NoIcon
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">