Brandon Azad bazad
bazad
/ ios-12-kernelcache-tagged-pointers.py
Created
June 20, 2018 19:37
Working with the new iOS 12 kernelcache's tagged pointers in IDA.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ios-12-kernelcache-tagged-pointers.py | |
| # Brandon Azad | |
| # | |
| # An idapython script that shows how to work with the new tagged pointers in the iOS 12 | |
| # kernelcache. | |
| # | |
| import idc | |
| import idaapi |
bazad
/ build-xnu-4570.41.2.sh
Created
June 12, 2018 20:30
A script to build XNU version 4570.41.2 (macOS High Sierra 10.13.3) on macOS 10.13.5 with Xcode 9.4.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.41.2.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.41.2 on macOS High Sierra | |
| # 10.13.5 with Xcode 9.4. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ build-xnu-4570.71.2.sh
Created
November 8, 2018 19:07
A script to build XNU version 4570.71.2 (macOS High Sierra 10.13.6) on macOS 10.13.6 with Xcode 9.4.1.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.71.2.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.71.2 (which corresponds to | |
| # macOS 10.13.6) on macOS High Sierra 10.13.6 with Xcode 9.4.1. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ build-xnu-4903.221.2.sh
Created
January 28, 2019 19:18
A script to build XNU version 4903.221.2 (macOS High Sierra 10.14.1) on macOS 10.14.1 with Xcode 9.4.1.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4903.221.2.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4903.221.2 (which corresponds to | |
| # macOS 10.14.1) on macOS High Sierra 10.14.1 with Xcode 9.4.1. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ process_AArch64_SysReg_xml_v86A-2020-03.py
Created
June 19, 2020 02:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import html | |
| import os | |
| import re | |
| directory = os.fsencode('SysReg_xml_v86A-2020-03') | |
| def output_reg(name, description, spec): | |
| assert(all(map(lambda x: type(x) == int, spec))) | |
| print("{:020b} 'S{}_{}_c{}_c{}_{}' : ( '{}', '{}' ),".format( | |
| (spec[0] << 16) + (spec[1] << 12) + (spec[2] << 8) + (spec[3] << 4) + (spec[4] << 0), |
bazad
/ if_value.h
Created
September 11, 2019 22:44
A C preprocessor macro to test whether a macro parameter has a value.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // if_value.h | |
| // Brandon Azad | |
| // | |
| // Public domain | |
| // | |
| #ifndef IF_VALUE | |
| /* |
bazad
/ A12-page-table-walk.c
Created
May 17, 2019 05:22
A C implementation of a simple page table walk on A12 devices (iOS 12.1.2).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint64_t | |
| aarch64_page_table_lookup(uint64_t ttbr, uint64_t vaddr, | |
| uint64_t *l1_tte_, uint64_t *l2_tte_, uint64_t *l3_tte_) { | |
| const uint64_t pg_bits = 14; | |
| const uint64_t l1_size = 3; | |
| const uint64_t l2_size = 11; | |
| const uint64_t l3_size = 11; | |
| const uint64_t tte_physaddr_mask = ((1uLL << 40) - 1) & ~((1 << pg_bits) - 1); | |
| uint64_t l1_index = (vaddr >> (l2_size + l3_size + pg_bits)) & ((1 << l1_size) - 1); | |
| uint64_t l2_index = (vaddr >> (l3_size + pg_bits)) & ((1 << l2_size) - 1); |
bazad
/ find_kernel_base_checkra1n.c
Created
November 21, 2019 02:46
A demo of one way to find the kernel base on iOS 13.2.2 on an iPhone 8 using the kernel task port as exposed by checkra1n 0.9.5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <assert.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| // ---- mach_vm.h --------------------------------------------------------------------------------- | |
| extern | |
| kern_return_t mach_vm_read_overwrite | |
| ( |
bazad
/ build-xnu-4570.1.46.sh
Created
October 6, 2017 21:24
A script to build XNU version 4570.1.46 (macOS High Sierra 10.13).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.1.46.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.1.46 on MacOS High Sierra | |
| # 10.13 with Xcode 9. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ build-xnu-4570.61.1.sh
Created
November 13, 2018 21:30
A script to build XNU version 4570.61.1 (macOS High Sierra 10.13.5) on macOS 10.13.5 with Xcode 9.4.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.61.1.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.61.1 (which corresponds to | |
| # macOS 10.13.5) on macOS High Sierra 10.13.5 with Xcode 9.4. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
OlderNewer