Brandon Azad bazad
bazad
/ sep_firmware_split.py
Last active
April 12, 2024 05:18
Split a decrypted Apple SEP firmware image into individual Mach-O files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| # | |
| # sep_firmware_split.py | |
| # Brandon Azad | |
| # | |
| # Split a decrypted Apple SEP firmware image into individual Mach-O files. | |
| # | |
| # iPhone11,8 17C5053a https://twitter.com/s1guza/status/1203550760102969345 | |
| # iPhone11,8 17E255 https://twitter.com/s1guza/status/1244683851957522435 | |
| # |
bazad
/ devicetree-iPhone12,3-17C54.txt
Last active
March 22, 2024 08:21
iPhone12,3 17C54 device tree
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| device-tree: | |
| target-type (5): "D421" | |
| mlb-serial-number (32): "C07947707R3LTPJB" | |
| compatible (27): "D421AP\0iPhone12,3\0AppleARM\0" | |
| secure-root-prefix (3): "md" | |
| AAPL,phandle (4): 0x1 | |
| platform-name (32): "t8030" | |
| device_type (8): "bootrom" | |
| region-info (32): "LL/A" | |
| regulatory-model-number (32): "A2160" |
bazad
/ arm64_sysregs_ios.py
Created
July 17, 2020 19:58
Label iOS arm64 system registers in IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # arm64_sysregs_ios.py | |
| # Brandon Azad | |
| # | |
| # Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre. | |
| # | |
| import idautils | |
| import idc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Brandon Azad (@_bazad) | |
| #include <assert.h> | |
| #include <errno.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> |
bazad
/ git-xnu.sh
Last active
October 4, 2023 06:32
A script to create a git repository for Apple's XNU kernel source.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # git-xnu.sh | |
| # Brandon Azad | |
| # | |
| # A script to download Apple's XNU kernel source code and create a git | |
| # repository. | |
| # | |
| XNU_DIR="xnu" |
bazad
/ build-xnu-4903.241.1.sh
Created
September 13, 2019 21:11
A script to build XNU version 4903.241.1 (macOS High Sierra 10.14.3) on macOS 10.14.6 with Xcode 9.4.1.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4903.241.1.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4903.241.1 (which corresponds to | |
| # macOS 10.14.3) on macOS High Sierra 10.14.6 with Xcode 9.4.1. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ build-xnu-4570.61.1.sh
Created
November 13, 2018 21:30
A script to build XNU version 4570.61.1 (macOS High Sierra 10.13.5) on macOS 10.13.5 with Xcode 9.4.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.61.1.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.61.1 (which corresponds to | |
| # macOS 10.13.5) on macOS High Sierra 10.13.5 with Xcode 9.4. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ build-xnu-4570.1.46.sh
Created
October 6, 2017 21:24
A script to build XNU version 4570.1.46 (macOS High Sierra 10.13).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4570.1.46.sh | |
| # Brandon Azad | |
| # | |
| # A script showing how to build XNU version 4570.1.46 on MacOS High Sierra | |
| # 10.13 with Xcode 9. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a | |
| # backup of this directory first! |
bazad
/ find_kernel_base_checkra1n.c
Created
November 21, 2019 02:46
A demo of one way to find the kernel base on iOS 13.2.2 on an iPhone 8 using the kernel task port as exposed by checkra1n 0.9.5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <assert.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| // ---- mach_vm.h --------------------------------------------------------------------------------- | |
| extern | |
| kern_return_t mach_vm_read_overwrite | |
| ( |
bazad
/ A12-page-table-walk.c
Created
May 17, 2019 05:22
A C implementation of a simple page table walk on A12 devices (iOS 12.1.2).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint64_t | |
| aarch64_page_table_lookup(uint64_t ttbr, uint64_t vaddr, | |
| uint64_t *l1_tte_, uint64_t *l2_tte_, uint64_t *l3_tte_) { | |
| const uint64_t pg_bits = 14; | |
| const uint64_t l1_size = 3; | |
| const uint64_t l2_size = 11; | |
| const uint64_t l3_size = 11; | |
| const uint64_t tte_physaddr_mask = ((1uLL << 40) - 1) & ~((1 << pg_bits) - 1); | |
| uint64_t l1_index = (vaddr >> (l2_size + l3_size + pg_bits)) & ((1 << l1_size) - 1); | |
| uint64_t l2_index = (vaddr >> (l3_size + pg_bits)) & ((1 << l2_size) - 1); |
NewerOlder