Skip to content

Instantly share code, notes, and snippets.

@LukeZGD
LukeZGD / Home Depot Offsets iOS 8.x.txt
Last active January 9, 2024 14:58
Home Depot Offsets iOS 8.x
Home Depot Offsets iOS 8.x.
Found with the help of https://github.com/Merculous/OF32
bufattr_cpx and bx_lr offsets: first result of searching hex 00687047
A5 offsets should work. tested working: 8.0, 8.3, 8.4.1
A6 does not seem to work at all on Home Depot, possibly because of something to do with the Trident exploit.
A5 8.0-8.0.2
0x2c5308
0x2c73e8
0x1ba80
@MTACS
MTACS / hosted.md
Last active November 30, 2023 22:16
Hosted Preference bundle

Hosted Preference Bundles

Create a "hosted" view of a preference bundle outside of Preferences.app, and in a dedicated application.

For application

  • Create new tweak using "iphone/application_modern" template
  • In the app's delegate file add the following to the -(void)applicationDidFinishLaunching:(UIApplication *)application; method:
@m1stadev
m1stadev / generator-apnonce.md
Last active March 8, 2024 18:01
Short guide on how to get a generator-apnonce pair for A12+ iOS devices (both jailbroken and non-jailbroken).

What's nonce entanglement?

Beginning with devices using an A12 SoC or higher, Apple introduced nonce entangling.

  • This meant that, when saving SHSH blobs, a nonce generator would generate a different ApNonce for each device.
  • When saving SHSH blobs for an A12+ device, you now must find a generator-ApNonce pair for your device, then use that generator-ApNonce pair when saving SHSH blobs.
  • After you have found a generator-ApNonce pair for your device, you can save it and re-use it whenever you save SHSH blobs again.

Getting a generator-ApNonce pair (jailbroken)

  1. (iOS 14+ only) Install an iOS kernel r/w library.
    • On Taurine, install libkernrw.
  • On unc0ver, install libkrw.
@LukeZGD
LukeZGD / com.atwiiks.controlcenterx5.plist
Last active January 9, 2024 15:09
Horseshoe plist. To be placed in: /var/mobile/Library/Preferences
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>SectionsEnabledIdentifiers</key>
<array>
<string>com.apple.controlcenter.settings</string>
<string>com.apple.controlcenter.brightness</string>
<string>com.atwiiks.controlcenterx.volume-slider</string>
<string>com.atwiiks.controlcenterx.air-night</string>
@Siguza
Siguza / phoenix.c
Last active September 2, 2024 15:49
Phœnix exploit / iOS 9.3.5
// Bugs by NSO Group / Ian Beer.
// Exploit by Siguza & tihmstar.
// Thanks also to Max Bazaliy.
#include <stdint.h> // uint32_t, uint64_t
#include <stdio.h> // fprintf, stderr
#include <string.h> // memcpy, memset, strncmp
#include <unistd.h> // getpid
#include <mach/mach.h>
#include <stdlib.h>
@LukeZGD
LukeZGD / untether-patch.md
Last active January 9, 2024 15:09
Disable EtasonJB's "bootloop protection"
@tihmstar
tihmstar / Odyssey14_leak.cpp
Last active April 27, 2021 17:13
Stable internal kernelRW primitives #odyssey14 #leak
extern "C"
void initKernRw(mach_port_t dstTask, uint64_t dstTaskAddr, uint64_t (*kread64)(uint64_t addr), void (*write_20)(uint64_t addr, const void *buf)){
KernelRW *newKrw = new KernelRW;
auto p = newKrw->getPrimitivepatches(kread64,dstTaskAddr);
{
uint8_t buf[20];
for (int i=0; i<sizeof(buf); i+=8) {
*((uint64_t*)&buf[i]) = kread64(p.where-20+8+4+i);
@nullpixel
nullpixel / write_memory.c
Last active October 17, 2021 16:12
MSHookMemory wrapper for all modern jailbreaks.
#include <mach/mach.h> // mach_task_self, vm_protect
#include <substrate.h> // MSFindSymbol
// MARK: - Types
typedef void (*MSHookMemory_ptr_t)(void *target, const void *data, size_t size);
#define ENSURE_KERN_SUCCESS(ret) \
if (ret != KERN_SUCCESS) { \
@jakeajames
jakeajames / patch.sh
Last active June 29, 2024 16:22
Make h3lix work when installed not-via-Impactor. To be used with the latest h3lix.
if [ $# != 2 ]; then
echo "Usage: $0 /path/to/input_ipa /path/to/output_ipa"
exit 1
fi
if ! [ -f $1 ]; then
echo "'$1' does not exist"
exit 1
fi
@TheRealKeto
TheRealKeto / FuturerestoreGuide.md
Last active July 13, 2024 14:22
A guide fully covering the process of using Futurerestore to upgrade, downgrade, or re-restore to an unsigned iOS firmware.

Futurerestore Guide

Futurerestore is a tool that allows users to upgrade, downgrade, or re-restore their iOS device to an unsigned firmware through the use of SHSH2 blobs. This guide will teach you how to use Futurerestore in order to upgrade, downgrade, or re-restore to an unsigned firmware.

Before continuing, keep in mind that this guide is based off of this one, and contains information that can change your device's behavior or even damage it. With that in mind, please read the guide fully, as no one but YOU will be held responsible for any damage caused to your device.

Notes and Hints

Throughout the entirety of this guide, keep in mind that:

  • iOS 13.1.3's SEP and Baseband are NOT compatible with iOS 12.x for all devices. This means that you're NOT able to upgrade, downgrade, or re-restore A10-A12X devices back to iOS 12.x. Attempting to use an incompatible SEP and Baseband will cause Futureresto