Skip to content

Instantly share code, notes, and snippets.

💭
Mostly on gitlab.com/dweinstein these days...

David Weinstein dweinstein

💭
Mostly on gitlab.com/dweinstein these days...
Block or report user

Report or block dweinstein

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@dweinstein
dweinstein / xctesting_in_repl_or_script.swift
Last active Sep 6, 2018 — forked from lzell/xctesting_in_repl_or_script.swift
Using XCTest in the swift repl or standalone script
View xctesting_in_repl_or_script.swift
// Start repl with:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/
// Or run as script:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/ %
import Foundation
if dlopen("/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/XCTest.framework/XCTest", RTLD_NOW) == nil {
View ios_lockdown_diag_services.md

TL;DR

  • Pairing an iOS device to a host (computer running iTunes) gives that host significant access to data on the iOS device and requires connecting the unlocked iOS device to a host over USB
  • Once paired, that host (or another host that has stolen its pairing record) can access significant amounts of user personal data from the iOS device over USB and Wi-Fi through the com.apple.mobile.file_relay and com.apple.mobile.house_arrest lockdown services
  • These services will not return user data files that are encrypted and locked by iOS Data Protection but the files returned by file_relay are not protected by iOS Data Protection and do include significant amounts of personal user data that would otherwise be encrypted in iTunes encrypted backups ("Encrypt Backup" is enabled)
  • The com.apple.mobile.file_relay service is not used or referenced by any public Apple software so its intended client software is unknown outside of Apple
  • Apple released a [Knowledge Base article](https://support.apple.co
View gist:5b7cb239fe40e97d32388e23ebd8cccc
---> com.citi.citimobile Keybuilder 12 Asymm location: com.citi.corelibrary.utils.EligibilityChecks/boolean isSecureHardwareAvailable()/specialinvoke $r2.<android.security.keystore.KeyGenParameterSpec$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12) extra: u'specialinvoke $r2.<android.security.keystore.KeyGenParameterSpec$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12)' sslice:
---> com.citi.citimobile Keybuilder 5 Asymm location:
View sepsplit.c
/*
* SEP firmware split tool
*
* Copyright (c) 2017 xerub
*/
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
@dweinstein
dweinstein / ios_apps.csv
Last active Mar 12, 2017
Sample of popular apps observed (via dynamic analysis) to possibly use Cloudflare https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps
View ios_apps.csv
application_id package_name title version_string domain
282935706 tv.lifechurch.bible Bible 7.2 cloudflare.com
284910350 com.yelp.yelpiphone Yelp 11.4.0 cloudflare.com
290853822 net.box.BoxNet Box for iPhone and iPad 4.0.1 cloudflare.com
300255638 com.abcnews.ABCNews ABC News – Watch Breaking US & World News, Live Video & Election Coverage 5.10.0 cloudflare.com
304154888 com.nicusa.FBIMostWanted Most Wanted 2.3 cloudflare.com
319881193 com.grindrguy.grindrx Grindr - Gay, bi, social networking and dating app to chat and meet guys 3.0.13 cloudflare.com
322439990 com.fboweb.MyRadar MyRadar NOAA Weather Radar – Forecasts, Storms, and Earthquakes 4.4.4 cloudflare.com
327630330 com.getdropbox.Dropbox Dropbox 28.2 cloudflare.com
329913454 com.crunchyroll.iphone Crunchyroll - Everything Anime 3.00.2 cloudflare.com
@dweinstein
dweinstein / guess-encoding.js
Last active Oct 21, 2016
Guess encoding of zip based on `_zip_guess_encoding` from libzip
View guess-encoding.js
'use strict';
const ZIP_ENCODING_UNKNOWN = 0;
const ZIP_ENCODING_ASCII = 1;
const ZIP_ENCODING_UTF8_KNOWN = 2;
const ZIP_ENCODING_UTF8_GUESSED = 3;
const ZIP_ENCODING_CP437 = 4;
const ZIP_ENCODING_ERROR = 5;
module.exports.zipEncodings = {
@dweinstein
dweinstein / 0README.md
Last active Oct 9, 2016
Template for organizing Frida agents. Should make it easier for community to be able to reuse code. Example device side agents and how to potentially organize them.
View 0README.md

SUMMARY

The idea here is to organize multiple agent scripts into modules that can be combined into an aggregated agent.

frida agents generally live under e.g., an ./lib/agents directory in a top level project.

TODO

For each agent script we need a top level runner and then we use frida-compile to build into a single agent script that we can load.

@dweinstein
dweinstein / example.md
Last active Jun 10, 2016
configuration / CLI options via RC or env node.js
View example.md
// config.js
const config = require('rc')('setupios', {
  default: 'value',
  other: {
     thing: 'blah'
  }
});
@dweinstein
dweinstein / nexus7-MOB30J.js
Last active May 16, 2016
nexus 7 razor MOB30J 6.0.1 android
View nexus7-MOB30J.js
'use strict';
const tsml = require('tsml');
const USER_AGENT = tsml`Android-Finsky/6.4.12.C-all%20%5B0%5D%202744941
(api=3,versionCode=80641200,sdk=23,device=flo,hardware=flo,product=razor,
platformVersionRelease=6.0.1,model=Nexus%207,buildId=MOB30J,isWideScreen=0)`;
const DOWNLOAD_MANAGER_USER_AGENT = tsml`AndroidDownloadManager/6.0.1
(Linux; U; Android 6.0.1; Nexus 7 Build/MOB30J)`;
module.exports = {
USER_AGENT: USER_AGENT,
@dweinstein
dweinstein / build-libevent-ios.sh
Created Feb 1, 2016 — forked from ursachec/build-libevent-ios.sh
libevent build script for iOS
View build-libevent-ios.sh
#!/bin/bash
set -u
# Setup architectures, library name and other vars + cleanup from previous runs
ARCHS=("armv7" "armv7s" "i386")
SDKS=("iphoneos" "iphoneos" "macosx")
LIB_NAME="libevent-2.0.21-stable"
TEMP_DIR="$(pwd)/tmp"
TEMP_LIB_PATH="$(pwd)/tmp/${LIB_NAME}"
You can’t perform that action at this time.