Skip to content

Instantly share code, notes, and snippets.

View dweinstein's full-sized avatar

David Weinstein dweinstein

View GitHub Profile
ispy-console 2019-08-27 10:34:23.706613-0500 OfferUp[3150:69885] TIC SSL Trust Error [79:0x1c4376c80]: 3:0
ispy-console 2019-08-27 10:34:23.707447-0500 OfferUp[3150:69885] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2019-08-27 10:34:23.707847-0500 OfferUp[3150:69885] Task <85C2A93B-4CDD-4AE5-98FA-A42808ACDCD2>.<1> HTTP load failed (error code: -1202 [3:-9813])
ispy-console 2019-08-27 10:34:23.708246-0500 OfferUp[3150:70071] Task <85C2A93B-4CDD-4AE5-98FA-A42808ACDCD2>.<1> finished with error - code: -1202
dweinstein / xctesting_in_repl_or_script.swift
Last active September 6, 2018 15:49 — forked from lzell/xctesting_in_repl_or_script.swift
Using XCTest in the swift repl or standalone script
// Start repl with:
// $ xcrun swift -F xcrun swift -F /Applications/
// Or run as script:
// $ xcrun swift -F xcrun swift -F /Applications/ %
import Foundation
if dlopen("/Applications/", RTLD_NOW) == nil {
dweinstein /
Created June 19, 2018 04:15 — forked from ddz/
iOS Lockdown Diagnostic Services


  • Pairing an iOS device to a host (computer running iTunes) gives that host significant access to data on the iOS device and requires connecting the unlocked iOS device to a host over USB
  • Once paired, that host (or another host that has stolen its pairing record) can access significant amounts of user personal data from the iOS device over USB and Wi-Fi through the and lockdown services
  • These services will not return user data files that are encrypted and locked by iOS Data Protection but the files returned by file_relay are not protected by iOS Data Protection and do include significant amounts of personal user data that would otherwise be encrypted in iTunes encrypted backups ("Encrypt Backup" is enabled)
  • The service is not used or referenced by any public Apple software so its intended client software is unknown outside of Apple
  • Apple released a [Knowledge Base article](
---> Keybuilder 12 Asymm location: isSecureHardwareAvailable()/specialinvoke $r2.<$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12) extra: u'specialinvoke $r2.<$Builder: void <init>(java.lang.String,int)>("CitiTestHardware", 12)' sslice:
---> Keybuilder 5 Asymm location:
* SEP firmware split tool
* Copyright (c) 2017 xerub
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
dweinstein / ios_apps.csv
Last active March 12, 2017 19:38
Sample of popular apps observed (via dynamic analysis) to possibly use Cloudflare
application_id package_name title version_string domain
282935706 Bible 7.2
284910350 com.yelp.yelpiphone Yelp 11.4.0
290853822 Box for iPhone and iPad 4.0.1
300255638 com.abcnews.ABCNews ABC News – Watch Breaking US & World News, Live Video & Election Coverage 5.10.0
304154888 com.nicusa.FBIMostWanted Most Wanted 2.3
319881193 com.grindrguy.grindrx Grindr - Gay, bi, social networking and dating app to chat and meet guys 3.0.13
322439990 com.fboweb.MyRadar MyRadar NOAA Weather Radar – Forecasts, Storms, and Earthquakes 4.4.4
327630330 com.getdropbox.Dropbox Dropbox 28.2
329913454 com.crunchyroll.iphone Crunchyroll - Everything Anime 3.00.2
dweinstein / guess-encoding.js
Last active October 21, 2016 01:12
Guess encoding of zip based on `_zip_guess_encoding` from libzip
'use strict';
const ZIP_ENCODING_CP437 = 4;
module.exports.zipEncodings = {
dweinstein /
Last active October 9, 2016 15:36
Template for organizing Frida agents. Should make it easier for community to be able to reuse code. Example device side agents and how to potentially organize them.


The idea here is to organize multiple agent scripts into modules that can be combined into an aggregated agent.

frida agents generally live under e.g., an ./lib/agents directory in a top level project.


For each agent script we need a top level runner and then we use frida-compile to build into a single agent script that we can load.

dweinstein /
Last active June 10, 2016 14:41
configuration / CLI options via RC or env node.js
// config.js
const config = require('rc')('setupios', {
  default: 'value',
  other: {
     thing: 'blah'
dweinstein / nexus7-MOB30J.js
Last active May 16, 2016 12:51
nexus 7 razor MOB30J 6.0.1 android
'use strict';
const tsml = require('tsml');
const USER_AGENT = tsml`Android-Finsky/6.4.12.C-all%20%5B0%5D%202744941
const DOWNLOAD_MANAGER_USER_AGENT = tsml`AndroidDownloadManager/6.0.1
(Linux; U; Android 6.0.1; Nexus 7 Build/MOB30J)`;
module.exports = {