Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Mostly on gitlab.com/dweinstein these days...

David Weinstein dweinstein

💭
Mostly on gitlab.com/dweinstein these days...
View GitHub Profile
@dweinstein
dweinstein / xctesting_in_repl_or_script.swift
Last active Sep 6, 2018 — forked from lzell/xctesting_in_repl_or_script.swift
Using XCTest in the swift repl or standalone script
View xctesting_in_repl_or_script.swift
// Start repl with:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/
// Or run as script:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/ %
import Foundation
if dlopen("/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/XCTest.framework/XCTest", RTLD_NOW) == nil {
View ios_lockdown_diag_services.md

TL;DR

  • Pairing an iOS device to a host (computer running iTunes) gives that host significant access to data on the iOS device and requires connecting the unlocked iOS device to a host over USB
  • Once paired, that host (or another host that has stolen its pairing record) can access significant amounts of user personal data from the iOS device over USB and Wi-Fi through the com.apple.mobile.file_relay and com.apple.mobile.house_arrest lockdown services
  • These services will not return user data files that are encrypted and locked by iOS Data Protection but the files returned by file_relay are not protected by iOS Data Protection and do include significant amounts of personal user data that would otherwise be encrypted in iTunes encrypted backups ("Encrypt Backup" is enabled)
  • The com.apple.mobile.file_relay service is not used or referenced by any public Apple software so its intended client software is unknown outside of Apple
  • Apple released a [Knowledge Base article](https://support.apple.co
View sepsplit.c
/*
* SEP firmware split tool
*
* Copyright (c) 2017 xerub
*/
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
@dweinstein
dweinstein / build-libevent-ios.sh
Created Feb 1, 2016 — forked from ursachec/build-libevent-ios.sh
libevent build script for iOS
View build-libevent-ios.sh
#!/bin/bash
set -u
# Setup architectures, library name and other vars + cleanup from previous runs
ARCHS=("armv7" "armv7s" "i386")
SDKS=("iphoneos" "iphoneos" "macosx")
LIB_NAME="libevent-2.0.21-stable"
TEMP_DIR="$(pwd)/tmp"
TEMP_LIB_PATH="$(pwd)/tmp/${LIB_NAME}"
@dweinstein
dweinstein / forwarding-example.md
Created Jan 28, 2016 — forked from f1sherman/forwarding-example.md
Port Forwarding Example in OS X El Capitan
View forwarding-example.md

Add the following to /etc/pf.anchors/myname:

rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 4000
rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 4001

Add the following to /etc/pf-myname.conf:

rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/myname"
View agnoster-custom.zsh-theme
# vim:ft=zsh ts=2 sw=2 sts=2
#
# agnoster's Theme - https://gist.github.com/3712874
# A Powerline-inspired theme for ZSH
#
# # README
#
# In order for this theme to render correctly, you will need a
# [Powerline-patched font](https://github.com/Lokaltog/powerline-fonts).
#
@dweinstein
dweinstein / npm-qos-heuristic.md
Last active Aug 29, 2015 — forked from heapwolf/npm-qos-heuristic.md
general heuristics for ranking package quality node npm
View npm-qos-heuristic.md

Health

Has CI

Tests pass

Total number of breaking commits

Number of dependencies

Average age of issue

Frequency of issues fixed

Average response time of issues fixed to bugs filed

Last commit

@dweinstein
dweinstein / glibc-ghost-cve-2015-0236.c
Last active Feb 17, 2016 — forked from koelling/gist:ef9b2b9d0be6d6dbab63
glibc GHOST PoC for CVE-2015-0235
View glibc-ghost-cve-2015-0236.c
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
View AndroidManifestFuzzer
#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue
APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
View .slate
# GLOBAL CONFIGURATIONS
# -------------------------------------------------------------------
# See https://github.com/jigish/slate/wiki/Global-Configs
config defaultToCurrentScreen true
config secondsBeforeRepeat 0.4
config secondsBetweenRepeat 0.1
config keyboardLayout "qwerty"
config nudgePercentOf screenSize
config resizePercentOf screenSize
You can’t perform that action at this time.