+------------------+
|These push their | +-----------------------+
|respective syscall| |This overwrites the |
|dispatch functions| |saved dispatch function|
|onto the stack | |with hndl_alltraps |
fatgrass
fatgrass
/ decrypted.json
Created
November 20, 2023 13:53
— forked from matteyeux/decrypted.json
Apple Vision Pro firmware keys for VisionOS 1.0 beta 1-5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip", | |
| "build": "21N5207g", | |
| "filename": "iBEC.n301.RELEASE.im4p", | |
| "kbag": "AB7893B981E44BFF298328C89C826F8BA6EF1A7ADC80DB156C9D55D9F4E27E8AD2CC21AFA42A41E1392B57E9FE90D992", | |
| "key": "34b218667cd03eb93e073b9b3bca4a865b20f130550a800b2aa2c1c2348041865cee47db7e3bcda739d05adde9f9f716" | |
| }, | |
| { | |
| "url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip", |
fatgrass
/ xnu-syscall-life-amd64.md
Created
June 2, 2019 15:55
— forked from yrp604/xnu-syscall-life-amd64.md
The life of an XNU unix syscall on amd64
fatgrass
/ gdb-anaheap.py
Created
January 8, 2019 01:13
— forked from thejh/gdb-anaheap.py
GDB script for checking memory usage of completely unused pages in free glibc malloc chunks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import struct | |
| # flags are encoded into chunk size | |
| FLAGS_MASK = 0x7 | |
| PAGEMAP_PRESENT = 1<<63 | |
| PAGEMAP_SWAPPED = 1<<62 | |
| main_arena = gdb.parse_and_eval('&main_arena') | |
| bins_per_arena = int(gdb.parse_and_eval( |
fatgrass
/ seccomp_ptrace_escape.c
Created
January 8, 2019 01:12
— forked from thejh/seccomp_ptrace_escape.c
PoC for bypassing seccomp if ptrace is allowed (known, documented issue, even mentioned in the manpage)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <sys/syscall.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> |
fatgrass
/ CVE-2018-10933-test
Created
October 18, 2018 01:27
— forked from mlosapio/CVE-2018-10933-test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Based on https://www.openwall.com/lists/oss-security/2018/08/16/1 | |
| # untested CVE-2018-10933 | |
| import sys, paramiko | |
| import logging | |
| username = sys.argv[1] | |
| hostname = sys.argv[2] | |
| command = sys.argv[3] |
fatgrass
/ pwn.js
Created
May 8, 2018 00:22
— forked from saelo/pwn.js
Exploit for the "roll a d8" challenge of PlaidCTF 2018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
fatgrass
/ sepsplit.c
Created
February 6, 2018 06:11
— forked from xerub/sepsplit.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SEP firmware split tool | |
| * | |
| * Copyright (c) 2017 xerub | |
| */ | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
fatgrass
/ rtm_ipc.h
Created
January 29, 2018 01:03
— forked from puppykitten/rtm_ipc.h
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** Possible message types/event types of the system. */ | |
| typedef enum { | |
| MSG_NULL = 0, // Used for initializing state machines | |
| /***************/ | |
| MSG_RQ = 1, /**< Request; client -> server; */ | |
| MSG_RS = 2, /**< Response; server -> client */ | |
| MSG_RD = 3, /**< Ready; server -> IPCH */ | |
| MSG_NOT = 4, /**< Notification; client -> IPCH; */ | |
| MSG_CLOSE_TRUSTLET = 5, /**< Close Trustlet; MSH -> IPCH; IPCH -> all servers */ | |
| MSG_CLOSE_TRUSTLET_ACK = 6, /**< Close Trustlet Ack; servers -> IPCH */ |
fatgrass
/ Simp.py
Created
July 2, 2017 15:44
— forked from xerub/Simp.py
AArch64 mov simplifier IDA plugin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AArch64 mov simplifier IDA plugin | |
| # | |
| # Copyright (c) 2015 xerub | |
| # | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation; either version 2 of the License, or | |
| # (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, |
fatgrass
/ naughtyc0w.c
Last active
October 23, 2016 01:50
— forked from mak/naughtyc0w.c
exploit for CVE-2016-5195 nothing fancy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <fcntl.h> | |
| #include <pthread.h> | |
| #include <unistd.h> | |
| #include <sys/stat.h> | |
| #include <string.h> | |
| #include <sys/uio.h> | |
| #include <sys/wait.h> |
NewerOlder