Based on Chris Frohoff and Wouter Coekaerts ideas:
- https://gist.github.com/frohoff/24af7913611f8406eaf3
- http://wouter.coekaerts.be/2015/annotationinvocationhandler
Full project (containing dependencies) can be found here:
Following are my steps to build the ARM64 version of xnu-4570.1.46, hope this is helpfull for saving time. | |
1. Use Xcode 9.0 | |
2. Preparation is same as macOS, and there is a guide: https://0xcc.re/building-xnu-kernel-macosx-sierrra-10-12-x/ | |
3. There is an ARM64 version libfirehose: https://github.com/Proteas/install_firehose_lib | |
4. Copy and edit the ARM64 config(CFLAGS, LDFLAGS) from darwin-on-arm/xnu to your target project | |
5. Example CFLAGS: -Darm64 -DARM64 -D__arm64__ -D__ARM64__ -DLP64 -DCONFIG_EMBEDDED -mkernel -DARM64_BOARD_CONFIG_T8011=1 | |
6. Fix compiling stage errors by directly importing the missing headers or editing the code | |
7. Fix linking stage errors by implementing place holder funcitons for: chudxnu_cpu_alloc, etc | |
8. If missing symbol __divti3 in linking stage, get the runtime from llvm. |
import idc, idaapi, idautils, ida_xref | |
def find_stack_members(func_ea): | |
members = {} | |
base = None | |
frame = idc.GetFrame(func_ea) | |
for frame_member in idautils.StructMembers(frame): | |
member_offset, member_name, _ = frame_member | |
members[member_offset] = member_name | |
if member_name == ' r': |
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
#!/bin/bash | |
# Give the usual warning. | |
clear; | |
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
sleep 10; | |
clear; | |
# Download and extract exploit files. | |
echo "[INFO] Downloading exploit files from GitHub..."; |
<# | |
Author: Matthew Graeber (@mattifestation) | |
License: BSD 3-Clause | |
#> | |
function Get-WmiNamespace { | |
[OutputType([String])] | |
Param ( | |
[String] | |
[ValidateNotNullOrEmpty()] |
### | |
### | |
### UPDATE: For Win 11, I recommend using this tool in place of this script: | |
### https://christitus.com/windows-tool/ | |
### https://github.com/ChrisTitusTech/winutil | |
### https://www.youtube.com/watch?v=6UQZ5oQg8XA | |
### iwr -useb https://christitus.com/win | iex | |
### | |
### |
Based on Chris Frohoff and Wouter Coekaerts ideas:
Full project (containing dependencies) can be found here:
public class unzip extends Activity { | |
/** Called when the activity is first created. */ | |
static final int BUFFER = 2048; | |
TextView textView; | |
@Override | |
public void onCreate(Bundle savedInstanceState) { | |
textView = new TextView(this); |
#!/usr/bin/env python | |
from Crypto.Cipher import AES | |
from Crypto.Util.strxor import strxor | |
from binascii import hexlify | |
K = '0123456789abcdef' | |
cipher = AES.new(K, AES.MODE_ECB) | |
# Original Message |
#!/usr/bin/python | |
import sys #for cmd line argv | |
#take command line args as the input string | |
input_string = sys.argv | |
#remove the program name from the argv list | |
input_string.pop(0) | |
#convert to google friendly url (with + replacing spaces) |