Skip to content

Instantly share code, notes, and snippets.

Avatar

Jake James jakeajames

  • Antartica
View GitHub Profile
@jakeajames
jakeajames / exploit.c
Last active Mar 8, 2020
leak address of segment_list in oob_timestamp
View exploit.c
//
// exploit.c
// extra_time
//
// Created by Jake James on 2/8/20.
// Copyright © 2020 Jake James. All rights reserved.
//
#include "exploit.h"
#include "IOAccelerator_stuff.h"
@jakeajames
jakeajames / patch.sh
Last active Aug 16, 2021
Make h3lix work when installed not-via-Impactor. To be used with the latest h3lix.
View patch.sh
if [ $# != 2 ]; then
echo "Usage: $0 /path/to/input_ipa /path/to/output_ipa"
exit 1
fi
if ! [ -f $1 ]; then
echo "'$1' does not exist"
exit 1
fi
@jakeajames
jakeajames / patchfinder64.c
Last active Mar 27, 2021
"kppless" sandbox profile patch for iOS 12
View patchfinder64.c
addr_t Find_platform_profile() {
uint64_t string = Find_strref("\"failed to initialize platform sandbox", 1, 0, false);
if (!string) {
string = Find_strref("\"failed to initialize platform sandbox", 1, 1, false);
if (!string) {
return 0;
}
}
string -= KernDumpBase;
@jakeajames
jakeajames / qwertybug.html
Last active Aug 17, 2021
todesco's jsc bug
View qwertybug.html
<pre id="logs"></pre>
<script>
// utilities
let arr = new Uint32Array(2);
let arr64 = new Float64Array(arr.buffer); // use same buffer
function floatToInt(float) {
arr64[0] = float;
View jump.c
//
// jump.c
// sock_port
//
// Created by Jake James on 7/14/19.
// Copyright © 2019 Jake James. All rights reserved.
//
#include <sys/mman.h>
@jakeajames
jakeajames / Makefile
Created Mar 31, 2019
reverse kCFCoreFoundationVersion checks. Uses code from xerub. Code will suck in some places. I warned you.
View Makefile
include $(THEOS)/makefiles/common.mk
export ARCHS = arm64
TOOL_NAME = patch_cfversion_checks
patch_cfversion_checks_FILES = $(wildcard *.c) $(wildcard *.m)
CFLAGS += -Wno-macro-redefined
include $(THEOS_MAKE_PATH)/tool.mk
View SubstituteDummy.m
struct substitute_function_hook {
void *function;
void *replacement;
void *old_ptr;
int options;
};
extern void *MSGetImageByName(const char *filename) __asm__("_MSGetImageByName");;
void *SubGetImageByName(const char *filename) {
return MSGetImageByName(filename);
View iDarkify12.xm
@interface _UIBackdropView : UIView
-(id)initWithStyle:(long long)style;
-(long long)style;
@end
@interface SBFloatingDockPlatterView
@property (nonatomic, retain) _UIBackdropView * backgroundView;
@end
@interface SBFolderBackgroundView : UIView
@jakeajames
jakeajames / patchfinder.c
Created Apr 28, 2018
gPhysBase and gVirtBase patchfinder
View patchfinder.c
...
//from stek29
uint64_t find_bootargs(void) {
/*
ADRP X8, #_PE_state@PAGE
ADD X8, X8, #_PE_state@PAGEOFF
LDR X8, [X8,#(PE_state__boot_args - 0xFFFFFFF0078BF098)]
ADD X8, X8, #0x6C
STR X8, [SP,#0x550+var_550]