Jake James jakeajames
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| //from stek29 | |
| uint64_t find_bootargs(void) { | |
| /* | |
| ADRP X8, #_PE_state@PAGE | |
| ADD X8, X8, #_PE_state@PAGEOFF | |
| LDR X8, [X8,#(PE_state__boot_args - 0xFFFFFFF0078BF098)] | |
| ADD X8, X8, #0x6C | |
| STR X8, [SP,#0x550+var_550] |
jakeajames
/ iDarkify12.xm
Created
March 5, 2019 19:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @interface _UIBackdropView : UIView | |
| -(id)initWithStyle:(long long)style; | |
| -(long long)style; | |
| @end | |
| @interface SBFloatingDockPlatterView | |
| @property (nonatomic, retain) _UIBackdropView * backgroundView; | |
| @end | |
| @interface SBFolderBackgroundView : UIView |
jakeajames
/ SubstituteDummy.m
Created
March 29, 2019 21:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct substitute_function_hook { | |
| void *function; | |
| void *replacement; | |
| void *old_ptr; | |
| int options; | |
| }; | |
| extern void *MSGetImageByName(const char *filename) __asm__("_MSGetImageByName");; | |
| void *SubGetImageByName(const char *filename) { | |
| return MSGetImageByName(filename); |
jakeajames
/ Makefile
Created
March 31, 2019 17:08
reverse kCFCoreFoundationVersion checks. Uses code from xerub. Code will suck in some places. I warned you.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| include $(THEOS)/makefiles/common.mk | |
| export ARCHS = arm64 | |
| TOOL_NAME = patch_cfversion_checks | |
| patch_cfversion_checks_FILES = $(wildcard *.c) $(wildcard *.m) | |
| CFLAGS += -Wno-macro-redefined | |
| include $(THEOS_MAKE_PATH)/tool.mk |
jakeajames
/ jump.c
Last active
July 30, 2019 10:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // jump.c | |
| // sock_port | |
| // | |
| // Created by Jake James on 7/14/19. | |
| // Copyright © 2019 Jake James. All rights reserved. | |
| // | |
| #include <sys/mman.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <pre id="logs"></pre> | |
| <script> | |
| // utilities | |
| let arr = new Uint32Array(2); | |
| let arr64 = new Float64Array(arr.buffer); // use same buffer | |
| function floatToInt(float) { | |
| arr64[0] = float; |
jakeajames
/ patchfinder64.c
Last active
August 4, 2022 10:16
"kppless" sandbox profile patch for iOS 12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addr_t Find_platform_profile() { | |
| uint64_t string = Find_strref("\"failed to initialize platform sandbox", 1, 0, false); | |
| if (!string) { | |
| string = Find_strref("\"failed to initialize platform sandbox", 1, 1, false); | |
| if (!string) { | |
| return 0; | |
| } | |
| } | |
| string -= KernDumpBase; | |
jakeajames
/ patch.sh
Last active
April 5, 2024 13:42
Make h3lix work when installed not-via-Impactor. To be used with the latest h3lix.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ $# != 2 ]; then | |
| echo "Usage: $0 /path/to/input_ipa /path/to/output_ipa" | |
| exit 1 | |
| fi | |
| if ! [ -f $1 ]; then | |
| echo "'$1' does not exist" | |
| exit 1 | |
| fi |
jakeajames
/ exploit.c
Last active
April 9, 2022 04:10
leak address of segment_list in oob_timestamp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // exploit.c | |
| // extra_time | |
| // | |
| // Created by Jake James on 2/8/20. | |
| // Copyright © 2020 Jake James. All rights reserved. | |
| // | |
| #include "exploit.h" | |
| #include "IOAccelerator_stuff.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
OlderNewer