+------------------+
|These push their | +-----------------------+
|respective syscall| |This overwrites the |
|dispatch functions| |saved dispatch function|
|onto the stack | |with hndl_alltraps |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <pthread.h> | |
/** Snipped from pthread_machdep.h */ | |
#define __PTK_FRAMEWORK_JAVASCRIPTCORE_KEY4 94 | |
extern __inline__ void * | |
_pthread_getspecific_direct(unsigned long slot) { |
/* | |
File: ExceptionTest.c | |
Contains: Test code for Mach exception handling. | |
Written by: DTS | |
Copyright: Copyright (c) 2006 by Apple Computer, Inc., All Rights Reserved. | |
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc. |
[CCode (cheader_filename = "frida-core.h", cprefix = "Frida", lower_case_cprefix = "frida_")] | |
namespace Frida { | |
public static void init (); | |
public static void shutdown (); | |
public static void deinit (); | |
public static unowned GLib.MainContext get_main_context (); | |
public class DeviceManager : GLib.Object { | |
public DeviceManager (); |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
import sys | |
from struct import pack | |
if len(sys.argv) < 4: | |
print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0])) | |
sys.exit() | |
sc_x86 = open(sys.argv[1], 'rb').read() | |
sc_x64 = open(sys.argv[2], 'rb').read() |
The controversy of jailbreak detection has been brought up multiple times in my Twitter feed, so in order to not have to repeat myself, I'll write my thoughts down here.
One day I'll hopefully get round to set up a realistic blog and then I'll move this there, but for now I'll just dump it here on GitHub.
Hi. I'm Siguza, and among other things I write exploits for a hobby and help make jailbreaks. One of the reasons I do that is because I believe we should have the ability to run whatever we want on our iDevices, just as we do with laptops and desktop computers. Now, a lot of app developers however seem to despise jailbreaks, and try to make their apps refuse service on jailbroken devices. I think that firstly sucks big time, and secondly always misses the point. From what I gathered, the two arguments for using jailbreak detection seem to be:
- "J
--- operations-iOS-11.4-15F79.txt 2018-06-26 13:30:06.556874870 +0300 | |
+++ operations-iOS-12.0-b2-16A5308e.txt 2018-06-26 13:30:06.556874870 +0300 | |
@@ -5,6 +5,7 @@ | |
[xxx] operation: device* | |
[xxx] operation: device-camera | |
[xxx] operation: device-microphone | |
+[xxx] operation: darwin-notification-post | |
[xxx] operation: distributed-notification-post | |
[xxx] operation: dynamic-code-generation | |
[xxx] operation: file* |
#include <stdio.h> | |
#include <stdlib.h> | |
#define L(x) ((x) / 8) | |
#define GADGET(name, insns) \ | |
extern int name[]; \ | |
__asm(".globl _" #name "\n" \ | |
".p2align 2\n" \ | |
"_" #name ":\n" \ |
It has come to my attention that BlackHat EU had talks from Alibaba Security about iOS security topics. It seems to be from the same people that have previously presented at DEFCON. Back then I had publicly discussed how their talk is basically just a summary of other people's work that is heavily miscredited to the wrong people.
Considering this history it is surprising that BlackHat would allow the same people to give a talk again on iOS security topics. But I have given up a long time ago on the BlackHat review board and their decisions, which is one of the reasons why I have stopped submitting to them years ago.
But I am digressing from the actual reason for this GIST. And no it is not about the fact that the talk once again starts with summarizing other people's work and crediting the wrong parties for the work done. In this GIST I want to go over one of the slides from the "summary part" of the talk, because not a single item on that slide is correct information.
So here is the offending slide:
![Fr
#! /bin/bash | |
# | |
# build-xnu-4903.221.2.sh | |
# Scott Knight | |
# | |
# Based on the script by Brandon Azad | |
# https://gist.github.com/bazad/654959120a423b226dc564073b435453 | |
# | |
# A script showing how to build XNU version 4903.221.2 on macOS Mojave | |
# 10.14 with Xcode 10.1. |