Skip to content

Instantly share code, notes, and snippets.

View jmpews's full-sized avatar
🌴
Zzzzzzz

jmpews(AKA.zz) jmpews

🌴
Zzzzzzz
1.1k followers · 173 following
View GitHub Profile
@jmpews
jmpews / keybase.md
Created August 8, 2017 08:37

Keybase proof

I hereby claim:

  • I am jmpews on github.
  • I am jmpews (https://keybase.io/jmpews) on keybase.
  • I have a public key ASCy3B5c1LXU6WLXD8tV6U5mGr3N63oLU0n0kE0zLeq_pAo

To claim this, I am signing this object:

@jmpews
jmpews / gist:2dcfd8246e228a5d1250d421801236fc
Created May 20, 2018 09:42
clang-format
"clang-format.style": "{BasedOnStyle: LLVM, IndentWidth: 4, ColumnLimit: 120, ReflowComments: false, AlignConsecutiveAssignments : true, BreakBeforeBraces: Attach}",
@jmpews
jmpews / compile_libimobiledevice.md
Created July 3, 2019 16:47
libimobiledevice compile 
git clone https://github.com/libimobiledevice/libplist.git
cd libplist
./autogen.sh
make

git clone https://github.com/libimobiledevice/libusbmuxd.git
cd libusbmuxd
@jmpews
jmpews / swift_build.md
Last active January 19, 2020 13:11
swift build 

root_dir=$(pwd)

mkdir swift-5.1.3-release; cd swift-5.1.3-release

download_tag="swift-5.1.3-RELEASE"

# download the essential component package
components_download_list=(
@jmpews
jmpews / IOSurfaceDig.md
Last active April 1, 2023 09:05
reversing IOSurface kext and framework

xnu libkern c++ 初始化.

先初始化 metavtable

OSMetaClass *IOSurface_InitFunc_7()
{
  OSMetaClass *result; // x0

  result = OSMetaClass::OSMetaClass(
@jmpews
jmpews / amfi_debug.md
Created October 20, 2019 12:48
debug the amfi

kernel invoke the com.apple.driver.AppleMobileFileIntegrity :: _cred_label_update_execve

(lldb) bt
* thread #5, name = '0xffffff8023f43d90', queue = 'cpu-0', stop reason = breakpoint 4.2
  * frame #0: 0xffffff80174d0f79 kernel`mac_cred_label_update_execve(ctx=0xffffff807219bd50, new=0xffffff807219b848, vp=0xffffff801ea98aa8, offset=0, scriptvp=0x0000000000000000, scriptvnodelabel=0x0000000000000000, execl=0x0000000000000000, csflags=0xffffff801dd51dd0, macextensions=0x0000000000000000, disjoint=0xffffff807219b9b8, labelupdateerror=0xffffff807219b9bc) at mac_vfs.c:655:12 [opt]
    frame #1: 0xffffff801728fd1f kernel`kauth_proc_label_update_execve [inlined] kauth_cred_label_update_execve(cred=0xffffff801e31e560, ctx=0xffffff807219bd50, offset=0, scriptl=0x0000000000000000, execl=<unavailable>, csflags=<unavailable>, macextensions=<unavailable>, disjointp=<unavailable>, labelupdateerror=<unavailable>) at kern_credential.c:4554:2 [opt]
 frame #2: 0xffffff801728fccc kernel`kauth_proc_label_update_
@jmpews
jmpews / SandboxDig.md
Created November 7, 2019 15:24
reversing Sandbox kext

macOS Sandbox.kext

  if ( (unsigned int)do_profile_create(&platform_profile, &the_real_platform_profile_data, 0LL, 25978LL, 0LL) )
    panic(
      "\"failed to initialize platform sandbox\"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/Sandbox_executables/Sand"
      "box-851.201.1/src/kext/kext.c:3434");
}
@jmpews
jmpews / ida_python_script.py
Last active January 4, 2022 16:11
ida python script
import binascii
def memory_dump(ea, size, file):
data = idc.get_bytes(ea, size, use_dbg = 0)
with open(file, "wb") as fp:
fp.write(data)
print("memory dump success!")
# memdump(0x1E140, 25978, "C:/Users/vm/Desktop/ios_sandbox_kext/dump.bin")
def print_hex_format(ea, size):
@jmpews
jmpews / xnu_internal_function.md
Last active November 30, 2019 12:07
xnu internal function 
task_create_internal

pmap_create_internal
@jmpews
jmpews / powershell_snippet.md
Created January 14, 2020 06:06
powershell snippet 
# create symbol link
New-Item -ItemType SymbolicLink -Name Mystique -Value D:\Codehub\LLVMext\llvm-project-swift-5.1.3\llvm-project-swift-5.1.3-RELEASE\llvm\lib\Mystique -Path D:\Codehub\PersonalOpensource\Mystique