Scott Knight knightsc
knightsc
/ debugger.c
Created
February 7, 2019 18:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/errno.h> | |
| #include <sys/types.h> | |
| #include <sys/ptrace.h> | |
| #include <unistd.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/wait.h> | |
| #include <mach/mach.h> | |
| /* |
knightsc
/ kext_deps.py
Created
February 12, 2019 17:30
Scans all kexts in /System/Library/Extensions and generates a graphml graph representation of the dependencies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plistlib | |
| import subprocess | |
| import os | |
| def main(): | |
| output = subprocess.check_output(['find', '/System/Library/Extensions', '-name', '*.kext', '-print']) | |
| print('<?xml version="1.0" encoding="UTF-8"?>') | |
| print('<graphml xmlns="http://graphml.graphdrawing.org/xmlns">') | |
| print(' <graph id="G" edgedefault="undirected">') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <errno.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <mach/mach.h> | |
| /* | |
| This allows you to write to /var/db/SystemPolicyConfiguration/ExecPolicy | |
| even with SIP on. Basically before syspolicyd determines if the values | |
| you pass can be checked or not it will save them to the ExecPolicy | |
| database. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <Security/Security.h> | |
| #import <xpc/xpc.h> | |
| #include <CoreFoundation/CoreFoundation.h> | |
| #include <stdint.h> | |
| typedef uint64_t SecAssessmentFlags; | |
| enum { | |
| kSecAssessmentDefaultFlags = 0, // default behavior | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/stat.h> | |
| #include <unistd.h> | |
| #include <mach/mach.h> | |
| #include <mach/mach_vm.h> | |
| #include <dlfcn.h> | |
| #include <objc/runtime.h> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <libproc.h> | |
| #include <mach/mach.h> | |
| bool | |
| has_modifications(struct task_extmod_info *info) | |
| { | |
| if ((info->extmod_statistics.thread_creation_count > 0) || | |
| (info->extmod_statistics.thread_set_state_count > 0)) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| import lldb | |
| # This class will single step until the next call assembly instruction | |
| # and then print out all the arguement registers | |
| class Call: | |
| def __init__(self, thread_plan, dict): | |
| self.thread_plan = thread_plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <EndpointSecurity/EndpointSecurity.h> | |
| #import <os/log.h> | |
| #import <bsm/libbsm.h> | |
| /* | |
| In the beta 1 seed it's not straight forward to create an EndpointSecurity extension. | |
| You can use libEndpointSecurity.dylib directly as long as you set the following things: | |
| 1. Disable SIP |
knightsc
/ TeslaClient.m
Created
June 11, 2019 21:08
Quick XPC client for the teslad daemon which exposes CCDServiceInterface protocol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // main.m | |
| // TeslaClient | |
| // | |
| // Created by Scott Knight on 6/11/19. | |
| // Copyright © 2019 Scott Knight. All rights reserved. | |
| // | |
| #import <Foundation/Foundation.h> |