Skip to content

Instantly share code, notes, and snippets.

View knightsc's full-sized avatar

Scott Knight knightsc

146 followers · 0 following
View GitHub Profile
@knightsc
knightsc / realmbot-commands.txt
Last active August 27, 2018 16:52
RealmBot Commands
00423050: login
00425988: rndnick
00425984: rn
00425980: die
00425978: irc.di
00421400: logout
00425974: lo
00425968: versionship
00425964: ver
0042595c: chghttp
@knightsc
knightsc / FileScanMessage
Created October 17, 2018 19:19
Raw output of the FileScanMessage sent from the AVKext.kext to it's connected client
F6 01 3D 00 00 00 00 00 45 03 00 00 F6 01 00 00 | ..=.....E.......
14 00 00 00 04 00 00 01 01 00 00 00 67 00 00 00 | ............g...
01 00 00 00 01 00 00 00 00 00 00 00 80 FF FF FF | ................
2F 55 73 65 72 73 2F 75 73 65 72 31 2F 44 6F 77 | /Users/user1/Dow
6E 6C 6F 61 64 73 2F 43 6C 61 70 7A 6F 6B 2F 43 | nloads/Clapzok/C
6C 61 70 7A 6F 6B 00 FF A0 2C 4C 16 80 FF FF FF | lapzok...,L.....
A0 4E F6 20 80 FF FF FF 00 AC AF 1C 80 FF FF FF | .N. ............
F4 E2 AE 15 80 FF FF FF 00 00 00 00 00 00 00 00 | ................
00 2D 4C 16 80 FF FF FF 0D 00 00 00 00 00 00 00 | .-L.............
00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 | ................
@knightsc
knightsc / dmg_rom.asm
Created November 19, 2018 21:43
Game Boy boot rom disassembly
/*
--------------------------------------------------------------------------------
File: dmg_rom.bin
File created with Hopper 4.4.7
Analysis version 55
Loader: RAW
CPU: Sharp/LR35902
64 bits (Little Endian)
@knightsc
knightsc / debugger.c
Created February 7, 2019 18:08
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/ptrace.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <mach/mach.h>
/*
@knightsc
knightsc / aspmig.c
Created February 14, 2019 16:18
Example of sedning notify_32bit_exec MIG message to syspolicyd
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>
/*
This allows you to write to /var/db/SystemPolicyConfiguration/ExecPolicy
even with SIP on. Basically before syspolicyd determines if the values
you pass can be checked or not it will save them to the ExecPolicy
database.
@knightsc
knightsc / step.py
Last active May 23, 2019 13:52
LLDB scripted step example. Steps from call instruction to call instruction
from __future__ import print_function
import lldb
# This class will single step until the next call assembly instruction
# and then print out all the arguement registers
class Call:
def __init__(self, thread_plan, dict):
self.thread_plan = thread_plan
@knightsc
knightsc / TeslaClient.m
Created June 11, 2019 21:08
Quick XPC client for the teslad daemon which exposes CCDServiceInterface protocol
//
// main.m
// TeslaClient
//
// Created by Scott Knight on 6/11/19.
// Copyright © 2019 Scott Knight. All rights reserved.
//
#import <Foundation/Foundation.h>
@knightsc
knightsc / build-xnu-4903.221.2.sh
Last active August 25, 2019 12:07
A script to build XNU version 4903.221.2 (macOS Mojave 10.14.1).
#! /bin/bash
#
# build-xnu-4903.221.2.sh
# Scott Knight
#
# Based on the script by Brandon Azad
# https://gist.github.com/bazad/654959120a423b226dc564073b435453
#
# A script showing how to build XNU version 4903.221.2 on macOS Mojave
# 10.14 with Xcode 10.1.
@knightsc
knightsc / mojave.kext.diff
Last active December 26, 2019 13:33
macOS Mojave /System/Library/Extensions differences
--- 10.13.kext.txt 2018-09-06 07:59:22.000000000 -0400
+++ 10.14.kext.txt 2018-09-06 08:01:55.000000000 -0400
@@ -1,24 +1,13 @@
ALF.kext
AMD10000Controller.kext
-AMD2400Controller.kext
-AMD2600Controller.kext
-AMD3800Controller.kext
-AMD4600Controller.kext
-AMD4800Controller.kext
@knightsc
knightsc / AVKext.c
Last active January 6, 2020 03:44
McAfee AVKext.kext reversed startup and control code
#include <kern/locks.h>
#include <libkern/libkern.h>
#include <libkern/OSMalloc.h>
#include <mach/mach_types.h>
#include <sys/kauth.h>
#include <sys/kern_control.h>
#include <sys/sysctl.h>
#include <sys/time.h>
#include "AVKext.h"