Skip to content

Instantly share code, notes, and snippets.

View realmbot-commands.txt
00423050: login
00425988: rndnick
00425984: rn
00425980: die
00425978: irc.di
00421400: logout
00425974: lo
00425968: versionship
00425964: ver
0042595c: chghttp
@knightsc
knightsc / FileScanMessage
Created Oct 17, 2018
Raw output of the FileScanMessage sent from the AVKext.kext to it's connected client
View FileScanMessage
F6 01 3D 00 00 00 00 00 45 03 00 00 F6 01 00 00 | ..=.....E.......
14 00 00 00 04 00 00 01 01 00 00 00 67 00 00 00 | ............g...
01 00 00 00 01 00 00 00 00 00 00 00 80 FF FF FF | ................
2F 55 73 65 72 73 2F 75 73 65 72 31 2F 44 6F 77 | /Users/user1/Dow
6E 6C 6F 61 64 73 2F 43 6C 61 70 7A 6F 6B 2F 43 | nloads/Clapzok/C
6C 61 70 7A 6F 6B 00 FF A0 2C 4C 16 80 FF FF FF | lapzok...,L.....
A0 4E F6 20 80 FF FF FF 00 AC AF 1C 80 FF FF FF | .N. ............
F4 E2 AE 15 80 FF FF FF 00 00 00 00 00 00 00 00 | ................
00 2D 4C 16 80 FF FF FF 0D 00 00 00 00 00 00 00 | .-L.............
00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 | ................
View ScanManager.c
#include <errno.h>
#include <pthread.h>
#include <signal.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <sys/kern_control.h>
@knightsc
knightsc / dmg_rom.asm
Created Nov 19, 2018
Game Boy boot rom disassembly
View dmg_rom.asm
/*
--------------------------------------------------------------------------------
File: dmg_rom.bin
File created with Hopper 4.4.7
Analysis version 55
Loader: RAW
CPU: Sharp/LR35902
64 bits (Little Endian)
View hollow.c
#include <spawn.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <mach/mach.h>
#define MACH_ERR(str, err) do { \
if (err != KERN_SUCCESS) { \
View debugger.c
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/ptrace.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <mach/mach.h>
/*
@knightsc
knightsc / aspmig.c
Created Feb 14, 2019
Example of sedning notify_32bit_exec MIG message to syspolicyd
View aspmig.c
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>
/*
This allows you to write to /var/db/SystemPolicyConfiguration/ExecPolicy
even with SIP on. Basically before syspolicyd determines if the values
you pass can be checked or not it will save them to the ExecPolicy
database.
@knightsc
knightsc / spxpc.m
Created Feb 20, 2019
Example of how the Security.framework calls into `syspolicyd` for Gatekeeper functionality
View spxpc.m
#import <Foundation/Foundation.h>
#import <Security/Security.h>
#import <xpc/xpc.h>
#include <CoreFoundation/CoreFoundation.h>
#include <stdint.h>
typedef uint64_t SecAssessmentFlags;
enum {
kSecAssessmentDefaultFlags = 0, // default behavior
@knightsc
knightsc / kext_deps.py
Created Feb 12, 2019
Scans all kexts in /System/Library/Extensions and generates a graphml graph representation of the dependencies.
View kext_deps.py
import plistlib
import subprocess
import os
def main():
output = subprocess.check_output(['find', '/System/Library/Extensions', '-name', '*.kext', '-print'])
print('<?xml version="1.0" encoding="UTF-8"?>')
print('<graphml xmlns="http://graphml.graphdrawing.org/xmlns">')
print(' <graph id="G" edgedefault="undirected">')
@knightsc
knightsc / step.py
Last active May 23, 2019
LLDB scripted step example. Steps from call instruction to call instruction
View step.py
from __future__ import print_function
import lldb
# This class will single step until the next call assembly instruction
# and then print out all the arguement registers
class Call:
def __init__(self, thread_plan, dict):
self.thread_plan = thread_plan