Skip to content

Instantly share code, notes, and snippets.

View m1stadev's full-sized avatar
💻
starting projects & never finishing them

adam m1stadev

💻
starting projects & never finishing them
303 followers · 23 following
View GitHub Profile
@m1stadev
m1stadev / 39-libirecovery.rules
Created April 22, 2024 00:58
Necessary `udev` rules to access DFU/Recovery/checkra1n devices on Linux.
# Handle iOS devices in DFU and Recovery mode - for use with libirecovery
# Change group and permissions of iOS devices in DFU, legacy WTF, and Recovery mode
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", ATTR{idProduct}=="122[27]|128[0-3]", TAG+="uaccess"
# Handle checkra1n DFU mode
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", ATTR{idProduct}=="1338", TAG+="uaccess"
@m1stadev
m1stadev / nonce-setter.py
Last active January 8, 2024 14:07
iOS/tvOS nonce setter
#!/usr/bin/env python3
from pathlib import Path
from remotezip import RemoteZip
import argparse
import plistlib
import requests
import subprocess
import tempfile
@m1stadev
m1stadev / generator-apnonce.md
Last active March 8, 2024 18:01
Short guide on how to get a generator-apnonce pair for A12+ iOS devices (both jailbroken and non-jailbroken).

What's nonce entanglement?

Beginning with devices using an A12 SoC or higher, Apple introduced nonce entangling.

  • This meant that, when saving SHSH blobs, a nonce generator would generate a different ApNonce for each device.
  • When saving SHSH blobs for an A12+ device, you now must find a generator-ApNonce pair for your device, then use that generator-ApNonce pair when saving SHSH blobs.
  • After you have found a generator-ApNonce pair for your device, you can save it and re-use it whenever you save SHSH blobs again.

Getting a generator-ApNonce pair (jailbroken)

  1. (iOS 14+ only) Install an iOS kernel r/w library.
    • On Taurine, install libkernrw.
  • On unc0ver, install libkrw.
@m1stadev
m1stadev / missing_packages.py
Created August 16, 2021 21:20
Python script for finding missing/extra packages on Procursus's APT repo.
#!/usr/bin/env python3
import glob
def main():
packages = ['golang-1.16-go', 'libgeneral-dev', 'bender', 'libkernrw-dev', 'libxtst-dev', 'libmpg123-0', 'libxcb1', 'libglib2.0-0', 'ruby', 'whois', 'dropbear', 'libmagickcore-7.q16hdri-dev', 'libwebpmux3', 'aom-tools', 'libfox-1.6-0', 'libgpgme11', 'xbitmaps', 'libebml5', 'libgmpxx4ldbl', 'autossh', 'clang-11', 'libideviceactivation-dev', 'lua-luv', 'libgpgmepp6', 'doregon-keyring', 'libsixel1', 'libpcapa-dev', 'ld64', 'libusb-1.0-0', 'sensible-utils', 'libogg-dev', 'rtmpdump', 'libsystem-man', 'xonsh', 'libnghttp2-14', 'build-essential', 'libgeneral0', 'cracklib-runtime', 'launchctl', 'firmware-sbin', 'libpcre1-dev', 'cmark', 'autoconf-archive', 'libboost-iostreams1.76.0', 'libtiff-doc', 'cowsay-off', 'libfribidi0', 'libmd0', 'youtube-dl', 'libopus0', 'libdb18.1', 'file', 'libmagickcore-7.q16hdri-8', 'libxaw7', 'ideviceinstaller', 'libzip-dev', 'python3-glances', 'libtommath1', 'liblto', 'mosh', 'libtiff5', 'gpg-wks-client', 'libvorbis0a', 'libusb-1.0-0-
@m1stadev
m1stadev / ipsw-dl.py
Last active August 16, 2021 21:25
Quick script I wrote to easily get the download link to an IPSW for an iOS device with an iOS version/buildid + device identifier
#!/usr/bin/env python3
import argparse
import requests
import sys
class IPSW:
def __init__(self, device, version=None, buildid=None):
self.device = device