Skip to content

Instantly share code, notes, and snippets.

View mbrpdr's full-sized avatar

mbrpdr

5 followers · 13 following
View GitHub Profile
@r3ggi
r3ggi / flutter-ios-keyboard-cache.js
Created May 11, 2022 12:04
Flutter keyboard cache verifier - Frida script for iOS
// Flutter keyboard cache verifier - Frida script for iOS
// Script based on https://codeshare.frida.re/@ay-kay/ios-custom-keyboard-support/
function resolveAutocorrectionType(typeNr) {
switch (parseInt(typeNr, 10)) {
case 1:
return "UITextAutocorrectionTypeNo"
break;
case 2:
return "UITextAutocorrectionTypeYes"
@dhinakg
dhinakg / tutorial-alternate.md
Last active October 13, 2023 13:36
tutorial-alternate.md

Note: This writeup is for advanced users and developers. For a guide that will actually walk you through this, ios.cfw.guide is updated. guides.stkc.win should be soon™️.

13.x appears to have issues. 13.5 is confirmed to fail to check updates once you change the audience. If any other versions do this, please let me know.

So, I got bored and decided to do more research into alternates. Turns out you can still abuse it to update to 14.8 on iOS versions that don't support alternates. You're welcome.

This requires a jailbreak. Of course, you can do the backup editing stuff if you're not JBed but:

a. It's a wack method imo

@dhinakg
dhinakg / alternates.md
Last active December 28, 2023 03:23
Alternate software updates

Why you don't see iOS 14 anymore

Hi, I'm back again.

Some background

If you're here, you're probably aware of the fact that Apple has been allowing users to stay on 14.5 and receive software updates. If you're out of the loop, take a look at this 9To5Mac article. This is called alternate software updates (or it may be shortened to AlternateSU in some places).

Anyways, this is what you would have been expecting if you checked for updates today:

@infernalheaven
infernalheaven / poc.c
Created September 16, 2021 02:18
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@nullenc0de
nullenc0de / api-linkfinder.sh
Created August 7, 2021 11:17
Exports links and params from API documentation
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt
@dhinakg
dhinakg / tutorial.md
Last active September 16, 2024 13:12
iOS/iPadOS 14.3 OTA
@tdec
tdec / gist:128751d818e9753364a72086b961390b
Last active June 23, 2023 20:41
Bluetooth vulnerabilities
Vulnerabilities published by Bluetooth SIG, Android, Apple, Intel and Qualcomm security bulletins, published at security conferences or as master thesis. If any are missing, thanks for pointing me to them !
Todo: macOS
Year | Name | CVE
2020 | Blurtooth: Exploiting Cross-Transport Key Derivation | 2020-15802
2020 | Pairing Method Confusion | 2020-10134
2020 | BIAS: Bluetooth Impersonation Attacks | 2020-10135
2020 | BlueRepli | ?
2020 | BLESA: Bluetooth Low energy spoofing attacks | 2020-9770
@Areizen
Areizen / uninstall.py
Last active July 23, 2020 18:40
Uninstall Device administrator applications
#!/usr/bin/python3
import frida
import subprocess
import sys
if len(sys.argv) !=2:
print(f"[-] Usage : python3 {sys.argv[0]} <package_to_uninstall>")
sys.exit(-1)
def message(message, data):
@argp
argp / sandbox_i6s_13.3.1_profiles_vs_sandbox_iX_12.4_profiles.txt
Created February 7, 2020 16:43
iOS 13.3.1 vs iOS 12.4 sandbox profiles
$ diff -q sandbox_i6s_13.3.1_profiles/ sandbox_iX_12.4_profiles/ | /bin/grep Only
Only in sandbox_i6s_13.3.1_profiles/: adservicesd.sb
Only in sandbox_i6s_13.3.1_profiles/: akd.sb
Only in sandbox_i6s_13.3.1_profiles/: appsso.sb
Only in sandbox_i6s_13.3.1_profiles/: ArchiveService.sb
Only in sandbox_i6s_13.3.1_profiles/: asd.sb
Only in sandbox_iX_12.4_profiles/: assertiond.sb
Only in sandbox_i6s_13.3.1_profiles/: businesschatd.sb
Only in sandbox_i6s_13.3.1_profiles/: callservicesd.sb
Only in sandbox_i6s_13.3.1_profiles/: cfprefsd.sb
@cfstras
cfstras / Installing tcpdump on an arm device without package manager.md
Last active May 14, 2024 19:29
Installing tcpdump on an arm device without package manager 
DEVICE=1.2.3.4
MIRROR=http://archives.fedoraproject.org/pub/archive/fedora/linux/releases
FEDORA=29
FILE=tcpdump-4.9.2-6.fc29.armv7hl.rpm  
PACKAGE=Everything/armhfp/os/Packages/t/$FILE

wget $MIRROR/$FEDORA/$PACKAGE

# see https://gist.github.com/cfstras/4856e48fd4d68eb7debaa20d5e63c6de