pwnorz pwn0rz
pwn0rz
/ DeviceTree.d53gap.dts
Last active
April 28, 2023 00:22
iPhone 12 (iPhone13,2 d53gap) 15.5 19F77 Device Tree
View DeviceTree.d53gap.dts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /dts-v1/; | |
| / { | |
| #size-cells = <0x2000000>; | |
| device_type = "bootrom"; | |
| model = "iPhone13,2"; | |
| model-config = "syscfg/MdlC"; | |
| clock-frequency = <0x00>; | |
| time-stamp = "Tue May 10 01:34:55 PDT 2022"; | |
| model-number = "syscfg/Mod#/0x20,zeroes/0x20"; |
View fprpc.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <mach/mach.h> | |
| #include <CommonCrypto/CommonCrypto.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
pwn0rz
/ fairplay_iokit_uc_run_versioned.c
Created
February 2, 2021 05:59
CVE-2021-1791 Fairplay OOB Read POC
View fairplay_iokit_uc_run_versioned.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <IOKit/IOKitLib.h> | |
| #include <mach/mach.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
pwn0rz
/ jpeg.c
Created
March 26, 2020 06:13
— forked from 0x36/jpeg.c
View jpeg.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if 0 | |
| Reported : 19-Jan-2020 | |
| Fixed in iOS 13.4 with CVE-2020-9768 | |
| AppleJPEGDriverUserClient : mach port use-after-free/type-confusion via race condition | |
| AppleJPEGDriverUserClient external methods can be used synchronously or asynchronously, when used asynchronously, | |
| it brings the registered mach port (via registerNotificationPort()) and put it inside jpegRequest data structure, | |
| and no reference count was taken for this operation. since registerNotificationPort() is not gated, it is | |
| possible to release the port (if the port got substituted) during the processing of jpeg request and end up | |
| with dangling pointer passed to _mach_msg_send_from_kernel_proper(). |
pwn0rz
/ Revisiting Mac OS X Kernel Rootkits
Created
October 19, 2019 05:55
— forked from alexprivalov/Revisiting Mac OS X Kernel Rootkits
View Revisiting Mac OS X Kernel Rootkits
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title : Revisiting Mac OS X Kernel Rootkits | |
| Author : fG! | |
| Date : April 18, 2014 | |
| |=----------------------------------------------------------------------------=| | |
| |=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
| |=----------------------------------------------------------------------------=| | |
| |=------------------------=[ fG! <phrack@put.as> ]=---------------------------=| | |
| |=----------------------------------------------------------------------------=| |