Skip to content

Instantly share code, notes, and snippets.

View saagarjha's full-sized avatar

Saagar Jha saagarjha

View GitHub Profile
@saagarjha
saagarjha / CreateGhidraApp.sh
Last active November 20, 2024 08:55
Creates a Ghidra.app bundle for macOS
#!/bin/sh
set -eu
create_iconset() {
mkdir -p Ghidra.iconset
cat << EOF > Ghidra.iconset/Contents.json
{
"images":
[
@saagarjha
saagarjha / MetadataExtractor.js
Created February 17, 2023 09:36
Apple's metadata extraction code for link previews in Messages, taken from macOS Ventura 13.3 Beta (22E5219e)
//
// LinkPresentation
// Copyright © 2015-2020 Apple Inc. All rights reserved.
//
// FIXME: Twitter equivalents?
(function () {
var MetadataExtractor = {
@saagarjha
saagarjha / file_drain.c
Created November 11, 2023 10:01
"Drain" files while they are processed to reduce free disk space requirements
// Sometimes you have a large file on a small disk and would like to "transform"
// it in some way: for example, by decompressing it. However, you might not have
// enough space on disk to keep both the the compressed file and the
// decompressed results. If the process can be done in a streaming fashion, it
// would be nice if the file could be "drained"; that is, the file would be
// sequentially deleted as it is consumed. At the start you'd have 100% of the
// original file, somewhere in the middle you'd have about half of the original
// file and half of your output, and by the end the original file will be gone
// and you'll be left with just the results. If you do it this way, you might
// be able to do the entire operation without extra space!
@saagarjha
saagarjha / library_injector.cpp
Last active October 2, 2024 11:26
Load a library into newly spawned processes (using DYLD_INSERT_LIBRARIES and EndpointSecurity)
// To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector,
// then codesign with com.apple.developer.endpoint-security.client and run the
// program as root.
#include <EndpointSecurity/EndpointSecurity.h>
#include <algorithm>
#include <array>
#include <bsm/libbsm.h>
#include <cstddef>
#include <cstdint>
@saagarjha
saagarjha / stop_at_entry.c
Last active July 24, 2024 20:55
Endpoint Security client that sends SIGSTOP to newly spawned processes
// To compile: clang stop_at_entry.c -lbsm -lEndpointSecurity -o stop_at_entry,
// then codesign with com.apple.developer.endpoint-security.client and run the
// program as root.
#include <EndpointSecurity/EndpointSecurity.h>
#include <assert.h>
#include <bsm/libbsm.h>
#include <dispatch/dispatch.h>
#include <signal.h>
#include <stdbool.h>
@saagarjha
saagarjha / fixjit.c
Last active July 3, 2024 15:56
Fix applications that use JIT on Apple silicon but don't know about pthread_jit_write_protect_np
// The usual: compile with clang libfixjit.c -arch arm64 -arch arm64e -shared -o libfixjit.dylib, add to DYLD_INSERT_LIBRARIES.
#include <errno.h>
#include <pthread.h>
#include <stdatomic.h>
__attribute__((constructor)) static void fix_jit() {
unsigned long long mask;
__asm__ volatile("mrs %0, s3_4_c15_c2_7" : "=r"(mask): :);
__asm__ volatile("msr s3_4_c15_c2_7, %0" : : "r"(mask & 0xfffffffff0ffffff) :);
@saagarjha
saagarjha / a14.plist.txt
Created January 16, 2024 04:08
plutil -p /usr/share/kpep/a14.plist
{
"internal" => 0
"name" => "a14"
"system" => {
"cpu" => {
"aliases" => {
"Cycles" => "FIXED_CYCLES"
"Instructions" => "FIXED_INSTRUCTIONS"
}
"architecture" => "arm64"
@saagarjha
saagarjha / path_hook.mm
Created October 17, 2022 18:57
Some code I used to help write FB11698739. Very rough and posted as-is: don't copy things blindly from the internet, but that applies doubly so here!
// clang path_hook.mm -shared -ldl -g -framework Foundation path_hook.o -L/usr/lib/swift
#include <cassert>
#include <cstdint>
#include <dlfcn.h>
#include <mach/arm/vm_param.h>
#include <mach/kern_return.h>
#include <mach/mach_init.h>
#include <mach/vm_map.h>
#include <mach/vm_prot.h>
@saagarjha
saagarjha / fix_FB11645580.mm
Last active January 1, 2024 04:09
Fix an Xcode hang caused by FB11645580 due to IDERunDestination registering thousands of duplicate KVO observers
// https://gist.github.com/saagarjha/ed701e3369639410b5d5303612964557
#import "swizzler.h"
#import <Foundation/Foundation.h>
#import <cstddef>
#import <cstdlib>
#import <dlfcn.h>
#import <mach-o/dyld.h>
#import <mutex>
#import <string>
#import <tuple>
@saagarjha
saagarjha / swizzler.h
Last active December 25, 2023 18:06
Type-safe, RAII swizzler for Objective-C++
// Example usage:
// Swizzler<NSString *, NSDateFormatter *, NSDate *> NSDateFormatter_stringFromDate_ {
// NSDateFormatter.class, @selector(stringFromDate:), [&](auto self, auto date) {
// if ([NSCalendar.currentCalendar components:NSCalendarUnitWeekday fromDate:date].weekday == 4) {
// return @"It Is Wednesday My Dudes";
// } else {
// return NSDateFormatter_stringFromDate_(self, date);
// }
// }
// };