Saagar Jha saagarjha
saagarjha
/ CreateGhidraApp.sh
Last active
April 13, 2024 12:35
Creates a Ghidra.app bundle for macOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -eu | |
| create_iconset() { | |
| mkdir -p Ghidra.iconset | |
| cat << EOF > Ghidra.iconset/Contents.json | |
| { | |
| "images": | |
| [ |
saagarjha
/ library_injector.cpp
Last active
April 5, 2024 19:53
Load a library into newly spawned processes (using DYLD_INSERT_LIBRARIES and EndpointSecurity)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector, | |
| // then codesign with com.apple.developer.endpoint-security.client and run the | |
| // program as root. | |
| #include <EndpointSecurity/EndpointSecurity.h> | |
| #include <algorithm> | |
| #include <array> | |
| #include <bsm/libbsm.h> | |
| #include <cstdint> | |
| #include <cstdlib> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "internal" => 0 | |
| "name" => "a14" | |
| "system" => { | |
| "cpu" => { | |
| "aliases" => { | |
| "Cycles" => "FIXED_CYCLES" | |
| "Instructions" => "FIXED_INSTRUCTIONS" | |
| } | |
| "architecture" => "arm64" |
saagarjha
/ path_hook.mm
Created
October 17, 2022 18:57
Some code I used to help write FB11698739. Very rough and posted as-is: don't copy things blindly from the internet, but that applies doubly so here!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // clang path_hook.mm -shared -ldl -g -framework Foundation path_hook.o -L/usr/lib/swift | |
| #include <cassert> | |
| #include <cstdint> | |
| #include <dlfcn.h> | |
| #include <mach/arm/vm_param.h> | |
| #include <mach/kern_return.h> | |
| #include <mach/mach_init.h> | |
| #include <mach/vm_map.h> | |
| #include <mach/vm_prot.h> |
saagarjha
/ fix_FB11645580.mm
Last active
January 1, 2024 04:09
Fix an Xcode hang caused by FB11645580 due to IDERunDestination registering thousands of duplicate KVO observers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://gist.github.com/saagarjha/ed701e3369639410b5d5303612964557 | |
| #import "swizzler.h" | |
| #import <Foundation/Foundation.h> | |
| #import <cstddef> | |
| #import <cstdlib> | |
| #import <dlfcn.h> | |
| #import <mach-o/dyld.h> | |
| #import <mutex> | |
| #import <string> | |
| #import <tuple> |
saagarjha
/ swizzler.h
Last active
December 25, 2023 18:06
Type-safe, RAII swizzler for Objective-C++
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example usage: | |
| // Swizzler<NSString *, NSDateFormatter *, NSDate *> NSDateFormatter_stringFromDate_ { | |
| // NSDateFormatter.class, @selector(stringFromDate:), [&](auto self, auto date) { | |
| // if ([NSCalendar.currentCalendar components:NSCalendarUnitWeekday fromDate:date].weekday == 4) { | |
| // return @"It Is Wednesday My Dudes"; | |
| // } else { | |
| // return NSDateFormatter_stringFromDate_(self, date); | |
| // } | |
| // } | |
| // }; |
saagarjha
/ file_drain.c
Created
November 11, 2023 10:01
"Drain" files while they are processed to reduce free disk space requirements
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Sometimes you have a large file on a small disk and would like to "transform" | |
| // it in some way: for example, by decompressing it. However, you might not have | |
| // enough space on disk to keep both the the compressed file and the | |
| // decompressed results. If the process can be done in a streaming fashion, it | |
| // would be nice if the file could be "drained"; that is, the file would be | |
| // sequentially deleted as it is consumed. At the start you'd have 100% of the | |
| // original file, somewhere in the middle you'd have about half of the original | |
| // file and half of your output, and by the end the original file will be gone | |
| // and you'll be left with just the results. If you do it this way, you might | |
| // be able to do the entire operation without extra space! |
saagarjha
/ crash_with_message.h
Created
February 7, 2023 08:34
Poor man's replacement for abort_report_np (https://twitter.com/mraleph/status/1622598001855287300)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Usage should be fairly self-explanatory, just paste this in a header and use | |
| // CRASH_WITH_MESSAGE("foobar") in your function. | |
| // Example backtrace: | |
| // Thread 0 Crashed:: Dispatch queue: com.apple.main-thread | |
| // 0 ??? 0x1022d8000 CRASHING IN test.c:20 (foobar) + 0 | |
| // 1 a.out 0x1022d7f60 main + 24 | |
| // 2 dyld 0x195f07e50 start + 2544 | |
| #define STRINGIFY(a) #a | |
| #define CRASH_FUNCTION_NAME(file, line, message) "CRASHING IN " file ":" STRINGIFY(line) " (" message ")" |
saagarjha
/ binja_stripped_selector_stub_fixup.py
Last active
October 22, 2023 17:33
Fix up objc_msgSend selector stubs in Binary Ninja
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for function in filter(lambda f: f.name == "_objc_msgSend", bv.functions): | |
| selector = function.lowest_address + 4 | |
| selector = list(bv.get_code_refs_from(selector))[0] | |
| selector = list(bv.get_data_refs(selector))[0] | |
| selector = list(bv.get_data_refs_from(selector))[0] | |
| selector = bv.get_data_var_at(selector).value | |
| # objc_msgSend itself, probably | |
| if not selector: | |
| continue | |
| selector = selector[:-1].decode() |
saagarjha
/ mmap_vs_read.c
Created
September 29, 2023 10:42
Test whether mmap or read is faster on your computer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // As seen on: | |
| // https://federated.saagarjha.com/notice/AaEMQpJBSbxhLyxYzg | |
| // https://twitter.com/_saagarjha/status/1707423903969341949 | |
| // Compiling: gcc mmap_vs_read.c -O3 -o mmap_vs_read | |
| // Usage: ./mmap_vs_read <bigfile> <mmap|read> | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <stdio.h> |
NewerOlder