-
mach_portal: bug-tracker
-
extra_recipe: post, bug tracker
-
ota: part 1, part 2, part 3, bug tracker
-
triple_fetch: bug tracker
-
async_wake: bug tracker
-
Phoenix: pdf
-
ziVA: GitHub
-
Pegasus: [pdf](http://i
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!//bin/sh | |
export PATH=bin:$PATH | |
self=$0 | |
function print_help() { | |
echo "$self [IPSW path]" | |
echo "$self [device model] [ios build]" | |
echo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Todo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
➤ python json_output.py -d xxx -t T1000 -o - file1.swift file2.swift | |
{"file1.swift": {"object": "xxx/file1.swift.T1000.o", "dependencies": "xxx/file1.swift.T1000.Td"}, "file2.swift": {"object": "xxx/file2.swift.T1000.o", "dependencies": "xxx/file2.swift.T1000.Td"}, "": {"swift-dependencies": "xxx/master.swiftdeps"}}⏎ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#import <Foundation/Foundation.h> | |
int main(int argc, char **argv) { | |
NSArray * options = @[ | |
@"-h", | |
@"--help", | |
@"--get", | |
@"--set", | |
]; |
Our targets (on iPod 6G on 10.3.3):
From v0rtex.m lines 41~53
#define OFFSET_ZONE_MAP 0xfffffff007558478 /* "zone_init: kmem_suballoc failed" */
#define OFFSET_KERNEL_MAP 0xfffffff0075b4050
#define OFFSET_KERNEL_TASK 0xfffffff0075b4048
#define OFFSET_REALHOST 0xfffffff00753aba0 /* host_priv_self */
#define OFFSET_BZERO 0xfffffff00708df80
#define OFFSET_BCOPY 0xfffffff00708ddc0
Add config for other hooking mechanisms facebook/fishhook#18 (comment) :
- substitute's
substitute_hook_functions
- rd_route's
rd_route
- mach_override's
mach_override_ptr
- libevil's
evil_override_ptr
- HookZz's
ZzHook
- DYLD_INTERPOSE
- PLPatchMaster's what exactly?
Explanation for OFFSET_IOSURFACEROOTUSERCLIENT_VTAB
- extract the IOSurface kext
- hex -dump the entire
__DATA_CONST.__const
segment - you should see a lot of pointers, occasionally separated by some zeroes - you're looking at vtable contents, e.g.:
now subclasses of IOUserClient
have huge vtables, a couple hundred pointers
Package | Commands |
---|---|
pre-installed | touch lzma |
bash | bash |
coreutils | cat chmod cp du ln md5sum mkdir nproc tr rm uname |
git | git |
grep | grep |
make | make |
openssh-client | scp |
perl | perl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
int numberOfClasses = objc_getClassList(NULL, 0); | |
Class * classList = (Class *)malloc(numberOfClasses * sizeof(Class)); | |
numberOfClasses = objc_getClassList(classList, numberOfClasses); | |
NSString * string = @"digraph cluster {\nrankdir=\"LR\"\n"; | |
for (int idx = 0; idx < numberOfClasses; idx++) { | |
Class clazz = classList[idx]; | |
if (some expression to filter results) { | |
NSString * str = [NSString stringWithFormat:@"%@ -> %@\n", |
NewerOlder