Skip to content

Instantly share code, notes, and snippets.

View 0xcpu's full-sized avatar
💭
I do nothing every day

panda bear 0xcpu

💭
I do nothing every day
273 followers · 86 following
View GitHub Profile
@LinusHenze
LinusHenze / iOS_16_Launch_Constraints.txt
Created June 15, 2022 16:30
Description of the Launch Constraints introduced in iOS 16
iOS 16 introduced launch constraints, which can be used to constraint the launch of an application.
There are three types of constraints:
Self Constraints, which the launched application itself must meet
Parent Constraints, which the parent process must meet
Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service)
Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints.
Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements).
Constraint Categories (from TrustCache, new in version 2):
@stong
stong / CleanBoot.java
Last active January 27, 2024 11:35
Real World CTF 2023: Dark Portal Writeup
package org.mapleir;
import org.mapleir.app.client.SimpleApplicationContext;
import org.mapleir.app.service.ApplicationClassSource;
import org.mapleir.app.service.InstalledRuntimeClassSource;
import org.mapleir.asm.ClassHelper;
import org.mapleir.asm.ClassNode;
import org.mapleir.asm.MethodNode;
import org.mapleir.context.AnalysisContext;
import org.mapleir.context.BasicAnalysisContext;
@hackermondev
hackermondev / research.md
Last active April 28, 2025 07:48
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k