JJTech JJTech0130

Reverse engineer, student

JJTech0130 / debugger_jit_improved.m

Last active March 4, 2025 06:10

Improved method of using a debugger for JIT on iOS... Uses split rx/rw regions, and works on iOS 18.4b1

	#import <Foundation/Foundation.h>
	#import <mach/mach.h>
	#import <stdio.h>
	#import <stdlib.h>
	#import <string.h>
	#include <libkern/OSCacheControl.h>

	const int REGION_SIZE = 0x4000*1;

	void write_instructions(void* page)

JJTech0130 / debugger_jit_test.m

Created February 23, 2025 03:43

	#import <Foundation/Foundation.h>
	#import <mach/mach.h>
	#import <stdio.h>
	#import <stdlib.h>
	#import <string.h>

	#define PAGE 0x4000

	__attribute__((section("__TEXT,__nop_section"), aligned(PAGE)))
	static const uint32_t nop_page[PAGE / sizeof(uint32_t)] = {

JJTech0130 / reboot_verizon_router.sh

Last active February 2, 2025 20:48

Script to reboot Verizon 5G Home Internet router automatically

	#!/bin/bash

	# Configuration
	password="XTYTH3CP2" # Set your password here
	timeout_duration=10 # Set timeout duration in seconds

	# Change into a temporary directory, storing the current directory
	current_dir=$(pwd)
	cd "$(mktemp -d)" \|\| exit

JJTech0130 / install-unlock-turbo.sh

Last active January 15, 2025 20:09

Unlocks Turbo Boost when it has been locked due to an unsupported power supply (Dell Optiplex BD PROCHOT issue)

	#!/bin/bash

	# Check if the script is being run as root
	if [[ $(id -u) -ne 0 ]]; then
	echo "This script must be run as root. Exiting."
	exit 1
	fi

	# Install necessary tools (msr-tools)
	echo "Installing msr-tools..."

JJTech0130 / icloud_tokens_from_disk.py

Last active February 21, 2025 10:15

	import base64
	import hashlib
	import hmac
	import plistlib
	from pathlib import Path

	import keyring
	from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
	from cryptography.hazmat.primitives.padding import PKCS7

JJTech0130 / anisette.py

Last active January 6, 2025 21:38

	import base64
	import json
	import logging
	import plistlib
	import random
	import uuid
	from datetime import datetime

	import requests
	import urllib3

JJTech0130 / csstore.py

Created November 9, 2024 05:28

Python implementation of CoreServicesStore .csstore format

	from io import BytesIO
	from typing import Self
	from dataclasses import dataclass

	FLAG_CATALOG = 0x40000000
	ALL_FLAGS = FLAG_CATALOG

	@dataclass
	class CSUnit:
	id: int

JJTech0130 / hooks.py

Created October 18, 2024 02:01

Excerpt from an old project of mine, shows a fake implementation of Mach Ports I used in a high-level emulation project.

	@self.hook()
	def _bootstrap_check_in(bootstrap_port: int, sn: int, sp: int):
	service_name = c_string(self._uc.mem_read(sn, 0x100))
	self.debug(f"bootstrap_check_in {hex(bootstrap_port)} {service_name} {hex(sp)}")
	port = self.mach_ports.create_mach_port_with_name(service_name)
	self._uc.mem_write(sp, port.to_bytes(4, byteorder='little'))
	return 0

	@self.hook()
	def _CFMachPortCreateWithPort(allocator: int, port: int, callout: int, context: int, shouldFreeInfo: int):

JJTech0130 / psem.swift

Last active February 24, 2024 14:25

Pure Swift raw syscall to retrieve the name of a semaphore

JJTech0130 / calculate_ota_offsets.py

Last active February 2, 2024 04:20

	import requests
	from rich import print
	from rich.progress import track, Progress
	from rich.prompt import Prompt
	from rich.console import Console
	from rich.table import Table
	import zipfile
	import os
	import threading
	import io