Skip to content

Instantly share code, notes, and snippets.

View JJTech0130's full-sized avatar

JJTech JJTech0130

823 followers · 148 following
View GitHub Profile
@steven-michaud
steven-michaud / ThirdPartyKexts.md
Last active January 17, 2025 12:21
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to

@scyto
scyto / proxmox-vGPU.md
Last active March 9, 2025 08:09

Enable & Using vGPU Passthrough

This gist is almost entirely not unlike Derek Seaman's awesome blog:

Proxmox VE 8: Windows 11 vGPU (VT-d) Passthrough with Intel Alder Lake

As such please refer to that for pictures, here i will capture the command lines I used as i sequence the commands a little differently so it makes more logic to me.

This gists assumes you are not running ZFS and are not passing any other PCIE devices (as both of these can require addtional steps - see Derek's blog for more info)

This gist assumes you are not running proxmox in UEFI Secure boot - if you are please refer entirely to dereks blog.

@zhuowei
zhuowei / reachable_services.txt
Created February 21, 2023 06:26
Reachable Mach services from the app sandbox on iOS 16.1
PurpleSystemAppPort
PurpleSystemEventPort
UIASTNotificationCenter
com.apple.ABDatabaseDoctor
com.apple.AppSSO.service-xpc
com.apple.AuthenticationServicesCore.AuthenticationServicesAgent
com.apple.CARenderServer
com.apple.ClipServices.clipserviced
com.apple.CoreAuthentication.daemon
com.apple.DeviceAccess.xpc
@macshome
macshome / defang.md
Last active February 27, 2025 13:47
How to defang system protections on macOS

How to Defang macOS System Protections

If you want to change things on the root drive of a Mac you will need to take some steps to disable the built in security of the system. Most of these steps are the same regardless if you are on Intel or Apple Silicon. If there is a difference it is noted.

Note that all of these things put a Mac into an unsupported and less secure state.

Make sure you either perform these steps in a VM or that you reset the protections after you are done poking around

Protections and Terms

(This list is not exahustive on the details of each. Check the links at the end for more info.)

@saagarjha
saagarjha / binja_stripped_selector_stub_fixup.py
Last active October 22, 2023 17:33
Fix up objc_msgSend selector stubs in Binary Ninja
for function in filter(lambda f: f.name == "_objc_msgSend", bv.functions):
selector = function.lowest_address + 4
selector = list(bv.get_code_refs_from(selector))[0]
selector = list(bv.get_data_refs(selector))[0]
selector = list(bv.get_data_refs_from(selector))[0]
selector = bv.get_data_var_at(selector).value
# objc_msgSend itself, probably
if not selector:
continue
selector = selector[:-1].decode()
@JJTech0130
JJTech0130 / unpin.js
Created September 5, 2022 13:09
Disable SSL pinning using Frida
// Disables SSL pinning by replacing functions with no-ops.
function unpin() {
var SecTrustEvaluate_handle = Module.findExportByName('Security', 'SecTrustEvaluate');
var SecTrustEvaluateWithError_handle = Module.findExportByName('Security', 'SecTrustEvaluateWithError');
var SSL_CTX_set_custom_verify_handle = Module.findExportByName('libboringssl.dylib', 'SSL_CTX_set_custom_verify');
var SSL_get_psk_identity_handle = Module.findExportByName('libboringssl.dylib', 'SSL_get_psk_identity');
var boringssl_context_set_verify_mode_handle = Module.findExportByName('libboringssl.dylib', 'boringssl_context_set_verify_mode');
if (SecTrustEvaluateWithError_handle) {
var SecTrustEvaluateWithError = new NativeFunction(SecTrustEvaluateWithError_handle, 'int', ['pointer', 'pointer']);
@JJTech0130
JJTech0130 / UIApplication+VolumeButtons.swift
Created June 30, 2022 23:38
Extension for UIApplication that allows capturing Volume Button events in Swift
//
// UIApplication+VolumeButtons.swift
//
// Based on https://stackoverflow.com/a/70815088
//
import UIKit
// Stub protocol to allow us to call private methods
@objc private protocol UIApplicationPrivate {
@JJTech0130
JJTech0130 / dvmt-unlock.md
Last active October 2, 2024 12:25
Change DVMT pre-alloc. memory using RU.efi. Originally from Reddit.

WARNING: BIOS modding can be dangerous. You run the risk of bricking your device. I am not responsible for broken devices.

This tutorial was created for my HP Pavilion 15 laptop. I cannot confirm that this works on any other devices.

Finding variable

We need to find the offset, varstore, and possible values for the DVMT pre-alloc.

Extracting BIOS

@JJTech0130
JJTech0130 / overdrive-helper.py
Last active June 12, 2021 01:58
import argparse, requests, urllib, os
from pyquery import PyQuery as pq
# CLI arguments
parser = argparse.ArgumentParser(description='OverDrive helper script')
parser.add_argument('--session',
help='manually set the session id (overrides \'OD_SESSION\' env)')
parser.add_argument('book',
@rbrick
rbrick / msa.go
Last active February 9, 2024 05:02
package main
import (
"bytes"
"context"
"crypto/tls"
"encoding/json"
"fmt"
"golang.org/x/oauth2"
"golang.org/x/oauth2/microsoft"