Skip to content

Instantly share code, notes, and snippets.

View Lessica's full-sized avatar

i_82 Lessica

View GitHub Profile
@zhuowei
zhuowei / WDBSetWebSecurityEnabled.m
Created September 1, 2020 04:47
Disable same-origin policy on iOS WKWebView with private API.
// Allows disabling Same-Origin Policy on iOS WKWebView.
// Tested on iOS 12.4.
// Uses private API; obviously can't be used on app store.
@import WebKit;
@import ObjectiveC;
void WKPreferencesSetWebSecurityEnabled(id, bool);
@interface WDBFakeWebKitPointer: NSObject
@pwn0rz
pwn0rz / fairplay_iokit_uc_run_versioned.c
Created February 2, 2021 05:59
CVE-2021-1791 Fairplay OOB Read POC
#include <IOKit/IOKitLib.h>
#include <mach/mach.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <ctype.h>
void hexdump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;
@Lessica
Lessica / MyStackView.swift
Created April 17, 2021 16:30
Make toggleSidebar(_:) available again while firstResponder locates inside nested NSSplitView
import Cocoa
class MyStackView: NSStackView {
override func responds(to aSelector: Selector!) -> Bool {
if aSelector == #selector(NSSplitViewController.toggleSidebar(_:)) {
return false
}
return super.responds(to: aSelector)
}
@yarshure
yarshure / iphone12_iOS_keys.txt
Created May 17, 2021 04:31
gestalt_query keys
Key Name Description
======== ===========
3GProximityCapability Whether the device has a 3G proximity sensor
3GVeniceCapability Whether the device supports FaceTime over cellular
720pPlaybackCapability Whether the device supports 720p video (identical to kMGQDeviceSupports720p)
APNCapability
ARM64ExecutionCapability Whether the device supports executing arm64 binaries
ARMV6ExecutionCapability Whether the device supports executing armv6 binaries
ARMV7ExecutionCapability Whether the device supports executing armv7 binaries
ARMV7SExecutionCapability Whether the device supports executing armv7s binaries
//
// AKNativeAnisetteService.m
// akd
//
// Created by Scott Knight on 5/10/19.
// Copyright © 2019 Scott Knight. All rights reserved.
//
#import <AuthKit/AuthKit.h>
#import "AKNativeAnisetteService.h"
@elvis-iOS
elvis-iOS / disable-ssl-pin.js
Created June 25, 2023 06:39 — forked from azenla/disable-ssl-pin.js
This Frida script disables SSL pinning and verification on any target macOS Catalina process.
var SecTrustEvaluate_handle =
Module.findExportByName('Security', 'SecTrustEvaluate');
var SecTrustEvaluateWithError_handle =
Module.findExportByName('Security', 'SecTrustEvaluateWithError');
var SSL_CTX_set_custom_verify_handle =
Module.findExportByName('libboringssl.dylib', 'SSL_CTX_set_custom_verify');
var SSL_get_psk_identity_handle =
Module.findExportByName('libboringssl.dylib', 'SSL_get_psk_identity');
var boringssl_context_set_verify_mode_handle = Module.findExportByName(
'libboringssl.dylib', 'boringssl_context_set_verify_mode');
@khanhduytran0
khanhduytran0 / LC research issue 524.md
Last active June 23, 2025 10:23
LiveContainer multitask external keyboard input research

Recap

As you may have known, we recently managed to bring multitask to LiveContainer. This originally came from FrontBoardAppLauncher which was reverse engineered of various Apple apps: ClarityBoard, SpringBoard, Xcode PreviewShell, etc. A quick recap of how we worked on it:

  • I began reverse engineering said apps to study how to use various Private API of FrontBoard, RunningBoardServices and UIKit, resulted in MySystemShell and FrontBoardAppLauncher
  • I found app could spawn multiple processes thanks to the writeup of NSExtension
  • We found we could extend memory limit by setting a hidden NSExtensionPointIdentifier

However, as more and more people get to try it, we were reported that physical keyboard input wouldn't work. (LiveContainer/LiveContainer#524)

If anyone could figure it out, we will forever owe you.