Skip to content

Instantly share code, notes, and snippets.

View PsychoTea's full-sized avatar

Ben Sparkes PsychoTea

299 followers · 0 following
View GitHub Profile
@PsychoTea
PsychoTea / writeup.md
Created March 4, 2025 20:59
Cracking Powersoft ArmoniaPlus Password Protected Presets

Cracking Powersoft ArmoniaPlus Password Protected Presets

Presets in ArmoniaPlus can be protected with a password. While this feature could be used to stop someone modifying presets in a workspace accidentially, it seems to most commonly be used by speaker manafacturers wanting to "protect" their EQ/DSP settings for their speakers (ie. EAW greybox files).

Fortunately, it's easy enough to bypass the password protection in Armnonia by editing the DLL's using dnSpy. This can also be useful if you forget a preset password you previously set.

  1. Ensure Armonia is closed
  2. Open PowersoftSDK.Entities.dll in dnSpy(Ex) (must be running as admin)
  3. Browse to the PowersoftSDK.Entities.Components.Base namespace and open the LockerComponent<T> class
  4. Edit the IsCodeValid function and simply replace the contents with a return true statement
@PsychoTea
PsychoTea / ImportR2File.py
Created October 27, 2020 21:04
import idc
def define_func(addr, name):
idc.MakeCode(addr)
idc.MakeFunction(addr)
idc.MakeNameEx(addr, name, idc.SN_NOWARN)
print("%s @ %s" % (name, hex(addr)))
@PsychoTea
PsychoTea / PanicParser.py
Last active June 11, 2023 19:54
A collection of useful iOS-related scripts
import sys
import json
import re
kslide = 0x0
if len(sys.argv) < 2:
print("Usage: PanicParser.py [file path]")
exit()
@PsychoTea
PsychoTea / IOExternalMethodArguments.h
Created June 8, 2019 15:41
struct IOExternalMethodArguments
{
uint32_t version;
uint32_t selector;
uint64_t asyncWakePort;
uint64_t asyncReference;
uint32_t asyncReferenceCount;
const uint64_t *scalarInput;
uint32_t scalarInputCount;
const void *structureInput;
@PsychoTea
PsychoTea / mac_policies.txt
Created April 18, 2019 18:19
Dump of iOS MACF policy operations
335 operations total
Only 148 present
AMFI.kext holds 18, Sandbox.kext holds 130
Data dumped from iPhone9,3 running iOS 12.1.2
AMFI policy:
operation mpo_cred_check_label_update_execve (6) is present
@PsychoTea
PsychoTea / apfs_fs_snapshot_rename.c
Created April 17, 2019 02:48
signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args)
{
void *v_mount; // x0
__int64 fs_private; // x19
snap_info_args_struct *oldsnap_info; // x8
__int64 oldname_len; // x20
unsigned __int8 *oldname; // x21
snap_info_args_struct *newsnap_info; // x8
unsigned __int64 namelen; // x22
unsigned __int8 *newname; // x23
@PsychoTea
PsychoTea / amfid.c
Created February 18, 2019 01:23
amfid_payload w/ task_for_pid-allow patch
{
COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib");
inject_trust("/jb/amfid_payload.dylib");
uint32_t amfid_pid = get_pid_for_name("amfid");
uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide);
VAL_CHECK(osbool_val);
@PsychoTea
PsychoTea / ImportJokerFile.py
Created November 17, 2018 15:52
Import a Joker helper file into IDA
import idaapi
import idautils
import idc
content = ""
with open("/path/to/joker/file", "r") as f:
content = f.readlines()
for line in content:
@PsychoTea
PsychoTea / netcat_shell_stuff.c
Created August 12, 2018 19:18
// TODO: use this
r = mkdir("/tmp/bash", 0700);
if(r != 0)
{
NSLog(@"Failed to create /tmp/bash: %s", strerror(errno));
goto out;
}
pid_t pid = fork();
if(pid == -1)
{
NSLog(@"fork: %s", strerror(errno));
@PsychoTea
PsychoTea / ghost.sh
Created July 19, 2018 08:38
A script which takes input from STDIN and creates a pastie on ghostbin.com
#!/bin/bash
lang=text
# See if language arg is given
if [ "$#" -eq "1" ]; then
lang=$1
fi
echo "Using language: $lang"