I hereby claim:
- I am psychotea on github.
- I am psychotea (https://keybase.io/psychotea) on keybase.
- I have a public key ASChk3b2bHn9s4W3FEv3bpHC9D-_NgC4dDdKyGout3tOWQo
To claim this, I am signing this object:
Ben Sparkes PsychoTea
PsychoTea
/ keybase.md
Created
December 22, 2017 03:43
PsychoTea
/ BuildIPA.sh
Created
January 5, 2018 14:45
Builds an iOS app IPA from the first found .xcarchive file in the current directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Builds an IPA from the first found .xcarchive file in the current directory | |
| currDir=$(dirname $0) | |
| archiveName=$(ls $currDir | grep -m1 .xcarchive) | |
| appName=$(echo "${archiveName%% *}") | |
| echo Building an IPA for $appName... | |
| archivePath=$currDir/$archiveName |
PsychoTea
/ PanicParser.py
Last active
February 26, 2024 01:43
Parses an iOS .ips panic log and gives useful stack trace output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import json | |
| import re | |
| kslide = 0x0 | |
| if len(sys.argv) < 2: | |
| print("Usage: PanicParser.py [file path]") | |
| exit() |
PsychoTea
/ KernelHelper.py
Created
February 28, 2018 18:46
A small python3 helper for dealing with kernel slides and basic hexadecimal arithmetic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Global Variables | |
| KernelSlide = 0x0 | |
| ## Helper Functions | |
| def isHex(val): | |
| try: | |
| int(val, 16) | |
| return True |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| lang=text | |
| # See if language arg is given | |
| if [ "$#" -eq "1" ]; then | |
| lang=$1 | |
| fi | |
| echo "Using language: $lang" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| r = mkdir("/tmp/bash", 0700); | |
| if(r != 0) | |
| { | |
| NSLog(@"Failed to create /tmp/bash: %s", strerror(errno)); | |
| goto out; | |
| } | |
| pid_t pid = fork(); | |
| if(pid == -1) | |
| { | |
| NSLog(@"fork: %s", strerror(errno)); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import idc | |
| content = "" | |
| with open("/path/to/joker/file", "r") as f: | |
| content = f.readlines() | |
| for line in content: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| COPY_RESOURCE("amfid_payload.dylib", "/jb/amfid_payload.dylib"); | |
| inject_trust("/jb/amfid_payload.dylib"); | |
| uint32_t amfid_pid = get_pid_for_name("amfid"); | |
| uint64_t osbool_val = rk64(offs.data.osboolean_true + kernel_slide); | |
| VAL_CHECK(osbool_val); |
PsychoTea
/ apfs_fs_snapshot_rename.c
Created
April 17, 2019 02:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| signed __int64 __fastcall apfs_snapshot_rename_raw(rename_call_struct *args) | |
| { | |
| void *v_mount; // x0 | |
| __int64 fs_private; // x19 | |
| snap_info_args_struct *oldsnap_info; // x8 | |
| __int64 oldname_len; // x20 | |
| unsigned __int8 *oldname; // x21 | |
| snap_info_args_struct *newsnap_info; // x8 | |
| unsigned __int64 namelen; // x22 | |
| unsigned __int8 *newname; // x23 |
PsychoTea
/ mac_policies.txt
Created
April 18, 2019 18:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dump of iOS MACF policy operations | |
| 335 operations total | |
| Only 148 present | |
| AMFI.kext holds 18, Sandbox.kext holds 130 | |
| Data dumped from iPhone9,3 running iOS 12.1.2 | |
| AMFI policy: | |
| operation mpo_cred_check_label_update_execve (6) is present |
OlderNewer