Skip to content

Instantly share code, notes, and snippets.

View TempAccountNull's full-sized avatar

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ TempAccountNull

View GitHub Profile
void inject_trusts(int pathc, const char *paths[])
{
printf("[+] injecting into trust cache...\n");
extern uint64_t g_kern_base;
static uint64_t tc = 0;
if (tc == 0) {
// loaded_trust_caches: 0xFFFFFFF008F702C8
tc = g_kern_base + (0xFFFFFFF008F702C8 - 0xFFFFFFF007004000);
@TempAccountNull
TempAccountNull / ipsw_keys.py
Created October 5, 2019 02:30 — forked from MCJack123/ipsw_keys.py
Fetch iOS firmware keys using on-device AES engine
#!/usr/bin/env python
# pip install future
from sys import argv, stdout
from os import system, remove
from urlparse import urlparse
import re
import dfu
import ssl
import asn1
import math
@TempAccountNull
TempAccountNull / checkm8_a8_a9.patch
Created February 19, 2020 20:40 — forked from a1exdandy/checkm8_a8_a9.patch
ipwndfu patch for s8000/s8003/t7000
diff --git a/Makefile b/Makefile
index 96e99b7..4884309 100644
--- a/Makefile
+++ b/Makefile
@@ -43,6 +43,10 @@ arm64:
gobjcopy -O binary -j .text bin/checkm8_arm64.o bin/checkm8_arm64.bin
rm bin/checkm8_arm64.o
+ xcrun -sdk iphoneos clang src/checkm8_nopaddingcorruption_arm64.S -target arm64-apple-darwin -Wall -o bin/checkm8_nopaddingcorruption_arm64.o
+ gobjcopy -O binary -j .text bin/checkm8_nopaddingcorruption_arm64.o bin/checkm8_nopaddingcorruption_arm64.bin
@TempAccountNull
TempAccountNull / exploit.c
Created February 21, 2020 20:56 — forked from jakeajames/exploit.c
leak address of segment_list in oob_timestamp
//
// exploit.c
// extra_time
//
// Created by Jake James on 2/8/20.
// Copyright © 2020 Jake James. All rights reserved.
//
#include "exploit.h"
#include "IOAccelerator_stuff.h"
@TempAccountNull
TempAccountNull / pdb_parser_lite.cpp
Created March 14, 2023 00:00 — forked from namazso/pdb_parser_lite.cpp
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
*
* Copyright (c) namazso 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
@TempAccountNull
TempAccountNull / README.md
Created November 16, 2023 03:42 — forked from dru1d-foofus/README.md
CVE-2023-41444 - IREC.sys Vulnerability

CVE-2023-41444 - Binalyze IREC.sys Vulnerable Driver

Credits

Mike Alfaro (@_mmpte_software) and Tyler Booth (@tyler_dru1d)

Description

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges due to an improper DACL being applied to the device the driver creates.

Vulnerability Type

Incorrect Acess Control

@TempAccountNull
TempAccountNull / debug.bat
Created February 1, 2024 15:14 — forked from markusrt/debug.bat
Enables debugging for a specified executable. This causes a debugger [vsjitdebugger.exe] to be launched each time the program starts.
@echo off
setlocal
REM Config section, change if required
set REG=C:\Windows\System32\reg.exe
set DEBUGGER=vsjitdebugger.exe
REM Config section end
set method=enable
set debugExe=
@TempAccountNull
TempAccountNull / main.cpp
Created July 19, 2024 05:40 — forked from micjabbour/main.cpp
C++ WinAPI - get first physical drive serial number
#include <windows.h>
#include <memory>
#include <string>
//returns the serial number of the first physical drive in a std::string or an empty std::string in case of failure
//based on http://codexpert.ro/blog/2013/10/26/get-physical-drive-serial-number-part-1/
std::string getFirstHddSerialNumber() {
//get a handle to the first physical drive
HANDLE h = CreateFileW(L"\\\\.\\PhysicalDrive0", 0, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if(h == INVALID_HANDLE_VALUE) return {};