argp

default
appleevent-send
authorization-right-obtain
boot-arg-set
device*
device-camera
device-microphone
darwin-notification-post
distributed-notification-post
dynamic-code-generation

argp

process-codesigning
process-codesigning-blob-get
process-codesigning-cdhash-get
process-codesigning-entitlements-blob-get
process-codesigning-identity-get
process-codesigning-teamid-get
process-codesigning-text-offset-get
socket-option
socket-option-get
socket-option-set

argp

default
appleevent-send
authorization-right-obtain
boot-arg-set
device*
device-camera
device-microphone
darwin-notification-post
distributed-notification-post
dynamic-code-generation

argp

[+] Sandboxhelper | [email protected]
[+] Processed __text for additional functions
[+] _variables_populate() at: 0xfffffff008ee4824
[+] _profile_init() at: 0xfffffff008ee46c8
[+] _hook_policy_init() at: 0xfffffff008ede9d4
[+] _profile_create() at: 0xfffffff008ee4e90
[+] _the_real_platform_profile_data at: 0xfffffff00740f300
[+] _the_real_platform_profile_data size: 0xad62
[+] iOS version identified: 13.x+
[+] Sandbox operations found at: 0xfffffff007b65e88

argp

default
appleevent-send
authorization-right-obtain
boot-arg-set
device*
device-camera
device-microphone
darwin-notification-post
distributed-notification-post
dynamic-code-generation

argp

path
mount-relative-path
xattr
file-mode
ipc-posix-name
global-name
local-name
local
remote
control-name

argp

$ diff -q sandbox_i6s_13.3.1_profiles/ sandbox_iX_12.4_profiles/ | /bin/grep Only
Only in sandbox_i6s_13.3.1_profiles/: adservicesd.sb
Only in sandbox_i6s_13.3.1_profiles/: akd.sb
Only in sandbox_i6s_13.3.1_profiles/: appsso.sb
Only in sandbox_i6s_13.3.1_profiles/: ArchiveService.sb
Only in sandbox_i6s_13.3.1_profiles/: asd.sb
Only in sandbox_iX_12.4_profiles/: assertiond.sb
Only in sandbox_i6s_13.3.1_profiles/: businesschatd.sb
Only in sandbox_i6s_13.3.1_profiles/: callservicesd.sb
Only in sandbox_i6s_13.3.1_profiles/: cfprefsd.sb

argp

--- operations-iOS-11.4-15F79.txt	2018-06-26 13:30:06.556874870 +0300
+++ operations-iOS-12.0-b2-16A5308e.txt	2018-06-26 13:30:06.556874870 +0300
@@ -5,6 +5,7 @@
 [xxx] operation: device*
 [xxx] operation: device-camera
 [xxx] operation: device-microphone
+[xxx] operation: darwin-notification-post
 [xxx] operation: distributed-notification-post
 [xxx] operation: dynamic-code-generation
 [xxx] operation: file*

argp

Keybase proof

I hereby claim:

• I am argp on github.
• I am argp (https://keybase.io/argp) on keybase.
• I have a public key whose fingerprint is 9D37 920E 9AA6 0A07 A0BF A9EE 00C5 0762 3A25 F110

To claim this, I am signing this object:

argp

from macholib.MachO import MachO as macho

FILE = './xuanyuansword'
FILE_ICON = './xuanyuansword_icon'

macho_obj = macho(FILE)

for (load_cmd, cmd, data) in macho_obj.headers[0].commands:
    try:
        segname = getattr(cmd, 'segname')