Brandon Azad bazad
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Brandon Azad (@_bazad) | |
| #include <assert.h> | |
| #include <errno.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> |
bazad
/ find_kernel_base_checkra1n.c
Created
November 21, 2019 02:46
A demo of one way to find the kernel base on iOS 13.2.2 on an iPhone 8 using the kernel task port as exposed by checkra1n 0.9.5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <assert.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| // ---- mach_vm.h --------------------------------------------------------------------------------- | |
| extern | |
| kern_return_t mach_vm_read_overwrite | |
| ( |
bazad
/ devicetree-iPhone12,3-17C54.txt
Last active
March 22, 2024 08:21
iPhone12,3 17C54 device tree
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| device-tree: | |
| target-type (5): "D421" | |
| mlb-serial-number (32): "C07947707R3LTPJB" | |
| compatible (27): "D421AP\0iPhone12,3\0AppleARM\0" | |
| secure-root-prefix (3): "md" | |
| AAPL,phandle (4): 0x1 | |
| platform-name (32): "t8030" | |
| device_type (8): "bootrom" | |
| region-info (32): "LL/A" | |
| regulatory-model-number (32): "A2160" |
bazad
/ sep_firmware_split.py
Last active
July 24, 2024 19:46
Split a decrypted Apple SEP firmware image into individual Mach-O files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| # | |
| # sep_firmware_split.py | |
| # Brandon Azad | |
| # | |
| # Split a decrypted Apple SEP firmware image into individual Mach-O files. | |
| # | |
| # iPhone11,8 17C5053a https://twitter.com/s1guza/status/1203550760102969345 | |
| # iPhone11,8 17E255 https://twitter.com/s1guza/status/1244683851957522435 | |
| # |
bazad
/ process_AArch64_SysReg_xml_v86A-2020-03.py
Created
June 19, 2020 02:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import html | |
| import os | |
| import re | |
| directory = os.fsencode('SysReg_xml_v86A-2020-03') | |
| def output_reg(name, description, spec): | |
| assert(all(map(lambda x: type(x) == int, spec))) | |
| print("{:020b} 'S{}_{}_c{}_c{}_{}' : ( '{}', '{}' ),".format( | |
| (spec[0] << 16) + (spec[1] << 12) + (spec[2] << 8) + (spec[3] << 4) + (spec[4] << 0), |
bazad
/ arm64_sysregs_ios.py
Created
July 17, 2020 19:58
Label iOS arm64 system registers in IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # arm64_sysregs_ios.py | |
| # Brandon Azad | |
| # | |
| # Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre. | |
| # | |
| import idautils | |
| import idc |
OlderNewer