Skip to content

Instantly share code, notes, and snippets.

View bb33bb's full-sized avatar
💭
I may be slow to respond.

boy1337 bb33bb

💭
I may be slow to respond.
485 followers · 569 following
View GitHub Profile
@bb33bb
bb33bb / t8020-ap_keys-220124-release_ipsws.json
Created May 8, 2025 06:06 — forked from NyanSatan/t8020-ap_keys-220124-release_ipsws.json
T8020 AP & SEP keys 22.01.24, only release IPSWs, credits to m1stadev for KBAG collection
This file has been truncated, but you can view the full file.
[
{
"build": "21C66",
"fw": "iPhone11,2,iPhone11,4,iPhone11,6_17.2.1_21C66_Restore.ipsw",
"file": "LLB.d331p.RELEASE.im4p",
"kbag": "ceb94a60d2ab04749f320df617939ee51d83c1075500c630135fa816801fa2465aa60d32bb4b1aface8d4edae78ed8c1",
"key": "8f8e2885ba96e189ee3e31553da43c303c6014bb91285ce572a2eac6a72320ca5f5fef05b8d9a429857544fb7d22136e"
},
{
"build": "21C66",
@bb33bb
bb33bb / modern-iboot-symbols.txt
Created May 8, 2025 06:04 — forked from NyanSatan/modern-iboot-symbols.txt
Modern as of 2024. Obviously not every single one, but still over 2K. Dumped from test coverage files
iBootCoverage> gcov -n --dump */coverage/*.gcno |& grep "=====" | sort | uniq | grep -v test | grep -v AppleInternal | cut -d " " -f2,4,5 | cut -d ":" -f1 | sort | uniq | sed -e 's/ @/\t@/g' > modern-iboot-symbols.txt
__os_warn_unused @ include/overflow.h
__syscfg_validate_and_get_instance_id_for_multi @ lib/syscfg/syscfg.c
__syscfg_validate_keybag_instance_id @ lib/syscfg/syscfg.c
_abb_panic_buffered_write @ lib/abb_panic/abb_panic.c
_abb_panic_calculate_file_size @ lib/abb_panic/abb_panic.c
_abb_panic_create_4cc @ lib/abb_panic/abb_panic.c
_abb_panic_create_ce_subsystem_crash_report_entry @ lib/abb_panic/abb_panic.c
_abb_panic_create_lph_subsystem_crash_report_entry @ lib/abb_panic/abb_panic.c
@NyanSatan
NyanSatan / modern-iboot-symbols.txt
Created April 2, 2025 19:56
Modern as of 2024. Obviously not every single one, but still over 2K. Dumped from test coverage files
iBootCoverage> gcov -n --dump */coverage/*.gcno |& grep "=====" | sort | uniq | grep -v test | grep -v AppleInternal | cut -d " " -f2,4,5 | cut -d ":" -f1 | sort | uniq | sed -e 's/ @/\t@/g' > modern-iboot-symbols.txt
__os_warn_unused @ include/overflow.h
__syscfg_validate_and_get_instance_id_for_multi @ lib/syscfg/syscfg.c
__syscfg_validate_keybag_instance_id @ lib/syscfg/syscfg.c
_abb_panic_buffered_write @ lib/abb_panic/abb_panic.c
_abb_panic_calculate_file_size @ lib/abb_panic/abb_panic.c
_abb_panic_create_4cc @ lib/abb_panic/abb_panic.c
_abb_panic_create_ce_subsystem_crash_report_entry @ lib/abb_panic/abb_panic.c
_abb_panic_create_lph_subsystem_crash_report_entry @ lib/abb_panic/abb_panic.c
@bb33bb
bb33bb / exp.c
Created August 19, 2024 03:20 — forked from soez/exp.c
CVE-2022-22265 Samsung A25 npu driver
/*
*
* Author: @javierprtd
* Date : 01-08-2024
* Kernel: 5.10.177
* Samsung A25 NPU: CVE-2022-22265 (bug patched - reintroduced)
*
*/
// echo 1 > /sys/module/memlogger/holders/npu/drivers/platform:exynos-npu/npu_exynos/npu_err_in_dmesg
@soez
soez / exp.c
Last active November 2, 2024 09:10
CVE-2022-22265 Samsung A25 npu driver
/*
*
* Author: @javierprtd
* Date : 01-08-2024
* Kernel: 5.10.177
* Samsung A25 NPU: CVE-2022-22265 (bug patched - reintroduced)
*
*/
// echo 1 > /sys/module/memlogger/holders/npu/drivers/platform:exynos-npu/npu_exynos/npu_err_in_dmesg
@soez
soez / address_functions.c
Created August 1, 2024 06:54
Samsung virt_to_phys - phys_to_virt - virt_to_page - page_to_virt
#define MEMSTART 0x80000000UL
#define VIRTUAL_KERNEL_START 0xffffffc008000000UL
#define LINEAR_MAP_START 0xffffff8000000000UL
bool is_lm_addr(uint64_t kaddr)
{
return (kaddr & (VIRTUAL_KERNEL_START - (0x8 << (6 * 4)))) == LINEAR_MAP_START;
}
uint64_t virt_to_phys(uint64_t kaddr)
@NyanSatan
NyanSatan / t8020-ap_keys-220124-release_ipsws.json
Created January 22, 2024 20:27
T8020 AP & SEP keys 22.01.24, only release IPSWs, credits to m1stadev for KBAG collection
This file has been truncated, but you can view the full file.
[
{
"build": "21C66",
"fw": "iPhone11,2,iPhone11,4,iPhone11,6_17.2.1_21C66_Restore.ipsw",
"file": "LLB.d331p.RELEASE.im4p",
"kbag": "ceb94a60d2ab04749f320df617939ee51d83c1075500c630135fa816801fa2465aa60d32bb4b1aface8d4edae78ed8c1",
"key": "8f8e2885ba96e189ee3e31553da43c303c6014bb91285ce572a2eac6a72320ca5f5fef05b8d9a429857544fb7d22136e"
},
{
"build": "21C66",
@NyanSatan
NyanSatan / t8120-ap_keys-210124.json
Created January 21, 2024 16:47
T8120 AP & SEP keys 21.01.24
[
{
"build": "20A362",
"fw": "iPhone15,2_16.0_20A362_Restore.ipsw",
"file": "LLB.d73.RELEASE.im4p",
"kbag": "985898593B143B130AAEA95C723A342D647ED5F9E0953871E836000A7108E52D75E0BA03A9917E984889DCA1253D3F1C",
"key": "9f58969bb426e99f2dc541bd524f2b5696865560a201a230ee25c89cd2a147d9e5d17779c0b816fd29c5f760a892c5bf"
},
{
"build": "20A362",
@NyanSatan
NyanSatan / t8110-ap_keys-281023.json
Created January 13, 2024 16:47
T8110 AP & SEP keys 28.10.23
This file has been truncated, but you can view the full file.
[
{
"fw": "iPad_Fall_2021_15.0.1_19A348_Restore.ipsw",
"file": "LLB.j310.RELEASE.im4p",
"kbag": "C883D3D32C20E3108DF7BA1BB79F23E2BC848D034A968042E28615B85A490A26CDAA60A0F9F931C8C901AE1C7593C8BF",
"key": "793a284aff409d72860e64431e3d6a0e27f0d574ac4d4053628a7266ed5bd051eb6d06dde0acd5b9730ed874e136ed00"
},
{
"fw": "iPad_Fall_2021_15.0.1_19A348_Restore.ipsw",
"file": "iBEC.j310.RELEASE.im4p",
@singleghost2
singleghost2 / load_wrapper.cc
Created November 21, 2023 03:09
Disable ASLR on macOS for dylib include those loaded with `dlopen`
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <spawn.h>
#include <sys/wait.h>
#include <string.h>
/* ASLR disabling magic constant from Apple LLDB source code
https://opensource.apple.com/source/lldb/lldb-76/tools/darwin-debug/darwin-debug.cpp
*/