Skip to content

Instantly share code, notes, and snippets.

View jevinskie's full-sized avatar

Jevin Sweval jevinskie

860 followers · 7.8k following
View GitHub Profile
@EthanArbuckle
EthanArbuckle / cli-gui.m
Last active May 9, 2025 13:22
drawing a UIWindow from an iOS cli tool
#import <CoreGraphics/CoreGraphics.h>
#import <Foundation/Foundation.h>
#import <objc/runtime.h>
#import <objc/message.h>
#import <dlfcn.h>
__attribute__((constructor)) static void init(void) {
Method bundleIdentifierMethod = class_getInstanceMethod(objc_getClass("NSBundle"), sel_registerName("bundleIdentifier"));
IMP newImp = imp_implementationWithBlock(^(id self) {
@niw
niw / 20240929.md
Last active January 23, 2025 20:25
The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

This is the tale of a long weekend spent uncovering a mysterious iOS 18 Neural Engine bug—a journey of problem-solving in a system where full visibility is elusive, especially in the locked-down world of Apple’s platforms. But the process I followed is a general approach you can use for any opaque system. It all began last week when I stumbled upon a strange behavior in my iOS app. The output generated from a CoreML model was completely broken—something I had never seen before. And after some digging, I realized this only happened when the model was running on the Neural Engine of iOS 18. The first step was triage. I implemented a quick workaround in the app: if the device is running iOS 18, switch from the Neural Engine to the GPU. This temporarily solved the issue, but I had no idea why it worked or whether other CoreML models in the app’s pipeline might also be affected. Without a deeper understanding of the root cause, I knew I cou

@mildsunrise
mildsunrise / asahi-acronyms.md
Created September 29, 2024 10:35

resources to find what Apple/Asahi acronyms mean:

  • check out this table
  • search with site:asahilinux.org (maybe they talked about it in the blog)
  • grep the linux and m1n1 repos

some other random acronyms, mostly peripherals of the SoC:

  • AIC → Apple Interrupt Controller
  • AP → Application Processor (where the OS runs)
  • DART → Device Address Resolution Table (IOMMU)
@mildsunrise
mildsunrise / decompress_pbzx.py
Last active December 14, 2024 14:24 — forked from Lekensteyn/parse_pbzx.py
Pure python reimplementation of .cpio.xz content extraction from pbzx file payload for OS X packages
#!/usr/bin/env python3
'''
Decompresses a pbzx stream.
Simplified/corrected version of <https://gist.github.com/Lekensteyn/6e0840e77bc9bd013f57>
Example usage (from Python):
decompress_pbzx(open('PayloadJava', 'rb'), open('PayloadJava.cpio', wb'))
@steveroush
steveroush / addGrid.gvpr
Created September 22, 2024 20:49
add a grid to any Graphviz graph
/**************************************************************************
add a grid to a graph in .dot format
**************************************************************************/
BEGIN{
int i, Indx, bcnt, LR;
string Type, Val, Gcolor[], Gstyle[], Gsize[], tmpstr;
string Hcolor, Vcolor, Hstyle, Vstyle, gridType, gridAlign;
float Hsize, Vsize, deltaX, deltaY, minX, minY, maxX, maxY;
@prozacchiwawa
prozacchiwawa / fake-elf.py
Created September 11, 2024 06:07
Make an elf file that pretends to have specific functions at specific addresses
#!/usr/bin/env python
from elftools.elf.elffile import ELFFile
from pathlib import Path
import struct
import subprocess
# Steps
#
# 0) Read definitions with addresses
@theevilbit
theevilbit / lsregister_urlscheme.sh
Created August 27, 2024 12:34
#!/bin/bash
# Run the lsregister command and store the output in a variable
output=$(/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump)
# Use awk to parse the relevant sections
echo "$output" | awk '
# When "CFBundleDisplayName" is found, store the app name
/CFBundleDisplayName/ {
app_name = substr($0, index($0, "=") + 2)
@Marcondiro
Marcondiro / google_summer_of_code_2024_libafl.md
Last active January 15, 2025 19:05
A Google Summer of Code 2024 Project with the AFLplusplus Organization [Report]

Integrate Intel PT tracing into LibAFL QEMU

A Google Summer of Code 2024 Project with the AFLplusplus Organization
Mentor: @rmalmain
Project repository: https://github.com/AFLplusplus/LibAFL/

Note: This report is not intended to be purely technical documentation of the developed code. Instead, its goal is to describe my GSoC 2024 contributor experience, link to the developed code, summarize the current state of the project, and outline the challenges and lessons learned.

Project Description

@miticollo
miticollo / build_frida.sh
Last active February 19, 2025 06:01
How to build frida-server (≥ 16.2.2) for iOS jailbroken devices
#!/usr/bin/env bash
#
# Build Frida DEB.
# register the cleanup function to be called on the EXIT signal
trap cleanup INT
#######################################
# Deletes the temp directory.
# Globals:
@steven-michaud
steven-michaud / CustomBootObjects.md
Last active May 13, 2025 05:58
Custom Boot Objects in Virtualization Framework macOS Guest VMs

Custom Boot Objects in Virtualization Framework macOS Guest VMs

By default, "custom boot objects" (created using kmutil create) can't be used in macOS Virtualization framework guest VMs. Here I show how to get around this Apple design flaw. Note that Virtualization framework macOS guests can only be created on Apple Silicon Macs.

To proceed, you'll need to work through my Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs. Many