Skip to content

Instantly share code, notes, and snippets.

View jevinskie's full-sized avatar

Jevin Sweval jevinskie

942 followers · 8.3k following
View GitHub Profile
@theevilbit
theevilbit / launchd-config.plist
Created October 10, 2024 12:22
launchd embedded plist, macOS 15.0
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ShutdownReportTimeout</key>
<integer>2</integer>
<key>SIGTERMTimeout</key>
<integer>5</integer>
<key>CrashOnSIGTERMTimeout</key>
<true/>
@EthanArbuckle
EthanArbuckle / cli-gui.m
Last active July 8, 2025 20:08
drawing a UIWindow from an iOS cli tool
#import <CoreGraphics/CoreGraphics.h>
#import <Foundation/Foundation.h>
#import <objc/runtime.h>
#import <objc/message.h>
#import <dlfcn.h>
__attribute__((constructor)) static void init(void) {
Method bundleIdentifierMethod = class_getInstanceMethod(objc_getClass("NSBundle"), sel_registerName("bundleIdentifier"));
IMP newImp = imp_implementationWithBlock(^(id self) {
@niw
niw / 20240929.md
Last active January 23, 2025 20:25
The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

This is the tale of a long weekend spent uncovering a mysterious iOS 18 Neural Engine bug—a journey of problem-solving in a system where full visibility is elusive, especially in the locked-down world of Apple’s platforms. But the process I followed is a general approach you can use for any opaque system. It all began last week when I stumbled upon a strange behavior in my iOS app. The output generated from a CoreML model was completely broken—something I had never seen before. And after some digging, I realized this only happened when the model was running on the Neural Engine of iOS 18. The first step was triage. I implemented a quick workaround in the app: if the device is running iOS 18, switch from the Neural Engine to the GPU. This temporarily solved the issue, but I had no idea why it worked or whether other CoreML models in the app’s pipeline might also be affected. Without a deeper understanding of the root cause, I knew I cou

@mildsunrise
mildsunrise / asahi-acronyms.md
Created September 29, 2024 10:35

resources to find what Apple/Asahi acronyms mean:

  • check out this table
  • search with site:asahilinux.org (maybe they talked about it in the blog)
  • grep the linux and m1n1 repos

some other random acronyms, mostly peripherals of the SoC:

  • AIC → Apple Interrupt Controller
  • AP → Application Processor (where the OS runs)
  • DART → Device Address Resolution Table (IOMMU)
@mildsunrise
mildsunrise / decompress_pbzx.py
Last active December 14, 2024 14:24 — forked from Lekensteyn/parse_pbzx.py
Pure python reimplementation of .cpio.xz content extraction from pbzx file payload for OS X packages
#!/usr/bin/env python3
'''
Decompresses a pbzx stream.
Simplified/corrected version of <https://gist.github.com/Lekensteyn/6e0840e77bc9bd013f57>
Example usage (from Python):
decompress_pbzx(open('PayloadJava', 'rb'), open('PayloadJava.cpio', wb'))
@steveroush
steveroush / addGrid.gvpr
Created September 22, 2024 20:49
add a grid to any Graphviz graph
/**************************************************************************
add a grid to a graph in .dot format
**************************************************************************/
BEGIN{
int i, Indx, bcnt, LR;
string Type, Val, Gcolor[], Gstyle[], Gsize[], tmpstr;
string Hcolor, Vcolor, Hstyle, Vstyle, gridType, gridAlign;
float Hsize, Vsize, deltaX, deltaY, minX, minY, maxX, maxY;
@prozacchiwawa
prozacchiwawa / fake-elf.py
Created September 11, 2024 06:07
Make an elf file that pretends to have specific functions at specific addresses
#!/usr/bin/env python
from elftools.elf.elffile import ELFFile
from pathlib import Path
import struct
import subprocess
# Steps
#
# 0) Read definitions with addresses
@theevilbit
theevilbit / lsregister_urlscheme.sh
Created August 27, 2024 12:34
#!/bin/bash
# Run the lsregister command and store the output in a variable
output=$(/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump)
# Use awk to parse the relevant sections
echo "$output" | awk '
# When "CFBundleDisplayName" is found, store the app name
/CFBundleDisplayName/ {
app_name = substr($0, index($0, "=") + 2)
@Marcondiro
Marcondiro / google_summer_of_code_2024_libafl.md
Last active January 15, 2025 19:05
A Google Summer of Code 2024 Project with the AFLplusplus Organization [Report]

Integrate Intel PT tracing into LibAFL QEMU

A Google Summer of Code 2024 Project with the AFLplusplus Organization
Mentor: @rmalmain
Project repository: https://github.com/AFLplusplus/LibAFL/

Note: This report is not intended to be purely technical documentation of the developed code. Instead, its goal is to describe my GSoC 2024 contributor experience, link to the developed code, summarize the current state of the project, and outline the challenges and lessons learned.

Project Description

@miticollo
miticollo / build_frida.sh
Last active October 25, 2025 06:14
How to build frida-server (≥ 16.2.2) for iOS jailbroken devices
#!/usr/bin/env bash
#
# Build Frida DEB.
# register the cleanup function to be called on the EXIT signal
trap cleanup INT
#######################################
# Deletes the temp directory.
# Globals: