Some notes, tools, and techniques for reverse engineering macOS binaries.
0xdevalias
/ reverse-engineering-macos.md
Last active
June 18, 2025 16:04
Some notes, tools, and techniques for reverse engineering macOS binaries
xdavidhu
/ wokplace-ssl-pinning-bypass.md
Last active
April 26, 2025 16:53
Bypassing SSL Pinning in Facebook/Meta Workplace (Android)
Tested on Workplace for Android version 362.0.0.29.109. This approach might work in other Facebook/Meta applications. Thank you Imre Rad for helping me analyze the binary.
The Workplace Android app uses the Fizz open source TLS-1.3 library to communicate with the backend APIs. This library is written in C++, and is compiled to native code. It is running as a native library attached to the Android app.
The certificate verification is implemented in fizz/client/ClientProtocol.cpp, on line 1944.
The easiest way to bypass this check is to patch the if (state.verifier()) { check on line 1942.
umbernhard
/ arch-secure-install.md
Last active
April 14, 2025 12:57
Building a Secure Arch Linux Device
Locking down a linux machine is getting easier by the day. Recent advancements in systemd-boot have enabled a host of features to help users ensure that their machines have not been tampered with. This guide provides a walkthrough of how to turn on many of these features during installation, as well as reasoning for why certain features help improve security.
The steps laid out below draw on a wide variety of existing resources, and in places I'll point to them rather than attempt to regurgitate full explanations of the various security components. The most significant one, which I highly encourage everyone to read, is Rod Smith's site about secure boot, which is the most comprehensive and cogent explanation of UEFI, boot managers and boot loaders, and secure boot. Another incredibly useful resources is Safeboot, which encapsulates many of the setup steps below in a Debian application.
brandonros
/ gist:4aa6ae51d0f925671d034446947df555
Last active
March 23, 2025 16:50
BMW UDS function descriptions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 10 01;setDefaultSession | |
| 10 02;setProgrammingSession | |
| 10 03;setExtendedDiagnosticSession | |
| 11 01;hardReset | |
| 14 FF FF FF,31 01 0F 06,31 01 40 00 00,31 01 40 00 05,31 01 40 00 01;Clear all DTCs (clear DTC,clear Infospeicher,ZFS ***8211; DM_Lock,clear ZFS ***8211; DM_Clear,ZFS ***8211; DM_Unlock) | |
| 14 FF FF FF;Clear DTC | |
| 19 02 0C;ReadDTC(0C) | |
| 19 0A;ReadSupportedDTC | |
| 22 10 0A;readEnergyMode | |
| 22 10 0E;readExtendedMode |
LukeZGD
/ ios-downgrade-dualboot.md
Last active
June 19, 2025 04:33
Downgrade and dualboot status of almost all iOS devices
UPDATED: 2025-04-04
- Reddit mirror: https://www.reddit.com/r/iOSDowngrade/comments/j1x7iv/downgrade_and_dualboot_status_of_almost_all_ios/
- GitHub Gist mirror: https://gist.github.com/LukeZGD/9d781f1b03a69fa46869384a9407a41a
- As of updating this post, there is now a free downgrade tool that utilizes a SEP exploit released for A9-A10X devices, turdus merula: https://sep.lol/
- Untethered with blobs guide: https://ios.cfw.guide/turdusmerula/
- Tethered guide: https://ios.cfw.guide/turdusmerula-tethered/
- Save SHSH blobs for signed iOS versions using TSS Saver or blobsaver
cnlohr
/ forgot_to_check_out_with_recurse_submodules.md
Last active
June 18, 2025 16:46
Git forgot to clone recursively (forgot to check out with recurse submodules)
Did you just check out / clone a repository and forget --recursive / --recurse-submodules? Well, do this:
git submodule update --init --recursive --remote
For information about why this nugget was lost and burried in another stack exchange article, see this: https://meta.stackoverflow.com/questions/400424/how-can-i-request-that-a-question-merge-be-reversed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| traverse_io_registry: traverse_io_registry.c | |
| ${CC} $^ -framework CoreFoundation -framework IOKit -o $@ |