marcnewlin
/ apple-hid-read-flash.py
Created
March 23, 2024 15:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import usb.core | |
| import struct | |
| from collections import namedtuple | |
| APPLE_VID = 0x05ac | |
| Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"]) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "fw": "Watch6,1_7.5_18T567_Restore.ipsw", | |
| "file": "LLB.n157s.RELEASE.im4p", | |
| "kbag": "ED5083404184FFD4B6B3AC3BAC11784F1523E552FB434250AE9AFAC4D969C017E392277BDB33F73D136ADB74300469F2", | |
| "key": "4ab9cec46db6e89b061c2f12cb9a21b3fa659fa9f076afba2377184011250b459c0e55837d04e463d9242e1447f75cdb" | |
| }, | |
| { | |
| "fw": "Watch6,1_7.5_18T567_Restore.ipsw", | |
| "file": "iBEC.n157s.RELEASE.im4p", |
exploit3dguy
/ internationalhackingsolutionsfbi.s
Last active
July 18, 2023 06:45
PTE patch code (RWX map) for new iBoot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text | |
| .pool | |
| .set ARM_TTE_BLOCK_PNX, 0x0020000000000000 | |
| .set ARM_TTE_BLOCK_NX, 0x0040000000000000 | |
| .set SDRAM_PAGE1, 0x180082000 | |
| .set SRAM_PAGE1, 0x1800841F0 | |
| .global _main |
tihmstar
/ iPhone_8_15.1_19B74_kernelpatches.txt
Last active
April 18, 2024 23:16
iPhone 8 15.1 19B74 checkm8 jb patches
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iPhone8 15.1 19B74 | |
| iBoot: 0x1800309c0 : 000080d2 | |
| iBoot: 0x180038744 : af070094 | |
| iBoot: 0x18003a844 : 9386ff17 | |
| iBoot: 0x18001c290 : a1000058df0301eb40000054202080d2c0035fd6 | |
| iBoot: 0x18001c2a4 : 4887038001000000 | |
| iBoot: 0x1800325dc : 200080d2 | |
| iBoot: 0x18009127f : 7261316e736e3077206d6f6465 | |
| iBoot: 0x180038f04 : 1f2003d5 |
yarshure
/ extract_pe_from_diags_body.py
Created
November 6, 2021 16:47
extract_pe_from_diags_body.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sudo pip install uefi_firmware | |
| #python3 e.py input output | |
| import sys | |
| from uefi_firmware import efi_compressor | |
| handle=open(sys.argv[1], "rb") | |
| content=handle.read() | |
| newc=content[7:] | |
| c=efi_compressor.TianoDecompress(newc,len(newc)) | |
| d=open(sys.argv[2], "wb") | |
| st_mz=c.find(b"MZ") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ] printenv | |
| boot-partition = "" | |
| boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcach" | |
| dt-path = "/usr/standalone/firmware/devicetree.img" | |
| roothash-path = "/usr/standalone/firmware/root_hash.img" | |
| ibd-path = "/usr/standalone/firmware/FUD/iBootData.img" | |
| sepfw-path = "/usr/standalone/firmware/sep-firmware.img" | |
| tc-path = "/usr/standalone/firmware/FUD/StaticTrustCache.img" | |
| tc-eng-dir = "/usr/standalone/firmware/trustcache" | |
| build-style = "DEVELOPMEN" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Type | Subtype | Offset | Size | CRC32 | Name | |
| Image | UEFI | 00000000 | 0299AA15 | F1D51BF8 | UEFI image | |
| Padding | Non-empty | 00000000 | 000E0027 | D0F8A5FF | - Padding | |
| Volume | FFSv2 | 000E0027 | 00008000 | A28B90B1 | - 8C8CE578-8A3D-4F1C-9935-896185C32DD3 | |
| Free space | | 000E006F | 00007FB8 | 425AB2D9 | -- Volume free space | |
| Volume | FFSv2 | 000E8027 | 028B0000 | 25F96F5F | - 8C8CE578-8A3D-4F1C-9935-896185C32DD3 | |
| File | Freeform | 000E806F | 0000013C | C3B1AD8F | -- FC510EE7-FFDC-11D4-BD41-0080C73C8881 | DXE apriori file | |
| Section | Raw | 000E8087 | 00000124 | 103B4756 | --- Raw section | |
| File | Pad | 000E81AF | 00007E60 | D21642FD | -- Pad-file |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [0012609A:36DA001E] :-) soc -p | |
| vendor: Apple | |
| model: 8103 | |
| primary-cpu: Tempest | |
| fuse-rev: 11 | |
| security-epoch: 1 | |
| security-domain0: 1 | |
| security-domain1: 0 | |
| production-mode: 1 | |
| board-id: 0 |
NyanSatan
/ weirdness_redacted.txt
Created
May 29, 2021 20:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| arm_clean_dcache_line() weirdness | |
| 27 Dec 2020 12:12 MSK | |
| At some point of my iPhone 5 SecureROM research, I've *decided* to REDACTED. After the process I was quite tired, so I was just looking at different functions in the ROM for no particular reason. One of the functions was platform_get_boot_trampoline(): | |
| void *platform_get_boot_trampoline() | |
| { | |
| #define TRAMPOLINE_SIZE 0x40 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - [05/04/21 15:20:57] <Info>: Waiting for DFU devices | |
| - [05/04/21 15:21:20] <Verbose>: DFU mode device found | |
| - [05/04/21 15:21:20] <Info>: Exploiting | |
| - [05/04/21 15:21:20] <Verbose>: Attempting to perform checkm8 on 8011 10... | |
| - [05/04/21 15:21:20] <Info>: Checking if device is ready | |
| - [05/04/21 15:21:20] <Verbose>: == Checkm8 Preparation stage == | |
| - [05/04/21 15:21:20] <Verbose>: Stalled input endpoint | |
| - [05/04/21 15:21:20] <Verbose>: DFU device disconnected | |
| - [05/04/21 15:21:20] <Verbose>: DFU mode device found | |
| - [05/04/21 15:21:20] <Info>: Setting up the exploit (this is the heap spray) |
NewerOlder