장경칩연구소[ 블랙팔콘 대장] ox1111
ox1111
/ iphoneWontBoot
Created
June 4, 2025 22:03
— forked from gistya/iphoneWontBoot
console output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ======================== | |
| ASL is here to serve you | |
| > | |
| Jul 1 06:33:43 apsd[83] <Warning>: 2013-07-01 06:33:43 -0700 apsd[83]: <APSCourier: 0x14568410>: forceDelayedReconnect. | |
| Jul 1 06:33:43 apsd[83] <Warning>: 2013-07-01 06:33:43 -0700 apsd[83]: <APSCourierConnection: 0x1466bd90> asked to resumeManager with action 5 with invalid interface None | |
| Jul 1 06:33:43 apsd[83] <Warning>: 2013-07-01 06:33:43 -0700 apsd[83]: copyTokenForDomain push.apple.com (null) | |
| Jul 1 06:33:43 apsd[83] <Warning>: 2013-07-01 06:33:43 -0700 apsd[83]: <APSCourier: 0x14568410> adding connectionserver <APSConnectionServer: 0x14586ce0>, setting publicToken:(null) | |
| Jul 1 06:33:44 apsd[83] <Warning>: 2013-07-01 06:33:44 -0700 apsd[83]: copyTokenForDomain push.apple.com (null) | |
| Jul 1 06:33:44 apsd[83] <Warning>: 2013-07-01 06:33:44 -0700 apsd[83]: Do we need to enable the courier? needToken YES _hasEnabledCouriers NO |
ox1111
/ iPhone_8_15.1_19B74_kernelpatches.txt
Created
April 18, 2024 23:16
— forked from tihmstar/iPhone_8_15.1_19B74_kernelpatches.txt
iPhone 8 15.1 19B74 checkm8 jb patches
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 저자 commnet | |
| I guess i can't help but tease you a bit more :P | |
| Here are the patches i used on my iPhone8 to boot into iOS 15.1 jb | |
| https://gist.github.com/tihmstar/faaa1fe3fe9302782800a4d40bb67825 | |
| - remove passcode | |
| - kernelpatches may be incomplete (i didn't test tweaks, just sileo) | |
| iPhone8 15.1 19B74 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Decompiled by hand (based-ish on a Ghidra decompile) from Hypervisor.framework on macOS 12.0b1 | |
| @import Darwin; | |
| #include <assert.h> | |
| typedef uint64_t hv_return_t; | |
| typedef void* hv_vm_config_t; | |
| #define HV_CALL_VM_GET_CAPABILITIES 0 | |
| #define HV_CALL_VM_CREATE 1 |
ox1111
/ afuu.c
Created
March 26, 2024 00:55
— forked from 0x36/afuu.c
AppleFirmwareUpdateKext::loadFirmware() : Missing lock leads to double object release
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if 0 | |
| // Fixed in iOS 13.1 with CVE-2019-8747 | |
| __thiscall | |
| AppleFirmwareUpdateKext::loadFirmware | |
| (AppleFirmwareUpdateKext *this,IOMemoryDescriptor *Memory,void *off_0x10,uint off_0x18) | |
| { | |
| uint uVar1; | |
| byte addr; | |
| byte len; |
ox1111
/ ApplePPM_oobw.c
Created
March 26, 2024 00:55
— forked from 0x36/ApplePPM_oobw.c
ApplePPM::setProperties() OOB writes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if 0 | |
| Fixed in iOS 13.0 with CVE-2019-8712. | |
| ApplePPM::setProperties() : OSArray::initWithArray called without locks leads to OOB Writes | |
| __thiscall ApplePPM::setProperties(ApplePPM *this,OSDictionary *param_1) | |
| { | |
| ... | |
| ... | |
ox1111
/ l2tp_infoleak.c
Created
March 25, 2024 23:41
— forked from 0x36/l2tp_infoleak.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdlib.h> | |
| #include <sys/types.h> | |
| #include <sys/socket.h> | |
| #include <linux/types.h> | |
| #include <arpa/inet.h> | |
| #include <linux/in.h> | |
| #include <linux/in6.h> | |
| #include <linux/if.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <asm/types.h> | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <arpa/inet.h> | |
| #include <linux/netlink.h> | |
| #include <linux/xfrm.h> |
ox1111
/ metacast.py
Created
March 25, 2024 23:40
— forked from 0x36/metacast.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fix a metacast output in iOS kernelcache | |
| #@author simo | |
| #@category iOS.kernel | |
| #@keybinding Meta Shift M | |
| #@toolbar logos/m.png | |
| # -*- coding: utf-8 -*- | |
| # This script can be only used in GHIDRA 9.2, so grab the source code and compile it yourself |
ox1111
/ oob_events.c
Created
March 25, 2024 23:40
— forked from 0x36/oob_events.c
IOAccelContext2::finish_fence_event() race condition OOB read/write
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if 0 | |
| IOAccelContext2::finish_fence_event() race condition OOB read/write | |
| This is a method exposed to user space, it takes a kernel read-only shared memory | |
| (type 2 via clientMemoryForType()) address and treats it as an IOAccelEvents Array. | |
| The user supplied index is checked against the IOAccelEvents array bounds,since there are no | |
| locks held in this method,it is possible to change the array bounds by calling | |
| IOAccelContext2::clientMemoryForType() again in a separate thread, this will expand the size by | |
| multiplying the older size by 2, but we still have a reference to the old shared memory address |
ox1111
/ depac.py
Created
March 25, 2024 23:40
— forked from 0x36/depac.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fixing LC_DYLD_CHAINED_FIXUPS for macOS M1 kext drivers | |
| # -*- coding: utf-8 -*- | |
| #@category macOS.kext | |
| from generic.continues import RethrowContinuesFactory | |
| from ghidra.app.script import GhidraScript | |
| from ghidra.app.util.bin import ByteProvider, RandomAccessByteProvider, BinaryReader | |
| from ghidra.app.util.bin.format.macho import MachHeader,Section, commands | |
| from ghidra.program.model.address import Address | |
| from java.io import File |
NewerOlder