Skip to content

Instantly share code, notes, and snippets.

View rickmark's full-sized avatar
🔬
Decoding iOS Formats

Rick Mark rickmark

🔬
Decoding iOS Formats
259 followers · 30 following
View GitHub Profile
@rickmark
rickmark / ct_log_list.cnf
Created March 26, 2020 07:38
Basic CT Log for OpenSSL
enabled_logs = ct.googleapis.com/logs/argon2020/, ct.googleapis.com/logs/argon2021/, ct.googleapis.com/logs/argon2022/, ct.googleapis.com/logs/argon2023/, ct.googleapis.com/logs/xenon2020/, ct.googleapis.com/logs/xenon2021/, ct.googleapis.com/logs/xenon2022/, ct.googleapis.com/logs/xenon2023/, ct.googleapis.com/aviator/, ct.googleapis.com/icarus/, ct.googleapis.com/pilot/, ct.googleapis.com/rocketeer/, ct.googleapis.com/skydiver/, ct.cloudflare.com/logs/nimbus2020/, ct.cloudflare.com/logs/nimbus2021/, ct.cloudflare.com/logs/nimbus2022/, ct.cloudflare.com/logs/nimbus2023/, ct1.digicert-ct.com/log/, ct2.digicert-ct.com/log/, yeti2020.ct.digicert.com/log/, yeti2021.ct.digicert.com/log/, yeti2022.ct.digicert.com/log/, yeti2023.ct.digicert.com/log/, nessie2020.ct.digicert.com/log/, nessie2021.ct.digicert.com/log/, nessie2022.ct.digicert.com/log/, nessie2023.ct.digicert.com/log/, ct.ws.symantec.com/, vega.ws.symantec.com/, sirius.ws.symantec.com/, log.certly.io/, ct.izenpe.com/, ctlog.wosign.com/, ctlog.api.venafi.
@rickmark
rickmark / OUTPUT.txt
Created April 1, 2020 02:11
Where the rootkit lives
warning: the following paths have collided (e.g. case-sensitive paths
on a case-insensitive filesystem) and only one from the same
colliding group is in the working tree:
'include/uapi/linux/netfilter/xt_CONNMARK.h'
'include/uapi/linux/netfilter/xt_connmark.h'
'include/uapi/linux/netfilter/xt_DSCP.h'
'include/uapi/linux/netfilter/xt_dscp.h'
'include/uapi/linux/netfilter/xt_MARK.h'
'include/uapi/linux/netfilter/xt_mark.h'
'include/uapi/linux/netfilter/xt_RATEEST.h'
@rickmark
rickmark / merged.sucatalog
Created April 3, 2020 02:06
Bad Catalog
This file has been truncated, but you can view the full file.
<?xml version="1.0"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CatalogVersion</key>
<integer>2</integer>
<key>ApplePostURL</key>
<string>http://swpost.apple.com/stats</string>
<key>IndexDate</key>
<date>2020-04-02T20:23:03Z</date>
@rickmark
rickmark / AIR
Created April 6, 2020 07:30
Bad Chunklist
AP: 041-76812
AU: http://oscdn.apple.com/content/downloads/22/29/041-76812a/2liqsakq9ocpldao5gxogpqqkg3666itc6/RecoveryImage/BaseSystem.dmg
AH: 911AA08F31A306D96C4B55ECD01D3D8407DE220F23CA142706A95BB3F6F64367
AT: expires=1586161191~access=/content/downloads/22/29/041-76812a/2liqsakq9ocpldao5gxogpqqkg3666itc6/RecoveryImage/BaseSystem.dmg~md5=91750225f119628d8ca7003e17d3e548
CU: http://oscdn.apple.com/content/downloads/22/29/041-76812a/2liqsakq9ocpldao5gxogpqqkg3666itc6/RecoveryImage/BaseSystem.chunklist
CH: 88FA100141771D21820418A64C538C3936628F8DE36ED92D3C5D55D079CC4884
CT: expires=1586161191~access=/content/downloads/22/29/041-76812a/2liqsakq9ocpldao5gxogpqqkg3666itc6/RecoveryImage/BaseSystem.chunklist~md5=07447411824be3f998d930e657d90e9a
@rickmark
rickmark / TwoIRRequests.txt
Created April 6, 2020 17:14
Result of two IR requests
cid=A64F96125D28533D
sn=C079442000SJRWLAX
bid=Mac-7BA5B2DFE22DDD8C
k=CF4EF754A68299485E52179B73382421FDBE38BAA06C7CE518A9A4BA91E3C96D
os=latest
bv=17.16.11081.0.0,0
fg=9ECA302EC3E25279AA80C088EF82A821DAD22197B8516F2E9966CC462B524393
AP: 041-76812
AU: http://oscdn.apple.com/content/downloads/22/29/041-76812a/2liqsakq9ocpldao5gxogpqqkg3666itc6/RecoveryImage/BaseSystem.dmg
@rickmark
rickmark / TwoRequestsWCookie
Created April 6, 2020 17:17
Two IR Requests w Cookie
POST /InstallationPayload/RecoveryImage HTTP/1.1
User-Agent: InternetRecovery/1.0
Content-Type: text/plain
Host: osrecovery.apple.com
Cookie: session=1586193664~02FEB1C7E54794226C01C0B06D12EB40FA844F8C4850C4E2D4D65AC2133FDDF2
Connection: close
Content-Length: 232
cid=A64F96125D28533D
sn=C079442000SJRWLAX
@rickmark
rickmark / 000_no_recovery_mode.patch
Created April 7, 2020 23:06
no_recovery
diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index 03e4811..ffd5363 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -76,6 +76,7 @@ static struct option longopts[] = {
{ "plain-progress", no_argument, NULL, 'P' },
{ "restore-mode", no_argument, NULL, 'R' },
{ "ticket", required_argument, NULL, 'T' },
+ { "no-restore", no_argument, NULL, 'z'},
{ NULL, 0, NULL, 0 }
@rickmark
rickmark / ioreg.txt
Created April 28, 2020 19:33
Hidden iPhone NVMe Namespaces and SCfg Overrun
| | | +-o AppleEmbeddedNVMeNVRAM <class AppleEmbeddedNVMeNVRAM, id 0x1000003fb, registered, matched, active, busy 0 (0 ms), retain 6>
| | | | {
| | | | "IOPowerManagement" = {"DevicePowerState"=1,"CurrentPowerState"=1,"CapabilityFlags"=32768,"MaxPowerState"=1}
| | | | }
| | | |
| | | +-o NS_01@1 <class IOEmbeddedNVMeBlockDevice, id 0x1000003fe, registered, matched, active, busy 0 (32 ms), retain 7>
| | | | | {
| | | | | "Logical Block Size" = 4096
| | | | | "IOMaximumBlockCountWrite" = 256
| | | | | "IOMaximumSegmentByteCountRead" = 1048576
@rickmark
rickmark / add_idevice.path
Created May 19, 2020 05:11
snapd_add_idevice.patch
diff --git a/interfaces/builtin/idevice_restore.go b/interfaces/builtin/idevice_restore.go
index e69de29bb..e5e2b26aa 100644
--- a/interfaces/builtin/idevice_restore.go
+++ b/interfaces/builtin/idevice_restore.go
@@ -0,0 +1,74 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2018 Canonical Ltd
+ *
@rickmark
rickmark / secure_tss.patch
Created May 19, 2020 07:44
secure_tss.patch
diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index 03e4811..b70feec 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -76,6 +76,7 @@ static struct option longopts[] = {
{ "plain-progress", no_argument, NULL, 'P' },
{ "restore-mode", no_argument, NULL, 'R' },
{ "ticket", required_argument, NULL, 'T' },
+ { "insecure", no_argument, NULL, 'I' },
{ NULL, 0, NULL, 0 }