vngkv123

# Made by aSiagaming
# Only work with iOS research kernelcache

import ida_bytes
import ida_name
import ida_funcs
import idc
import idautils
import idaapi
import ida_struct

vngkv123

IOUserClient_vtbl = '''struct /*VFT*/ IOUserClient_vtbl
{
  void (__cdecl *~IOUserClient)(IOUserClient *__hidden this);
  void (__cdecl *~IOUserClient_0)(IOUserClient *__hidden this);
  void (__cdecl *release)(OSObject *__hidden this, int freeWhen);
  int (__cdecl *getRetainCount)(OSObject *__hidden this);
  void (__cdecl *retain)(OSObject *__hidden this);
  void (__cdecl *release_0)(OSObject *__hidden this);
  bool (__cdecl *serialize)(OSObject *__hidden this, OSSerialize *serializer);
  const OSMetaClass *(__cdecl *getMetaClass)(IOUserClient *__hidden this);

vngkv123

import * as module from "1.mjs";

/*
=> 1.mjs
export let x = {};
export let y = {};
export let z = {};
*/

var f64 = new Float64Array(1);

vngkv123

#include <asm/types.h>
#include <stdint.h>
#include <sys/ioctl.h>
/**
 * enum ion_heap_types - list of all possible types of heaps
 * @ION_HEAP_TYPE_SYSTEM:	 memory allocated via vmalloc
 * @ION_HEAP_TYPE_SYSTEM_CONTIG: memory allocated via kmalloc
 * @ION_HEAP_TYPE_CARVEOUT:	 memory allocated from a prereserved
 *				 carveout heap, allocations are physically
 *				 contiguous

vngkv123

// https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1048.html

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <mqueue.h>

vngkv123

import sys
import time
import os
import traceback
import json

import idc
import idaapi

logfilename = idaapi.get_input_file_path() + '.timeida-'+str(int(time.time()*1000))+'.txt'

vngkv123

#!/usr/bin/python3

from pwn import *
import time
import subprocess
import sys

SPRAYLENGTH = 0x1000
def OFFSET(value):
    assert(value != 0)