Skip to content

Instantly share code, notes, and snippets.

View 3h6-1's full-sized avatar

3h6-1

34 followers · 42 following
View GitHub Profile
@wh1te4ever
wh1te4ever / TrollDetector.m
Last active August 15, 2025 06:04
TrollStore Detector
//
// ViewController.m
// JBDetectTest
//
// Created by seo on 3/27/25.
//
#import "ViewController.h"
#import <dlfcn.h>
@marcan
marcan / ecc_crack.py
Created January 9, 2024 10:23
import struct, time
## This experiment demonstrates that the claimed "hash" (that is not a hash) used
## by the L2 cache ECC debug feature used by Operation Triangulation is not secure,
## and can be trivially reverse engineered by anyone who owns one of the machines
## with the hardware (such as any M1 Mac), in seconds to days. Therefore, this proves
## that no "insider" access or leak is necessary to obtain this table, and that the
## attackers most likely did exactly the same thing.
## This is the "black box", i.e. the hardware: The table is not exposed to the caller.
class BlackBox:
@nikoyeah1
nikoyeah1 / howblobwork.md
Last active May 28, 2025 16:50

When a device is manufactured, within the ROM (read-only memory) a public key is "burned" into it. This public key matches a private key from Apple, which is not stored on the device.

Let us refer to the device as "Bob" and Apple as "Alice".

Bob wants to check if a version is signed so they can restore to it. The only way Bob can do this is with the help of Alice. Bob, with their public key, asks Alice, "Is this version signed?"

Since the public key matches Alice's private key, Alice knows 100% with certainty that the message comes from Bob. Alice then returns one of the following answers: "Yes" or "No".

@Orangera1n
Orangera1n / 15on16sepactivationguide.md
Last active July 2, 2025 00:16
How to activate a device on iOS 15 that was futurerestored on 16 sep

whatisthisthisthisthisthisthis?

This is a guide on how to activate ur idevice on ios 15 (maybe ios 14 idk) when its futurerestored on 16 sep.

DISCLAIMER: I am very aware people might use this to bypass icloud, but I am NOT encouraging you to bypass icloud.

ALSO: THIS IS RECOMMENDED FOR ADVANCED USERS ONLY, i am not responsable for ur device being broken (tho idk how it becomes broken via this)

also, i've only tested this on macOS, might work on linux tho if u replace darwin with linux and shit.

@Cryptiiiic
Cryptiiiic / ios16_downgrading.txt
Created March 1, 2023 00:10
The unfortunate state of iOS downgrading
Unfortunately I have some bad news for downgrading.
Before I explain the bad news at the end of this post, I first need to introduce a background of iOS devices.
In iOS 16, Apple introduced a new firmware component known as Cryptex1. Technically, this is a "virtual" co-processor.
It's purpose is to allow Apple to push RSRs (Rapid Security Responses) which are separate from traditional iOS updates and can be installed much faster.
Like other firmwares, it also has a signing ticket locked to a cryptographic nonce (number-used-once).
We commonly refer to the Apple signing tickets as SHSH blobs.
Meaning the firmware can't be installed without a valid signing ticket as well as a matching nonce.
The "big two" components we deal with signing/nonces are AP and SEP. AP is basically the main device chip (Application Processor).
SEP is the security chip (Secure Enclave Processor).
With regards to APNonce, Apple conveniently gave us the com.apple.System.boot-nonce NVRAM property which we use to set the APNonce generator.
@busybox11
busybox11 / twitterblue-nerd.js
Last active July 13, 2025 03:54
// ==UserScript==
// @name @chaoticvibing Twitter Blue Nerd - twitter.com
// @namespace Violentmonkey Scripts
// @match *://*.twitter.com/*
// @match *://*.x.com/*
// @grant none
// @version 1.9.2
// @author @chaoticvibing - GH @busybox11
// @description 11/9/2022, 11:45:28 PM
// @updateURL https://gist.github.com/busybox11/53c76f57a577a47a19fab649a76f18e3/raw
@jnettlet
jnettlet / fb_test.c
Created September 25, 2021 09:19
Test for framebuffer memcpy bugs.
#include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <linux/fb.h>
#include <sys/mman.h>
#include <sys/ioctl.h>
@infernalheaven
infernalheaven / poc.c
Created September 16, 2021 02:18
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@aemmitt-ns
aemmitt-ns / gist:bda9feda782016c295d694378f11158d
Last active June 14, 2021 23:07
iOS 15.0 syscall table
Name Class Subclass Code
KTrap_DivideError DBG_MACH 0x2 0x0
KTrap_Debug DBG_MACH 0x2 0x1
KTrap_NMI DBG_MACH 0x2 0x2
KTrap_Int3 DBG_MACH 0x2 0x3
KTrap_Overflow DBG_MACH 0x2 0x4
KTrap_BoundRange DBG_MACH 0x2 0x5
KTrap_InvalidOpcode DBG_MACH 0x2 0x6
KTrap_DeviceNotAvail DBG_MACH 0x2 0x7
KTrap_DoubleFault DBG_MACH 0x2 0x8
@pwn0rz
pwn0rz / fprpc.c
Created May 30, 2021 09:12
The MIG from FairplayIOKit to fairplayd
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <mach/mach.h>
#include <CommonCrypto/CommonCrypto.h>
#include <ctype.h>
void hexdump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;