Skip to content

Instantly share code, notes, and snippets.

View asentientbot's full-sized avatar

Amy asentientbot

123 followers · 581 following
View GitHub Profile
@leminlimez
leminlimez / Domains.md
Last active November 2, 2025 09:59
A deep dive into the iOS backup/restore system

Domains.plist

Documentation of /System/Library/Backup/Domains.plist. File taken from iOS 16.4 iPhone SE 3. The file was removed in iOS 17.0

Values

Values in the plist. Other than SystemDomains, these are not really important and are just here for preservation sake.

A domain in domains.plist contains keys that determine what gets backed up for what types of devices and where (i.e. iCloud vs iTunes). Not all domains have each key. The only 2 keys that must be in every domain are RootPath and RelativePathsToBackupAndRestore. Some domains have the value ShouldDigest. I am not sure exactly what it means but I have included it for documentation purposes.

  • Version: "24.0"
  • SystemDomains: (Dictionary), see below
@velzie
velzie / manifest-v2-chrome.md
Last active September 11, 2025 12:21
How to keep using adblockers on chrome and chromium

NOTE

by the time you're reading this, this probably no longer works since the policy has been removed. I reccomend you to check out https://github.com/r58Playz/uBlock-mv3 instead

How to keep using adblockers on chrome and chromium

  1. google's manifest v3 has no analouge to the webRequestBlocking API, which is neccesary for (effective) adblockers to work
  2. starting in chrome version 127, the transition to mv3 will start cutting off the use of mv2 extensions alltogether
  3. this will inevitably piss of enterprises when their extensions don't work, so the ExtensionManifestV2Availability key was added and will presumably stay forever after enterprises complain enough

You can use this as a regular user, which will let you keep your mv2 extensions even after they're supposed to stop working

@osy
osy / tpm-rant.md
Last active September 17, 2025 08:35
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@Cryptiiiic
Cryptiiiic / ios16_downgrading.txt
Created March 1, 2023 00:10
The unfortunate state of iOS downgrading
Unfortunately I have some bad news for downgrading.
Before I explain the bad news at the end of this post, I first need to introduce a background of iOS devices.
In iOS 16, Apple introduced a new firmware component known as Cryptex1. Technically, this is a "virtual" co-processor.
It's purpose is to allow Apple to push RSRs (Rapid Security Responses) which are separate from traditional iOS updates and can be installed much faster.
Like other firmwares, it also has a signing ticket locked to a cryptographic nonce (number-used-once).
We commonly refer to the Apple signing tickets as SHSH blobs.
Meaning the firmware can't be installed without a valid signing ticket as well as a matching nonce.
The "big two" components we deal with signing/nonces are AP and SEP. AP is basically the main device chip (Application Processor).
SEP is the security chip (Secure Enclave Processor).
With regards to APNonce, Apple conveniently gave us the com.apple.System.boot-nonce NVRAM property which we use to set the APNonce generator.
@dmthomas
dmthomas / Apple Special Event March 2022 1080p, 1440p, 2160p
Last active April 6, 2023 01:39
Apple Special Event March 2022 1080p, 1440p, 2160p
#I broke the audio out separately because it's the same stream regardless of which video resolution you choose.
#Audio for all
ffmpeg -i https://events-delivery.apple.com/1402uekefjejgldkvaqrqxgjmtehwhez/vod_main_FmkzTaRUQHbdgFMjhhirKrarNznPoHEC/audio_main_en_2ch_aac_128/prog_index.m3u8 -c copy "Apple Special Event, March 2022 temp.aac"
#Dolby Atmos Audio... wut? Audio file must end in .mp4 for ffmpeg to download it correctly. If you want to use Dolby Atmos audio modify the second line of any video format section to use the .mp4 audio file in the merge command.
ffmpeg -i https://events-delivery.apple.com/1402uekefjejgldkvaqrqxgjmtehwhez/vod_main_FmkzTaRUQHbdgFMjhhirKrarNznPoHEC/audio_main_en_16ch_atmos_640/prog_index.m3u8 -c copy "Apple Special Event, March 2022 temp atmos.mp4"
#h264 1080p
ffmpeg -i https://events-delivery.apple.com/1402uekefjejgldkvaqrqxgjmtehwhez/vod_main_FmkzTaRUQHbdgFMjhhirKrarNznPoHEC/sdr_avc_1080p_8500/prog_index.m3u8 -c copy "Apple Special Event, March 2022 (1080p) temp.mp4"
@saagarjha
saagarjha / remote_connection_enabler.mm
Created November 6, 2021 22:48
Enable remote connections in Quartz Debug
// If you haven't already, make sure to run this so the window list works:
// defaults write com.apple.QuartzDebug QuartzDebugPrivateInterface -bool YES
// https://gist.github.com/saagarjha/ed701e3369639410b5d5303612964557
#import "swizzler.h"
#import <AppKit/AppKit.h>
static Swizzler<void, id<NSApplicationDelegate>, NSNotification *> QuartzDebug_applicationDidFinishLaunching_ {
NSClassFromString(@"QuartzDebug"), @selector(applicationDidFinishLaunching:), [](auto self, auto notification) {
QuartzDebug_applicationDidFinishLaunching_(self, notification);
@saagarjha
saagarjha / library_injector.cpp
Last active August 13, 2025 22:55
Load a library into newly spawned processes (using DYLD_INSERT_LIBRARIES and EndpointSecurity)
// To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector,
// then codesign with com.apple.developer.endpoint-security.client and run the
// program as root.
#include <EndpointSecurity/EndpointSecurity.h>
#include <algorithm>
#include <array>
#include <bsm/libbsm.h>
#include <cstddef>
#include <cstdint>
@zhuowei
zhuowei / Safari.plist
Created June 15, 2021 02:02
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnifiedBar</key>
<dict>
<key>DisclosureRequired</key>
<string>ace440ac-b4f6-4b43-aade-02bba1589aef</string>
<key>Enabled</key>
<false/>
@PoomSmart
PoomSmart / enable-text-recognition.sh
Last active August 19, 2021 04:53
Enable Live Text Recognition on Intel-based Mac running macOS Monterey (12.0b1)
#!/bin/bash
APP_TARGETS=(com.apple.Photos com.apple.Preview com.apple.quicklook.QuickLookUIService com.apple.Safari)
for APP_TARGET in "${APP_TARGETS[@]}"
do
defaults write /Users/$USER/Library/Containers/$APP_TARGET/Data/Library/Preferences/com.apple.VisionKit.InternalSettings com.apple.VisionKit.InternalSettings.overrideDeviceAvailability -bool yes
done
@zhuowei
zhuowei / maps_inject.m
Created June 10, 2021 04:33
@import Darwin;
@import ObjectiveC;
@import CloudKit;
extern bool GEOConfigGetBOOL(int feature, void* something);
// Hooks feature flags in a resigned Maps.app to return true.
// Usage:
// clang -shared -fmodules -o libmaps_inject.dylib maps_inject.m \
// "$(xcrun