Siguza/psychicpaper

Stars
327
Rank 124,185 (Top 3 %)
Language
C
License
Mozilla Public Li...
Created about 4 years ago
Updated 7 months ago

Siguza/psychicpaper

Siguza

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

iOS <13.5 sandbox escape/entitlement 0day

Psychic Paper

AMFI/amfid entitlements check bypass, iOS sandbox escape.
Patched in iOS 13.5 beta 3.

Write-up here.

Building

This repo also contains a tool I called plparse, that can be used to invoke three different XML/plist parsers present on macOS & iOS. Build with:

make

And run as:

plparse -c file.plist
plparse -i file.plist
plparse -x file.plist
plparse -cix file.plist

License

MPL2 with Exhibit B.

ios-resources

Useful resources for iOS hacking

IOHIDeous

IOHIDFamily 0day

iometa

arm64 IOKit class dumper

v0rtex

IOSurface exploit

iokit-utils

Dev tools for probing IOKit

libkrw

imobax

iOS Mobile Backup Extractor

cl0ver

tfp0 for iOS 9.0-9.3.4

APRR

Apple hardware secrets

PhoenixNonce

64-bit nonce setter for iOS 9.3.4-9.3.5

hsp4

macOS kext for host_special_port(4) patch

tbdump

Utility to create tbd's off dylibs

dt

IOKernelRW

Insecurity as an IOService

cuck00

Twenty-twenty, bugs aplenty!

ios-scripts

iOS-related command line goodies

nordump

Apple Silicon NOR dumper

lz4dec

Tiny arm64 LZ4 decompressor

ld64

Apple ld64 for Debian

ios-build

Build files for things related to iOS

misc

siguza.github.io

fscmp

CLI frontend for com.apple.decmpfs / AppleFSCompression.framework

UserScripts

My Tampermonkey scripts

libprovision

Library for dealing with Apple provisioning profiles and code signatures

StackScripts

My Tampermonkey scripts I use on StackExchange sites

VirtualPack

Bukkit Plugin "VirtualPack"

recfg

Stash

lz4hc

libcrippy-1

Forked from openjailbreak.org

libpartialzip-1

Forked from openjailbreak.org

NBTLib

A version-presistent bridge between Bukkit and Minecraft

InvisiNOT

Bukkit Plugin "InvisiNOT"