ant4g0nist/Vulnerable-Kext ant4g0nist/Vulnerable-Kext

  • This repository has been archived on 28/Sep/2022
  • Stars
    star
    230
  • Rank 174,053 (Top 4 %)
  • Language
    C
  • License
    MIT License
  • Created almost 4 years ago
  • Updated almost 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ant4g0nist/Vulnerable-Kext
github

ant4g0nist

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Vulnerable Kext

License: MIT Github Stars PRs Welcome

A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation

Usage

  • Documentation can be found at https://fuzzing.science/vulnerable-kext

  • Basic setup requirements

    • iOS device that can be jailbroken with checkra1n
    • Currently the make files are made to be used on a Mac. So, a macOS device or a VM.

  • Running the following command causes checkra1n to listen for attached iOS devices in DFU mode and boot pongoOS:

/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -p
  • Run run.sh to build kext_loader, pongo_module, and the vulnerable kext and to start kext_loader kext_loader waits for a device that's booted pongo shell!
./run.sh

For more details about ktrw, check ktrw

Disclaimer

Vulnerable-Kext is an intentionally vulnerable kext for iOS/macOS, meant for educational purpose only.

TODO

  • Add IOKit stuff
  • Add vulnerabilities from reported XNU/IOKit bugs? ๐Ÿค”
  • Maybe improve stability of loading kexts
  • Fix the bugs in the vulnerabilities I implemented ๐Ÿง
  • Add Writeups for exploitation

credits

  • @_bazad for the super awesome ktrw
  • checkra1n team for the jailbreak
  • Used the kext template from twic

More Repositories

1

lisa.py

- An Exploit Dev Swiss Army Knife.
Python
671
star
2

Susanoo

A REST API security testing framework.
Python
324
star
3

vegvisir

A browser based GUI for **LLDB** Debugger.
JavaScript
198
star
4

rudroid

Rudroid - Writing the World's worst Android Emulator in Rust ๐Ÿฆ€
Rust
146
star
5

ManuFuzzer

Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Objective-C++
145
star
6

polar

A LLDB plugin which brings LLMs to LLDB
Python
124
star
7

Sloth

Sloth ๐Ÿฆฅ is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
C++
118
star
8

decompiler

RetDec plugin for LLDB. RetDec is a retargetable machine-code decompiler based on LLVM.
C++
63
star
9

crashmon

crashmon - A LLDB Based replacement for CrashWrangler
C++
46
star
10

webgl-fuzzer

WebGL fuzzer
JavaScript
37
star
11

chinstrap

A development environment, testing framework, and origination pipeline focused solely on Tezos
Python
34
star
12

crashwrangler

Apple's crashwrangler with support for Apple Silicon
C
29
star
13

fuzzing-pdfs-like-its-1990s

Python
26
star
14

ManuCombi

Mutates and generates files with all possible combinations of fuzzed bytes in the file.
Python
10
star
15

gLLDB

Very Basic gui for LLDB, serves as example for usage of pyobjc
Python
6
star
16

fuzzing.science

ant4g0nist's blog
JavaScript
5
star
17

tzktpy

Autogenerated Python SDK for TzKT API
Python
5
star
18

chinfuzz

Tezos smart contract fuzzer
Python
4
star
19

chronometry

Chronometry, a transparent and cryptographically verifiable proof-of-hack signature store
Go
3
star
20

hackfi-labs

Solidity
3
star
21

SecureSons

Modules for developing Secure Smart contract for Tezos in SmartPy
Python
2
star
22

vertigo-foundry-sample

Test project to test Foundry support for Vertigo
Solidity
1
star
23

ChinToken

A sample FA1.2 Token setup with Chinstrap to learn how to create, test and deploy Tezos smart contracts
Python
1
star