kennytm/Miscellaneous kennytm/Miscellaneous

  • This repository has been archived on 21/Apr/2019
  • Stars
    star
    291
  • Rank 142,563 (Top 3 %)
  • Language
    C++
  • Created almost 14 years ago
  • Updated over 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
kennytm/Miscellaneous
github

kennytm

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository contains stuff which would be helpful for jailbroken iOS development.

Miscellaneous

This repository contains stuff which would be helpful for jailbroken iOS development.

fixobjc2.idc

This is a script to simply studying of Mach-O files on ARM architecture using Objective-C ABI 2.0 for IDA Pro 5.5 and above. Currently, the script mainly does the following:

  • Add comments to all selectors so it becomes clear which selector _objc_msgSend is using.

  • Check all Objective-C methods and create functions for them. This is particularly useful for files with symbols stripped because IDA Pro usually can't recognize those functions as code.

  • Add name to all ivars and classes.

dyld_decache

Starting from iPhone OS 3.1, the individual libraries files supplied by the system are smashed together into a giant cache file (dyld_shared_cache_armvX) to improve performance. This makes development difficult when one only has the IPSW but not the SDK (e.g. Apple TV 2G), because there is no file to link to or reverse engineer.

dyldcache.cc, originally written by D. Howett, was created to unpack files from the dyld_shared_cache_armvX file. Unfortunately, this tool does not try to untangle the interconnection between libraries in the cache, so each extracted file is over 20 MiB in size (as the whole __LINKEDIT segment is duplicated) and often the file cannot be correctly class-dump'ed (as some data are actually outside of that library).

dyld_decache is a complete rewrite of the tool to solve the above problems. It correctly excludes irrelevant parts of the __LINKEDIT segments, and pulls in sections which are placed outside of the file due to dyld's optimization. As a result, the generated files take only roughly 200 MiB totally in size instead of over 4 GiB previously, and they can be correctly analyzed by class-dump.

The 64-bit dyld_decache for Mac OS X 10.6 can be downloaded from https://github.com/kennytm/Miscellaneous/downloads. It is a command line tool, the options are:

Usage:
  dyld_decache [-p] [-o folder] [-f name [-f name] ...] path/to/dyld_shared_cache_armvX

Options:
  -o folder : Extract files into 'folder'. Default to './libraries'
  -p        : Print the content of the cache file and exit.
  -f name   : Only extract the file with filename 'name', e.g. '-f UIKit' or
              '-f liblockdown'. This option may be specified multiple times to
              extract more than one file. If not specified, all files will be
              extracted.

machoizer.py

This is a small Python script that adds the necessary headers to turn a raw binary file (e.g. the decrypted iBoot) into a Mach-O file. This is useful for tools that cannot work with raw binary files, like otool -tv or the IDA Pro demo.

dump_stuff.py

This script is a collection of utilities to dump information from different libraries. Currently it supports dumping of CAAtom and UISound.

CAAtom is an internal data type in Core Animation which creates a mapping between strings and an integer index. This optimizes string comparison operation over known strings since they are already perfectly hashed. However, this poses a difficulty in reverse-engineering because the relevant strings are all replaced with some unrelated numbers. This script supports reading the table that defines the mappings of the internal atoms.

UISound is a directory in iOS containing .caf files for system alert sounds. These sounds are indiced by a constant number and can be used as the SoundID in AudioServices to play them. This script supports interpreting the sound IDs and categories for these files.

log_rename.idc

Often executables or kernels are stripped, so guessing what a function does would require heavy analysis of its content. Nevertheless, developers usually will leave a logging function which accepts __FUNCTION__, i.e. the function name, as an input parameter. If such a function is found, the function names can be assigned systematically.

The log_rename.idc script is written to take advantage of this. Once you have identified any function that takes a C string function name as an input parameter (via register r0 to r3), you could start this script to locate all analyzed functions calling this. Then the script will coservatively try to rename the function based on the input.

ipsw_decrypt.py

This is a convenient script to extract, decrypt and decompress files in an IPSW file in one pass. This script is only intended for decoding those files for analysis, but not for building a jailbroken IPSW. The standard jailbreaking software like PwnageTool or XPwn should be used instead for the latter purpose.

The script can perform the following:

  • Extract the encrypted files from an IPSW
  • Download decryption keys from http://theiphonewiki.com/
  • Perform AES decryption / VFDecrypt using these keys
  • Decompress the kernel into a Mach-O file, and iBootIm images into raw data.

This script requires the executables openssl (for AES decryption) and vfdecrypt (for decrypting the OS DMG) to run. It also requires the lxml module to be installed for HTML parsing.

More Repositories

1

iphone-private-frameworks

Headers for private frameworks or undocumented interfaces of iPhoneOS 3.x or before (4.x is not supported yet).
C
1,448
star
2

rust-ios-android

Example project for building a library for iOS + Android in Rust.
Shell
660
star
3

qrcode-rust

QR code encoder in Rust.
Rust
441
star
4

cargo-kcov

Cargo subcommand to run kcov to get coverage report on Linux
Rust
128
star
5

cov

LLVM-GCOV Source coverage for Rust
Rust
120
star
6

rustup-toolchain-install-master

Install a rustc master toolchain usable from rustup
Rust
73
star
7

pndopt

THIS PROJECT HAS BEEN ABANDONED — Puzzle & Dragons optimizer
69
star
8

utils

Useful headers for C++11
C++
64
star
9

ods2md

Convert LibreOffice Calc Spreadsheets (*.ods) into Markdown tables.
Python
51
star
10

CoCCalc

THIS PROJECT HAS BEEN ABANDONED.
51
star
11

dbgen

Generate random test cases for databases
Rust
49
star
12

omgwtf8

Optimized-Matching-Generalized Wobbly Transformation Format — 8-bit
Rust
36
star
13

extprim

Extra primitive types (u128, i128) for Rust.
Rust
25
star
14

rand_regex

Generates random strings and byte strings matching a regex
Rust
24
star
15

parse-size

Parse byte size into integer accurately.
Rust
24
star
16

EcaFretni

Python
20
star
17

mbox

malloc-based Box implementation for Rust.
Rust
19
star
18

tzfile

Rust chrono::TimeZone implementation using the system tz database
Rust
19
star
19

Privoxy-iOS

Privoxy for Jailbroken iOS.
C
17
star
20

async-ctrlc

`async-ctrlc` is an async wrapper of the `ctrlc` crate in Rust
Rust
13
star
21

grafana-export

Export Grafana dashboard snapshots as local JSON files
HTML
10
star
22

CatSaver

Automatically save logcat
Java
10
star
23

shary

HTTP server for sharing files and text snippets in LAN
HTML
9
star
24

pyadbdirect

Pure Python module to communicate with an Android device via TCP, without going through the ADB server.
Python
9
star
25

tticomp

.
C++
7
star
26

thin_cstr

Experimental: Make *CStr a thin pointer.
Rust
6
star
27

fwdansi

Forward string with ANSI escape code to `termcolor` terminal
Rust
6
star
28

libimobiledevice-rust

Rust wrapper of libimobiledevice
Rust
5
star
29

borsholder

Combined status board of rust-lang/rust's Homu queue and GitHub PR status.
Rust
5
star
30

lproj2es

Dump iOS localization strings into Elasticsearch
Rust
5
star
31

QuickScroll

Scrollbar for iPhoneOS.
Objective-C
5
star
32

BinarySpec.swift

Parsing binary protocols (for Swift)
Swift
4
star
33

skylight

Skylight is a Go source rewriter which inserts a `println` or `panic` before any statement without coverage
Go
4
star
34

ragel

Unofficial mirror of git://git.complang.org/ragel.git
C++
3
star
35

aar-to-eclipse

Convert *.aar to Android library project for Eclipse ADT
Python
3
star
36

eieio

Error Implementing `Eq + Clone` replacing `std::io::Error`
Rust
3
star
37

mozart2-module-test

Test project to keep track of how to build a module for Mozart VM 2
Shell
3
star
38

tkintertable

Fork of http://tkintertable.googlecode.com which supports Python 3.
Python
3
star
39

711cov

Coverage reporting software for gcov-4.7
Python
3
star
40

ozdss

(just for synchronization.)
Shell
2
star
41

PWAs

TypeScript
2
star
42

distributed-lock-sample

Proof-of-concept of using etcd-rs as a distributed lock
Rust
2
star
43

TTMan3

Time Table Manager 3
JavaScript
2
star
44

log-duration-visualizer

Rust
2
star
45

android-weibo-sdk

**Unofficial** Mirror of https://code.google.com/p/android-weibo-sdk/
Java
2
star
46

dot-vim

.vimrc, .bashrc, etc.
Vim Script
2
star
47

ozzero

ZeroMQ binding in Mozart/Oz 1.4.
C++
1
star
48

aidl2

AIDL2: An improved AIDL
Ruby
1
star
49

AppleLocalization

Deprecated — Use https://github.com/kennytm/lproj2es instead.
Python
1
star
50

test-term-coloring

Rust
1
star
51

CBoard

macOS notification center widget to perform quick programming-related tasks
Swift
1
star
52

language-oz

Oz syntax for Atom.
CoffeeScript
1
star
53

QTk85

Port QTk for Tk 8.5+
1
star
54

sphinx-domains

C++11 domain for Sphinx 1.2
Python
1
star
55

gralloc-bug

If you're not an Android board manufacturor, nothing to see here, move along.
Java
1
star