Skip to content

Instantly share code, notes, and snippets.

View BlueFalconHD's full-sized avatar
🧭

BlueFalconHD BlueFalconHD

🧭
31 followers · 134 following
View GitHub Profile
@BlueFalconHD
BlueFalconHD / thing.js
Created February 18, 2025 20:45
// ==UserScript==
// @name Quill.org Enhanced Interaction Script
// @namespace https://www.quill.org/
// @version 1.5
// @description Pressing Enter clicks "Next Question", "Submit", or "Recheck Work" buttons on quill.org. Adds a progress bar on completion and auto-focuses on input fields.
// @author
// @match *://*.quill.org/*
// @grant none
// ==/UserScript==
@BlueFalconHD
BlueFalconHD / fix_cfstring.py
Created February 9, 2025 21:19
DYLD Extracted Shared Cache CFString offset fixer
import idc
import idaapi
import idautils
import ida_auto
import re
import random
# CFString structure offsets
OFFSET_ISA = 0x0 # pointer to isa
OFFSET_INFO = 0x8 # info pointer
@BlueFalconHD
BlueFalconHD / getting_to_the_core_of_the_eligibility_system_on_os.md
Created February 1, 2025 22:38
Getting to the *core* of the eligibility system on *OS.

Getting to the core of the eligibility system on *OS.

I have been really interested in Apple internals recently, and I have been really into debugging/reverse engineering. I got the tools from Apple’s open source dyld project building (there were many missing components), and decided to play around with it a bit. I extracted the shared cache, and also got a map of all of the symbols and things like that.

Each executable, or ‘file’ inside the shared cache is called an image, and every image has “fix-ups” Apple applies to it before adding it to the shared cache (or after). Originally, the entire purpose of the DYLD shared cache was performance, and it probably partially still is, but in my personal opinion, there is an aspect of secrecy to bundling every library on the system into one file.

The fix-ups that are applied to the binaries are incredibly hard to work around. For example, some references into other parts of the shared cache are transformed into static addresses in memory, and since the share

@BlueFalconHD
BlueFalconHD / keys.py
Created January 25, 2025 02:19
Info.plist all keys that appear somewhere within DYLD's shared cache referenced executables
# CFBundleName: <class 'str'>
# DTXcodeBuild: <class 'str'>
# CFBundleDisplayName: <class 'str'>
# CFBundleInfoDictionaryVersion: <class 'str'>
# DTXcode: <class 'str'>
# NullAudioDriverConfiguration: <class 'dict'>
# CFBundleIdentifier: <class 'str'>
# Adam ID: <class 'str'>
# CFBundleExecutable: <class 'str'>
# UIDeviceFamily: <class 'list'>
@BlueFalconHD
BlueFalconHD / info.md
Last active October 12, 2024 03:16
XNU syscalls list.

info

all information about syscalls listed here was obtained from [1] and various other sites. Some information might be out-of-date or incorrect. if this is found to be the case i will update the gist accordingly. both a markdown version and a plain-text version have been attached. Refer to the notes section under the table for more information.

[1] https://github.com/apple-oss-distributions/xnu/blob/main/bsd/kern/syscalls.master

@BlueFalconHD
BlueFalconHD / give.mcfunction
Created January 1, 2024 21:53
everybreaker
give @p netherite_pickaxe{display:{Name:'[{"text":"everybreaker","italic":false,"color":"dark_green"}]'},CanDestroy:["minecraft:acacia_button", "minecraft:acacia_door", "minecraft:acacia_fence", "minecraft:acacia_fence_gate", "minecraft:acacia_hanging_sign", "minecraft:acacia_leaves", "minecraft:acacia_log", "minecraft:acacia_planks", "minecraft:acacia_pressure_plate", "minecraft:acacia_sapling", "minecraft:acacia_sign", "minecraft:acacia_slab", "minecraft:acacia_stairs", "minecraft:acacia_trapdoor", "minecraft:acacia_hanging_sign", "minecraft:acacia_sign", "minecraft:acacia_wood", "minecraft:activator_rail", "minecraft:air", "minecraft:allium", "minecraft:amethyst_block", "minecraft:amethyst_cluster", "minecraft:ancient_debris", "minecraft:andesite", "minecraft:andesite_slab", "minecraft:andesite_stairs", "minecraft:andesite_wall", "minecraft:anvil", "minecraft:melon_seeds", "minecraft:pumpkin_seeds", "minecraft:azalea", "minecraft:azalea_leaves", "minecraft:azure_bluet", "minecraft:bamboo", "minecraft:bambo
@BlueFalconHD
BlueFalconHD / aoc-day2-part2.js
Created December 4, 2022 18:06
My solution for Advent of Code 2022 day 2 part 2
import fs from "fs/promises"
class Item {
constructor (name, letterme, wins, loses, points) {
this.name = name
this.l = letterme
this.wins = wins
this.loses = loses
this.points = points
}
@BlueFalconHD
BlueFalconHD / catppuccin-mocha.theme.css
Created September 25, 2022 01:52
Catppuccin WIP Mocha
/**
* @name Catppuccin Mocha
* @author winston#0001
* @authorId 505490445468696576
* @version 0.2.0
* @description 🎮 Soothing pastel theme for Discord
* @website https://github.com/catppuccin/discord
* @invite r6Mdz5dpFc
* **/
\:root,
@BlueFalconHD
BlueFalconHD / cursor.js
Created May 18, 2022 02:27
My attempt at a cursor circle
const canvas = document.getElementById('myCanvas');
// make the canvas the size of the window
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
const context = canvas.getContext('2d');
const centerX = canvas.width / 2;
const centerY = canvas.height / 2;
@BlueFalconHD
BlueFalconHD / xkcdcomicviewer.js
Last active November 7, 2021 20:39
View xkcd comics with ease! With a reload button too!
// Variables used by Scriptable.
// These must be at the very top of the file. Do not edit.
// icon-color: teal; icon-glyph: list-alt;
function resolveAfter2Seconds() {
return new Promise((resolve, reject) => {
setTimeout(() => {
resolve('resolved')
}, 2000);
});
}