Skip to content

Instantly share code, notes, and snippets.

View Lessica's full-sized avatar

i_82 Lessica

1.7k followers · 121 following
View GitHub Profile
@khanhduytran0
khanhduytran0 / LC research issue 524.md
Last active May 31, 2025 07:15
LiveContainer multitask external keyboard input research

Recap

As you may have known, we recently managed to bring multitask to LiveContainer. This originally came from FrontBoardAppLauncher which was reverse engineered of various Apple apps: ClarityBoard, SpringBoard, Xcode PreviewShell, etc. A quick recap of how we worked on it:

  • I began reverse engineering said apps to study how to use various Private API of FrontBoard, RunningBoardServices and UIKit, resulted in MySystemShell and FrontBoardAppLauncher
  • I found app could spawn multiple processes thanks to the writeup of NSExtension
  • We found we could extend memory limit by setting a hidden NSExtensionPointIdentifier

However, as more and more people get to try it, we were reported that physical keyboard input wouldn't work. (LiveContainer/LiveContainer#524)

If anyone could figure it out, we will forever owe you.

@elvis-iOS
elvis-iOS / disable-ssl-pin.js
Created June 25, 2023 06:39 — forked from azenla/disable-ssl-pin.js
This Frida script disables SSL pinning and verification on any target macOS Catalina process.
var SecTrustEvaluate_handle =
Module.findExportByName('Security', 'SecTrustEvaluate');
var SecTrustEvaluateWithError_handle =
Module.findExportByName('Security', 'SecTrustEvaluateWithError');
var SSL_CTX_set_custom_verify_handle =
Module.findExportByName('libboringssl.dylib', 'SSL_CTX_set_custom_verify');
var SSL_get_psk_identity_handle =
Module.findExportByName('libboringssl.dylib', 'SSL_get_psk_identity');
var boringssl_context_set_verify_mode_handle = Module.findExportByName(
'libboringssl.dylib', 'boringssl_context_set_verify_mode');
@elvis-iOS
elvis-iOS / gist:df47649e0e3c96f89ca4a46b81f2f7c3
Created March 29, 2023 04:09 — forked from knightsc/gist:758783181e41a986fceea6901b8853e3
AKNativeAnisetteService.m
//
// AKNativeAnisetteService.m
// akd
//
// Created by Scott Knight on 5/10/19.
// Copyright © 2019 Scott Knight. All rights reserved.
//
#import <AuthKit/AuthKit.h>
#import "AKNativeAnisetteService.h"
@yarshure
yarshure / iphone12_iOS_keys.txt
Created May 17, 2021 04:31
gestalt_query keys
Key Name Description
======== ===========
3GProximityCapability Whether the device has a 3G proximity sensor
3GVeniceCapability Whether the device supports FaceTime over cellular
720pPlaybackCapability Whether the device supports 720p video (identical to kMGQDeviceSupports720p)
APNCapability
ARM64ExecutionCapability Whether the device supports executing arm64 binaries
ARMV6ExecutionCapability Whether the device supports executing armv6 binaries
ARMV7ExecutionCapability Whether the device supports executing armv7 binaries
ARMV7SExecutionCapability Whether the device supports executing armv7s binaries
@Lessica
Lessica / MyStackView.swift
Created April 17, 2021 16:30
Make toggleSidebar(_:) available again while firstResponder locates inside nested NSSplitView
import Cocoa
class MyStackView: NSStackView {
override func responds(to aSelector: Selector!) -> Bool {
if aSelector == #selector(NSSplitViewController.toggleSidebar(_:)) {
return false
}
return super.responds(to: aSelector)
}
@pwn0rz
pwn0rz / fairplay_iokit_uc_run_versioned.c
Created February 2, 2021 05:59
CVE-2021-1791 Fairplay OOB Read POC
#include <IOKit/IOKitLib.h>
#include <mach/mach.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <ctype.h>
void hexdump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;
@zhuowei
zhuowei / WDBSetWebSecurityEnabled.m
Created September 1, 2020 04:47
Disable same-origin policy on iOS WKWebView with private API.
// Allows disabling Same-Origin Policy on iOS WKWebView.
// Tested on iOS 12.4.
// Uses private API; obviously can't be used on app store.
@import WebKit;
@import ObjectiveC;
void WKPreferencesSetWebSecurityEnabled(id, bool);
@interface WDBFakeWebKitPointer: NSObject
@neoighodaro
neoighodaro / open_shortcut.m
Created April 5, 2020 10:46 — forked from CPDigitalDarkroom/open_shortcut.m
Open an app shortcut programmatically
- (void)openShortcut:(SBSApplicationShortcutItem *)shortcutItem {
UIHandleApplicationShortcutAction *openAction = [[UIHandleApplicationShortcutAction alloc] initWithSBSShortcutItem:shortcutItem];
NSDictionary *activationOptions = @{
@"__ActivateSuspended" : [NSNumber numberWithBool:(shortcutItem.activationMode == 1)],
@"__Actions": @[
openAction
],
@"__PromptUnlockDevice" : [NSNumber numberWithBool:YES],
@nullpixel
nullpixel / write_memory.c
Last active May 24, 2025 06:43
MSHookMemory wrapper for all modern jailbreaks.
#include <mach/mach.h> // mach_task_self, vm_protect
#include <substrate.h> // MSFindSymbol
// MARK: - Types
typedef void (*MSHookMemory_ptr_t)(void *target, const void *data, size_t size);
#define ENSURE_KERN_SUCCESS(ret) \
if (ret != KERN_SUCCESS) { \
@merlos
merlos / GPX File example
Last active May 24, 2025 06:44
Example of GPX file
<?xml version="1.0" encoding="UTF-8"?>
<gpx xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.topografix.com/GPX/1/1" xsi:schemaLocation="http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd" version="1.1" creator="Open GPX Tracker for iOS">
<wpt lat="40.762468446233115" lon="-73.99090283852468">
<time>2019-12-06T14:19:25Z</time>
<name>09:19:25</name>
<desc>Dec 6, 2019 at 09:19:25</desc>
</wpt>
<wpt lat="40.80559910750484" lon="-73.95810627601767">
<time>2019-12-06T14:19:29Z</time>
<name>09:19:29</name>