Untethered + Unsandboxed code execution haxx as root on iOS 14 – iOS 14.8.1. Based on CoreTrustDemo, also please note that certificates are not copyrightable. Usage Note: requires macOS + existing jailbreak Get up and running On your mac import dev_certificate.p12 into the keychain, and the password is password. Modify haxx.c to include your ownRead More
[*] A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform. For Android platform: frida-android-hook For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS Supported Noted MacOS ✅ main Linux ✅ sub WindowsRead More
iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. What ISS detects: Jailbreak (evenRead More
M.E.A.T. – Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley – BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Requirements to run from source Windows or Linux Python 3.7.4 or 3.7.2 Pip packages seen in requirements.txt Types of Acquisitions Supported iOSRead More
This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in the kernel and have automated most of the things I really wanted to see in Ghidra to speed up the process of reversing, and this proven to be effective and saves a lot of time.Read More
Output from the kernel log after compiling and running example/open1_hook.c xnuspy is a pongoOS module which installs a new system call, xnuspy_ctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires libusb: brew install libusb Building Run make inRead More
ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically targets iOS’s Bluetooth daemon bluetoothd and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation toRead More
A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese (may be out of date, if so sendRead More
[*] “MEDUZA” (“медуза”) means “jellyfish” in Ukrainian What is MEDUZA? It’s a Frida-based tool, my replacement for SSLKillSwitch. I created it for in-house use, but then decided to opensource it. TBH, I hate open source, but the world is full of compromises… 🙁 How does it work? It’s simple. First time, you run an appRead More
[*] [***] iblessing iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. iblessing is based on unicorn engine and capstone engine. Features Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract, including metadata, deeplinks, urls, etc. Mach-O parser and dyld symbol bind simulator Objective-CRead More
