Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1

Untethered + Unsandboxed code execution haxx as root on iOS 14 – iOS 14.8.1. Based on CoreTrustDemo, also please note that certificates are not copyrightable. Usage Note: requires macOS + existing jailbreak Get up and running On your mac import dev_certificate.p12 into the keychain, and the password is password. Modify haxx.c to include your ownRead More

Frida-Ios-Hook – A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

[*] A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.  For Android platform: frida-android-hook  For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS Supported Noted MacOS ✅ main Linux ✅ sub WindowsRead More

IOSSecuritySuite – iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS detects: Jailbreak (evenRead More

MEAT – This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

M.E.A.T. – Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley – BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Requirements to run from source Windows or Linux Python 3.7.4 or 3.7.2 Pip packages seen in requirements.txt Types of Acquisitions Supported iOSRead More

Ghidra_Kernelcache – A Ghidra Framework For iOS Kernelcache Reverse Engineering

This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in the kernel and have automated most of the things I really wanted to see in Ghidra to speed up the process of reversing, and this proven to be effective and saves a lot of time.Read More

Xnuspy – An iOS Kernel Function Hooking Framework For Checkra1N’Able Devices

Output from the kernel log after compiling and running example/open1_hook.c xnuspy is a pongoOS module which installs a new system call, xnuspy_ctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires libusb: brew install libusb Building Run make inRead More

ToothPicker – An In-Process, Coverage-Guided Fuzzer For iOS

ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically targets iOS’s Bluetooth daemon bluetoothd and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation toRead More

MEDUZA – A More Or Less Universal SSL Unpinning Tool For iOS

[*] “MEDUZA” (“медуза”) means “jellyfish” in Ukrainian What is MEDUZA? It’s a Frida-based tool, my replacement for SSLKillSwitch. I created it for in-house use, but then decided to opensource it. TBH, I hate open source, but the world is full of compromises… 🙁 How does it work? It’s simple. First time, you run an appRead More

Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis

[*] [***] iblessing iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. iblessing is based on unicorn engine and capstone engine. Features Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract, including metadata, deeplinks, urls, etc. Mach-O parser and dyld symbol bind simulator Objective-CRead More

X