This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// simplevm.c: demonstrates Hypervisor.Framework usage in Apple Silicon | |
// Based on the work by @zhuowei | |
// @imbushuo - Nov 2020 | |
// To build: | |
// Prepare the entitlement with BOTH com.apple.security.hypervisor and com.apple.vm.networking WHEN SIP IS OFF | |
// Prepare the entitlement com.apple.security.hypervisor and NO com.apple.vm.networking WHEN SIP IS ON | |
// ^ Per @never_released, tested on 11.0.1, idk why | |
// clang -o simplevm -O2 -framework Hypervisor -mmacosx-version-min=11.0 simplevm.c | |
// codesign --entitlements simplevm.entitlements --force -s - simplevm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -eu | |
create_iconset() { | |
mkdir -p Ghidra.iconset | |
cat << EOF > Ghidra.iconset/Contents.json | |
{ | |
"images": | |
[ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// exploit.c | |
// extra_time | |
// | |
// Created by Jake James on 2/8/20. | |
// Copyright © 2020 Jake James. All rights reserved. | |
// | |
#include "exploit.h" | |
#include "IOAccelerator_stuff.h" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <dlfcn.h> | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <sys/types.h> | |
#include <mach/mach.h> | |
#include <mach/error.h> | |
#include <errno.h> | |
#include <stdlib.h> | |
#include <sys/sysctl.h> | |
#include <sys/mman.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import "hash" | |
private rule Macho | |
{ | |
meta: | |
description = "private rule to match Mach-O binaries" | |
condition: | |
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Title : Revisiting Mac OS X Kernel Rootkits | |
Author : fG! | |
Date : April 18, 2014 | |
|=----------------------------------------------------------------------------=| | |
|=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
|=----------------------------------------------------------------------------=| | |
|=------------------------=[ fG! <[email protected]> ]=---------------------------=| | |
|=----------------------------------------------------------------------------=| |