-
dimentio Public
Tool for getting and setting nonce without triggering KPP/KTRR/PAC.
-
gaster Public
Checkm8 experiment to understand AP/SEP internals.
-
golb Public
Mapping physical memory to user space (EL0) on iOS.
-
eclipsa Public archive
Checkm8 PoC tool for A8, A8X and A9 devices that allows you to boot untrusted images (macOS only, credits: checkra1n team).
-
maphys Public archive
Accessing physical memory on iOS.
-
iBootMaybeDumper Public archive
See https://github.com/0x7ff/iBootMaybeDumper/issues/1#issuecomment-426731516 for more info.
-
xpcy Public archive
A tool for listing/reversing XPC services inside container sandbox. Reference: https://www.blackhat.com/docs/us-15/materials/us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf
-
vtable Public archive
A tool for reversing IOKit classes from the iOS 12's new kernelcache format.
-
sandy Public archive
A WIP program for reversing iOS 10+ binary sandbox profiles.
-
kextract Public archive
A tool for extracting kernel extensions from the iOS 12's new kernelcache format.
-
brutenonce Public archive
An OpenCL implementation of the SHA-1 for brute forcing iBoot's cryptographic nonce.
-