Siguza / psychicpaperView external linksLinks
iOS <13.5 sandbox escape/entitlement 0day
☆338Jan 5, 2026Updated last month
Alternatives and similar repositories for psychicpaper
Users that are interested in psychicpaper are comparing it to the libraries listed below
Sorting:
- untethered+unsandboxed code execution in iOS 11☆189Feb 16, 2020Updated 6 years ago
- iOS 10.0-12.2 tfp0☆131Sep 3, 2019Updated 6 years ago
- iOS 12.0-13.3 tfp0☆153Nov 16, 2020Updated 5 years ago
- Lib kernel r/w☆189Nov 1, 2021Updated 4 years ago
- iOS system call/Mach trap interception for checkra1n'able devices☆159Aug 10, 2021Updated 4 years ago
- An iOS kernel debugger based on a KTRR bypass for A11 iPhones; works with LLDB and IDA Pro.☆687Oct 22, 2022Updated 3 years ago
- Spice - an unfinished iOS 11 untether☆112Oct 16, 2021Updated 4 years ago
- CVE-2020-9992 - A design flaw in MobileDevice.framework/Xcode and iOS/iPadOS/tvOS Development Tools allows an attacker in the same networ…☆73Sep 23, 2020Updated 5 years ago
- Twenty-twenty, bugs aplenty!☆53Jan 10, 2023Updated 3 years ago
- Binary Format of iOS 13 Sandbox Profile Collection☆52Oct 30, 2019Updated 6 years ago
- PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio☆78Oct 31, 2018Updated 7 years ago
- iOS 15.0 - 15.3.1 sandbox escape technique using kernel read/write primitives☆132Jun 10, 2022Updated 3 years ago
- kernel exploit for Apple iOS 13.X☆185Nov 27, 2020Updated 5 years ago
- an iOS kernel function hooking framework for checkra1n'able devices☆581Oct 6, 2021Updated 4 years ago
- a Ghidra framework for iOS kernelcache reverse engineering☆363Nov 6, 2022Updated 3 years ago
- Give me tfp0, I give you jelbrek☆260Oct 28, 2020Updated 5 years ago
- CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesign…☆257Nov 13, 2018Updated 7 years ago
- Experiment to attempt to build Apple's dyld tools.☆63May 29, 2020Updated 5 years ago
- Lockdown related research, tools and POCs.☆90May 18, 2019Updated 6 years ago
- Proof-of-concept for the CVE-2022-42864 IOHIDFamily race condition☆66Jan 20, 2023Updated 3 years ago
- Useful resources for iOS hacking☆1,884May 24, 2025Updated 8 months ago
- Decrypt iOS Apps and Mach-O binaries☆719Jun 24, 2023Updated 2 years ago
- arm64 IOKit class dumper☆289Jan 5, 2026Updated last month
- A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854☆86Oct 15, 2020Updated 5 years ago
- Jailbreak for iOS 13.7 and earlier☆227Dec 29, 2020Updated 5 years ago
- An IDA Toolkit for analyzing iOS kernelcaches.☆299Jul 24, 2020Updated 5 years ago
- Fugu is the first open source jailbreak based on the checkm8 exploit☆669May 11, 2021Updated 4 years ago
- Dev tools for probing IOKit☆201Sep 23, 2023Updated 2 years ago
- Extract Binaries from Apple's Dyld Shared Cache☆465Jan 27, 2025Updated last year
- Apple hardware secrets☆118Jan 10, 2023Updated 3 years ago
- An explanation on unredacting iOS's <private> os_log privacy mechanism☆217May 29, 2023Updated 2 years ago
- Hello from pattern-f.☆285Aug 5, 2021Updated 4 years ago
- IDAPython loader to help with AArch64 iBoot, iBEC, and SecureROM reverse engineering☆262Feb 21, 2022Updated 3 years ago
- My collection of PoCs☆26Nov 9, 2023Updated 2 years ago
- ☆444Mar 5, 2021Updated 4 years ago
- SnatchBox (CVE-2020-27935) is a sandbox escape vulnerability and exploit affecting macOS up to version 10.15.x☆32Dec 18, 2020Updated 5 years ago
- port of checkm8 to C☆140Jun 14, 2024Updated last year
- ☆20May 24, 2021Updated 4 years ago
- macOS kext for host_special_port(4) patch☆90Nov 13, 2023Updated 2 years ago