nick-botticelli / vma2pwn
Scripts + patches to pwn vma2 (Virtualization.framework) macOS virtual machines
☆54Updated 9 months ago
Alternatives and similar repositories for vma2pwn:
Users that are interested in vma2pwn are comparing it to the libraries listed below
- tart, but with custom AVPBooter ROM, serial I/O, DFU mode, GDB debugging (port 8000), and panic halting. See help menus for `tart create`…☆42Updated last year
- A tool to parse Apple's binary device tree format.☆55Updated 4 years ago
- Interact with trustcaches☆40Updated 2 years ago
- Apple Silicon NOR dumper☆47Updated last year
- Ghidra CI/CD to build and host a universal macOS Ghidra.app☆36Updated 3 weeks ago
- Boot arbitrary iBoot via ipwndfu's custom protocol on some cursed platforms and more☆53Updated last month
- Patch the iBoot64 with generic patches.☆50Updated 11 months ago
- ☆21Updated last year
- AEA metadata dumper☆46Updated 8 months ago
- Insecurity as an IOService☆84Updated last year
- Translate and patch arm64e binaries or macOS arm64 binaries to run on an arm64 iPhone at runtime.☆49Updated 2 years ago
- Extract iOS firmware keys using on-device AES engine☆35Updated 2 years ago
- Standalone SSH and CLI tools cryptex for the Apple SRD☆16Updated last year
- Another Virtualization.framework demo project, with focus to iBoot (WIP)☆164Updated last year
- macOS Sandbox Profile Language (SBPL) Interpreter☆53Updated 4 years ago
- Set of tools to interact with various aspects of Kanzi probe and its derivatives☆45Updated 6 months ago
- Failed experiment for running command line macOS tools on jailbroken iOS. There's nothing useful here.☆42Updated 3 years ago
- `ipsw` symbolication signatures☆60Updated 2 weeks ago
- DeviceTree☆78Updated 5 months ago
- CLI frontend for com.apple.decmpfs / AppleFSCompression.framework☆30Updated 2 years ago
- Sniff XPC communication using Frida and Go☆130Updated 2 weeks ago
- XPC sniffer using LLDB☆43Updated 5 months ago
- Tracing of iOS/macOS binaries using HW single step and Frida DBI☆75Updated 3 months ago
- 32/64 bit SecureROM/iBoot loader for IDA Pro. Also supports loading and decrypting encrypted .im4ps within IDA.☆73Updated 3 years ago
- A working busybox for iOS and macOS☆31Updated 2 years ago
- An open source implemention of Apple's `launchctl(1)`☆82Updated 2 months ago
- Experimentation environment for checkm8-vulnerable devices☆53Updated last year
- Slides and resources for talks I've given☆15Updated 8 months ago
- A runtime ObjC class-dump☆70Updated 2 months ago
- Apple's XNU automatically updated live.☆25Updated 3 years ago