nick-botticelli / vma2pwn
Scripts + patches to pwn vma2 (Virtualization.framework) macOS virtual machines
☆54Updated 9 months ago
Alternatives and similar repositories for vma2pwn:
Users that are interested in vma2pwn are comparing it to the libraries listed below
- tart, but with custom AVPBooter ROM, serial I/O, DFU mode, GDB debugging (port 8000), and panic halting. See help menus for `tart create`…☆43Updated last year
- Interact with trustcaches☆40Updated 2 years ago
- Ghidra CI/CD to build and host a universal macOS Ghidra.app☆36Updated last month
- Boot arbitrary iBoot via ipwndfu's custom protocol on some cursed platforms and more☆53Updated 2 months ago
- Insecurity as an IOService☆86Updated last year
- A tool to parse Apple's binary device tree format.☆55Updated 4 years ago
- Translate and patch arm64e binaries or macOS arm64 binaries to run on an arm64 iPhone at runtime.☆49Updated 2 years ago
- An open source implemention of Apple's `launchctl(1)`☆82Updated 2 months ago
- Patch the iBoot64 with generic patches.☆50Updated last year
- Extract iOS firmware keys using on-device AES engine☆35Updated 2 years ago
- AEA metadata dumper☆46Updated 8 months ago
- Apple Silicon NOR dumper☆48Updated last year
- Extract Binaries from Apple's DYLD Shared Cache☆18Updated last year
- ☆21Updated last year
- CLI frontend for com.apple.decmpfs / AppleFSCompression.framework☆30Updated 2 years ago
- Experimentation environment for checkm8-vulnerable devices☆53Updated last year
- Failed experiment for running command line macOS tools on jailbroken iOS. There's nothing useful here.☆42Updated 3 years ago
- Transform any ARM macho executable to a dynamic library☆41Updated last week
- XPC sniffer using LLDB☆43Updated 5 months ago
- `ipsw` symbolication signatures☆60Updated last month
- Tool for conversion between iBoot images and PNG.☆36Updated last year
- DeviceTree☆78Updated 5 months ago
- Guessed headers of non-public Apple SDK☆25Updated 2 months ago
- A working busybox for iOS and macOS☆31Updated 2 years ago
- Binary View plugin for reverse engineering iBoot like binaries with Binary Ninja☆53Updated last year
- 32/64 bit SecureROM/iBoot loader for IDA Pro. Also supports loading and decrypting encrypted .im4ps within IDA.☆73Updated 3 years ago
- Another Virtualization.framework demo project, with focus to iBoot (WIP)☆165Updated last year
- macOS Sandbox Profile Language (SBPL) Interpreter☆53Updated 4 years ago
- A python lib for manipulating IMG4, IM4M and IM4P files☆12Updated last year
- Slides and resources for talks I've given☆15Updated 8 months ago