tjkr0wn / xnu_gymView external linksLinks
xnu_gym is a pongoOS module that patches XNU to reintroduce previously known and patched vulnerabilities. This is an easy way to practice kernel exploitation and jailbreak development!
☆57Jun 17, 2021Updated 4 years ago
Alternatives and similar repositories for xnu_gym
Users that are interested in xnu_gym are comparing it to the libraries listed below
Sorting:
- iBoot/SecureROM Loader☆34Feb 24, 2023Updated 2 years ago
- Binary Ninja loader for A12 SEP firmware☆29Feb 4, 2021Updated 5 years ago
- Small binja plugin to import header file to types☆18Nov 11, 2022Updated 3 years ago
- some research results of sep☆20Apr 9, 2021Updated 4 years ago
- Writes to nand_llb and triggers the Image3 SHSH overlap bug☆14Dec 2, 2023Updated 2 years ago
- WebKit/JSC CodeQL Databases☆17Dec 15, 2025Updated 2 months ago
- Binary View plugin for reverse engineering iBoot like binaries with Binary Ninja☆54Jan 25, 2024Updated 2 years ago
- UPDATED: All the action is at https://github.com/xsscx/srd☆12Jul 12, 2021Updated 4 years ago
- A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.☆164Sep 18, 2021Updated 4 years ago
- Binary Ninja loader for 64 bits Apple SEPROMs☆58Sep 7, 2025Updated 5 months ago
- Find some iBoot functions in an iBoot64.☆40Feb 10, 2021Updated 5 years ago
- Fork of PongoOS which can be run in QEMU☆68Jun 7, 2021Updated 4 years ago
- ☆16Jul 30, 2020Updated 5 years ago
- a7 sep bug☆55Sep 26, 2023Updated 2 years ago
- A plugin for Binary Ninja to query the Symgrate2 database.☆13Sep 11, 2021Updated 4 years ago
- CVE-2020-9992 - A design flaw in MobileDevice.framework/Xcode and iOS/iPadOS/tvOS Development Tools allows an attacker in the same networ…☆73Sep 23, 2020Updated 5 years ago
- Patch the iBoot64 with generic patches.☆52Mar 19, 2024Updated last year
- Binja Arm64 Disassembler☆100Feb 10, 2026Updated last week
- ☆42Aug 5, 2021Updated 4 years ago
- Boot arbitrary iBoot via ipwndfu's custom protocol on 32-bit platforms (and more)☆64Dec 21, 2025Updated last month
- iOS system call/Mach trap interception for checkra1n'able devices☆159Aug 10, 2021Updated 4 years ago
- iOS 5.x iBoot fun for the whole family!☆43Apr 23, 2020Updated 5 years ago
- for 32-bit iboot bug on ios 7☆17Mar 11, 2020Updated 5 years ago
- Experimentation environment for checkm8-vulnerable devices☆57Dec 30, 2023Updated 2 years ago
- An *OS bootchain patching library.☆15Feb 9, 2026Updated last week
- UNMAINTAINED: I am now developing and using https://github.com/GhidraJupyter/ghidra-jupyter-kotlin instead, PRs still welcome☆16May 6, 2020Updated 5 years ago
- Open source version of Apple's restored_external on the iPhone restore ramdisk☆15Jun 2, 2010Updated 15 years ago
- Tool to patch the ASLR slide generation in the kernel to disable user-land ASLR on 32-bit iOS☆31Dec 6, 2020Updated 5 years ago
- Spice - an unfinished iOS 11 untether☆112Oct 16, 2021Updated 4 years ago
- an iOS kernel function hooking framework for checkra1n'able devices☆581Oct 6, 2021Updated 4 years ago
- IDA loader for Apple's 64 bits iBoot, SecureROM and AVPBooter☆162Nov 2, 2024Updated last year
- A tool to pull C++ object names from kernel memory☆16Aug 13, 2021Updated 4 years ago
- ☆51Jul 20, 2020Updated 5 years ago
- A script for automatically compiling xnu and it's dependencies works for 10.13 High Sierra+ source code from Apple Inc.☆55Oct 14, 2019Updated 6 years ago
- Dev tools for probing IOKit☆201Sep 23, 2023Updated 2 years ago
- checkm8 for s7002☆26Feb 9, 2020Updated 6 years ago
- A quick way to sign iBSS - iBEC and upload it to device☆19Feb 7, 2020Updated 6 years ago
- p-joker -- iOS/MacOS kernelcache/kexts analysis tool☆111May 18, 2020Updated 5 years ago
- iOS Userland Forensic Dumping Framework for iOS 7/8☆20Oct 30, 2018Updated 7 years ago