CalvinBackup/SnakeAppleSecurityFiles
1
0
Fork 0
mirror of https://github.com/Karmaz95/Snake_Apple.git synced 2026-03-30 14:00:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
264 Commits 1 Branch 11 Tags
main
Commit Graph

54 Commits

Author SHA1 Message Date
Karol Mazurek
d08cd41f2d Add IDA Pro MIG Subsystem Scanner for identifying and labeling MIG subsystems in Mach binaries 2025-12-07 20:28:07 +01:00
Karol Mazurek
3473985e92 Description update. 2025-10-18 15:23:14 +02:00
Karol Mazurek
4345a0412e Fix: Add IOKit 16-scalar limit validation to prevent OOB access 
Validates scalar input/output counts in -y parameter don't exceed
IOKit's maximum of 16, preventing garbage values from array bounds.
 2025-09-27 17:10:10 +02:00
Karol Mazurek
06d77e7c09 Enhance ioconnectcallmethod_hook to generate unique filenames for dumped inputStruct and print IOConnectCallMethod return code 2025-06-11 00:04:42 +02:00
Karol Mazurek
0fd3c811db Add inputStruct dumping functionality to iokit_tracer with output directory support 2025-06-10 19:08:16 +02:00
Karol Mazurek
1962ab10ef Enhance trace_iokit command to utilize the current LLDB target/process if no PID or executable path is specified 2025-06-10 18:53:50 +02:00
Karol Mazurek
3f1f2e6228 Add error handling for subprocess output in dtrace scripts 2025-06-10 18:36:34 +02:00
Karol Mazurek
1a00625b0f Add IOVerify tool for IOKit driver communication verification 2025-06-09 15:32:42 +02:00
Karol Mazurek
8eb7589493 Add iokit_dump.py script for dumping IOKit IOConnectCallMethod data in LLDB 2025-06-09 02:34:05 +02:00
Karol Mazurek
2e208d662c Add iokit_tracer.py script for complete IOKit data inspection and tracing 2025-06-09 02:26:24 +02:00
Karol Mazurek
014ce2b5d5 Add dtrace_externalMethod.py script to trace IOConnectCallMethod kernel functions 2025-06-09 01:47:35 +02:00
Karol Mazurek
18dfa39f42 Add dtrace_NewUserClient.py script to trace kernel newUserClient calls on macOS 2025-06-09 01:39:38 +02:00
Karol Mazurek
b0439e7220 Add trace_ioserviceopen.py script to trace IOServiceOpen calls in LLDB 2025-06-09 01:38:54 +02:00
Karol Mazurek
95752eefc7 Add print_methods function to display external methods details in IDA 2025-06-08 00:50:59 +02:00
Karol Mazurek
0f8df62d82 Enhance IDA script for IOExternalMethodDispatch structures: 
- Added support for struct_type argument in create_external_method_dispatch_struct and format_external_method_array functions.
- Updated documentation for usage and structure formats.
- Improved handling of specific fields for IOExternalMethodDispatch2022.
 2025-06-08 00:50:34 +02:00
Karmaz95
6223fc3df2 Moving dump_kext to XNU class 2024-12-26 17:36:13 +01:00
Karmaz95
116c826b9c Update CrimsonUroboros with XNU 2024-12-26 16:47:29 +01:00
Karmaz95
532c6cf56f Updated, but still need some work 2024-12-25 07:16:08 +01:00
Karmaz95
514b18d64f Adding AppleJPEGDriver_method_1.cpp 2024-12-25 06:02:41 +01:00
Karmaz95
24cd4ccb58 Adding IOConnectCallMethod simple examples 2024-12-25 01:29:41 +01:00
Karmaz95
a49923016b IDA script for IOExternalMethodDispatch2022 array parsing 2024-12-24 23:31:11 +01:00
Karmaz95
0a576da592 Uploading example C programs for driver article. 2024-12-23 13:17:48 +01:00
Karmaz95
2107b01887 Uploading LLDB helper for setting XPC breakpoints 2024-12-20 22:41:32 +01:00
Karmaz95
684d03c491 Uploading LaunchDaemon XPC service example 2024-12-20 02:02:18 +01:00
Karmaz95
3f1b032bff Moving XPC to App Bundle Extension directory from XNU 2024-12-18 22:35:45 +01:00
Karmaz95
b920d49964 Uploading test_termina_xpc bundle app 2024-12-18 22:33:55 +01:00
Karmaz95
9f195f010b Uploading code that demonstrates process injection on macOS using the Mach kernel APIs 2024-12-17 15:29:54 +01:00
Karmaz95
1e0787cef8 Uploading scripts for special ports enumeration 2024-12-17 03:27:51 +01:00
Karmaz95
5f2f010eb7 Update to enum_special_port_rights 2024-12-17 03:21:09 +01:00
Karmaz95
2b125144ea Uploading service_lookup 2024-12-17 02:40:51 +01:00
Karmaz95
fe6dcb3b79 Update for port_inspector 2024-12-17 02:11:37 +01:00
Karmaz95
975b88ffcc Adding port_inspector.c 2024-12-16 16:11:02 +01:00
Karmaz95
3f3d5355b3 Adding client_server NSNotification example 2024-12-16 15:21:42 +01:00
Karmaz95
043c2714f1 Adding client_server CFMessagePort example 2024-12-16 14:45:50 +01:00
Karmaz95
b735706891 Adding client_server NSMachPort example 2024-12-16 14:35:30 +01:00
Karmaz95
5e6daa4a92 Adding client_server NSConnection example 2024-12-16 14:12:52 +01:00
Karmaz95
9a58e93e3c 2024-12-15 22:55:06 +01:00
Karmaz95
63971e56bc Move enum_special_port_rights to mach_ipc directory 2024-12-15 18:53:49 +01:00
Karmaz95
25dd6a7ef2 Adding example Mach IPC client-server with and without MIG 2024-12-15 17:56:29 +01:00
Karmaz95
0b585a6e33 Enumerates our task rights to special ports 2024-12-14 22:29:58 +01:00
Karmaz95
94ac0a9eda Adding CommPageParser 2024-12-11 19:33:33 +01:00
Karmaz95
4e92e0de3f Fix dependency 2024-12-08 13:15:16 +01:00
Karmaz95
2249085af6 Add printf to kext start/stop 2024-12-08 13:14:19 +01:00
Karmaz95
7697a32562 The fix for "Binary is for x86_64, but arch arm64e" is needed while loading kext. 2024-12-06 22:03:29 +01:00
Karmaz95
8a218fe824 Fix for the "missing compatible arch" error when loading kext. 2024-12-06 21:56:11 +01:00
Karmaz95
cac8faf611 Bug fix - no kext binary after successful build. 2024-12-06 21:49:53 +01:00
Karmaz95
6fa59caab5 Bare Kernel Extension project ready to compile 2024-12-06 21:27:23 +01:00
Karmaz95
42cf84599a Patching getSegmentsInfo bug when parsing kext 2024-12-06 19:55:44 +01:00
Karmaz95
d292244cbe Adding MPO (mac_policy_ops) parser 2024-11-28 19:43:45 +01:00
Karmaz95
6b34b6ea10 Adding MPO structure for IDA 2024-11-28 18:32:25 +01:00