This repository started out as a learning in public project for myself and has now become a structured learning map for many in the community. We have 3 years under our belt covering all things Dev…

CVE-2020-9992 - A design flaw in MobileDevice.framework/Xcode and iOS/iPadOS/tvOS Development Tools allows an attacker in the same network to gain remote code execution on a target device

Splunk Technology Add-On (TA) for collecting ETW events from Windows systems

A fuzzer for the iOS kernel and userland

american fuzzy lop - a security-oriented fuzzer

Apple hardware secrets

ios iokit fuzzer (really probably isn't that useful anymore tbh)

collection of verified Linux kernel exploits

My Chrome and Safari exploit code + write-up repo

Ghidra is a software reverse engineering (SRE) framework

A tool for reversing IOKit classes from the iOS 12's new kernelcache format.

A tool for listing/reversing XPC services inside container sandbox. Reference: https://www.blackhat.com/docs/us-15/materials/us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf

Mapping physical memory to user space (EL0) on iOS.

Accessing physical memory on iOS.

iOS 10.0-12.2 tfp0

Awesome-Cellular-Hacking

Scalable fuzzing infrastructure.

powerd exploit : Sandbox escape to root for Apple iOS < 12.2 on A11 devices

powerd exploit : Sandbox escape to root for Apple iOS < 12.2 on A11 devices

Transform any ARM macho executable to a dynamic library

Native lldb 6.0.0 for iOS

dump encrypt iOS app (include Frameworks)

Unofficial fork from saurik git repository git:https://git.saurik.com/ldid.git

call functions in a remote process using Mach API

call functions in a remote process using Mach API

Demo: Anti Anti-Debug in iOS Kernel

Unstripped iOS Kernels