Something about iOS/Android/IOT/Other Security Resouce Collected by xia0
#iOS
#Jailbreak
#jailbreak develop
http://jontelang.com/guide/chapter3/first-tweak.html
Guide to your first tweak
http://developer.limneos.net/?ios=12.1
iOS header file
https://github.com/limneos/UIDaemon
An iOS daemon that can show UI /over/ SpringBoard
-
Submite your tweak to Bigboss
http://imxz.cn/post/1faea8f0090a
IOS11越狱状态下运行Root权限App
https://github.com/coolstar/uikittools-theos
uikittools
https://gitlab.com/opensource-saurik
Unofficial mirror of http://gitweb.saurik.com
#jialbreak source code / IPA / website
https://github.com/pwn20wndstuff/Rollectra11
Rollectra11 jailbreak github source code
https://github.com/coolstar/electra
Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
https://github.com/kpwn/yalu102
incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
https://github.com/pwn20wndstuff/Undecimus
unc0ver jailbreak for iOS 11.0 - 12.2
https://github.com/Samgisaninja/SuccessionRestore
Restore iOS devices without updating via rootfilesystem DMG
https://semi-restore.com/
refresh jailbreak
#IPA Distribute
https://imyuvii.com/posts/distribute-iphone-app-air/
Distribute IPA Over the Air
-
一个可用免费且不需要过多信息的IPA应用分发平台
https://github.com/Edudjr/IPAServer
This is a server created to provide your testers with the latest IPA files for your iOS Application
https://github.com/MDausch/Example-Cydia-Repository
This is a guide on how to set up your own Cydia Repository
#Open Source
https://git.llvm.org/klaus/lldb/tree/a43beb68e9d27abc0fd465bc596fc3de3bddc6e1/tools/debugserver
debugserver source code
https://github.com/llvm-mirror/lldb
lldb source code
#RE
https://github.com/hbang/libcephei
Useful functions for tweak developers
https://blog.zz173.com/detail/32
xx消消乐的逆向分析与利用
-
使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
https://github.com/fireeye/flare-ida/blob/master/python/flare/objc2_analyzer.py
This script creates cross-references between selector references and their implementations
https://blog.gocy.tech/2019/07/08/hook-msgSend-advance/
Hook objc_msgSend – 从 0.5 到 1
https://www.desgard.com/fishhook-1/
巧用符号表 - 探求 fishhook 原理(一)
https://zhuanlan.zhihu.com/p/32511173
微信聊天记录导出
#iOSDev
- https://iosexample.com/ # iOS UI Dev Library/Demo
#Paper/Blog/Github
https://github.com/DerekSelander/LLDB
A collection of LLDB aliases/regexes and Python scripts to aid in your debugging sessions
https://www.raywenderlich.com/2705-ios-assembly-tutorial-understanding-arm#toc-anchor-001
iOS Assembly Tutorial: Understanding ARMhttp://www.ethernut.de/en/documents/arm-inline-asm.html
ARM GCC Inline Assembler Cookbook
#wiki
http://xelz.info/blog/2019/01/11/ios-code-signature/
深度长文:细说iOS代码签名
http://www.friday.com/bbum/2011/03/17/ios-4-3-imp_implementationwithblock/
implementationwithblock
https://www.nesono.com/sites/default/files/lldb%20cheat%20sheet.pdf
lldb cheat sheet
http://www.newosxbook.com/articles/DYLD.html#footnote
DYLD Detailed
#Kernel Exploit
https://sparkes.zone/blog/jekyll/update/2018/04/06/diving-into-the-kernel-entitlements.html
Diving into the iOS Kernel: Breaking Entitlements
- https://bazad.github.io/
blog about iOS kernel wiki / pwn / jailbreak / CVE
#Misc
https://github.com/limneos/MobileMiner
CPU Miner for ARM64 iOS Devices
http://newosxbook.com/ent.jl?ent=&osVer=iOS10
OSX/iOS Entitlement Database
https://github.com/AnthoPakPak/FastFinder
Bring up your Finder on any Space with a shortcut - Compatible with MacOS Mojave and below
https://maimieng.com/posts/2018/dyld_shared_cache/
谈谈 iOS 中的 dyld_shared_cache
https://docs.unity3d.com/Manual/iphone-GettingStarted.html
Getting started with iOS development
http://apt.thebigboss.org/stats.php?dev=xia0
xia0’s bigboss tweak status
http://www.gandalf.site/2018/09/cydia.html
cydia源采集方式
#Android
#Frida
https://11x256.github.io/Frida-hooking-android-part-1/
Frida android hook examples
https://awakened1712.github.io/hacking/hacking-frida/
Frida the most useful code snippets
https://github.com/smartdone/Frida-Scripts
一些frida脚本(包含脱一代壳的frida脚本)
https://github.com/iddoeldor/frida-snippets
Hand-crafted Frida examples
#加固/脱壳
https://github.com/wanchouchou/ApkProtect
通付盾第一代安全加固方案
https://github.com/hanbinglengyue/FART
ART环境下自动化脱壳方案,基于Android 6.0方案实现
https://github.com/GuoQiang1993/Frida-Apk-Unpack
利用frida hook libart.so中的OpenMemory或OpenCommon去dump dex
https://github.com/smartdone/dexdump
快速脱一代壳的xposed插件
https://github.com/ylcangel/android_poke
poke android ,dump dex
#RE
https://github.com/JasonQS/Anti-recall
Android 免root防撤回
https://bbs.pediy.com/thread-253522.htm
Java层混淆加密对抗/某个辣眼睛的APP混淆还原
https://github.com/AndroidAppz/LuckyPatcher
Lucky Patcher is a great Android tool to remove ads, modify apps permissions, backup and restore apps, bypass premium applications license verification, and more.
https://www.jianshu.com/p/a08764e1f696
xLua+Unity游戏分析与测试
https://bbs.pediy.com/thread-223713.htm
Xposed注入实现分析及免重启定制
- https://www.4hou.com/system/20326.html
使用Ghidra对iOS应用进行msgSend分析
#wiki
#research
https://github.com/Catherine22/ClassLoader
Loading apks or classes without reinstalling your app.
#IOT
#ESP8266
https://github.com/AngelLiang/ESP8266-Demos
ESP8266示例工程集合
http://4ch12dy.site/2019/07/30/Arduino-ESP8266-bigstep/Arduino-ESP8266-bigstep/
我写的一个在最新mac平台搭建ESP8266开发环境的一个过程
http://maxembedded.com/2016/05/getting-started-esp8266-wifi-module/
Getting Started with ESP8266 WiFi Module
https://code.hmil.fr/2018/07/ultimate-esp8266-guide/
The definitive ESP8266 getting started guide for programmers
#IOTSec
https://github.com/jsandin/esp-bin2elf
Converts a flash dump from an esp8266 device into an ELF executable file for analysis and reverse engineering.
#BestPractice
#RE
https://www.youtube.com/watch?v=zk3JdMOQPc8
Solving AVR reverse engineering challenge with radare2
https://github.com/buserror/simavr
simavr is a lean, mean and hackable AVR simulator for linux & OSX
https://github.com/Riscure/Rhme-2016
Rhme2 challenge (2016)
https://github.com/cyrus-and/gdb-dashboard
Modular visual interface for GDB in Python
http://www.gandalf.site/2019/01/iot.html
IoT(九)热风枪拆焊&编程器提取固件
#assemble/disassemble
#arm
http://www.ethernut.de/en/documents/arm-inline-asm.html (介绍了arm内联汇编的知识)
ARM GCC Inline Assembler Cookbook
https://modexp.wordpress.com/2018/10/30/arm64-assembly/ (详细介绍了arm64的基础知识)
A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography
http://armconverter.com/branchfinder/ (针对br跳转指令的编码)
Online ARM/Thumb/ARM64 Branch Finder/Calculator
https://blog.nelhage.com/2010/10/amd64-and-va_arg/
amd64 and va_arg
-
ARM64 Function Calling Conventions
-
arm inline assemble demo
#IDA/Hopper
#ida python plugin
https://github.com/L4ys/LazyIDA
Make your IDA Lazy!
https://github.com/L4ys/IDASignsrch
IDAPython Plugin for searching signatures, use xml signature database
#hopper script
https://github.com/Januzellij/hopperscripts
Collection of scripts I use in the Hopper disassembler (swift)
#OTHERS
#LLVM/OLLVM
https://github.com/RolfRolles/HexRaysDeob
Hex-Rays microcode API plugin for breaking an obfuscating compiler
https://github.com/szaydel/Gamma
Snippets of code to improve efficiency at work(shell script)
#Binary Exploitation
- https://ctf101.org/binary-exploitation/stack-canaries/
introduce Stack Canaries and bypass tricks