OS X: Amit Singh's book
Note on compiling for iOS: I use the following shell script and call it "gcc-iphone":
# Do yourselves a favor and create a symlink to the mile long path of the SDK. Mine is:
#
# ls -l /iOSDeveloper
# lrwxr-xr-x 1 root wheel 80 Mar 30 16:15 /iOSDeveloper ->
# /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer
#
# If SIP won't let you do that, create in your own home dir as ~/iOSDeveloper.
# Makes life so much easier.
SDK=iPhoneOS.sdk
export XCODE_DEVELOPER_USR_PATH="/Developer"
export SDKROOT="/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk"
# No longer needed : -sdk iphoneos gcc -arch arm64 -d__arm64__ \
# If you want to change this to armv7, just replace "arm64" below with armv7
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -arch arm64 \
-D__arm64__ \
-DARM \
$*
- PBZX extractor and OTA update extractor for iOS OTA updates (q.v. this article).
- New (06/15/14) New version of lsock: demonstrating the use of Apple's ntstat (com.apple.network.statistics) to get per-process socket usage and bandwidth statistics. Grab the tar file here.
- inject: A simple (but darn useful) dylib injector for OS X x86_64 And now (6/1/15) with ARM64 . PoC code - Not meant to be stable, so people don't accuse me of spreading malware techniques. If you need an industrial grade version, drop me a line
- bat: A simple battery statistics reader, using IOKit's IOPowerSource. Compiles neatly on iOS and OS X. Used in my Process Explorer
- jurpleConsole: Reconstructed source of Apple's "purple console" utility, allowing you to activate syslog_relay on your device (jailbroken or not) via lockdownd, and view the log on your Mac - as you would via xcode.
- Listing 3-Filemon: Filemon: Demonstrating FSEvents on OS X and iOS
- Listing 4-5: DYLD interpose: demonstrating Linux's
mtrace()-like functionality, using function interposing on malloc() - Listing 6-Bonus: imagine: An img3 file format dumper, with a focus on device tree files. Mentioned in book (outputs 6-6, 6-7)
- Listing 8-joker: Joker: Now has its own page
- Listing 12-1: vmmap(1) for iOS - including a fix for iOS 6. This all-too-valuable code (derived from GDB's "info regions") not only displays the use of the Mach VM APIs, but provides the breakdown of a process' VM space. Modified to include list of Mach-O images using DYLD APIs.
- Listing 17-1: lsock: netstat(1) clone offering real-time socket activity. Will also compile on iOS
- Listing 17-15 (expanded): Sample UTUN (User-mode tunnel). Will also compile on iOS
- Listing 17-25: BPF: Sample BPF filter. Will also compile on iOS
- Listing 18-1: Jkextstat: Improved kextstat(8) which will also compile on iOS
- Listing 19-3: Iterating over the I/O Registry
- Listing 19-4: As 19-3, with properties
