Code samples

• PBZX extractor and OTA update extractor for iOS OTA updates (q.v. this article).
• New (06/15/14) New version of lsock: demonstrating the use of Apple's ntstat (com.apple.network.statistics) to get per-process socket usage and bandwidth statistics. Grab the tar file here.
• inject: A simple (but darn useful) dylib injector for OS X x86_64 And now (6/1/15) with ARM64 . PoC code - Not meant to be stable, so people don't accuse me of spreading malware techniques. If you need an industrial grade version, drop me a line
• bat: A simple battery statistics reader, using IOKit's IOPowerSource. Compiles neatly on iOS and OS X. Used in my Process Explorer
• jurpleConsole: Reconstructed source of Apple's "purple console" utility, allowing you to activate syslog_relay on your device (jailbroken or not) via lockdownd, and view the log on your Mac - as you would via xcode.
• Listing 3-Filemon: Filemon: Demonstrating FSEvents on OS X and iOS
• Listing 4-5: DYLD interpose: demonstrating Linux's mtrace()-like functionality, using function interposing on malloc()
• Listing 6-Bonus: imagine: An img3 file format dumper, with a focus on device tree files. Mentioned in book (outputs 6-6, 6-7)
• Listing 8-joker: Joker: Now has its own page
• Listing 12-1: vmmap(1) for iOS - including a fix for iOS 6. This all-too-valuable code (derived from GDB's "info regions") not only displays the use of the Mach VM APIs, but provides the breakdown of a process' VM space. Modified to include list of Mach-O images using DYLD APIs.
• Listing 17-1: lsock: netstat(1) clone offering real-time socket activity. Will also compile on iOS
• Listing 17-15 (expanded): Sample UTUN (User-mode tunnel). Will also compile on iOS
• Listing 17-25: BPF: Sample BPF filter. Will also compile on iOS
• Listing 18-1: Jkextstat: Improved kextstat(8) which will also compile on iOS
• Listing 19-3: Iterating over the I/O Registry
• Listing 19-4: As 19-3, with properties