|
Billy Ellis
@
bellis1000
London, England
|
|
19 y/o | Programmer, Author, Reverse Engineer @tellerapi | Interested in ARM, iOS, Mobile Security & Exploit Development | My talk youtu.be/9Mq6NTLGHtM
|
|
|
30.401
Tweetovi
|
663
Pratim
|
22.154
Osobe koje vas prate
|
| Tweetovi |
| Billy Ellis proslijedio/la je tweet | ||
|
checkra1n
@checkra1n
|
8 h |
|
We’re also today releasing webra1n, a web interface for checkra1n designed for headless computers (like a raspberry pi)
checkra1n 0.9.8 also introduces our brand new operating system, pongoOS for the very first time, which is now used to perform low level patches.
|
||
|
||
|
|
Billy Ellis
@bellis1000
|
27. sij |
|
Teller raises $4M to take on Plaid in the U.S. by providing API access to bank accounts tcrn.ch/30VNI0G via @techcrunch
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
Yea you need to compile for ARM using -arch armv7 with clang, and specify an iOS SDK with -isysroot
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
Do chmod +x on the binary, and make sure it’s compiled for ARM
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
Are you running it on the phone?
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
You’ll need to sign the binary with the entitlements after you compile. Use the ent.xml file in the GitHub project and run:
ldid -Sent.xml fb_write
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
Btw, this address should be the VINFO_ADRESS for iPhone4,1 iOS 6.1.3 (haven’t tested tho) -> 0x80328F88
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
20. sij |
|
Yea VINFO_ADDR is all you need to replace. I’ll try to make a video on this at the weekend :)
|
||
|
|
||
| Billy Ellis proslijedio/la je tweet | ||
|
|
Billy Ellis
@bellis1000
|
18. sij |
|
Just published a blog post talking about some iOS kernel framebuffer research I’ve been looking at over the last couple weeks. Have a read if you’re interested :) link.medium.com/3155zMpgm3
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
19. sij |
|
Also keep in mind that most newer kernels don’t have the same string containing “framebuffer” in the binary so you might have to find another method of locating the initialize_screen function
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
19. sij |
|
To add support for another device you can follow the same process I outline in the post to find the address of the framebuffer. Then just use that address in the code instead of the one I have there by default :) yea should work on any tfp0 enabled device
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
19. sij |
|
Ah thanks :) glad you enjoyed!
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
18. sij |
|
Demo program available on my GitHub that lets you render arbitrary text strings to the screen github.com/Billy-Ellis/fr… pic.twitter.com/z6g0ZtO8Pa
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
18. sij |
|
Just published a blog post talking about some iOS kernel framebuffer research I’ve been looking at over the last couple weeks. Have a read if you’re interested :) link.medium.com/3155zMpgm3
|
||
|
|
||
| Billy Ellis proslijedio/la je tweet | ||
|
Siguza
@s1guza
|
18. sij |
|
New blog post: cuck00
A XNU/IOKit info leak 1day killed in iOS 13.3.1 beta 2.
siguza.github.io/cuck00/
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
12. sij |
|
Hanging out with Hackers & iOS Jailbreakers at 36c3 (Vlog) youtu.be/eaSeOCQ50jY via @YouTube
|
||
|
|
||
| Billy Ellis proslijedio/la je tweet | ||
|
Azeria
@Fox0x01
|
6. sij |
|
This year I’m teaming up with some amazing folks to create a new startup that will help people advance their skills and bring new people into the field.
Former attendees and those who take my upcoming training will get free access to the platform before anyone else does. twitter.com/Fox0x01/status…
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
4. sij |
|
Nice work!
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
1. sij |
|
Happy new decade everyone! 🔥
|
||
|
|
||
|
|
Billy Ellis
@bellis1000
|
30. pro |
|
Was a great few days 🔥
|
||
|
|
||