Twitter | Search | |
Billy Ellis
19 y/o | Programmer, Author, Reverse Engineer | Interested in ARM, iOS, Mobile Security & Exploit Development | My talk
30,379
Tweets
662
Following
22,153
Followers
Tweets
Billy Ellis Feb 24
Replying to @Fox0x01
Congrats! 🥳
Reply Retweet Like
Billy Ellis retweeted
Brandon Azad Feb 7
Replying to @_bazad
oob_timestamp is a proof-of-concept research exploit that exports the kernel task port on iOS 13.3 17C54 on the iPhone12,3. See README and oob_timestamp.c for details.
Reply Retweet Like
Billy Ellis retweeted
checkra1n Feb 5
Replying to @checkra1n
We’re also today releasing webra1n, a web interface for checkra1n designed for headless computers (like a raspberry pi) checkra1n 0.9.8 also introduces our brand new operating system, pongoOS for the very first time, which is now used to perform low level patches.
Reply Retweet Like
Billy Ellis Jan 27
Teller raises $4M to take on Plaid in the U.S. by providing API access to bank accounts via
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
Yea you need to compile for ARM using -arch armv7 with clang, and specify an iOS SDK with -isysroot
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
Do chmod +x on the binary, and make sure it’s compiled for ARM
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
Are you running it on the phone?
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
You’ll need to sign the binary with the entitlements after you compile. Use the ent.xml file in the GitHub project and run: ldid -Sent.xml fb_write
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
Btw, this address should be the VINFO_ADRESS for iPhone4,1 iOS 6.1.3 (haven’t tested tho) -> 0x80328F88
Reply Retweet Like
Billy Ellis Jan 20
Replying to @FitTerminator
Yea VINFO_ADDR is all you need to replace. I’ll try to make a video on this at the weekend :)
Reply Retweet Like
Billy Ellis retweeted
Billy Ellis Jan 18
Just published a blog post talking about some iOS kernel framebuffer research I’ve been looking at over the last couple weeks. Have a read if you’re interested :)
Reply Retweet Like
Billy Ellis Jan 19
Replying to @FitTerminator
Also keep in mind that most newer kernels don’t have the same string containing “framebuffer” in the binary so you might have to find another method of locating the initialize_screen function
Reply Retweet Like
Billy Ellis Jan 19
Replying to @FitTerminator
To add support for another device you can follow the same process I outline in the post to find the address of the framebuffer. Then just use that address in the code instead of the one I have there by default :) yea should work on any tfp0 enabled device
Reply Retweet Like
Billy Ellis Jan 19
Replying to @PwnedC99
Ah thanks :) glad you enjoyed!
Reply Retweet Like
Billy Ellis Jan 18
Replying to @bellis1000
Demo program available on my GitHub that lets you render arbitrary text strings to the screen
Reply Retweet Like
Billy Ellis Jan 18
Just published a blog post talking about some iOS kernel framebuffer research I’ve been looking at over the last couple weeks. Have a read if you’re interested :)
Reply Retweet Like
Billy Ellis retweeted
Siguza Jan 17
New blog post: cuck00 A XNU/IOKit info leak 1day killed in iOS 13.3.1 beta 2.
Reply Retweet Like
Billy Ellis Jan 12
Hanging out with Hackers & iOS Jailbreakers at 36c3 (Vlog) via
Reply Retweet Like
Billy Ellis retweeted
Azeria Jan 6
This year I’m teaming up with some amazing folks to create a new startup that will help people advance their skills and bring new people into the field. Former attendees and those who take my upcoming training will get free access to the platform before anyone else does.
Reply Retweet Like
Billy Ellis Jan 4
Replying to @h3adsh0tzz
Nice work!
Reply Retweet Like