Srd Save

Welcome to Hoyt's SRD Repo for the Apple Security Research Device. Contribute Code or Open an Issue or Discussion.

Project README

Welcome to Hoyt's SRD Repo

Hi! 
I am David Hoyt. 
I was in the Apple Security Research Device Program for 2021 & 2022.
Apple sent me an iPhone 11 & iPhone 12 for A/B testing, very helpful. 
I still update various Code, Tooling, Script, Crashes and PoC's etc..
I am still processing over 100Tb of Data generated during those 2 years with thousands of Crashes. 
Some of the Code and Goodies are in this Repo

SUMMARY

This Repo was ahead of the Apple Repo as of December 15, 2022 when I returned my Devices
Built on macOS 13.x X86_64 & arm64e
The DMG's are all Built with XNU 8792.60.55 and options Targeting for iOS 16
Frida, Toybox Unstripped, SSH, debugserver, other example Register Code
Largest Public Code Repo for the Apple Security Research Device with all details provide
iOSOnMAC Fuzzing native iOS Apps on macOS - https://github.com/xsscx/macos-research/tree/main/code/iOSOnMac
Required Reading - https://github.com/xsscx/srd/issues?q=is%3Aissue+is%3Aclosed
Open an Issue or Ask a Question
See https://github.com/xsscx/macos-research

Toybox Unstripped

nm -a com.example.cryptex.dstroot/usr/bin/toybox  | wc -l
     941

START HERE

Install my Pre-Built SRD DMG

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/xsscx/srd/main/dmg/install.sh)"

SRD Example DMG, Build & Installation Status for iOS 16.x w/ + 8792.60.55

Build OS & Device Info	Example DMG	debugserver DMG	ASAN DMG	UBSAN DMG
macOS 13.0.1 22A400 X86_64	PASS	PASS	PASS	PASS
macOS 13 Beta T8101	PASS	PASS	PASS	PASS
X86_64 Install to iPhone 11 16.2_20C5049e	PASS	PASS	PASS	PASS
T8101 Install to iPhone 12 16.2_20C5049e	PASS	PASS	PASS	PASS

Last Known Good Working Configuration(s)

SIP Enabled
macOS 13.x X86_64 or M1 T8101 macOS 13.x
cryptexctl or CryptexManager
Xcode beta

Lastest IPSW Installations

Signed File: iPhone11,8,iPhone12,1_15.5_19F77_Restore.ipsw | defaults write com.apple.AMPDevicesAgent ipsw-variant -string 'Research Customer Erase Install (IPSW)' 
Signed File: iPhone13,2,iPhone13,3_15.5_19F77_Restore.ipsw | defaults write com.apple.AMPDevicesAgent ipsw-variant -string 'Research Customer Erase Install (IPSW)'
Signed File: iPhone12,1_16.0_20A5328h_Restore.ipsw | defaults write com.apple.AMPDevicesAgent ipsw-variant -string 'Research Developer Erase Install (IPSW)'
Signed File: iPhone13,2,iPhone13,3_16.0_20A5328h_Restore.ipsw | defaults write com.apple.AMPDevicesAgent ipsw-variant -string 'Research Developer Erase Install (IPSW)'

Prerequisites

Security Research Tools https://github.com/apple/security-research-device

Resources

Source: https://github.com/apple/security-research-device/tree/main/example-cryptex
DMG: https://github.com/xsscx/srd/raw/main/dmg/srd-universal-cryptex.dmg
Install: https://github.com/xsscx/srd/tree/main/dmg#readme
Discussion: nvram settings disabling KTRR, CTRR and kASLR https://github.com/apple/security-research-device/discussions/2
IPSW & Cryptex Installations
- Build Info, Issue Tracker
- Summary & Workarounds
- iPhone 11 & 12 SRD Models
Pre-built DMG's for the Apple Security Research Device
- toyboxunstripped
- frida
- debugserver
- Sample PoC's from CVE's
  - Chain3
  - P0 PoC's
    - Stage 0,1,2
    - port_refs
  - ZecOps
    - iOS 13 + 14 Voucher Leak
Sample Code
- Example ASAN Makefile and Binary
- Example UBSAN Makefile and Binary
- Example Code Coverage Makefile and Binary
- Example libarchive.a
- Example aslr Binary
- Example Binaries in /bin

SRD DMG Testing

Universal cryptex for iPhone 11 and iPhone 12 SRD Models
Tested on the iPhone 11 for all IPSW from the iOS 14.3 floor for the iPhone 11 up to the latest iOS 16
Tested on the iPhone 12 for all IPSW from the iOS 15.2 floor for the iPhone 12 up to the latest iOS 16
Tested on macOS 11.6.x using SRT 20C80, macOS 12.x using 21F79 and Cryptex Manager from X86_64 and M1 T8101 Platforms

SRD Cryptex Log Collector

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/xsscx/srd/main/srd_tools-24.100.3/example-cryptex/srd-cryptex-logcollector.sh)"

Hosts

X86_64

sysctl -a | grep CPU
machdep.cpu.brand_string: Intel(R) Core(TM) i7-8700B CPU @ 3.20GHz

Run Targets

SRD's - iPhone 11 and iPhone 12
iPhone 12 Pro Max
iPad 12 Pro
X86_64 mini
M1 T8101

How-To Compile for iOS

xcrun -sdk iphoneos clang -g -O2  -mios-version-min=14.3 -DDEBUG=0  -Wall -Wpedantic -Wno-gnu -Werror -Wunused-variable -o a.out code.s

To ALL - Open a Discussion, PR or Issue with Suggestions, Comments, Bugs, Feedback, Tips etc..
Collaborative Research
All Code and Questions are Welcome
When you see Code Errors, Fails or LOL's.. Please Open an Issue... Thanks!

Open Source Agenda is not affiliated with "Srd" Project. README Source: xsscx/srd

Stars

Open Issues

Last Commit

2 months ago

Repository

xsscx/srd

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/srd"><img src="https://www.opensourceagenda.com/projects/srd/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022