udevs udevsharold
saagarjha
/ library_injector.cpp
Last active
February 21, 2026 10:45
Load a library into newly spawned processes (using DYLD_INSERT_LIBRARIES and EndpointSecurity)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector, | |
| // then codesign with com.apple.developer.endpoint-security.client and run the | |
| // program as root. | |
| #include <EndpointSecurity/EndpointSecurity.h> | |
| #include <algorithm> | |
| #include <array> | |
| #include <bsm/libbsm.h> | |
| #include <cstddef> | |
| #include <cstdint> |
johnzaro
/ iOS14DirectMethodsGuide.txt
Last active
November 26, 2023 13:15
Guide to using libundirect and finding direct methods on iOS 14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (I used hopper disassembler) | |
| 1) Open the Safari binary from iOS 13.7 [binary 1] and also open a Safari binary from iOS 14+ [binary 2] which has the selector you are interested in converted to direct method. | |
| 2) Search in the processes tab of the [binary 1] for the selector you are interested in. | |
| 3) Open it and have a look at the code inside it by using the 'pseudo-code mode'. | |
| 4) We now arrive to the 1st way to find a direct method: |