osxploit
apple platform security research
research
-
Mac App Store App to Ransomware via Apple Classroom
A sandboxed Mac App Store app can lock your entire screen with custom text and block all input — using Apple's own Classroom feature via unauthenticated XPC access to loginwindow. Apple says it's not a security issue.
-
How I Turned On Apple’s Hidden On‑Screen Touch Bar (DFRHUD) via XPC.
Ever wanted to tweak your macOS (almost) legitimately? Popping the Touch Bar UI is a good point to start from!
-
Digging into DeviceCheck
Device identification is a substantial piece of intelligence for app attestation, but how does it work in reality? In this writeup, I present an end-to-end RE of Apple's DeviceCheck token generation internals.
also from osxploit
view all →- BATTERY SAVER · ONE-CLICK INSTALL
Melatonin
Stop your Mac from draining battery unnecessarily.
A quiet background companion that gets rid of redundant processes while your Mac sleeps, and thereby gives you back an hour of real battery without even thinking about it. It also gives you a neat and comprehensive summary of your sleep sessions!
Learn more macOS - CODE OBFUSCATOR · HASSLE-FREE
Obscura
Fastest and most sophisticated code obfuscator you can think of.
A state-of-the-art LLVM plugin for code obfuscation, mainly compatible with AppleClang and Darwin targets, providing the greatest extent of obfuscation that can be found online for completely free. Configured in under 2 minutes through just two compiler flags.
View on GitHub LLVMCLI
