My uni's kiosk iPad is vulnerable to my libAppleArchive exploit lol
October 26, 2025 at 5:05 AM
My uni's kiosk iPad is vulnerable to my libAppleArchive exploit lol
im happy that less important people follow me on bsky so i can be slightly more personal here even though i never post
September 29, 2025 at 6:12 PM
im happy that less important people follow me on bsky so i can be slightly more personal here even though i never post
Does Burger King have anywhere designated to report security vulnerabilities? I could not find any place to report anything other than the generic contact form for all support…
August 9, 2025 at 6:12 AM
Does Burger King have anywhere designated to report security vulnerabilities? I could not find any place to report anything other than the generic contact form for all support…
Security researchers don’t really follow me on here (well a couple but not much), might as well use this as my personal
July 12, 2025 at 3:32 AM
Security researchers don’t really follow me on here (well a couple but not much), might as well use this as my personal
<3 Canada, having a blast here
July 6, 2025 at 6:32 PM
<3 Canada, having a blast here
Weird question: Does anyone know of any way to upload iOS apps with 32bit slices onto App Store Connect nowadays, or are all ways of doing it discontinued?
June 17, 2025 at 6:50 AM
Weird question: Does anyone know of any way to upload iOS apps with 32bit slices onto App Store Connect nowadays, or are all ways of doing it discontinued?
Reposted by snoolie / 0xilis
I’ve released Lina (AAR / AEA app using libNeoAppleArchive) on TestFlight github.com/0xilis/Lina
May 31, 2025 at 3:20 PM
I’ve released Lina (AAR / AEA app using libNeoAppleArchive) on TestFlight github.com/0xilis/Lina
Be totally honest, would you think anyone would use a Shortcuts emulator that works on Linux (and other Unix systems)?
May 11, 2025 at 8:21 PM
Be totally honest, would you think anyone would use a Shortcuts emulator that works on Linux (and other Unix systems)?
snoolie.gay/blog/CVE-202... I'm excited to announce a writeup for CVE-2024-27876, a fun libAppleArchive bug I discovered back in April last year! I've also supplied an exploit maker for making a malformed aar to write to an arbitrary file.
April 23, 2025 at 10:07 PM
snoolie.gay/blog/CVE-202... I'm excited to announce a writeup for CVE-2024-27876, a fun libAppleArchive bug I discovered back in April last year! I've also supplied an exploit maker for making a malformed aar to write to an arbitrary file.
snoolie.gay/blog/archive... Here's a writeup on an Archive Utility vulnerability I found that was patched in macOS 15! Complete with a working POC for others to test, which should work on Monterey, Ventura, and Sonoma. Maybe Big Sur but unsure.
snoolie.gay
April 18, 2025 at 2:00 AM
snoolie.gay/blog/archive... Here's a writeup on an Archive Utility vulnerability I found that was patched in macOS 15! Complete with a working POC for others to test, which should work on Monterey, Ventura, and Sonoma. Maybe Big Sur but unsure.
snoolie.gay/blog/the-ios... New blog post time about a 1day I rediscovered that was patched in iOS 12. Sorry that I don't really go deep into it at all or talk about exploiting it, I just needed to get something to post on my blog again lol
Snoolie's Blog
The iOS 8 IOHIDFamily bug that wasn't patched.
snoolie.gay
April 17, 2025 at 3:16 AM
snoolie.gay/blog/the-ios... New blog post time about a 1day I rediscovered that was patched in iOS 12. Sorry that I don't really go deep into it at all or talk about exploiting it, I just needed to get something to post on my blog again lol
I finally got IDA and holy... how did I survive with the free version of Hopper for this long 😭
March 27, 2025 at 7:22 AM
I finally got IDA and holy... how did I survive with the free version of Hopper for this long 😭
I've finally added an archive command to the neoaa CLI tool. I brought shortcut-sign CLI to iOS and plan to do the same with neoaa, as well as supply pre-compiled Linux and macOS binaries soonish.
March 25, 2025 at 6:48 PM
I've finally added an archive command to the neoaa CLI tool. I brought shortcut-sign CLI to iOS and plan to do the same with neoaa, as well as supply pre-compiled Linux and macOS binaries soonish.
github.com/0xilis/apple... I finally got around to making a easy to use Apple ID key & auth data extractor for jailbroken iOS to use with libshortcutsign/shortcut-sign, so even if you don't have a Mac you can dump keys. Will be on my personal repo eventually...
GitHub - 0xilis/appleid-key-dumper: Apple ID Key/Cert dumper for jailbroken iOS. (shortcut-sign)
Apple ID Key/Cert dumper for jailbroken iOS. (shortcut-sign) - 0xilis/appleid-key-dumper
github.com
March 17, 2025 at 2:55 AM
github.com/0xilis/apple... I finally got around to making a easy to use Apple ID key & auth data extractor for jailbroken iOS to use with libshortcutsign/shortcut-sign, so even if you don't have a Mac you can dump keys. Will be on my personal repo eventually...
libNeoAppleArchive now can decrypt and extract all types of AEA thanks to
plx! Check it out: github.com/0xilis/libNe...
plx! Check it out: github.com/0xilis/libNe...
March 15, 2025 at 12:01 AM
libNeoAppleArchive now can decrypt and extract all types of AEA thanks to
plx! Check it out: github.com/0xilis/libNe...
plx! Check it out: github.com/0xilis/libNe...
I don't expect anyone to know but asking just in case: Any way I can get BackgroundShortcutRunner (not Shortcuts or ThumbnailExtension) to call WorkflowKit signed shortcut extraction methods
March 14, 2025 at 3:41 AM
I don't expect anyone to know but asking just in case: Any way I can get BackgroundShortcutRunner (not Shortcuts or ThumbnailExtension) to call WorkflowKit signed shortcut extraction methods
More Progress:
In Astroids, boots to the Accolade logo
Dr Mario and Tennis don't seem to render properly
In Astroids, boots to the Accolade logo
Dr Mario and Tennis don't seem to render properly
March 10, 2025 at 10:00 PM
More Progress:
In Astroids, boots to the Accolade logo
Dr Mario and Tennis don't seem to render properly
In Astroids, boots to the Accolade logo
Dr Mario and Tennis don't seem to render properly
i got my gameboy emulator to boot a hello world rom yay
March 10, 2025 at 4:27 AM
i got my gameboy emulator to boot a hello world rom yay
AEAProfile 0 multi-segment decoding is here, though currently does not support multiple clusters (>100mb files)…
March 9, 2025 at 7:12 AM
AEAProfile 0 multi-segment decoding is here, though currently does not support multiple clusters (>100mb files)…
libNeoAppleArchive aea support is coming... eventually
March 8, 2025 at 11:57 PM
libNeoAppleArchive aea support is coming... eventually
GitHub CodeQL experience: I could not get it to work and now it's stuck at "Setting up..." so I can't disable it, 10/10
March 6, 2025 at 9:31 PM
GitHub CodeQL experience: I could not get it to work and now it's stuck at "Setting up..." so I can't disable it, 10/10
github.com/0xilis/short... Direct signing is now available in shortcut-sign, cross compatible with macOS/Linux!
GitHub - 0xilis/shortcut-sign: Open-Source Signed Shortcut CLI tool for Linux+macOS
Open-Source Signed Shortcut CLI tool for Linux+macOS - 0xilis/shortcut-sign
github.com
March 6, 2025 at 5:46 PM
github.com/0xilis/short... Direct signing is now available in shortcut-sign, cross compatible with macOS/Linux!
github.com/0xilis/sharingd Decompilation of sharingd has started, this is in hopes that a tool to fetch Apple ID certificates / private keys / validation record for airdrop and shortcut signing is developed from the knowledge gained from the project, join if you want it would be appreciated
GitHub - 0xilis/sharingd: sharingd decomp for apple id server learning
sharingd decomp for apple id server learning. Contribute to 0xilis/sharingd development by creating an account on GitHub.
github.com
February 27, 2025 at 8:15 PM
github.com/0xilis/sharingd Decompilation of sharingd has started, this is in hopes that a tool to fetch Apple ID certificates / private keys / validation record for airdrop and shortcut signing is developed from the knowledge gained from the project, join if you want it would be appreciated