0xilis Profile Banner
Snoolie🎱 (@snoolie.gay on bsky) Profile
Snoolie🎱 (@snoolie.gay on bsky)

@0xilis

Followers
587
Following
42K
Media
436
Statuses
5K

Apple girl

Joined July 2022
Don't wanna be here? Send us removal request.
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
22 hours
RT @fileintegrity: Proud to announce that I’m interning at Apple this summer on the UIKit team!!
Tweet media one
0
8
0
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
8 days
I am sorry for anyone who’s ever DMed me and I didn’t respond or check because this most of my DM list…
Tweet media one
0
0
1
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
20 days
today is my birthday.
12
0
18
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
21 days
I found out a way, but it seems like it fails to bundle any frameworks with the app, fun….
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
22 days
Weird question: Does anyone know of any way to upload iOS apps with 32bit slices onto App Store Connect nowadays, or are all ways of doing it discontinued?.
0
0
1
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
22 days
Weird question: Does anyone know of any way to upload iOS apps with 32bit slices onto App Store Connect nowadays, or are all ways of doing it discontinued?.
0
0
1
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
27 days
I'll port the github gist over to a blogpost eventually when I feel like it. .
0
0
1
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
27 days
Finally put out a tutorial for creating certificates to sign shortcuts instead of having Apple do it. Thought this was a vuln at first but Apple closed the report after a couple months so I guess it's intended. Old demo also here:
3
7
95
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
30 days
RT @elihwyma:
Tweet media one
Tweet media two
Tweet media three
0
1
0
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
1 month
RT @eshard: Our journey with the #iOS emulator continues. We show how we reached the home screen, enabled multitouch, unlocked network acc….
0
81
0
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
1 month
I figured out today that if you have a pbzx with the compressedSize == uncompressedSize (at least for ZLIB) iOS fails to extract it. I thought this was a bug with libNeoAppleArchive at first but after some testing yeah it’s this.
0
0
4
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
1 month
Shout out to bsd/net/dlil_subr.c because i keep getting a integer overflow somehow which results in a panic (this is not a vulnerability I believe, just a kernel bug but is very annoying for daily use…).
0
0
2
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
1 month
I wonder how this works 🤔.
0
0
0
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
One thing that I’ve always wanted to reverse is how Shortcuts handles its permissions, but I’ve never had the time… maybe I should finally look into it even if I don’t think I’ll find anything.
2
0
7
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
Be totally honest, would you think anyone would use a Shortcuts emulator that works on Linux (and other Unix systems)?.
2
0
5
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
I really should not have waited this long to diff it lol. Most of my attention has moved to Kernel recently but I am still looking at libAppleArchive too, I wonder if there are any more bugs that I haven't found yet hmm. .
0
0
4
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
I *finally* got around to checking the patch for libAppleArchive; seemed like they now properly check for mkdir() return (and some other stuff), good patch.
3
1
14
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
Well I asked them, 80% chance they're going to deny, I wish I thought of this when I submitted my original report. My biggest hope is that the macOS sandbox escape part may not be considered after the fact since I did technically show them a PoC of it, just not automated.
1
0
3
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
I’m like 80% sure Apple will reject the bounty reevaluation I will send them, but I mean, it never hurts to try, praying they actually accept and give me a bounty even if they decrease it since it’s after the fact 🙏.
1
0
16
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
Thing is I didn’t submit this or the Sandbox Escape (well I did kinda the sandbox escape but just mentioned it as a gatekeeper bypass), and it’s already been marked as resolved so idk if they would still accept these, my bad. If they do though, like they gotta pay for this right.
0
0
8
@0xilis
Snoolie🎱 (@snoolie.gay on bsky)
2 months
Assuming shortcut privacy prompts are kept in database, these can also be overwritten by the exploit. So then, our attacker can have as much data about the user that Shortcuts lets them. Should I resubmit this + sandbox escape for bounty reeval or since it’s been 1 year no (3/3).
2
0
8