├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── kfd.xcodeproj ├── project.pbxproj └── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ ├── IDEWorkspaceChecks.plist │ ├── WorkspaceSettings.xcsettings │ └── swiftpm │ └── Package.resolved ├── kfd ├── Assets.xcassets │ ├── AccentColor.colorset │ │ └── Contents.json │ ├── AppIcon.appiconset │ │ ├── Contents.json │ │ └── kfd.png │ └── Contents.json ├── CBindings │ ├── CBindings.h │ ├── posix_spawn.h │ └── th_state.h ├── ContentView.swift ├── Preview Content │ └── Preview Assets.xcassets │ │ └── Contents.json ├── Sources.swift ├── fun │ ├── fun.h │ ├── fun.m │ ├── grant_full_disk_access.h │ ├── grant_full_disk_access.m │ ├── helpers.h │ ├── helpers.m │ ├── krw.c │ ├── krw.h │ ├── offsets.h │ ├── offsets.m │ ├── proc.c │ ├── proc.h │ ├── thanks_opa334dev_htrowii.h │ ├── thanks_opa334dev_htrowii.m │ ├── utils.h │ ├── utils.m │ ├── vnode.h │ └── vnode.m ├── kfd-Bridging-Header.h ├── kfd.entitlements ├── kfdApp.swift ├── libkfd.h ├── libkfd │ ├── AAAA.bin │ ├── PlampyWifi.car │ ├── SFUI.ttf │ ├── common.h │ ├── focusmain.caml │ ├── info.h │ ├── info │ │ ├── dynamic_info.h │ │ └── static_info.h │ ├── ios16.car │ ├── krkw.h │ ├── krkw │ │ ├── kread │ │ │ ├── kread_kqueue_workloop_ctl.h │ │ │ └── kread_sem_open.h │ │ └── kwrite │ │ │ ├── kwrite_dup.h │ │ │ └── kwrite_sem_open.h │ ├── lock.caf │ ├── main.caml │ ├── mainbluetooth.caml │ ├── mainbrightness.caml │ ├── mainforwardbackward.caml │ ├── mainplaypausestop.caml │ ├── mainvolume.caml │ ├── mainwifi.caml │ ├── modules.materialrecipe │ ├── modulesBackground.materialrecipe │ ├── packages.json │ ├── perf.h │ ├── puaf.h │ ├── puaf │ │ ├── physpuppet.h │ │ └── smith.h │ └── repos.json └── test.swift ├── macos_kfd.c ├── man.md └── writeups ├── exploiting-puafs.md ├── figures ├── exploiting-puafs-figure1.png ├── exploiting-puafs-figure2.png ├── physpuppet-figure1.png ├── physpuppet-figure2.png ├── physpuppet-figure3.png ├── physpuppet-figure4.png ├── physpuppet-figure5.png ├── physpuppet-figure6.png ├── smith-figure1.png ├── smith-figure2.png ├── smith-figure3.png └── smith-figure4.png ├── physpuppet.md └── smith.md /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/README.md -------------------------------------------------------------------------------- /kfd.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd.xcodeproj/project.pbxproj -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd.xcodeproj/project.xcworkspace/contents.xcworkspacedata -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings -------------------------------------------------------------------------------- /kfd.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved -------------------------------------------------------------------------------- /kfd/Assets.xcassets/AccentColor.colorset/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Assets.xcassets/AccentColor.colorset/Contents.json -------------------------------------------------------------------------------- /kfd/Assets.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Assets.xcassets/AppIcon.appiconset/Contents.json -------------------------------------------------------------------------------- /kfd/Assets.xcassets/AppIcon.appiconset/kfd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Assets.xcassets/AppIcon.appiconset/kfd.png -------------------------------------------------------------------------------- /kfd/Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Assets.xcassets/Contents.json -------------------------------------------------------------------------------- /kfd/CBindings/CBindings.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/CBindings/CBindings.h -------------------------------------------------------------------------------- /kfd/CBindings/posix_spawn.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/CBindings/posix_spawn.h -------------------------------------------------------------------------------- /kfd/CBindings/th_state.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/CBindings/th_state.h -------------------------------------------------------------------------------- /kfd/ContentView.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/ContentView.swift -------------------------------------------------------------------------------- /kfd/Preview Content/Preview Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Preview Content/Preview Assets.xcassets/Contents.json -------------------------------------------------------------------------------- /kfd/Sources.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/Sources.swift -------------------------------------------------------------------------------- /kfd/fun/fun.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/fun.h -------------------------------------------------------------------------------- /kfd/fun/fun.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/fun.m -------------------------------------------------------------------------------- /kfd/fun/grant_full_disk_access.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/grant_full_disk_access.h -------------------------------------------------------------------------------- /kfd/fun/grant_full_disk_access.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/grant_full_disk_access.m -------------------------------------------------------------------------------- /kfd/fun/helpers.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/helpers.h -------------------------------------------------------------------------------- /kfd/fun/helpers.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/helpers.m -------------------------------------------------------------------------------- /kfd/fun/krw.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/krw.c -------------------------------------------------------------------------------- /kfd/fun/krw.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/krw.h -------------------------------------------------------------------------------- /kfd/fun/offsets.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/offsets.h -------------------------------------------------------------------------------- /kfd/fun/offsets.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/offsets.m -------------------------------------------------------------------------------- /kfd/fun/proc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/proc.c -------------------------------------------------------------------------------- /kfd/fun/proc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/proc.h -------------------------------------------------------------------------------- /kfd/fun/thanks_opa334dev_htrowii.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/thanks_opa334dev_htrowii.h -------------------------------------------------------------------------------- /kfd/fun/thanks_opa334dev_htrowii.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/thanks_opa334dev_htrowii.m -------------------------------------------------------------------------------- /kfd/fun/utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/utils.h -------------------------------------------------------------------------------- /kfd/fun/utils.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/utils.m -------------------------------------------------------------------------------- /kfd/fun/vnode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/vnode.h -------------------------------------------------------------------------------- /kfd/fun/vnode.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/fun/vnode.m -------------------------------------------------------------------------------- /kfd/kfd-Bridging-Header.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/kfd-Bridging-Header.h -------------------------------------------------------------------------------- /kfd/kfd.entitlements: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/kfd.entitlements -------------------------------------------------------------------------------- /kfd/kfdApp.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/kfdApp.swift -------------------------------------------------------------------------------- /kfd/libkfd.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd.h -------------------------------------------------------------------------------- /kfd/libkfd/AAAA.bin: -------------------------------------------------------------------------------- 1 | PLZ_GIVE_ME_GIRLFRIENDS_!@# 2 | -------------------------------------------------------------------------------- /kfd/libkfd/PlampyWifi.car: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/PlampyWifi.car -------------------------------------------------------------------------------- /kfd/libkfd/SFUI.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/SFUI.ttf -------------------------------------------------------------------------------- /kfd/libkfd/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/common.h -------------------------------------------------------------------------------- /kfd/libkfd/focusmain.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/focusmain.caml -------------------------------------------------------------------------------- /kfd/libkfd/info.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/info.h -------------------------------------------------------------------------------- /kfd/libkfd/info/dynamic_info.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/info/dynamic_info.h -------------------------------------------------------------------------------- /kfd/libkfd/info/static_info.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/info/static_info.h -------------------------------------------------------------------------------- /kfd/libkfd/ios16.car: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/ios16.car -------------------------------------------------------------------------------- /kfd/libkfd/krkw.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/krkw.h -------------------------------------------------------------------------------- /kfd/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h -------------------------------------------------------------------------------- /kfd/libkfd/krkw/kread/kread_sem_open.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/krkw/kread/kread_sem_open.h -------------------------------------------------------------------------------- /kfd/libkfd/krkw/kwrite/kwrite_dup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/krkw/kwrite/kwrite_dup.h -------------------------------------------------------------------------------- /kfd/libkfd/krkw/kwrite/kwrite_sem_open.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/krkw/kwrite/kwrite_sem_open.h -------------------------------------------------------------------------------- /kfd/libkfd/lock.caf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/lock.caf -------------------------------------------------------------------------------- /kfd/libkfd/main.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/main.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainbluetooth.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainbluetooth.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainbrightness.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainbrightness.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainforwardbackward.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainforwardbackward.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainplaypausestop.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainplaypausestop.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainvolume.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainvolume.caml -------------------------------------------------------------------------------- /kfd/libkfd/mainwifi.caml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/mainwifi.caml -------------------------------------------------------------------------------- /kfd/libkfd/modules.materialrecipe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/modules.materialrecipe -------------------------------------------------------------------------------- /kfd/libkfd/modulesBackground.materialrecipe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/modulesBackground.materialrecipe -------------------------------------------------------------------------------- /kfd/libkfd/packages.json: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kfd/libkfd/perf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/perf.h -------------------------------------------------------------------------------- /kfd/libkfd/puaf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/puaf.h -------------------------------------------------------------------------------- /kfd/libkfd/puaf/physpuppet.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/puaf/physpuppet.h -------------------------------------------------------------------------------- /kfd/libkfd/puaf/smith.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/puaf/smith.h -------------------------------------------------------------------------------- /kfd/libkfd/repos.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/libkfd/repos.json -------------------------------------------------------------------------------- /kfd/test.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/kfd/test.swift -------------------------------------------------------------------------------- /macos_kfd.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/macos_kfd.c -------------------------------------------------------------------------------- /man.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /writeups/exploiting-puafs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/exploiting-puafs.md -------------------------------------------------------------------------------- /writeups/figures/exploiting-puafs-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/exploiting-puafs-figure1.png -------------------------------------------------------------------------------- /writeups/figures/exploiting-puafs-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/exploiting-puafs-figure2.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure1.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure2.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure3.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure4.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure5.png -------------------------------------------------------------------------------- /writeups/figures/physpuppet-figure6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/physpuppet-figure6.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/smith-figure1.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/smith-figure2.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/smith-figure3.png -------------------------------------------------------------------------------- /writeups/figures/smith-figure4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/figures/smith-figure4.png -------------------------------------------------------------------------------- /writeups/physpuppet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/physpuppet.md -------------------------------------------------------------------------------- /writeups/smith.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GenericCoding/kfd/HEAD/writeups/smith.md --------------------------------------------------------------------------------