sskaje's blog, study & research on technology
using GraphicsMagick
Convert full page to %d.png
|
1 |
gm convert -verbose -density 200 aaa.pdf -quality 100 -sharpen 0x1.0 +adjoin aaa-%d.png 2>&1"; |
Convert first page
|
1 |
gm convert -verbose -density 200 aaa.pdf[0] -quality 100 -sharpen 0x1.0 +adjoin aaa-%d.png 2>&1"; |
调试某软件,需要取到断点时候的内存数据。
之前是每次到断点,一个地址一个地址地 p 或者 memory read,后来看到 breakpoint command 命令,于是有了:
添加断点
|
1 2 |
(lldb) breakpoint set -a 0x100110000 Breakpoint 1: where = someapp`___lldb_unnamed_symbol10122$$global, address = 0x0000000100110000 |
添加命令
|
1 2 |
(lldb) breakpoint command add 1.1 Enter your debugger command(s). Type 'DONE' to end. |
输入命令
|
1 2 3 |
> memory read -f Y -c 0x100 $x1 > memory read -f Y -c 0x100 $x2 > DONE |
这样,每次运行到断点的时候,就会执行这两条命令。
I write this project just because I don’t like those game memory editor like igg.
Code: https://github.com/sskaje/mh
CMake is required for building. Build scripts already included in build/.
Leave an issue if there’s any bugs/feature requests.
iPhone 5s, iOS 11.1
Jailbroken by Electra
Cydia Impactor and a new Apple ID required (You can use your own Apple ID at your risk).
If any error occurs on Cydia Impactor, try to login in Xcode and remove useless app/cert.
Trust your developer certificate in iOS Settings => General => Profiles & Device Management => DEVELOPER APP.
helloworld.c
|
1 2 3 4 5 6 |
#include <stdio.h> int main() { printf("Hello, world!\n"); return 0; } |
build
|
1 |
clang -arch arm64 -mios-version-min=10.2 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -o helloworld helloworld.c |
sign with jtool
|
1 |
ARCH=arm64 jtool --sign --ent ent.xml helloworld |
ent.xml
|
1 2 3 4 5 6 7 8 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>platform-application</key> <true/> </dict> </plist> |
upload and run helloworld
|
1 2 3 4 5 |
iPhone:~ root# /tmp/helloworld -sh: /tmp/helloworld: Operation not permitted iPhone:~ root# mv /tmp/helloworld /bin/ iPhone:~ root# helloworld Hello, world! |
If this binary is not signed with platform-application entitlement, it will get a ‘Killed’ if it’s under /bin/
I wrote a cli based memory editor, which requires more than a hello world.
1 entitlements
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.springboard.debugapplications</key> <true/> <key>get-task-allow</key> <true/> <key>proc_info-allow</key> <true/> <key>task_for_pid-allow</key> <true/> <key>run-unsigned-code</key> <true/> <key>platform-application</key> <true/> </dict> </plist> |
2 patch_setuid() from coolstar’s example. But I’m using code from electra’s cydia fork, also mentioned after his example.
3 Special thanks to ThisTakenIsUsername.
我的阿里云服务器网络处于混合过度模式,逐步从经典网络往专有网络迁移。
之前每台经典网络主机都申请了公网IP和带宽,实际上对于大多数主机的业务而言,并不需要对外提供网络服务,只需要能访问外网即可。
所以这次新加的主机部分都没有去加弹性公网IP。
于是带来了问题:内网主机如何访问外网?
阿里云的dnat方案太贵了。不考虑。
尝试过本地配置网关,但是实验证明,阿里云的VPC交换机不是一个纯粹的二层交换,也许是设计有问题,也许是刻意阻止用户自己拿一台能访问公网的主机当内网网关。
所以这次使用WireGuard实现网络架构调整。
阿里云的经典网络主机里加了几条默认的路由:
|
1 2 3 |
10.0.0.0/8 172.16.0.0/12 100.64.0.0/10 |
前两个都好说,第三个是运营商级的NAT网络地址,之前在 OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter 里提过贵州电信的光纤网络对外就是这个地址段。
WireGuard的配置过程参考之前的文章,此处不多解释,只贴配置。
Continue reading “使用WireGuard为阿里云专有网络主机提供外网访问” »