Merge pull request #856 from daem0nc0re/master

Update arm64-basic-assembly.md
HackTricks-wiki · Apr 19, 2024 · 3a259bd · 3a259bd
2 parents 0e8c469 + 4be8989
commit 3a259bd
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/...-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md b/...-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
@@ -409,12 +409,22 @@ ld -o shell shell.o -syslibroot $(xcrun -sdk macosx --show-sdk-path) -lSystem
 To extract the bytes:
 
 ```bash
-# Code from https://github.com/daem0nc0re/macOS_ARM64_Shellcode/blob/master/helper/extract.sh
+# Code from https://github.com/daem0nc0re/macOS_ARM64_Shellcode/blob/b729f716aaf24cbc8109e0d94681ccb84c0b0c9e/helper/extract.sh
 for c in $(objdump -d "s.o" | grep -E '[0-9a-f]+:' | cut -f 1 | cut -d : -f 2) ; do
     echo -n '\\x'$c
 done
 ```
 
+For newer macOS:
+
+```bash
+# Code from https://github.com/daem0nc0re/macOS_ARM64_Shellcode/blob/fc0742e9ebaf67c6a50f4c38d59459596e0a6c5d/helper/extract.sh
+for s in $(objdump -d "s.o" | grep -E '[0-9a-f]+:' | cut -f 1 | cut -d : -f 2) ; do
+    echo -n $s | awk '{for (i = 7; i > 0; i -= 2) {printf "\\x" substr($0, i, 2)}}'
+done
+```
+
+
 <details>
 
 <summary>C code to test the shellcode</summary>

diff --git a/...e-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md b/...e-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
@@ -130,7 +130,7 @@ To extract the bytes:
 
 {% code overflow="wrap" %}
 ```bash
-# Code from https://github.com/daem0nc0re/macOS_ARM64_Shellcode/blob/master/helper/extract.sh
+# Code from https://github.com/daem0nc0re/macOS_ARM64_Shellcode/blob/b729f716aaf24cbc8109e0d94681ccb84c0b0c9e/helper/extract.sh
 for c in $(objdump -d "shell.o" | grep -E '[0-9a-f]+:' | cut -f 1 | cut -d : -f 2) ; do
     echo -n '\\x'$c
 done