James Gill JJTech0130

Reverse engineer, student

JJTech0130 / carrier_bundle.py

Created October 29, 2025 01:06

Fetch carrier bundle info from iTunes servers

JJTech0130 / generate_esim.sh

Last active October 23, 2025 01:50

	#!/usr/bin/env bash
	set -euo pipefail

	# Configuration
	CONFIG_ID="8da72a14ba6942ac904c2f028aada7cb" # Simlessly eSIM config ID

	CBRS_PREFIX="315010" # CBRS MCC+MNC per your request
	CBRS_IBN="9999" # CBRS IBN for testing/shared
	DEFAULT_KI="$(printf 'A%.0s' {1..32})" # 32 hex chars of 'A' -> 16 bytes (testing)
	DEFAULT_OPC="$(printf 'A%.0s' {1..32})" # same for OPc

JJTech0130 / partfinder.py

Created August 23, 2025 03:07

Lookup Ford parts by scraping parts.ford.com

	import requests
	import json
	import rich
	from bs4 import BeautifulSoup, Tag

	DEALER_STORE_ID=1405 # You can pretty much pick any dealer
	CATALOG_ID=251 # Not sure

	def get_wc_cookies():
	# curl -L 'https://parts.ford.com/shop/AjaxManageUserVehicles' -H 'Content-Type: application/x-www-form-urlencoded' -d 'storeId=1405'

JJTech0130 / obdlink.py

Last active August 11, 2025 18:30

Now part of https://github.com/JJTech0130/fdiag

	import serial
	from serial.tools import list_ports
	import time

	class CANError(Exception):
	"""Custom exception for CAN-related errors."""
	pass

	class ELM327:
	def __init__(self, port, baud):

JJTech0130 / ford_login.py

Created May 22, 2025 17:18

	import requests
	import webview
	import time
	from xml.etree import ElementTree as ET

	def login():
	# Open a WebView to https://www.fdspcl.dealerconnection.com/NonDealerLogin?accountCountry=USA&accountLanguage=EN
	# and wait for it to redirect to https://www.fdspcl.dealerconnection.com/AuthorizeNonDealer
	# and then get a FDRS cookie

JJTech0130 / flock_fcntl_bug.m

Last active May 28, 2025 20:22

	/*
	clang ./locks.m -framework Foundation -l sqlite3 && ./a.out
	*/
	#import <Foundation/Foundation.h>
	#include <unistd.h>
	#include <libproc.h>
	#include <sys/stat.h>
	#include <sys/xattr.h>
	#include <fcntl.h>
	#include <spawn.h>

JJTech0130 / DebugLocks.swift

Last active May 2, 2025 18:45

	import Foundation
	import Darwin
	import Logging

	// MARK: - Dynamic Symbol Lookup

	func resolve<T>(_ base64Symbol: String) -> T? {
	let decoded = Data(base64Encoded: base64Symbol)!
	let symbol = decoded.withUnsafeBytes { ptr in
	String(cString: ptr.bindMemory(to: CChar.self).baseAddress!)

JJTech0130 / lldb.py

Created April 23, 2025 04:29

LLDB remote protocol

	"""
	Implements Apple's customized version of the GDB/LLDB remote protocol, intended for use with debugserver on iOS.
	A macOS implementation of debugserver can be found here: https://github.com/swiftlang/llvm-project/blob/next/lldb/tools/debugserver/source/debugserver.cpp

	Use the script tools/proxy.py to proxy the real lldb implementation to discover new commands.
	"""
	from anyio.abc import ByteStream

	class GDBRemote:
	"""

JJTech0130 / debugger_jit_improved.m

Last active October 30, 2025 09:09

Improved method of using a debugger for JIT on iOS... Uses split rx/rw regions, and works on iOS 18.4b1

	#import <Foundation/Foundation.h>
	#import <mach/mach.h>
	#import <stdio.h>
	#import <stdlib.h>
	#import <string.h>
	#include <libkern/OSCacheControl.h>

	const int REGION_SIZE = 0x4000*1;

	void write_instructions(void* page)

JJTech0130 / debugger_jit_test.m

Created February 23, 2025 03:43

	#import <Foundation/Foundation.h>
	#import <mach/mach.h>
	#import <stdio.h>
	#import <stdlib.h>
	#import <string.h>

	#define PAGE 0x4000

	__attribute__((section("__TEXT,__nop_section"), aligned(PAGE)))
	static const uint32_t nop_page[PAGE / sizeof(uint32_t)] = {