NyanSatan

[
    {
        "build": "21C66",
        "fw": "iPhone11,2,iPhone11,4,iPhone11,6_17.2.1_21C66_Restore.ipsw",
        "file": "LLB.d331p.RELEASE.im4p",
        "kbag": "ceb94a60d2ab04749f320df617939ee51d83c1075500c630135fa816801fa2465aa60d32bb4b1aface8d4edae78ed8c1",
        "key": "8f8e2885ba96e189ee3e31553da43c303c6014bb91285ce572a2eac6a72320ca5f5fef05b8d9a429857544fb7d22136e"
    },
    {
        "build": "21C66",

paultheman

Guide on how to remap Keyboard keys on macOS

Update 17.10.2024: macOS 15 no longer requires root privileges for hidutil, you need to add hidutil and Terminal to 'Input Monitoring' in Settings/Privacy & Security tab.

Update 13.04.2024: On macOS 14.2 hidutil requires root privileges.

If you have a mac with an INT (ISO) keyboard you might want to change the ± key to ~. During my research I found that the information on this topic is not at all centralized. I prefer this option because it does not involve installing new software.

With macOS 10.12 Sierra Apple introduced hidutil as a tool to remap keyboard keys. See TN2450.

macshome

How to Defang macOS System Protections

If you want to change things on the root drive of a Mac you will need to take some steps to disable the built in security of the system. Most of these steps are the same regardless if you are on Intel or Apple Silicon. If there is a difference it is noted.

Note that all of these things put a Mac into an unsupported and less secure state.

Make sure you either perform these steps in a VM or that you reset the protections after you are done poking around

Protections and Terms

(This list is not exahustive on the details of each. Check the links at the end for more info.)

LinusHenze

iOS 16 introduced launch constraints, which can be used to constraint the launch of an application.
There are three types of constraints:
    Self Constraints, which the launched application itself must meet
    Parent Constraints, which the parent process must meet
    Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service)

Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints.
Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements).

Constraint Categories (from TrustCache, new in version 2):

networkextension

ARMv8.3 Pointer Authentication in xnu

Introduction

This document describes xnu's use of the ARMv8.3-PAuth extension. Specifically, xnu uses ARMv8.3-PAuth to protect against Return-Oriented-Programming (ROP) and Jump-Oriented-Programming (JOP) attacks, which attempt to gain control flow over a victim program by overwriting return addresses or function pointers

nooriro

sunfish       Q  QD4A.200317.024.A1   s5-0.2-6281315      g7150-00013-200421-B-6413509    806584320  571858944 2183749632          0     6456895   1588517452   MCFG-g7150-00013-200416-B-6400682
sunfish       Q  QD4A.200317.027      s5-0.2-6281315      g7150-00013-200424-B-6426960    806584320  571858944 2183749632          0     6463901   1588696545   MCFG-g7150-00013-200424-B-6426960
sunfish       Q  QD4A.200805.001      s5-0.2-6281315      g7150-00013-200421-B-6413509    806588416  571871232 2183778304          0     6583866   1591947723   MCFG-g7150-00013-200424-B-6426960
sunfish       Q  QD4A.200805.003      s5-0.2-6281315      g7150-00013-200424-B-6426960    806588416  571871232 2183778304          0     6598198   1592375158   MCFG-g7150-00013-200424-B-6426960
sunfish       R  RPB3.200720.005      s5-0.2-6539975      g7150-00018-200701-B-6643937    819929088  550354944 2050846720  231133184     6705141   1595555810   MCFG-g7150-00018-200701-B-6643937
sunfish       R  RP1A.200720.010      s5-0.2-6539975  

LeoNatan

csrutil disable
sudo nvram boot-args="intcoproc_unrestricted=1 kext-dev-mode=1 amfi_allow_any_signature=1 amfi_unrestrict_task_for_pid=1 PE_i_can_has_debugger=1 cs_enforcement_disable=1 amfi_get_out_of_my_way=1 amfi=0xff cs_debug=1 ipc_control_port_options=0"
sudo spctl --global-disable
sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool NO
sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always
sudo defaults write /Library/Preferences/com.apple.security.coderequirements AllowUnsafeDynamicLinking -bool YES
sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool YES
defaults write com.apple.loginwindow DisableScreenLockImmediate -bool yes

tom-seddon

Random Mach notes

mach_thread_self increments ref count

Each call to mach_thread_self adds another MACH_PORT_RIGHT_SEND refcount. For each call to mach_thread_self, you need to call mach_port_deallocate on the result.

(This does not apply to mach_task_self.)

knightsc

#! /bin/bash
#
# build-xnu-6153.11.26.sh
# Scott Knight
#
# Based on the script by Brandon Azad
# https://gist.github.com/bazad/654959120a423b226dc564073b435453
#
# A script showing how to build XNU version 6153.11.26 on macOS Catalina
# 10.15 with Xcode 11.13.1.

bazad

// Brandon Azad (@_bazad)

#include <assert.h>
#include <errno.h>
#include <mach/mach.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>