| Day | Title | link |
|---|---|---|
| 1 | Apple Source code | https://www.youtube.com/watch?v=WxOZgr0Ld9o |
| 2 | Mach-O Binaries | https://www.youtube.com/watch?v=G_bDl5hv8kY |
| 3 | PAC (Pointer Authentication Codes) | https://www.youtube.com/watch?v=9neXmcwtCF8 |
| 4 | dyld_shared_cache | https://www.youtube.com/watch?v=I1ZkONfyHG4 |
| 5 | Userspace Memory Layout | https://www.youtube.com/watch?v=MUr7qg7iqKE |
| 6 | SIP | https://www.youtube.com/watch?v=HeOVKe0xpW0 |
| 7 | Kernel Boot Arguments | https://www.youtube.com/watch?v=gjOKlBpJWoc |
| 8 | XNU Source Code Overview | https://www.youtube.c |
arm64eabi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // ViewController.m | |
| // JBDetectTest | |
| // | |
| // Created by seo on 3/27/25. | |
| // | |
| #import "ViewController.h" | |
| #import <dlfcn.h> |
JJTech0130
/ debugger_jit_improved.m
Last active
August 7, 2025 22:50
Improved method of using a debugger for JIT on iOS... Uses split rx/rw regions, and works on iOS 18.4b1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <mach/mach.h> | |
| #import <stdio.h> | |
| #import <stdlib.h> | |
| #import <string.h> | |
| #include <libkern/OSCacheControl.h> | |
| const int REGION_SIZE = 0x4000*1; | |
| void write_instructions(void* page) |
justtryingthingsout
/ l2c_sts.txt
Last active
June 2, 2025 08:05
Graphics AGX L2C Error Status (0x206140008 in Operation Triangulation)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The `chkdatecc` field was set during Operation Triangulation. | |
| 0x206140008: | |
| b[63]: rsvd_63 Reserved | |
| b[62]: cfgerren Enable error register locking and asynchronous reporting when CfgErrESV is set. | |
| b[61]: chksnphit Deprecated | |
| (If set, check that snoops hit in L2C tag, and if they miss, log an error. | |
| If clear, trust the way info from AF and do not read the tags for snoops.) |
justtryingthingsout
/ l2cramcfg.txt
Last active
June 1, 2025 22:03
Graphics AGX L2C RAM Configuration (0x206140108 in Operation Triangulation)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The `ready` and `enablesize` fields were set during Operation Triangulation. | |
| 0x206140108: | |
| b[63]: ready RAM available for use | |
| b[62:30]: rsvd_62_30 Reserved | |
| b[29:24]: regionbase Base region within LLC (starting way). | |
| Base address does not change. | |
| (EnableSize+RegionBase) must be less than or equal to (RegionNum+1) and | |
| EnableSize must be less than or equal to RegionNum. | |
| b[23:22]: rsvd_23_22 Reserved |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // pplrw.m | |
| // kfd | |
| // | |
| // Created by Lars Fröder on 29.12.23. | |
| // | |
| #import <Foundation/Foundation.h> | |
| #import <dlfcn.h> | |
| #import <mach-o/dyld.h> |
b0gdanw
/ Disable-Sonoma-Bloatware.sh
Last active
September 6, 2025 00:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| # WARNING! The script is meant to show how and what can be disabled. Don’t use it as it is, adapt it to your needs. | |
| # Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3 | |
| # Disabling unwanted services on macOS Big Sur (11), macOS Monterey (12), macOS Ventura (13) and macOS Sonoma (14) | |
| # Disabling SIP is required ("csrutil disable" from Terminal in Recovery) | |
| # Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist, disabled.501.plist | |
| # To revert, delete /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist and reboot; sudo rm -r /private/var/db/com.apple.xpc.launchd/* | |
| # user |
ARM defines ACTLR_EL[321] as implementation defined.
Apple adds an IMPDEF ACTLR_EL12 as s3_6_c15_c14_6 and effectively implements VHE semantics. This does not seem to violate the architecture, since the register contents are IMPDEF anyway so nothing says they can't alias ACTLR_EL1 and ACTLR_EL2 together in EL2.
ACTLR_EL1 is trapped by HCR_EL2.TACR. It is also trapped by HACR_EL2<0> (which has all the controls for fine-grained Apple IMPDEF stuff).
In addition, AIDR_EL1 contains feature bits for Apple IMPDEF functionality. It is identical in EL1 and EL2 and is trapped by HCR_EL2.TID1 and HACR_EL2<4>.
steven-michaud
/ ThirdPartyKexts.md
Last active
September 7, 2025 21:10
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs
As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to
zhuowei
/ reachable_services.txt
Created
February 21, 2023 06:26
Reachable Mach services from the app sandbox on iOS 16.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PurpleSystemAppPort | |
| PurpleSystemEventPort | |
| UIASTNotificationCenter | |
| com.apple.ABDatabaseDoctor | |
| com.apple.AppSSO.service-xpc | |
| com.apple.AuthenticationServicesCore.AuthenticationServicesAgent | |
| com.apple.CARenderServer | |
| com.apple.ClipServices.clipserviced | |
| com.apple.CoreAuthentication.daemon | |
| com.apple.DeviceAccess.xpc |
NewerOlder