This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ====================================================================================== | |
| ====================================================================================== | |
| == Tweedle D & Tweedle dum! ========================================================== | |
| ====================================================================================== | |
| ====================================================================================== | |
| Sun, 25 Oct 2020 4:44PM PST.... ====================================================== | |
| Author: NOBODY (et-al) =============================================================== | |
| ====================================================================================== | |
| = OR 'hello world of TMM & PKA' ====================================================== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| There is a bug in SEPROM, at least up to A10 (the one I reversed), in the trustzone bounds checks. | |
| The trustzone is setup by the main AP in an early boot stage and because of that SEPROM has to verify that it's setup correctly before continuing to boot SEPOS. | |
| Otherwise the AP could write to SEPOS RAM and with that it might be able to get code execution on the SEP. | |
| The verification is done by first checking if the trustzone values are locked and then if they are correct. | |
| Those values are stored in hardware registers that both processors share. | |
| The registers are 32 bit tho and because of that apple decided to shift the address down by 12 bits before putting it into the registers. | |
| This means that if you want to lock down 0x1000000 to 0x2000000 you will actually write 0x1000 and 0x2000 to the registers. | |
| On the other side SEPROM loads these values from the hardware registers again. | |
| But instead of just comparing them against some constant it shifts up all of those values by 12 bits again before doing any check on |
bazad
/ arm64_sysregs_ios.py
Created
July 17, 2020 19:58
Label iOS arm64 system registers in IDA Pro
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # arm64_sysregs_ios.py | |
| # Brandon Azad | |
| # | |
| # Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre. | |
| # | |
| import idautils | |
| import idc |
NyanSatan
/ lina_tristar.c
Created
June 30, 2020 16:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define TRISTAR_IIC_BUS 0 | |
| #define CBTL1610_R 0x35 | |
| #define CBTL1610_W 0x34 | |
| void (*task_sleep)(uint64_t delay) = TARGET_BASEADDR + 0x1FFDC; | |
| int (*iic_read)(int iic, uint8_t address, const void *send_data, size_t send_len, void *data, size_t len, uint8_t fmt) = TARGET_BASEADDR + 0xA008; | |
| int (*iic_write)(int iic, uint8_t address, const void *data, size_t len) = TARGET_BASEADDR + 0xA168; | |
| int (*tristar_write)(uint8_t reg, uint8_t value) = TARGET_BASEADDR + 0xD644; | |
| int (*tristar_read)(uint8_t reg, uint8_t *data) = TARGET_BASEADDR + 0xD604; |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| afDIGHr84A84jh19Kphgp428DNPdnapq | |
| 20:29:15.2763|l | |
| 20:29:16.4317|ls | |
| 20:29:17.6629|s000151.119712 wlan0.A[124] setStatsTimerIntervalMS@3046: Configured delta_stats_interval(secs): 1 | |
| 20:29:21.6546|000151.129102 wlan0.A[125] setLQM_CONFIG@21420:Setting ECounter update interval to: 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| help | |
| DiagShell builtin commands: | |
| "time" time <command-line ...> | |
| "echo" echo <arguments ...> | |
| "waitfor" waitfor <timeout-milliseconds> <string-to-match> | |
| "repeat" repeat <time-spec> <command line ...> | |
| "alias" alias [<name>[=<command line>]] | |
| "unalias" unalias <name> | |
| "true" true |
userlandkernel
/ off_finder.sh
Last active
November 23, 2023 18:00
Finds all symbol offsets in a decompressed XNU kernelcache
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| RADARE="$(which rabin2)" #We need rabin2 | |
| KERNELCACHE_FILE="$1" #This will be the path to a decompressed kernelcace, e.g: /tmp/kernel | |
| OFFSETS_FILE="$2" #This is the path and name of the file where the offsets should be stored in, don't add .c or .h the script will do! | |
| STRUCTNAME="$3" | |
| H_FILE="$OFFSETS_FILE.h" # your_chosen_name.h | |
| C_FILE="$OFFSETS_FILE.c" # your_chosen_name.c |
Petrakeas
/ renderscriptresize.java
Last active
February 17, 2021 06:57
A method that uses RenderScript to downscale an image without aliasing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static Bitmap resizeBitmap2(RenderScript rs, Bitmap src, int dstWidth) { | |
| Bitmap.Config bitmapConfig = src.getConfig(); | |
| int srcWidth = src.getWidth(); | |
| int srcHeight = src.getHeight(); | |
| float srcAspectRatio = (float) srcWidth / srcHeight; | |
| int dstHeight = (int) (dstWidth / srcAspectRatio); | |
| float resizeRatio = (float) srcWidth / dstWidth; | |
| /* Calculate gaussian's radius */ |
hvmonteiro
/ legal-notice-example01
Last active
April 29, 2025 08:33
LEGAL Notices for Login/MOTD unix banners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WARNING : Unauthorized access to this system is forbidden and will be | |
| prosecuted by law. By accessing this system, you agree that your actions | |
| may be monitored if unauthorized usage is suspected. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| INSTALLING | |
| curl --create-dirs -o ~/.lldb/cfdata.py https://gist.githubusercontent.com/ikonst/364af37c44e5f549b722/raw/cfdata.py \ | |
| && echo 'command script import ~/.lldb/cfdata.py' >> ~/.lldbinit | |
| USING | |
| (lldb) cfdata_save some_cfdata /Users/john/foo | |
| (lldb) cfdata_save some_nsdata /Users/john/bar |