zhuowei

airshield::SHA256::Incremental::update:              0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
70cc5380a8  05 b5 e3 76 dd 00 17 f1 9a d3 78 b4 95 18 7f 72  ...v......x....r
airshield::SHA256::Incremental::update:              0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
70cc5381b8  01 57 b2 f6 7f fa 0b 00 be f0 05 fd d8 4c b0 5b  .W...........L.[
70cc5381c8  dc a2 1f 81 35 a9 c1 12 d5 36 34 e2 85 6c e4 15  ....5....64..l..
airshield::SHA256::Incremental::update:              0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
6e1575a8d0  7e 50 30 2f 39 85 0e 06 9a 1f fb 4d 9c 06 60 e9  ~P0/9......M..`.
6e1575a8e0  72 c7 b1 2d c1 49 68 01 14 11 e3 36 6b 5a b6 ef  r..-.Ih....6kZ..
6e1575a8f0  35 85 4c 82 f5 7b e4 23 b0 32 78 6f 1f c8 c0 a5  5.L..{.#.2xo....
6e1575a900  3d a9 16 aa 46 6c 34 cd b2 da d6 4d 1b e4 97 7b  =...Fl4....M...{

zhuowei

from cryptography.hazmat.primitives.asymmetric import ec, utils
from cryptography.hazmat.primitives import hashes

# validating Meta Ray-Ban's communication protocol's EnableTrust message

"""
logcat:
10-31 01:31:36.281 16311 17245 I BleConnection-Hypernova: Started enable trust process
10-31 01:31:36.284 16311 17245 I connectivity::Identity: ----------------------------------------------
10-31 01:31:36.284 16311 17245 I connectivity::Identity: Enable Trust

zhuowei

02-01 15:50:41.440  1054  2886 I AirTrafficControl: Assigned p/com.meta.smartglass.app.oobe/i/28218 to companion service hypernova_onboarding (7003)

02-01 17:50:10.843 11614 11664 I AirTrafficControl: Assigned p/enforcement/i/15 to companion service smartglasses_battery_insight (48)
02-01 17:50:10.843 11614 11919 I AirTrafficControl: Assigned p/communicationservice/i/20 to companion service wearables_whatsapp_linking (89)
02-01 17:50:10.844 11614 11917 I AirTrafficControl: Assigned p/mediamanagement/i/22 to companion service smartglasses_media_management (18)
02-01 17:50:10.844 11614 11916 I AirTrafficControl: Assigned p/driveservice/i/23 to companion service rl_drive (33)
02-01 17:50:10.844 11614 11913 I AirTrafficControl: Assigned p/sgnotificationingestionservice/i/21 to companion service sg_wearable_notification (46)
02-01 17:50:10.844 11614 11917 I AirTrafficControl: Assigned p/navigationservice/i/25 to companion service smartglasses_navigation (42)
02-01 17:50:10.844 11614 11913 I AirTrafficControl: Ass

zhuowei

curl -H 'Content-Type: text/xml;charset=utf-8' -H 'SOAPAction: VTechDA.WService/GetDLContentSignedCookies' -H 'Connection: Keep-Alive' --compressed -H 'Accept-Language: en-US,*' -H 'User-Agent: Mozilla/5.0' -H 'Host: www.vtechda.com:443' -X POST https://www.vtechda.com/wservices/DLContentPlugin.asmx -d "$(printf '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">\x0a<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">\x0a<CommonHeader xmlns="VTechDA.WService">\x0a<strToken xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance">dnZ7cmN7d3hjfHN0ZncIYHVgFAZ2awA=</strToken>\x0a</CommonHeader>\x0a</SOAP-ENV:Header>\x0a<SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">\x0a<GetDLContentSignedCookies xmlns="VTechDA.WService">\x0a<PID xmlns="VTechDA.WService" xsi:type="xsd:int" xmlns:xsi="http://www.w3.org/1999/X

zhuowei

For forcing hfp client on Android 11:

su
setenforce 0
cp -a /system/etc/sysconfig /data/local/tmp/sysconfig
chown shell:shell /data/local/tmp/sysconfig

adb push override-enable-hf-client.xml /data/local/tmp/sysconfig/

zhuowei

POST https://ar-genai.graph.meta.com/graphql HTTP/2.0
accept-language: en-CA, en-US
authorization: OAuth <removed>
content-length: 743
content-type: application/x-www-form-urlencoded
user-agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 3 XL Build/RQ1A.201205.003.A1) [FBAN/StellaForAndroid;FBAV/241.0.0.52.168;FBPN/com.facebook.stella;FBLC/en_CA;FBBV/803648009;FBCR/;FBMF/Google;FBBD/google;FBDV/Pixel 3 XL;FBSV/11;FBCA/armeabi-v7a:armeabi;FBDM/{density=3.5,width=1440,height=2621};]
x-fb-client-ip: True
x-fb-friendly-name: FetchConstellationUpdates
x-fb-request-analytics-tags: {"network_tags":{"product":"830547164036012","request_category":"graphql","purpose":"none","retry_attempt":"0"}}
x-fb-server-cluster: True

zhuowei

/ # ./gunyah_vmm -i gunyah_vmm -d sample_vm.dtb -S 0x800000 -D 0x780000 -R 0x770
000 
[   62.874010] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=92 'gunyah_vmm'
survived set user mem region
survived GH_VM_SET_DTB_CONFIG
[RM]allocated vmid=128
[RM]VM_ALLOCATE: 3 vmid=128, ret=0
[RM]MEM_APPEND VM 3 H 0 ret 0
[RM]VM_CONFIG_IMAGE: from:3 vmid:128 auth:0 mp:0 img: 0/0 dt: 0x780000/0x1000
[RM]NOTIFY_VM_STATUS: to: 3 [128: 1/0/0]

zhuowei

diff --git a/gen70900_675_v.txt b/gen70900_676_v.txt
index 57f81588973..b7a82309bc8 100644
--- a/gen70900_675_v.txt
+++ b/gen70900_676_v.txt
@@ -1,12 +1,12 @@
 ; a7xx microcode
-; Disassembling microcode: /home/zhuowei/gen70900_sqe.fw.v675
-; Version: 01520675
+; Disassembling microcode: /home/zhuowei/gen70900_sqe.fw.v676
+; Version: 01520676

zhuowei

Params being sent to the server are: {
    AssetAudience = "02d8e57e-dd1c-4090-aa50-b4ed2aef0062";
    AssetType = "com.apple.MobileAsset.iOSSimulatorRuntime";
    BaseUrl = "https://mesu.apple.com/assets/macos/";
    BuildID = "DCC8573C-1754-11F0-A9CC-CAEE899DAE5C";
    BuildVersion = 24E263;
    CertIssuanceDay = "2024-12-05";
    ClientData =     {
        AllowXmlFallback = false;
        DeviceAccessClient = xcodebuild;

zhuowei

import AVFAudio

// https://github.com/robertncoomber/NativeiOSAmbisonicPlayback/blob/main/NativeiOSAmbisonicPlayback/Code/AmbisonicPlayback.swift#L37

let formatIn = AVAudioFormat(commonFormat: .pcmFormatFloat32, sampleRate: 44100, channels: 1, interleaved: false)!

var outputDescription = AudioStreamBasicDescription(mSampleRate: 44100,
                                               mFormatID: kAudioFormatAPAC,
                                               mFormatFlags: 0,
                                               mBytesPerPacket: 0,