As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to
Zhang Naville
👿
steven-michaud
/ ThirdPartyKexts.md
Last active
April 12, 2024 09:48
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs
Cryptiiiic
/ ios16_downgrading.txt
Created
March 1, 2023 00:10
The unfortunate state of iOS downgrading
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Unfortunately I have some bad news for downgrading. | |
| Before I explain the bad news at the end of this post, I first need to introduce a background of iOS devices. | |
| In iOS 16, Apple introduced a new firmware component known as Cryptex1. Technically, this is a "virtual" co-processor. | |
| It's purpose is to allow Apple to push RSRs (Rapid Security Responses) which are separate from traditional iOS updates and can be installed much faster. | |
| Like other firmwares, it also has a signing ticket locked to a cryptographic nonce (number-used-once). | |
| We commonly refer to the Apple signing tickets as SHSH blobs. | |
| Meaning the firmware can't be installed without a valid signing ticket as well as a matching nonce. | |
| The "big two" components we deal with signing/nonces are AP and SEP. AP is basically the main device chip (Application Processor). | |
| SEP is the security chip (Secure Enclave Processor). | |
| With regards to APNonce, Apple conveniently gave us the com.apple.System.boot-nonce NVRAM property which we use to set the APNonce generator. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This bug was also called moonshine in the beginning | |
| Basically the following bug is present in all bootroms I have looked at: | |
| 1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output | |
| 2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code | |
| 3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer | |
| 4. it then returns wLength which is the length it wants to recieve into the buffer | |
| 5. the usb main code then updates a global var with the length and gets ready to recieve the data packages | |
| 6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already | |
| 7. if all the data was recieved th |
Proteas
/ pac-set-key.md
Created
September 22, 2018 12:50
instructions about setting pac key
__text:FFFFFFF007A0834C LDR X0, =0xFEEDFACEFEEDFACF ; LDR X0, #348, 0xFFFFFFF007A084A8
__text:FFFFFFF007A08350 MSR #0, c2, c1, #2, X0 ; APIBKeyLo_EL1
__text:FFFFFFF007A08354 MSR #0, c2, c1, #3, X0 ; APIBKeyHi_EL1
__text:FFFFFFF007A08358 ADD X0, X0, #1
__text:FFFFFFF007A0835C MSR #0, c2, c2, #2, X0 ; APDBKeyLo_EL1
__text:FFFFFFF007A08360 MSR #0, c2, c2, #3, X0 ; APDBKeyHi_EL1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!//bin/sh | |
| export PATH=bin:$PATH | |
| self=$0 | |
| function print_help() { | |
| echo "$self [IPSW path]" | |
| echo "$self [device model] [ios build]" | |
| echo |
mcxiaoke
/ wine-retina.md
Last active
March 24, 2024 14:21
Wine and CrossOver Retine Support on macOS. from http://ielk.blogspot.com/2017/02/wine-20-on-macos-10122.html
After installing the latest Wine release, which currently is 2.0 (I chose the development branch) on XQuartz 2.7.11, I was having problems with blurry text in both winecfg, regedit and other programs launched through Wine. After trying to enable font smoothing and font replacements (source) with only slight changes I found someone trying to solve the same issues (source), albeit compiling everything from scratch which I don't want to do. It turns out that the Retina display on my MacBook Pro was causing the issues with blurry fonts because Wine was not using the "real" resolution, only the reported "lower resolution".
To enable Retina support in Wine open the registry editor via a terminal, preferably through Wine Devel.app installed with Wine:
$ wine regedit
Then find the folder/key:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # some shortcomings: | |
| # - prankee needs to be running rvm, rbenv, or some other | |
| # ruby version manager that doesn't require sudo permissions to | |
| # install gems. | |
| # - can be killed by simply closing current tab/session | |
| # | |
| # Any bug reports or suggestions on improvements are welcome! | |
| # |