size: 168, name: AFKEndpointInterface_DescriptorBase
size: 168, name: AGXPerfCtrSampler
size: 168, name: AVE_DRC
size: 168, name: AppleAOPAudioAmpManagerDevice
size: 168, name: AppleAOPAudioButtonOutputDevice
size: 168, name: AppleAOPAudioDevice
Proteas Proteas
Proteas
/ inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Last active
October 22, 2023 11:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void inject_trusts(int pathc, const char *paths[]) | |
| { | |
| printf("[+] injecting into trust cache...\n"); | |
| extern uint64_t g_kern_base; | |
| static uint64_t tc = 0; | |
| if (tc == 0) { | |
| /* loaded_trust_caches | |
| iPhone11,2-4-6: 0xFFFFFFF008F702C8 |
Proteas
/ PoC.m
Last active
July 7, 2023 10:22
— forked from LinusHenze/PoC.m
A PoC for CVE-2023-28206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // PoC.m | |
| // IOSABugTrigger | |
| // | |
| // Created by Linus Henze on 2023-04-08. | |
| // Copyright © 2023 Pinauten GmbH. Some rights reserved. | |
| // | |
| // | |
| // This is a PoC for CVE-2023-28206, triggering an oob memmove in IosaColorManagerMSR8::getHDRStats_gatedContext |
Proteas
/ numbers-in-sockpuppet-blog.md
Created
May 31, 2023 02:08
Proteas
/ pac-set-key.md
Created
September 22, 2018 12:50
instructions about setting pac key
__text:FFFFFFF007A0834C LDR X0, =0xFEEDFACEFEEDFACF ; LDR X0, #348, 0xFFFFFFF007A084A8
__text:FFFFFFF007A08350 MSR #0, c2, c1, #2, X0 ; APIBKeyLo_EL1
__text:FFFFFFF007A08354 MSR #0, c2, c1, #3, X0 ; APIBKeyHi_EL1
__text:FFFFFFF007A08358 ADD X0, X0, #1
__text:FFFFFFF007A0835C MSR #0, c2, c2, #2, X0 ; APDBKeyLo_EL1
__text:FFFFFFF007A08360 MSR #0, c2, c2, #3, X0 ; APDBKeyHi_EL1
Proteas
/ blastdoor-ids-mach.txt
Created
June 15, 2021 02:50
iOS-v15.0-19A5261w-blastdoor-mig-mach-unix-rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MSC__kernelrpc_mach_vm_allocate_trap | |
| MSC__kernelrpc_mach_vm_purgable_control_trap | |
| MSC__kernelrpc_mach_vm_deallocate_trap | |
| MSC__kernelrpc_mach_vm_protect_trap | |
| MSC__kernelrpc_mach_vm_map_trap | |
| MSC__kernelrpc_mach_port_allocate_trap | |
| MSC__kernelrpc_mach_port_deallocate_trap | |
| MSC__kernelrpc_mach_port_mod_refs_trap | |
| MSC__kernelrpc_mach_port_insert_right_trap | |
| MSC__kernelrpc_mach_port_insert_member_trap |
Proteas
/ Quirks of C.md
Created
March 17, 2022 23:47
— forked from fay59/Quirks of C.md
Quirks of C
Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.
There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.
1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]
struct foo {
struct bar {
int x;
Proteas
/ com.apple.private.allow-explicit-graphics-priority.txt
Created
July 28, 2021 03:01
com.apple.private.allow-explicit-graphics-priority, iOS-v15.0-19A5261w-iPhone13,2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /usr/libexec/backboardd | |
| /usr/sbin/mediaserverd | |
| /System/Library/Frameworks/WebKit.framework/XPCServices/com.apple.WebKit.GPU.xpc/com.apple.WebKit.GPU | |
| /System/Library/Frameworks/WebKit.framework/XPCServices/com.apple.WebKit.WebContent.xpc/com.apple.WebKit.WebContent | |
| /System/Library/Frameworks/AssetsLibrary.framework/Support/assetsd | |
| /System/Library/PrivateFrameworks/NanoTimeKitCompanion.framework/nanotimekitcompaniond | |
| /System/Library/PrivateFrameworks/NanoTimeKitCompanion.framework/XPCServices/NTKFaceSnapshotService.xpc/NTKFaceSnapshotService | |
| /System/Library/PrivateFrameworks/IMTranscoding.framework/XPCServices/IMTranscoderAgent.xpc/IMTranscoderAgent | |
| /System/Library/PrivateFrameworks/CoreSuggestions.framework/suggestd | |
| /private/var/staged_system_apps/Maps.app/Maps |
Proteas
/ xnu-4570.1.46-arm64-steps.txt
Created
October 9, 2017 02:46
steps to build arm64 version of xnu-4570.1.46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Following are my steps to build the ARM64 version of xnu-4570.1.46, hope this is helpfull for saving time. | |
| 1. Use Xcode 9.0 | |
| 2. Preparation is same as macOS, and there is a guide: https://0xcc.re/building-xnu-kernel-macosx-sierrra-10-12-x/ | |
| 3. There is an ARM64 version libfirehose: https://github.com/Proteas/install_firehose_lib | |
| 4. Copy and edit the ARM64 config(CFLAGS, LDFLAGS) from darwin-on-arm/xnu to your target project | |
| 5. Example CFLAGS: -Darm64 -DARM64 -D__arm64__ -D__ARM64__ -DLP64 -DCONFIG_EMBEDDED -mkernel -DARM64_BOARD_CONFIG_T8011=1 | |
| 6. Fix compiling stage errors by directly importing the missing headers or editing the code | |
| 7. Fix linking stage errors by implementing place holder funcitons for: chudxnu_cpu_alloc, etc | |
| 8. If missing symbol __divti3 in linking stage, get the runtime from llvm. |
Proteas
/ blastdoor-messages-unix-syscall-whitelist-v14.4-18D52.txt
Created
January 29, 2021 02:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SYS_exit | |
| SYS_read | |
| SYS_write | |
| SYS_open | |
| SYS_close | |
| SYS_unlink | |
| SYS_chmod | |
| SYS_chown | |
| SYS_getfsstat | |
| SYS_getuid |
NewerOlder