Brandon Azad bazad

## arm64_sysregs_ios.py
#
# arm64_sysregs_ios.py
# Brandon Azad
#
# Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre.
#

import idautils
import idc

## process_AArch64_SysReg_xml_v86A-2020-03.py
import html
import os
import re

directory = os.fsencode('SysReg_xml_v86A-2020-03')

def output_reg(name, description, spec):
    assert(all(map(lambda x: type(x) == int, spec)))
    print("{:020b}    'S{}_{}_c{}_c{}_{}' : ( '{}', '{}' ),".format(
        (spec[0] << 16) + (spec[1] << 12) + (spec[2] << 8) + (spec[3] << 4) + (spec[4] << 0),

## sep_firmware_split.py
#! /usr/bin/env python3
#
# sep_firmware_split.py
# Brandon Azad
#
# Split a decrypted Apple SEP firmware image into individual Mach-O files.
#
# iPhone11,8 17C5053a   https://twitter.com/s1guza/status/1203550760102969345
# iPhone11,8 17E255     https://twitter.com/s1guza/status/1244683851957522435
#

## devicetree-iPhone12,3-17C54.txt
device-tree:
    target-type (5): "D421"
    mlb-serial-number (32): "C07947707R3LTPJB"
    compatible (27): "D421AP\0iPhone12,3\0AppleARM\0"
    secure-root-prefix (3): "md"
    AAPL,phandle (4): 0x1
    platform-name (32): "t8030"
    device_type (8): "bootrom"
    region-info (32): "LL/A"
    regulatory-model-number (32): "A2160"

## find_kernel_base_checkra1n.c
#include <assert.h>
#include <mach/mach.h>
#include <stdbool.h>
#include <stdio.h>

// ---- mach_vm.h ---------------------------------------------------------------------------------

extern
kern_return_t mach_vm_read_overwrite
(

## vmmap.c
// Brandon Azad (@_bazad)

#include <assert.h>
#include <errno.h>
#include <mach/mach.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

## build-xnu-4903.241.1.sh
#! /bin/bash
#
# build-xnu-4903.241.1.sh
# Brandon Azad
#
# A script showing how to build XNU version 4903.241.1 (which corresponds to
# macOS 10.14.3) on macOS High Sierra 10.14.6 with Xcode 9.4.1.
#
# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
# backup of this directory first!

## if_value.h
//
// if_value.h
// Brandon Azad
//
// Public domain
//

#ifndef IF_VALUE

/*

## A12-page-table-walk.c
uint64_t
aarch64_page_table_lookup(uint64_t ttbr, uint64_t vaddr,
			  uint64_t *l1_tte_, uint64_t *l2_tte_, uint64_t *l3_tte_) {
	const uint64_t pg_bits = 14;
	const uint64_t l1_size = 3;
	const uint64_t l2_size = 11;
	const uint64_t l3_size = 11;
	const uint64_t tte_physaddr_mask = ((1uLL << 40) - 1) & ~((1 << pg_bits) - 1);
	uint64_t l1_index = (vaddr >> (l2_size + l3_size + pg_bits)) & ((1 << l1_size) - 1);
	uint64_t l2_index = (vaddr >> (l3_size + pg_bits)) & ((1 << l2_size) - 1);

## build-xnu-4903.221.2.sh
#! /bin/bash
#
# build-xnu-4903.221.2.sh
# Brandon Azad
#
# A script showing how to build XNU version 4903.221.2 (which corresponds to
# macOS 10.14.1) on macOS High Sierra 10.14.1 with Xcode 9.4.1.
#
# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
# backup of this directory first!
	#
	# arm64_sysregs_ios.py
	# Brandon Azad
	#
	# Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre.
	#

	import idautils
	import idc
	import html
	import os
	import re

	directory = os.fsencode('SysReg_xml_v86A-2020-03')

	def output_reg(name, description, spec):
	assert(all(map(lambda x: type(x) == int, spec)))
	print("{:020b} 'S{}_{}_c{}_c{}_{}' : ( '{}', '{}' ),".format(
	(spec[0] << 16) + (spec[1] << 12) + (spec[2] << 8) + (spec[3] << 4) + (spec[4] << 0),
	#! /usr/bin/env python3
	#
	# sep_firmware_split.py
	# Brandon Azad
	#
	# Split a decrypted Apple SEP firmware image into individual Mach-O files.
	#
	# iPhone11,8 17C5053a https://twitter.com/s1guza/status/1203550760102969345
	# iPhone11,8 17E255 https://twitter.com/s1guza/status/1244683851957522435
	#
	device-tree:
	target-type (5): "D421"
	mlb-serial-number (32): "C07947707R3LTPJB"
	compatible (27): "D421AP\0iPhone12,3\0AppleARM\0"
	secure-root-prefix (3): "md"
	AAPL,phandle (4): 0x1
	platform-name (32): "t8030"
	device_type (8): "bootrom"
	region-info (32): "LL/A"
	regulatory-model-number (32): "A2160"
	#include <assert.h>
	#include <mach/mach.h>
	#include <stdbool.h>
	#include <stdio.h>

	// ---- mach_vm.h ---------------------------------------------------------------------------------

	extern
	kern_return_t mach_vm_read_overwrite
	(
	// Brandon Azad (@_bazad)

	#include <assert.h>
	#include <errno.h>
	#include <mach/mach.h>
	#include <stdbool.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>
	#! /bin/bash
	#
	# build-xnu-4903.241.1.sh
	# Brandon Azad
	#
	# A script showing how to build XNU version 4903.241.1 (which corresponds to
	# macOS 10.14.3) on macOS High Sierra 10.14.6 with Xcode 9.4.1.
	#
	# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
	# backup of this directory first!
	//
	// if_value.h
	// Brandon Azad
	//
	// Public domain
	//

	#ifndef IF_VALUE

	/*
	uint64_t
	aarch64_page_table_lookup(uint64_t ttbr, uint64_t vaddr,
	uint64_t l1_tte_, uint64_t l2_tte_, uint64_t *l3_tte_) {
	const uint64_t pg_bits = 14;
	const uint64_t l1_size = 3;
	const uint64_t l2_size = 11;
	const uint64_t l3_size = 11;
	const uint64_t tte_physaddr_mask = ((1uLL << 40) - 1) & ~((1 << pg_bits) - 1);
	uint64_t l1_index = (vaddr >> (l2_size + l3_size + pg_bits)) & ((1 << l1_size) - 1);
	uint64_t l2_index = (vaddr >> (l3_size + pg_bits)) & ((1 << l2_size) - 1);
	#! /bin/bash
	#
	# build-xnu-4903.221.2.sh
	# Brandon Azad
	#
	# A script showing how to build XNU version 4903.221.2 (which corresponds to
	# macOS 10.14.1) on macOS High Sierra 10.14.1 with Xcode 9.4.1.
	#
	# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
	# backup of this directory first!