matteyeux matteyeux

## gist:8e3cb9e9dca9c7a214e55aafa615263a
ROM:00003965                 DCB 0, 0x60, 0
ROM:00003968 aArgumentD      DCB "argument = %d",0xA,0
ROM:00003977                 DCB 0xA,0
ROM:00003979 aPullingTz0Blac DCB "pulling TZ0 blackbird",0xA,0
ROM:00003990 aTz000xX        DCB "TZ0[0]: 0x%x",0xA,0
ROM:0000399E aTz010xX        DCB "TZ0[1]: 0x%x",0xA,0
ROM:000039AC aTz0RegsModifie DCB "TZ0 regs modified",0xA,0
ROM:000039BF aTz0FailedToLoc DCB "TZ0 failed to lock",0xA,0
ROM:000039D3 aTz1FailedToLoc DCB "TZ1 failed to lock",0xA,0
ROM:000039E7 aTz0Base0xLlx   DCB "tz0_base: 0x%llx",0xA,0

## gist:ce9c7cf382d92f75a200ef4d49a719fd
fio --filename=/tmp/test --rw=randread --size=2Go --direct=1 --bs=1M --ioengine=libaio --runtime=60 --numjobs=1 --time_based --group_reporting --name=seq_read --iodepth=16
fio --filename=/tmp/test --rw=read --size=5Go --direct=1 --bs=1M --ioengine=libaio --runtime=60 --numjobs=1 --time_based --group_reporting --name=seq_read --iodepth=16

## decrypted.json
[
    {
        "url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
        "build": "21N5207g",
        "filename": "iBEC.n301.RELEASE.im4p",
        "kbag": "AB7893B981E44BFF298328C89C826F8BA6EF1A7ADC80DB156C9D55D9F4E27E8AD2CC21AFA42A41E1392B57E9FE90D992",
        "key": "34b218667cd03eb93e073b9b3bca4a865b20f130550a800b2aa2c1c2348041865cee47db7e3bcda739d05adde9f9f716"
    },
    {
        "url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",

## f.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                matteyeux
                / f.md
            
            
              Created
              September 30, 2023 17:05
            
              
                macOS and iOS Security Internals Advent Calendar
              
          
Day
Title
link


1
Apple Source code
https://www.youtube.com/watch?v=WxOZgr0Ld9o


2
Mach-O Binaries
https://www.youtube.com/watch?v=G_bDl5hv8kY


3
PAC (Pointer Authentication Codes)
https://www.youtube.com/watch?v=9neXmcwtCF8


4
dyld_shared_cache
https://www.youtube.com/watch?v=I1ZkONfyHG4


5
Userspace Memory Layout
https://www.youtube.com/watch?v=MUr7qg7iqKE


6
SIP
https://www.youtube.com/watch?v=HeOVKe0xpW0


7
Kernel Boot Arguments
https://www.youtube.com/watch?v=gjOKlBpJWoc


8
XNU Source Code Overview
https://www.youtube.c


## sptm.py
# void _panic(char const* func, char const* str, ...)
def get_panic():
    for s in bv.strings:
        if "somehow a violation was triggered in early boot" in s.value:
            break

    ref = list(bv.get_code_refs(s.start))[0]
    real_panic = bv.get_functions_containing(ref.address)[0]
    panic_ref = list(bv.get_code_refs(real_panic.start))[0]
    panic_wrapper = bv.get_functions_containing(panic_ref.address)[0]

## avp.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                matteyeux
                / avp.md
            
            
              Last active
              November 14, 2023 13:01
            
          
    21N5207g
sep-firmware.n301.RELEASE.im4p :  3a3bf6617a7e7fb83b7d2412c4f542e7208e16b48dad79e9109ae688bcb03604173d01aefdc37796dbbec9632ecc24bc
iBoot.n301.RELEASE.im4p : 1202606a6048a9d286d19110c983f7eb2ecd9d0b62e5c301dfd916cb3cc635b7e963adf0f3e6e73361bc54dd98d01c3b
https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip

  
## add_disk.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                matteyeux
                / add_disk.md
            
            
              Created
              July 11, 2023 15:13
            
          
    We will add a 15GB disk for a specific partition : /var/db/elasticsearch
List the disks :
[root@centos8s vagrant]# fdisk -l 
Disk /dev/vda: 128 GiB, 137438953472 bytes, 268435456 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos


## m2.txt
LLB.j493.RELEASE.im4p_23A5276g_14.0beta2 642e245057dde4318e4a08e1b4b8678c4194a9f0a7ca485eaeb2fc49d327fc436b979d2c291e8eeb59600ffcaacd0832
iBoot.j493.RELEASE.im4p_23A5276g_14.0beta2 999880852a0fcdf07fc3bd7f2d8f86cbf81cd0a2fafcf3444c1245ba4bbedd826420f777abfbb4d2b066d9a268e8b856
iBootData.j493.RELEASE.im4p_23A5276g_14.0beta2 8c45bf542bd33f9a166e22bc4cb77552540aff204451a5d4a32516fea9b48a2df4d21deda4a4e19f065e5079fce63d56
iBEC.j493.RELEASE.im4p_23A5276g_14.0beta2 cf412bca06ef2def7789bc0747a4d184e0972ab810682ab25f980760de1bc36d1f982667c51df0821822542a03b9d69b
iBSS.j493.RELEASE.im4p_23A5276g_14.0beta2 d539a033053deace9db769564d575196a6fb55806a595f56a8e73f4b518bd3c946492f64948df282aaa89fba3e90c513
LLB.j493.RELEASE.im4p_22F82_13.4.1 1d0c4b102b75f102548f23be154a25bb6916dfd1f91f1338bbc370faf4494598302d1691defb13c6eeb360b46fd7c594
iBoot.j493.RELEASE.im4p_22F82_13.4.1 8745c8ca87bfad1b2be9538c5add23fe2d8ab7751128949f56d53acb22d8309b1e1b0d5667d58da2241345ea32597831
iBootData.j493.RELEASE.im4p_22F82_13.4.1 7172fe2c46c183ac1

## sep_m1.txt
sep-firmware.j293.RELEASE.im4p_22F66_13.4 a0f48d4420bfcca94c60e06569c4f45c47fb106a890edf9078272e0f65a51689a3b2012d77664c45a7bffaa8b50cd4b7
sep-firmware.j293.RELEASE.im4p_22E261_13.3.1 17a50e6a78d378cf11616d1e58da7a7d2d437614aea182b86ffc11d33e2fbf4e9f6ed6678087762559e497df64037910
sep-firmware.j293.RELEASE.im4p_22E252_13.3 e53668b890d132158e5b5fabea7735a6e899c2017801ce95209417984fb0456f6298b6916f515346db9ab95112bc0f1f
sep-firmware.j293.RELEASE.im4p_22D68_13.2.1 fc6585507b16871ecd003fcdd8053282eee9ee4dee6a178eb2fcbd4a7778ef42b0019bf723238ce35596aaee841b7090
sep-firmware.j293.RELEASE.im4p_22D49_13.2 f6f1f16906f705908faccba506fb2208e71c83b3318fbeb15d8aea5b50b69db72b8f3fccadcd1ba80b667927c1b3b308
sep-firmware.j293.RELEASE.im4p_22C65_13.1 33aa4554efe5d3a481bcac9e6f395456f67fd74769d23d5bde4418938967f48202c35080140f3882835ae998c1349225
sep-firmware.j293.RELEASE.im4p_22A400_13.0.1 01452fa088fb57515740b7947bcff3d8824d7c6bbb13363f2cd905d0a2122ad68446c82b0ad2436da85c55569d45e831
sep-firmware.j293.RELEASE.im4p_22A380_13.0

## ap.txt
[
    {
        "filename": "iBEC.d27.RELEASE.im4p",
        "build": "21A5248v",
        "version": "17.0 beta 1",
        "kbag": "b42ef6f29922e169daa5611843df0b199af97b3afe50fc4835a2e3ea5212b992eddf9e3c90dfcdd507b9772a589578de"
    },
    {
        "filename": "iBoot.d27.RELEASE.im4p",
        "build": "21A5248v",
	ROM:00003965 DCB 0, 0x60, 0
	ROM:00003968 aArgumentD DCB "argument = %d",0xA,0
	ROM:00003977 DCB 0xA,0
	ROM:00003979 aPullingTz0Blac DCB "pulling TZ0 blackbird",0xA,0
	ROM:00003990 aTz000xX DCB "TZ0[0]: 0x%x",0xA,0
	ROM:0000399E aTz010xX DCB "TZ0[1]: 0x%x",0xA,0
	ROM:000039AC aTz0RegsModifie DCB "TZ0 regs modified",0xA,0
	ROM:000039BF aTz0FailedToLoc DCB "TZ0 failed to lock",0xA,0
	ROM:000039D3 aTz1FailedToLoc DCB "TZ1 failed to lock",0xA,0
	ROM:000039E7 aTz0Base0xLlx DCB "tz0_base: 0x%llx",0xA,0
	fio --filename=/tmp/test --rw=randread --size=2Go --direct=1 --bs=1M --ioengine=libaio --runtime=60 --numjobs=1 --time_based --group_reporting --name=seq_read --iodepth=16
	fio --filename=/tmp/test --rw=read --size=5Go --direct=1 --bs=1M --ioengine=libaio --runtime=60 --numjobs=1 --time_based --group_reporting --name=seq_read --iodepth=16
	[
	{
	"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
	"build": "21N5207g",
	"filename": "iBEC.n301.RELEASE.im4p",
	"kbag": "AB7893B981E44BFF298328C89C826F8BA6EF1A7ADC80DB156C9D55D9F4E27E8AD2CC21AFA42A41E1392B57E9FE90D992",
	"key": "34b218667cd03eb93e073b9b3bca4a865b20f130550a800b2aa2c1c2348041865cee47db7e3bcda739d05adde9f9f716"
	},
	{
	"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
Day	Title	link
1	Apple Source code	https://www.youtube.com/watch?v=WxOZgr0Ld9o
2	Mach-O Binaries	https://www.youtube.com/watch?v=G_bDl5hv8kY
3	PAC (Pointer Authentication Codes)	https://www.youtube.com/watch?v=9neXmcwtCF8
4	dyld_shared_cache	https://www.youtube.com/watch?v=I1ZkONfyHG4
5	Userspace Memory Layout	https://www.youtube.com/watch?v=MUr7qg7iqKE
6	SIP	https://www.youtube.com/watch?v=HeOVKe0xpW0
7	Kernel Boot Arguments	https://www.youtube.com/watch?v=gjOKlBpJWoc
8	XNU Source Code Overview	https://www.youtube.c
	# void _panic(char const* func, char const* str, ...)
	def get_panic():
	for s in bv.strings:
	if "somehow a violation was triggered in early boot" in s.value:
	break

	ref = list(bv.get_code_refs(s.start))[0]
	real_panic = bv.get_functions_containing(ref.address)[0]
	panic_ref = list(bv.get_code_refs(real_panic.start))[0]
	panic_wrapper = bv.get_functions_containing(panic_ref.address)[0]
	LLB.j493.RELEASE.im4p_23A5276g_14.0beta2 642e245057dde4318e4a08e1b4b8678c4194a9f0a7ca485eaeb2fc49d327fc436b979d2c291e8eeb59600ffcaacd0832
	iBoot.j493.RELEASE.im4p_23A5276g_14.0beta2 999880852a0fcdf07fc3bd7f2d8f86cbf81cd0a2fafcf3444c1245ba4bbedd826420f777abfbb4d2b066d9a268e8b856
	iBootData.j493.RELEASE.im4p_23A5276g_14.0beta2 8c45bf542bd33f9a166e22bc4cb77552540aff204451a5d4a32516fea9b48a2df4d21deda4a4e19f065e5079fce63d56
	iBEC.j493.RELEASE.im4p_23A5276g_14.0beta2 cf412bca06ef2def7789bc0747a4d184e0972ab810682ab25f980760de1bc36d1f982667c51df0821822542a03b9d69b
	iBSS.j493.RELEASE.im4p_23A5276g_14.0beta2 d539a033053deace9db769564d575196a6fb55806a595f56a8e73f4b518bd3c946492f64948df282aaa89fba3e90c513
	LLB.j493.RELEASE.im4p_22F82_13.4.1 1d0c4b102b75f102548f23be154a25bb6916dfd1f91f1338bbc370faf4494598302d1691defb13c6eeb360b46fd7c594
	iBoot.j493.RELEASE.im4p_22F82_13.4.1 8745c8ca87bfad1b2be9538c5add23fe2d8ab7751128949f56d53acb22d8309b1e1b0d5667d58da2241345ea32597831
	iBootData.j493.RELEASE.im4p_22F82_13.4.1 7172fe2c46c183ac1
	sep-firmware.j293.RELEASE.im4p_22F66_13.4 a0f48d4420bfcca94c60e06569c4f45c47fb106a890edf9078272e0f65a51689a3b2012d77664c45a7bffaa8b50cd4b7
	sep-firmware.j293.RELEASE.im4p_22E261_13.3.1 17a50e6a78d378cf11616d1e58da7a7d2d437614aea182b86ffc11d33e2fbf4e9f6ed6678087762559e497df64037910
	sep-firmware.j293.RELEASE.im4p_22E252_13.3 e53668b890d132158e5b5fabea7735a6e899c2017801ce95209417984fb0456f6298b6916f515346db9ab95112bc0f1f
	sep-firmware.j293.RELEASE.im4p_22D68_13.2.1 fc6585507b16871ecd003fcdd8053282eee9ee4dee6a178eb2fcbd4a7778ef42b0019bf723238ce35596aaee841b7090
	sep-firmware.j293.RELEASE.im4p_22D49_13.2 f6f1f16906f705908faccba506fb2208e71c83b3318fbeb15d8aea5b50b69db72b8f3fccadcd1ba80b667927c1b3b308
	sep-firmware.j293.RELEASE.im4p_22C65_13.1 33aa4554efe5d3a481bcac9e6f395456f67fd74769d23d5bde4418938967f48202c35080140f3882835ae998c1349225
	sep-firmware.j293.RELEASE.im4p_22A400_13.0.1 01452fa088fb57515740b7947bcff3d8824d7c6bbb13363f2cd905d0a2122ad68446c82b0ad2436da85c55569d45e831
	sep-firmware.j293.RELEASE.im4p_22A380_13.0
	[
	{
	"filename": "iBEC.d27.RELEASE.im4p",
	"build": "21A5248v",
	"version": "17.0 beta 1",
	"kbag": "b42ef6f29922e169daa5611843df0b199af97b3afe50fc4835a2e3ea5212b992eddf9e3c90dfcdd507b9772a589578de"
	},
	{
	"filename": "iBoot.d27.RELEASE.im4p",
	"build": "21A5248v",