nick-botticelli

## apple-hid-read-flash.py
#!/usr/bin/env python3

import usb.core
import struct
from collections import namedtuple

APPLE_VID = 0x05ac

Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])

## internationalhackingsolutionsfbi.s
.text

.pool

.set ARM_TTE_BLOCK_PNX, 0x0020000000000000
.set ARM_TTE_BLOCK_NX, 0x0040000000000000
.set SDRAM_PAGE1, 0x180082000
.set SRAM_PAGE1, 0x1800841F0

.global _main

## iPhone_8_15.1_19B74_kernelpatches.txt
iPhone8 15.1 19B74

iBoot: 0x1800309c0 : 000080d2
iBoot: 0x180038744 : af070094
iBoot: 0x18003a844 : 9386ff17
iBoot: 0x18001c290 : a1000058df0301eb40000054202080d2c0035fd6
iBoot: 0x18001c2a4 : 4887038001000000
iBoot: 0x1800325dc : 200080d2
iBoot: 0x18009127f : 7261316e736e3077206d6f6465
iBoot: 0x180038f04 : 1f2003d5

## extract_pe_from_diags_body.py
# sudo pip install uefi_firmware
#python3 e.py input output
import sys
from uefi_firmware import efi_compressor
handle=open(sys.argv[1], "rb")
content=handle.read()
newc=content[7:]
c=efi_compressor.TianoDecompress(newc,len(newc))
d=open(sys.argv[2], "wb")
st_mz=c.find(b"MZ")

## iboot
] printenv
       boot-partition = ""
       boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcach"
       dt-path = "/usr/standalone/firmware/devicetree.img"
       roothash-path = "/usr/standalone/firmware/root_hash.img"
       ibd-path = "/usr/standalone/firmware/FUD/iBootData.img"
       sepfw-path = "/usr/standalone/firmware/sep-firmware.img"
       tc-path = "/usr/standalone/firmware/FUD/StaticTrustCache.img"
       tc-eng-dir = "/usr/standalone/firmware/trustcache"
       build-style = "DEVELOPMEN"

## diag.img4.report.txt

      Type       |        Subtype        |  Offset  |   Size   |  CRC32   |   Name
 Image           | UEFI                  | 00000000 | 0299AA15 | F1D51BF8 |  UEFI image
 Padding         | Non-empty             | 00000000 | 000E0027 | D0F8A5FF | - Padding
 Volume          | FFSv2                 | 000E0027 | 00008000 | A28B90B1 | - 8C8CE578-8A3D-4F1C-9935-896185C32DD3
 Free space      |                       | 000E006F | 00007FB8 | 425AB2D9 | -- Volume free space
 Volume          | FFSv2                 | 000E8027 | 028B0000 | 25F96F5F | - 8C8CE578-8A3D-4F1C-9935-896185C32DD3
 File            | Freeform              | 000E806F | 0000013C | C3B1AD8F | -- FC510EE7-FFDC-11D4-BD41-0080C73C8881 | DXE apriori file
 Section         | Raw                   | 000E8087 | 00000124 | 103B4756 | --- Raw section
 File            | Pad                   | 000E81AF | 00007E60 | D21642FD | -- Pad-file

## M1.txt
[0012609A:36DA001E] :-) soc -p
	vendor: Apple
	model: 8103
	primary-cpu: Tempest
	fuse-rev: 11
	security-epoch: 1
	security-domain0: 1
	security-domain1: 0
	production-mode: 1
	board-id: 0

## ra1n.log
 - [05/04/21 15:20:57] <Info>: Waiting for DFU devices
 - [05/04/21 15:21:20] <Verbose>: DFU mode device found
 - [05/04/21 15:21:20] <Info>: Exploiting
 - [05/04/21 15:21:20] <Verbose>: Attempting to perform checkm8 on 8011 10...
 - [05/04/21 15:21:20] <Info>: Checking if device is ready
 - [05/04/21 15:21:20] <Verbose>: == Checkm8 Preparation stage ==
 - [05/04/21 15:21:20] <Verbose>: Stalled input endpoint
 - [05/04/21 15:21:20] <Verbose>: DFU device disconnected
 - [05/04/21 15:21:20] <Verbose>: DFU mode device found
 - [05/04/21 15:21:20] <Info>: Setting up the exploit (this is the heap spray)

## TMM_FW

======================================================================================
======================================================================================
== Tweedle D & Tweedle dum! ==========================================================
======================================================================================
======================================================================================
Sun, 25 Oct 2020 4:44PM PST.... ======================================================
Author: NOBODY (et-al) ===============================================================
======================================================================================
= OR 'hello world of TMM & PKA' ======================================================

## blackbird.txt
There is a bug in SEPROM, at least up to A10 (the one I reversed), in the trustzone bounds checks.
The trustzone is setup by the main AP in an early boot stage and because of that SEPROM has to verify that it's setup correctly before continuing to boot SEPOS.
Otherwise the AP could write to SEPOS RAM and with that it might be able to get code execution on the SEP.
The verification is done by first checking if the trustzone values are locked and then if they are correct.
Those values are stored in hardware registers that both processors share.
The registers are 32 bit tho and because of that apple decided to shift the address down by 12 bits before putting it into the registers.
This means that if you want to lock down 0x1000000 to 0x2000000 you will actually write 0x1000 and 0x2000 to the registers.
On the other side SEPROM loads these values from the hardware registers again.
But instead of just comparing them against some constant it shifts up all of those values by 12 bits again before doing any check on
	#!/usr/bin/env python3

	import usb.core
	import struct
	from collections import namedtuple

	APPLE_VID = 0x05ac

	Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])
	.text

	.pool

	.set ARM_TTE_BLOCK_PNX, 0x0020000000000000
	.set ARM_TTE_BLOCK_NX, 0x0040000000000000
	.set SDRAM_PAGE1, 0x180082000
	.set SRAM_PAGE1, 0x1800841F0

	.global _main
	iPhone8 15.1 19B74

	iBoot: 0x1800309c0 : 000080d2
	iBoot: 0x180038744 : af070094
	iBoot: 0x18003a844 : 9386ff17
	iBoot: 0x18001c290 : a1000058df0301eb40000054202080d2c0035fd6
	iBoot: 0x18001c2a4 : 4887038001000000
	iBoot: 0x1800325dc : 200080d2
	iBoot: 0x18009127f : 7261316e736e3077206d6f6465
	iBoot: 0x180038f04 : 1f2003d5
	# sudo pip install uefi_firmware
	#python3 e.py input output
	import sys
	from uefi_firmware import efi_compressor
	handle=open(sys.argv[1], "rb")
	content=handle.read()
	newc=content[7:]
	c=efi_compressor.TianoDecompress(newc,len(newc))
	d=open(sys.argv[2], "wb")
	st_mz=c.find(b"MZ")
	] printenv
	boot-partition = ""
	boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcach"
	dt-path = "/usr/standalone/firmware/devicetree.img"
	roothash-path = "/usr/standalone/firmware/root_hash.img"
	ibd-path = "/usr/standalone/firmware/FUD/iBootData.img"
	sepfw-path = "/usr/standalone/firmware/sep-firmware.img"
	tc-path = "/usr/standalone/firmware/FUD/StaticTrustCache.img"
	tc-eng-dir = "/usr/standalone/firmware/trustcache"
	build-style = "DEVELOPMEN"

	Type \| Subtype \| Offset \| Size \| CRC32 \| Name
	Image \| UEFI \| 00000000 \| 0299AA15 \| F1D51BF8 \| UEFI image
	Padding \| Non-empty \| 00000000 \| 000E0027 \| D0F8A5FF \| - Padding
	Volume \| FFSv2 \| 000E0027 \| 00008000 \| A28B90B1 \| - 8C8CE578-8A3D-4F1C-9935-896185C32DD3
	Free space \| \| 000E006F \| 00007FB8 \| 425AB2D9 \| -- Volume free space
	Volume \| FFSv2 \| 000E8027 \| 028B0000 \| 25F96F5F \| - 8C8CE578-8A3D-4F1C-9935-896185C32DD3
	File \| Freeform \| 000E806F \| 0000013C \| C3B1AD8F \| -- FC510EE7-FFDC-11D4-BD41-0080C73C8881 \| DXE apriori file
	Section \| Raw \| 000E8087 \| 00000124 \| 103B4756 \| --- Raw section
	File \| Pad \| 000E81AF \| 00007E60 \| D21642FD \| -- Pad-file
	[0012609A:36DA001E] :-) soc -p
	vendor: Apple
	model: 8103
	primary-cpu: Tempest
	fuse-rev: 11
	security-epoch: 1
	security-domain0: 1
	security-domain1: 0
	production-mode: 1
	board-id: 0
	- [05/04/21 15:20:57] <Info>: Waiting for DFU devices
	- [05/04/21 15:21:20] <Verbose>: DFU mode device found
	- [05/04/21 15:21:20] <Info>: Exploiting
	- [05/04/21 15:21:20] <Verbose>: Attempting to perform checkm8 on 8011 10...
	- [05/04/21 15:21:20] <Info>: Checking if device is ready
	- [05/04/21 15:21:20] <Verbose>: == Checkm8 Preparation stage ==
	- [05/04/21 15:21:20] <Verbose>: Stalled input endpoint
	- [05/04/21 15:21:20] <Verbose>: DFU device disconnected
	- [05/04/21 15:21:20] <Verbose>: DFU mode device found
	- [05/04/21 15:21:20] <Info>: Setting up the exploit (this is the heap spray)

	======================================================================================
	======================================================================================
	== Tweedle D & Tweedle dum! ==========================================================
	======================================================================================
	======================================================================================
	Sun, 25 Oct 2020 4:44PM PST.... ======================================================
	Author: NOBODY (et-al) ===============================================================
	======================================================================================
	= OR 'hello world of TMM & PKA' ======================================================
	There is a bug in SEPROM, at least up to A10 (the one I reversed), in the trustzone bounds checks.
	The trustzone is setup by the main AP in an early boot stage and because of that SEPROM has to verify that it's setup correctly before continuing to boot SEPOS.
	Otherwise the AP could write to SEPOS RAM and with that it might be able to get code execution on the SEP.
	The verification is done by first checking if the trustzone values are locked and then if they are correct.
	Those values are stored in hardware registers that both processors share.
	The registers are 32 bit tho and because of that apple decided to shift the address down by 12 bits before putting it into the registers.
	This means that if you want to lock down 0x1000000 to 0x2000000 you will actually write 0x1000 and 0x2000 to the registers.
	On the other side SEPROM loads these values from the hardware registers again.
	But instead of just comparing them against some constant it shifts up all of those values by 12 bits again before doing any check on