csrutil disable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// this code fragment shows how to print a stack trace (to stderr) | |
// on Linux using the functions provided by the GNU libc | |
#include <execinfo.h> | |
#define MAX_STACK_LEVELS 50 | |
// helper-function to print the current stack trace | |
void print_stacktrace() | |
{ |
Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340
Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d
Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unfortunately I have some bad news for downgrading. | |
Before I explain the bad news at the end of this post, I first need to introduce a background of iOS devices. | |
In iOS 16, Apple introduced a new firmware component known as Cryptex1. Technically, this is a "virtual" co-processor. | |
It's purpose is to allow Apple to push RSRs (Rapid Security Responses) which are separate from traditional iOS updates and can be installed much faster. | |
Like other firmwares, it also has a signing ticket locked to a cryptographic nonce (number-used-once). | |
We commonly refer to the Apple signing tickets as SHSH blobs. | |
Meaning the firmware can't be installed without a valid signing ticket as well as a matching nonce. | |
The "big two" components we deal with signing/nonces are AP and SEP. AP is basically the main device chip (Application Processor). | |
SEP is the security chip (Secure Enclave Processor). | |
With regards to APNonce, Apple conveniently gave us the com.apple.System.boot-nonce NVRAM property which we use to set the APNonce generator. |