ErikAugust

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

shafik

What is the Strict Aliasing Rule and Why do we care?

(OR Type Punning, Undefined Behavior and Alignment, Oh My!)

What is strict aliasing? First we will describe what is aliasing and then we can learn what being strict about it means.

In C and C++ aliasing has to do with what expression types we are allowed to access stored values through. In both C and C++ the standard specifies which expression types are allowed to alias which types. The compiler and optimizer are allowed to assume we follow the aliasing rules strictly, hence the term strict aliasing rule. If we attempt to access a value using a type not allowed it is classified as undefined behavior(UB). Once we have undefined behavior all bets are off, the results of our program are no longer reliable.

Unfortunately with strict aliasing violations, we will often obtain the results we expect, leaving the possibility the a future version of a compiler with a new optimization will break code we th

antoniofrighetto

# !/bin/bash
# 2k20 ~antoniofrighetto
# Build any XNU kernel version. Make sure you have the related MacOSX SDK version installed
#
# macOS 10.15.4 kernel compilation successfully tested on macOS 10.15.6 and Xcode 11.6
#
# MACOS_VERSION=10.15.4 BACKUP_SDK=1 OPTIONS=RELEASE,DEVELOPMENT ./build-xnu.sh
# XNU_VERSION=xnu-4570.41.2 ./build-xnu.sh

set_macos_version() {

fay59

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;

Proteas

iOS-v12.0-16A366-iPhone11,6

instructions about setting pac key

__text:FFFFFFF007A0834C                 LDR             X0, =0xFEEDFACEFEEDFACF ; LDR X0, #348, 0xFFFFFFF007A084A8
__text:FFFFFFF007A08350                 MSR             #0, c2, c1, #2, X0 ; APIBKeyLo_EL1
__text:FFFFFFF007A08354                 MSR             #0, c2, c1, #3, X0 ; APIBKeyHi_EL1
__text:FFFFFFF007A08358                 ADD             X0, X0, #1
__text:FFFFFFF007A0835C                 MSR             #0, c2, c2, #2, X0 ; APDBKeyLo_EL1
__text:FFFFFFF007A08360                 MSR             #0, c2, c2, #3, X0 ; APDBKeyHi_EL1

bazad

#! /bin/bash
#
# build-xnu-4570.61.1.sh
# Brandon Azad
#
# A script showing how to build XNU version 4570.61.1 (which corresponds to
# macOS 10.13.5) on macOS High Sierra 10.13.5 with Xcode 9.4.
#
# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
# backup of this directory first!

SciresM

The following is a write-up of how I initially achieved kernel code execution on the Nintendo Switch, very much inspired by hexkyz's write-ups. The work discussed was completed over the course of a single conversation between hthh and I during the evening of November 21st, 2017. A number of snippets are attached from that conversation as inline links, in the hopes that they'll be interesting to readers.

Background information

---

I would recommend one read hexkyz's recent write-up on how the switch was broken into via GPU DMA attacks. It's a great read!

In particular, he describes:

Additionally, the kernel itself would start allocating memory outside of the carveout region

bazad

#! /bin/bash
#
# build-xnu-4903.221.2.sh
# Brandon Azad
#
# A script showing how to build XNU version 4903.221.2 (which corresponds to
# macOS 10.14.1) on macOS High Sierra 10.14.1 with Xcode 9.4.1.
#
# Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a
# backup of this directory first!

bazad

uint64_t
aarch64_page_table_lookup(uint64_t ttbr, uint64_t vaddr,
			  uint64_t *l1_tte_, uint64_t *l2_tte_, uint64_t *l3_tte_) {
	const uint64_t pg_bits = 14;
	const uint64_t l1_size = 3;
	const uint64_t l2_size = 11;
	const uint64_t l3_size = 11;
	const uint64_t tte_physaddr_mask = ((1uLL << 40) - 1) & ~((1 << pg_bits) - 1);
	uint64_t l1_index = (vaddr >> (l2_size + l3_size + pg_bits)) & ((1 << l1_size) - 1);
	uint64_t l2_index = (vaddr >> (l3_size + pg_bits)) & ((1 << l2_size) - 1);

ujin5

<html>
    <pre id='log'></pre>
    <script src="mojo_bindings.js"></script>
    <script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>
    <script src="being_creator_interface.mojom.js"></script>
    <script src="food_interface.mojom.js"></script>
    <script src="dog_interface.mojom.js"></script>
    <script src="person_interface.mojom.js"></script>
    <script src="cat_interface.mojom.js"></script>
    <script>