Skip to content

Instantly share code, notes, and snippets.

Avatar

Viktor Oreshkin stek29

  • None
  • Moscow, Russia
View GitHub Profile
View IOService.h
#include "OSContainersVT.h"
DECL_CLASS(IORegistryEntry);
DECL_CLASS(IOService);
typedef OSObject IOWorkLoop; // sigh
typedef OSObject IORegistryPlane;
typedef uint32_t IOOptionBits;
typedef kern_return_t IOReturn;
View xpc_bootstrap_reverse.c
#include <mach/mach.h>
#include <xpc/xpc.h>
/* dlsym-like function that uses (private API) CoreSymbolication to get unexported symbols.
C functions use their C name, without the underscore prefix. C++ functions use their
demangled names, e.g. "MYClass::function(int, void *)" */
void *get_symbol(const char *name);
kern_return_t bootstrap_look_up3(mach_port_t bp, const char *service_name, mach_port_name_t *sp, int64_t target_pid, const unsigned char *instance_uuid, uint64_t flags);
kern_return_t bootstrap_look_up(mach_port_t bp, const char* service_name, mach_port_t *sp);
@stek29
stek29 / 0webosbrew-letsencrypt-ca.md
Last active Nov 29, 2021
fix webOS ca certificates for DST Root X3 expiry (on rooted TVs)
View 0webosbrew-letsencrypt-ca.md

HowTo

  • Downgrade to rootable version
  • Root via rootmy.tv
  • Install

Tested on webOS 4.5, should at least on webOS 3.5+

Installation/Update

curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -
@stek29
stek29 / prettyflags.py
Last active Nov 21, 2021
Pretty print x86 (r|e)flags register with lldb script
View prettyflags.py
import lldb
import shlex
FLAGS = [
['CF', 'Carry Flag'],
[None, 'Reserved'],
['PF', 'Parity Flag'],
[None, 'Reserved'],
['AF', 'Adjust Flag'],
[None, 'Reserved'],
@stek29
stek29 / dreame_1c_root.md
Last active Nov 20, 2021
Root Dreame Robot without via uart only
View dreame_1c_root.md

These are just my notes, and described process worked for me on my 1C robot
If anything goes wrong, having USB adapter for FEL flashing might be the only way to restore your robot
this is not an official guide
oh, and I'm not responsible for any damage blah blah
and huge thanks to Dennis and Hypfer, and everyone behind this root :)

0. get uboot shell

to enter uboot shell on 1C you have to: 0. turn robot off normally

  1. hook up uart, open console
View StartupDisk.applescript
do shell script "diskutil mount disk0s3"
tell application "System Events"
tell application "System Preferences"
set current pane to pane id "com.apple.preference.startupdisk"
activate
end tell
tell application process "System Preferences"
delay 0.3
@stek29
stek29 / idevicerestore.sh
Created Jan 12, 2019
idevicerestore on linux (Debian-based)
View idevicerestore.sh
sudo apt update
# sudo apt upgrade
sudo apt install -y libcurl4-openssl-dev libplist-dev libzip-dev openssl libssl-dev libusb-1.0-0-dev libreadline-dev build-essential git make automake libtool pkg-config
git clone https://github.com/libimobiledevice/libirecovery
git clone https://github.com/libimobiledevice/idevicerestore
git clone https://github.com/libimobiledevice/usbmuxd
git clone https://github.com/libimobiledevice/libimobiledevice
git clone https://github.com/libimobiledevice/libusbmuxd
git clone https://github.com/libimobiledevice/libplist
View i_love_meltdown.c
// based on ian beer's code
// just use https://github.com/bazad/x18-leak , it's way cleaner
// by stek29
// see bazad's writeup: http://bazad.github.io/2018/04/kernel-pointer-crash-log-ios
#if 0
From https://gist.github.com/stek29/e68e9eae382b975093252d6117b6b501
Finding Lel0_synchronous_vector_64_long:
@stek29
stek29 / kpms.nginx
Last active Oct 6, 2021
kpms msx http based api hack for older webOS devices - for LE root cert expiry workaround
View kpms.nginx
server {
listen 80;
server_name kp.local;
location = /msx/start.json {
proxy_pass https://kpms.cc;
proxy_http_version 1.1;
proxy_set_header Host "kpms.cc";
@stek29
stek29 / quine.swift
Created Oct 6, 2021
simple Quine program ¯\_(ツ)_/¯
View quine.swift
func quine() {
var s = """
func quine() {
var s = MEGIC
let slash = "\\\\"
let s1 = "\\n "
let s2 = "\\"\\"\\""
var sInd = s.replacingOccurrences(of: "\\n", with: s1)
sInd = sInd.replacingOccurrences(of: slash, with: slash + slash)
sInd = s2 + s1 + sInd + s1 + s2