zhuowei’s gists

## gist:907ed33729d0bf7a30425f49f2dbec1e
$ /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld -o why -iosmac_version_min 12.0 why.o
ld: warning: Auto-Linking library not found for -lswiftCore
ld: warning: Auto-Linking library not found for -lswiftSwiftOnoneSupport
$ /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool -l why
why:
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777223          3  0x00           2    14        920 0x00000085
Load command 0
      cmd LC_SEGMENT_64

## iosmac.txt
$ grep -r iosmac .
Binary file ./Developer/Platforms/AppleTVOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/tvOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore matches
Binary file ./Developer/Platforms/AppleTVOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/tvOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/RemoteTextInput.framework/RemoteTextInput matches
Binary file ./Developer/Platforms/iPhoneOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/RemoteTextInput.framework/RemoteTextInput matches
Binary file ./Developer/Platforms/iPhoneOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/Applications/News.app/News matches
Binary file ./Developer/Platforms/WatchOS.platform/Developer/Library/CoreSimulator/Profiles/Runtimes/watchOS.simruntime/Contents/Resource

## modem-crash.txt
<6>[ 1968.201609] subsys-restart: __subsystem_get(): Changing subsys fw_name to modem
<6>[ 1968.201625] IPA received MPSS BEFORE_POWERUP
<6>[ 1968.201629] IPA BEFORE_POWERUP handling is complete
<6>[ 1968.279767] pil-q6v5-mss fc880000.qcom,mss: modem: loading from 0x0000000007000000 to 0x000000000ca00000
<3>[ 1968.280478] M-Notify: General: 6
<6>[ 1968.296224] pil-q6v5-mss fc880000.qcom,mss: MBA: loading from 0x00000000c6300000 to 0x00000000c6400000
<6>[ 1968.364897] pil-q6v5-mss fc880000.qcom,mss: MBA boot done
<6>[ 1969.758085] pil-q6v5-mss fc880000.qcom,mss: modem: Brought out of reset
<6>[ 1969.822542] msm8994-asoc-snd fe034000.sound: msm8994_asoc_machine_probe: No hdmi audio support
<3>[ 1969.823033] msm8994-asoc-snd fe034000.sound: ASoC: CODEC tomtom_codec not registered

## exportit.sh
set -e
mkdir pmOS_boot pmOS_root || true
umount pmOS_boot || true
umount pmOS_root || true
kpartx -as /media/zhuowei/redhd/docs/pmbootstrap/chroot_native/home/user/rootfs/huawei-angler.img
mount `findfs LABEL="pmOS_boot"` pmOS_boot
mount `findfs LABEL="pmOS_root"` pmOS_root
service nfs-kernel-server restart

## bcmdhd_wifiup.sh
echo -n "/tmp/bcm4358.bin" >/sys/module/bcmdhd/parameters/firmware_path
echo -n "/tmp/bcm_nvram.txt" >/sys/module/bcmdhd/parameters/nvram_path
ifconfig wlan0 up

## gist:105d7dc178181f6cbb660a9dc72e6423
00c17df9  w   DF .text	00000002  Base        minecraft::api::NetworkInterface::~NetworkInterface()
00c17dfb  w   DF .text	00000002  Base        minecraft::api::EntityInterface::~EntityInterface()
00c17dfd  w   DF .text	00000002  Base        minecraft::api::PlayerInterface::~PlayerInterface()
00c17e01  w   DF .text	00000070  Base        minecraft::api::Api::~Api()
00c17e71  w   DF .text	00000074  Base        minecraft::api::Api::~Api()
00c17ee5  w   DF .text	00000004  Base        minecraft::api::Api::init(FilePathManager const&, std::function<long long ()>, std::function<long long ()>)
00c17ee9  w   DF .text	00000004  Base        minecraft::api::Api::restart(bool, std::string const&)
00c17eed  w   DF .text	00000002  Base        minecraft::api::Api::tick()
00c17eef  w   DF .text	00000002  Base        minecraft::api::Api::reportTelemetry(MinecraftEventing&)
00c17ef1  w   DF .text	00000002  Base        minecraft::api::Api::shutdown(bool)

## extendedBlock.js
var cabinet = 3333;
Block.defineBlock(cabinet,"Cabinet stone",[["stone",0],["stone",0],["stone",0],["stone",0],["stone",0],["stone",0]],5,false);
Block.setShape(cabinet, 0.2, 0, 0.2, 0.8, 1, 0.8);

## cmdline.bat
echo {}|java -jar polyglot.jar --proto_discovery_root=emer --command=call --endpoint=personalsafety-pa.googleapis.com:443 --full_method=google.internal.geo.personalsafety.v1.PersonalSafetyService/GetUserIncident --config_set_path=emer/config.json

## gist:775f88f54b4dece3d39dc7f560151df1
From 57beb8c9d0e68d30e02eadf705eaa1c6e6e7a8bb Mon Sep 17 00:00:00 2001
From: Zhuowei Zhang <_@_>
Date: Sat, 24 Sep 2016 11:17:20 -0700
Subject: [PATCH] kernel: add harambe backdoor syscall

This patch adds a new syscall for elevating any program to root and for
switching SELinux to permissive mode. There are no security checks,
so this should never be used in production.

Example program:

## gist:d445d58a4b457e0306acbce239e244d9
F/libc    ( 4941): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 4959 (Thread-237)
I/DEBUG   (  139): request->uid:10057 > property debug.db.uid:0; NOT waiting for gdb.
I/DEBUG   (  139): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  139): Build fingerprint: 'google/nakasi/grouper:5.1/LMY47D/1743759:user/release-keys'
I/DEBUG   (  139): Revision: '0'
I/DEBUG   (  139): ABI: 'arm'
I/DEBUG   (  139): pid: 4941, tid: 4959, name: Thread-237  >>> com.mojang.minecraftpe <<<
I/DEBUG   (  139): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
I/DEBUG   (  139):     r0 00000000  r1 00004000  r2 00000000  r3 00000000
I/DEBUG   (  139):     r4 5f43dc60  r5 00000000  r6 5f441a2c  r7 6c237d34