Skip to content

Instantly share code, notes, and snippets.

View zhuowei's full-sized avatar

zhuowei

View GitHub Profile
@zhuowei
zhuowei / _header.txt
Last active February 9, 2024 07:37
Counting number of top iPad apps marked as available on visionOS
Business, Free: 71/100
Business, Paid: 84/100
Weather, Free: 92/100
Weather, Paid: 89/100
Utilities, Free: 75/100
Utilities, Paid: 77/100
Travel, Free: 89/100
Travel, Paid: 86/100
Sports, Free: 78/100
Sports, Paid: 77/100
Also see https://github.com/zhuowei/CoreTrustDemo/blob/main/littlemis.txt for my previous notes
first time X509ChainCheckPathWithOptions, param3 (options) is null
second time X509ChainCheckPathWithOptions, param3 (options) is set
-> This is the call out of CTEvaluateAMFICodeSignatureCMS_MaxDigestType, and is the one that sets the flags
struct ContentInfoSignedData {
int always4; // 0x0
void* someBufferFromCTParseContentInfoSignedDataArg6; // 0x8
// ?
@zhuowei
zhuowei / disneyplus_removed.txt
Created May 27, 2023 22:09
The 72 shows removed from Disney+ en-US on 2023-05-26
@Gina Yei: #WithAllMyHeartAndMore
A Very Boy Band Holiday
America the Beautiful
Among the Stars
Artemis Fowl
Be Our Chef
Bear Witness
Best in Snow
Better Nate Than Ever
Beyond Infinity: Buzz and the Journey to Lightyear
@zhuowei
zhuowei / reachable_services.txt
Created February 21, 2023 06:26
Reachable Mach services from the app sandbox on iOS 16.1
PurpleSystemAppPort
PurpleSystemEventPort
UIASTNotificationCenter
com.apple.ABDatabaseDoctor
com.apple.AppSSO.service-xpc
com.apple.AuthenticationServicesCore.AuthenticationServicesAgent
com.apple.CARenderServer
com.apple.ClipServices.clipserviced
com.apple.CoreAuthentication.daemon
com.apple.DeviceAccess.xpc
@import Darwin;
@import Foundation;
@import MachO;
#import <mach-o/fixup-chains.h>
// you'll need helpers.m from Ian Beer's write_no_write and vm_unaligned_copy_switch_race.m from
// WDBFontOverwrite
// Also, set an NSAppleMusicUsageDescription in Info.plist (can be anything)
// Please don't call this code on iOS 14 or below
// (This temporarily overwrites tccd, and on iOS 14 and above changes do not revert on reboot)
import png
import sys
with open(sys.argv[1], "rb") as infile:
chunks = list(png.Reader(file=infile).chunks())
chunks.insert(1, (b"cICP", bytes([9, 16, 0, 1])))
with open(sys.argv[2], "wb") as outfile:
png.write_chunks(outfile, chunks)
@zhuowei
zhuowei / addcicp.py
Created September 5, 2022 05:16
Adds a cICP tag to PNG files
import sys
from PIL import Image, PngImagePlugin
# adds a cICP chunk to PNG files to specify color gamut and HDR brightness.
# This example uses the sample BT2020 + PQ cICP chunk from https://w3c.github.io/PNG-spec/#11cICP
# Requires Pillow >8.0.0. See https://github.com/python-pillow/Pillow/pull/4292
# View the resulting PNG in an app that supports cICP chunks, such as Chrome 105+
# (https://chromium-review.googlesource.com/c/chromium/src/+/3705739)
# For more information about CICP, see https://github.com/AOMediaCodec/libavif/wiki/CICP
# enable AMCC read-only region lockdown in m1n1 on M1 (Mac Mini 2020) for testing
# see https://github.com/AsahiLinux/m1n1/blob/v1.1.4/src/mcc.c
# https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.50.7.100.1/osfmk/arm64/amcc_rorgn.c
lockdownstart = 0x8_4000_0000
# amcc's protection page size seems to be 0x8000?
lockdownend = 0x8_4000_8000
rambase = 0x8_0000_0000
for plane in range(3, -1, -1):
print(hex(0x2_0000_0000 + 0x40000*plane + 0x680))
write32(0x2_0000_0000 + 0x40000*plane + 0x680, (lockdownstart - rambase) >> 14)
--- crash at 2022/05/01 21:19:21---
build:7a75bff14545-1.10.0-release.135263-buildbot
r0:00000000 r1:00000000 r2:00030ca0 r3: 00000000
r12:00003fe0 lr:0802f343 pc:0802f354 psr: 21000000
cfsr:00010000 hfsr:40000000 mmfar:00000000 bfar: 00000000
rcccsr:00000000
heap allocated: 63008
Lua totalbytes=0 GCdebt=0 GCestimate=0 stacksize=0
--- crash at 2022/05/01 21:19:53---
@zhuowei
zhuowei / t.py
Created November 19, 2021 06:03
Proof that the NFT Bay's torrent is mostly zeroes
import libtorrent as lt
# usage:
# sudo apt install python3-libtorrent
# wget https://thenftbay.org/billion-dollar-nft-torrent.torrent
# python3 t.py
info = lt.torrent_info("billion-dollar-nft-torrent.torrent")
print("Number of pieces: ", info.num_pieces())
print("dumping piece hashes:")