Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
zhuowei / reachable_services.txt
Created February 21, 2023 06:26
Reachable Mach services from the app sandbox on iOS 16.1
View reachable_services.txt
View grant_full_disk_access.m
@import Darwin;
@import Foundation;
@import MachO;
#import <mach-o/fixup-chains.h>
// you'll need helpers.m from Ian Beer's write_no_write and vm_unaligned_copy_switch_race.m from
// WDBFontOverwrite
// Also, set an NSAppleMusicUsageDescription in Info.plist (can be anything)
// Please don't call this code on iOS 14 or below
// (This temporarily overwrites tccd, and on iOS 14 and above changes do not revert on reboot)
import png
import sys
with open(sys.argv[1], "rb") as infile:
chunks = list(png.Reader(file=infile).chunks())
chunks.insert(1, (b"cICP", bytes([9, 16, 0, 1])))
with open(sys.argv[2], "wb") as outfile:
png.write_chunks(outfile, chunks)
zhuowei /
Created September 5, 2022 05:16
Adds a cICP tag to PNG files
import sys
from PIL import Image, PngImagePlugin
# adds a cICP chunk to PNG files to specify color gamut and HDR brightness.
# This example uses the sample BT2020 + PQ cICP chunk from
# Requires Pillow >8.0.0. See
# View the resulting PNG in an app that supports cICP chunks, such as Chrome 105+
# (
# For more information about CICP, see
# enable AMCC read-only region lockdown in m1n1 on M1 (Mac Mini 2020) for testing
# see
lockdownstart = 0x8_4000_0000
# amcc's protection page size seems to be 0x8000?
lockdownend = 0x8_4000_8000
rambase = 0x8_0000_0000
for plane in range(3, -1, -1):
print(hex(0x2_0000_0000 + 0x40000*plane + 0x680))
write32(0x2_0000_0000 + 0x40000*plane + 0x680, (lockdownstart - rambase) >> 14)
View crashlog.txt
--- crash at 2022/05/01 21:19:21---
r0:00000000 r1:00000000 r2:00030ca0 r3: 00000000
r12:00003fe0 lr:0802f343 pc:0802f354 psr: 21000000
cfsr:00010000 hfsr:40000000 mmfar:00000000 bfar: 00000000
heap allocated: 63008
Lua totalbytes=0 GCdebt=0 GCestimate=0 stacksize=0
--- crash at 2022/05/01 21:19:53---
zhuowei /
Created November 19, 2021 06:03
Proof that the NFT Bay's torrent is mostly zeroes
import libtorrent as lt
# usage:
# sudo apt install python3-libtorrent
# wget
# python3
info = lt.torrent_info("billion-dollar-nft-torrent.torrent")
print("Number of pieces: ", info.num_pieces())
print("dumping piece hashes:")

SoftSIM across two computers: this doesn't work and I don't know why; can someone help

On the bluetooth computer:

sudo sdptool browse 00:11:22:33:44:55
Service Name: SIM Access
Service RecHandle: 0x1000c
Service Class ID List:
View softsim_doesnt_work.txt
zhuowei@faith:~/softsim$ ruby src/demo_client.rb -s tcp -p 23366 --host -t info -v 5
/home/zhuowei/softsim/src/lib/apdu.rb:140: warning: key 28493 is duplicated and overwritten on line 140
[state] state set to not_connected
[client] connecting
[msg send] < CONNECT_REQ (00)
View strings.xml
<?xml version="1.0" encoding="utf-8"?>
<string name="__external__btn_shutter_desc">Take a photo</string>
<string name="__external__credit_card_permissions_allow">Allow camera access</string>
<string name="__external__credit_card_permissions_deny">"Don't allow camera access"</string>
<string name="__external__credit_card_permissions_explanation">"Then you'll be able to scan your card. You can change this in your settings any time."</string>
<string name="__external__credit_card_permissions_title_fb">Allow Facebook to access your camera</string>
<string name="__external__download_failed_body">"Check your device's network connection and try again."</string>
<string name="__external__download_failed_title">No network connection</string>
<string name="__external__download_retry">Try again</string>