Skip to content

Instantly share code, notes, and snippets.

Avatar

zhuowei

View GitHub Profile
@zhuowei
zhuowei / reachable_services.txt
Created February 21, 2023 06:26
Reachable Mach services from the app sandbox on iOS 16.1
View reachable_services.txt
PurpleSystemAppPort
PurpleSystemEventPort
UIASTNotificationCenter
com.apple.ABDatabaseDoctor
com.apple.AppSSO.service-xpc
com.apple.AuthenticationServicesCore.AuthenticationServicesAgent
com.apple.CARenderServer
com.apple.ClipServices.clipserviced
com.apple.CoreAuthentication.daemon
com.apple.DeviceAccess.xpc
View grant_full_disk_access.m
@import Darwin;
@import Foundation;
@import MachO;
#import <mach-o/fixup-chains.h>
// you'll need helpers.m from Ian Beer's write_no_write and vm_unaligned_copy_switch_race.m from
// WDBFontOverwrite
// Also, set an NSAppleMusicUsageDescription in Info.plist (can be anything)
// Please don't call this code on iOS 14 or below
// (This temporarily overwrites tccd, and on iOS 14 and above changes do not revert on reboot)
View addcicp.py
import png
import sys
with open(sys.argv[1], "rb") as infile:
chunks = list(png.Reader(file=infile).chunks())
chunks.insert(1, (b"cICP", bytes([9, 16, 0, 1])))
with open(sys.argv[2], "wb") as outfile:
png.write_chunks(outfile, chunks)
@zhuowei
zhuowei / addcicp.py
Created September 5, 2022 05:16
Adds a cICP tag to PNG files
View addcicp.py
import sys
from PIL import Image, PngImagePlugin
# adds a cICP chunk to PNG files to specify color gamut and HDR brightness.
# This example uses the sample BT2020 + PQ cICP chunk from https://w3c.github.io/PNG-spec/#11cICP
# Requires Pillow >8.0.0. See https://github.com/python-pillow/Pillow/pull/4292
# View the resulting PNG in an app that supports cICP chunks, such as Chrome 105+
# (https://chromium-review.googlesource.com/c/chromium/src/+/3705739)
# For more information about CICP, see https://github.com/AOMediaCodec/libavif/wiki/CICP
View m1n1_lockdown.py
# enable AMCC read-only region lockdown in m1n1 on M1 (Mac Mini 2020) for testing
# see https://github.com/AsahiLinux/m1n1/blob/v1.1.4/src/mcc.c
# https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.50.7.100.1/osfmk/arm64/amcc_rorgn.c
lockdownstart = 0x8_4000_0000
# amcc's protection page size seems to be 0x8000?
lockdownend = 0x8_4000_8000
rambase = 0x8_0000_0000
for plane in range(3, -1, -1):
print(hex(0x2_0000_0000 + 0x40000*plane + 0x680))
write32(0x2_0000_0000 + 0x40000*plane + 0x680, (lockdownstart - rambase) >> 14)
View crashlog.txt
--- crash at 2022/05/01 21:19:21---
build:7a75bff14545-1.10.0-release.135263-buildbot
r0:00000000 r1:00000000 r2:00030ca0 r3: 00000000
r12:00003fe0 lr:0802f343 pc:0802f354 psr: 21000000
cfsr:00010000 hfsr:40000000 mmfar:00000000 bfar: 00000000
rcccsr:00000000
heap allocated: 63008
Lua totalbytes=0 GCdebt=0 GCestimate=0 stacksize=0
--- crash at 2022/05/01 21:19:53---
@zhuowei
zhuowei / t.py
Created November 19, 2021 06:03
Proof that the NFT Bay's torrent is mostly zeroes
View t.py
import libtorrent as lt
# usage:
# sudo apt install python3-libtorrent
# wget https://thenftbay.org/billion-dollar-nft-torrent.torrent
# python3 t.py
info = lt.torrent_info("billion-dollar-nft-torrent.torrent")
print("Number of pieces: ", info.num_pieces())
print("dumping piece hashes:")
View softsim.md

SoftSIM across two computers: this doesn't work and I don't know why; can someone help

On the bluetooth computer:

sudo sdptool browse 00:11:22:33:44:55
<snip>
Service Name: SIM Access
Service RecHandle: 0x1000c
Service Class ID List:
View softsim_doesnt_work.txt
zhuowei@faith:~/softsim$ ruby src/demo_client.rb -s tcp -p 23366 --host 192.168.1.13 -t info -v 5
/home/zhuowei/softsim/src/lib/apdu.rb:140: warning: key 28493 is duplicated and overwritten on line 140
"-s"
"-p"
"--host"
"-t"
"-v"
[state] state set to not_connected
[client] connecting
[msg send] < CONNECT_REQ (00)
View strings.xml
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="__external__btn_shutter_desc">Take a photo</string>
<string name="__external__credit_card_permissions_allow">Allow camera access</string>
<string name="__external__credit_card_permissions_deny">"Don't allow camera access"</string>
<string name="__external__credit_card_permissions_explanation">"Then you'll be able to scan your card. You can change this in your settings any time."</string>
<string name="__external__credit_card_permissions_title_fb">Allow Facebook to access your camera</string>
<string name="__external__download_failed_body">"Check your device's network connection and try again."</string>
<string name="__external__download_failed_title">No network connection</string>
<string name="__external__download_retry">Try again</string>