As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to
/* | |
* blasty-vs-pkexec.c -- by blasty <peter@haxx.in> | |
* ------------------------------------------------ | |
* PoC for CVE-2021-4034, shout out to Qualys | |
* | |
* ctf quality exploit | |
* | |
* bla bla irresponsible disclosure | |
* | |
* -- blasty // 2022-01-25 |
These are notes I've taken while rying to get srslte
up and running. This is messy, sorry...
Dependencies:
sudo apt install tree vim git g++ make cmake pkg-config libpython-dev python-numpy swig libi2c-dev libusb-1.0-0-dev libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev gnuradio
Enable DCI debugging on Gigabyte-BKi5HA-7200 | |
-------------------------------------------- | |
The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a | |
special cable that crosses only the data signals and has the power signals | |
removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html | |
The hurdle you have to overcome before you can access DCI however is that you | |
need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores. | |
There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools: |
#!/usr/bin/env bash | |
echo "Select disk:" | |
select CHOICE_DISK in $(ls /dev/disk/by-id/ | grep -v "\-part"); | |
do | |
echo "Selected ${CHOICE_DISK}" | |
break | |
done |
''' | |
########################################################################### | |
Extract SW SMI handlers information from SMRAM dump of Skylake based | |
AMI Aptio V firmware. | |
To use full capabilities of this tool you need to install UEFIDump | |
(https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils | |
(https://github.com/snare/ida-efiutils) and edit corresponding variables | |
below. |
This homebrewed notation I typically use when evaluating secure boot designs of embedded devices. It doesn't apply accurately for the iOS review, hides the key-wrapping schema for example. But it's enough to keep track of storage location of secrets and some interdependency.
pfk = 256bit per_file_key
void **find_sys_call_table(void *kernel_addr, int kernel_size) | |
{ | |
/* | |
Check for the system_call_fastpath() signature, hand-written piece of | |
assembly code from arch/x86/kernel/entry_64.S: | |
ja badsys | |
mov rcx, r10 | |
call sys_call_table[rax * 8] | |
mov [rsp + 20h], rax |
I've been a MacPorts user for quite awhile now. There was nothing religious about the decision - on my first day of work I was handed a new Macbook Pro and proceeded to set up a development environment. Tried to, anyway. While I'd been an avid Mac user for most of my life I'd never actually used it for serious web development - I did some small work back in the 90's but that was the days of OS9 and it was all un-Unixy. Long story short: I was a newb at developing on OSX.
Being an Ubuntu user, I was pretty spoiled by apt-get
. After about three mintues of trying to compile stuff myself I marched back into my boss's office and asked if there was a package manager for OSX. He directed me to the Mac Ports website and I left extremely relieved. I think I ran across Homebrew at some point but I never explored it further.
For about three months this was satisfactory. MacPorts works well enough but it has a habit of annoying you at certain intersections. The biggest problem, though, was that the rest of the wo
/* | |
* fork.c | |
* Experimental fork() on Windows. Requires NT 6 subsystem or | |
* newer. | |
* | |
* Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
* | |
* Permission to use, copy, modify, and/or distribute this software for any | |
* purpose with or without fee is hereby granted, provided that the above | |
* copyright notice and this permission notice appear in all copies. |