This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
| export PATH=/data/data/com.termux/files/usr/bin:$PATH | |
| sshd \ | |
| -D -dd \ | |
| -p 2222 -e |
| iPhone:~ root# nvram bootdelay=10 | |
| iPhone:~ root# nvram -p | |
| auto-boot true | |
| bootdelay 10 | |
| backlight-level 1507 | |
| restore-step-monitor {0x11010207:"wifexited"} | |
| restore-step-warnings {0x11060100:{0:"NVRAM access is not currently available"}} | |
| debug-uarts 3 | |
| boot-args serial=3 | |
| boot-command fsboot |
| ====================================================================================== | |
| ====================================================================================== | |
| == Tweedle D & Tweedle dum! ========================================================== | |
| ====================================================================================== | |
| ====================================================================================== | |
| Sun, 25 Oct 2020 4:44PM PST.... ====================================================== | |
| Author: NOBODY (et-al) =============================================================== | |
| ====================================================================================== | |
| = OR 'hello world of TMM & PKA' ====================================================== |
CALISHOT is a specialised search engine to unearth books on open calibre servers.
It allows you to search ebooks in full text across them or to browse the database by facets: authors, language, year, series, tags ... You can even run your own queries in SQL.
These servers are often up and down so, for now, the data are regularly updated and new snasphots are posted on ...
brew install usbmuxdiproxy 2222 44checkra1n exploit locally, run: brew install checkra1nalpline.
| #!/bin/bash | |
| # If you like this script and my work on libimobiledevice, please | |
| # consider becoming a patron at https://patreon.com/nikias - Thanks <3 | |
| REV=1.0.19 | |
| if test "`echo -e Test`" != "Test" 2>&1; then | |
| echo Please run this with zsh or bash. | |
| exit 1 |
| There is a bug in SEPROM, at least up to A10 (the one I reversed), in the trustzone bounds checks. | |
| The trustzone is setup by the main AP in an early boot stage and because of that SEPROM has to verify that it's setup correctly before continuing to boot SEPOS. | |
| Otherwise the AP could write to SEPOS RAM and with that it might be able to get code execution on the SEP. | |
| The verification is done by first checking if the trustzone values are locked and then if they are correct. | |
| Those values are stored in hardware registers that both processors share. | |
| The registers are 32 bit tho and because of that apple decided to shift the address down by 12 bits before putting it into the registers. | |
| This means that if you want to lock down 0x1000000 to 0x2000000 you will actually write 0x1000 and 0x2000 to the registers. | |
| On the other side SEPROM loads these values from the hardware registers again. | |
| But instead of just comparing them against some constant it shifts up all of those values by 12 bits again before doing any check on |
| // | |
| // AKNativeAnisetteService.m | |
| // akd | |
| // | |
| // Created by Scott Knight on 5/10/19. | |
| // Copyright © 2019 Scott Knight. All rights reserved. | |
| // | |
| #import <AuthKit/AuthKit.h> | |
| #import "AKNativeAnisetteService.h" |