Skip to content

Instantly share code, notes, and snippets.

View arm64eabi's full-sized avatar

arm64eabi

0 followers · 22 following
View GitHub Profile
@wh1te4ever
wh1te4ever / TrollDetector.m
Last active April 7, 2025 05:30
TrollStore Detector
//
// ViewController.m
// JBDetectTest
//
// Created by seo on 3/27/25.
//
#import "ViewController.h"
#import <dlfcn.h>
@justtryingthingsout
justtryingthingsout / l2c_sts.txt
Last active February 13, 2025 09:11
Graphics AGX L2C Error Status (0x206140008 in Operation Triangulation)
0x206140008:
rsvd_63
cfgerren Enable error register locking and asynch reporting when CfgErrESV is set
chksnphit Deprecated
chkdatecc If set check data ECC, enable single bit error correction, log status. If clear
do not check data ECC, don't correct errors, don't log status.
injdatratedbe Rate at which double random ECC errors are injected. The rate is approximately
(2^(2*InjDatRateDbe)) accesses 
@justtryingthingsout
justtryingthingsout / cramcfg.txt
Last active February 13, 2025 09:11
Graphics AGX L2 CRAM Configuration (0x206140108 in Operation Triangulation)
0x206140108:
b[63]: ready RAM available for use
b[62:30]: rsvd_62_30
b[29:24]: regionbase Base region within LLC (starting way). Base address does not change.
(EnableSize+RegionBase) must be less than or equal to (RegionNum+1) and EnableSize must be less than or equal to RegionNum.
b[23:22]: rsvd_23_22
b[21:16]: regionnum Number of supported regions
b[15:14]: rsvd_15_14
b[13:8]: regionsize Size of each region 2^N (000000:No L2 - feature not supported; ... ; 001110:16KB; 001111: 32KB; 010000:64KB; ...)
b[7:6]: rsvd_7_6
@opa334
opa334 / pplrw.m
Last active September 30, 2024 18:45
PPLRW on iOS < 16.6 (Needs mapping primitive) (Credits: Operation Triangulation by @oct0xor, @bzvr_, @kucher1n)
//
// pplrw.m
// kfd
//
// Created by Lars Fröder on 29.12.23.
//
#import <Foundation/Foundation.h>
#import <dlfcn.h>
#import <mach-o/dyld.h>
@b0gdanw
b0gdanw / Disable-Sonoma-Bloatware.sh
Last active April 17, 2025 04:19
#!/bin/zsh
# WARNING! The script is meant to show how and what can be disabled. Don’t use it as it is, adapt it to your needs.
# Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
# Disabling unwanted services on macOS Big Sur (11), macOS Monterey (12), macOS Ventura (13) and macOS Sonoma (14)
# Disabling SIP is required ("csrutil disable" from Terminal in Recovery)
# Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist, disabled.501.plist
# To revert, delete /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist and reboot; sudo rm -r /private/var/db/com.apple.xpc.launchd/*
# user
@matteyeux
matteyeux / f.md
Last active March 22, 2025 18:47
macOS and iOS Security Internals Advent Calendar
@marcan
marcan / tso.md
Created September 10, 2023 11:35
Apple TSO

ARM defines ACTLR_EL[321] as implementation defined.

Apple adds an IMPDEF ACTLR_EL12 as s3_6_c15_c14_6 and effectively implements VHE semantics. This does not seem to violate the architecture, since the register contents are IMPDEF anyway so nothing says they can't alias ACTLR_EL1 and ACTLR_EL2 together in EL2.

ACTLR_EL1 is trapped by HCR_EL2.TACR. It is also trapped by HACR_EL2<0> (which has all the controls for fine-grained Apple IMPDEF stuff).

In addition, AIDR_EL1 contains feature bits for Apple IMPDEF functionality. It is identical in EL1 and EL2 and is trapped by HCR_EL2.TID1 and HACR_EL2<4>.

TSO

@steven-michaud
steven-michaud / ThirdPartyKexts.md
Last active April 20, 2025 22:55
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to

@akemin-dayo
akemin-dayo / virtualapple-utm-link
Last active April 24, 2024 18:34
A cleaned up version of an internal script that I've been using while working on TotalFinder to create VirtualApple virtual machine instances that are hardlinked to a UTM virtual machine instance. It's particularly useful for entering One True recoveryOS (1TR) as well as using the other features found only in VirtualApple.
@b0gdanw
b0gdanw / Disable-Ventura-Bloatware.sh
Last active April 21, 2025 07:36
Disable Ventura Bloatware
#!/bin/zsh
# Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
# Disabling unwanted services on macOS Big Sur (11), macOS Monterey (12) and macOS Ventura (13)
# Disabling SIP is required ("csrutil disable" from Terminal in Recovery)
# Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist, disabled.501.plist
# To revert, delete /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist and reboot; sudo rm -r /private/var/db/com.apple.xpc.launchd/*
# user