Skip to content

Instantly share code, notes, and snippets.

View zhuowei's full-sized avatar

zhuowei

2.6k followers · 20 following
View GitHub Profile
@zhuowei
zhuowei / msgctl_Analyzing XNU IPC Security.md
Created May 15, 2026 04:41

Chat Conversation

Note: This is purely the output of the chat conversation and does not contain any raw data, codebase snippets, etc. used to generate the output.

User Input

msgctl in bsd/kern/sysv_msg.c, when handling IPC_SET, calls SYSV_MSG_SUBSYS_UNLOCK to drop the lock before running copyin. Why is this unsafe?

Grep searched codebase

@zhuowei
zhuowei / codex_deep_links.md
Last active April 18, 2026 06:21
Codex app deep link schemes
@zhuowei
zhuowei / stringsLiterals_uuids.txt
Created February 28, 2026 07:11
```
{
"value": "00001624-1212-efde-1623-785feabcd123",
"address": "0x7498120"
},
{
"value": "00001625-1212-efde-1623-785feabcd123",
"address": "0x7498128"
},
{
@zhuowei
zhuowei / strings_hw4-customer_p11_smartbrick-upgrade-v0.72.1.txt
Created February 26, 2026 05:57
6000.1.17f1
hw4-customer_p11_smartbrick-upgrade-v0.72.1
~P11
ROFS
P11@
Lqlq
0l @
0l @
~o'?
4o$?
@zhuowei
zhuowei / strings_p11_smartbrick-upgrade-v0.48.2-hw4.bad.crc.txt
Created February 26, 2026 05:52
6000.1.17f1
p11_smartbrick-upgrade-v0.48.2-hw4.bad.crc
~P11
o(Nc
ROFS
P11@
Lqlq
0l @
0l @
~o'?
@zhuowei
zhuowei / strings_lego_grep_protocol_processors.txt
Created February 26, 2026 05:43
$ strings - base/assets/bin/Data/Managed/Metadata/global-metadata.dat |grep ProtocolProcessors
LEGO.Connectkit.ProtocolProcessors
LEGO.Connectkit.ProtocolProcessors.dll
ConnectKit.ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.SignCommand
ConnectKit.ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.Property
ProtocolProcessors
ProtocolProcessors.WirelessDataExchangeProtocol
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.Verify
@zhuowei
zhuowei / wdx_strings.txt
Created February 26, 2026 03:34
$ strings - ./assets/bin/Data/Managed/Metadata/global-metadata.dat|grep WDXClient
ConnectKit.ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.SignCommand
ConnectKit.ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.Property
ConnectKit.WirelessDataExchangeProtocol.WDXClient.Validators
ConnectKit.WirelessDataExchangeProtocol.WDXClient.States.FetchFile
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.Verify
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.UploadFile
ProtocolProcessors.WirelessDataExchangeProtocol.WDXClient.States.EraseFile
@zhuowei
zhuowei / enable_trust_deriving_tx_hash.txt
Created February 17, 2026 04:43
airshield::SHA256::Incremental::update: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
70cc5380a8 05 b5 e3 76 dd 00 17 f1 9a d3 78 b4 95 18 7f 72 ...v......x....r
airshield::SHA256::Incremental::update: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
70cc5381b8 01 57 b2 f6 7f fa 0b 00 be f0 05 fd d8 4c b0 5b .W...........L.[
70cc5381c8 dc a2 1f 81 35 a9 c1 12 d5 36 34 e2 85 6c e4 15 ....5....64..l..
airshield::SHA256::Incremental::update: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
6e1575a8d0 7e 50 30 2f 39 85 0e 06 9a 1f fb 4d 9c 06 60 e9 ~P0/9......M..`.
6e1575a8e0 72 c7 b1 2d c1 49 68 01 14 11 e3 36 6b 5a b6 ef r..-.Ih....6kZ..
6e1575a8f0 35 85 4c 82 f5 7b e4 23 b0 32 78 6f 1f c8 c0 a5 5.L..{.#.2xo....
6e1575a900 3d a9 16 aa 46 6c 34 cd b2 da d6 4d 1b e4 97 7b =...Fl4....M...{
@zhuowei
zhuowei / checksign_enable_trust.py
Created February 17, 2026 04:15
from cryptography.hazmat.primitives.asymmetric import ec, utils
from cryptography.hazmat.primitives import hashes
# validating Meta Ray-Ban's communication protocol's EnableTrust message
"""
logcat:
10-31 01:31:36.281 16311 17245 I BleConnection-Hypernova: Started enable trust process
10-31 01:31:36.284 16311 17245 I connectivity::Identity: ----------------------------------------------
10-31 01:31:36.284 16311 17245 I connectivity::Identity: Enable Trust
@zhuowei
zhuowei / gist:970917f896b50f343c5865bba163f574
Created February 1, 2026 22:52
02-01 15:50:41.440 1054 2886 I AirTrafficControl: Assigned p/com.meta.smartglass.app.oobe/i/28218 to companion service hypernova_onboarding (7003)
02-01 17:50:10.843 11614 11664 I AirTrafficControl: Assigned p/enforcement/i/15 to companion service smartglasses_battery_insight (48)
02-01 17:50:10.843 11614 11919 I AirTrafficControl: Assigned p/communicationservice/i/20 to companion service wearables_whatsapp_linking (89)
02-01 17:50:10.844 11614 11917 I AirTrafficControl: Assigned p/mediamanagement/i/22 to companion service smartglasses_media_management (18)
02-01 17:50:10.844 11614 11916 I AirTrafficControl: Assigned p/driveservice/i/23 to companion service rl_drive (33)
02-01 17:50:10.844 11614 11913 I AirTrafficControl: Assigned p/sgnotificationingestionservice/i/21 to companion service sg_wearable_notification (46)
02-01 17:50:10.844 11614 11917 I AirTrafficControl: Assigned p/navigationservice/i/25 to companion service smartglasses_navigation (42)
02-01 17:50:10.844 11614 11913 I AirTrafficControl: Ass