Dmytro Oleksiuk Cr4sh

[GUIDE] How to change IMEI on Snapdragon devices

FOR EDUCATIONAL PURPOSE ONLY, CHANGING IMEI IS ILLEGAL IN MOST COUNTRIES, MAKE SURE YOU CONVINCE YOUR ACTIONS BEFORE DOING THIS.

I DON'T RESPONSIBLE IF YOUR DEVICE IS BROKEN OR THE IMEI IS NOT CHANGED CAUSED BY YOU DIDN'T FOLLOW THE STEPS CAREFULLY OR HAVING A DIFFERENT EFS PARTITION SCHEME.

This guide was tested on Google Pixel 3, different device may also have a different EFS partition scheme, please make sure you adjust it with this guide. Other Google Pixel devices may use this guide without adjusting.

Prerequisites:

Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to

srsLTE notes

These are notes I've taken while rying to get srslte up and running. This is messy, sorry...

Working solution - LimeSDR + SoapySDR + srsLTE

Dependencies:

sudo apt install tree vim git g++ make cmake pkg-config libpython-dev python-numpy swig libi2c-dev libusb-1.0-0-dev libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev gnuradio

Notation iOS 9

This homebrewed notation I typically use when evaluating secure boot designs of embedded devices. It doesn't apply accurately for the iOS review, hides the key-wrapping schema for example. But it's enough to keep track of storage location of secrets and some interdependency.

pfk                  = 256bit per_file_key

I've been a MacPorts user for quite awhile now. There was nothing religious about the decision - on my first day of work I was handed a new Macbook Pro and proceeded to set up a development environment. Tried to, anyway. While I'd been an avid Mac user for most of my life I'd never actually used it for serious web development - I did some small work back in the 90's but that was the days of OS9 and it was all un-Unixy. Long story short: I was a newb at developing on OSX.

Being an Ubuntu user, I was pretty spoiled by apt-get. After about three mintues of trying to compile stuff myself I marched back into my boss's office and asked if there was a package manager for OSX. He directed me to the Mac Ports website and I left extremely relieved. I think I ran across Homebrew at some point but I never explored it further.

For about three months this was satisfactory. MacPorts works well enough but it has a habit of annoying you at certain intersections. The biggest problem, though, was that the rest of the wo

	/*
	* blasty-vs-pkexec.c -- by blasty <[email protected]>
	* ------------------------------------------------
	* PoC for CVE-2021-4034, shout out to Qualys
	*
	* ctf quality exploit
	*
	* bla bla irresponsible disclosure
	*
	* -- blasty // 2022-01-25

	Enable DCI debugging on Gigabyte-BKi5HA-7200
	--------------------------------------------

	The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a
	special cable that crosses only the data signals and has the power signals
	removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html
	The hurdle you have to overcome before you can access DCI however is that you
	need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores.
	There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools:

	#!/usr/bin/env bash


	echo "Select disk:"
	select CHOICE_DISK in $(ls /dev/disk/by-id/ \| grep -v "\-part");
	do
	echo "Selected ${CHOICE_DISK}"
	break
	done

	'''
	###########################################################################

	Extract SW SMI handlers information from SMRAM dump of Skylake based
	AMI Aptio V firmware.

	To use full capabilities of this tool you need to install UEFIDump
	(https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils
	(https://github.com/snare/ida-efiutils) and edit corresponding variables
	below.

	void *find_sys_call_table(void kernel_addr, int kernel_size)
	{
	/*
	Check for the system_call_fastpath() signature, hand-written piece of
	assembly code from arch/x86/kernel/entry_64.S:

	ja badsys
	mov rcx, r10
	call sys_call_table[rax * 8]
	mov [rsp + 20h], rax