On Wed, Oct 28, 2020 at 06:04:56PM -0700, Joelle van Dyne wrote:
> Will fix the typo in the commit message.
>
> Re: "reverse engineered functions", Apple does not provide any
> documentation on their extensions to ARM architecture. APRR is one
> such proprietary feature that is controlled by MRS/M
Will fix the typo in the commit message.
Re: "reverse engineered functions", Apple does not provide any
documentation on their extensions to ARM architecture. APRR is one
such proprietary feature that is controlled by MRS/MSR writes to an
undocumented system register. We reverse engineered the fun
On Tue, Oct 27, 2020 at 08:07:00PM -0700, Joelle van Dyne wrote:
> On iOS, we cannot allocate RWX pages without special entitlements. As a
> workaround, we can allocate a RX region and then mirror map it to a separate
> RX region. Then we can write to one region and execute from the other one.
"se
On iOS, we cannot allocate RWX pages without special entitlements. As a
workaround, we can allocate a RX region and then mirror map it to a separate
RX region. Then we can write to one region and execute from the other one.
When entitlements are available (macOS or jailbroken iOS), a hardware
feat
