Brightiup

@[email protected]
140 Followers
104 Following
25 Posts
BrightiupJan 20
Sven PeterDec 31

For those who missed my #Asahilinux #39c3 talk, it's available at https://media.ccc.de/v/39c3-asahi-linux-porting-linux-to-apple-silicon now.

I've also just pushed my slides to https://github.com/svenpeter42/39c3 and uploaded them as PDF to https://cfp.cccv.de/39c3/talk/YGHB9K/

Asahi Linux - Porting Linux to Apple Silicon

media.ccc.de
BrightiupOct 14
jiska 🦄Oct 13
Apple added new mitigations to iOS: SPTM, TXM, and Exclaves. Even in the case of a kernel compromise, various components stay protected. You can read about more technical details in Moritz' thesis: https://arxiv.org/abs/2510.09272
Modern iOS Security Features -- A Deep Dive into SPTM, TXM, and Exclaves

The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has immediate and significant effects on the entire system. Over the past few years, Apple has taken steps towards a more compartmentalized kernel architecture and a more microkernel-like design. To date, there has been no scientific discussion of SPTM and related security mechanisms. Therefore, the understanding of the system and the underlying security mechanisms is minimal. In this paper, we provide a comprehensive analysis of new security mechanisms and their interplay, and create the first conclusive writeup considering all current mitigations. SPTM acts as the sole authority regarding memory retyping. Our analysis reveals that, through SPTM domains based on frame retyping and memory mapping rule sets, SPTM introduces domains of trust into the system, effectively gapping different functionalities from one another. Gapped functionality includes the TXM, responsible for code signing and entitlement verification. We further demonstrate how this introduction lays the groundwork for the most recent security feature of Exclaves, and conduct an in-depth analysis of its communication mechanisms. We discover multifold ways of communication, most notably xnuproxy as a secure world request handler, and the Tightbeam IPC framework. The architecture changes are found to increase system security, with key and sensitive components being moved out of XNU's direct reach. This also provides additional security guarantees in the event of a kernel compromise, which is no longer an immediate threat at the highest trust level.

arXiv.org
BrightiupAug 12, 2025
I think today’s iOS security research is richer, more interesting, and covers more layers than ever before. Unfortunately, I didn’t find a single serious talk about it at Black Hat USA 2025.
BrightiupJul 16, 2025
jonpalmiscJul 16, 2025

Two new https://arm.jonpalmisc.com updates:

- the search bar should now return better results thanks to better page indexing; and

- when it doesn’t, there are now “all instructions” and “all registers” pages you can CMD+F manually.

Jon's Arm Reference

This site offers reference documentation for the AArch64 instruction set and system registers defined by the Armv8-A and Armv9-A architectures.

BrightiupJul 3, 2025
My C language teacher didn't cover: typedef int (func_t)(int);
BrightiupMay 27, 2024
Tried several times and always got the same result. Is there an issue with the kernelcache of iPhone16,1_17.5.1_21F90_Restore.ipsw?
BrightiupMay 23, 2024
Samuel GroßMay 22, 2024

Finally got around to publishing the slides of my OffensiveCon talk from ~two weeks ago. Sorry for the delay!

The V8 Heap Sandbox: https://saelo.github.io/presentations/offensivecon_24_the_v8_heap_sandbox.pdf

Fantastic conference, as usual! :)

BrightiupApr 21, 2024
seL4Apr 21, 2024
We're extremely pleased to announce a major milestone in the history of seL4: The proof of functional correctness for the 64-bit Arm architecture (AArch64) is complete!
Congratulations Proofcraft on this awesome achievement!
We're immensely grateful to UK's National Cyber Security Centre for for funding this work, which is of great importance to the seL4 ecosystem.
You now no longer have to chose between a verified kernel and a modern processor, you can have both 😁
https://sel4.systems/news/#aarch64-fc
News about seL4 and the seL4 Foundation | seL4

BrightiupApr 3, 2024
In the past year, I have been immersed in my research topic without paying much attention to many related vulnerabilities, which I would have been naturally interested in. Recently, I caught up on this knowledge. On one hand, I feel like I missed out on a lot, and on the other hand, I feel like I have learned a great deal.
BrightiupJan 26, 2024

In a few days— with the arrival of the Lunar New Year— this year will completely become the old year. Throughout the past year, during the process of exchanging thoughts with many colleagues and friends, especially those within the country, much of the content has been pessimistic about the environment. There have been discussions on how we should make the right choices and decisions, along with encouraging each other who may be feeling anxious and lost.

Hope the situation will improve soon, allowing us to be respectable technical professionals.