claude spent less than half an hour and 3 prompts retry to finish an 0-click preauth exploit for DaVinci Resolve.
I don't know whether it's Holywood fucked or my job is fucked up
I highly suspect DaVinci has LAN unauthenticated RCE but too lazy to poc. Claude did it in 5 minutes.
Unemployment is on the way.
No, the correct way is just don't use amfi_get_out_of_my_way, but frida
$ sudo frida amfid -l hook.ts
import ObjC from "frida-objc-bridge";
Interceptor.attach(
ObjC.classes.AMFIPathValidator_macos["- validateWithError:"].implementation,
{
onEnter(args) {
const self = new ObjC.Object(args[0]);
const url = self.codePath();
const name = url.path().lastPathComponent().toString();
console.log(`-[AMFIPathValidator_macos validateWithError:${args[2]}]`);
// console.log(self.cdhashAsData());
// console.log(self.teamIdentifier());
// console.log(self.infoPlist());
if (name === "vphone-cli.app") this.bypass = true;
},
onLeave(retval) {
if (this.bypass) retval.replace(ptr(1));
},
},
);
Frida Workbench for VSCode v0.11.5
https://marketplace.visualstudio.com/items?itemName=CodeColorist.vscode-frida
- Enhanced auto complete for classes and methods, both Java and ObjC
- Explore classses and modules, generate hook template directly
- If you have Copilot enabled, it can generate more accurate native hook to print args (yeah can't help to make it microslop)
