#asahi-re on 2021-12-05 — irc logs at oftc.irclog.whitequark.org

2021-07-26 22:57 ChanServ changed the topic of #asahi-re to: Asahi Linux: porting Linux to Apple Silicon macs | Hardware / boot process / firmware interface reverse engineering | WARNING: this channel (only) may contain binary reverse engineering discussion | RE policy: https://alx.sh/re (MANDATORY READ) | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Logs: https://alx.sh/l/asahi-re

04:00 PhilippvK has joined #asahi-re

04:04 phiologe has quit [Ping timeout: 480 seconds]

06:46 maor26 has joined #asahi-re

07:43 the_lanetly_052__ has joined #asahi-re

08:12 the_lanetly_052__ has quit [Ping timeout: 480 seconds]

08:58 Dcow has joined #asahi-re

08:58 Dcow_ has quit [Read error: Connection reset by peer]

09:16 riker77 has quit [Quit: Quitting IRC - gone for good...]

09:17 the_lanetly_052__ has joined #asahi-re

09:33 gwyef has joined #asahi-re

09:46 gwyef has quit [Remote host closed the connection]

09:54 riker77 has joined #asahi-re

10:51 the_lanetly_052___ has joined #asahi-re

10:55 <sven> marcan: so here's something that may be going on: the rtkit reset vector checks some kind of resume flag and if has an unexpected value (0xbaadf1ac) it'll go to a while(1); loop. and i think it'll always have the unexpected value once rtkit is up and running

10:56 <sven> and i think if you send that powerdown message it'll overwrite that value to something else

10:56 <sven> and then a reset will work

10:56 <sven> still need to confirm this though, the code is a bit annoying to follow

10:58 the_lanetly_052__ has quit [Ping timeout: 480 seconds]

12:53 <sven> hrm, or maybe not. it changes VBAR at some point

12:59 <sven> but i guess that might also be reset to its original value if the PMGR reset is a true hard reset

14:54 the_lanetly_052__ has joined #asahi-re

15:00 the_lanetly_052___ has quit [Ping timeout: 480 seconds]

15:35 sikkiladho[m] has joined #asahi-re

16:15 steve has joined #asahi-re

16:15 steve is now known as Guest7639

16:15 the_lanetly_052 has joined #asahi-re

16:20 the_lanetly_052__ has quit [Ping timeout: 480 seconds]

16:24 Mary has quit [Quit: The Lounge - https://thelounge.chat]

16:24 Mary has joined #asahi-re

16:26 Mary has quit []

16:26 Mary has joined #asahi-re

16:26 Mary has quit []

16:27 Mary has joined #asahi-re

16:33 the_lanetly_052 has quit [Ping timeout: 480 seconds]

17:04 the_lanetly_052 has joined #asahi-re

17:34 maor26 has quit [Quit: Leaving]

20:14 <marcan> sven: it's weird that sometimes I got it to start the rtkit init and fail later

20:14 <marcan> but I was also playing with sending NMIs; not sure if that's required to cause that to happen (and it's not consistent anyway)

20:15 <sven> the mmi is another while(1); loop in the firmware I think

20:15 <sven> *nmi

20:16 <sven> or, well

20:16 <sven> it'll try to send a crashlog and then spin forever

20:16 <marcan> heh

20:17 <marcan> I haven't seen it try to send a crashlog

20:17 <sven> did you send the nmi after it got a crashlog buffer?

22:17 <sven> hrm, i think it's actually that flag in the data section which we can't access for DCP :(

22:17 <sven> erm

22:17 <sven> *for ANS

22:18 <sven> i'll check tomorrow if i can revive any of the coprocs where we can access that flag

22:20 <sven> (and unless there's something like KTRR this also gives trivial code exec on all coprocs where we can write to the data section by overwriting the stuff it stores in that section during hibernate)

23:00 yrlf has quit [Quit: The Lounge - https://thelounge.chat]

23:01 yrlf has joined #asahi-re

23:06 yuyichao_ has quit [Quit: Konversation terminated!]

23:07 yuyichao has joined #asahi-re