<amarioguy>
dsharshakov: here's the short of it - the NOR region's name is called "SysCfg" it's what holds the serial number, device color, calibration data, etc (I haven't looked at it myself but that's part of it)
<amarioguy>
nuking this means iboot won't be able to load the devicetree with the right properties
<amarioguy>
which ends very badly wrt any restore attempts
nicolas17 has joined #asahi-re
<amarioguy>
alright time for decoding random endpoints episode 10
systwi has joined #asahi-re
systwi__ has quit [Ping timeout: 480 seconds]
tired has quit [Quit: /]
tired has joined #asahi-re
djorz has joined #asahi-re
goldsoultheory has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
chengsun has joined #asahi-re
chengsun_ has joined #asahi-re
systwi_ has joined #asahi-re
systwi has quit [Ping timeout: 480 seconds]
chengsun_ has quit [Quit: Quit]
chengsun has quit [Ping timeout: 480 seconds]
chengsun has joined #asahi-re
chengsun has quit []
chengsun has joined #asahi-re
chengsun has quit []
eiln has joined #asahi-re
chengsun has joined #asahi-re
<eiln>
i have been summoned by the keyword ane :P
<eiln>
i dont know how to say this without being an asshole but
<eiln>
not only is his work a very very small subsection of the npu but his entire work is ripped off of others' research without a full understanding of it
<eiln>
which i'd get if it's concatted into something that works, but i really can't build _anything_
<eiln>
let's take the second sentence for example,
<eiln>
you can see i went through the patent, figured out the encoding format ("Register Count" and "Register Address", specifically [31:24] and [23:0]), and derived the calculations behind the size of the "op"
<eiln>
this value is *integral* because it's an input to the function to one of the "trigger" regs. the request will *not* go through without that 0x274.
<eiln>
and that's ignoring whatever his view of an "op" is
<eiln>
stuff about L2 and the strides are completely wrong.
<eiln>
i can take almost every sentence in that readme and nitpick it but i'm not.
<eiln>
sounds like he's just puking out the strings of the kext binaries.
<eiln>
i did not use any of his work in doing mine.
<nicolas17>
today I found there's 4 different C tools to decompress Apple "pbzx" compressed streams and they *all* misinterpret what the fields actually mean, probably because they copied code off each other
<sven>
“Ripping off others people research” is kinda his thing unfortunately…
<nicolas17>
I missed who we're talking about *checks IRC log* OH yeah that makes sense
<sven>
a decade or so ago he took our ps3 research, used that to release keys (which we deliberately avoided) without any credit and then got us sued by Sony
<nicolas17>
still laughing at his recent over-confident statements in a live stream about how few people are needed to run Twitter, immediately followed by him reading a basic GraphQL tutorial
<eiln>
something something dunning
SSJ_GZ has quit [Ping timeout: 480 seconds]
goldsoultheory has joined #asahi-re
yamii has quit [Ping timeout: 480 seconds]
<amarioguy>
yea geohot is not what i'd call a paragon of ethical work...
<amarioguy>
eiln: you're doing great tho
<amarioguy>
read that writeup loved it
<eiln>
thank you! :))
eiln has quit [Quit: Page closed]
<amarioguy>
sven: kind of a dumb question but...how exactly do you read a DART shmem region in the m1n1 hv debugger?
<amarioguy>
like i mean at your command, obviously the tracer will update the view of shmem if it changes
<amarioguy>
but i mean more when you're broken into the target and need to read the region
<amarioguy>
i'm not quite sure ngl seems like the read commands in m1n1 only apply to main system memory so unless there's a translation func or smth a bit lost