apple-data 0.1.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apple_data/boot_args.rb +5 -0
- data/lib/apple_data/fdr.rb +30 -0
- data/lib/apple_data/ioreg.rb +57 -0
- data/lib/apple_data/ipsw.rb +25 -0
- data/lib/apple_data/keybag.rb +56 -0
- data/lib/apple_data/lockdown.rb +48 -0
- data/lib/apple_data/macho.rb +5 -0
- data/lib/apple_data/version.rb +5 -0
- data/lib/apple_data.rb +8 -0
- data/share/4cc.yaml +297 -293
- data/share/apns.yaml +367 -364
- data/share/backup.yaml +47 -44
- data/share/baseband/qualcomm/mav13.yaml +26 -0
- data/share/baseband/qualcomm/mav20.yaml +45 -0
- data/share/baseband/qualcomm/mav21.yaml +254 -0
- data/share/baseband.yaml +290 -1
- data/share/bluetooth.yaml +75 -71
- data/share/boot_args.yaml +863 -855
- data/share/bridgeos.yaml +174 -131
- data/share/bundles.yaml +56 -60
- data/share/coprocessor.yaml +64 -0
- data/share/cores.yaml +72 -47
- data/share/debug.yaml +13 -0
- data/share/defaults.yaml +5 -0
- data/share/dnssd.yaml +171 -166
- data/share/entitlements.yaml +10391 -0
- data/share/environment_variables.yaml +354 -0
- data/share/esim.yaml +7 -0
- data/share/fdr.yaml +150 -148
- data/share/firmware.yaml +1310 -0
- data/share/homekit.yaml +14 -14
- data/share/iboot.yaml +143 -0
- data/share/icloud.yaml +11 -8
- data/share/img4.yaml +454 -453
- data/share/ioreg.yaml +5647 -5642
- data/share/ipsw.yaml +51505 -1099
- data/share/kext.yaml +3491 -1718
- data/share/keybags/7000.yaml +44342 -0
- data/share/keybags/7001.yaml +19430 -0
- data/share/keybags/7002.yaml +292 -0
- data/share/keybags/8000.yaml +82065 -0
- data/share/keybags/8001.yaml +29655 -0
- data/share/keybags/8004.yaml +295 -0
- data/share/keybags/8006.yaml +65 -0
- data/share/keybags/8010.yaml +23899 -0
- data/share/keybags/8011.yaml +4409 -0
- data/share/keybags/8015.yaml +23626 -0
- data/share/keybags/8020.yaml +4488 -0
- data/share/keybags/8027.yaml +43 -0
- data/share/keybags/8030.yaml +8687 -0
- data/share/keybags/8101.yaml +8595 -0
- data/share/keybags/8720.yaml +2026 -0
- data/share/keybags/8900.yaml +2344 -0
- data/share/keybags/8920.yaml +6761 -0
- data/share/keybags/8922.yaml +3141 -0
- data/share/keybags/8930.yaml +20583 -0
- data/share/keybags/8940.yaml +36319 -0
- data/share/keybags/8942.yaml +17343 -0
- data/share/keybags/8945.yaml +23360 -0
- data/share/keybags/8947.yaml +1384 -0
- data/share/keybags/8950.yaml +16258 -0
- data/share/keybags/8955.yaml +52163 -0
- data/share/keybags/8960.yaml +49499 -0
- data/share/keys.yaml +56 -0
- data/share/lightning.yaml +26 -23
- data/share/lockdownd.yaml +74 -71
- data/share/mach_o.yaml +204 -172
- data/share/mobile_assets.yaml +113 -127
- data/share/mobile_gestalt.yaml +2447 -2444
- data/share/nvram.yaml +463 -441
- data/share/ota.yaml +4 -1
- data/share/pki.yaml +103 -99
- data/share/platforms.yaml +35 -31
- data/share/pmu.yaml +52 -26
- data/share/registers.yaml +1579 -1603
- data/share/resources.yaml +202 -198
- data/share/sep.yaml +210 -206
- data/share/services.yaml +641 -636
- data/share/sip.yaml +64 -0
- data/share/smc.yaml +7 -0
- data/share/syscfg.yaml +4 -1
- data/share/tipw_sync.yaml +79103 -0
- data/share/vmapple.yaml +35 -0
- metadata +80 -15
data/share/sep.yaml
CHANGED
@@ -1,210 +1,214 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
- service: SEPD # Incorrect: fixed at ID 0, sepd is a play on launchd
|
4
|
-
fixed_endpoint: 0
|
5
|
-
xnu_name: AppleSEPControl
|
6
|
-
xnu_kext: AppleSEPManager
|
7
|
-
opcodes:
|
8
|
-
- id: 0
|
9
|
-
const: kOpCode_NOP
|
10
|
-
description: No operation
|
11
|
-
- id: 2
|
12
|
-
const: kOpCode_SET_OOL_IN_ADDR
|
13
|
-
description: set the address of a block of AP memory to be transfered to the SEP for the next request
|
14
|
-
- id: 3
|
15
|
-
const: kOpCode_SET_OOL_OUT_ADDR
|
16
|
-
description: set the address of a block of AP memory to be used to return the result of a given SEP response
|
17
|
-
- id: 4
|
18
|
-
const: kOpCode_SET_OOL_IN_SIZE
|
19
|
-
description: set the size of the memory block to be transfered to the endpoint as a parameter
|
20
|
-
- id: 5
|
21
|
-
const: kOpCode_SET_OOL_OUT_SIZE
|
22
|
-
description: set the size of the memory block allocated to the be written to as a response to a SEP request
|
23
|
-
- id: 10
|
24
|
-
const: kOpCode_TTYIN
|
25
|
-
- id: 12
|
26
|
-
const: kOpCode_Sleep
|
27
|
-
description: put the SEP into low power and wait for an external IRQ
|
28
|
-
- id: 19
|
29
|
-
name: kOpCode_Nap
|
30
|
-
description: put the SEP into low power and wake after a timeout
|
31
|
-
- id: 0x14
|
32
|
-
const: kOpCode_SECMODE_REQUEST
|
33
|
-
description: get the current effective security mode of the SEP
|
34
|
-
- id: 0x18
|
35
|
-
const: kOpCode_SELFTEST
|
36
|
-
description: perform diagnostics and internal consistancy checks on the the SEP
|
37
|
-
- id: 0x25
|
38
|
-
name: kOpCode_ERASE_INSTALL
|
39
|
-
description: Queue the system for a wipe and install of IPSW
|
40
|
-
- id: 0x26
|
41
|
-
const: kOpCode_L4_PANIC
|
42
|
-
description: Panic the L4 microkernel
|
43
|
-
- id: 0x27
|
44
|
-
const: kOpCode_SEPOSPANIC
|
45
|
-
description: Panic the SEPOS
|
46
|
-
- service: slog # Incorrect: notknown - Sep logging service
|
47
|
-
description: SEP logging service
|
48
|
-
xnu_name: AppleSEPLogger
|
49
|
-
xnu_kext: AppleSEPManager
|
50
|
-
- service: arts # Incorrect: ART storage
|
51
|
-
description: Anti-replay Token Storage
|
52
|
-
xnu_name: AppleSEPARTStorage
|
53
|
-
xnu_kext: AppleSEPManager
|
54
|
-
- service: artr # Incorrect: not known - SEP anti-replay storage
|
55
|
-
description: Anti-replay token request
|
56
|
-
xnu_name:
|
57
|
-
- service: sepS
|
58
|
-
description: SEP services endpoint
|
59
|
-
- service: sbio
|
60
|
-
description: Secure Biometic Services
|
61
|
-
- service: skgs
|
62
|
-
description: Secure Key Generation Service
|
63
|
-
- service: xarm
|
64
|
-
description: xART
|
65
|
-
- service: xars
|
66
|
-
description: xART
|
67
|
-
- service: cntl
|
2
|
+
metadata:
|
68
3
|
description:
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
4
|
+
credits:
|
5
|
+
sep_services:
|
6
|
+
"SEPD":
|
7
|
+
description: "Incorrect: fixed at ID 0, sepd is a play on launchd"
|
8
|
+
fixed_endpoint: 0
|
9
|
+
xnu_name: AppleSEPControl
|
10
|
+
xnu_kext: AppleSEPManager
|
11
|
+
opcodes:
|
12
|
+
- id: 0
|
13
|
+
const: kOpCode_NOP
|
14
|
+
description: No operation
|
15
|
+
- id: 2
|
16
|
+
const: kOpCode_SET_OOL_IN_ADDR
|
17
|
+
description: set the address of a block of AP memory to be transfered to the SEP for the next request
|
18
|
+
- id: 3
|
19
|
+
const: kOpCode_SET_OOL_OUT_ADDR
|
20
|
+
description: set the address of a block of AP memory to be used to return the result of a given SEP response
|
21
|
+
- id: 4
|
22
|
+
const: kOpCode_SET_OOL_IN_SIZE
|
23
|
+
description: set the size of the memory block to be transfered to the endpoint as a parameter
|
24
|
+
- id: 5
|
25
|
+
const: kOpCode_SET_OOL_OUT_SIZE
|
26
|
+
description: set the size of the memory block allocated to the be written to as a response to a SEP request
|
27
|
+
- id: 10
|
28
|
+
const: kOpCode_TTYIN
|
29
|
+
- id: 12
|
30
|
+
const: kOpCode_Sleep
|
31
|
+
description: put the SEP into low power and wait for an external IRQ
|
32
|
+
- id: 19
|
33
|
+
name: kOpCode_Nap
|
34
|
+
description: put the SEP into low power and wake after a timeout
|
35
|
+
- id: 0x14
|
36
|
+
const: kOpCode_SECMODE_REQUEST
|
37
|
+
description: get the current effective security mode of the SEP
|
38
|
+
- id: 0x18
|
39
|
+
const: kOpCode_SELFTEST
|
40
|
+
description: perform diagnostics and internal consistancy checks on the the SEP
|
41
|
+
- id: 0x25
|
42
|
+
name: kOpCode_ERASE_INSTALL
|
43
|
+
description: Queue the system for a wipe and install of IPSW
|
44
|
+
- id: 0x26
|
45
|
+
const: kOpCode_L4_PANIC
|
46
|
+
description: Panic the L4 microkernel
|
47
|
+
- id: 0x27
|
48
|
+
const: kOpCode_SEPOSPANIC
|
49
|
+
description: Panic the SEPOS
|
50
|
+
slog: # Incorrect: notknown - Sep logging service
|
51
|
+
description: SEP logging service
|
52
|
+
xnu_name: AppleSEPLogger
|
53
|
+
xnu_kext: AppleSEPManager
|
54
|
+
arts: # Incorrect: ART storage
|
55
|
+
description: Anti-replay Token Storage
|
56
|
+
xnu_name: AppleSEPARTStorage
|
57
|
+
xnu_kext: AppleSEPManager
|
58
|
+
artr: # Incorrect: not known - SEP anti-replay storage
|
59
|
+
description: Anti-replay token request
|
60
|
+
xnu_name:
|
61
|
+
sepS:
|
62
|
+
description: SEP services endpoint
|
63
|
+
sbio:
|
64
|
+
description: Secure Biometic Services
|
65
|
+
skgs:
|
66
|
+
description: Secure Key Generation Service
|
67
|
+
xarm:
|
68
|
+
description: xART
|
69
|
+
xars:
|
70
|
+
description: xART
|
71
|
+
cntl:
|
72
|
+
description:
|
73
|
+
sidv:
|
74
|
+
description:
|
75
|
+
test:
|
76
|
+
description: Test Service
|
77
|
+
sars:
|
78
|
+
description: Secure Anti-Replay Service
|
79
|
+
enti:
|
80
|
+
description: Entitlement Service
|
81
|
+
debg: # Incorrect: not known
|
82
|
+
description: Debug
|
83
|
+
xnu_name: AppleSEPDebug
|
84
|
+
xnu_kext: AppleSEPManager
|
85
|
+
"sks\0":
|
86
|
+
description: Secure Key Storage (AppleKeyStore)
|
87
|
+
xnu_name: AppleSEPKeyStore
|
88
|
+
xnu_kext: AppleSEPKeyStore
|
89
|
+
"sse\0":
|
90
|
+
description: Proxy access to the SE (secure element)
|
91
|
+
xnu_kext: AppleSSE
|
92
|
+
scrd:
|
93
|
+
description: Secure Credential Manager (AppleCredentialStore)
|
94
|
+
xnu_kext: AppleCredentialManager
|
95
|
+
lpol: # Incorrect: unknown
|
96
|
+
name: boot_policy # Incorrect: not known yet
|
97
|
+
description: Manage Apple Silicon macOS boot policy
|
98
|
+
opcodes:
|
99
|
+
- id: 2
|
100
|
+
name: begin_update_policy
|
101
|
+
description: Begin a boot policy update operation
|
102
|
+
- id: 3
|
103
|
+
name: end_update_policy
|
104
|
+
disc: # Incorrect - not known
|
105
|
+
fixed_endpoint: 253
|
106
|
+
name: discovery # Incorrect: not 4CC
|
107
|
+
description: >-
|
108
|
+
First advertise, then expose
|
105
109
|
|
106
|
-
|
107
|
-
|
110
|
+
`id` is endpoint number
|
111
|
+
`name` is `'scrd'` or `'sks\0'` for example. (4 char code)
|
108
112
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
113
|
+
struct app_info
|
114
|
+
{
|
115
|
+
uint64_t physical_addr;
|
116
|
+
uint32_t virtual_base;
|
117
|
+
uint32_t size;
|
118
|
+
uint32_t entry;
|
119
|
+
uint8_t name[12];
|
120
|
+
uint8_t hash[16];
|
121
|
+
}
|
122
|
+
opcodes:
|
123
|
+
0:
|
124
|
+
name: advertise
|
125
|
+
request_struct: |
|
126
|
+
// Credit: ntrung03
|
127
|
+
struct ep_advertise_data {
|
128
|
+
uint8_t id; /* param */
|
129
|
+
uint32_t name; /* data, Apple 4CC for the applet name */
|
130
|
+
};
|
131
|
+
1:
|
132
|
+
name: expose
|
133
|
+
request_struct: |
|
134
|
+
// Credit: ntrung03
|
135
|
+
struct ep_expose_data {
|
136
|
+
uint8_t id; /* param */
|
137
|
+
char ool_in_min_pages;
|
138
|
+
char ool_in_max_pages;
|
139
|
+
char ool_out_min_pages;
|
140
|
+
char ool_out_max_pages;
|
141
|
+
};
|
142
|
+
krnl: # Incorrect: not known yet
|
143
|
+
fixed_endpoint: 254
|
144
|
+
name: L4info
|
145
|
+
opcodes:
|
146
|
+
- id: 0
|
147
|
+
name: L4_Ipc
|
148
|
+
desciption: Set up ipc between two threads
|
149
|
+
- id: 4
|
150
|
+
name: L4_ThreadSwitch
|
151
|
+
description: Yield execution to thread
|
152
|
+
- id: 8
|
153
|
+
name: L4_ThreadControl
|
154
|
+
description: Create or delete threads
|
155
|
+
privileged: true
|
156
|
+
- id: 0xC
|
157
|
+
name: L4_ExchangeRegisters
|
158
|
+
description: Exchange registers
|
159
|
+
- id: 0x10
|
160
|
+
name: L4_Schedule
|
161
|
+
description: Set thread scheduling information
|
162
|
+
- id: 0x14
|
163
|
+
name: L4_MapControl
|
164
|
+
description: Map or free virtual memory
|
165
|
+
privileged: true
|
166
|
+
- id: 0x18
|
167
|
+
name: L4_SpaceControl
|
168
|
+
description: Create a new address space
|
169
|
+
privileged: true
|
170
|
+
- id: 0x1C
|
171
|
+
name: L4_ProcessorControl
|
172
|
+
description: Sets processor attributes
|
173
|
+
- id: 0x20
|
174
|
+
name: L4_CacheControl
|
175
|
+
description: Cache flushing
|
176
|
+
- id: 0x24
|
177
|
+
name: L4_IpcControl
|
178
|
+
description: Adjust IPC access
|
179
|
+
privileged: true
|
180
|
+
- id: 0x28
|
181
|
+
name: L4_InterruptControl
|
182
|
+
description: Enable or disable an interrupt
|
183
|
+
privileged: true
|
184
|
+
- id: 0x2C
|
185
|
+
name: L4_GetTimebase
|
186
|
+
description: Gets the system time
|
187
|
+
- id: 0x30
|
188
|
+
name: L4_SetTimeout
|
189
|
+
description: Set timeout for IPC sessions
|
190
|
+
- id: 0x34
|
191
|
+
name: L4_SharedMappingControl
|
192
|
+
description: Set up a shared mapping
|
193
|
+
privileged: true
|
194
|
+
- id: 0x38
|
195
|
+
name: L4_SleepKernel
|
196
|
+
description: cause the SEP kernel to sleep until an external inturupt occurs
|
197
|
+
- id: 0x3C
|
198
|
+
name: L4_PowerControl
|
199
|
+
- id: 0x40
|
200
|
+
name: L4_KernelInterface
|
201
|
+
description: Get information about the running L4 kernel
|
202
|
+
sepr: # Incorrect: not known yet
|
203
|
+
fixed_endpoint: 255
|
204
|
+
name: seprom # Incorrect: not 4CC - name not important as it is always at 255
|
205
|
+
opcodes:
|
206
|
+
- id: 01
|
207
|
+
name: ping
|
208
|
+
description: request a pong from the SEP
|
209
|
+
- id: 0x0F
|
210
|
+
name: panic
|
211
|
+
description: Common to all Apps, panic
|
212
|
+
- id: 10
|
213
|
+
name: random
|
214
|
+
description: get random bytes from the SEP
|