Antonio Nappa

On a separate side I have been advised we could try to use usbmuxd and map usb-over-tcp connection, the USB stack is initialized right?

OK so a couple of things, for the network with the tunnel, having the loopback stack would be more than enough For the DFU let me point you here, we...

Great, let me know. Even if you setup the stack partially I can take care of putting the rest. On Sat, Jan 13, 2024, 11:50 Martijn de Vos ***@***.***> wrote:...

OK, I have a solution for accomplishing hypercalls ``` /*afl helper*/ target_ulong helper_aflCall(CPUArchState *env, target_ulong code, target_ulong a0, target_ulong a1) { // Log a message to a file in /tmp/...

you should set r0 to 500 and call swi 80 into the guest then handle the hypercall into the SVC handler of TCG in /target/arm/translate.c

@devos50 take a look and try compilation and running of normal flows, with some luck in the next days I'll start to debug the user space

Yeah I figured there were some small changes, I finally have a macmini, accessible remotely, it has been a great fatigue, ssh does not even support 2048bit keys...I was able...

OK so, extra analysis, the architecture of the tcp-tunnel also requires a custom injected driver in the kernel, that they have used for multiple purposes. I don't discard the idea,...

yeah, to be precise I executed /bin/bash -c ls / I had to import the right .so and everything but as you can see it works. To give more help,...

When you get some basic communication, we can attach the shell. BTW I think I will be able soon to release a fuzzer. Keeping fingers crossed. I found a way...