Mastodon Feed
Reblogged by kornel ("Kornel"):
mattround@crispsandwi.ch ("Matt Round") wrote:
Doom running on an Apple Lightning-to-HDMI dongle: https://www.youtube.com/watch?v=4XCkeN0XuqA
Explanation from the comments, basically the dongle runs stripped-down iOS & they used an iOS security vulnerability to get in
Attachments:
- Yea, the dongle's firmware is super stripped-down iOS, basically There is SecureROM, iBoot and XNU as a kernel - just like some iPhone or iPad of that era (now is the same, but obviously they did a lot of development since then) Production firmware's userspace is ultra-minimalistic though - there's a ramdisk, but it's not even a filesystem, but a statically compiled Mach-O (it's like ELF, but for Apple *OS) Internal development bundles do have a proper ramdisk with filesystem and a bunch of executables/shared libraries on it The Mac here just loads such firmware into it, since the dongle doesn't have any persistent storage. The colorful logs going in one of the terminals are UART output from it - first iBoot and then kernel and userspace Arbitrary code execution is achieved due to iOS-world bootrom exploit - checkm8, which also works here because codebase is literally the same (remote)
