Spotlight's Blog
Engineering, a cautionary tale
CVE-2023-28197: inputcontrol
Posted Dec 11, 2023As September 2022 drew to a close, I set myself a challenge: find the most hilariously mundane way to somehow gain access to user data via some form of purely logical means. Specifically, to do such within the macOS Sandbox - although I hold experien…
Decrypting Samsung NVMe Firmware
Posted Dec 20, 2022After remembering the issue of SanDisk-derivative drives failing after 32,768 hours and 40,000 hours respectively, I was interested in what the firmware for this Samsung 970 EVO Plus might look like. Obtaining This story begins innocently: We simply…
Synapse Mishaps
Posted Jun 28, 2022The idea of the Matrix protocol is simple: a federated chat protocol that.. works. And for the most part, this is true! Element, the recommended client within the Matrix ecosystem, looks beautiful. Of course, nothing is as binary as "works" or "doesn…
Learning Ghidra's Scripting
Posted Dec 28, 2021I focus on Apple platforms, but I heavily focus on the Wii for projects in my free time. So when I want to figure out how anything works, I typically immediately throw it at Ghidra. With the sole exception of some Objective-C/Swift handling (in which…
NixOS Shenanigans
Posted Oct 6, 2021I had known of Nix (and NixOS subsequently) for quite some time, as friends raved over it. Despite that, it was only until recent that I learned about the capabilities of the Nix package manager! I have no clue what prevented me from attempting to us…
Extending werkzeug for no sane reason
Posted Jan 9, 2021This blog post was originally written with Flask 1.x in mind, alongside the corresponding Werkzeug version. This commit for Flask 2.x may assist going forward. Recently, I've found myself working on reverse engineering the Digicam Print Channel, a J…
Changing the SSH port on Container-Optimized OS for Google Cloud Platform
Posted Jul 8, 2018(If you want the solution, scroll down to the end.) I recently took it upon myself to figure out a lightweight solution for a few Docker-utilizing services I manage. Upon creating a new instance in Google Cloud Platform, I noticed the support for Con…
Root Settings in iOS 9.3.3
Posted Jul 28, 2016Immediately after I heard that the Pangu 9.2-9.3.3 jailbreak was updated to support my iPod 6th Gen, I ran over and jailbroke it. I'm not going to go into how to jailbreak it, but I am going to talk about the root settings (AKA "internal settings" or…