Author: downthecrop

checkra1n on PC/Linux via QEMU macOS Virtualization

Tutorial Guide checkra1n macOS on PC using QEMU and USB Passthrough: https://downthecrop.xyz/blog/tutorial-how-to-run-checkra1n-on-linux-via-qemu-macos-virtualization

EDIT: I have now successfully achieved checkra1n on Ubuntu Linux 18.04 using QEMU and IOMMU Pass through. Installation scripts coming soon!

I have a work around using a live Linux USB. There is no offical release for Windows and Linux currently so macOS must be virtualized using KVM and IOMMU groupings.

Watch my YouTube video explaining my virtualization approach

The checkm8 jailbreak implementation called checkra1n was released Sunday November 10th 2019 but only for macOS. This wasn't done to spite non-apple desktop users. The checkm8 exploit relies of precise control of the desktop USB stack to manipulate DFU mode.

Due to the precision of this communication they needed to craft the checkra1n desktop application to work with the the USB stack. The first USB stack they targeted as macOS, likely due to the developers familiarity with it. You can read more about the exploit in @qwertyoruiop talk at POC2019 which I attended.

So here's the work around. A disk image you can flash to any 16/32GB USB flash drive to boot into which will provide the macOS Virtual Machine and provide USB passthrough.

This is possible and I can get this working. Just give me another few days. You'll just need a 16/32GB USB drive and to boot into a live linux distro, run a script, and then you'll have a macOS Virtual Machine is USB passthrough for use with checkra1n. VirtualBox and VMWare WILL NOT WORK for checkra1n. You need to have lower level access.

About VM's and how this would work:

Stay tuned. I'll have an update soon. You can watch my YouTube video linked above.

How To Hide Android 10 Q Navigation Bar

With Android 10 Q full gesture navigation is finally available. Google has unfortunately overlooked the option for users to simply hide the bottom navigation bar once they have become accustomed to the gestures. Thankfully there is already an app that will allow you to toggle the navbar’s visibility (well actually it just draws it below the screen). This can be done easily on rooted devices but it is also available to non-rooted phones as well. If your device DOES NOT have root access this requires a PC (Windows, Linux/BSD, or Mac) to enable the functionality.

This does NOT require your device to be rooted. The following ADB command does NOT void your devices warranty, you are just granting an additional permission to an app that is unavailable through the GUI.

If your device IS ALREADY rooted you can simply grant the app SuperUser and skip the command.

There are currently two apps that offer a toggle setting for the navigation bar once the required command has been run.

  1. Navigation Gestures - Swipe Gesture Controls! by XDA (recommended)
  2. Hide Navigation Bar by Manuel Wrage

If you are rooted: grant your selected app SuperUser, finish the on-boarding and enable the setting. Your navigation bar should now be off screen.

For those who aren’t rooted, lets now grant your selected app the secure settings permission. Depending on which app you decide to use the command will be slightly different as you are actually granting the specific app an additional system permission. 

Enable Developer Mode & USB Debugging

First you need to let your phone communicate with your PC via USB debugging.

Open your Android settings app, scroll to bottom and select “About Phone”, scroll to the bottom again and tap the build number seven(7) times, enable developer mode

Settings>About Phone>Tap Build Number 7 Times>Enable Developer Mode

Now that you’re a developer go back to the main settings page, select System, Advanced, Developer options, enable USB debugging 

Settings>System>Advanced>Developer options>USB debugging

Installing ADB

ADB or the Android Debug Bridge is available for all platforms. You can follow this in depth guide on XDA https://www.xda-developers.com/install-adb-windows-macos-linux/

If you’re on Linux you should be able to install ‘android-tools-adb’ on any Debian or Ubuntu based system. https://packages.debian.org/buster/android-tools-adb

On Arch/Manjaro systems ADB is provided through the ‘android-tools’ package. https://www.archlinux.org/packages/community/x86_64/android-tools/

Once you have some kind of ADB binary on your system you can now plug in and trust your device, then run the following command depending on which of the toggle apps you’ve chosen.

Navigation Gestures - Swipe Gesture Controls! by XDA

adb shell pm grant com.xda.nobar android.permission.WRITE_SECURE_SETTINGS

Hide Navigation Bar by Manuel Wrage

adb shell pm grant com.ivianuu.hidenavbar android.permission.WRITE_SECURE_SETTINGS

If you get an error about the device not being trusted, unlock your device and trust your PC for USB debugging.

After you have successfully granted the app the permission you’re done! Now enter the app and toggle the setting on or off whenever you want! 

Disable Twitch Player Extensions

Do you dislike or even hate the extensions that overlay the video player on Twitch? I sure do. According to the official help page for extensions they "provide interactive experiences directly through the Twitch video player" in my opinion they provide needless distraction. Lets learn how to disable them.

Twitch FAQ on Extensions
Q: I am not a fan of Extensions, can I disable them as a viewer?
A: ...Extensions in the video player can be minimized but not disabled by a viewer.

http:// https://help.twitch.tv/s/article/how-to-use-extensions?language=en_US#FAQ

Now this isn't the answer that I was looking for. Let's find a different solution.

Disabling Twitch Player Extensions Through uBlock or other Content Blockers

If you find Twitch player extensions frustrating to look at you probably already have uBlock Origin installed on your browser. If not, you should switch to it from your current ad-blocker. It's free, open-source, and light weight with additional blocking functionality that makes it perfect for this. Get uBlock on GitHub

The 4 simple steps to completely disable Twitch Player Extensions

Simply click on the uBlock extension icon, select "Open the dashboard", go to "My filters", and paste in the following rule:

! Twitch.tv Player Extensions
 www.twitch.tv###js-player-extension-root
 www.twitch.tv##.extension-overlay__iframe
 ||supervisor.ext-twitch.tv/supervisor/v1/index.html$subdocument

! Additional Block for 2020
www.twitch.tv##.tw-pd-t-1.tw-justify-content-center.tw-flex-column.tw-flex.tw-c-background-base.tw-border-radius-medium.tw-align-items-center
www.twitch.tv##div:nth-of-type(3) > .tw-tooltip-wrapper.tw-relative.tw-inline-flex > .tw-relative.tw-overflow-hidden.tw-justify-content-center.tw-interactive.tw-inline-flex.tw-core-button--overlay.tw-core-button.tw-button-icon--overlay.tw-button-icon.tw-border-top-right-radius-medium.tw-border-top-left-radius-medium.tw-border-bottom-right-radius-medium.tw-border-bottom-left-radius-medium.tw-align-middle.tw-align-items-center > .tw-button-icon__icon > div > .tw-inline-flex.tw-icon--fill.tw-icon.tw-full-width.tw-align-items-center > .tw-aspect--align-top.tw-aspect > .tw-icon__svg > g > path
www.twitch.tv##div:nth-of-type(3) > .tw-tooltip-wrapper.tw-relative.tw-inline-flex > .tw-relative.tw-overflow-hidden.tw-justify-content-center.tw-interactive.tw-inline-flex.tw-core-button--overlay.tw-core-button.tw-button-icon--overlay.tw-button-icon.tw-border-top-right-radius-medium.tw-border-top-left-radius-medium.tw-border-bottom-right-radius-medium.tw-border-bottom-left-radius-medium.tw-align-middle.tw-align-items-center > .tw-button-icon__icon > div > .tw-inline-flex.tw-icon--fill.tw-icon.tw-full-width.tw-align-items-center > .tw-aspect--align-top.tw-aspect > .tw-icon__svg

Apply changes and refresh any currently open twitch page with those nasty extensions and they should be gone for good!

DriveDroid – Install and Boot Windows, Linux, or BSD using Android Device as USB Drive

DriveDroid is an extremely useful Android utility application that allows rooted Android Phones to act as USB Mass Storage or a virtual CD-ROM drive. This can come in handy for booting PCs or emulating a USB drive of your own chosen size. The app only works on phones with root. I've personally tested DriveDroid on my rooted LG Nexsus 5X using Android 8.1 Oreo and Android 9.0 Pie and can confirm it is functional for installing BSD, Linux, and Windows.

Most phones emulate a USB stick when using DriveDroid. This is baked into the kernel of your phone. This means that only images that are compatible with USB sticks can be used. All IMG files will work, but not all ISO files will.

DriveDroid http://softwarebakery.com/projects/drivedroid

Installing/Booting Linux ISO from Android

Booting into live Linux environments or installers is clearly the main use for DriveDroid and it works exactly as you'd expect. You can use the included ISO download tool included in the application to get a verity of popular distributions. I was happy to see Void Linux made the list of easily downloadable ISO's as it's a personal favorite distribution of mine. The distributions I tried include: Ubuntu 19.04, Manjaro XFCE 18.1, and Debian 10 "Buster" Net Install. All Booted both UEFI and BIOS without issue simply selecting the ISO file in the app. I would suggest downloading your ISO's from your fastest mirror using your phones browser. This allows for faster speeds and the ability to resume the download if it's interrupted.

Installing Windows using Android as Installation Media/USB Drive

To install Windows from DriveDroid you need to create the installation media the same way you with a traditional USB drive. You can emulate a standard mass storage USB drive of any size using an image file with DriveDroid but you need to first create an image to be used. I wasn't able to use the blank image creation tool inside of the app but there is a simple work around.
Open any terminal emulator on your Android device and issue the dd command with a target of /dev/zero. 

dd if=/dev/zero of=MyDrive.img bs=1m count=5120

Note: The of location is where the output file will be created. This example command will create a blank 5GB image in your working directory.

This will create a new empty image file that can be written to like any standard flash drive or thumb stick. If you don't have access to a PC to burn the ISO using the Windows Media Creation Tool or WoeUSB on Linux you can download my pre-created image for Windows 10 Build 1903 (May 2019 Update) here or from the Internet Archive here: https://archive.org/details/windowsx641903may2019img

Loom Review 2019

It had been some time since I listened to this talk at GDC 2015 by Brian Moriarty.

I had previous exposure to Moriarty from his inclusion in The Witness and his under apprecaited talk about that.

These two thoughtful talks understandably made me curious about Moriarty's work in games so I decided to play Loom. A game where he acted as project lead.

This isn't a deep dive review but I would like to share some of my thoughts around the game. You can view my complete play through here: https://www.youtube.com/watch?v=rgJw69q16ew

Loom Island opening visuals. The aesthetic the entire game should have followed.

Let's start positive. I enjoyed the opening. The voice over is good. The interface is fairly intuitive and much simpler than other SCUMM (LucasArts adventure games system from Maniac Mansion) games. The game begins on the uncreatively named Loom Island. The atmosphere here is the best in the game which makes adventuring a little disappointing afterward. The puzzles are pretty simple. The fun part is understanding what each of the "drafts" you learn do. I think the game would have been improved from an atmospheric sense if the drafts used rune style glyphs instead of musical notes. It feels much more like playing a song, which of course you're actually doing, than "weaving a draft". The story really doesn't make a lot of sense at all at any point in the game. The introduction is cryptic. You know it's your birthday and for some reason all the other people from the island turn into swans and run away. They don't explain why. They just say Loom Child something something. Can they see the future? Why didn't they tell you about your past? Why didn't they let him near a distaff (the ocarina of the game) ? These things are never explained.

After leaving the island you see a whirlpool in the water that can't be passed without learning the "f" chord. I left the island the first time without this so I needed to go back. Going back seems strange because there's an outro cinematic. Why make a big deal about me leaving if I can just row back? Anyway I went back, got the "f" chord by spinning some straw into gold which is a Rumpelstiltskin thing. It was fun remembering that but if you'd never heard the fairytale or forgetten that part then this might not make sense. I then left the island a second time, watched the same outro cinematic, defused the whirlpool and got to the other island.

Bobbin finds a cup made of diamond in the guild of makers. AMAZING.

On this island there is a.. city? town? mound of green glass? It introduces some characters who you don't care about and foreshadows some war or something. There's also a chalice made of diamond which Bobbin, oh ya you play as a hobbit name Bobbin "He's not a hobbit!" you say? why does he sound like a hobbit and have a hobbit name? Probably just LotR stuck in their heads. Did people think hobbits had a slight British cadence before the films? Whatever. Bobbin points out that the diamond chalice in the glass guild is strange. All the art in the green glass guild is horrific for gameplay. You can't tell where you can walk. I think I was just lucky moving through this part of the game in the intended way. This is definitely where most players would be stuck if they do get stuck.

The game moves along from here to a forest. You meet some shepherds who aren't weavers like Bobbin but they can do some magic. It must be the same magic weavers from Loom use but for some reason Bobbin who has never practiced before today is way better at the spells than them so Bobbin’s weaver friends are implied to be much more magical I guess.

You then get picked up by a dragon and from here the game really falls apart. You don't care about what's going on. You don't care about any of the people you've met. There's something about this green hatted guy who gets his head knocked off wanting to raise the dead or something. It's just not interesting at all.

Bobbin meets his mother who is a swan from outer space.

You enter a rip in space which brings you to the Loom dimension. Maleficent from sleeping beauty was in there and she wants to take over the world now. You meet mother goose in outer space and then play Simon says with Maleficent before turning yourself into a Swan and flying off second star to the right, and straight on till morning.

They obviously set up a lot to be explained in sequals which of course never happened because this game was trash. The game had potential to be cool if it carried its asethetic from Loom Island forward. Just artistically it would have had a lot more to show. The story which is very much the focus was the worst part of the game. The only part of this game I'll remember a year from now is the name Bobbin Threadbare and there's a magic song to turn green things white and white things green.

It's a bad game. The talks are still good though. I recommend those.

GDC 15 https://www.youtube.com/watch?v=z1aVDael-KM
Brian Moriarty - I Saw What I Did There + The Secret of Psalm 46 https://www.youtube.com/watch?v=KBJbsEjNb8k