Rairii

reversing another powerpc kernel's pagefault codepath, so consulting the best readable documentation available on powerpc page tables again

for those unaware, that's the mario kart wii forums

OH: [referring to emperor palpatine] lord farquaad

patched up oah750 (ppc emulator, "rosetta") from x86 OSX 10.4.1 8B1025 to run on 10.3-era x86 darwin

tried to bring up the OSX UI stuff, and failed so far (some parts of it are actually causing a kernel panic!)

IPv6/7

doctors who don't like greek cheese: anti-feta medi pact

did some compression reversing shenanigans to recover a couple of Mac OS 8.5 builds present (as Disk Copy 6.x compressed HFS partition images) on a badly dumped warez CD missing resource forks

https://archive.org/details/Mac.OS.8.5a6c2
https://archive.org/details/Mac.OS.8.5a7c3

"In December 2025, they classified drivers protected with VMProtect, Themida, or Virtualizer as malware or potential vulnerabilities without providing any notification"

...microsoft can actually do good things??? amazed i didnt hear about this until now

a second osx port has hit the nintendo wii

(the first one is still unfinished)

https://bryankeller.github.io/2026/04/08/porting-mac-os-x-nintendo-wii.html

oh this is interesting

a while ago ransomhouse leaked data from some chinese microcontroller company, and it seems nobody really noticed

this company also makes TPMs

a lot of the data looks crypted, but there’s some plaintext in there

including listing files (which for C code seems to be preprocessor debug-output, with single character prefix denoting what the preprocessor did, comments and preprocessor directives and preprocessor output are ALL included) for the firmware of a production TPM implementation

the anti-glitch stuff in particular seems like the usual fare for such, but if you haven’t seen such before then it looks kind of weird:

enum
{
Cpy_OK = 0x55a55aa5,
SetData_OK = 0x7CCF62F2,
XOR_OK = 0x6A17D34A,
RandomSort_OK = 0x51261DC5,
CheckOrder_OK = 0x54830C23,
Reverse_OK = 0x43C94C71,

IsZero_YES = 0x7a7a7a7a,
IsZero_NOT = 0x07070707,
IsOne_YES = 0x6a6a6a6a,
IsOne_NOT = 0x06060606,
Cmp_EQUAL = 0x4a4a4a4a,
Cmp_LESS = (int32_t)0x95959595,
Cmp_GREATER = 0x6c6c6c6c,

Cmp_ERROR = 0x00044400,
SetData_ERROR = 0x00055500,
CheckOrder_ERROR = 0x00066600,
IsZero_ERROR = 0x00077700,
Cpy_ERROR = 0x00088800,
Reverse_ERROR = 0x00099900,
XOR_ERROR = 0x000aaa00,
RandomSort_ERROR = 0x000bbb00,
};
​#define TPM_ATTACK() \
{ \
tpm_set_shutdown_mode(); \
return TPM_RC_FAILURE; \
}
​#define xor_sum3(a, b, c) ((UINT32)(a) ^ (UINT32)(b) ^ (UINT32)(c))

before preprocessor:

// Load the persistent data
UINT32 infoAddr = 0;
ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)NV_GO_START, sizeof(go) >> 2,
xor_sum3(&go, NV_GO_START, sizeof(go) >> 2));
if (ret != Cpy_OK) {
TPM_ATTACK();
}

after preprocessor:

// Load the persistent data
UINT32 infoAddr = 0;
ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200)), sizeof(go) >> 2,
((UINT32)(&go) ^ (UINT32)(((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200))) ^ (UINT32)(sizeof(go) >> 2)));
if (ret != Cpy_OK) {
{ tpm_set_shutdown_mode(); return (TPM_RC)((TPM_RC)(0x100)+0x001); };
}