Hacker News new | ask | show | jobs
by willstrafach 3646 days ago
not true. 64-bit kernel was previously not possible to examine.

additionally: we now know what Watchtower looks like, something that was previously a mystery and even incorrectly thought to be something that ran on SEP instead of the AP.
1 comments
dguido 3646 days ago
If Stefan says it will you believe me?

https://twitter.com/i0n1c/status/745922795977187329

You just used a kernel privesc that you probably already had to read it. NOT A BIG DEAL.

link
jevinskie 3646 days ago
That gets you a kernel dump, a decrypted kernelcache gives you very handy MachO headers. And as Will said, the well known kernel dumping methods do not dump Watchtower. I'm not sure if anyone has privately been able to dump Watchtower with a kernel privsec or if it has only been possible with the kernelcache keys.
link