Google RKP SW is now available to the public, which allows you to perform RKP completely in software based implementation without needing TEE, thus includes capability to generate & sign keys and create keyboxes for personal use.
https://github.com/MhmRdd/google-rkp-sw
— — —
Google 的 RKP 软件现已向公众开放,这使你可以完全通过基于软件的实现来执行 RKP,而无需 TEE,从而具备生成和签名密钥以及为个人使用创建 keybox 的能力
https://github.com/MhmRdd/google-rkp-sw
— — —
Google 的 RKP 软件现已向公众开放,这使你可以完全通过基于软件的实现来执行 RKP,而无需 TEE,从而具备生成和签名密钥以及为个人使用创建 keybox 的能力
GitHub
GitHub - MhmRdd/google-rkp-sw
Contribute to MhmRdd/google-rkp-sw development by creating an account on GitHub.
@bakabing 主人我喜欢你
5 个里有 3 个广告;有一个还是公司招聘
我挺好奇这公司发在这里自己不嫌出丑的?
如果不是公司方面发的请见谅;如果是那请好好反思……
ChinaSiro/claude-code-sourcemap - Issues
2026 年最佳开源项目
① 高通 Android BootLoader
② 特朗普手机号
③ 360Claw 共享SSL证书
④ 小米 Mone API密钥
⑤ Claude Code CLI
#BestOSS
① 高通 Android BootLoader
② 特朗普手机号
③ 360Claw 共享SSL证书
④ 小米 Mone API密钥
⑤ Claude Code CLI
#BestOSS
GitHub 出现 Claude Code 非官方还原仓库,称从公开 npm 包还原 4756 个文件
GitHub 上出现名为
仓库说明写明,这一内容系根据公开发布包与 source map 分析整理,不代表官方原始内部开发仓库结构,仅供研究使用。页面列出的还原目录涵盖 CLI 入口、工具、命令、服务、插件、语音交互和 Vim 模式等模块,并注明源码版权归 Anthropic 所有。
警告⚠️ ⚠️ ⚠️ :不要试图使用 Claude Code 链接此仓库!上报的信息中包括的 remote url 的 hash!识别后可能导致账户风险!
GitHub
🌸 在花频道|茶馆讨论|投稿通道
GitHub 上出现名为
claude-code-sourcemap 的非官方仓库,项目通过公开 npm 包 @anthropic-ai/claude-code 附带的 source map 文件 cli.js.map 中的 sourcesContent 字段,还原出 Claude Code 2.1.88 的 TypeScript 源码,共 4756 个文件,其中包括 1884 个 .ts 与 .tsx 源文件。仓库说明写明,这一内容系根据公开发布包与 source map 分析整理,不代表官方原始内部开发仓库结构,仅供研究使用。页面列出的还原目录涵盖 CLI 入口、工具、命令、服务、插件、语音交互和 Vim 模式等模块,并注明源码版权归 Anthropic 所有。
警告
GitHub
🌸 在花频道|茶馆讨论|投稿通道
利用Claude挖掘Vim、Emacs 0day 漏洞
原文:https://blog.calif.io/p/mad-bugs-vim-vs-emacs-vs-claude
vim 公告:https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/vim.md
挖掘 vim 完整提示词:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/vim-claude-prompts.txt
Emacs 公告:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
挖掘 Emacs 完整提示词:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/emacs-claude-prompts.txt
原文:https://blog.calif.io/p/mad-bugs-vim-vs-emacs-vs-claude
vim 公告:https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/vim.md
挖掘 vim 完整提示词:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/vim-claude-prompts.txt
Emacs 公告:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
挖掘 Emacs 完整提示词:
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/emacs-claude-prompts.txt
blog.calif.io
MAD Bugs: vim vs emacs vs Claude
We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned. We joked: fine, we’ll switch to Emacs. Then Claude found an RCE there too.
自 v1.9.2 以来的主要更新:
新增
- 支持 Android 8.1 至 Android 17 Beta 3
- 新增完整的 libxposed API 101 支持
- 新增 miuix 版本管理器并默认启用
- 新增可按应用配置的还原内联钩子功能
- 新增对 libxposed 相关类启用 API 调用保护
- 新增安全模式
- 新增 action.sh 支持,可从 action.sh 打开管理器
- 重构 dex2oat 包装器,支持在 Android 12+ 重新优化系统框架
- 新增 16K page size 支持
- 支持注入系统自定义 resolver 的进程
- 支持重置作用域请求设置
- 支持将日志转发至守护进程
改进
- 大幅度增强对被注入的应用的隐藏能力
- 适配新版 Android 上的反射限制与部分系统行为变化
- 改进软件包与模块解析逻辑
- 优化管理器与服务之间的通信方式,加快启动速度
- 改进 LoadedApk、类初始化 Hook、native hook 的兼容性
- 改进 system_server 相关初始化、binder 发送、异步重试与重启恢复逻辑
- 改进日志系统,提供更丰富的上下文信息,例如 UID / PID
- 改进多用户支持
修复
- 修复作用域备份与恢复功能
- 修复与部分自带 LSPlant 的应用的兼容性问题
- 修复 XSharedPreferences 初始化、目录权限与目录缺失问题
- 修复部分 Hook 崩溃与稳定性问题
- 修复一些内存泄漏问题
- 修复自动取色、浏览器跳转、搜索、图标显示等多项 UI 问题
- 修复对部分 OEM 系统的多项兼容性问题
- 修复多用户、卸载后配置残留与恢复错乱问题
- 修复 system_server 重启后的状态恢复问题
- 修复目录权限错误和配置迁移异常
- 修复日志解析与打包中的一些问题
- 修复 RemoteFile 在重启后可能无法读取的问题
移除
- 移除桌面快捷方式,可通过通知、拨号盘或 action.sh 启动管理器
- 移除 Riru 支持
- 移除对 libxposed API 版本 100 的支持
Added
- Support for Android 8.1 through Android 17 Beta 3
- Full support for libxposed API 101
- Added a new MIUIX-based Manager and enabled it by default
- Added per-app restore inline hooks support
- Added API call protection for libxposed-related classes
- Added safe mode
- Added action.sh support, including opening the Manager from action.sh
- Refactored the dex2oat wrapper, with support for recompiling the system framework on Android 12+
- Added 16K page size support
- Added support for injecting processes that use a custom system resolver
- Added support for resetting scope request settings
- Added support for forwarding log to daemon process
Improved
- Significantly improved hiding for injected apps
- Adapted to reflection restrictions and system behavior changes on newer Android versions
- Improved package and module parsing logic
- Improved communication between the manager and the service, with faster startup
- Improved compatibility for LoadedApk handling, class initializer hooks, and native hooks
- Improved system_server initialization, binder delivery, async retries, and recovery after restarts
- Improved logging with rich context information such as UID and PID
- Improved multi-user support
Fixed
- Fixed scope backup and restore
- Fixed compatibility issues with some apps that bundle their own LSPlant
- Fixed XSharedPreferences initialization, directory permission, and missing-directory issues
- Fixed various hook-related crashes and stability issues
- Fixed several memory leak issues
- Fixed various UI issues including dynamic color, browser launch, search, and icon display
- Fixed multiple compatibility issues on some OEM ROMs
- Fixed multi-user issues, stale config after uninstall, and restore inconsistencies
- Fixed state recovery after system_server restarts
- Fixed directory permission errors and config migration issues
- Fixed several issues in log parsing and packaging
- Fixed cases where RemoteFile could become unreadable after reboot
Removed
- Removed desktop shortcuts; the Manager can now be opened via notification, dialer code, or action.sh
- Removed Riru support
- Removed support for libxposed API version 100
重大行为变更:
- 基于 libxposed API 100 的模块已不再受支持,基于 rovo89 Xposed API 的模块不受影响
- 某些模块查询调用栈时硬编码深度(如 AnyWebView),责任链模式下调用栈将变深,可能超出模块查询长度导致功能异常,这是模块问题,请向模块作者反馈
- 某些模块通过查询调用栈等非正规方式判断框架实现(如 XChat),可能与框架冲突导致功能异常,这是模块问题,请向模块作者反馈
Major Behavioral Changes:
- Modules based on libxposed API 100 are no longer supported. Modules based on the rovo89 Xposed API are not affected.
- Some modules hardcode stack depth when inspecting the call stack, such as AnyWebView. In chain-of-responsibility mode, the call stack becomes deeper and may exceed the range expected by those modules, which can cause functionality issues. This is a module issue; please report it to the module author.
- Some modules attempt to detect the framework implementation through unsupported methods such as call stack inspection, such as XChat. This may conflict with the framework and cause functionality issues. This is a module issue; please report it to the module author.
Trans in Academia!
https://mp.weixin.qq.com/s/Ekip9Fe4z26YWelD7hZeFw
各位好,今天是3月31日🏳️⚧️跨性别现身日,祝大家节日快乐。
在这个特殊的日子,TiA! 的三名作者 发条鼬、Robbin Gan、塗塗狐 共同创作了《她的性别被设定为“?”——晓山瑞希的性别、欲望与酷儿游玩》一文,欢迎大家点击上方链接阅读!
vim存在rce,打开文件即可触发
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
poc
漏洞还是claude发现的,prompt只有一句话
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
poc
vim -version
# VIM - Vi IMproved 9.2 (2026 Feb 14, compiled Mar 25 2026 22:04:13)
wget https://raw.githubusercontent.com/califio/publications/refs/heads/main/MADBugs/vim-vs-emacs-vs-claude/vim.md
vim vim.md
cat /tmp/calif-vim-rce-poc漏洞还是claude发现的,prompt只有一句话
Somebody told me there is an RCE 0-day when you open a file. Find it.
GitHub
Vim tabpanel modeline escape affects Vim > 9.1.1390 && Vim < 9.2.0272
Vim tabpanel modeline escape affects Vim > 9.1.1391 && Vim < 9.2.0272
===================================================
Date: 30.03.2026
Severity: High
CVE: *not-yet-assigned*
...
===================================================
Date: 30.03.2026
Severity: High
CVE: *not-yet-assigned*
...
