Zechao Cai

Systems Researcher

Zechao Cai is a PhD student at the Department of Computer Science, ETH Zurich, working on Systems Research.

Contact

zechao [dot] cai [at] inf [dot] ethz [dot] ch


Department of Computer Science, ETH Zurich

Twitter
Github
LinkedIn

Publications

Chekhov’s Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services πŸ”—
Minghao Lin, Jiaxun Zhu, Tingting Yin, Zechao Cai, Guanxing Wen, Yanan Guo, and Mengyuan Li
Computer and Communications Security (CCS). 2025.

CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon πŸ”—
Jiaxun Zhu, Minghao Lin, Tingting Yin, Zechao Cai, Yu Wang, Rui Chang, and Wenbo Shen
Computer and Communications Security (CCS). 2024.

Demystifying Pointer Authentication on Apple M1 πŸ”—
Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, and Kui Ren
USENIX Security Symposium. 2023.

Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1 πŸ”—
Zechao Cai, Jiaxun Zhu, Yutian Yang, Wenbo Shen, and Yu Wang
Black Hat USA. 2023.



Projects

Apple-Silicon-based System Research

I created and led this research track at Zhejiang University. We built a hypervisor for Apple Silicon and did various interesting hacking (you can find our work on USENIX SEC β€˜23, CCS β€˜24 β€˜25, and Black Hat β€˜23). Although I’d like to try something else during my PhD, I am still very interested in Apple Silicon stuff and open to collaboration, so if you are interested in doing research πŸ“‘/hacking 😈 with us on Apple Silicon, we should talk πŸ˜‰.

Talks

Demystifying Pointer Authentication on Apple M1 (Invited on-site talk).
Network and Information Security Lab @Tsinghua University.

Demystifying Pointer Authentication on Apple M1 (Online talk)
USENIX Security '23. Aug 2023.

Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1 (Online talk)
Black Hat USA 2023. Aug 2023.