I hereby claim:
- I am cryptogenic on github.
- I am specterdev (https://keybase.io/specterdev) on keybase.
- I have a public key ASD9F865WA_doc1a6dFzkxNBC7xlFJBXEApkAQc2jGt8hQo
To claim this, I am signing this object:
Specter Cryptogenic
Cryptogenic
/ asp_loader.py
Created
March 6, 2024 21:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDA AMD PSP/ASP binary loader | |
| @SpecterDev | |
| ''' | |
| import binascii | |
| import ida_idp | |
| import idaapi | |
| import idc | |
| import struct |
Cryptogenic
/ extract_msrpm.py
Created
June 28, 2023 20:36
Script for extracting and parsing MSR protection maps in ps5 kernel dumps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| Script to parse an MSR protection map from a binary dump | |
| @SpecterDev | |
| ''' | |
| import argparse | |
| import os | |
| # Support hex int args |
Cryptogenic
/ 2.xx_msrs_parsed.txt
Created
June 28, 2023 20:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Note: unprotected MSRs are marked as "is NOT protected" | |
| - | |
| MSR 00000000 protected: READ & WRITE | |
| MSR 00000001 protected: READ & WRITE | |
| MSR 00000002 protected: READ & WRITE | |
| MSR 00000003 protected: READ & WRITE | |
| MSR 00000004 protected: READ & WRITE | |
| MSR 00000005 protected: READ & WRITE | |
| MSR 00000006 protected: READ & WRITE | |
| MSR 00000007 protected: READ & WRITE |
Cryptogenic
/ ip6_expl_poc.c
Last active
June 25, 2021 08:24
Kernel exploit POC (Proof-of-Concept) for IP6_EXTHDR_CHECK double free (CVE-2020-9892). Interleaves with multi-threads for code exec. Mainly a reference for PS4 implementation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * IP6_EXTHDR_CHECK Double Free (CVE-2020-9892) Exploit PoC for FreeBSD 9.0 | |
| * https://github.com/google/security-research/security/advisories/GHSA-gxcr-cw4q-9q78 | |
| * - | |
| * Bug credit: Andy Nguyen (@theflow0) | |
| * Exploit credit: @SpecterDev, @tihmstar | |
| * Thanks: @sleirsgoevy, @littlelailo, flatz (@flat_z), @balika011 | |
| * - | |
| * Build: gcc -o expl ip6_expl_poc.c -pthread | |
| * - |
Cryptogenic
/ keybase.md
Created
March 23, 2019 18:31
Cryptogenic
/ Packets.md
Created
September 4, 2018 23:28
Packets are used to communicate between the HTML5 client and the Golang server. The official listing for these packets can be found below. For non-login (L) packets - a token is required which is received when logging in. This token not only ensures that the user is authenticated, but it also ensures that players cannot send packets to the server on behalf of other players without their token.
It should be noted that sometimes packets will be received without an initial request. These have specific listeners setup on the client side. It should also be noted that an E packet can be sent in replace of the typical response for any request if an error occured while processing the request on the server.
Finally, the original sender's ID in both the client -> server and server -> client case pass the ID in the header - therefore it is not needed in the data parameters (with the exception of the server sending the ID in the login response packet).
Cryptogenic
/ js_shellcode.py
Created
May 27, 2018 21:52
A script to convert payloads into JS shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import struct | |
| import argparse | |
| def swap32(i): | |
| return struct.unpack("<I", struct.pack(">I", i))[0] | |
| filename = None |
Cryptogenic
/ keybase.md
Created
January 4, 2018 06:07
I hereby claim:
- I am Cryptogenic on github.
- I am specterdev (https://keybase.io/specterdev) on keybase.
- I have a public key whose fingerprint is 42D4 2D2B 692B 4272 7278 82AC EA69 985A 957B 3AA2
To claim this, I am signing this object: