Skip to content

Instantly share code, notes, and snippets.

View Margen67's full-sized avatar

Margen67

148 followers · 14 following
View GitHub Profile
@B3n30
B3n30 / romfs.cpp
Last active July 18, 2018 20:51
read_delay
#include <3ds.h>
#include <stdio.h>
#include <cstdint>
#include <string>
#include <string_view>
#include <utility>
#include <vector>
static s64 base_tick;
@SciresM
SciresM / public_keys.md
Last active March 3, 2025 12:10

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

@ogniK5377
ogniK5377 / yuzu_progress.md
Last active February 4, 2018 03:11
TID Game Progress
010021C000B6A000 The Binding of Isaac: Afterbirth+ Unmapped memory read after SubmitGPFIFO 0x1f7fe1170
0100B7D0022EE000 Cave Story+ Unmapped memory read after SubmitGPFIFO 0x1f7fe1170
0100E29001298000 Has Been Heros Attempting to open RomFS - Have no romfs on hand so cannot test
0100F3D001DEE000 Puyo Puyo Tetris Attempting to open RomFS - Have no romfs on hand so cannot test
01003BC0000A0000 Splatoon 2 Unmapped memory read after GetDesiredLanguage 0x8
01007EF00011E000 Breath of the wild RomFS completely loaded! Game runs for 150 seconds before asserting!!!
010009E001D90000 World Of Goo Freezing
01000320000CC000 1-2-Switch Requesting fsp-srv#OpenRomStorage - Have no romfs on hand so cannot test
@parkerlreed
parkerlreed / gist:a19d50deccaedbe15517a19bc70ff2e5
Created January 16, 2018 18:28
the skylanders portal demystified
If you haven't heard of the game Skylanders: Spyro's Adventure, google
it.
It's a video game for the PC/Mac, Wii, PS3, Xbox 360, and 3DS which
comes with a USB "Portal of Power", a small platform that wirelessly
reads and writes to Skylanders toys. Whatever toy you put on there, the
character it represents will magically appear in-game where you can play
with it, upgrade its stats, etc. Character data is saved wirelessly
back to the toy itself.
@ObserverOfTime
ObserverOfTime / BDLinux.md
Last active May 31, 2025 16:20
Install BetterDiscord on Linux

Install BetterDiscord on Linux

This Gist contains simple instructions on how to install, update, and uninstall BetterDiscord on Linux.

For more thorough documentation, take a look at betterdiscordctl's README.

Do NOT submit issues here as I don't check the comments. You should submit them here instead.

@Nanquitas
Nanquitas / ActionReplayCodeTypes.txt
Last active April 16, 2025 14:11
CTRPF-Action Replay Code Types
###############################
# Action Replay #
# Code Types supported by #
# CTRPluginFramework #
# v0.5.0 #
###############################
==============
INFO
==============
@jbsulli
jbsulli / GitHub spoiler markdown.md
Last active May 25, 2025 12:52

Demo:

Spoiler warning

Spoiler text. Note that it's important to have a space after the summary tag. You should be able to write any markdown you want inside the <details> tag... just make sure you close <details> afterward.

console.log("I'm a code block!");
@mariomadproductions
mariomadproductions / debug_games.md
Last active January 31, 2025 12:14 — forked from unreceptive/debug_games.md
List of video games shipped with debug symbols.

List of any video game shipped with debugging symbols.

Contributions are welcome.

Name Version Platform Notes
Brunswick Pro Bowling Unknown Nintendo 3DS Contains an ELF binary with full symbol information in its RomFS root
Fire Emblem: If/Fates All (double check) Nintendo 3DS All released versions of the game contain "name.StackTrace" and "addr.StackTrace" files in the "debug" folder in the RomFS, which provide full function names/signatures for the game's code.bin
Inazuma Eleven 3 Lightning Bolt / Team Ogre Attacks / Bomb Blast Unknown Nintendo 3DS CRO/CRS contains symbols
The Legend of Zelda: The Wind Waker n/a Nintendo GameCube
@ogniK5377
ogniK5377 / CrunchyViewerRemoval.md
Last active November 6, 2017 03:44

"CrunchyViewer" Virus Removal

  1. Press WINDOWS KEY + X or press the WINDOWS KEY and start typing.
  2. Type regedit.exe and open the Registry Editor.
  3. Goto SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  4. Delete the key Java
  5. Reboot your computer.
  6. Goto C:\Users\<YOUR USERNAME>\AppData\Roaming and delete svchost.exe if present
  7. Goto C:\Users\<YOUR USERNAME>\Documents and delete svchost.exe if present
  8. Change all your password!
@shuffle2
shuffle2 / fuses.c
Created October 17, 2017 23:26
dump + decode tegra t210 ipatches
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#define ARRAYSIZE(x) (sizeof(x) / sizeof(*x))