| +------------+ | |
| Power 12v | STM 32 | RJ45 Mic | |
| Antenna | DSP engine | S/P (headphone) | |
| I/Q | (Base) | KEY (paddles or straight) | |
| | | ACC (linear amplifier interface) | |
| +-----+------+ USB DEV (CAT control and tx/rx audio) | |
| |I2C or ? | |
| ----------------|------------------------------------------ | |
| | | |
| +-----+------+ |
| # IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX | |
| # | |
| # WIP research. (This was edited to add more info after someone posted it to | |
| # Hacker News. Click "Revisions" to see full changes.) | |
| # | |
| # Copyright (c) 2020 dougallj | |
| # Based on Python port of VMX intrinsics plugin: | |
| # Copyright (c) 2019 w4kfu - Synacktiv |
Welcome to the Gran Turismo 5 Lan Guide - Bringing the online back to the good old days.
This is the maintained text version of the guide, recommended for most users. Below are the other versions.
| // | |
| // This file should be used in the following way: | |
| // - reload executable into IDA with using switch -c | |
| // - use File, Load IDC file and load this file. | |
| // | |
| // NOTE: This file doesn't contain all information from the database. | |
| // | |
| #define UNLOADED_FILE 1 | |
| #include <idc.idc> |
| https://github.com/xerpi/GhidraVitaLoader |
| The script helps you restore all installed OpenWRT packages after upgrading the main firmware image via sysupgrade. It works | |
| ONLY if the default firmware image provided by the OpenWRT project is sufficient to get connected to the Internet, but you | |
| want some extra packages for additional functionality. In other words, it WILL NOT WORK if connecting to the Internet | |
| requires installing extra packages (e.g., a kernel module for your LTE modem). | |
| The script has been tested for upgrading from OpenWRT 18.06.1 to 18.06.2 and to a development snapshot, as well as between | |
| development snapshots. On LEDE 17.01.x, "flock" is not a part of the default image, so has to be installed manually. | |
| Initial setup: |
The following is a write-up of how I initially achieved kernel code execution on the Nintendo Switch, very much inspired by hexkyz's write-ups. The work discussed was completed over the course of a single conversation between hthh and I during the evening of November 21st, 2017. A number of snippets are attached from that conversation as inline links, in the hopes that they'll be interesting to readers.
I would recommend one read hexkyz's recent write-up on how the switch was broken into via GPU DMA attacks. It's a great read!
In particular, he describes:
Additionally, the kernel itself would start allocating memory outside of the carveout region
| #!/bin/sh | |
| # THIS IS NOT FOR REGULAR USERS!!! | |
| # You need to solder to the UART port and short the two pads under the PCB near the charger. | |
| # Baud rate: 921600 | |
| red_led () { | |
| SLEEP=1 | |
| LOOP=1 | |
| if [ x"$1" != x ]; then LOOP=$1; fi |
| # The following is adapted from https://github.com/reswitched/loaders/blob/master/nxo64.py | |
| # | |
| # =========================================================================================== | |
| # | |
| # Copyright 2017 Reswitched Team | |
| # | |
| # Permission to use, copy, modify, and/or distribute this software for any purpose with or | |
| # without fee is hereby granted, provided that the above copyright notice and this permission | |
| # notice appear in all copies. | |
| # |
| ############################################### | |
| # TX SX OS unpacker - by hexkyz and naehrwert # | |
| ############################################### | |
| from Crypto.Cipher import AES | |
| from Crypto.Util import Counter | |
| import os | |
| import struct | |
| """ |
