nwert

from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct

"""
typedef struct boot_dat_hdr
{
	unsigned char ident[0x10];
	unsigned char sha2_s2[0x20];
	unsigned int s2_dst;

Cryptogenic

#!/usr/bin/python

import sys
import struct
import argparse

def swap32(i):
  return struct.unpack("<I", struct.pack(">I", i))[0]

filename = None

SciresM

#define UNLOADED_FILE   1
#include <idc.idc>

static main(void)
{
  // set 'loading idc file' mode
  set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS));
  GenInfo();            // various settings
  Segments();           // segmentation
  Enums();              // enumerations

DavidBuchanan314

#!/usr/bin/env python3
import os

"""
Cursed Code.

This code literally patches your kernel memory, proceed at your own risk.

Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!

nwert

diff --git a/libusb/os/linux_usbfs.h b/libusb/os/linux_usbfs.h
index 2449632..5ef03ba 100644
--- a/libusb/os/linux_usbfs.h
+++ b/libusb/os/linux_usbfs.h
@@ -82,7 +82,7 @@ struct usbfs_iso_packet_desc {
 };
 
 #define MAX_BULK_BUFFER_LENGTH		16384
-#define MAX_CTRL_BUFFER_LENGTH		4096
+#define MAX_CTRL_BUFFER_LENGTH		0xFFFF

roblabla

Muh Switch Keys

So you want to decrypt switch content ? Well, the good news is that all the tools required to do that are written up! The great news is, since this is crypto we're talking about, you'll have to find the keys. Yourself. Like it's easter.

So here you can find a template of the $HOME/.switch/prod.keys file that hactool uses to decrypt content. It contains all the SHA256 and location of the keys and seeds, so you can find them yourselves.

Note that all the seeds (the keys that end with _source) are used along with the master_key_## to derive an actual key. If you have somehow obtained the key without the seed, you can rename xxx_source to xxx_## (where ## is the master key number) and put your key there.

How the heck do I obtain dem keys ?

SciresM

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

gabe-k

# based on info from switchbrew and reswitched
from idaapi import *
from idc import *

syscall_map = {
    0x01: "svcSetHeapSize",
    0x02: "svcSetMemoryPermission",
    0x03: "svcSetMemoryAttribute",
    0x04: "svcMapMemory",
    0x05: "svcUnmapMemory",

marcan

/*
 * Algorithm to process Wiimote IR tracking data into a usable pointer position
 * by tracking the sensor bar.
 *
 * Copyright (c) 2008-2011 Hector Martin "marcan" <[email protected]>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *

dougallj

global _time_load
global _cache_flush
global _run_attempt

extern _bools
extern _values
extern _pointers

section .text