CTurt

  [+] Entered shellcode
  [+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh

circleous

#include <stdio.h>
#include <jni.h>
#include <android/log.h>
#include <dlfcn.h>
#include <sys/types.h>
#include <stdlib.h>
//#include "TKHooklib.h"

#define LOG_TAG "HOOK"
#define LOGI(...)  __android_log_print(ANDROID_LOG_INFO,LOG_TAG,__VA_ARGS__)

dsandler

#!/usr/bin/env python
# touchbar_demo.py
# [email protected]
# PyObjC proof of concept NSTouchBar implementation.
# Note that exceptions in the delegates will crash with "Illegal instruction: 4"
# rather than printing helpful stack traces; look in CrashReporter for the 
# exception string.

import objc
from AppKit import \

thaylongs

#define _GNU_SOURCE
#include <dlfcn.h>
#define _FCNTL_H
#include <stdio.h>
#include <stdlib.h>

int (*_open)(const char *name, int flags, ...);
int (*_open64)(const char *name, int flags, ...);

void __attribute__ ((constructor)) setup(void) {

roblabla

Muh Switch Keys

So you want to decrypt switch content ? Well, the good news is that all the tools required to do that are written up! The great news is, since this is crypto we're talking about, you'll have to find the keys. Yourself. Like it's easter.

So here you can find a template of the $HOME/.switch/prod.keys file that hactool uses to decrypt content. It contains all the SHA256 and location of the keys and seeds, so you can find them yourselves.

Note that all the seeds (the keys that end with _source) are used along with the master_key_## to derive an actual key. If you have somehow obtained the key without the seed, you can rename xxx_source to xxx_## (where ## is the master key number) and put your key there.

How the heck do I obtain dem keys ?

roblabla

#!/usr/bin/env python

VERBOSE = False

import os
import subprocess
import shutil
import errno
import hashlib

roblabla

This is a small repository that aims to document some fun kernel patches I have come up with while reverse engineering the kernel. They're meant to be useful for debugging various things.

You can easily apply those patches by getting the appropriate Kernel.bin, and applying them in a hex editor. The format is: offset origvalue => newvalue offset. They are made with radiff2. (If anyone knows of a better way to create binary patches, I'd love to hear it). Another way to test those patches is to use Hekate, which recently got kernel patching support (https://github.com/nwert/hekate/blob/master/ipl/pkg1.c#L71, thanks @CTCaer ^^)

I try to document what each patch does. If something is missing or wrong, feel free to leave a comment!

Have fun!

khang06

https://gbatemp.net/threads/nintendo-switch-sd-to-nsp-dumper.514816/ for a more automated and easier way to do this

This guide assumes you have previous experience with hactool and messing with your NAND. You aren't supposed to blindly copy commands in this, so read before pasting!

Also, the Python sections require Python 2.7 and pycrypto. Make sure your hactool is v1.2 or above.

Obtaining Your SD Seed

1. Run https://cdn.discordapp.com/attachments/432400335235973120/478053328857726976/Compelled-Disclosure.nro (source at https://github.com/shadowninja108/Compelled-Disclosure, thx Shadów#6239)

nwert

from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct

"""
typedef struct boot_dat_hdr
{
	unsigned char ident[0x10];
	unsigned char sha2_s2[0x20];
	unsigned int s2_dst;

hexkyz

###############################################
# TX SX OS unpacker - by hexkyz and naehrwert #
###############################################

from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

"""