Skip to content

Instantly share code, notes, and snippets.

View jakiki6's full-sized avatar
🐱

Laura Kirsch jakiki6

🐱
89 followers · 232 following
  • Germany
  • 10:40 (UTC +02:00)
View GitHub Profile
@tommy-mor
tommy-mor / video.py
Last active February 7, 2025 20:28
not good code stay away
from moviepy.editor import *
import numpy as np
clip = VideoFileClip("hams.mkv")
import sounddevice as sd
import soundfile as sf
from queue import Queue
from collections import OrderedDict
import pprint
pp = pprint.PrettyPrinter(indent=4)
print('started')
@SciresM
SciresM / public_keys.md
Last active March 3, 2025 12:10

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

@quasilyte
quasilyte / nop.csv
Last active May 24, 2024 16:19
opcode encoding mode32 mode64 cpuid tags rw_actions multisize datasize
NOP 90+rd V V operand32,operand64 Y
NOP 90+rw V V operand16,operand64 Y
NOP F3 90+rd V V operand32 Y
NOP F3 90+rw V V operand16 Y
NOP r/m32 0F 18 /4 V V operand32 r Y 32
NOP r/m32 0F 18 /5 V V operand32 r Y 32
NOP r/m32 0F 18 /6 V V operand32 r Y 32
NOP r/m32 0F 18 /7 V V operand32 r Y 32
NOP r/m32, r32 0F 19 /r V V operand32 r,r Y 32
@SciresM
SciresM / Signatures.txt
Last active April 16, 2025 23:10
"Perfect" sighax signatures for every Boot9 modulus.
Retail NAND FIRM:
Perfect Signature:
B6724531C448657A2A2EE306457E350A10D544B42859B0E5B0BED27534CCCC2A4D47EDEA60A7DD99939950A6357B1E35DFC7FAC773B7E12E7C1481234AF141B31CF08E9F62293AA6BAAE246C15095F8B78402A684D852C680549FA5B3F14D9E838A2FB9C09A15ABB40DCA25E40A3DDC1F58E79CEC901974363A946E99B4346E8A372B6CD55A707E1EAB9BEC0200B5BA0B661236A8708D704517F43C6C38EE9560111E1405E5E8ED356C49C4FF6823D1219AFAEEB3DF3C36B62BBA88FC15BA8648F9333FD9FC092B8146C3D908F73155D48BE89D72612E18E4AA8EB9B7FD2A5F7328C4ECBFB0083833CBD5C983A25CEB8B941CC68EB017CE87F5D793ACA09ACF7
Exponentiated Message:
0002B31331C710412333A587890F9CF0B6A86E71C8A78F96B76082903B3E54EA9AB935978BBF2493BB829E9A5A6060B0C7811881176BCF9FE8B1C5C5E0A95327DB8B52EC178A884AD9CF28DB8BBF2922C05FD034AC81BD231AEB0CBEF6F7DE6F3A30812B9F9A83BF33251891BFA18FA38A64C6FF5F77DBE11C3780C23EA9F6D00F9C01D6FC8A878591D36C4F64ACA6B8D11BBEB21476103C6E86FF2196D465BA4DB78F81F1D3BCCA186BDDD56739A12DD36122F3F5B3DD518DDAC4FA29395EA4CD9DFD80AF8A399990F4FDD3CD6B07EC2122437CCFC3B62B1D1493A7DBB442003
@AntonKueltz
AntonKueltz / rsa_factor.py
Created April 1, 2017 03:02
Factor an RSA modulus given the public and private key
def factor(n, e, d):
"""http://crypto.stackexchange.com/a/25910/17884
n - modulus
e - public exponent
d - private exponent
returns - (p, q) such that n = p*q
"""
from fractions import gcd
from random import randint
@numinit
numinit / dtext.c
Last active January 31, 2022 14:07
Dumps in-memory text segments by single-stepping with ptrace. Usage: dtext <program> [args...]
/* Dumps in-memory text segments by single-stepping with ptrace.
* Usage: dtext <program> [args...]
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdlib.h>
@DonnchaC
DonnchaC / huaiwei-unlock.py
Created September 24, 2016 19:27
Huaiwei unlock code generator - Based on the disassembler generated C code in https://github.com/forth32/huaweicalc
#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
import hashlib
import argparse
import binascii
import struct
def encrypt_v1(imei, key):
@sbarratt
sbarratt / keyboardhook.cpp
Created May 31, 2016 19:49
Create a keyboard hook using Win32 System API and log what the user types into a console.
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <iostream>
HHOOK hHook{ NULL };
enum Keys
{
ShiftKey = 16,
@yifanlu
yifanlu / gist:e80db121d38aceb8cca0e03cefd5853b
Last active January 29, 2025 21:21
3DS System Transfer + NNID & eShop on new region
This is an ADVANCED guide and should not be attempted by anyone who does not COMPLETELY understand each step and what it does to their device. Additionally, the prerequisite is that you have already performed a region change on your 3DS. You also need access to another 3DS on the target region that you can format to a non-NNID linked state (you can use emuNAND here). For simplicity, I am going to assume you are region changing a N3DS from Japan to USA and have access to a USD O3DS. The guide is in two parts: System Transfer and NNID Linking. For those who wish to just have access to USA eShop (and the ability to download free games; if you only want to use eShop to purchase games, you do not have to link a NNID) you can skip to the second part.
To modify requests, I use Charles Proxy to set breakpoints so I can change requests and responses as they come in. However, you can do it in any why you choose. Also, since 9.2 eShop was disabled, you may have to additionally modify all requests from the 3DS to send a
@maxymania
maxymania / Makefile
Last active June 4, 2025 15:02
secmalloc.c: Small, Secure Malloc implementation.
secmalloc.o: secmalloc.c
gcc -c -fPIC secmalloc.c -o secmalloc.o
secmalloc.so: secmalloc.o
gcc -shared -Wl,-soname,secmalloc.so -o secmalloc.so secmalloc.o