Skip to content

Instantly share code, notes, and snippets.

View tsl0922's full-sized avatar
💭
I may be slow to respond.

Shuanglei Tao tsl0922

💭
I may be slow to respond.
View GitHub Profile
Ctrl+o script-message-to dialog open #menu: Open > Files...
Ctrl+O script-message-to dialog open-folder #menu: Open > Folder...
_ script-message-to dialog open append #menu: Open > Add To Playlist...
_ ignore #menu: Open > -
_ script-message-to dialog open bd-iso #menu: Open > Bluray ISO...
_ script-message-to dialog open dvd-iso #menu: Open > DVD ISO...
_ ignore #menu: Open > -
Ctrl+v script-message-to dialog open-clipboard #menu: Open > Clipboard
_ ignore #menu: Open > -
Ctrl+R script-binding recentmenu/open #menu: Open > Recently Played #@recent

Hacking the SX Core modchip

Background

On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.

Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch

@SciresM
SciresM / gw_flash.py
Last active July 24, 2022 15:46
utility for interacting with gateway modchip updates
import sys
from struct import pack as pk, unpack as up
def u32(x):
return x & 0xFFFFFFFF
def tea_update_custom_mac(mac, v, k):
v0, v1 = v[0], v[1]
cur_sum = 0xC6EF3720
k0, k1, k2, k3 = k[0], k[1], k[2], k[3]
###############################################
# TX SX Pro Custom Payload Packer - by CTCaer #
###############################################
import struct
import hashlib
from os import unlink
"""
typedef struct boot_dat_hdr
###############################################
# TX SX OS unpacker - by hexkyz and naehrwert #
###############################################
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct
"""
@wavezhang
wavezhang / java_download.sh
Last active November 13, 2024 02:42
download java from oracle without login
wget -c --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" https://download.oracle.com/otn-pub/java/jdk/12.0.2+10/e482c34c86bd4bf8b56c0b35558996b9/jdk-12.0.2_linux-x64_bin.tar.gz
@bmhatfield
bmhatfield / .profile
Last active November 14, 2024 12:11
Automatic Git commit signing with GPG on OSX
# In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env
# variable pointing GPG to the gpg-agent socket. This little script, which must be sourced
# in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start
# gpg-agent or set up the GPG_AGENT_INFO variable if it's already running.
# Add the following to your shell init to set up gpg-agent automatically for every shell
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
source ~/.gnupg/.gpg-agent-info
export GPG_AGENT_INFO
else
@rvl
rvl / git-pushing-multiple.rst
Created February 9, 2016 11:41
How to push to multiple git remotes at once. Useful if you keep mirrors of your repo.

Pushing to Multiple Git Repos

If a project has to have multiple git repos (e.g. Bitbucket and Github) then it's better that they remain in sync.

Usually this would involve pushing each branch to each repo in turn, but actually Git allows pushing to multiple repos in one go.

If in doubt about what git is doing when you run these commands, just

#!/usr/bin/sudo sh
## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
## From `strings ruby_concealer.so`:
##
## > This obfuscation is intended to discourage GitHub Enterprise customers
## > from making modifications to the VM.
##
## Well, good, as long as its not intended to discourage *me* from doing this!
@tsl0922
tsl0922 / .tmux.conf
Last active October 31, 2024 19:01
vim style tmux config
# vim style tmux config
# use C-a, since it's on the home row and easier to hit than C-b
set-option -g prefix C-a
unbind-key C-a
bind-key C-a send-prefix
set -g base-index 1
# Easy config reload
bind-key R source-file ~/.tmux.conf \; display-message "tmux.conf reloaded."