Skip to content

Instantly share code, notes, and snippets.

View CTCaer's full-sized avatar
🔌

CTCaer

🔌
669 followers · 0 following
View GitHub Profile
@CTCaer
CTCaer / P2180_A00_LP4_DSC_204Mhz.cfg
Created January 19, 2019 03:06 — forked from roblabla/P2180_A00_LP4_DSC_204Mhz.cfg
# CFG Version 03
# Do not edit. Generated by t210_emc_reg_tool_P987.exe V9.8.7. Command:
# t210_emc_reg_tool_P987.exe -i Samsung_K4F6E304HB-MGCH_4GB.par 04.90196078431372549019
# -dram_board_cfg 37 -data_bus_to_0 1 -dsr_per_dev 0 -fly_by_time_ps 1833 -dbi_rd_en 1
# -is_bkv 1 -b P2180_A00_LP4_DSC_204Mhz.txt -o P2180_4GB_P987_configs\P2180_4GB_Samsung_4GB_lpddr4_204Mhz_P987.cfg
# Parameter file: Samsung_K4F6E304HB-MGCH_4GB.par, tck = 4.90 ns (204.00 MHz)
# bkv file: P2180_A00_LP4_DSC_204Mhz.txt
SDRAM[0].MemoryType = NvBootMemoryType_LpDdr4;
SDRAM[0].PllMInputDivider = 0x00000001;
SDRAM[0].PllMFeedbackDivider = 0x00000022;
@CTCaer
CTCaer / tx_custom_boot.py
Created July 11, 2018 14:07
###############################################
# TX SX Pro Custom Payload Packer - by CTCaer #
###############################################
import struct
import hashlib
from os import unlink
"""
typedef struct boot_dat_hdr
@CTCaer
CTCaer / tx_unpack.py
Created July 10, 2018 14:39 — forked from hexkyz/tx_unpack.py
###############################################
# TX SX OS unpacker - by hexkyz and naehrwert #
###############################################
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct
"""
@CTCaer
CTCaer / scan_amiibo.log
Last active July 10, 2022 12:22
Legend:
WRI: Sent packet
RCV: Received packet
MCU: Received x31 packet. The first 49 bytes are truncated.
WRI: subcmd x22 - Set MCU state (suspend/resume)
RCV: 21 eb800000006a6878bed87500 8022 00000000000000000000000000000000000000000000000000000000000000000000
WRI: subcmd x21 - Write MCU
RCV: 21 f4800000006c5878bec87500 a021 0100ff00030005060000000000000000000000000000000000000000000000000062
WRI: subcmd x03 - Change input report format
@CTCaer
CTCaer / libusb.patch
Created April 23, 2018 17:37 — forked from nwert/libusb.patch
nxboot
diff --git a/libusb/os/linux_usbfs.h b/libusb/os/linux_usbfs.h
index 2449632..5ef03ba 100644
--- a/libusb/os/linux_usbfs.h
+++ b/libusb/os/linux_usbfs.h
@@ -82,7 +82,7 @@ struct usbfs_iso_packet_desc {
};
#define MAX_BULK_BUFFER_LENGTH 16384
-#define MAX_CTRL_BUFFER_LENGTH 4096
+#define MAX_CTRL_BUFFER_LENGTH 0xFFFF
@CTCaer
CTCaer / README.md
Created March 14, 2018 08:56 — forked from roblabla/HABILITIES.md
We believe in your habilities.

Muh Switch Keys

So you want to decrypt switch content ? Well, the good news is that all the tools required to do that are written up! The great news is, since this is crypto we're talking about, you'll have to find the keys. Yourself. Like it's easter.

So here you can find a template of the $HOME/.switch/prod.keys file that hactool uses to decrypt content. It contains all the SHA256 and location of the keys and seeds, so you can find them yourselves.

Note that all the seeds (the keys that end with _source) are used along with the master_key_## to derive an actual key. If you have somehow obtained the key without the seed, you can rename xxx_source to xxx_## (where ## is the master key number) and put your key there.

How the heck do I obtain dem keys ?

@CTCaer
CTCaer / package1.py
Created January 22, 2018 13:27 — forked from SciresM/package1.py
from struct import unpack as up, pack as pk
from binascii import unhexlify as uhx, hexlify as hx
from Crypto.Cipher import AES
from Crypto.Util import Counter
import sys
pk11key = uhx('') # Insert key here.
def string_to_ctr(ctr):
return Counter.new(128, initial_value=int(hx(ctr), 16))
@CTCaer
CTCaer / fuses.c
Created January 10, 2018 07:53 — forked from shuffle2/fuses.c
dump + decode tegra t210 ipatches
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#define ARRAYSIZE(x) (sizeof(x) / sizeof(*x))
@CTCaer
CTCaer / brcm_patchram_spi_otp.txt
Created October 9, 2017 22:43
OTP PatchRAM. (SPI @0x0)
01[raw]: F000006208C05D89
FD[raw]: FFFFFFFF
40[raw]: 123456B9E698 // BD_ADDR
// Overwritten by DS# PatchRAM
0A: D03DC: D03E4 b'AA55F00F68E597D2' // Magic
// Overwritten by DS# PatchRAM
0A: D0200: D030C b'00F009F842F78EBE374900231A460860202174F77CB93549097801F00F0140EA01204FF44811096801F48051084370470EB56A460C2141F6F47074F7D7FB0C2809D108222A496846A2F76EFA002802D12849029808600EBD70B5284926484FF448140860206820F480502060A06E20F07F40A066A06E40F08240A066E06E00F07F40E066E06E1E490843E066D4F888001C490840C4F888001B4DD5F83801C0071BD0D5F83C01D5F8381180B24FF4E02202EAC13108434FF44D110A686FF312021043086000F053F8D5F8300110F4E06F03D04FF67F70C5F8B002206840F480502060BDE87040A3E75C7D210034282000DC030D00B87C21008FFE0D00607D210041414100FF0F00F000603300'
// Overwritten by DS# PatchRAM
@CTCaer
CTCaer / brcm_flash.c
Created September 22, 2017 02:08 — forked from shuffle2/brcm_flash.c
joycon command handling
unsigned __int8 *__fastcall process_cmd(struct_a1 *a1, int a2, int a3, unsigned __int8 *pkt, signed int pkt_len)
{
unsigned __int8 *pkt_; // r0@1 MAPDST
int v10; // r0@2
int v11; // r12@8
unsigned __int8 v12; // r0@13
signed int b0; // r0@15
int v14; // r0@38
unsigned __int8 v15; // r1@46
unsigned int v16; // r2@51