Skip to content

Instantly share code, notes, and snippets.

View Cryptogenic's full-sized avatar

Specter Cryptogenic

1.3k followers · 5 following
View GitHub Profile
@Cryptogenic
Cryptogenic / asp_loader.py
Created March 6, 2024 21:24
'''
IDA AMD PSP/ASP binary loader
@SpecterDev
'''
import binascii
import ida_idp
import idaapi
import idc
import struct
@Cryptogenic
Cryptogenic / extract_msrpm.py
Created June 28, 2023 20:36
Script for extracting and parsing MSR protection maps in ps5 kernel dumps
#!/usr/bin/env python3
'''
Script to parse an MSR protection map from a binary dump
@SpecterDev
'''
import argparse
import os
# Support hex int args
@Cryptogenic
Cryptogenic / 2.xx_msrs_parsed.txt
Created June 28, 2023 20:34
Note: unprotected MSRs are marked as "is NOT protected"
-
MSR 00000000 protected: READ & WRITE
MSR 00000001 protected: READ & WRITE
MSR 00000002 protected: READ & WRITE
MSR 00000003 protected: READ & WRITE
MSR 00000004 protected: READ & WRITE
MSR 00000005 protected: READ & WRITE
MSR 00000006 protected: READ & WRITE
MSR 00000007 protected: READ & WRITE
@Cryptogenic
Cryptogenic / ip6_expl_poc.c
Last active June 25, 2021 08:24
Kernel exploit POC (Proof-of-Concept) for IP6_EXTHDR_CHECK double free (CVE-2020-9892). Interleaves with multi-threads for code exec. Mainly a reference for PS4 implementation.
/*
* IP6_EXTHDR_CHECK Double Free (CVE-2020-9892) Exploit PoC for FreeBSD 9.0
* https://github.com/google/security-research/security/advisories/GHSA-gxcr-cw4q-9q78
* -
* Bug credit: Andy Nguyen (@theflow0)
* Exploit credit: @SpecterDev, @tihmstar
* Thanks: @sleirsgoevy, @littlelailo, flatz (@flat_z), @balika011
* -
* Build: gcc -o expl ip6_expl_poc.c -pthread
* -
@Cryptogenic
Cryptogenic / keybase.md
Created March 23, 2019 18:31

Keybase proof

I hereby claim:

  • I am cryptogenic on github.
  • I am specterdev (https://keybase.io/specterdev) on keybase.
  • I have a public key ASD9F865WA_doc1a6dFzkxNBC7xlFJBXEApkAQc2jGt8hQo

To claim this, I am signing this object:

@Cryptogenic
Cryptogenic / Packets.md
Created September 4, 2018 23:28

Packet Listing

Packets are used to communicate between the HTML5 client and the Golang server. The official listing for these packets can be found below. For non-login (L) packets - a token is required which is received when logging in. This token not only ensures that the user is authenticated, but it also ensures that players cannot send packets to the server on behalf of other players without their token.

It should be noted that sometimes packets will be received without an initial request. These have specific listeners setup on the client side. It should also be noted that an E packet can be sent in replace of the typical response for any request if an error occured while processing the request on the server.

Finally, the original sender's ID in both the client -> server and server -> client case pass the ID in the header - therefore it is not needed in the data parameters (with the exception of the server sending the ID in the login response packet).

E Packet (Error)

@Cryptogenic
Cryptogenic / js_shellcode.py
Created May 27, 2018 21:52
A script to convert payloads into JS shellcode
#!/usr/bin/python
import sys
import struct
import argparse
def swap32(i):
return struct.unpack("<I", struct.pack(">I", i))[0]
filename = None
@Cryptogenic
Cryptogenic / keybase.md
Created January 4, 2018 06:07

Keybase proof

I hereby claim:

  • I am Cryptogenic on github.
  • I am specterdev (https://keybase.io/specterdev) on keybase.
  • I have a public key whose fingerprint is 42D4 2D2B 692B 4272 7278 82AC EA69 985A 957B 3AA2

To claim this, I am signing this object: