Ryan Welton Fuzion24

## apollo.txt
This bug was also called moonshine in the beginning
Basically the following bug is present in all bootroms I have looked at:
1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output
2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code
3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer
4. it then returns wLength which is the length it wants to recieve into the buffer
5. the usb main code then updates a global var with the length and gets ready to recieve the data packages
6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already
7. if all the data was recieved th

## convert_teegris_tas.py
#!/usr/bin/env python3
# Usage: python convert_teegris_tas.py ~/Downloads/sw/pda/s10/fw/fw_G973FXXU4BTA8/AP/vendor/tee/

import os
import sys
from textwrap import wrap

def teegris_ta_to_elf(path_from, path_to):
    with open(path_from, 'rb') as fin:
        with open(path_to, 'wb') as fout:

## tun-ping-linux.go
package main

import (
	"exec"
	"log"
	"os"
	"syscall"
	"unsafe"
)

## shell-execution.rb
# Ways to execute a shell script in Ruby
# Example Script - Joseph Pecoraro

cmd = "echo 'hi'" # Sample string that can be used

# 1. Kernel#` - commonly called backticks - `cmd`
# This is like many other languages, including bash, PHP, and Perl
#   Synchronous (blocking)
#   Returns the output of the shell command
#   Docs: http://ruby-doc.org/core/classes/Kernel.html#M001111

## floatsign.sh
# !/bin/bash

# Copyright (c) 2011 Float Mobile Learning
# http://www.floatlearning.com/
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the

## castealer.rb
require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC)
ctx = OpenSSL::SSL::SSLContext.new
puts "Spoof must be in DER format and saved as root.cer"
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2

## bin2wav.py
import sys
import wave
import struct

# bit0 is a single period sine wave at 1024Hz with a given amplitude
# bit1 is the same but with ~2.7 times the amplitude
bits = [[0x00, 0x09, 0x12, 0x1A, 0x21, 0x27, 0x2C, 0x2F, 0x30, 0x2F, 0x2C, 0x27, 0x21, 0x1A, 0x12, 0x09, 0x00, 0xF6, 0xED, 0xE5, 0xDE, 0xD8, 0xD3, 0xD0, 0xD0, 0xD0, 0xD3, 0xD8, 0xDE, 0xE5, 0xED, 0xF6], [0x00, 0x18, 0x30, 0x46, 0x59, 0x69, 0x75, 0x7C, 0x7F, 0x7C, 0x75, 0x69, 0x59, 0x46, 0x30, 0x18, 0x00, 0xE7, 0xCF, 0xB9, 0xA6, 0x96, 0x8A, 0x83, 0x81, 0x83, 0x8A, 0x96, 0xA6, 0xB9, 0xCF, 0xE7]]
bits[0] = [b^0x80 for b in bits[0]]
bits[1] = [b^0x80 for b in bits[1]]
bits[0] = struct.pack('%sB' % len(bits[0]), *bits[0])

## git-xnu.sh
#! /bin/bash
#
# git-xnu.sh
# Brandon Azad
#
# A script to download Apple's XNU kernel source code and create a git
# repository.
#

XNU_DIR="xnu"

## prologue.py
#  Fix clang function prologues
#  WARNING: this WILL patch bytes in the database
#
#  Copyright (c) 2015 xerub
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#

## cube-towel.c
//Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <pthread.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <linux/futex.h>
	This bug was also called moonshine in the beginning
	Basically the following bug is present in all bootroms I have looked at:
	1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output
	2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code
	3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer
	4. it then returns wLength which is the length it wants to recieve into the buffer
	5. the usb main code then updates a global var with the length and gets ready to recieve the data packages
	6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already
	7. if all the data was recieved th
	#!/usr/bin/env python3
	# Usage: python convert_teegris_tas.py ~/Downloads/sw/pda/s10/fw/fw_G973FXXU4BTA8/AP/vendor/tee/

	import os
	import sys
	from textwrap import wrap

	def teegris_ta_to_elf(path_from, path_to):
	with open(path_from, 'rb') as fin:
	with open(path_to, 'wb') as fout:
	# Ways to execute a shell script in Ruby
	# Example Script - Joseph Pecoraro

	cmd = "echo 'hi'" # Sample string that can be used

	# 1. Kernel#` - commonly called backticks - `cmd`
	# This is like many other languages, including bash, PHP, and Perl
	# Synchronous (blocking)
	# Returns the output of the shell command
	# Docs: http://ruby-doc.org/core/classes/Kernel.html#M001111
	# !/bin/bash

	# Copyright (c) 2011 Float Mobile Learning
	# http://www.floatlearning.com/
	#
	# Permission is hereby granted, free of charge, to any person obtaining
	# a copy of this software and associated documentation files (the "Software"),
	# to deal in the Software without restriction, including without limitation
	# the rights to use, copy, modify, merge, publish, distribute, sublicense,
	# and/or sell copies of the Software, and to permit persons to whom the
	require 'rubygems'
	require 'openssl'
	require 'digest/md5'
	key = OpenSSL::PKey::RSA.new(2048)
	cipher = OpenSSL::Cipher::AES.new(256, :CBC)
	ctx = OpenSSL::SSL::SSLContext.new
	puts "Spoof must be in DER format and saved as root.cer"
	raw = File.read "root.cer"
	cert = OpenSSL::X509::Certificate.new raw
	cert.version = 2
	import sys
	import wave
	import struct

	# bit0 is a single period sine wave at 1024Hz with a given amplitude
	# bit1 is the same but with ~2.7 times the amplitude
	bits = [[0x00, 0x09, 0x12, 0x1A, 0x21, 0x27, 0x2C, 0x2F, 0x30, 0x2F, 0x2C, 0x27, 0x21, 0x1A, 0x12, 0x09, 0x00, 0xF6, 0xED, 0xE5, 0xDE, 0xD8, 0xD3, 0xD0, 0xD0, 0xD0, 0xD3, 0xD8, 0xDE, 0xE5, 0xED, 0xF6], [0x00, 0x18, 0x30, 0x46, 0x59, 0x69, 0x75, 0x7C, 0x7F, 0x7C, 0x75, 0x69, 0x59, 0x46, 0x30, 0x18, 0x00, 0xE7, 0xCF, 0xB9, 0xA6, 0x96, 0x8A, 0x83, 0x81, 0x83, 0x8A, 0x96, 0xA6, 0xB9, 0xCF, 0xE7]]
	bits[0] = [b^0x80 for b in bits[0]]
	bits[1] = [b^0x80 for b in bits[1]]
	bits[0] = struct.pack('%sB' % len(bits[0]), *bits[0])
	#! /bin/bash
	#
	# git-xnu.sh
	# Brandon Azad
	#
	# A script to download Apple's XNU kernel source code and create a git
	# repository.
	#

	XNU_DIR="xnu"
	# Fix clang function prologues
	# WARNING: this WILL patch bytes in the database
	#
	# Copyright (c) 2015 xerub
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation; either version 2 of the License, or
	# (at your option) any later version.
	#
	//Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。

	#include <stdio.h>
	#include <stdlib.h>
	#include <sys/socket.h>
	#include <arpa/inet.h>
	#include <pthread.h>
	#include <sys/mman.h>
	#include <sys/syscall.h>
	#include <linux/futex.h>