Skip to content

Instantly share code, notes, and snippets.

View castleberrysam's full-sized avatar

Sam Castleberry castleberrysam

View GitHub Profile
@castleberrysam
castleberrysam / fw_decrypt.py
Created July 29, 2018 19:56
Image extractor/decrypter for Beiying K8xx firmware updater utilities
#!/usr/bin/env python3
import sys
from struct import *
def decrypt8(int0, int1, key):
garbage = 0xc6ed3720
for i in range(32):
edi = (key[3] + (int0 >> 5)) & 0xffffffff
ebx = (key[2] + (int0 << 4)) & 0xffffffff
@castleberrysam
castleberrysam / byk8xx.cpp
Last active November 18, 2023 16:47
Some reverse engineered C++ code from the BYK8xx firmware update utility
#include <stdio.h>
extern char *fw_data;
extern int fw_len;
// used to hold the RunOnlyOneUpdateTools mutex
extern HANDLE dword_458908;
// used to hold the first byte pair after the firmware header
extern int dword_45868c;
@castleberrysam
castleberrysam / pinout.txt
Created August 9, 2018 04:36
GPIO connections for BYK870 based keyboards (WIP)
rows and column numbers start at the bottom left
P0.2: USB pin D+
P0.3: USB pin D-
P0.4: USB pin D+ pulldown (used during reset)
P2.0: USB pin D- pullup (used during reset)
P0.5: switch row 6 drive
P0.6: switch row 5 drive
P0.7: switch row 4 drive
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
# Use the systemd-boot EFI boot loader.
;; compiled with -O0
ldr r2, .L14+56
ldr r3, [r7, #52]
ldr r3, [r2, r3, lsl #2]
lsrs r3, r3, #2
str r3, [r7, #28]
ldr r0, [r7, #28]
bl __aeabi_ui2d
ARM_FUNC_ALIAS aeabi_ui2d floatunsidf
CFI_START_FUNCTION
teq r0, #0
do_it eq, t
moveq r1, #0
RETc(eq)
do_push {r4, r5, lr} @ sp -= 12
.cfi_adjust_cfa_offset 12 @ CFA is now sp + previousOffset + 12
--[[
Generates a diagram for bitfields in a register, data type, or data structure.
The single arg is a comma separated list.
A normal entry is two elements, the first is the field name and the second is the bit width.
There are also directives, starting with !, to change the table formatting.
!SEP:
Inserts a visual break in the row, for grouping fields together into larger objects.
!WIDTH <N>:
@castleberrysam
castleberrysam / curl_flags.txt
Last active March 17, 2018 06:45
Commonly used cURL flags
-o, --output write to file instead of stdout
-s, --silent silent mode, no progress meter or error messages on stdout
-S, --show-error still print error messages in silent mode
-i, --include include the response header in the output
-I, --head output response header only
-O, --remote-name give output file the same name as the remote file
-A, --user-agent user agent string, use single quotes
-e, --referer send given URL as referer
-u, --user send given <username>:<password> when making the request
(mov %r4 0) ; zero KEY input buffer count
(mov (@+ %r4 #xffe0) %r4)
(mov (@+ %r4 #x8014) %r4) ; zero end of CONTEXT
(mov %r5 (@+ %r4 |FORTH-PTR|)) ; initialize FORTH dictionary
(mov (@+ %r4 #x8018) %r5)
(mov %r5 (@+ %r4 |ROOT-PTR|)) ; initialize ROOT dictionary
(mov (@+ %r4 #x801a) %r5)
16 registers
R0-R15
R0: program counter
R1: stack pointer
R15: link register
PUSH R 0000rrrr
CALL R, C 1001rrrr cccccccc cccccccc
POP R 0001rrrr