Skip to content

Instantly share code, notes, and snippets.

View fincs's full-sized avatar
🐱
( ͡° ͜ʖ ͡°)

fincs

🐱
( ͡° ͜ʖ ͡°)
332 followers · 0 following
View GitHub Profile
@imbushuo
imbushuo / simplevm.c
Last active April 8, 2024 07:06
Demonstrates Hypervisor.Framework usage in Apple Silicon
// simplevm.c: demonstrates Hypervisor.Framework usage in Apple Silicon
// Based on the work by @zhuowei
// @imbushuo - Nov 2020
// To build:
// Prepare the entitlement with BOTH com.apple.security.hypervisor and com.apple.vm.networking WHEN SIP IS OFF
// Prepare the entitlement com.apple.security.hypervisor and NO com.apple.vm.networking WHEN SIP IS ON
// ^ Per @never_released, tested on 11.0.1, idk why
// clang -o simplevm -O2 -framework Hypervisor -mmacosx-version-min=11.0 simplevm.c
// codesign --entitlements simplevm.entitlements --force -s - simplevm
@SciresM
SciresM / kernel_svc_tables.py
Last active September 4, 2020 05:23
Script for automatically identifying + labeling the Nintendo Switch SVC tables.
from idautils import *
from idaapi import *
from idc import *
from ida_hexrays import *
from ida_bytes import *
from ida_funcs import *
SVC_MAPPINGS = {
0x01 : ("SetHeapSize", "Result %s(uintptr_t *out_address, size_t size);"),
0x02 : ("SetMemoryPermission", "Result %s(uintptr_t address, size_t size, MemoryPermission perm);"),
@marysaka
marysaka / psc-9.0.0.idc
Last active January 13, 2021 13:52
PSC 9.0.0
This file has been truncated, but you can view the full file.
// PSC 9.0.0 IDC by Thog, 2019/10/03
// main: 5e83dd40cbc929aa4073f087c90ee65e1ef517e787a8b5621f350f43920ee3aa
// Notes:
// - This currently only contains a full reversing of time.
// - Not all names are officials.
#define UNLOADED_FILE 1
#include <idc.idc>
static main(void)
@SciresM
SciresM / nx_bootloader_uncompress.c
Last active December 27, 2019 10:43
Quick and dirty NX bootloader uncompression code for 6.2.0+
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <stdbool.h>
typedef uint32_t u32;
typedef uint8_t u8;
@SciresM
SciresM / fusee_bct0_spec.txt
Last active December 27, 2019 10:45
There'll be two stages in the core fusee payload, loading configuration from a shared ini file (https://en.wikipedia.org/wiki/INI_file).
- Stage 1 will be the actual exploit payload, and it will be fairly minimal:
- It will initialize DRAM, and initialize the display.
- It will load a filename and address for stage 2, loading stage 2 into DRAM and jumping to it.
- Stage 2 will be a "loader" -- it will be responsible for loading everything else into place prior to boot.
- Stage 2 will be able to load arbitrarily many files to arbitrary load addresses off of the SD card.
- Stage 2 will get a list of files to load from a "loadlist" key, with loadables delimited by "|" in the value.
- For each loadable, a _path and _addr key will be used to identify a filename and where to load it to.
@TuxSH
TuxSH / kernel50.py
Created March 26, 2018 00:16
Kernel 5.0 loader
# Copyright 2017 Reswitched Team
#
# Permission to use, copy, modify, and/or distribute this software for any purpose with or
# without fee is hereby granted, provided that the above copyright notice and this permission
# notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
# SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
@wwylele
wwylele / main.c
Created March 12, 2018 11:14
shadow map test
#include <3ds.h>
#include <citro3d.h>
#include <string.h>
#include "vshader_shbin.h"
#include <stdio.h>
#define CLEAR_COLOR 0xFFB0D8D5
#define DISPLAY_TRANSFER_FLAGS \
(GX_TRANSFER_FLIP_VERT(0) | GX_TRANSFER_OUT_TILED(0) | GX_TRANSFER_RAW_COPY(0) | \
@roblabla
roblabla / HABILITIES.md
Last active March 14, 2024 03:24
We believe in your habilities.

Muh Switch Keys

So you want to decrypt switch content ? Well, the good news is that all the tools required to do that are written up! The great news is, since this is crypto we're talking about, you'll have to find the keys. Yourself. Like it's easter.

So here you can find a template of the $HOME/.switch/prod.keys file that hactool uses to decrypt content. It contains all the SHA256 and location of the keys and seeds, so you can find them yourselves.

Note that all the seeds (the keys that end with _source) are used along with the master_key_## to derive an actual key. If you have somehow obtained the key without the seed, you can rename xxx_source to xxx_## (where ## is the master key number) and put your key there.

How the heck do I obtain dem keys ?

@dougallj
dougallj / asm.s
Created January 3, 2018 08:55
x86-64 Speculative Execution Harness
global _time_load
global _cache_flush
global _run_attempt
extern _bools
extern _values
extern _pointers
section .text
@LiquidFenrir
LiquidFenrir / gist:d110f3e7755ffbe82672eda49ae21af2
Last active February 21, 2023 22:06
gdb 101 for 3ds, credits to Stary
1. enable debugger in rosalina menu
go to process list
select a process
2. launch arm-none-eabi-gdb <path to elf>
command "target remote ip:port"
3. command "continue" or "c" to resume execution
4.