Skip to content

Instantly share code, notes, and snippets.

View flatz's full-sized avatar

Aleksei Kulaev flatz

268 followers · 67 following
View GitHub Profile
@flatz
flatz / extract_initramfs.sh
Last active June 11, 2017 12:18
#!/bin/bash
set -e
A7Z=$(which 7za 2>/dev/null) || true
GZIP=$(which gzip 2>/dev/null) || true
ZIP=$(which zip 2>/dev/null) || true
XZ=$(which xz 2>/dev/null) || true
usage() {
@flatz
flatz / create_initramfs.sh
Last active June 11, 2017 12:19
#!/bin/bash
set -e
A7Z=$(which 7za 2>/dev/null) || true
GZIP=$(which gzip 2>/dev/null) || true
ZIP=$(which zip 2>/dev/null) || true
XZ=$(which xz 2>/dev/null) || true
usage() {
@flatz
flatz / dw_decrypt.py
Created September 29, 2021 16:33
DataWedge session decryption
#!/usr/bin/env python3
from Crypto.Cipher import DES3
from Crypto.Hash import SHA1
from hexdump import hexdump
def sha1(data):
return SHA1.new(data).digest()
@flatz
flatz / windbg-comcall.md
Created December 14, 2019 20:20 — forked from SeanCline/windbg-comcall.md
WinDbg: Getting COM Call target from SendReceive2 stack frame.

Looking at a callstack that is making a COM call to another apartment, look for the SendReceive2 stack frame.

  0:053> kb
  # ChildEBP RetAddr  Args to Child              
  00 1532ed98 752e0ca9 00000002 1532ef44 00000001 ntdll!NtWaitForMultipleObjects+0xc
  01 1532ef1c 756dc2a0 1532eef4 1532ef44 00000000 KERNELBASE!WaitForMultipleObjectsEx+0xdc
  02 1532ef74 75bec1db 00000000 1532efcc 000003e8 user32!MsgWaitForMultipleObjectsEx+0x159
  03 1532efac 75beb438 1532efcc 00000001 1532efd0 combase!CCliModalLoop::BlockFn+0x101
 04 (Inline) -------- -------- -------- -------- combase!ModalLoop+0x50
@flatz
flatz / XC2C64-Blink-Test.ctl
Created November 6, 2022 00:50 — forked from elfmimi/XC2C64-Blink-Test.ctl
JTAG Boundary-Scan Examples for OpenOCD
@flatz
flatz / sys_dynlib_dlsym_ex.c
Last active October 13, 2023 14:01
Custom syscall for extended symbol resolving (allow specifying of library name, flags to be able to use mangled symbol names) on PS4.
//
// Custom syscall for extended symbol resolving (allow specifying of library name, flags to be able to use mangled symbol names) on PS4.
//
// NOTE: slide offsets are for 5.00/5.01 kernel.
//
//
// PATCHES (syntax: offset,name,old,new).
//
@flatz
flatz / remote_pkg_installer.txt
Last active January 30, 2024 04:21
Instructions for Remote Package Installer
Remote Package Installer
Package link: https://mega.nz/#!2dN1XajB!Z5fXyFoKOXFI_ujgGoCZfFFy5nyn7OWo6vF6h_HmWhQ
Requirements:
Any exploit on 4.5x+
HEN 1.8 (you could get it from zecoxao's page) or any other kernel payload (it just need to have fPKG stuff and /data mount patches for ShellCore that I've posted recently)
Changelog:
[+] Added CORS header to interact with browser's AJAX
@flatz
flatz / self_spawn_501.c
Created September 25, 2018 08:23
////
// (f)SELFs launcher from /data/self/ using sceSystemServiceLoadExec(const char* path, char* const argv[]).
//
// NOTE!
// Offsets are given for 5.01 retail kernel.
////
//...
DECLARE_FUNCTION(0x117E0, sceSblACMgrGetPathId, int, const char* path);