aglab2

Vulnerable emulator is Project 64 1.6.x/1.7. 2 vulnerabilities can be used to gain arbitrary code execution from emulation container from N64 ROM.

1. Container escape and arbitrary writes from N64 ROM outside of designated N64 RAM

Vulnerable function Compile_R4300i_SB and its friends Compile_R4300i_S* https://github.com/zeromus/pj64/blob/master/RecompilerOps.cpp#L1955C6-L2024

If non const Opcode.base is used to avoid condition at 1961-1971 which does checks properly, we can load from volatile address addr (compiled to MIPS asm inside ROM):

epixoip

8x Nvidia GTX 1080 Hashcat Benchmarks

Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)

Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18

Accelerator: 8x Nvidia GTX 1080 Founders Edition

Highlights

DonnchaC

import hashlib
import base64
import argparse
import sys

from Crypto.PublicKey import RSA


def calculate_onion(pem_key):
    key = RSA.importKey(pem_key)

ttaubert

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

"use strict";

/*
 * thirty-two
 * https://github.com/chrisumbel/thirty-two
 *

1wErt3r

;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
;by doppelganger (doppelheathen@gmail.com)

;This file is provided for your own use as-is.  It will require the character rom data
;and an iNES file header to get it to work.

;There are so many people I have to thank for this, that taking all the credit for
;myself would be an unforgivable act of arrogance. Without their help this would
;probably not be possible.  So I thank all the peeps in the nesdev scene whose insight into
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no