Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)
Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18
Accelerator: 8x Nvidia GTX 1080 Founders Edition
import hashlib | |
import base64 | |
import argparse | |
import sys | |
from Crypto.PublicKey import RSA | |
def calculate_onion(pem_key): | |
key = RSA.importKey(pem_key) |
/* This Source Code Form is subject to the terms of the Mozilla Public | |
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | |
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
"use strict"; | |
/* | |
* thirty-two | |
* https://github.com/chrisumbel/thirty-two | |
* |
Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)
Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18
Accelerator: 8x Nvidia GTX 1080 Founders Edition
Vulnerable emulator is Project 64 1.6.x/1.7. 2 vulnerabilities can be used to gain arbitrary code execution from emulation container from N64 ROM.
Vulnerable function Compile_R4300i_SB and its friends Compile_R4300i_S*
https://github.com/zeromus/pj64/blob/master/RecompilerOps.cpp#L1955C6-L2024
If non const Opcode.base
is used to avoid condition at 1961-1971 which does checks properly, we can
load from volatile address addr (compiled to MIPS asm inside ROM):
;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY | |
;by doppelganger (doppelheathen@gmail.com) | |
;This file is provided for your own use as-is. It will require the character rom data | |
;and an iNES file header to get it to work. | |
;There are so many people I have to thank for this, that taking all the credit for | |
;myself would be an unforgivable act of arrogance. Without their help this would | |
;probably not be possible. So I thank all the peeps in the nesdev scene whose insight into | |
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no |