Skip to content

Instantly share code, notes, and snippets.

Avatar

Richard Aplin raplin

View GitHub Profile
@raplin
raplin / PythonUSBBarcodeScanner.py
Created Jun 9, 2021
Simple Python Linux USB Barcode Scanner Reader that does't have problems with tty devices etc
View PythonUSBBarcodeScanner.py
import os,time
#import ioctl_opt
import fcntl,threading,Queue
import ctypes
import struct
import sys
_IOC_NRBITS = 8
_IOC_TYPEBITS = 8
_IOC_SIZEBITS = 14
@raplin
raplin / midiplus_controller_colortoy.py
Created Jun 5, 2021
Simple light toy scratchpad for Midiplus Smartpad ~$50
View midiplus_controller_colortoy.py
class LED(object):
RED=0x61
GREEN=0x51
BLUE=0x41
PURPLE=0x31
CYAN=0x21
YELLOW=0x11
WHITE=0x1
OFF=0
@raplin
raplin / gist:633dd7febb7a9d65b7cf196f04156c4b
Created Oct 14, 2020
iw list from Netgear R7800 (a great router) ; dual QCA9984 4x4ac at 30dbm - ath10k_ct
View gist:633dd7febb7a9d65b7cf196f04156c4b
iw list
Wiphy phy1
max # scan SSIDs: 16
max scan IEs length: 195 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
@raplin
raplin / gist:f059ec9415b556c5cc51e7c5e4caf7f6
Created Oct 13, 2020
BCM43465 PCIe card iw list (4x4 ac 160Mhz, dual band)
View gist:f059ec9415b556c5cc51e7c5e4caf7f6
# This card is pretty dope; gets hot at high MIMO tx power, needs cooling! Unclear if these listed TX powers are correct at the antenna port..
iw list
Wiphy phy1
max # scan SSIDs: 10
max scan IEs length: 2048 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
@raplin
raplin / CortexM_searchable_list.txt
Created Jun 22, 2020
Searchable list of Cortex M cpus by IRQ/Peripheral base, helps figure out which CPU an unknown binary runs on - description at top
View CortexM_searchable_list.txt
This file has been truncated, but you can view the full file.
Cortex M CPU searchable IRQ/peripheral list
Goal: Use this when reverse engineering a binary for an unknown Cortex M CPU to help figure out exactly what you're looking at
Simple usage:
Load the binary into IDA/Ghidra
Find the vector table (usually the first 256-ish bytes right at the start of the file), and find some 'interesting' IRQ vectors that point to real code.
(The first 16 vectors are internal Cortex M stuff (reset vector, NMI etc) and will not be useful)
In the IRQ handler code pointed to by the vector, you will very often soon encounter an obvious peripheral address being loaded into a register.
@raplin
raplin / deeprom.py
Created Jan 16, 2020
Decode a saleae logic dump of an SPI-eeprom based boot process and extract the actual read eeprom contents
View deeprom.py
import struct,time
import re
class CaptureEnd(Exception):
pass
class Capture(object):
def __init__(self,fileName,pins,opts,startOffset=0):
self.f=open(fileName,"rb")
self.f.seek(startOffset)
@raplin
raplin / Hopi_HP-9800_Python_simple.py
Created Sep 19, 2019
Dependency-free reading of the Hopi HP-9800 power meter (USB version) in python. Windows or Linux etc.
View Hopi_HP-9800_Python_simple.py
import struct
import serial
#Super lightweight code to read Hopi HP-9800 power meter
class Hopi(object):
REGS=[
("Active Power","W"),
("RMS Current","A"),