ZW Cai x43x61x69

## PlasmaNested.sh
#!/bin/sh

# Remove the performance overlay, it meddles with some tasks
unset LD_PRELOAD

## Shadow kwin_wayland_wrapper so that we can pass args to kwin wrapper
## whilst being launched by plasma-session
mkdir $XDG_RUNTIME_DIR/nested_plasma -p
cat <<EOF > $XDG_RUNTIME_DIR/nested_plasma/kwin_wayland_wrapper
#!/bin/sh

## steamdeck_ssh_instructions.md

      
              1 file
            
          
              3 forks
            
          
              2 comments
            
          
              42 stars
            
          
                andygeorge
                / steamdeck_ssh_instructions.md
            
            
              Last active
              February 21, 2024 06:54
            
              
                Steam Deck `ssh` instructions
              
          
    These are manual instructions on enabling SSH access on your Steam Deck, adding public key authentication, and removing the need for a sudo password for the main user (deck).
This gist assumes the following:

you have a Steam Deck
you have a home PC with access to a Linux shell that can ssh, ssh-keygen, and ssh-copy-id
your Steam Deck and home PC are on the same local network, with standard SSH traffic (tcp/22) allowed over that network from the PC to the Steam Deck

NOTE: @crackelf on reddit mentions that steamOS updates blow away everything other than /home, which may have the following effects:

removing the systemd config for sshd.service, which would prevent the service from automatically starting on boot
removing the sudoers.d config, which would reenable passwords for sudo


## wsl-port-forwarding.md

      
              1 file
            
          
              5 forks
            
          
              1 comment
            
          
              20 stars
            
          
                estsaon
                / wsl-port-forwarding.md
            
            
              Last active
              March 29, 2024 08:10
            
              
                How to SSH into WSL2 on an external Window
              
          
    WSL:

Install openssh-server:

sudo apt install openssh-server

Add or uncomment following lines in /etc/ssh/sshd_config:


## yatebts-gcc6-gcc7.patch
#This patch works for gcc6, gcc7, and is from http://yate.null.ro/mantis/view.php?id=416
--- a/mbts/GPRS/MSInfo.cpp
+++ b/mbts/GPRS/MSInfo.cpp
@@ -638,7 +638,7 @@
         if (msPCHDowns.size() > 1) {
             std::ostringstream os;
             msDumpChannels(os);
-            GPRSLOG(INFO,GPRS_MSG|GPRS_CHECK_OK) << "Multislot assignment for "<<this<<os;
+            GPRSLOG(INFO,GPRS_MSG|GPRS_CHECK_OK) << "Multislot assignment for "<<this<<(!os.fail());
         }

## remote_pkg_installer.txt
Remote Package Installer

Package link: https://mega.nz/#!2dN1XajB!Z5fXyFoKOXFI_ujgGoCZfFFy5nyn7OWo6vF6h_HmWhQ

Requirements:
  Any exploit on 4.5x+
  HEN 1.8 (you could get it from zecoxao's page) or any other kernel payload (it just need to have fPKG stuff and /data mount patches for ShellCore that I've posted recently)

Changelog:
  [+] Added CORS header to interact with browser's AJAX

## patch_apk_for_sniffing.md

      
              1 file
            
          
              28 forks
            
          
              1 comment
            
          
              113 stars
            
          
                unoexperto
                / patch_apk_for_sniffing.md
            
            
              Last active
              March 28, 2024 08:49
            
              
                How to patch Android app to sniff its HTTPS traffic with self-signed certificate
              
          
    How to patch Android app to sniff its HTTPS traffic with self-signed certificate


Download apktool from https://ibotpeaches.github.io/Apktool/
Unpack apk file: java -jar /home/expert/work/tools/apktool.jar d net.flixster.android-9.1.3@APK4Fun.com.apk
Modify AndroidManifest.xml by adding android:networkSecurityConfig="@xml/network_security_config" attribute to application element.
Create file /res/xml/network_security_config.xml with following content:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>


## Extract encrypted titlekey from NAND dump
Decrypt with the only key needed to obtain your titlekeys.

ddffd9e6c550750b187ba5c09e669d40db5d031964cd63455d78d73ba24ae62b

Gathered from info from http://switchbrew.org/index.php?title=Ticket

1) dump your nand with linux
2) open NAND dump with HACDISKMOUNT
3) extract/dump PRODINFO partition with BIS0 key
4) mount SYSTEM (with BIS2 keys) and copy Save/80000000000000e2 to your physical harddrive

## crcfix.py
import zlib
import struct
import os
import sys

DEFAULT_FILENAME = "save.dat"

def fixcrc(fileName):
    HEADER_SIZE = 0x10
    FOOTER_SIZE = 0x30

## WriteSave.js
/*
*   1. Boot game
*   2. Wait a  second or so (for the game tid to register but before the code mounts the savedata)
*   3. Home button
*   4. Run this script
*   5. ???
*   6. PROFIT
*/

var tid = '0000000000000000'; //Change Title ID here

## DumpSave.js
var tid = '0000000000000000'; //Set appropriate game TID; Need to find a way to get TID automatically...

utils.log("stage1, hijack fsppr and set perms");

sc.getFSPPR();
sc.ipcMsg(1).sendPid().data(0).sendTo('fsp-srv').assertOk();
var pid = sc.read4(sc.ipcBufAddr, 0xC >> 2);
utils.log('Got process PID: '+pid.toString(16));

var buf1_sz = 0x1C;
	#!/bin/sh

	# Remove the performance overlay, it meddles with some tasks
	unset LD_PRELOAD

	## Shadow kwin_wayland_wrapper so that we can pass args to kwin wrapper
	## whilst being launched by plasma-session
	mkdir $XDG_RUNTIME_DIR/nested_plasma -p
	cat <<EOF > $XDG_RUNTIME_DIR/nested_plasma/kwin_wayland_wrapper
	#!/bin/sh
	#This patch works for gcc6, gcc7, and is from http://yate.null.ro/mantis/view.php?id=416
	--- a/mbts/GPRS/MSInfo.cpp
	+++ b/mbts/GPRS/MSInfo.cpp
	@@ -638,7 +638,7 @@
	if (msPCHDowns.size() > 1) {
	std::ostringstream os;
	msDumpChannels(os);
	- GPRSLOG(INFO,GPRS_MSG\|GPRS_CHECK_OK) << "Multislot assignment for "<<this<<os;
	+ GPRSLOG(INFO,GPRS_MSG\|GPRS_CHECK_OK) << "Multislot assignment for "<<this<<(!os.fail());
	}
	Remote Package Installer

	Package link: https://mega.nz/#!2dN1XajB!Z5fXyFoKOXFI_ujgGoCZfFFy5nyn7OWo6vF6h_HmWhQ

	Requirements:
	Any exploit on 4.5x+
	HEN 1.8 (you could get it from zecoxao's page) or any other kernel payload (it just need to have fPKG stuff and /data mount patches for ShellCore that I've posted recently)

	Changelog:
	[+] Added CORS header to interact with browser's AJAX
	Decrypt with the only key needed to obtain your titlekeys.

	ddffd9e6c550750b187ba5c09e669d40db5d031964cd63455d78d73ba24ae62b

	Gathered from info from http://switchbrew.org/index.php?title=Ticket

	1) dump your nand with linux
	2) open NAND dump with HACDISKMOUNT
	3) extract/dump PRODINFO partition with BIS0 key
	4) mount SYSTEM (with BIS2 keys) and copy Save/80000000000000e2 to your physical harddrive
	import zlib
	import struct
	import os
	import sys

	DEFAULT_FILENAME = "save.dat"

	def fixcrc(fileName):
	HEADER_SIZE = 0x10
	FOOTER_SIZE = 0x30
	/*
	* 1. Boot game
	* 2. Wait a second or so (for the game tid to register but before the code mounts the savedata)
	* 3. Home button
	* 4. Run this script
	* 5. ???
	* 6. PROFIT
	*/

	var tid = '0000000000000000'; //Change Title ID here
	var tid = '0000000000000000'; //Set appropriate game TID; Need to find a way to get TID automatically...

	utils.log("stage1, hijack fsppr and set perms");

	sc.getFSPPR();
	sc.ipcMsg(1).sendPid().data(0).sendTo('fsp-srv').assertOk();
	var pid = sc.read4(sc.ipcBufAddr, 0xC >> 2);
	utils.log('Got process PID: '+pid.toString(16));

	var buf1_sz = 0x1C;