Skip to content

Instantly share code, notes, and snippets.

View znxDomain's full-sized avatar

znxDomain

2 followers · 3 following
View GitHub Profile
@jam1garner
jam1garner / switch-gdb-cheatsheet.md
Last active June 17, 2024 10:50
GDB for Switch Modding Cheatsheet/Tutorial

This is a mini-tutorial of sorts for getting started with gdb on the Switch, with the target audience being people who want to mod and/or reverse games, with no prerequisite knowledge of gdb. The goal will be to walk you through some of the basic workflows needed to use a debugger on the Switch, while being brief enough for skimming for when you forget things.

If some part is unclear, your OS doesn't have install instructions, or you feel part of your workflow should be added here, feel free to comment any additions.

(If you only need a quick reference Jump to the Appendix)

Installing GDB

First off you'll need a version of GDB compatible with aarch64. This can be obtained via either a distribution of

@DavidBuchanan314
DavidBuchanan314 / dump_AFE2.py
Last active July 12, 2021 17:45
# https://github.com/Atmosphere-NX/Atmosphere/blob/master/libraries/libvapours/include/vapours/ams/ams_fatal_error_context.hpp
from ctypes import *
import subprocess
import string
import sys
MaxStackTrace = 0x20
MaxStackDumpSize = 0x100
ThreadLocalSize = 0x100
@GarnetSunset
GarnetSunset / nand2Edizon.py
Created June 19, 2021 04:32
script to take nand saves and get them ready for edizon bulk import
from subprocess import check_output
f=[]
import os
for file in os.listdir("save"):
f.append(os.path.join("save", file))
for file in f:
tID = str(check_output("hactoolnet.exe -t save "+file, shell=True))[170:186]
@ndeadly
ndeadly / sysmodules.txt
Last active June 12, 2024 19:52
switch sysmodules
/* Nintendo sysmodules */
0100000000000000 fs
0100000000000001 ldr
0100000000000002 ncm
0100000000000003 pm
0100000000000004 sm
0100000000000005 boot
0100000000000006 usb
0100000000000007 tma.stub/htc.stub
0100000000000008 boot2
@pixel-stuck
pixel-stuck / writeup.md
Last active March 30, 2024 05:51

Hacking the SX Core modchip

Background

On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.

Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch

@shchmue
shchmue / settings_save_offsets.txt
Last active May 27, 2024 18:56
Descriptions and types of contents in Settings saves for the Nintendo Switch.
Updated as of firmware 16.0.0.
All values except firmware versions and floats are hex.
Field names are either official symbols or derived from the name of the accessor/mutator function.
Firmware version information for each field is not indicated but likely maps neatly to the firmware versions in which accessor/mutator functions for the given field were introduced. See: https://switchbrew.org/wiki/Settings_services
PrivateSettings 8000000000000052
offset size type/name default
0 10 GAP
10 20 nn::settings::system::InitialLaunchSettings 0
@shchmue
shchmue / decompress_msgpack_lz4_convert_to_json.py
Created November 11, 2019 20:58
Decompresses SystemPlayReport .msgpack.lz4 files if needed and converts msgpack to json
#!/usr/bin/env python3
import struct
import sys
import json
import base64
import os
from pathlib import Path
import msgpack
import lz4.block
@friedkeenan
friedkeenan / mercury_decrypt.py
Last active July 27, 2019 15:13
Decrypts NROs from Mercury that have the encrypted flag set
#!/usr/bin/env python3
# Reverse engineering sure is easy when you have source code to reference
import struct
import argparse
import sys
from Crypto.Cipher import AES
from pathlib import Path
@ckurtz22
ckurtz22 / resize-user.py
Last active August 18, 2023 12:45
Script to resize an emuMMC image for the Nintendo Switch.
import sys
import os
import math
import uuid
import struct
import configparser
from struct import unpack, pack
from binascii import crc32
if len(sys.argv) > 4 or len(sys.argv) < 2:
@NicholeMattera
NicholeMattera / emuMMC-Tutorial.md
Last active June 19, 2019 17:18
emuMMC Setup Tutorial

You are continuing at your own risk. I am not responsible for any harm that may happen to your device(s) or data by following this tutorial.

First off before anything you should expect to have issues. emuMMC is still in beta and is not perfect. It is recommended if you are not an advance user then you should wait for everything to be polished and released officially. This guide assumes you are using Linux. if you don't have Linux installed you can use a live CD, and if you don't know how to use Linux then it's recommended that you wait for Hekate. If you run into problems make sure to use the search box in Discord on either the Team AtlasNX or the ReSwitched servers. It's possible other people have ran into the same problem as you and it has been addressed. If your problem hasn't already been addressed then please do not ask in general or switch-hacking-meta rooms, instead use the support rooms.

  1. You will first want to create a ba