Skip to content

Instantly share code, notes, and snippets.

View YtnbFirewings's full-sized avatar

Yue Wang YtnbFirewings

9 followers · 46 following
  • Shenzhen, China
View GitHub Profile
@YtnbFirewings
YtnbFirewings / airports_wifi_passwords
Created May 29, 2024 23:29 — forked from Em-AK/airports_wifi_passwords
---
source: https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY&&ll=54.784654126394415%2C-8.91870626273581&z=3
last_update: Jul 23, 2019
contribute: http://bit.ly/2d13csJ
ios: http://apple.co/2b7BatI
android: http://bit.ly/2dDeaaN
how_to_update: 1. open the source in a browser
2. open browser console and type in `_pageData` to print the content of the variable
3. copy-paste all the content in a file
4. keep interesting lines with: `grep -e "name" -e "description" > new_file`
@YtnbFirewings
YtnbFirewings / switch-gdb-cheatsheet.md
Created October 22, 2022 14:45 — forked from jam1garner/switch-gdb-cheatsheet.md
GDB for Switch Modding Cheatsheet/Tutorial

This is a mini-tutorial of sorts for getting started with gdb on the Switch, with the target audience being people who want to mod and/or reverse games, with no prerequisite knowledge of gdb. The goal will be to walk you through some of the basic workflows needed to use a debugger on the Switch, while being brief enough for skimming for when you forget things.

If some part is unclear, your OS doesn't have install instructions, or you feel part of your workflow should be added here, feel free to comment any additions.

(If you only need a quick reference Jump to the Appendix)

Installing GDB

First off you'll need a version of GDB compatible with aarch64. This can be obtained via either a distribution of

@YtnbFirewings
YtnbFirewings / osx-pw-policies.sh
Created January 5, 2022 00:47 — forked from Freccia/osx-pw-policies.sh
Sets Os X Password Policies
#!/bin/sh
###################################################################################
## Create a pwpolicy XML file based upon variables and options included below.
## Policy is applied and then file gets deleted.
## Use "sudo pwpolicy -u <user> -getaccountpolicies"
## to see it, and "sudo pwpolicy -u <user> -clearaccountpolicies" to clear it.
##
## Tested on: OS X 10.10 10.11 10.12
####################################################################################
@YtnbFirewings
YtnbFirewings / writeup.md
Created January 13, 2021 10:53 — forked from pixel-stuck/writeup.md

Hacking the SX Core modchip

Background

On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.

Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch

@YtnbFirewings
YtnbFirewings / gw_flash.py
Created January 1, 2021 16:01 — forked from SciresM/gw_flash.py
utility for interacting with gateway modchip updates
import sys
from struct import pack as pk, unpack as up
def u32(x):
return x & 0xFFFFFFFF
def tea_update_custom_mac(mac, v, k):
v0, v1 = v[0], v[1]
cur_sum = 0xC6EF3720
k0, k1, k2, k3 = k[0], k[1], k[2], k[3]
@YtnbFirewings
YtnbFirewings / tx_decompress.py
Created December 25, 2018 04:04 — forked from hexkyz/tx_decompress.py
# The following is adapted from https://github.com/reswitched/loaders/blob/master/nxo64.py
#
# ===========================================================================================
#
# Copyright 2017 Reswitched Team
#
# Permission to use, copy, modify, and/or distribute this software for any purpose with or
# without fee is hereby granted, provided that the above copyright notice and this permission
# notice appear in all copies.
#
@YtnbFirewings
YtnbFirewings / tx_unpack.py
Created December 25, 2018 04:03 — forked from hexkyz/tx_unpack.py
###############################################
# TX SX OS unpacker - by hexkyz and naehrwert #
###############################################
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct
"""
@YtnbFirewings
YtnbFirewings / catchredir.m
Created June 16, 2016 01:57 — forked from joswr1ght/catchredir.m
Demonstration code to detect runtime method swizzling with Cydia Substrate/Cycript.
// Compile with:
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
#import <Foundation/Foundation.h>
#import <stdio.h>
#import <objc/runtime.h>
@interface UrlConnection : NSObject
@property (strong) NSString *url;
- (void)connect;
@end
@YtnbFirewings
YtnbFirewings / cube-towel.c
Created July 22, 2014 03:59 — forked from fi01/cube-towel.c
//Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <pthread.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <linux/futex.h>