Skip to content

Instantly share code, notes, and snippets.

View ma5ter's full-sized avatar

ma5ter

2 followers · 1 following
View GitHub Profile
@ma5ter
ma5ter / Creality K1C 2005 Init Process.md
Last active February 14, 2026 19:16
Creality K1C 2005 Init Process
  1. The kernel starts /linuxrc as passed via the kernel parameter read from DTS rdinit=/linuxrc, which is a symlink to /bin/busybox.
  2. busybox, running as an init process, parses /etc/inittab.
  3. As part of sysinit loaded from the inittab, fstab filesystems are mounted. At this time, no writable unprotected persistent filesystems are available.
  4. The last inittab entry at the sysinit level starts /etc/init.d/rcS.
  5. /etc/init.d/rcS flattened:
# First create shadow which became the main system shadow file
cp -f /etc/shadow_security /tmp/shadow
@ma5ter
ma5ter / k1c_2025_upd_unpack.py
Created February 13, 2026 21:02
Creality K1C 2025 Update Image Unpacker
# This script implements the same checking and unpacking logic as upgbox utility
import struct
import os
import time
from typing import List, Optional
import sys
import zlib
@ma5ter
ma5ter / Creality K1C 2005 Fluidd Installation Instruction.md
Last active February 13, 2026 13:51
Creality K1C 2005 Fluidd Installation Instruction

Creality K1C 2005 Fluidd Installation Instruction

0. Prerequisites

0.0 Root the printer

Use this gist as a starting point https://gist.github.com/C0DEbrained/c6f508109e34f43a39f4c22e901408dd

In my case after execution of the original script and first reboot printer stopped to accept connection to 22 port, so I rewrote the persistence script inside the exploit and applied exploit again.

@ma5ter
ma5ter / creality-k1c-2025.dts
Created February 12, 2026 08:09
Creality K1C 2025 live DTS
/dts-v1/;
/ {
#address-cells = <0x01>;
#size-cells = <0x01>;
compatible = "ingenic,x2600";
aliases {
i2c0 = "/apb/i2c@0x10050000";
i2c1 = "/apb/i2c@0x10051000";