Braden Farmer farmerbb

NOTES: I AM NOT RESPONSIBLE FOR ANY DAMAGE DONE TO YOUR CONSOLE! PLEASE MAKE A NAND BACKUP AND HAVE AN EXTERNAL PROGRAMMER IN THE EVENT OF A BRICKED CONSOLE

PLEASE DO NOT SELL DOWNGRADED CONSOLES!

Please do not use this guide for any malicious or scammy behavior. I only want this guide to be used for personal projects/nostalgia.

THIS WILL NOT RE-ENABLE ANY PATCHED EXPLOITS LIKE THE JTAG EXPLOIT. THERE IS NO WAY TO DOWNGRADE CB TO RE-ENABLE THESE.

Thanks to everyone that made this possible:

grimdoomer: For the Bad Update exploit

InvoxiPlayGames: For the FreeMyXe project

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Rocknix Wine Ports

Using wine is a deep rabbit hole for anyone not familiar with the software, and an even deeper rabbit hole when combined with box86 or box64. This guide attempts to serve as a basic introduction to using the built-in wine and box packages included with Rocknix on a Retroid Pocket 5. While the Retroid Pocket Mini is a similar setup chain, it is weaker hardware than the Retroid Pocket 5 and thus the examples provided here may not function as well.

Terminology - Wine and Box86/64

The first thing anyone should understand is the vernacular used throughout this guide. Two tools are used to make wine ports possible on ARM64:

Box86 and Box64 by ptitSeb are Linux x86 and x86_64 emulators targeting AARCH64/ARM64 architecture.
Wine is a software that allows Windows programs to run on Linux systems. Prebuilt wine binaries can be downloaded from the [wine-builds](https://github.com

QEMU with VirtIO GPU Vulkan Support

With its latest reales qemu added the Venus patches so that virtio-gpu now support venus encapsulation for vulkan. This is one more piece to the puzzle towards full Vulkan support.

An outdated blog post on clollabora described in 2021 how to enable 3D acceleration of Vulkan applications in QEMU through the Venus experimental Vulkan driver for VirtIO-GPU with a local development environment. Following up on the outdated write up, this is how its done today.

Definitions

Let's start with the brief description of the projects mentioned in the post & extend them:

Steps

Download

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb

sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.13_amd64.deb

The Rabbit R1 uses a few custom APIs to talk to The Cloud™. Almost nothing happens on-device, and all the AI magic happens on servers.

Consequently, you don't really need the physical device.

TLS Client Fingerprinting

In lieu of an authentication scheme, Rabbit's servers attempt to verify device authenticity by checking the TLS client's JA3 fingerprint, presumably enforced by AWS WAF.

If your TLS client doesn't match an expected fingerprint, you'll get HTTP 403 errors. This fingerprint works:

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

	import android.app.Presentation
	import android.content.Context
	import android.graphics.Bitmap
	import android.graphics.Picture
	import android.graphics.SurfaceTexture
	import android.hardware.display.DisplayManager
	import android.view.Display
	import android.view.Surface
	import android.view.ViewGroup
	import androidx.compose.foundation.layout.Box

	#!/bin/bash
	# Make sure to have OpenSSH setup in Termux as well as setting a password with `passwd`
	# Requires https://github.com/upa/mscp and adb platform tools on your local machine

	init_sshd() {
	adb shell -t "run-as com.termux files/usr/bin/bash -lic 'export PATH=/data/data/com.termux/files/usr/bin:$PATH; export LD_PRELOAD=/data/data/com.termux/files/usr/lib/libtermux-exec.so; sshd'"
	adb forward tcp:8022 tcp:8022;
	}
	stop_sshd() {
	adb shell -t "run-as com.termux files/usr/bin/bash -lic 'export PATH=/data/data/com.termux/files/usr/bin:$PATH; export LD_PRELOAD=/data/data/com.termux/files/usr/lib/libtermux-exec.so; killall sshd'"

	#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 \| tee /dev/stderr \| grep -oP 'sha256:[0-9a-f]*')"

	# syntax = docker/dockerfile:1.4.0

	FROM node:20

	WORKDIR /root

	RUN npm install sqlite3