We would like to use third party cookies to improve the functionality of this website. ApproveDecline jamchamb’s blog | jamchamb’s blog
jamchamb's blog
Modifying Embedded Filesystems in ARM Linux zImages

Modifying Embedded Filesystems in ARM Linux zImages

January 02, 2022

Ever run binwalk on an embedded Linux device’s kernel image and find its entire fileystem contained inside? Ever want to change one little line inside to enable root shell on that device that’s just mocking you with its lack of boot security, only to be thwarted by a bit of compressed data entangled in machine code?
Reversing the Pokémon Snap Station without a Snap Station

Reversing the Pokémon Snap Station without a Snap Station

August 17, 2021

Back in 1999 when the original Pokémon Snap was released for the Nintendo 64, one of its coolest features was that you could print out the photos you took in-game on sticker sheets using a Snap Station. Snap Stations could only be found at a Blockbuster video store (or a Lawson convenience store in Japan), and you’d have to pay for credits in the form of Pokémon-styled smart cards each time you wanted to print out a sheet of stickers. I’ve had one of the Charmander cards sitting around with my collection of Nintendo stuff for a while, which got me thinking about what it would be like to hack one of these kiosks.
Dumping K360 wireless keyboard firmware with a GreatFET

Dumping K360 wireless keyboard firmware with a GreatFET

May 29, 2021

I recently decided to do some keyboard hacking for fun, so I started with one of the cheapest Logitech wireless keyboard models available: the K360. This model is a little old and the main chip inside it, as well as the Logitech Unifying wireless protocol it uses, have been well covered before. See Marc Newlin’s MouseJack presentation, Travis Goodspeed’s nRF24 sniffing work, and the KeyKeriki research mentioned in each. I’m doing this more as an exercise rather than novel research, and I didn’t know what I’d find going in. That said, I thought this was a neat little example of extracting bare metal firmware from on-chip flash.
CSCG 2020 Maze game hacking challenge writeups

CSCG 2020 Maze game hacking challenge writeups

June 21, 2020

A couple of months ago I took a crack at the Maze challenges in the CSCG 2020 CTF and thought a few of the challenges were really interesting, so I wanted to share how I solved them.
Making a GameCube memory card editor with Raspberry Pi

Making a GameCube memory card editor with Raspberry Pi

December 03, 2018

I started this project because I wanted to be able to use save file modifications I was testing in the Dolphin emulator on real GameCube hardware. One, because some of the weirder features of the Animal Crossing NES emulator and exploit payloads might behave differently in an emulator, and two, because it’s more fun to see things working on a real console.