Ever run binwalk on an embedded Linux device’s kernel image and find
its entire fileystem contained inside? Ever want to change one little line
inside to enable root shell on that device that’s just mocking you with
its lack of boot security, only to be thwarted by a bit of compressed data
entangled in machine code?
Back in 1999 when the original Pokémon Snap was released for the Nintendo 64, one of its coolest features was that you could print out the photos you took in-game on sticker sheets using a Snap Station. Snap Stations could only be found at a Blockbuster video store (or a Lawson convenience store in Japan), and you’d have to pay for credits in the form of Pokémon-styled smart cards each time you wanted to print out a sheet of stickers. I’ve had one of the Charmander cards sitting around with my collection of Nintendo stuff for a while, which got me thinking about what it would be like to hack one of these kiosks.
I recently decided to do some keyboard hacking for fun, so I started with
one of the cheapest Logitech wireless keyboard models available: the K360.
This model is a little old and the main chip inside it, as well as the
Logitech Unifying wireless protocol it uses, have been well
covered before. See Marc Newlin’s MouseJack presentation,
Travis Goodspeed’s nRF24 sniffing work, and the KeyKeriki research mentioned in each.
I’m doing this more as an exercise rather than novel research, and I didn’t
know what I’d find going in.
That said, I thought this was a neat little example of extracting bare metal
firmware from on-chip flash.
A couple of months ago I took a crack at the Maze challenges in the CSCG 2020 CTF
and thought a few of the challenges were really interesting, so I wanted to share how
I solved them.
I started this project because I wanted to be able to use save file modifications
I was testing in the Dolphin emulator on real GameCube hardware. One, because
some of the weirder features of the Animal Crossing NES emulator and exploit payloads
might behave differently in an emulator, and two, because it’s more fun to see
things working on a real console.