painless-linux
painless-linux copied to clipboard
natinusala
RPI build
Would it be possible to have a build of this for easy setup on raspberry pi?
I don't see why this wouldn't work as is on Raspberry Pi.
Just run Linux on the Pi, and treat the Pi as if it's a "Linux PC"
Great. I haven't tried it personally, but I know that others have had success launching fusee payloads on the Raspberry Pi. As far as I can tell, none of the stuff here/for this repo is binary/architecture-dependent except the code you put on the switch, so if you compile the launcher it should "just work."
Keep in mind that it's not fusée gelée, it's shofel2. While the method and code is globally the same, shofel2 has an additional step (sending coreboot.rom).
I’m intending on booting this with macOS — I stepped away from my desk for lunch, but the SD finished burning. So I’ll tell you my experience. But the author of this project claims it works on macOS. And the script is just a python script.
Try it, if nothing else it’s not going to brick your switch
Huh. I see that in the script. I’ll see what I can do when I get back from
lunch. There isn’t a direct equivalent to /proc or any of its components
on macOS, but there are a number of portable ways to do what it appears
they are doing (get a list of file descriptors open by the calling
process?). The comment above the function definition (# lol verbatim)
suggests that f0f knows it’s a really hacky way of doing it.
Regardless procfs is on any Linux system, including the Pi.
On Mon, May 7, 2018 at 1:15 PM Nathan S. [email protected] wrote:
Shofel2 uses /proc/self/fd which doesn't exist on Mac OS
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/natinusala/painless-linux/issues/1#issuecomment-387136546, or mute the thread https://github.com/notifications/unsubscribe-auth/AARYdRrVOiJ94_b2T1Ndq2Hd0G_6NzDuks5twIEpgaJpZM4T1PJy .
Mac OS has /dev/fd but it doesn't seem to work the same way as Linux's /proc/self/fd
As you expected, this doesn't work on macOS out of the box, because Shofel2 is accessing /proc/self/fd which does not exist on macOS (or really much of anything besides Linux, actually…)
I also couldn't get it to work with Fusee.
That said, Fusee and Shofel2 use the same exploit, and are both written in Python. I'm going to open a new issue regarding macOS support, and I'm going to see if I have the skills to either port the coreboot payload to Fusee, or to port Shofel2 to macOS. I imagine at least one of the two shouldn't be particularly difficult…
Already on it. Do me a favor and report back how the Pi works, because if it "just works" the way I expect then I imagine this issue can safely be closed :)
Put your Switch in RCM mode now
File descriptor: 9
b'0081030f0000001c01532c6401101062'
entry 400168ed
throwing more
Performing hax...
Size: 0x6c68
b'820000000000686c'
b'020000000000000000000000e8757300716c000000000000000000000000000000000000000000000f0f000000'
URB address: 0x72f3f0
Traceback (most recent call last):
File "./shofel2/shofel2.py", line 247, in <module>
rcm.pwn()
File "./shofel2/shofel2.py", line 205, in pwn
s.ep0_read_unbounded(overwrite_len)
File "./shofel2/shofel2.py", line 76, in ep0_read_unbounded
fcntl.ioctl(s.fd, USBDEVFS_SUBMITURB, urb)
OSError: [Errno 25] Inappropriate ioctl for device
Welp.
Try patching the kernel with this https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch and recompiling, like this: https://gbatemp.net/threads/fusee-gelee-with-raspberry-pi-3.502136/page-3#post-7942153