Merge pull request #2 from Filo97/master

Add Italian translation in it_IT subdirectory Ill have to mess with this a bit though, to keep it updated
2018-05-19 10:02:00 -05:00 · 2018-05-19 10:02:00 -05:00 · eae2c6d322
parent 3e2466dc72 65a3077421
commit eae2c6d322
7 changed files with 2756 additions and 0 deletions
--- a/it_IT/LICENSE
+++ b/it_IT/LICENSE
@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 atlas44
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/it_IT/README.md
+++ b/it_IT/README.md
@ -0,0 +1,11 @@
+# web-cfw-loader
+Fusee Launcher, in a browser!
+
+# Description
+This is a port of [fusee-launcher](https://github.com/reswitched/fusee-launcher) to JavaScript using WebUSB. This has been mildly tested and appears to work on Linux, Android (unrooted), OSX and ChromeOS. Today, this only works on Chrome because only Chrome implements WebUSB. It also does NOT work on Windows because the WebUSB Windows implementation does not allow sending the required USB packet.
+
+# Forked
+This is also a fork of [web-fusee-launcher](https://github.com/atlas44/web-fusee-launcher), which I fixed up a bit, added hekate 5 and 4, and did some CSS stuff.
+
+# Try it out
+Either use a web server to host the files (must be on https!) or you can try the [demo](https://elijahzawesome.github.io/web-cfw-loader/).
--- a/it_IT/favicon.png
+++ b/it_IT/favicon.png
--- a/it_IT/index.html
+++ b/it_IT/index.html
@ -0,0 +1,79 @@
+<!doctype html>
+<html>
+
+<head>
+  <meta charset="utf-8">
+  <link rel="stylesheet" type="text/css" href="style.css" />
+  <link href="favicon.png" rel="icon"  type="image/x-icon" />
+  <title>Switch Payload Loader v1.2</title>
+</head>
+
+<body>
+  <div id="title">
+    <h1>Nintendo Switch Payload Loader</h1>
+    <p>Fusee Launcher portato a JavaScript usando WebUSB.</p>
+    <div id="disclaimer">
+  <p>
+    Il source puo essere trovato a <a href="https://github.com/ElijahZAwesome/web-cfw-loader/">GitHub</a> (o premendo guarda source, ma non c'è backend!).
+    Portato da <a href="https://github.com/reswitched/fusee-launcher">fusee-launcher</a>.
+    Grazie tante a ktemkin e ReSwitched, e non dimentichiamoci <br><a href="https://atlas44.s3-us-west-2.amazonaws.com/web-fusee-launcher/index.html">Atlas44 e il suo sito</a> come punto di inizio per questo.
+  </p>
+  </div>
+  </div>
+  <br>
+  
+  <button class="btn" id="instructionsbutton" onclick="openInstructions();">Istruzioni</button>
+  <button class="btn" id="infobutton" onclick="openInfo();">Info</button>
+
+  <div id="infodiv"></div>
+  
+  <div>
+  <h1>Carica un payload:</h1>
+  <div>
+    <form id="mainForm">
+      <p>
+        <input type="radio" name="payload" id="instaboot" value="instaboot" checked>
+        <label for="instaboot">Avvia istantaneamente CFW (5.0.x)</label>
+      </p>
+
+      <p>
+        <input type="radio" name="payload" id="hekate v5" value="hekate v5">
+        <label for="hekate v5">Hekate per Switch su 5.0.X</label>
+      </p>
+      
+      <p>
+        <input type="radio" name="payload" id="hekate v4" value="hekate v4">
+        <label for="hekate v4">Hekate per Switch su 5.0.X</label>
+      </p>
+      
+      <p>
+        <input type="radio" name="payload" id="fusee" value="fusee">
+        <label for="fusee">(Re)Switched payload di test (fusee)</label>
+      </p>
+
+      <p>
+        <input type="radio" name="payload" id="uploaded" value="uploaded">
+        <label for="uploaded">Carica payload:<br></label>
+        <input type="file" id="payloadUpload" accept=".bin">
+      </p>
+      
+      <p>
+        <input type="checkbox" name="shouldDebug" id="shouldDebug">
+        <label for="shouldDebug">Ottieni byte array del payload (no exploit)</label>
+      </p>
+    </form>
+
+    <button class="btn" id="goButton">Avvia Payload!</button>
+  </div>
+  </div>
+
+  <h3>Log:</h3>
+  <div id="output"></div><br>
+    <button class="btn" id="clearlogsbutton" onclick="clearLog();">Pulisci logs</button>
+
+  <script src="./payloads.js"></script>
+  <script src="./main.js"></script>
+</body>
+
+</html
+  >
--- a/it_IT/main.js
+++ b/it_IT/main.js
@ -0,0 +1,191 @@
+const intermezzo = new Uint8Array([
+  0x44, 0x00, 0x9F, 0xE5, 0x01, 0x11, 0xA0, 0xE3, 0x40, 0x20, 0x9F, 0xE5, 0x00, 0x20, 0x42, 0xE0, 
+  0x08, 0x00, 0x00, 0xEB, 0x01, 0x01, 0xA0, 0xE3, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x00, 0xA0, 0xE1, 
+  0x2C, 0x00, 0x9F, 0xE5, 0x2C, 0x10, 0x9F, 0xE5, 0x02, 0x28, 0xA0, 0xE3, 0x01, 0x00, 0x00, 0xEB, 
+  0x20, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x04, 0x30, 0x90, 0xE4, 0x04, 0x30, 0x81, 0xE4, 
+  0x04, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, 0x1E, 0xFF, 0x2F, 0xE1, 0x20, 0xF0, 0x01, 0x40, 
+  0x5C, 0xF0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01, 0x40
+]);
+
+const RCM_PAYLOAD_ADDRESS = 0x40010000;
+const INTERMEZZO_LOCATION = 0x4001F000;
+const PAYLOAD_LOAD_BLOCK = 0x40020000;
+
+function createRCMPayload(intermezzo, payload) {
+  const rcmLength = 0x30298;
+  
+  const intermezzoAddressRepeatCount = (INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4;
+
+  const rcmPayloadSize = Math.ceil((0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000 + payload.byteLength) / 0x1000) * 0x1000;
+
+  const rcmPayload = new Uint8Array(new ArrayBuffer(rcmPayloadSize))
+  const rcmPayloadView = new DataView(rcmPayload.buffer);
+
+  rcmPayloadView.setUint32(0x0, rcmLength, true);
+
+  for (let i = 0; i < intermezzoAddressRepeatCount; i++) {
+    rcmPayloadView.setUint32(0x2A8 + i * 4, INTERMEZZO_LOCATION, true);
+  }
+
+  rcmPayload.set(intermezzo, 0x2A8 + (0x4 * intermezzoAddressRepeatCount));
+  rcmPayload.set(payload, 0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000);
+
+  return rcmPayload;
+}
+
+function bufferToHex(data) {
+  let result = "";
+  for (let i = 0; i < data.byteLength; i++)
+    result += data.getUint8(i).toString(16).padStart(2, "0");
+  return result;
+}
+
+async function write(device, data) {
+  let length = data.length;
+  let writeCount = 0;
+  const packetSize = 0x1000;
+
+  while (length) {
+    const dataToTransmit = Math.min(length, packetSize);
+    length -= dataToTransmit;
+
+    const chunk = data.slice(0, dataToTransmit);
+    data = data.slice(dataToTransmit);
+    await device.transferOut(1, chunk);
+    writeCount++;
+  }
+
+  return writeCount;
+}
+
+function readFileAsArrayBuffer(file) {
+  return new Promise((res, rej) => {
+    const reader = new FileReader();
+    reader.onload = e => {
+      res(e.target.result);
+    }
+    reader.readAsArrayBuffer(file);
+  });
+}
+
+function logOutput(...message) {
+  document.getElementById("output").innerHTML = document.getElementById("output").innerHTML + message.join(" ") + "<br>";
+}
+
+function clearLog() {
+  document.getElementById("output").innerHTML = "";
+}
+
+let device;
+
+async function launchPayload(payload) {
+  await device.open();
+  logOutput(`Connected to ${device.manufacturerName} ${device.productName}`);
+
+  await device.claimInterface(0);
+
+  const deviceID = await device.transferIn(1, 16);
+  logOutput(`Device ID: ${bufferToHex(deviceID.data)}`);
+
+
+  const rcmPayload = createRCMPayload(intermezzo, payload);
+  logOutput("Sending payload...");
+  const writeCount = await write(device, rcmPayload);
+  logOutput("Payload sent!");
+
+  if (writeCount % 2 !== 1) {
+    logOutput("Switching to higher buffer...");
+    await device.transferOut(1, new ArrayBuffer(0x1000));
+  }
+  
+  logOutput("Trigging vulnerability...");
+  const vulnerabilityLength = 0x7000;  
+  const smash = await device.controlTransferIn({
+    requestType: 'standard',
+    recipient: 'interface',
+    request: 0x00,
+    value: 0x00,
+    index: 0x00
+  }, vulnerabilityLength);
+}
+
+document.getElementById("goButton").addEventListener("click", async () => {
+  clearLog();
+  var debugCheckbox = document.getElementById("shouldDebug");
+  const payloadType = document.forms.mainForm.payload.value;
+  if(debugCheckbox.checked) {
+    logOutput("Logging payload bytes...");
+  let payload;
+  if (payloadType === "hekate v5") {
+    payload = hekate5;
+  } else if (payloadType === "hekate v4") {
+    payload = hekate4;
+  } else if (payloadType === "fusee") {
+    payload = fusee;
+  } else if (payloadType === "instaboot") {
+    payload = instaboot;
+  } else if (payloadType === "uploaded") {
+    const file = document.getElementById("payloadUpload").files[0];
+    if (!file) {
+      alert("You need to upload a file, to use an uploaded file.");
+      return;
+    }
+    payload = new Uint8Array(await readFileAsArrayBuffer(file));
+  } else {
+    logOutput("You're trying to load a payload type that doesn't exist.");
+    return;
+  }
+    var payloadToLog = "";
+    for (var i = 0; i < payload.length; i++) {
+      payloadToLog += "0x" + payload[i].toString(16) + ", ".toUpperCase();
+    }
+    payloadToLog = payloadToLog.toUpperCase();
+    logOutput(payloadToLog);
+    return;
+  }
+  logOutput("Requesting access to device...");
+  device = await navigator.usb.requestDevice({ filters: [{ vendorId: 0x0955 }] });
+  
+  logOutput(`<span style='color:blue'>Preparing to launch ${payloadType}...</span>`);
+  
+  let payload;
+  if (payloadType === "hekate v5") {
+    payload = hekate5;
+  } else if (payloadType === "hekate v4") {
+    payload = hekate4;
+  } else if (payloadType === "fusee") {
+    payload = fusee;
+  } else if (payloadType === "instaboot") {
+    payload = instaboot;
+  } else if (payloadType === "uploaded") {
+    const file = document.getElementById("payloadUpload").files[0];
+    if (!file) {
+      alert("You need to upload a file, to use an uploaded file.");
+      return;
+    }
+    payload = new Uint8Array(await readFileAsArrayBuffer(file));
+  } else {
+    logOutput("<p style='color:red'>You're trying to load a payload type that doesn't exist.</p>");
+    return;
+  }
+
+  launchPayload(payload);
+});
+
+function openInfo() {
+  if(document.getElementById("infodiv").innerHTML != "") {
+    document.getElementById("infodiv").innerHTML = "";
+  } else {
+    document.getElementById("infodiv").innerHTML = "<h4>Info:</h4><p>Questo è stato moderatamente testato. Anche se nessun problema è stato riportato, non sono responsabile in caso di brick!</p><p>Questo non funziona in Windows per la implementazione scorretta di WinUSB di Chrome(E probabilmente altre ragioni)!</p><p>Questo non funziona attualmente su nessun browser ma Chrome perchè è l'unico con WinUSB.</p><p>Su Linux, potresti ottenere un errore Access Denied! Se succede, potresti provare a creare un file a <code>/etc/udev/rules.d/50-switch.rules</code>Con i seguenti contenuti:<br><code>SUBSYSTEM==\"usb\", ATTR{idVendor}==\"0955\", MODE=\"0664\", GROUP=\"plugdev\"</code></p><p>Hekate 4.x non è stato testato visto che non ho una Switch 4.x. Tuttavia, tutti gli altri payload verranno testati al momento dell'aggiunta.</p><p>Questo è stato testato e funziona su Linux, OSX, Android (no root) and Chromebooks. Risultati potrebbero variare.</p>";
+  }
+}
+
+function openInstructions() {
+  if(document.getElementById("infodiv").innerHTML != "") {
+    document.getElementById("infodiv").innerHTML = "";
+  } else {
+    document.getElementById("infodiv").innerHTML = "<h4>Istruzioni:</h4><p>Metti lo Switch in RCM e collega il dispositivo</p><p>Scegli il payload di esempio o caricane uno.</p><p>Pemi 'Avvia payload!'</p><p>Nello schermo di conferma, scegli 'APX' ae premi conferma.</p><p>Se tutto funziona il payload si avvierà!</p>";
+  }
+}
+  
+document.getElementById("payloadUpload").addEventListener("change", () => document.forms.mainForm.payload.value = "uploaded");
--- a/it_IT/payloads.js
+++ b/it_IT/payloads.js
--- a/it_IT/style.css
+++ b/it_IT/style.css
@ -0,0 +1,57 @@
+@import url('https://fonts.googleapis.com/css?family=Open+Sans');
+
+body {
+  margin-top: 0px;
+  margin-left: 0px;
+  margin-right: auto;
+  text-align: center;
+  font-family: 'Open Sans', sans-serif;
+}
+
+#title {
+  text-align: center;
+  padding: 20px;
+  background-color: black;
+  background-image: url("https://icdn1.digitaltrends.com/image/nintendo-switch-review-photos-pdx-580.jpg");
+  color: white;
+  width: 100%;
+  margin-top: 0px;
+  top: 0px;
+}
+
+#output {
+  margin-left: 0px;
+  width: 700px;
+  height: 200px;
+  border: 1px solid black;
+  margin-right: 0px;
+  margin: auto;
+  overflow: scroll;
+}
+
+.btn {
+  background: #3498db;
+  background-image: -webkit-linear-gradient(top, #3498db, #2980b9);
+  background-image: -moz-linear-gradient(top, #3498db, #2980b9);
+  background-image: -ms-linear-gradient(top, #3498db, #2980b9);
+  background-image: -o-linear-gradient(top, #3498db, #2980b9);
+  background-image: linear-gradient(to bottom, #3498db, #2980b9);
+  -webkit-border-radius: 12;
+  -moz-border-radius: 12;
+  border-radius: 12px;
+  font-family: Arial;
+  color: #ffffff;
+  font-size: 23px;
+  padding: 12px 20px 10px 20px;
+  text-decoration: none;
+}
+
+.btn:hover {
+  background: #3cb0fd;
+  background-image: -webkit-linear-gradient(top, #3cb0fd, #3498db);
+  background-image: -moz-linear-gradient(top, #3cb0fd, #3498db);
+  background-image: -ms-linear-gradient(top, #3cb0fd, #3498db);
+  background-image: -o-linear-gradient(top, #3cb0fd, #3498db);
+  background-image: linear-gradient(to bottom, #3cb0fd, #3498db);
+  text-decoration: none;
+}