{"id":18250572,"url":"https://github.com/asivery/netmd-exploits","last_synced_at":"2025-04-04T16:31:31.696Z","repository":{"id":37923409,"uuid":"506032174","full_name":"asivery/netmd-exploits","owner":"asivery","description":"A collection of netmd exploits usable with netmd-js","archived":false,"fork":false,"pushed_at":"2024-12-18T21:33:15.000Z","size":3277,"stargazers_count":25,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-20T15:12:36.720Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/asivery.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-21T23:17:50.000Z","updated_at":"2024-12-18T21:33:16.000Z","dependencies_parsed_at":"2024-04-03T16:55:03.826Z","dependency_job_id":"d214506f-f254-4fb9-83ab-121c507e8a3a","html_url":"https://github.com/asivery/netmd-exploits","commit_stats":{"total_commits":100,"total_committers":5,"mean_commits":20.0,"dds":0.38,"last_synced_commit":"0ecc668a98097d80d5a0bc803e881f1af684e3e3"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asivery%2Fnetmd-exploits","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asivery%2Fnetmd-exploits/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asivery%2Fnetmd-exploits/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asivery%2Fnetmd-exploits/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/asivery","download_url":"https://codeload.github.com/asivery/netmd-exploits/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247209393,"owners_count":20901767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T09:45:14.382Z","updated_at":"2025-04-04T16:31:30.895Z","avatar_url":"https://github.com/asivery.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# netmd-exploits\n\n## What is it?\n`netmd-exploits` is a library aiming to store all the available exploits for Sony NetMD devices.\n\n## What exploits are available?\n\nThe exploits currently available are:\n\n| Exploit name | Firmware Versions* compatible | JavaScript class name |\n|----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|\n| Firmware Dumping | All versions supported | FirmwareDumper |\n| USB Code Execution | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R1.400, R1.300, R1.200, R1.100, R1.000, Hr1.000, Hn1.000, Hn1.100, Hn1.10A, Hn1.200, Hx1.070, Hx1.090, Hx1.0A0 | USBCodeExecution |\n| Tetris | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000 | Tetris |\n| Force TOC Flushing | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R1.400, R1.300, R1.200, R1.100, R1.000 | ForcedTOCEdit |\n| Upload SP Mono | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R1.400, R1.300, R1.200, R1.100, R1.000 | MonoSPUpload |\n| Atrac USB Control Transfer | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, ~~R1.400, R1.300, R1.200, R1.100, R1.000~~ | CachedSectorControlDownload |\n| Atrac USB No-RAM Transfer | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R1.400, R1.300, R1.200, R1.100, R1.000 | CachedSectorNoRAMDownload |\n| Atrac USB Bulk Transfer | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, Hr1.000, Hn1.000, Hn1.100, Hn1.10A, Hn1.200 | CachedSectorBulkDownload |\n| SP Faster Upload | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000 | PCMFasterUpload |\n| ATRAC1 Upload | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000 | SPUpload |\n| EEprom Write Lock | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R1.400, R1.300, R1.200, R1.100, R1.000 | KillEepromWrite |\n| Disc Spinning Notifier** | S1.600, S1.500, S1.400, S1.300, S1.200, S1.100, S1.000, R*, Hr*, Hn* | WaitForDiscToStopSpinning |\n| Unbounded memory access | Hr1.000, Hn1.000, Hn1.100, Hn1.10A, Hn1.200 | HiMDUnboundedReading |\n| HiMD USB Class Override | Hr1.000, Hn1.000, Hn1.100, Hn1.10A, Hn1.200, Hx1.070, Hx1.090, Hx1.0A0 | HiMDUSBClassOverride |\n\n*The firmware versions listed here consist of the SOC type letter:\n\n- R - CXD2677 (Type R)\n- S - CXD2678 / CXD2680 (Type S)\n- Hn - CXD2681 (gen1)\n- Hr - CXD2681 (gen2)\n- Hx - CXD2687\n\nAnd the actual firmware version reported by the device.\n\n**WaitForDiscToStopSpinning only supports Type-S devices, on Type-R and HiMD it always waits 10 seconds.\n\n### Examples\n\n| Unit | SoC | Firmware version | netmd-exploits firmware version |\n|--------------------|----------------|--------------------|-----------------------------------|\n| Sony MZ-N510 | CXD2680 | 1.600 | S1.600 |\n| Sony MZ-N710 | CXD2680 | 1.600 | S1.600 |\n| Sony MZ-N1 | CXD2677 | 1.200 | R1.200 |\n| Sony MZ-N10 | CXD2678 | 1.200 | S1.300 |\n| Sony MZ-RH10 | CXD2681 (gen2) | 1.000 | Hr1.000 |\n| Sony MZ-NH600 | CXD2681 (gen1) | 1.000 | Hn1.000 |\n| Sony MZ-RH1 | CXD2687 | 1.0A0 | Hx1.0A0 |\n\n## Hacking\nIf you would like to help with adding compatibility for your device, pull requests are welcome.\n\n### An exploit's structure\nThe library keeps track of what exploits are compatible with what versions with the help of `src/compatibility.ts`.\nEvery exploit class has to inherit the `Exploit` abstract class. It provides multiple functions which make it easier to load the correct versions of exploits for every firmware version.\nThe constants that depend on the firmware version are stored in a `VersionStore` map returned from `getPropertyStore()`, from which it's possible to get values by calling `getProperty`, or by referencing their names in assembly code, prefixed with a '$'. Every exploit class has to also define a `static _name` const, used for compatibility checking.\n\n### Loading and unloading exploits\nOnce an exploit is loaded using `ExploitStateManager.require` or `ExploitStateManager.envelop`, the exploit's `init()` method is called. Because of how exploits are loaded, exploits shouldn't\nhave their own constructor. Instead, `init()` should be used as an asynchronous constructor.\n\nTo unload an exploit you can use `ExploitStateManager.unload`. When using `ExploitStateManager.envelop`, this action will be done automatically.\n\nWhen an exploit is unloaded, its `unload()` method is called, where the exploit can perform cleanup.\nAll behavior-modifying exploits should have a valid `unload()` method defined, in order to automatically restore the device to the default state.\nIf an exploit is using patches, the `unload()` method should clear the patches from the device, and then call `this.stateManager.freePatch()`, to mark the patch as unused.\nAll the patches for which `ExploitStateManager.freePatch()` wasn't called will automatically be unloaded from the device by the state manager.\n\nIf a patch is loaded by `ExploitStateManager.require`, and then reloaded again using `ExploitStateManager.envelop`, it will not be unloaded after returning from `envelop()`.\nTo unload it, `ExploitStateManager.unload` has to be called.\n\n### The inbuilt assembler\nThe assembler has full support for macros (prefixed with '@'), `VersionStore` constants (prefixed with '$'), as well as variables, passed to the `assemble` function (prefixed with '%').\n\nThe macros available for every assembly program are stored in `src/assembler/core-macros.ts`.\nExploits can define private macros in the `_macros` property of the `VersionStore` returned from `getPropertyStore()`.\n\nHappy hacking!\n\n## Example\n\nBelow is an extremely basic example, which when run will download the first track from the disc onto the computer using the best suited exploit for it:\n```ts\nimport { DevicesIds, openNewDevice } from 'netmd-js'\nimport { AtracRecovery, getBestSuited, ExploitStateManager } from 'netmd-exploits';\nimport { WebUSB } from 'usb';\nimport fs from 'fs';\n\n(async() =\u003e {\n const usb = new WebUSB({ allowedDevices: DevicesIds, deviceTimeout: 1000000 });\n const dev = await openNewDevice(usb);\n const stateManager = await ExploitStateManager.create(dev!);\n\n const exploit = await stateManager.require(getBestSuited(AtracRecovery));\n fs.writeFileSync(await exploit.downloadTrack(0, console.log));\n await stateManager.unload(getBestSuited(AtracRecovery));\n\n process.exit(0);\n})();\n```\n\n## Credits\nThe assembler built into `netmd-exploits` is a modified version of [keystone-js](https://github.com/AlexAltea/keystone.js) by AlexAltea\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasivery%2Fnetmd-exploits","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasivery%2Fnetmd-exploits","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasivery%2Fnetmd-exploits/lists"}