grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some changes, preparing for async

Browse Source
This commit is contained in:
Gregor Haas
2020-02-10 19:02:30 -05:00
parent 200865c8a6
commit 0e094be537
8 changed files with 89 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
c8_remote/include/payload.h
View File

@@ -8,7 +8,6 @@ typedef enum
PAYLOAD_AES,
PAYLOAD_AES_BUSY,
PAYLOAD_AES_SW,
PAYLOAD_BOOTSTRAP,
PAYLOAD_EXIT_USB_TASK,
PAYLOAD_FLOPPYSLEEP,
PAYLOAD_SYNC,
@@ -25,6 +24,7 @@ typedef enum
int install_payload(struct pwned_device *dev, PAYLOAD_T p, LOCATION_T loc);
int uninstall_payload(struct pwned_device *dev, PAYLOAD_T p);
struct dev_cmd_resp *execute_payload(struct pwned_device *dev, PAYLOAD_T p, int response_len, int nargs, ...);
unsigned long long get_payload_address(struct pwned_device *dev, PAYLOAD_T p);
unsigned long long install_data(struct pwned_device *dev, LOCATION_T loc, unsigned char *data, int len);
int uninstall_data(struct pwned_device *dev, unsigned long long ptr);

106
c8_remote/main.c
View File

@@ -67,8 +67,12 @@ int floppysleep(struct pwned_device *dev)
}
float init_a = -7.504355E-39f;
resp = write_gadget(dev, 0x180154000, (unsigned char *) &init_a, sizeof(float));
free_dev_cmd_resp(resp);
unsigned long long init_a_ptr = install_data(dev, SRAM, (unsigned char *) &init_a, sizeof(float));
if(init_a_ptr == -1)
{
printf("failed to write initial data\n");
return -1;
}
resp = execute_payload(dev, PAYLOAD_SYNC, 0, 0);
if(IS_CHECKM8_FAIL(resp->ret))
@@ -81,7 +85,7 @@ int floppysleep(struct pwned_device *dev)
while(1)
{
resp = execute_payload(dev, PAYLOAD_FLOPPYSLEEP, 0, 1, 0x180154000);
resp = execute_payload(dev, PAYLOAD_FLOPPYSLEEP, 0, 1, init_a_ptr);
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("failed to execute flopsleep payload\n");
@@ -242,7 +246,7 @@ void aes_sw(struct pwned_device *dev)
return;
}
printf("%i) op took %llu\n", i++, resp->retval);
printf("%i) op took %llu\n", i, resp->retval);
free_dev_cmd_resp(resp);
resp = read_gadget(dev, addr_data, 16);
@@ -275,6 +279,57 @@ void aes_sw(struct pwned_device *dev)
close_device_session(dev);
}
void usb_task_exit(struct pwned_device *dev)
{
struct dev_cmd_resp *resp;
if(IS_CHECKM8_FAIL(open_device_session(dev)))
{
printf("failed to open device session\n");
return;
}
if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_SYNC, SRAM)))
{
printf("failed to install sync payload\n");
return;
}
if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_EXIT_USB_TASK, SRAM)))
{
printf("failed to install sync payload\n");
return;
}
resp = execute_payload(dev, PAYLOAD_SYNC, 0, 0);
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("failed to execute bootstrap\n");
return;
}
free_dev_cmd_resp(resp);
if(IS_CHECKM8_FAIL(uninstall_payload(dev, PAYLOAD_SYNC)))
{
printf("failed to uninstall sync payload\n");
return;
}
resp = execute_payload(dev, PAYLOAD_EXIT_USB_TASK, 0,
1, get_payload_address(dev, PAYLOAD_EXIT_USB_TASK));
if(IS_CHECKM8_FAIL(resp->ret))
{
printf("failed to exit usb task\n");
return;
}
if(IS_CHECKM8_FAIL(close_device_session(dev)))
{
printf("failed to close device session\n");
return;
}
}
int main()
{
struct dev_cmd_resp *resp;
@@ -286,47 +341,10 @@ int main()
}
demote_device(dev);
aes_sw(dev);
// if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_SYNC, SRAM)))
// {
// printf("failed to install sync payload\n");
// return -1;
// }
//
// if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_TASK_SLEEP_TEST, SRAM)))
// {
// printf("failed to install exit usb task payload\n");
// return -1;
// }
//
// if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_FLOPPYSLEEP, SRAM)))
// {
// printf("failed to install floppysleep\n");
// return -1;
// }
//
// float init_a = -7.504355E-39f;
// resp = write_gadget(dev, 0x180154000, (unsigned char *) &init_a, sizeof(float));
// free_dev_cmd_resp(resp);
//
// resp = execute_payload(dev, PAYLOAD_SYNC, 0, 0);
// if(IS_CHECKM8_FAIL(resp->ret))
// {
// printf("failed to execute bootstrap\n");
// return -1;
// }
// free_dev_cmd_resp(resp);
//
// resp = execute_payload(dev, PAYLOAD_TASK_SLEEP_TEST, 0, 2, 0x180152000, 0x180154000);
// if(IS_CHECKM8_FAIL(resp->ret))
// {
// printf("failed to exit usb task\n");
// return -1;
// }
// free_dev_cmd_resp(resp);
//
// close_device_session(dev);
// usb_task_exit(dev);
floppysleep(dev);
free_device(dev);
}

19
c8_remote/src/payload.c
View File

@@ -43,11 +43,6 @@ struct payload *get_payload(PAYLOAD_T p)
len = PAYLOAD_AES_SW_SZ;
break;
case PAYLOAD_BOOTSTRAP:
pl = payload_bootstrap;
len = PAYLOAD_BOOTSTRAP_SZ;
break;
case PAYLOAD_EXIT_USB_TASK:
pl = payload_exit_usb_task;
len = PAYLOAD_EXIT_USB_TASK_SZ;
@@ -151,13 +146,15 @@ int *dev_unlink_payload(struct pwned_device *dev, struct payload *pl)
{
if(dev->installed == pl)
{
dev->installed = NULL;
dev->installed = pl->next;
return CHECKM8_SUCCESS;
}
else
{
pl->prev->next = pl->next;
pl->next->prev = pl->prev;
if(pl->next != NULL)
pl->next->prev = pl->prev;
return CHECKM8_SUCCESS;
}
}
@@ -222,6 +219,12 @@ int uninstall_payload(struct pwned_device *dev, PAYLOAD_T p)
return CHECKM8_SUCCESS;
}
unsigned long long get_payload_address(struct pwned_device *dev, PAYLOAD_T p)
{
return dev_retrieve_payload(dev, p)->install_base;
}
unsigned long long install_data(struct pwned_device *dev, LOCATION_T loc, unsigned char *data, int len)
{
checkm8_debug_indent("install_data(dev = %p, loc = %i, data = %p, len = %i)\n", dev, loc, data, len);
@@ -265,7 +268,7 @@ int uninstall_data(struct pwned_device *dev, unsigned long long addr)
struct dev_cmd_resp *execute_payload(struct pwned_device *dev, PAYLOAD_T p, int response_len, int nargs, ...)
{
checkm8_debug_indent("execute_payload(dev = %p, p = %i, nargs = %i, ...)\n", dev, p, nargs);
checkm8_debug_indent("execute_payload(dev = %p, p = %i, response_len = %i, nargs = %i, ...)\n", dev, p, response_len, nargs);
int i;
struct dev_cmd_resp *resp;
struct payload *pl;