Bugfixes and experiment update
This commit is contained in:
@@ -1,6 +1,12 @@
|
||||
#include "util.h"
|
||||
#include "brfunc_timing.h"
|
||||
|
||||
PAYLOAD_SECTION
|
||||
void task_sleep(unsigned int usec)
|
||||
{
|
||||
((BOOTROM_FUNC) ADDR_TASK_SLEEP)(usec);
|
||||
}
|
||||
|
||||
PAYLOAD_SECTION
|
||||
void sub_bytes(unsigned char block[16], unsigned char sbox[16][16])
|
||||
{
|
||||
@@ -133,6 +139,7 @@ void aes128_encrypt_ecb(unsigned char *msg, unsigned int msg_len, unsigned char
|
||||
shift_rows(block);
|
||||
mix_cols(block, mul2, mul3);
|
||||
add_key(block, &key_sched[16 * (j + 1)]);
|
||||
task_sleep(20);
|
||||
}
|
||||
|
||||
sub_bytes(block, sbox);
|
||||
@@ -146,10 +153,31 @@ unsigned int _start(unsigned char *msg, unsigned int msg_len, unsigned char *key
|
||||
unsigned char sbox[16][16], unsigned char rc_lookup[11],
|
||||
unsigned char mul2[256], unsigned char mul3[256])
|
||||
{
|
||||
while(1)
|
||||
{
|
||||
aes128_encrypt_ecb(msg, msg_len, key, sbox, rc_lookup, mul2, mul3);
|
||||
task_sleep(1000);
|
||||
}
|
||||
return 0xDEADBEEF;
|
||||
unsigned long long start, end;
|
||||
|
||||
__asm__ volatile ("mrs %0, cntpct_el0" : "=r" (start));
|
||||
aes128_encrypt_ecb(msg, msg_len, key, sbox, rc_lookup, mul2, mul3);
|
||||
task_sleep(120);
|
||||
__asm__ volatile ("mrs %0, cntpct_el0" : "=r" (end));
|
||||
|
||||
// for(i = 0; i < 256; i++)
|
||||
// {
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&sbox[i % 16][i / 16]) : "memory");
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&mul2[i]) : "memory");
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&mul3[i]) : "memory");
|
||||
// }
|
||||
//
|
||||
// for(i = 0; i < 16; i++)
|
||||
// {
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&msg[i]) : "memory");
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&key[i]) : "memory");
|
||||
// }
|
||||
//
|
||||
// for(i = 0; i < 12; i++)
|
||||
// {
|
||||
// __asm__ volatile ("dc civac, %0" : : "r" (&rc_lookup[i]) : "memory");
|
||||
// }
|
||||
//
|
||||
// __asm__ volatile ("dsb sy");
|
||||
return end - start;
|
||||
}
|
||||
@@ -171,7 +171,7 @@ int main()
|
||||
|
||||
if(IS_CHECKM8_FAIL(install_payload(dev, PAYLOAD_AES_SW, SRAM)))
|
||||
{
|
||||
printf("failed to install aes busy payload\n");
|
||||
printf("failed to install task sleep payload\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -202,7 +202,6 @@ int main()
|
||||
write_aes_utils(dev);
|
||||
|
||||
free_dev_cmd_resp(resp);
|
||||
|
||||
int i = 0;
|
||||
while(1)
|
||||
{
|
||||
@@ -216,6 +215,8 @@ int main()
|
||||
return -1;
|
||||
}
|
||||
|
||||
printf("%i) op took %llu", i++, resp->retval);
|
||||
|
||||
free_dev_cmd_resp(resp);
|
||||
resp = read_gadget(dev, 0x180153000, 16);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
@@ -223,14 +224,22 @@ int main()
|
||||
printf("failed to read encrypted data from memory\n");
|
||||
}
|
||||
|
||||
printf("%i) got ", i++);
|
||||
printf(" -> ");
|
||||
for(int j = 0; j < 16; j++)
|
||||
{
|
||||
printf("%02x", resp->data[j]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
printf(" (%llu)\n", resp->retval);
|
||||
free_dev_cmd_resp(resp);
|
||||
resp = execute_payload(dev, PAYLOAD_SYNC, 0, 0);
|
||||
if(IS_CHECKM8_FAIL(resp->ret))
|
||||
{
|
||||
printf("failed to execute sync\n");
|
||||
}
|
||||
|
||||
free_dev_cmd_resp(resp);
|
||||
usleep(1000000);
|
||||
}
|
||||
|
||||
close_device_session(dev);
|
||||
|
||||
@@ -567,12 +567,12 @@ int reset(struct pwned_device *dev)
|
||||
char buf;
|
||||
write(dev->ard_fd, &PROT_RESET, 1);
|
||||
|
||||
while(read(dev->ard_fd, &buf, 1) == 0);
|
||||
ard_read(dev, (unsigned char *) &buf, 1);
|
||||
if(buf == PROT_ACK)
|
||||
{
|
||||
checkm8_debug_indent("\treceived ack\n");
|
||||
|
||||
while(read(dev->ard_fd, &buf, 1) == 0);
|
||||
ard_read(dev, (unsigned char *) &buf, 1);
|
||||
if(buf == PROT_SUCCESS)
|
||||
{
|
||||
checkm8_debug_indent("\tsuccess\n");
|
||||
@@ -600,7 +600,6 @@ int serial_descriptor(struct pwned_device *dev, unsigned char *serial_buf, int l
|
||||
|
||||
#ifdef WITH_ARDUINO
|
||||
char buf;
|
||||
int curr, ret;
|
||||
struct serial_desc_args args;
|
||||
args.dev_idVendor = dev->idVendor;
|
||||
args.dev_idProduct = dev->idProduct;
|
||||
@@ -610,7 +609,7 @@ int serial_descriptor(struct pwned_device *dev, unsigned char *serial_buf, int l
|
||||
write(dev->ard_fd, &PROT_SERIAL_DESC, 1);
|
||||
write(dev->ard_fd, &args, sizeof(struct serial_desc_args));
|
||||
|
||||
while(read(dev->ard_fd, &buf, 1) == 0);
|
||||
ard_read(dev, (unsigned char *) &buf, 1);
|
||||
if(buf == PROT_ACK)
|
||||
{
|
||||
checkm8_debug_indent("\treceived ack\n");
|
||||
@@ -628,13 +627,7 @@ int serial_descriptor(struct pwned_device *dev, unsigned char *serial_buf, int l
|
||||
else if(buf == PROT_SUCCESS)
|
||||
{
|
||||
checkm8_debug_indent("\tsuccess, reading serial descriptor\n");
|
||||
curr = 0;
|
||||
while(curr < len)
|
||||
{
|
||||
ret = read(dev->ard_fd, &serial_buf[curr], len - curr);
|
||||
if(ret > 0) curr += ret;
|
||||
}
|
||||
|
||||
ard_read(dev, serial_buf, len);
|
||||
return CHECKM8_SUCCESS;
|
||||
}
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user