grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Much better communication model

Browse Source
This commit is contained in:
Gregor Haas
2019-12-15 18:32:34 -05:00
parent 450f4de756
commit 3972ac655e
9 changed files with 233 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
checkm8_remote/main.c
View File

@@ -4,6 +4,7 @@
#include <stdio.h>
#include <stdarg.h>
#include <execinfo.h>
#include <command.h>
void checkm8_debug_indent(const char *format, ...)
{
@@ -36,6 +37,7 @@ void checkm8_debug_block(const char *format, ...)
int main()
{
int ret;
struct pwned_device *dev = exploit_device();
if(dev == NULL || dev->status == DEV_NORMAL)
{
@@ -43,9 +45,24 @@ int main()
return -1;
}
struct dev_cmd_resp *resp;
install_payload(dev, PAYLOAD_SYNC, DRAM);
install_payload(dev, PAYLOAD_SYSREG, DRAM);
execute_payload(dev, PAYLOAD_SYNC, 0);
execute_payload(dev, PAYLOAD_SYSREG, 0);
resp = execute_payload(dev, PAYLOAD_SYNC, 0);
printf("payload sync execution got ret %i\n", resp->ret);
free_dev_cmd_resp(resp);
resp = execute_payload(dev, PAYLOAD_SYSREG, 0);
if(resp->ret == CHECKM8_SUCCESS)
{
long long evt_base = RESP_VALUE(resp->data, unsigned long long, 0);
printf("got evt base %llx\n", evt_base);
resp = read_payload(dev, evt_base, 16);
printf("%08llX %08llx %08llx",
RESP_VALUE(resp->data, unsigned long long, 0),
RESP_VALUE(resp->data, unsigned long long, 1));
}
}