From 4727861d374dcbae222f4cccc8a563e861e000b7 Mon Sep 17 00:00:00 2001
From: Gregor Haas <gregorhaas1997@gmail.com>
Date: Sat, 11 Jan 2020 18:02:40 -0500
Subject: [PATCH] Updated aes_sw binary and fixed a bug in usb_helpers.c

---
 c8_payloads/bin/payload_aes_sw.bin | Bin 960 -> 984 bytes
 c8_payloads/src/aes_sw.c           |   5 +++--
 c8_remote/src/usb_helpers.c        |   3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/c8_payloads/bin/payload_aes_sw.bin b/c8_payloads/bin/payload_aes_sw.bin
index 2dca3c01a886e6177d9d6348854a5df907075f75..d6b5b6083466ae9b038533228751d2e0feb4d13a 100644
GIT binary patch
delta 76
zcmX@WeuLflZ}r}lf0-F3e&%NQ$<EMlX=O9RM2?Jfix(N17SCB2CjNI|_}KXWe~9q|
g>#GZZa?2PPrYHc}3=G2FpSc}={;fW|QF|&g03`S#3IG5A

delta 52
zcmcb?et=#3Z}q;Ff0-F3e&%NQY5c(Y>Iw#iDGdA#L2N);0mx@y5cdAe?eOz&^`VW<
GQ<(urCl!7G

diff --git a/c8_payloads/src/aes_sw.c b/c8_payloads/src/aes_sw.c
index 3424653..65f7522 100644
--- a/c8_payloads/src/aes_sw.c
+++ b/c8_payloads/src/aes_sw.c
@@ -154,10 +154,11 @@ unsigned int _start(unsigned char *msg, unsigned int msg_len, unsigned char *key
                     unsigned char mul2[256], unsigned char mul3[256])
 {
     unsigned long long start, end;
+    unsigned char msg_copy[16];
+    for(int i = 0; i < 16; i++) msg_copy[i] = msg[i];
 
     __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (start));
-    aes128_encrypt_ecb(msg, msg_len, key, sbox, rc_lookup, mul2, mul3);
-    task_sleep(120);
+    aes128_encrypt_ecb(msg_copy, msg_len, key, sbox, rc_lookup, mul2, mul3);
     __asm__ volatile ("mrs %0, cntpct_el0" : "=r" (end));
 
 //    for(i = 0; i < 256; i++)
diff --git a/c8_remote/src/usb_helpers.c b/c8_remote/src/usb_helpers.c
index 0c5888c..d64b22b 100644
--- a/c8_remote/src/usb_helpers.c
+++ b/c8_remote/src/usb_helpers.c
@@ -489,7 +489,7 @@ int ctrl_transfer(struct pwned_device *dev,
             dev, bmRequestType, bRequest, wValue, wIndex, data, data_len, timeout);
 
 #ifdef WITH_ARDUINO
-    int amount, index, size;
+    unsigned int amount, index, size;
     char buf;
     struct usb_xfer_args args;
     args.bmRequestType = bmRequestType;
@@ -513,6 +513,7 @@ int ctrl_transfer(struct pwned_device *dev,
             while(amount < data_len)
             {
                 // get the size of this chunk
+                size = 0;
                 ard_read(dev, (unsigned char *) &size, 2);
                 checkm8_debug_indent("\treceiving data chunk of size %i\n", size);