From 4f34c3e5177b627c3610ac39ab7517dadab3a883 Mon Sep 17 00:00:00 2001 From: Gregor Haas Date: Sun, 15 Dec 2019 10:32:19 -0500 Subject: [PATCH] Start configuring build for rpi --- checkm8_payloads/CMakeLists.txt | 10 +++++++--- checkm8_payloads/include/brfunc_aes.h | 6 +++--- checkm8_payloads/include/brfunc_common.h | 8 ++++---- checkm8_payloads/include/brfunc_sep.h | 4 +++- checkm8_payloads/include/brfunc_timing.h | 2 ++ checkm8_remote/src/libusb_helpers.c | 11 ++++++----- 6 files changed, 25 insertions(+), 16 deletions(-) diff --git a/checkm8_payloads/CMakeLists.txt b/checkm8_payloads/CMakeLists.txt index a943c7e..d7e687f 100644 --- a/checkm8_payloads/CMakeLists.txt +++ b/checkm8_payloads/CMakeLists.txt @@ -2,9 +2,13 @@ enable_language(ASM) include_directories(include) set(CMAKE_SYSTEM_PROCESSOR arm) -set(CMAKE_C_COMPILER /usr/bin/aarch64-linux-gnu-gcc) -set(CMAKE_ASM_COMPILER /usr/bin/aarch64-linux-gnu-as) -set(CMAKE_OBJCOPY /usr/bin/aarch64-linux-gnu-objcopy) + +if(CMAKE_HOST_SYSTEM_PROCESSOR EQUAL "x86_64") + set(CMAKE_C_COMPILER /usr/bin/aarch64-linux-gnu-gcc) + set(CMAKE_ASM_COMPILER /usr/bin/aarch64-linux-gnu-as) + set(CMAKE_OBJCOPY /usr/bin/aarch64-linux-gnu-objcopy) +endif() + set(CMAKE_C_FLAGS "-nostdlib -O") set(PAYLOADS payload_sync payload_aes payload_sysreg) diff --git a/checkm8_payloads/include/brfunc_aes.h b/checkm8_payloads/include/brfunc_aes.h index 57dafd6..a16150b 100644 --- a/checkm8_payloads/include/brfunc_aes.h +++ b/checkm8_payloads/include/brfunc_aes.h @@ -8,9 +8,9 @@ #define PUSH_COMMAND_IV ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_IV) #define PUSH_COMMAND_DATA ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_DATA) #define PUSH_COMMAND_FLAG ((BOOTROM_FUNC) ADDR_PUSH_COMMAND_FLAG) -#define WAIT_FOR_COMMAND_FLAG ((BOOTROM_FUNC) ADDR_WAIT_FOR_COMMAND_FLAG) +#define WAIT_FOR_COMMAND_FLAG ((BOOTROM_FUNC) ADDR_WAIT_FOR_COMMAND) -#define rAES_INT_STATUS (long *) ADDR_rAES_INT_STATUS -#define rAES_CONTROL (long *) ADDR_rAES_CONTROL +#define rAES_INT_STATUS (long *) ADDR_AES_CONTROL +#define rAES_CONTROL (long *) ADDR_AES_STATUS #endif //IPWNDFU_REWRITE_C_BRFUNC_AES_H diff --git a/checkm8_payloads/include/brfunc_common.h b/checkm8_payloads/include/brfunc_common.h index cfca7bd..dfd1d75 100644 --- a/checkm8_payloads/include/brfunc_common.h +++ b/checkm8_payloads/include/brfunc_common.h @@ -13,14 +13,14 @@ typedef int (*BOOTROM_FUNC)(); #define ADDR_PUSH_COMMAND_IV 0x100000d18 #define ADDR_PUSH_COMMAND_DATA 0x100000d98 #define ADDR_PUSH_COMMAND_FLAG 0x100000e20 -#define ADDR_WAIT_FOR_COMMAND_FLAG 0x100000ec4 +#define ADDR_WAIT_FOR_COMMAND 0x100000ec4 -#define ADDR_rAES_CONTROL 0x20A108008 -#define ADDR_rAES_INT_STATUS 0x20A108018 +#define ADDR_AES_CONTROL 0x20A108008 +#define ADDR_AES_STATUS 0x20A108018 /* SEP */ #define ADDR_DPA_SEEDED 0x100001140 -#define ADDR_SEP_CREATE_SEND_DPA_MESSAGE 0x100002338 +#define ADDR_SEND_DPA_MESSAGE 0x100002338 /* Timing */ #define ADDR_CLOCK_GATE 0x100009d4c diff --git a/checkm8_payloads/include/brfunc_sep.h b/checkm8_payloads/include/brfunc_sep.h index 3ef32da..9b8c5e7 100644 --- a/checkm8_payloads/include/brfunc_sep.h +++ b/checkm8_payloads/include/brfunc_sep.h @@ -1,7 +1,9 @@ #ifndef IPWNDFU_REWRITE_C_BRFUNC_SEP_H #define IPWNDFU_REWRITE_C_BRFUNC_SEP_H +#include "brfunc_common.h" + #define DPA_SEEDED ((BOOTROM_FUNC) ADDR_DPA_SEEDED) -#define SEP_CREATE_SEND_DPA_MESSAGE ((BOOTROM_FUNC) ADDR_SEP_CREATE_SEND_DPA_MESSAGE) +#define SEP_CREATE_SEND_DPA_MESSAGE ((BOOTROM_FUNC) ADDR_SEND_DPA_MESSAGE) #endif //IPWNDFU_REWRITE_C_BRFUNC_SEP_H diff --git a/checkm8_payloads/include/brfunc_timing.h b/checkm8_payloads/include/brfunc_timing.h index 536b377..e1093a8 100644 --- a/checkm8_payloads/include/brfunc_timing.h +++ b/checkm8_payloads/include/brfunc_timing.h @@ -1,6 +1,8 @@ #ifndef IPWNDFU_REWRITE_C_BRFUNC_TIMING_H #define IPWNDFU_REWRITE_C_BRFUNC_TIMING_H +#include "brfunc_common.h" + #define CLOCK_GATE ((BOOTROM_FUNC) ADDR_CLOCK_GATE) #define SYSTEM_TIME ((BOOTROM_FUNC) ADDR_SYSTEM_TIME) #define TIME_HAS_ELAPSED ((BOOTROM_FUNC) ADDR_TIME_HAS_ELAPSED) diff --git a/checkm8_remote/src/libusb_helpers.c b/checkm8_remote/src/libusb_helpers.c index 76e4b77..56f5b01 100644 --- a/checkm8_remote/src/libusb_helpers.c +++ b/checkm8_remote/src/libusb_helpers.c @@ -10,6 +10,10 @@ int get_device_bundle(struct pwned_device *dev) { checkm8_debug_indent("get_device_bundle(dev = %p)\n", dev); + + int i, usb_dev_count, ret = LIBUSB_ERROR_NO_DEVICE; + libusb_device **usb_device_list = NULL; + if(dev->bundle->ctx == NULL) { checkm8_debug_indent("\tbundle ctx is NULL, allocating\n"); @@ -27,9 +31,6 @@ int get_device_bundle(struct pwned_device *dev) } } - libusb_device **usb_device_list = NULL; - int usb_dev_count, ret = LIBUSB_ERROR_NO_DEVICE; - usb_dev_count = libusb_get_device_list(dev->bundle->ctx, &usb_device_list); checkm8_debug_indent("\tfound %i USB devices\n", usb_dev_count); @@ -37,7 +38,7 @@ int get_device_bundle(struct pwned_device *dev) dev->bundle->handle = NULL; dev->bundle->descriptor = malloc(sizeof(struct libusb_device_descriptor)); - for(unsigned int i = 0; i < usb_dev_count; i++) + for(i = 0; i < usb_dev_count; i++) { dev->bundle->device = usb_device_list[i]; libusb_get_device_descriptor(dev->bundle->device, dev->bundle->descriptor); @@ -263,7 +264,7 @@ static unsigned char data_0x0_0xC0_buf[192] = int stall(struct pwned_device *dev) { - return libusb1_async_ctrl_transfer(dev, 0x80, 6, 0x304, 0x40A, data_0xA_0xC0_buf, 0xC0, 15); + return libusb1_async_ctrl_transfer(dev, 0x80, 6, 0x304, 0x40A, data_0xA_0xC0_buf, 0xC0, 1); } int leak(struct pwned_device *dev)