add a stripping tool and a random key experiment

tools/scripts/chroot-pi.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# This script allows you to chroot ("work on") 
+# the raspbian sd card as if it's the raspberry pi
+# on your Ubuntu desktop/laptop
+# just much faster and more convenient
+
+# credits: https://gist.github.com/jkullick/9b02c2061fbdf4a6c4e8a78f1312a689
+
+# make sure you have issued
+# (sudo) apt install qemu qemu-user-static binfmt-support
+
+# Write the raspbian image onto the sd card,
+# boot the pi with the card once 
+# so it expands the fs automatically
+# then plug back to your laptop/desktop
+# and chroot to it with this script.
+
+# Invoke:
+# (sudo) ./chroot-to-pi.sh /dev/sdb 
+# assuming /dev/sdb is your sd-card
+# if you don't know, when you plug the card in, type:
+# dmesg | tail -n30 
+
+
+# Note: If you have an image file instead of the sd card, 
+# you will need to issue 
+# (sudo) apt install kpartx
+# (sudo) kpartx -v -a 2017-11-29-raspbian-stretch-lite.img
+# then
+# (sudo) ./chroot-to-pi.sh /dev/mapper/loop0p
+# With the vanilla image, you have very little space to work on
+# I have not figured out a reliable way to resize it
+# Something like this should work, but it didn't in my experience
+# https://gist.github.com/htruong/0271d84ae81ee1d301293d126a5ad716
+# so it's better just to let the pi resize the partitions
+
+mkdir -p /mnt/raspbian
+
+# mount partition
+mount -o rw ${1}2  /mnt/raspbian
+mount -o rw ${1}1 /mnt/raspbian/boot
+
+# mount binds
+mount --bind /dev /mnt/raspbian/dev/
+mount --bind /sys /mnt/raspbian/sys/
+mount --bind /proc /mnt/raspbian/proc/
+mount --bind /dev/pts /mnt/raspbian/dev/pts
+
+# ld.so.preload fix
+sed -i 's/^/#CHROOT /g' /mnt/raspbian/etc/ld.so.preload
+
+# copy qemu binary
+cp /usr/bin/qemu-arm-static /mnt/raspbian/usr/bin/
+
+echo "You will be transferred to the bash shell now."
+echo "Issue 'exit' when you are done."
+echo "Issue 'su pi' if you need to work as the user pi."
+
+# chroot to raspbian
+chroot /mnt/raspbian /bin/bash
+
+# ----------------------------
+# Clean up
+# revert ld.so.preload fix
+sed -i 's/^#CHROOT //g' /mnt/raspbian/etc/ld.so.preload
+
+# unmount everything
+umount /mnt/raspbian/{dev/pts,dev,sys,proc,boot,}

tools/scripts/enable_wireshark_usb.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+modprobe usbmon
+setfacl -m u:grg:r /dev/usbmon*

tools/scripts/iphone.rules

@@ -0,0 +1,3 @@
+SUBSYSTEM=="usb", ATTR{idProduct}=="1227", ATTR{idVendor}=="05ac", MODE="0660", GROUP="grg"
+SUBSYSTEM=="usb", ATTRS{idProduct}=="1227", ATTRS{idVendor}=="05ac", MODE="0660", GROUP="grg"
+SUBSYSTEM=="usb-serial", MODE="0660", GROUP="grg"

tools/scripts/profile.py

@@ -0,0 +1,111 @@
+import gdb
+
+def val_from_sym(name):
+    print 'getting value for %s' % name
+
+    try:
+        if name == 'wzr' or name == 'xzr':
+            return '0'
+
+        elif name[0] == '#':
+            return name
+
+        elif name[0] in ['x', 'w']:
+            return '0x{:x}'.format(int(gdb.selected_frame().read_register(name)))
+
+        else:
+            return None
+
+    except:
+        return 'val?'
+
+
+class Profile(gdb.Command):
+    def __init__(self):
+        super(Profile, self).__init__("profile", gdb.COMMAND_USER)
+
+    def invoke(self, args, from_tty):
+        argv = gdb.string_to_argv(args)
+        if len(argv) != 1:
+            raise gdb.GdbError("Usage: profile [fname]")
+
+        arch = gdb.selected_frame().architecture()
+        instr_type = gdb.lookup_type("unsigned int").pointer()
+
+        next_dest = None
+        stack = []
+
+        outfile = open(argv[0], "a+")
+
+        while True:
+            if next_dest is not None:
+                outfile.write('\tdest %s\n' % val_from_sym(next_dest))
+                next_dest = None
+
+            addr = gdb.selected_frame().read_register("pc")
+            instr = arch.disassemble(int(str(addr), 16))[0]['asm']
+            if instr == '.inst\t0x00000000 ; undefined':
+                break
+
+            instr_spl = instr.split()
+
+            mnem = instr_spl[0]
+            dest = None
+            arg1 = None
+            arg2 = None
+
+            outfile.write('\n%s\t%s\n' % (addr, instr))
+            if len(instr_spl) > 1:
+                dest = instr_spl[1].strip(',')
+
+            if len(instr_spl) > 2:
+                arg1 = instr_spl[2].strip(',')
+
+            if len(instr_spl) > 3:
+                arg2 = instr_spl[3].strip(',')
+
+            if mnem == 'bl' or mnem == 'blr':
+                outfile.write('\tentering %s\n' % dest)
+                stack.append(dest)
+
+                outfile.write('\targs: [')
+                for reg in ['x0', 'x1', 'x2', 'x3', 'x4', 'x5', 'x6', 'x7']:
+                    outfile.write('%s, ' % val_from_sym(reg))
+                outfile.write(']\n')
+
+            elif mnem == 'ret':
+                if len(stack) > 0:
+                    outfile.write('\tfinished %s\n' % stack.pop())
+                else:
+                    outfile.write('\tfinished ??\n')
+
+                outfile.write('\tretval %s\n' % val_from_sym('x0'))
+
+            elif mnem == 'ldr' or mnem == 'ldp':
+                outfile.write('\tdest %s\n' % val_from_sym(dest))
+                if mnem == 'ldp':
+                    outfile.write('\tdest %s\n' % val_from_sym(arg1))
+
+            elif mnem == 'str' or mnem == 'stp':
+                outfile.write('\targ1 %s\n' % val_from_sym(dest))
+                if mnem == 'stp':
+                    outfile.write('\targ2 %s\n' % val_from_sym(arg1))
+
+            else:
+                if dest is not None and dest[0] in ['x', 'w']:
+                    next_dest = dest
+
+                if arg1 is not None:
+                    val = val_from_sym(arg1)
+                    if val is not None:
+                        outfile.write('\targ1 %s\n' % val)
+
+                if arg2 is not None:
+                    val = val_from_sym(arg2)
+                    if val is not None:
+                        outfile.write('\targ2 %s\n' % val)
+
+            gdb.execute("stepi", to_string=False)
+        outfile.close()
+
+Profile()